From aaf3a50adb16a5ee7d99ff5ae2bb3a82701cd8bd Mon Sep 17 00:00:00 2001 From: Daniel J Walsh Date: Fri, 1 Mar 2019 06:46:33 -0500 Subject: [PATCH] Add /etc/containers/certs.d to containers-common Update containers-storage.conf man page to match latest upstream Update registries.conf man page to match latest upstream --- containers-storage.conf.5.md | 9 ++--- registries.conf.5.md | 75 ++++++++++++++++++++++-------------- skopeo.spec | 9 ++++- 3 files changed, 57 insertions(+), 36 deletions(-) diff --git a/containers-storage.conf.5.md b/containers-storage.conf.5.md index 7ac3f98..8e80934 100644 --- a/containers-storage.conf.5.md +++ b/containers-storage.conf.5.md @@ -39,8 +39,10 @@ The `storage` table supports the following options: **driver**="" container storage driver (default: "overlay") Default Copy On Write (COW) container storage driver + Valid drivers are "overlay", "vfs", "devmapper", "aufs", "btrfs", and "zfs" + Some drivers (for example, "zfs", "btrfs", and "aufs") may not work if your kernel lacks support for the filesystem -### STORAGE OPTIONS TABLE +### STORAGE OPTIONS TABLE The `storage.options` table supports the following options: @@ -50,11 +52,6 @@ The `storage.options` table supports the following options: **size**="" Maximum size of a container image. This flag can be used to set quota on the size of container images. (default: 10GB) -**override_kernel_check**="" - Tell storage drivers to ignore kernel version checks. Some storage drivers assume that if a kernel is too - old, the driver is not supported. But for kernels that have had the drivers backported, this flag - allows users to override the checks - **mount_program**="" Specifies the path to a custom program to use instead for mounting the file system. diff --git a/registries.conf.5.md b/registries.conf.5.md index 1a7de22..34e3d87 100644 --- a/registries.conf.5.md +++ b/registries.conf.5.md @@ -1,39 +1,56 @@ -% registries.conf(5) Container Registries Configuration File -% Dan Walsh -% March 2018 +% CONTAINERS-REGISTRIES.CONF(5) System-wide registry configuration file +% Brent Baude +% Aug 2017 -## NAME -registries.conf - Syntax of Container Registries configuration file +# NAME +containers-registries.conf - Syntax of System Registry Configuration File -## DESCRIPTION -The REGISTRIES configuration file specifies all of the available container registries for tools using shared container registries, but in a TOML format that can be more easily modified and versioned. `registries.conf` does not support recursive lists of registries. The default location for this configuration file is `/etc/containers/registries.conf`. +# DESCRIPTION +The CONTAINERS-REGISTRIES configuration file is a system-wide configuration +file for container image registries. The file format is TOML. The valid +categories are: 'registries.search', 'registries.insecure', and +'registries.block'. -The only valid categories are: `registries.search`, `registries.insecure`, and `registries.block`. +By default, the configuration file is located at `/etc/containers/registries.conf`. +# FORMAT +The TOML_format is used to build a simple list format for registries under three +categories: `registries.search`, `registries.insecure`, and `registries.block`. +You can list multiple registries using a comma separated list. -## FORMAT -The [TOML format][toml] is used as the encoding of the configuration file. -Every option and subtable listed here is nested under a global "registries" table. -No bare options are used. +Search registries are used when the caller of a container runtime does not fully specify the +container image that they want to execute. These registries are prepended onto the front +of the specified container image until the named image is found at a registry. -## Examples - [registries.search] - registries = ['quay.io', 'docker.io', 'registries.unsafe.com', 'registry.fedoraproject.org', 'registry.access.redhat.com'] +Insecure Registries. By default container runtimes use TLS when retrieving images +from a registry. If the registry is not setup with TLS, then the container runtime +will fail to pull images from the registry. If you add the registry to the list of +insecure registries then the container runtime will attempt use standard web protocols to +pull the image. It also allows you to pull from a registry with self-signed certificates. +Note insecure registries can be used for any registry, not just the registries listed +under search. - # If you need to access insecure registries, add the registry's fully-qualified name. - # An insecure registry is one that does not have a valid SSL certificate or only does HTTP. - [registries.insecure] - registries = ['registries.unsafe.com'] +Block Registries. The registries in this category are are not pulled from when +retrieving images. - # If you need to block push access from a registry, uncomment the section below - # and add the registries fully-qualified name. - # - # Docker only - [registries.block] - registries = [] +# EXAMPLE +The following example configuration defines two searchable registries, one +insecure registry, and two blocked registries. -## Files -/etc/conainers/registries.conf +``` +[registries.search] +registries = ['registry1.com', 'registry2.com'] -## HISTORY -March 2018, Originally compiled by Dan Walsh +[registries.insecure] +registries = ['registry3.com'] + +[registries.block] +registries = ['registry.untrusted.com', 'registry.unsafe.com'] +``` + +# HISTORY +Aug 2018, Renamed to containers-registries.conf(5) by Valentin Rothberg + +Jun 2018, Updated by Tom Sweeney + +Aug 2017, Originally compiled by Brent Baude diff --git a/skopeo.spec b/skopeo.spec index 44c26ab..a6e607a 100644 --- a/skopeo.spec +++ b/skopeo.spec @@ -38,7 +38,7 @@ Epoch: 1 Epoch: 0 %endif Version: 0.1.35 -Release: 12.dev.git%{shortcommit0}%{?dist} +Release: 13.dev.git%{shortcommit0}%{?dist} Summary: Inspect Docker images and repositories on registries License: ASL 2.0 URL: %{git0} @@ -285,6 +285,7 @@ mkdir -p %{buildroot}%{_mandir}/man5 go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5 go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/registries.conf.5 install -p -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/ +mkdir -p %{buildroot}%{_sysconfdir}/containers/certs.d go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/policy.json.5 mkdir -p %{buildroot}%{_datadir}/containers @@ -356,6 +357,7 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %files -n containers-common %dir %{_sysconfdir}/containers +%dir %{_sysconfdir}/containers/certs.d %dir %{_sysconfdir}/containers/registries.d %config(noreplace) %{_sysconfdir}/containers/policy.json %config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml @@ -381,6 +383,11 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} %{_datadir}/bash-completion/completions/%{name} %changelog +* Fri Mar 1 2019 Dan Walsh - 1:0.1.35-13.dev.git932b037 +- Add /etc/containers/certs.d to containers-common +- Update containers-storage.conf man page to match latest upstream +- Update registries.conf man page to match latest upstream + * Sat Feb 23 2019 Lokesh Mandvekar (Bot) - 1:0.1.35-12.dev.git932b037 - autobuilt 932b037