skopeo-1.4.0-3.el9

- update vendored components
- always require runc on RHEL8 or lesser
- Related: #1970747

Signed-off-by: Jindrich Novy <jnovy@redhat.com>

containers-storage.conf.5.md

@@ -263,13 +263,45 @@ The semanage command above tells SELinux to setup the default labeling of `NEWST
 
 Now all new content created in these directories will automatically be created with the correct label.
 
-## SEE ALSO
+## QUOTAS
-`semanage(8)`, `restorecon(8)`, `mount(8)`, `fuse-overlayfs(1)`
+
+Container storage implements `XFS project quota controls` for overlay storage
+containers and volumes. The directory used to store the containers must be an
+`XFS` file system and be mounted with the `pquota` option.
+
+Example /etc/fstab entry:
+```
+/dev/podman/podman-var /var xfs defaults,x-systemd.device-timeout=0,pquota 1 2
+```
+
+Container storage generates project ids for each container and builtin volume, but these project ids need to be unique for the XFS file system.
+
+The xfs_quota tool can be used to assign a project id to the storage driver directory, e.g.:
+
+```
+echo 100000:/var/lib/containers/storage/overlay >> /etc/projects
+echo 200000:/var/lib/containers/storage/volumes >> /etc/projects
+echo storage:100000 >> /etc/projid
+echo volumes:200000 >> /etc/projid
+xfs_quota -x -c 'project -s storage volumes' /<xfs mount point>
+```
+
+In the example above, the storage directory project id will be used as a "start offset"
+and all containers will be assigned larger project ids (e.g. >= 100000).
+Then the volumes directory project id will be used as a "start offset"
+and all volumes will be assigned larger project ids (e.g. >= 200000).
+This is a way to prevent xfs_quota management from conflicting with containers/storage.
 
 ## FILES
 
 Distributions often provide a `/usr/share/containers/storage.conf` file to define default storage configuration. Administrators can override this file by creating `/etc/containers/storage.conf` to specify their own configuration. The storage.conf file for rootless users is stored in the `$XDG_CONFIG_HOME/containers/storage.conf` file.  If `$XDG_CONFIG_HOME` is not set then the file `$HOME/.config/containers/storage.conf` is used.
 
+/etc/projects - XFS persistent project root definition
+/etc/projid -  XFS project name mapping file
+
+## SEE ALSO
+`semanage(8)`, `restorecon(8)`, `mount(8)`, `fuse-overlayfs(1)`, `xfs_quota(8)`, `projects(5)`, `projid(5)`
+
 ## HISTORY
 May 2017, Originally compiled by Dan Walsh <dwalsh@redhat.com>
 Format copied from crio.conf man page created by Aleksa Sarai <asarai@suse.de>

containers.conf

@@ -190,6 +190,13 @@ default_sysctls = [
 #
 # pids_limit = 2048
 
+# Copy the content from the underlying image into the newly created volume
+# when the container is created instead of when it is started. If false,
+# the container engine will not copy the content until the container is started.
+# Setting it to true may have negative performance implications.
+#
+# prepare_volume_on_create = false
+
 # Indicates the networking to be used for rootless containers
 # rootless_networking = "slirp4netns"
 

containers.conf.5.md

@@ -219,6 +219,10 @@ Options are:
 Maximum number of processes allowed in a container. 0 indicates that no limit
 is imposed.
 
+**prepare_volume_on_create**=false
+
+Copy the content from the underlying image into the newly created volume when the container is created instead of when it is started. If `false`, the container engine will not copy the content until the container is started. Setting it to `true` may have negative performance implications.
+
 **rootless_networking**="slirp4netns"
 
 Set type of networking rootless containers should use.  Valid options are `slirp4netns`
@@ -494,6 +498,11 @@ By default this will be configured relative to where containers/storage store
 containers. This convention is followed by the default volume driver, but may
 not be by other drivers.
 
+**chown_copied_files**=true
+
+Determines whether file copied into a container will have changed ownership to
+the primary uid/gid of the container.
+
 ## SERVICE DESTINATION TABLE
 The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API.
 

skopeo.spec

@@ -21,8 +21,8 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 # podman/skopeo/podman.
 %global podman_branch v3.3
 %global image_branch v5.15.0
-%global common_branch v0.41.0
+%global common_branch v0.42.0
-%global storage_branch v1.33.0
+%global storage_branch v1.33.1
 %global shortnames_branch main
 %global commit0 a44da449d35e4621e9993f406d5a4f98dd89965e
 %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
@@ -30,7 +30,7 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
 Epoch: 1
 Name: skopeo
 Version: 1.4.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 Summary: Inspect container images and repositories on registries
 License: ASL 2.0
 URL: %{git0}
@@ -93,7 +93,11 @@ Conflicts: atomic-registries <= 1:1.22.1-1
 Obsoletes: docker-rhsubscription <= 2:1.13.1-31
 Provides: %{name}-containers = %{epoch}:%{version}-%{release}
 Obsoletes: %{name}-containers <= 1:0.1.31-3
+%if 0%{?rhel} >= 9 || 0%{?fedora}
 Requires: crun >= 0.19
+%else
+Requires: runc
+%endif
 Recommends: fuse-overlayfs
 Recommends: slirp4netns
 Suggests: subscription-manager
@@ -263,6 +267,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %{_datadir}/%{name}/test
 
 %changelog
+* Wed Aug 04 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.4.0-3
+- update vendored components
+- always require runc on RHEL8 or lesser
+- Related: #1970747
+
 * Wed Aug 04 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.4.0-2
 - update to the latest content of https://github.com/containers/skopeo/tree/release-1.4
   (https://github.com/containers/skopeo/commit/a44da44)