import skopeo-1.3.1-5.module+el8.4.0+11990+22932769

This commit is contained in:
CentOS Sources 2021-08-10 08:03:32 -04:00 committed by Andrew Lukoshko
parent 5c8403365b
commit 82ffde5d77
17 changed files with 397 additions and 1114 deletions

2
.gitignore vendored
View File

@ -1 +1 @@
SOURCES/release-1.2-e7880c4.tar.gz SOURCES/release-1.3-038f70e.tar.gz

View File

@ -1 +1 @@
ffeef33b1b8d0be913b7ac87b4a0093f8805cfda SOURCES/release-1.2-e7880c4.tar.gz 574c9200f48f44e9df626f4bd50f710bf3b09ca9 SOURCES/release-1.3-038f70e.tar.gz

File diff suppressed because it is too large Load Diff

View File

@ -1,8 +1,7 @@
[aliases] [aliases]
"skopeo" = "registry.access.redhat.com/ubi8/skopeo" "skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo" "ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
"rhel8/skopeo" = "registry.redhat.io/rhel8/skopeo"
"buildah" = "registry.access.redhat.com/ubi8/buildah" "buildah" = "registry.access.redhat.com/ubi8/buildah"
"ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah" "ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
"podman" = "registry.access.redhat.com/ubi8/podman" "rhel8/buildah" = "registry.redhat.io/rhel8/buildah"
"ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
"rhel8/podman" = "registry.redhat.io/rhel8/podman"

View File

@ -15,7 +15,7 @@ A certs directory can contain one or more files with the following extensions:
* `*.key` files with this extensions will be interpreted as client keys * `*.key` files with this extensions will be interpreted as client keys
Note that the client certificate-key pair will be selected by the file name (e.g., `client.{cert,key}`). Note that the client certificate-key pair will be selected by the file name (e.g., `client.{cert,key}`).
An examplary setup for a registry running at `my-registry.com:5000` may look as follows: An exemplary setup for a registry running at `my-registry.com:5000` may look as follows:
``` ```
/etc/containers/certs.d/ <- Certificate directory /etc/containers/certs.d/ <- Certificate directory
└── my-registry.com:5000 <- Hostname:port └── my-registry.com:5000 <- Hostname:port

View File

@ -114,7 +114,7 @@ Scopes are ignored.
Using the mechanisms above, a set of policy requirements is looked up. The policy requirements Using the mechanisms above, a set of policy requirements is looked up. The policy requirements
are represented as a JSON array of individual requirement objects. For an image to be accepted, are represented as a JSON array of individual requirement objects. For an image to be accepted,
*all* of the requirements must be satisfied simulatenously. *all* of the requirements must be satisfied simultaneously.
The policy requirements can also be used to decide whether an individual signature is accepted (= is signed by a recognized key of a known author); The policy requirements can also be used to decide whether an individual signature is accepted (= is signed by a recognized key of a known author);
in that case some requirements may apply only to some signatures, but each signature must be accepted by *at least one* requirement object. in that case some requirements may apply only to some signatures, but each signature must be accepted by *at least one* requirement object.

View File

@ -16,6 +16,9 @@ Container engines will use the `$HOME/.config/containers/registries.conf` if it
`unqualified-search-registries` `unqualified-search-registries`
: An array of _host_[`:`_port_] registries to try when pulling an unqualified image, in order. : An array of _host_[`:`_port_] registries to try when pulling an unqualified image, in order.
`credential-helpers`
: An array of default credential helpers used as external credential stores. Note that "containers-auth.json" is a reserved value to use auth files as specified in containers-auth.json(5). The credential helpers are set to `["containers-auth.json"]` if none are specified.
### NAMESPACED `[[registry]]` SETTINGS ### NAMESPACED `[[registry]]` SETTINGS
The bulk of the configuration is represented as an array of `[[registry]]` The bulk of the configuration is represented as an array of `[[registry]]`
@ -26,16 +29,20 @@ as well as among different namespaces/repositories within a registry.
Given an image name, a single `[[registry]]` TOML table is chosen based on its `prefix` field. Given an image name, a single `[[registry]]` TOML table is chosen based on its `prefix` field.
`prefix` `prefix`: A prefix of the user-specified image name, i.e. using one of the following formats:
: A prefix of the user-specified image name, i.e. using one of the following formats: - _host_[`:`_port_]
- _host_[`:`_port_] - _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…] - _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_ - _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_(`:`_tag|`@`_digest_)
- _host_[`:`_port_]`/`_namespace_[`/`_namespace_…]`/`_repo_(`:`_tag|`@`_digest_) - [`*.`]_host_
The user-specified image name must start with the specified `prefix` (and continue The user-specified image name must start with the specified `prefix` (and continue
with the appropriate separator) for a particular `[[registry]]` TOML table to be with the appropriate separator) for a particular `[[registry]]` TOML table to be
considered; (only) the TOML table with the longest match is used. considered; (only) the TOML table with the longest match is used. It can
also include wildcarded subdomains in the format `*.example.com` along as mentioned
above. The wildcard should only be present at the beginning as shown in the formats
above. Other cases will not work. For example, `*.example.com` is valid but
`example.*.com`, `*.example.com/foo` and `*.example.com:5000/foo/bar:baz` are not.
As a special case, the `prefix` field can be missing; if so, it defaults to the value As a special case, the `prefix` field can be missing; if so, it defaults to the value
of the `location` field (described below). of the `location` field (described below).
@ -75,6 +82,19 @@ internet without having to change `Dockerfile`s, or to add redundancy).
requests for the image `example.com/foo/myimage:latest` will actually work with the requests for the image `example.com/foo/myimage:latest` will actually work with the
`internal-registry-for-example.net/bar/myimage:latest` image. `internal-registry-for-example.net/bar/myimage:latest` image.
With a `prefix` containing a wildcard in the format: "*.example.com" for subdomain matching,
the location can be empty. In such a case,
prefix matching will occur, but no reference rewrite will occur. The
original requested image string will be used as-is. But other settings like
`insecure` / `blocked` / `mirrors` will be applied to matching images.
Example: Given
```
prefix = "*.example.com"
```
requests for the image `blah.example.com/foo/myimage:latest` will be used
as-is. But other settings like insecure/blocked/mirrors will be applied to matching images
`mirror` `mirror`
: An array of TOML tables specifying (possibly-partial) mirrors for the : An array of TOML tables specifying (possibly-partial) mirrors for the
`prefix`-rooted namespace. `prefix`-rooted namespace.
@ -271,7 +291,7 @@ the destination registry is unambiguous. Pulling by digest
tags. tags.
# SEE ALSO # SEE ALSO
containers-certs.d(5) containers-auth.json(5) containers-certs.d(5)
# HISTORY # HISTORY
Dec 2019, Warning added for unqualified image names by Tom Sweeney <tsweeney@redhat.com> Dec 2019, Warning added for unqualified image names by Tom Sweeney <tsweeney@redhat.com>

View File

@ -17,7 +17,7 @@ Once the main configuration at `/etc/containers/registries.conf` is loaded, the
files in `/etc/containers/registries.conf.d` are loaded in alpha-numerical files in `/etc/containers/registries.conf.d` are loaded in alpha-numerical
order. Then the conf files in `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order, if they exist. If the `$HOME/.config/containers/registries.conf` is loaded, only the conf files under `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order. order. Then the conf files in `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order, if they exist. If the `$HOME/.config/containers/registries.conf` is loaded, only the conf files under `$HOME/.config/containers/registries.conf.d` are loaded in alpha-numerical order.
Specified fields in a conf file will overwrite any previous setting. Note Specified fields in a conf file will overwrite any previous setting. Note
that only files with the `.conf` prefix are loaded, other files and that only files with the `.conf` suffix are loaded, other files and
sub-directories are ignored. sub-directories are ignored.
For instance, setting the `unqualified-search-registries` in For instance, setting the `unqualified-search-registries` in

View File

@ -29,7 +29,10 @@ The `storage` table supports the following options:
**driver**="" **driver**=""
container storage driver container storage driver
Default Copy On Write (COW) container storage driver. Valid drivers are "overlay", "vfs", "devmapper", "aufs", "btrfs", and "zfs". Some drivers (for example, "zfs", "btrfs", and "aufs") may not work if your kernel lacks support for the filesystem. Default Copy On Write (COW) container storage driver. Valid drivers are "overlay", "vfs", "devmapper", "aufs", "btrfs", and "zfs". Some drivers (for example, "zfs", "btrfs", and "aufs") may not work if your kernel lacks support for the filesystem.
This field is requiered to guarantee proper operation. This field is required to guarantee proper operation.
Valid rootless drivers are "btrfs", "overlay", and "vfs".
Rootless users default to the driver defined in the system configuration when possible.
When the system configuration uses an unsupported rootless driver, rootless users default to "overlay" if available, otherwise "vfs".
**graphroot**="" **graphroot**=""
container storage graph dir (default: "/var/lib/containers/storage") container storage graph dir (default: "/var/lib/containers/storage")
@ -84,6 +87,9 @@ The `storage.options` table supports the following options:
**auto-userns-max-size**=65536 **auto-userns-max-size**=65536
Auto-userns-max-size is the maximum size for a user namespace created automatically. Auto-userns-max-size is the maximum size for a user namespace created automatically.
**disable-volatile**=true
If disable-volatile is set, then the "volatile" mount optimization is disabled for all the containers.
### STORAGE OPTIONS FOR AUFS TABLE ### STORAGE OPTIONS FOR AUFS TABLE
The `storage.options.aufs` table supports the following options: The `storage.options.aufs` table supports the following options:

View File

@ -74,7 +74,6 @@ default_capabilities = [
"SYS_CHROOT" "SYS_CHROOT"
] ]
# A list of sysctls to be set in containers by default, # A list of sysctls to be set in containers by default,
# specified as "name=value", # specified as "name=value",
# for example:"net.ipv4.ping_group_range = 0 0". # for example:"net.ipv4.ping_group_range = 0 0".
@ -242,14 +241,28 @@ default_sysctls = [
# #
# cni_plugin_dirs = ["/usr/libexec/cni"] # cni_plugin_dirs = ["/usr/libexec/cni"]
# The network name of the default CNI network to attach pods to.
# default_network = "podman"
# The default subnet for the default CNI network given in default_network.
# If a network with that name does not exist, a new network using that name and
# this subnet will be created.
# Must be a valid IPv4 CIDR prefix.
#default_subnet = "10.88.0.0/16"
# Path to the directory where CNI configuration files are located. # Path to the directory where CNI configuration files are located.
# #
# network_config_dir = "/etc/cni/net.d/" # network_config_dir = "/etc/cni/net.d/"
[engine] [engine]
# ImageBuildFormat indicates the default image format to building # Maximum number of image layers to be copied (pulled/pushed) simultaneously.
# container images. Valid values are "oci" (default) or "docker". # Not setting this field, or setting it to zero, will fall back to containers/image defaults.
# image_build_format = "oci" # image_parallel_copies=0
# Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
# container images. By default image pulled and pushed match the format of the
# source image. Building/committing defaults to OCI.
# image_default_format = ""
# Cgroup management implementation used for the runtime. # Cgroup management implementation used for the runtime.
# Valid options "systemd" or "cgroupfs" # Valid options "systemd" or "cgroupfs"
@ -321,7 +334,7 @@ events_logger = "file"
# associated with the pod. This container does nothing other then sleep, # associated with the pod. This container does nothing other then sleep,
# reserving the pods resources for the lifetime of the pod. # reserving the pods resources for the lifetime of the pod.
# #
# infra_image = "k8s.gcr.io/pause:3.2" # infra_image = "k8s.gcr.io/pause:3.4.1"
infra_image = "registry.access.redhat.com/ubi8/pause" infra_image = "registry.access.redhat.com/ubi8/pause"
# Specify the locking mechanism to use; valid values are "shm" and "file". # Specify the locking mechanism to use; valid values are "shm" and "file".
@ -332,6 +345,11 @@ infra_image = "registry.access.redhat.com/ubi8/pause"
# #
# lock_type** = "shm" # lock_type** = "shm"
# Indicates if Podman is running inside a VM via Podman Machine.
# Podman uses this value to do extra setup around networking from the
# container inside the VM to to host.
# machine_enabled=false
# MultiImageArchive - if true, the container engine allows for storing archives # MultiImageArchive - if true, the container engine allows for storing archives
# (e.g., of the docker-archive transport) with multiple images. By default, # (e.g., of the docker-archive transport) with multiple images. By default,
# Podman creates single-image archives. # Podman creates single-image archives.
@ -400,7 +418,7 @@ runtime = "runc"
# List of the OCI runtimes that support --format=json. When json is supported # List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors. # engine will use it for reporting nicer errors.
# #
# runtime_supports_json = ["crun", "runc", "kata"] # runtime_supports_json = ["crun", "runc", "kata", "runsc"]
# List of the OCI runtimes that supports running containers without cgroups. # List of the OCI runtimes that supports running containers without cgroups.
# #
@ -429,7 +447,7 @@ runtime = "runc"
# Path to file containing ssh identity key # Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa" # identity = "~/.ssh/id_rsa"
# Paths to look for a valid OCI runtime (crun, runc, kata, etc) # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, etc)
[engine.runtimes] [engine.runtimes]
# crun = [ # crun = [
# "/usr/bin/crun", # "/usr/bin/crun",
@ -462,6 +480,16 @@ runtime = "runc"
# "/usr/bin/kata-fc", # "/usr/bin/kata-fc",
# ] # ]
# runsc = [
# "/usr/bin/runsc",
# "/usr/sbin/runsc",
# "/usr/local/bin/runsc",
# "/usr/local/sbin/runsc",
# "/bin/runsc",
# "/sbin/runsc",
# "/run/current-system/sw/bin/runsc",
# ]
[engine.volume_plugins] [engine.volume_plugins]
# testplugin = "/run/podman/plugins/test.sock" # testplugin = "/run/podman/plugins/test.sock"

View File

@ -46,32 +46,16 @@ TOML can be simplified to:
The containers table contains settings pertaining to the OCI runtime that can The containers table contains settings pertaining to the OCI runtime that can
configure and manage the OCI runtime. configure and manage the OCI runtime.
**devices**=[] **annotations** = []
List of annotations. Specified as "key=value" pairs to be added to all containers.
List of devices. Example: "run.oci.keep_original_groups=1"
Specified as 'device-on-host:device-on-container:permissions'.
Example: "/dev/sdc:/dev/xvdc:rwm".
**volumes**=[]
List of volumes.
Specified as "directory-on-host:directory-in-container:options".
Example: "/db:/var/lib/db:ro".
**apparmor_profile**="container-default" **apparmor_profile**="container-default"
Used to change the name of the default AppArmor profile of container engines. Used to change the name of the default AppArmor profile of container engines.
The default profile name is "container-default". The default profile name is "container-default".
**cgroupns**="private"
Default way to to create a cgroup namespace for the container.
Options are:
`private` Create private Cgroup Namespace for the container.
`host` Share host Cgroup Namespace with the container.
**cgroups**="enabled" **cgroups**="enabled"
Determines whether the container will create CGroups. Determines whether the container will create CGroups.
@ -80,6 +64,13 @@ Options are:
`disabled` Disable cgroup support, will inherit cgroups from parent `disabled` Disable cgroup support, will inherit cgroups from parent
`no-conmon` Do not create a cgroup dedicated to conmon. `no-conmon` Do not create a cgroup dedicated to conmon.
**cgroupns**="private"
Default way to to create a cgroup namespace for the container.
Options are:
`private` Create private Cgroup Namespace for the container.
`host` Share host Cgroup Namespace with the container.
**default_capabilities**=[] **default_capabilities**=[]
List of default capabilities for containers. List of default capabilities for containers.
@ -117,6 +108,13 @@ specified as "name=soft-limit:hard-limit".
Example: "nofile=1024:2048". Example: "nofile=1024:2048".
**devices**=[]
List of devices.
Specified as 'device-on-host:device-on-container:permissions'.
Example: "/dev/sdc:/dev/xvdc:rwm".
**dns_options**=[] **dns_options**=[]
List of default DNS options to be added to /etc/resolv.conf inside of the List of default DNS options to be added to /etc/resolv.conf inside of the
@ -201,11 +199,6 @@ Options are:
Create /etc/hosts for the container. By default, container engines manage Create /etc/hosts for the container. By default, container engines manage
/etc/hosts, automatically adding the container's own IP address. /etc/hosts, automatically adding the container's own IP address.
**pids_limit**=1024
Maximum number of processes allowed in a container. 0 indicates that no limit
is imposed.
**pidns**="private" **pidns**="private"
Default way to to create a PID namespace for the container. Default way to to create a PID namespace for the container.
@ -213,6 +206,11 @@ Options are:
`private` Create private PID Namespace for the container. `private` Create private PID Namespace for the container.
`host` Share host PID Namespace with the container. `host` Share host PID Namespace with the container.
**pids_limit**=1024
Maximum number of processes allowed in a container. 0 indicates that no limit
is imposed.
**seccomp_profile**="/usr/share/containers/seccomp.json" **seccomp_profile**="/usr/share/containers/seccomp.json"
Path to the seccomp.json profile which is used as the default seccomp profile Path to the seccomp.json profile which is used as the default seccomp profile
@ -240,13 +238,6 @@ Examples:
Sets umask inside the container. Sets umask inside the container.
**utsns**="private"
Default way to to create a UTS namespace for the container.
Options are:
`private` Create private UTS Namespace for the container.
`host` Share host UTS Namespace with the container.
**userns**="host" **userns**="host"
Default way to to create a USER namespace for the container. Default way to to create a USER namespace for the container.
@ -259,6 +250,14 @@ Options are:
Number of UIDs to allocate for the automatic container creation. UIDs are Number of UIDs to allocate for the automatic container creation. UIDs are
allocated from the “container” UIDs listed in /etc/subuid & /etc/subgid. allocated from the “container” UIDs listed in /etc/subuid & /etc/subgid.
**utsns**="private"
Default way to to create a UTS namespace for the container.
Options are:
`private` Create private UTS Namespace for the container.
`host` Share host UTS Namespace with the container.
## NETWORK TABLE ## NETWORK TABLE
The `network` table contains settings pertaining to the management of CNI The `network` table contains settings pertaining to the management of CNI
plugins. plugins.
@ -271,15 +270,28 @@ List of paths to directories where CNI plugin binaries are located.
The network name of the default CNI network to attach pods to. The network name of the default CNI network to attach pods to.
**default_subnet**="10.88.0.0/16"
The subnet to use for the default CNI network (named above in **default_network**).
If the default network does not exist, it will be automatically created the first time a tool is run using this subnet.
**network_config_dir**="/etc/cni/net.d/" **network_config_dir**="/etc/cni/net.d/"
Path to the directory where CNI configuration files are located. Path to the directory where CNI configuration files are located.
**volumes**=[]
List of volumes.
Specified as "directory-on-host:directory-in-container:options".
Example: "/db:/var/lib/db:ro".
## ENGINE TABLE ## ENGINE TABLE
The `engine` table contains configuration options used to set up container engines such as Podman and Buildah. The `engine` table contains configuration options used to set up container engines such as Podman and Buildah.
**image_build_format**="oci" **active_service**=""
The default image format to building container images. Valid values are "oci" (default) or "docker".
Name of destination for accessing the Podman service. See SERVICE DESTINATION TABLE below.
**cgroup_check**=false **cgroup_check**=false
@ -346,15 +358,27 @@ Valid values: `file`, `journald`, and `none`.
Path to the OCI hooks directories for automatically executed hooks. Path to the OCI hooks directories for automatically executed hooks.
**image_default_format**="oci"|"v2s2"|"v2s1"
Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building
container images. By default images pulled and pushed match the format of the
source image. Building/committing defaults to OCI.
Note: **image_build_format** is deprecated.
**image_default_transport**="docker://" **image_default_transport**="docker://"
Default transport method for pulling and pushing images. Default transport method for pulling and pushing images.
**image_parallel_copies**=0
Maximum number of image layers to be copied (pulled/pushed) simultaneously.
Not setting this field will fall back to containers/image defaults. (6)
**infra_command**="/pause" **infra_command**="/pause"
Command to run the infra container. Command to run the infra container.
**infra_image**="k8s.gcr.io/pause:3.2" **infra_image**="k8s.gcr.io/pause:3.4.1"
Infra (pause) container image name for pod infra containers. When running a Infra (pause) container image name for pod infra containers. When running a
pod, we start a `pause` process in a container to hold open the namespaces pod, we start a `pause` process in a container to hold open the namespaces
@ -369,6 +393,12 @@ Change the default only if you are sure of what you are doing, in general
faster "shm" lock type. You may need to run "podman system renumber" after you faster "shm" lock type. You may need to run "podman system renumber" after you
change the lock type. change the lock type.
**machine_enabled**=false
Indicates if Podman is running inside a VM via Podman Machine.
Podman uses this value to do extra setup around networking from the
container inside the VM to to host.
**multi_image_archive**=false **multi_image_archive**=false
Allows for creating archives (e.g., tarballs) with more than one image. Some container engines, such as Podman, interpret additional arguments as tags for one image and hence do not store more than one image. The default behavior can be altered with this option. Allows for creating archives (e.g., tarballs) with more than one image. Some container engines, such as Podman, interpret additional arguments as tags for one image and hence do not store more than one image. The default behavior can be altered with this option.
@ -402,27 +432,6 @@ pod consumes one lock. The default number available is 2048. If this is
changed, a lock renumbering must be performed, using the changed, a lock renumbering must be performed, using the
`podman system renumber` command. `podman system renumber` command.
**active_service**=""
Name of destination for accessing the Podman service.
**[service_destinations]**
**[service_destinations.{name}]**
**uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"**
Example URIs:
- **rootless local** - unix://run/user/1000/podman/podman.sock
- **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock
- **rootfull local** - unix://run/podman/podman.sock
- **rootfull remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock
**identity="~/.ssh/id_rsa**
Path to file containing ssh identity key
**pull_policy**="always"|"missing"|"never" **pull_policy**="always"|"missing"|"never"
Pull image before running or creating a container. The default is **missing**. Pull image before running or creating a container. The default is **missing**.
@ -441,7 +450,7 @@ Default OCI specific runtime in runtimes that will be used by default. Must
refer to a member of the runtimes table. Default runtime will be searched for refer to a member of the runtimes table. Default runtime will be searched for
on the system using the priority: "crun", "runc", "kata". on the system using the priority: "crun", "runc", "kata".
**runtime_supports_json**=["crun", "runc", "kata"] **runtime_supports_json**=["crun", "runc", "kata", "runsc"]
The list of the OCI runtimes that support `--format=json`. The list of the OCI runtimes that support `--format=json`.
@ -468,6 +477,24 @@ Number of seconds to wait for container to exit before sending kill signal.
The path to a temporary directory to store per-boot container. The path to a temporary directory to store per-boot container.
Must be a tmpfs (wiped after reboot). Must be a tmpfs (wiped after reboot).
## SERVICE DESTINATION TABLE
The `service_destinations` table contains configuration options used to set up remote connections to the podman service for the podman API.
**[service_destinations.{name}]**
URI to access the Podman service
**uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"**
Example URIs:
- **rootless local** - unix://run/user/1000/podman/podman.sock
- **rootless remote** - ssh://user@engineering.lab.company.com/run/user/1000/podman/podman.sock
- **rootfull local** - unix://run/podman/podman.sock
- **rootfull remote** - ssh://root@10.10.1.136:22/run/podman/podman.sock
**identity="~/.ssh/id_rsa**
Path to file containing ssh identity key
**volume_path**="/var/lib/containers/storage/volumes" **volume_path**="/var/lib/containers/storage/volumes"
Directory where named volumes will be created in using the default volume Directory where named volumes will be created in using the default volume

View File

@ -1,7 +1,11 @@
#!/bin/bash #!/bin/bash
#set -x #set -e
#rm -f /tmp/pyxis*.json rm -f /tmp/pyxis*.json
TOTAL=`curl -s --negotiate -u: -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET "https://pyxis.engineering.redhat.com/v1/repositories?page_size=1" | jq .total` TOTAL=`curl -s --negotiate -u: -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET "https://pyxis.engineering.redhat.com/v1/repositories?page_size=1" | jq .total`
if [ "$TOTAL" == "null" ]; then
echo "Error comunicating with Pyxis API."
exit 1
fi
PAGES=$(($TOTAL/500)) PAGES=$(($TOTAL/500))
for P in `seq 0 $PAGES`; do for P in `seq 0 $PAGES`; do
curl -s --negotiate -u: -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET "https://pyxis.engineering.redhat.com/v1/repositories?page_size=500&page=$P" > /tmp/pyxis$P.json curl -s --negotiate -u: -H 'Content-Type: application/json' -H 'Accept: application/json' -X GET "https://pyxis.engineering.redhat.com/v1/repositories?page_size=500&page=$P" > /tmp/pyxis$P.json

View File

@ -33,6 +33,7 @@
# does not curate, patch or maintain container images from the docker.io registry. # does not curate, patch or maintain container images from the docker.io registry.
[registries.search] [registries.search]
registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io'] registries = ['registry.access.redhat.com', 'registry.redhat.io', 'docker.io']
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
# The following registries entry can be used for convenience but includes # The following registries entry can be used for convenience but includes
# container images built by the community. This set of content comes with all # container images built by the community. This set of content comes with all
@ -61,7 +62,6 @@ registries = []
# mirrors: # mirrors:
# #
# # An array of host[:port] registries to try when pulling an unqualified image, in order. # # An array of host[:port] registries to try when pulling an unqualified image, in order.
unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "registry.centos.org", "docker.io"]
# #
# [[registry]] # [[registry]]
# # The "prefix" field is used to choose the relevant [[registry]] TOML table; # # The "prefix" field is used to choose the relevant [[registry]] TOML table;

View File

@ -303,6 +303,7 @@
"sendmmsg", "sendmmsg",
"sendmsg", "sendmsg",
"sendto", "sendto",
"setns",
"set_robust_list", "set_robust_list",
"set_thread_area", "set_thread_area",
"set_tid_address", "set_tid_address",
@ -583,19 +584,13 @@
{ {
"names": [ "names": [
"bpf", "bpf",
"clone",
"fanotify_init", "fanotify_init",
"lookup_dcookie", "lookup_dcookie",
"mount",
"name_to_handle_at",
"perf_event_open", "perf_event_open",
"quotactl", "quotactl",
"setdomainname", "setdomainname",
"sethostname", "sethostname",
"setns", "setns"
"umount",
"umount2",
"unshare"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",
"args": [], "args": [],
@ -607,71 +602,6 @@
}, },
"excludes": {} "excludes": {}
}, },
{
"names": [
"clone"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 0,
"value": 2080505856,
"valueTwo": 0,
"op": "SCMP_CMP_MASKED_EQ"
}
],
"comment": "",
"includes": {},
"excludes": {
"caps": [
"CAP_SYS_ADMIN"
],
"arches": [
"s390",
"s390x"
]
}
},
{
"names": [
"clone"
],
"action": "SCMP_ACT_ALLOW",
"args": [
{
"index": 1,
"value": 2080505856,
"valueTwo": 0,
"op": "SCMP_CMP_MASKED_EQ"
}
],
"comment": "s390 parameter ordering for clone is different",
"includes": {
"arches": [
"s390",
"s390x"
]
},
"excludes": {
"caps": [
"CAP_SYS_ADMIN"
]
}
},
{
"names": [
"reboot"
],
"action": "SCMP_ACT_ALLOW",
"args": [],
"comment": "",
"includes": {
"caps": [
"CAP_SYS_BOOT"
]
},
"excludes": {}
},
{ {
"names": [ "names": [
"chroot" "chroot"
@ -707,7 +637,6 @@
"names": [ "names": [
"get_mempolicy", "get_mempolicy",
"mbind", "mbind",
"name_to_handle_at",
"set_mempolicy" "set_mempolicy"
], ],
"action": "SCMP_ACT_ALLOW", "action": "SCMP_ACT_ALLOW",

View File

@ -61,3 +61,5 @@
"busybox" = "docker.io/library/busybox" "busybox" = "docker.io/library/busybox"
# php # php
"php" = "docker.io/library/php" "php" = "docker.io/library/php"
#python
"python" = "docker.io/library/python"

View File

@ -7,11 +7,16 @@ rm -f /tmp/ver_image /tmp/ver_common /tmp/ver_storage
B=`rhpkg switch-branch | grep ^* | cut -d\ -f2` B=`rhpkg switch-branch | grep ^* | cut -d\ -f2`
echo $B echo $B
for P in podman skopeo buildah; do for P in podman skopeo buildah; do
BRN=`pwd | sed 's,^.*/,,'`
rm -rf $P rm -rf $P
rhpkg clone $P rhpkg clone $P
cd $P cd $P
rhpkg switch-branch $B rhpkg switch-branch $B
rhpkg prep if [ $BRN != stream-container-tools-rhel8 ]; then
rhpkg prep
else
rhpkg --release rhel-8 prep
fi
DIR=`ls -d -- */ | grep -v ^tests | head -n1` DIR=`ls -d -- */ | grep -v ^tests | head -n1`
grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_image grep github.com/containers/image $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_image
grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_common grep github.com/containers/common $DIR/go.mod | cut -d\ -f2 >> /tmp/ver_common

View File

@ -1,3 +1,5 @@
%global _lto_cflags %{nil}
%global with_check 0 %global with_check 0
%global _find_debuginfo_dwz_opts %{nil} %global _find_debuginfo_dwz_opts %{nil}
@ -11,24 +13,24 @@ go build -buildmode pie -compiler gc -tags="rpm_crashtraceback libtrust_openssl
%endif %endif
%global import_path github.com/containers/skopeo %global import_path github.com/containers/skopeo
%global branch release-1.2 %global branch release-1.3
# Bellow definitions are used to deliver config files from a particular branch # Bellow definitions are used to deliver config files from a particular branch
# of c/image, c/common, c/storage vendored in all podman, skopeo, buildah. # of c/image, c/common, c/storage vendored in all podman, skopeo, buildah.
# These vendored components must have the same version. If it is not the case, # These vendored components must have the same version. If it is not the case,
# pick the oldest version on c/image, c/common, c/storage vendored in # pick the oldest version on c/image, c/common, c/storage vendored in
# podman/skopeo/podman. # podman/skopeo/podman.
%global podman_branch v3.0.1-rhel %global podman_branch v3.2
%global image_branch v5.10.5 %global image_branch v5.12.0
%global common_branch v0.33.4 %global common_branch v0.38.12
%global storage_branch v1.24.8 %global storage_branch v1.31.3
%global shortnames_branch main %global shortnames_branch main
%global commit0 e7880c4a8991966f16e367f085d42375ad70197e %global commit0 038f70e6f52ca354534b2d38ce9611b8fc5537c4
%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) %global shortcommit0 %(c=%{commit0}; echo ${c:0:7})
Epoch: 1 Epoch: 1
Name: skopeo Name: skopeo
Version: 1.2.2 Version: 1.3.1
Release: 10%{?dist} Release: 5%{?dist}
Summary: Inspect container images and repositories on registries Summary: Inspect container images and repositories on registries
License: ASL 2.0 License: ASL 2.0
URL: %{git0} URL: %{git0}
@ -47,7 +49,7 @@ Source4: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs
Source5: registries.conf Source5: registries.conf
Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md Source6: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-policy.json.5.md
Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json Source7: https://raw.githubusercontent.com/containers/common/%{common_branch}/pkg/seccomp/seccomp.json
Source8: https://raw.githubusercontent.com/containers/podman/%{podman_branch}/docs/source/markdown/containers-mounts.conf.5.md Source8: https://raw.githubusercontent.com/containers/common/%{common_branch}/docs/containers-mounts.conf.5.md
Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md Source9: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-signature.5.md
Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md Source10: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-transports.5.md
Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md Source11: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-certs.d.5.md
@ -85,7 +87,7 @@ Conflicts: atomic-registries <= 1:1.22.1-1
Obsoletes: docker-rhsubscription <= 2:1.13.1-31 Obsoletes: docker-rhsubscription <= 2:1.13.1-31
Provides: %{name}-containers = %{epoch}:%{version}-%{release} Provides: %{name}-containers = %{epoch}:%{version}-%{release}
Obsoletes: %{name}-containers <= 1:0.1.31-3 Obsoletes: %{name}-containers <= 1:0.1.31-3
Requires: crun Requires: runc
Recommends: fuse-overlayfs Recommends: fuse-overlayfs
Recommends: slirp4netns Recommends: slirp4netns
Suggests: subscription-manager Suggests: subscription-manager
@ -141,7 +143,7 @@ mkdir -p bin
%install %install
make \ make \
DESTDIR=%{buildroot} \ DESTDIR=%{buildroot} \
SIGSTOREDIR=%{buildroot}%{_sharedstatedir}/containers/sigstore \ PREFIX=%{buildroot}%{_prefix} \
install install
install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.d,registries.conf.d} install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,registries.d,registries.conf.d}
install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf
@ -149,6 +151,8 @@ install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf
install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf
install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf
# for containers-common
install -dp %{buildroot}%{_mandir}/man5 install -dp %{buildroot}%{_mandir}/man5
go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5 go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5 go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
@ -239,6 +243,41 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
%{_datadir}/%{name}/test %{_datadir}/%{name}/test
%changelog %changelog
* Tue Jul 27 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-5
- move unqualified-search-registries to [registries.search]
- Related: #1954702
* Thu Jul 15 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-4
- update shortnames from Pyxis
- Related: #1954702
* Wed Jul 07 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-3
- add direct runc dependency to avoid situation when runc is listed
as default runtime but only crun is present in RHEL8
- Related: #1954702
* Mon Jul 05 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-2
- update to the latest content of https://github.com/containers/skopeo/tree/release-1.3
(https://github.com/containers/skopeo/commit/038f70e)
- Related: #1954702
* Thu Jul 01 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.3.1-1
- sync with 8.5.0 branch
- Related: #1954702
* Wed Jun 23 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-13
- put back ubi8/buildah and ubi8/skopeo as it was released in 8.4
(only ubi8/podman was not)
- Related: #1972700
* Tue Jun 22 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-12
- remove all ubi8 references for 8.4 in 002-rhel-shortnames-overrides.conf
- Related: #1972700
* Wed Jun 16 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-11
- update shortnames
- Related: #1972700
* Thu May 13 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-10 * Thu May 13 2021 Jindrich Novy <jnovy@redhat.com> - 1:1.2.2-10
- re-enable release-1.2 branch - re-enable release-1.2 branch
- Related: #1954702 - Related: #1954702