rpms/skopeo
7
0
Fork 0
Code Issues Pull Requests Releases Activity

skopeo-1.4.0-0.2.el9

Browse Source 
- update vendored components
- ship /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release only on non-RHEL and
  CentOS distros
- Related: #1970747

Signed-off-by: Jindrich Novy <jnovy@redhat.com>
This commit is contained in:
Jindrich Novy 2021-08-02 09:14:26 +02:00
parent c701a7c529
commit 0549f5d4f9
10 changed files with 260 additions and 172 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
containers-auth.json.5.md
View File

@ -21,9 +21,23 @@ Except the primary (read/write) file, other files are read-only, unless the user
The auth.json file stores encrypted authentication information for the
user to container image registries. The file can have zero to many entries and
is created by a `login` command from a container tool such as `podman login`,
`buildah login` or `skopeo login`. Each entry includes the name of the registry and then an auth
token in the form of a base64 encoded string from the concatenation of the
username, a colon, and the password.
`buildah login` or `skopeo login`. Each entry either contains a single
hostname (e.g. `docker.io`) or a namespace (e.g. `quay.io/user/image`) as a key
and an auth token in the form of a base64 encoded string as value of `auth`. The
token is built from the concatenation of the username, a colon, and the
password. The registry name can additionally contain a repository name (an image
name without tag or digest) and namespaces. The path (or namespace) is matched
in its hierarchical order when checking for available authentications. For
example, an image pull for `my-registry.local/namespace/user/image:latest` will
result in a lookup in `auth.json` in the following order:
- `my-registry.local/namespace/user/image`
- `my-registry.local/namespace/user`
- `my-registry.local/namespace`
- `my-registry.local`
This way it is possible to setup multiple credentials for a single registry
which can be distinguished by their path.
The following example shows the values found in auth.json after the user logged in to
their accounts on quay.io and docker.io:
@ -41,6 +55,25 @@ their accounts on quay.io and docker.io:
}
```
This example demonstrates how to use multiple paths for a single registry, while
preserving a fallback for `my-registry.local`:
```
{
"auths": {
"my-registry.local/foo/bar/image": {
"auth": "…"
},
"my-registry.local/foo": {
"auth": "…"
},
"my-registry.local": {
"auth": "…"
},
}
}
```
An entry can be removed by using a `logout` command from a container
tool such as `podman logout` or `buildah logout`.

2
containers-policy.json.5.md
View File

@ -68,7 +68,7 @@ i.e. either specifying a complete name of a tagged image, or prefix denoting
a host/namespace/image stream or a wildcarded expression for matching all
subdomains. For wildcarded subdomain matching, `*.example.com` is a valid case, but `example*.*.com` is not.
*Note:* The _hostname_ and _port_ refer to the Docker registry host and port (the one used
*Note:* The _hostname_ and _port_ refer to the container registry host and port (the one used
e.g. for `docker pull`), _not_ to the OpenShift API host and port.
### `dir:`

98
containers-registries.conf.5.md
View File

@ -36,28 +36,28 @@ Given an image name, a single `[[registry]]` TOML table is chosen based on its `
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_(`:`_tag|`@`_digest_)
- [`*.`]_host_
The user-specified image name must start with the specified `prefix` (and continue
with the appropriate separator) for a particular `[[registry]]` TOML table to be
considered; (only) the TOML table with the longest match is used. It can
also include wildcarded subdomains in the format `*.example.com` along as mentioned
above. The wildcard should only be present at the beginning as shown in the formats
above. Other cases will not work. For example, `*.example.com` is valid but
`example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not.
The user-specified image name must start with the specified `prefix` (and continue
with the appropriate separator) for a particular `[[registry]]` TOML table to be
considered; (only) the TOML table with the longest match is used. It can
also include wildcarded subdomains in the format `*.example.com`.
The wildcard should only be present at the beginning as shown in the formats
above. Other cases will not work. For example, `*.example.com` is valid but
`example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not.
As a special case, the `prefix` field can be missing; if so, it defaults to the value
of the `location` field (described below).
As a special case, the `prefix` field can be missing; if so, it defaults to the value
of the `location` field (described below).
#### Per-namespace settings
`insecure`
: `true` or `false`.
By default, container runtimes require TLS when retrieving images from a registry.
If `insecure` is set to `true`, unencrypted HTTP as well as TLS connections with untrusted
certificates are allowed.
By default, container runtimes require TLS when retrieving images from a registry.
If `insecure` is set to `true`, unencrypted HTTP as well as TLS connections with untrusted
certificates are allowed.
`blocked`
: `true` or `false`.
If `true`, pulling images with matching names is forbidden.
If `true`, pulling images with matching names is forbidden.
#### Remapping and mirroring registries
@ -69,55 +69,55 @@ internet without having to change `Dockerfile`s, or to add redundancy).
`location`
: Accepts the same format as the `prefix` field, and specifies the physical location
of the `prefix`-rooted namespace.
of the `prefix`-rooted namespace.
By default, this equal to `prefix` (in which case `prefix` can be omitted and the
`[[registry]]` TOML table can only specify `location`).
By default, this equal to `prefix` (in which case `prefix` can be omitted and the
`[[registry]]` TOML table can only specify `location`).
Example: Given
```
prefix = "example.com/foo"
location = "internal-registry-for-example.net/bar"
```
requests for the image `example.com/foo/myimage:latest` will actually work with the
`internal-registry-for-example.net/bar/myimage:latest` image.
Example: Given
```
prefix = "example.com/foo"
location = "internal-registry-for-example.net/bar"
```
requests for the image `example.com/foo/myimage:latest` will actually work with the
`internal-registry-for-example.net/bar/myimage:latest` image.
With a `prefix` containing a wildcard in the format: "*.example.com" for subdomain matching,
the location can be empty. In such a case,
prefix matching will occur, but no reference rewrite will occur. The
original requested image string will be used as-is. But other settings like
`insecure` / `blocked` / `mirrors` will be applied to matching images.
With a `prefix` containing a wildcard in the format: "*.example.com" for subdomain matching,
the location can be empty. In such a case,
prefix matching will occur, but no reference rewrite will occur. The
original requested image string will be used as-is. But other settings like
`insecure` / `blocked` / `mirrors` will be applied to matching images.
Example: Given
```
prefix = "*.example.com"
```
requests for the image `blah.example.com/foo/myimage:latest` will be used
as-is. But other settings like insecure/blocked/mirrors will be applied to matching images
Example: Given
```
prefix = "*.example.com"
```
requests for the image `blah.example.com/foo/myimage:latest` will be used
as-is. But other settings like insecure/blocked/mirrors will be applied to matching images
`mirror`
: An array of TOML tables specifying (possibly-partial) mirrors for the
`prefix`-rooted namespace.
`prefix`-rooted namespace.
The mirrors are attempted in the specified order; the first one that can be
contacted and contains the image will be used (and if none of the mirrors contains the image,
the primary location specified by the `registry.location` field, or using the unmodified
user-specified reference, is tried last).
The mirrors are attempted in the specified order; the first one that can be
contacted and contains the image will be used (and if none of the mirrors contains the image,
the primary location specified by the `registry.location` field, or using the unmodified
user-specified reference, is tried last).
Each TOML table in the `mirror` array can contain the following fields, with the same semantics
as if specified in the `[[registry]]` TOML table directly:
- `location`
- `insecure`
Each TOML table in the `mirror` array can contain the following fields, with the same semantics
as if specified in the `[[registry]]` TOML table directly:
- `location`
- `insecure`
`mirror-by-digest-only`
: `true` or `false`.
If `true`, mirrors will only be used during pulling if the image reference includes a digest.
Referencing an image by digest ensures that the same is always used
(whereas referencing an image by a tag may cause different registries to return
different images if the tag mapping is out of sync).
If `true`, mirrors will only be used during pulling if the image reference includes a digest.
Referencing an image by digest ensures that the same is always used
(whereas referencing an image by a tag may cause different registries to return
different images if the tag mapping is out of sync).
Note that if this is `true`, images referenced by a tag will only use the primary
registry, failing if that registry is not accessible.
Note that if this is `true`, images referenced by a tag will only use the primary
registry, failing if that registry is not accessible.
*Note*: Redirection and mirrors are currently processed only when reading images, not when pushing
to a registry; that may change in the future.

5
containers-storage.conf.5.md
View File

@ -174,6 +174,9 @@ The `storage.options.overlay` table supports the following options:
**ignore_chown_errors** = "false"
ignore_chown_errors can be set to allow a non privileged user running with a single UID within a user namespace to run containers. The user can pull and use any image even those with multiple uids. Note multiple UIDs will be squashed down to the default uid in the container. These images will have no separation between the users in the container. (default: false)
**inodes**=""
Maximum inodes in a read/write layer. This flag can be used to set a quota on the inodes allocated for a read/write layer of a container.
**force_mask** = "0000|shared|private"
ForceMask specifies the permissions mask that is used for new files and
directories.
@ -220,7 +223,7 @@ based file systems.
Comma separated list of default options to be used to mount container images. Suggested value "nodev". Mount options are documented in the mount(8) man page.
**size**=""
Maximum size of a container image. This flag can be used to set quota on the size of container images. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
Maximum size of a read/write layer. This flag can be used to set quota on the size of a read/write layer of a container. (format: <number>[<unit>], where unit = b (bytes), k (kilobytes), m (megabytes), or g (gigabytes))
### STORAGE OPTIONS FOR VFS TABLE

193
containers.conf
View File

@ -16,30 +16,16 @@
[containers]
# List of devices. Specified as
# "<device-on-host>:<device-on-container>:<permissions>", for example:
# "/dev/sdc:/dev/xvdc:rwm".
# If it is empty or commented out, only the default devices will be used
# List of annotation. Specified as
# "key = value"
# If it is empty or commented out, no annotations will be added
#
# devices = []
# List of volumes. Specified as
# "<directory-on-host>:<directory-in-container>:<options>", for example:
# "/db:/var/lib/db:ro".
# If it is empty or commented out, no volumes will be added
#
# volumes = []
# annotations = []
# Used to change the name of the default AppArmor profile of container engine.
#
# apparmor_profile = "container-default"
# List of annotation. Specified as
# "key=value"
# If it is empty or commented out, no annotations will be added
#
# annotations = []
# Default way to to create a cgroup namespace for the container
# Options are:
# `private` Create private Cgroup Namespace for the container.
@ -94,6 +80,13 @@ default_sysctls = [
# "nofile=1280:2560",
# ]
# List of devices. Specified as
# "<device-on-host>:<device-on-container>:<permissions>", for example:
# "/dev/sdc:/dev/xvdc:rwm".
# If it is empty or commented out, only the default devices will be used
#
# devices = []
# List of default DNS options to be added to /etc/resolv.conf inside of the container.
#
# dns_options = []
@ -167,6 +160,12 @@ default_sysctls = [
#
# log_size_max = -1
# Specifies default format tag for container log messages.
# This is useful for creating a specific tag for container log messages.
# Containers logs default to truncated container ID as a tag.
#
# log_tag = ""
# Default way to to create a Network namespace for the container
# Options are:
# `private` Create private Network Namespace for the container.
@ -180,10 +179,6 @@ default_sysctls = [
#
# no_hosts = false
# Maximum number of processes allowed in a container.
#
# pids_limit = 2048
# Default way to to create a PID namespace for the container
# Options are:
# `private` Create private PID Namespace for the container.
@ -191,6 +186,13 @@ default_sysctls = [
#
# pidns = "private"
# Maximum number of processes allowed in a container.
#
# pids_limit = 2048
# Indicates the networking to be used for rootless containers
# rootless_networking = "slirp4netns"
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
#
@ -210,14 +212,7 @@ default_sysctls = [
# Set umask inside the container
#
# umask="0022"
# Default way to to create a UTS namespace for the container
# Options are:
# `private` Create private UTS Namespace for the container.
# `host` Share host UTS Namespace with the container.
#
# utsns = "private"
# umask = "0022"
# Default way to to create a User namespace for the container
# Options are:
@ -230,11 +225,31 @@ default_sysctls = [
# UIDs are allocated from the "container" UIDs listed in
# /etc/subuid & /etc/subgid
#
# userns_size=65536
# userns_size = 65536
# Default way to to create a UTS namespace for the container
# Options are:
# `private` Create private UTS Namespace for the container.
# `host` Share host UTS Namespace with the container.
#
# utsns = "private"
# List of volumes. Specified as
# "<directory-on-host>:<directory-in-container>:<options>", for example:
# "/db:/var/lib/db:ro".
# If it is empty or commented out, no volumes will be added
#
# volumes = []
# The network table contains settings pertaining to the management of
# CNI plugins.
[secrets]
# driver = "file"
[secrets.opts]
# root = "/example/directory"
[network]
# Path to directory where CNI plugin binaries are located.
@ -255,14 +270,8 @@ default_sysctls = [
# network_config_dir = "/etc/cni/net.d/"
[engine]
# Maximum number of image layers to be copied (pulled/pushed) simultaneously.
# Not setting this field, or setting it to zero, will fall back to containers/image defaults.
# image_parallel_copies=0
# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
# container images. By default image pulled and pushed match the format of the
# source image. Building/committing defaults to OCI.
# image_default_format = ""
# Index to the active service
# active_service = production
# Cgroup management implementation used for the runtime.
# Valid options "systemd" or "cgroupfs"
@ -321,10 +330,19 @@ events_logger = "file"
# "/usr/share/containers/oci/hooks.d",
# ]
# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
# container images. By default image pulled and pushed match the format of the
# source image. Building/committing defaults to OCI.
# image_default_format = ""
# Default transport method for pulling and pushing for images
#
# image_default_transport = "docker://"
# Maximum number of image layers to be copied (pulled/pushed) simultaneously.
# Not setting this field, or setting it to zero, will fall back to containers/image defaults.
# image_parallel_copies = 0
# Default command to run the infra container
#
# infra_command = "/pause"
@ -348,7 +366,7 @@ infra_image = "registry.access.redhat.com/ubi9/pause"
# Indicates if Podman is running inside a VM via Podman Machine.
# Podman uses this value to do extra setup around networking from the
# container inside the VM to to host.
# machine_enabled=false
# machine_enabled = false
# MultiImageArchive - if true, the container engine allows for storing archives
# (e.g., of the docker-archive transport) with multiple images. By default,
@ -367,12 +385,12 @@ infra_image = "registry.access.redhat.com/ubi9/pause"
# Path to the slirp4netns binary
#
# network_cmd_path=""
# network_cmd_path = ""
# Default options to pass to the slirp4netns binary.
# For example "allow_host_loopback=true"
#
# network_cmd_options=[]
# network_cmd_options = []
# Whether to use chroot instead of pivot_root in the runtime
#
@ -392,6 +410,24 @@ infra_image = "registry.access.redhat.com/ubi9/pause"
# `podman --remote=true` for access to the remote Podman service.
# remote = false
# Default OCI runtime
#
# runtime = "crun"
runtime = "crun"
# List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors.
#
# runtime_supports_json = ["crun", "runc", "kata", "runsc"]
# List of the OCI runtimes that supports running containers with KVM Separation.
#
# runtime_supports_kvm = ["kata"]
# List of the OCI runtimes that supports running containers without cgroups.
#
# runtime_supports_nocgroups = ["crun"]
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage
# stores containers
@ -399,6 +435,22 @@ infra_image = "registry.access.redhat.com/ubi9/pause"
#
# static_dir = "/var/lib/containers/storage/libpod"
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
# map of service destinations
# [service_destinations]
# [service_destinations.production]
# URI to access the Podman service
# Examples:
# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
# rootfull "unix://run/podman/podman.sock (Default)
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
# uri = "ssh://user@production.example.com/run/user/1001/podman/podman.sock"
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
# Directory for temporary files. Must be tmpfs (wiped after reboot)
#
# tmp_dir = "/run/libpod"
@ -410,43 +462,6 @@ infra_image = "registry.access.redhat.com/ubi9/pause"
#
# volume_path = "/var/lib/containers/storage/volumes"
# Default OCI runtime
#
# runtime = "crun"
runtime = "crun"
# List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors.
#
# runtime_supports_json = ["crun", "runc", "kata", "runsc"]
# List of the OCI runtimes that supports running containers without cgroups.
#
# runtime_supports_nocgroups = ["crun"]
# List of the OCI runtimes that supports running containers with KVM Separation.
#
# runtime_supports_kvm = ["kata"]
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
# Index to the active service
# active_service = production
# map of service destinations
# [service_destinations]
# [service_destinations.production]
# URI to access the Podman service
# Examples:
# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
# rootfull "unix://run/podman/podman.sock (Default)
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
# uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
# Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc)
[engine.runtimes]
# crun = [
@ -459,16 +474,6 @@ runtime = "crun"
# "/run/current-system/sw/bin/crun",
# ]
# runc = [
# "/usr/bin/runc",
# "/usr/sbin/runc",
# "/usr/local/bin/runc",
# "/usr/local/sbin/runc",
# "/sbin/runc",
# "/bin/runc",
# "/usr/lib/cri-o-runc/sbin/runc",
# ]
# kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
@ -480,6 +485,16 @@ runtime = "crun"
# "/usr/bin/kata-fc",
# ]
# runc = [
# "/usr/bin/runc",
# "/usr/sbin/runc",
# "/usr/local/bin/runc",
# "/usr/local/sbin/runc",
# "/sbin/runc",
# "/bin/runc",
# "/usr/lib/cri-o-runc/sbin/runc",
# ]
# runsc = [
# "/usr/bin/runsc",
# "/usr/sbin/runsc",

63
containers.conf.5.md
View File

@ -10,12 +10,16 @@ and modify the defaults for running containers on the host. containers.conf uses
a TOML format that can be easily modified and versioned.
Container engines read the /usr/share/containers/containers.conf and
/etc/containers/containers.conf files if they exists. When running in rootless
mode, they also read $HOME/.config/containers/containers.conf files.
/etc/containers/containers.conf, and /etc/containers/containers.conf.d/*.conf files
if they exist. When running in rootless mode, they also read
$HOME/.config/containers/containers.conf and
$HOME/.config/containers/containers.conf.d/*.conf files.
Fields specified in containers conf override the default options, as well as
options in previously read containers.conf files.
Config files in the `.d` directories, are added in alpha numeric sorted order and must end in `.conf`.
Not all options are supported in all container engines.
Note container engines also use other configuration files for configuring the environment.
@ -186,6 +190,10 @@ that no size limit is imposed. If it is positive, it must be >= 8192 to
match/exceed conmon's read buffer. The file is truncated and re-opened so the
limit is never exceeded.
**log_tag**=""
Default format tag for container log messages. This is useful for creating a specific tag for container log messages. Container log messages default to using the truncated container ID as a tag.
**netns**="private"
Default way to to create a NET namespace for the container.
@ -211,6 +219,11 @@ Options are:
Maximum number of processes allowed in a container. 0 indicates that no limit
is imposed.
**rootless_networking**="slirp4netns"
Set type of networking rootless containers should use. Valid options are `slirp4netns`
or `cni`.
**seccomp_profile**="/usr/share/containers/seccomp.json"
Path to the seccomp.json profile which is used as the default seccomp profile
@ -293,10 +306,6 @@ The `engine` table contains configuration options used to set up container engin
Name of destination for accessing the Podman service. See SERVICE DESTINATION TABLE below.
**cgroup_check**=false
CgroupCheck indicates the configuration has been rewritten after an upgrade to Fedora 31 to change the default OCI runtime for cgroupsv2.
**cgroup_manager**="systemd"
The cgroup management implementation used for the runtime. Supports `cgroupfs`
@ -454,14 +463,14 @@ on the system using the priority: "crun", "runc", "kata".
The list of the OCI runtimes that support `--format=json`.
**runtime_supports_nocgroups**=["crun"]
The list of OCI runtimes that support running containers without CGroups.
**runtime_supports_kvm**=["kata"]
The list of OCI runtimes that support running containers with KVM separation.
**runtime_supports_nocgroups**=["crun"]
The list of OCI runtimes that support running containers without CGroups.
**static_dir**="/var/lib/containers/storage/libpod"
Directory for persistent libpod files (database, etc).
@ -477,6 +486,14 @@ Number of seconds to wait for container to exit before sending kill signal.
The path to a temporary directory to store per-boot container.
Must be a tmpfs (wiped after reboot).
**volume_path**="/var/lib/containers/storage/volumes"
Directory where named volumes will be created in using the default volume
driver.
By default this will be configured relative to where containers/storage store
containers. This convention is followed by the default volume driver, but may
not be by other drivers.
## SERVICE DESTINATION TABLE
The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API.
@ -495,14 +512,6 @@ URI to access the Podman service
Path to file containing ssh identity key
**volume_path**="/var/lib/containers/storage/volumes"
Directory where named volumes will be created in using the default volume
driver.
By default this will be configured relative to where containers/storage store
containers. This convention is followed by the default volume driver, but may
not be by other drivers.
**[engine.volume_plugins]**
A table of all the enabled volume plugins on the system. Volume plugins can be
@ -510,6 +519,21 @@ used as the backend for Podman named volumes. Individual plugins are specified
below, as a map of the plugin name (what the plugin will be called) to its path
(filepath of the plugin's unix socket).
## SECRET TABLE
The `secret` table contains settings for the configuration of the secret subsystem.
**driver**=file
Name of the secret driver to be used.
Currently valid values are:
* file
* pass
**[secrets.opts]**
The driver specific options object.
# FILES
**containers.conf**
@ -518,8 +542,7 @@ Distributions often provide a `/usr/share/containers/containers.conf` file to
define default container configuration. Administrators can override fields in
this file by creating `/etc/containers/containers.conf` to specify their own
configuration. Rootless users can further override fields in the config by
creating a config file stored in the
`$HOME/.config/containers/containers.conf` file.
creating a config file stored in the `$HOME/.config/containers/containers.conf` file.
If the `CONTAINERS_CONF` path environment variable is set, just
this path will be used. This is primarily used for testing.

21
skopeo.spec
View File

@ -20,17 +20,17 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
# pick the oldest version on c/image, c/common, c/storage vendored in
# podman/skopeo/podman.
%global podman_branch master
%global image_branch v5.12.0
%global common_branch v0.38.12
%global storage_branch v1.31.3
%global image_branch v5.14.0
%global common_branch v0.41.0
%global storage_branch v1.33.0
%global shortnames_branch main
%global commit0 64dc748e5e871da30e50edc496911094e3fe0114
%global commit0 caf1469b1d6d1a7a23716a8fc797563d75e81902
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
Epoch: 1
Name: skopeo
Version: 1.4.0
Release: 0.1%{?dist}
Release: 0.2%{?dist}
Summary: Inspect container images and repositories on registries
License: ASL 2.0
URL: %{git0}
@ -80,6 +80,7 @@ BuildRequires: pkgconfig(devmapper)
BuildRequires: glib2-devel
BuildRequires: make
Requires: containers-common = %{epoch}:%{version}-%{release}
Requires: system-release
%description
Command line utility to inspect images and repositories directly on Docker
@ -155,8 +156,10 @@ install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf
install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf
# for signature verification
%if !0%{?rhel} || 0%{?centos}
install -dp %{buildroot}%{_sysconfdir}/pki/rpm-gpg
install -m0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
%endif
install -dp %{buildroot}%{_sysconfdir}/containers/registries.d
install -m0644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/registries.d
install -m0644 %{SOURCE23} %{buildroot}%{_sysconfdir}/containers/registries.d
@ -226,7 +229,9 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%dir %{_sysconfdir}/containers/oci
%dir %{_sysconfdir}/containers/oci/hooks.d
%dir %{_sysconfdir}/containers/registries.conf.d
%if !0%{?rhel} || 0%{?centos}
%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
%endif
%config(noreplace) %{_sysconfdir}/containers/policy.json
%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
%config(noreplace) %{_sysconfdir}/containers/storage.conf
@ -258,6 +263,12 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test
%changelog
* Mon Aug 02 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.4.0-0.2
- update vendored components
- ship /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release only on non-RHEL and
CentOS distros
- Related: #1970747
* Thu Jul 29 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.4.0-0.1
- switch to the main branch of skopeo
- Related: #1970747

2
sources
View File

@ -1 +1 @@
SHA512 (main-64dc748.tar.gz) = 3d46051530d01415a9d56971018fc641d67143b3f5348881d52550651df8c0d39f1f293d3c1fa2404eeb106d32a87576f871f362424cdefa2dc32f91735086ee
SHA512 (main-caf1469.tar.gz) = be3db2ff0373b9fc330fa308920f60b68a150ab171cffe51dc940154163439e9ef86066bcfa357a522b982d2d8715339dfe24ce3f01eb4b1cf23244eeb6bb9c8

3
storage.conf
View File

@ -69,6 +69,9 @@ additionalimagestores = [
# and vfs drivers.
#ignore_chown_errors = "false"
# Inodes is used to set a maximum inodes of the container image.
# inodes = ""
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
#mount_program = "/usr/bin/fuse-overlayfs"

6
update-vendored.sh
View File

@ -22,9 +22,9 @@ for P in podman skopeo buildah; do
pkg --release rhel-8 prep
fi
DIR=`ls -d -- */ | grep -v ^tests | head -n1`
grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_image
grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_common
grep github.com/containers/storage $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_storage
grep github.com/containers/image $DIR/go.mod | grep -v - | cut -d\ -f2 >> /tmp/ver_image
grep github.com/containers/common $DIR/go.mod | grep -v - | cut -d\ -f2 >> /tmp/ver_common
grep github.com/containers/storage $DIR/go.mod | grep -v - | cut -d\ -f2 >> /tmp/ver_storage
cd -
done
IMAGE_VER=`sort -n /tmp/ver_image | head -n1`