From 7d97891f7c08acfccee64ab4edf4eb1b0df38fab9f7d9ceac90f3e792301e12a Mon Sep 17 00:00:00 2001 From: Dominique Leuenberger Date: Thu, 30 Jul 2020 07:58:12 +0000 Subject: [PATCH] Accepting request 823346 from devel:kubic OBS-URL: https://build.opensuse.org/request/show/823346 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/libcontainers-common?expand=0&rev=26 --- _service | 24 +- common-0.14.6.tar.xz | 3 + containers.conf | 438 +++++++++++++++++++++++++++++++++++ image-5.4.4.tar.xz | 3 - image-5.5.1.tar.xz | 3 + libcontainers-common.changes | 18 ++ libcontainers-common.spec | 39 ++-- libpod-1.9.3.tar.xz | 3 - podman-2.0.3.tar.xz | 3 + storage-1.19.1.tar.xz | 3 - storage-1.20.2.tar.xz | 3 + 11 files changed, 510 insertions(+), 30 deletions(-) create mode 100644 common-0.14.6.tar.xz create mode 100644 containers.conf delete mode 100644 image-5.4.4.tar.xz create mode 100644 image-5.5.1.tar.xz delete mode 100644 libpod-1.9.3.tar.xz create mode 100644 podman-2.0.3.tar.xz delete mode 100644 storage-1.19.1.tar.xz create mode 100644 storage-1.20.2.tar.xz diff --git a/_service b/_service index 6cc67bc..5084e90 100644 --- a/_service +++ b/_service @@ -4,24 +4,32 @@ https://github.com/containers/storage.git git storage -1.19.1 -v1.19.1 +1.20.2 +v1.20.2 https://github.com/containers/image.git git image -5.4.4 -v5.4.4 +5.5.1 +v5.5.1 -https://github.com/containers/libpod.git +https://github.com/containers/podman.git git -libpod -1.9.3 -v1.9.3 +podman +2.0.3 +v2.0.3 + + + +https://github.com/containers/common.git +git +common +0.14.6 +v0.14.6 diff --git a/common-0.14.6.tar.xz b/common-0.14.6.tar.xz new file mode 100644 index 0000000..351a4f9 --- /dev/null +++ b/common-0.14.6.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:0e9111b89df5325547c3014d17eeadf9be2f4e69c1c69f0605ad502960438e83 +size 2194176 diff --git a/containers.conf b/containers.conf new file mode 100644 index 0000000..53c7d26 --- /dev/null +++ b/containers.conf @@ -0,0 +1,438 @@ +# The containers configuration file specifies all of the available configuration +# command-line options/flags for container engine tools like Podman & Buildah, +# but in a TOML format that can be easily modified and versioned. + +# Please refer to containers.conf(5) for details of all configuration options. +# Not all container engines implement all of the options. +# All of the options have hard coded defaults and these options will override +# the built in defaults. Users can then override these options via the command +# line. Container engines will read containers.conf files in up to three +# locations in the following order: +# 1. /usr/share/containers/containers.conf +# 2. /etc/containers/containers.conf +# 3. $HOME/.config/containers/containers.conf (Rootless containers ONLY) +# Items specified in the latter containers.conf, if they exist, override the +# previous containers.conf settings, or the default settings. + +[containers] + +# List of devices. Specified as +# "::", for example: +# "/dev/sdc:/dev/xvdc:rwm". +# If it is empty or commented out, only the default devices will be used +# +# devices = [] + +# List of volumes. Specified as +# "::", for example: +# "/db:/var/lib/db:ro". +# If it is empty or commented out, no volumes will be added +# +# volumes = [] + +# Used to change the name of the default AppArmor profile of container engine. +# +# apparmor_profile = "container-default" + +# List of annotation. Specified as +# "key=value" +# If it is empty or commented out, no annotations will be added +# +# annotations = [] + +# Default way to to create a cgroup namespace for the container +# Options are: +# `private` Create private Cgroup Namespace for the container. +# `host` Share host Cgroup Namespace with the container. +# +# cgroupns = "private" + +# Control container cgroup configuration +# Determines whether the container will create CGroups. +# Options are: +# `enabled` Enable cgroup support within container +# `disabled` Disable cgroup support, will inherit cgroups from parent +# `no-conmon` Container engine runs run without conmon +# +# cgroups = "enabled" + +# List of default capabilities for containers. If it is empty or commented out, +# the default capabilities defined in the container engine will be added. +# +# default_capabilities = [ +# "AUDIT_WRITE", +# "CHOWN", +# "DAC_OVERRIDE", +# "FOWNER", +# "FSETID", +# "KILL", +# "MKNOD", +# "NET_BIND_SERVICE", +# "NET_RAW", +# "SETGID", +# "SETPCAP", +# "SETUID", +# "SYS_CHROOT", +# ] + +# A list of sysctls to be set in containers by default, +# specified as "name=value", +# for example:"net.ipv4.ping_group_range = 0 1000". +# +# default_sysctls = [ +# "net.ipv4.ping_group_range=0 1000", +# ] + +# A list of ulimits to be set in containers by default, specified as +# "=:", for example: +# "nofile=1024:2048" +# See setrlimit(2) for a list of resource names. +# Any limit not specified here will be inherited from the process launching the +# container engine. +# Ulimits has limits for non privileged container engines. +# +# default_ulimits = [ +# "nofile"="1280:2560", +# ] + +# List of default DNS options to be added to /etc/resolv.conf inside of the container. +# +# dns_options = [] + +# List of default DNS search domains to be added to /etc/resolv.conf inside of the container. +# +# dns_searches = [] + +# Set default DNS servers. +# This option can be used to override the DNS configuration passed to the +# container. The special value "none" can be specified to disable creation of +# /etc/resolv.conf in the container. +# The /etc/resolv.conf file in the image will be used without changes. +# +# dns_servers = [] + +# Environment variable list for the conmon process; used for passing necessary +# environment variables to conmon or the runtime. +# +# env = [ +# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", +# ] + +# Pass all host environment variables into the container. +# +# env_host = false + +# Path to OCI hooks directories for automatically executed hooks. +# +# hooks_dir = [ +# "/usr/share/containers/oci/hooks.d", +# ] + +# Default proxy environment variables passed into the container. +# The environment variables passed in include: +# http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of +# these. This option is needed when host system uses a proxy but container +# should not use proxy. Proxy environment variables specified for the container +# in any other way will override the values passed from the host. +# +# http_proxy = true + +# Run an init inside the container that forwards signals and reaps processes. +# +# init = false + +# Container init binary, if init=true, this is the init binary to be used for containers. +# +init_path = "/usr/bin/catatonit" + +# Default way to to create an IPC namespace (POSIX SysV IPC) for the container +# Options are: +# `private` Create private IPC Namespace for the container. +# `host` Share host IPC Namespace with the container. +# +# ipcns = "private" + +# Flag tells container engine to whether to use container separation using +# MAC(SELinux)labeling or not. +# Flag is ignored on label disabled systems. +# +# label = true + +# Logging driver for the container. Available options: k8s-file and journald. +# +# log_driver = "k8s-file" + +# Maximum size allowed for the container log file. Negative numbers indicate +# that no size limit is imposed. If positive, it must be >= 8192 to match or +# exceed conmon's read buffer. The file is truncated and re-opened so the +# limit is never exceeded. +# +# log_size_max = -1 + +# Default way to to create a Network namespace for the container +# Options are: +# `private` Create private Network Namespace for the container. +# `host` Share host Network Namespace with the container. +# `none` Containers do not use the network +# +# netns = "private" + +# Create /etc/hosts for the container. By default, container engine manage +# /etc/hosts, automatically adding the container's own IP address. +# +# no_hosts = false + +# Maximum number of processes allowed in a container. +# +# pids_limit = 2048 + +# Default way to to create a PID namespace for the container +# Options are: +# `private` Create private PID Namespace for the container. +# `host` Share host PID Namespace with the container. +# +# pidns = "private" + +# Path to the seccomp.json profile which is used as the default seccomp profile +# for the runtime. +# +# seccomp_profile = "/usr/share/containers/seccomp.json" + +# Size of /dev/shm. Specified as . +# Unit is optional, values: +# b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). +# If the unit is omitted, the system uses bytes. +# +# shm_size = "65536k" + +# Set timezone in container. Takes IANA timezones as well as "local", +# which sets the timezone in the container to match the host machine. +# +# tz = "" + +# Set umask inside the container +# +# umask="0022" + +# Default way to to create a UTS namespace for the container +# Options are: +# `private` Create private UTS Namespace for the container. +# `host` Share host UTS Namespace with the container. +# +# utsns = "private" + +# Default way to to create a User namespace for the container +# Options are: +# `auto` Create unique User Namespace for the container. +# `host` Share host User Namespace with the container. +# +# userns = "host" + +# Number of UIDs to allocate for the automatic container creation. +# UIDs are allocated from the "container" UIDs listed in +# /etc/subuid & /etc/subgid +# +# userns_size=65536 + +# The network table contains settings pertaining to the management of +# CNI plugins. + +[network] + +# Path to directory where CNI plugin binaries are located. +# +cni_plugin_dirs = ["/usr/lib/cni"] + +# Path to the directory where CNI configuration files are located. +# +# network_config_dir = "/etc/cni/net.d/" + +[engine] + +# Cgroup management implementation used for the runtime. +# Valid options "systemd" or "cgroupfs" +# +# cgroup_manager = "systemd" + +# Environment variables to pass into conmon +# +# conmon_env_vars = [ +# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" +# ] + +# Paths to look for the conmon container manager binary +# +# conmon_path = [ +# "/usr/libexec/podman/conmon", +# "/usr/local/libexec/podman/conmon", +# "/usr/local/lib/podman/conmon", +# "/usr/bin/conmon", +# "/usr/sbin/conmon", +# "/usr/local/bin/conmon", +# "/usr/local/sbin/conmon" +# ] + +# Specify the keys sequence used to detach a container. +# Format is a single character [a-Z] or a comma separated sequence of +# `ctrl-`, where `` is one of: +# `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_` +# +# detach_keys = "ctrl-p,ctrl-q" + +# Determines whether engine will reserve ports on the host when they are +# forwarded to containers. When enabled, when ports are forwarded to containers, +# ports are held open by as long as the container is running, ensuring that +# they cannot be reused by other programs on the host. However, this can cause +# significant memory usage if a container has many ports forwarded to it. +# Disabling this can save memory. +# +# enable_port_reservation = true + +# Environment variables to be used when running the container engine (e.g., Podman, Buildah). +# For example "http_proxy=internal.proxy.company.com". +# Note these environment variables will not be used within the container. +# Set the env section under [containers] table, if you want to set environment variables for the container. +# env = [] + +# Selects which logging mechanism to use for container engine events. +# Valid values are `journald`, `file` and `none`. +# +# events_logger = "journald" + +# Default transport method for pulling and pushing for images +# +# image_default_transport = "docker://" + +# Default command to run the infra container +# +# infra_command = "/pause" + +# Infra (pause) container image name for pod infra containers. When running a +# pod, we start a `pause` process in a container to hold open the namespaces +# associated with the pod. This container does nothing other then sleep, +# reserving the pods resources for the lifetime of the pod. +# +# infra_image = "k8s.gcr.io/pause:3.2" + +# Specify the locking mechanism to use; valid values are "shm" and "file". +# Change the default only if you are sure of what you are doing, in general +# "file" is useful only on platforms where cgo is not available for using the +# faster "shm" lock type. You may need to run "podman system renumber" after +# you change the lock type. +# +# lock_type** = "shm" + +# Default engine namespace +# If engine is joined to a namespace, it will see only containers and pods +# that were created in the same namespace, and will create new containers and +# pods in that namespace. +# The default namespace is "", which corresponds to no namespace. When no +# namespace is set, all containers and pods are visible. +# +# namespace = "" + +# Whether to use chroot instead of pivot_root in the runtime +# +# no_pivot_root = false + +# Number of locks available for containers and pods. +# If this is changed, a lock renumber must be performed (e.g. with the +# 'podman system renumber' command). +# +# num_locks = 2048 + +# Whether to pull new image before running a container +# pull_policy = "missing" + +# Directory for persistent engine files (database, etc) +# By default, this will be configured relative to where the containers/storage +# stores containers +# Uncomment to change location from this default +# +# static_dir = "/var/lib/containers/storage/libpod" + +# Directory for temporary files. Must be tmpfs (wiped after reboot) +# +# tmp_dir = "/var/run/libpod" + +# Directory for libpod named volumes. +# By default, this will be configured relative to where containers/storage +# stores containers. +# Uncomment to change location from this default. +# +# volume_path = "/var/lib/containers/storage/volumes" + +# Default OCI runtime +# +# runtime = "runc" + +# List of the OCI runtimes that support --format=json. When json is supported +# engine will use it for reporting nicer errors. +# +# runtime_supports_json = ["crun", "runc", "kata"] + +# List of the OCI runtimes that supports running containers without cgroups. +# +# runtime_supports_nocgroups = ["crun"] + +# List of the OCI runtimes that supports running containers with KVM Separation. +# +# runtime_supports_kvm = ["kata"] + +# Number of seconds to wait for container to exit before sending kill signal. +# stop_timeout = 10 + +# Index to the active service +# active_service = production + +# map of service destinations +# [service_destinations] +# [service_destinations.production] +# URI to access the Podman service +# Examples: +# rootless "unix://run/user/$UID/podman/podman.sock" (Default) +# rootfull "unix://run/podman/podman.sock (Default) +# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock +# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock +# uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock" +# Path to file containing ssh identity key +# identity = "~/.ssh/id_rsa" + +# Paths to look for a valid OCI runtime (runc, runv, kata, etc) +[engine.runtimes] +# runc = [ +# "/usr/bin/runc", +# "/usr/sbin/runc", +# "/usr/local/bin/runc", +# "/usr/local/sbin/runc", +# "/sbin/runc", +# "/bin/runc", +# "/usr/lib/cri-o-runc/sbin/runc", +# ] + +# crun = [ +# "/usr/bin/crun", +# "/usr/sbin/crun", +# "/usr/local/bin/crun", +# "/usr/local/sbin/crun", +# "/sbin/crun", +# "/bin/crun", +# "/run/current-system/sw/bin/crun", +# ] + +# kata = [ +# "/usr/bin/kata-runtime", +# "/usr/sbin/kata-runtime", +# "/usr/local/bin/kata-runtime", +# "/usr/local/sbin/kata-runtime", +# "/sbin/kata-runtime", +# "/bin/kata-runtime", +# "/usr/bin/kata-qemu", +# "/usr/bin/kata-fc", +# ] + +# The [engine.runtimes] table MUST be the last entry in this file. +# (Unless another table is added) +# TOML does not provide a way to end a table other than a further table being +# defined, so every key hereafter will be part of [runtimes] and not the main +# config. diff --git a/image-5.4.4.tar.xz b/image-5.4.4.tar.xz deleted file mode 100644 index 0e36804..0000000 --- a/image-5.4.4.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:725415ff2b8e8ce6b24c22be50f16ac11ee03826508d22bcc0e1fb86f757cf77 -size 302968 diff --git a/image-5.5.1.tar.xz b/image-5.5.1.tar.xz new file mode 100644 index 0000000..d3f2538 --- /dev/null +++ b/image-5.5.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e4fedb64bd9196c0526b3d69de2113aaeb66a10680b21b22bbc5369224a2d312 +size 305952 diff --git a/libcontainers-common.changes b/libcontainers-common.changes index d36bf26..2e7027d 100644 --- a/libcontainers-common.changes +++ b/libcontainers-common.changes @@ -1,3 +1,21 @@ +------------------------------------------------------------------- +Tue Jul 28 13:22:02 UTC 2020 - Ralf Haferkamp + +- Added containers/common tarball for containers.conf(5) man page +- Install containers.conf default configuration in + /usr/share/containers +- libpod repository on github got renamed to podman +- Update to image 5.5.1 + - Add documentation for credHelpera + - Add defaults for using the rootless policy path +- Update libpod/podman to 2.0.3 + - docs: user namespace can't be shared in pods + - Switch references from libpod.conf to containers.conf + - Allow empty host port in --publish flag + - update document login see config.json as valid +- Update storage to 1.20.2 + - Add back skip_mount_home + ------------------------------------------------------------------- Fri Jun 19 09:57:44 UTC 2020 - Ralf Haferkamp diff --git a/libcontainers-common.spec b/libcontainers-common.spec index a7eecb0..0d14cce 100644 --- a/libcontainers-common.spec +++ b/libcontainers-common.spec @@ -15,17 +15,20 @@ # Please submit bugfixes or comments via https://bugs.opensuse.org/ # -# libpodver - version from containers/libpod -%define libpodver 1.9.3 +# commonver - version from containers/common +%define commonver 0.14.6 + +# podman - version from containers/podman +%define podmanver 2.0.3 # storagever - version from containers/storage -%define storagever 1.19.1 +%define storagever 1.20.2 # imagever - version from containers/image -%define imagever 5.4.4 +%define imagever 5.5.1 Name: libcontainers-common -Version: 20200603 +Version: 20200727 Release: 0 Summary: Configuration files common to github.com/containers License: Apache-2.0 and GPL-3.0+ @@ -38,8 +41,10 @@ Source3: policy.json Source4: storage.conf Source5: mounts.conf Source6: registries.conf -Source7: libpod-%{libpodver}.tar.xz +Source7: podman-%{podmanver}.tar.xz Source8: default.yaml +Source9: common-%{commonver}.tar.xz +Source10: containers.conf BuildRequires: go-go-md2man Provides: libcontainers-image Provides: libcontainers-storage @@ -56,7 +61,8 @@ github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo. %prep %setup -q -T -D -b 0 -n image-%{imagever} %setup -q -T -D -b 1 -n storage-%{storagever} -%setup -q -T -D -b 7 -n libpod-%{libpodver} +%setup -q -T -D -b 7 -n podman-%{podmanver} +%setup -q -T -D -b 9 -n common-%{commonver} # copy the LICENSE file in the build root cd .. cp %{SOURCE2} . @@ -82,12 +88,16 @@ done rename '.5.md' '.5' docs/* rename '.md' '.1' docs/* cd .. -# compile subset of containers/libpod manpages -cd libpod-%{libpodver} +# compile subset of containers/podman manpages +cd podman-%{podmanver} go-md2man -in docs/source/markdown/containers-mounts.conf.5.md -out docs/source/markdown/containers-mounts.conf.5 go-md2man -in pkg/hooks/docs/oci-hooks.5.md -out pkg/hooks/docs/oci-hooks.5 cd .. +cd common-%{commonver} +make docs +cd .. + %install cd .. install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers @@ -101,8 +111,9 @@ install -D -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/containers/mounts.conf install -D -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/containers/mounts.conf install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/containers/registries.conf install -D -m 0644 %{SOURCE8} %{buildroot}/%{_sysconfdir}/containers/registries.d/default.yaml -install -D -m 0644 libpod-%{libpodver}/seccomp.json %{buildroot}/%{_datadir}/containers/seccomp.json -install -D -m 0644 libpod-%{libpodver}/seccomp.json %{buildroot}/%{_sysconfdir}/containers/seccomp.json +install -D -m 0644 %{SOURCE10} %{buildroot}/%{_datadir}/containers/containers.conf +install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_datadir}/containers/seccomp.json +install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_sysconfdir}/containers/seccomp.json install -d %{buildroot}/%{_mandir}/man1 install -d %{buildroot}/%{_mandir}/man5 @@ -110,8 +121,9 @@ install -D -m 0644 image-%{imagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/ install -D -m 0644 image-%{imagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/ install -D -m 0644 storage-%{storagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/ install -D -m 0644 storage-%{storagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/ -install -D -m 0644 libpod-%{libpodver}/pkg/hooks/docs/oci-hooks.5 %{buildroot}/%{_mandir}/man5/ -install -D -m 0644 libpod-%{libpodver}/docs/source/markdown/containers-mounts.conf.5 %{buildroot}/%{_mandir}/man5/ +install -D -m 0644 podman-%{podmanver}/pkg/hooks/docs/oci-hooks.5 %{buildroot}/%{_mandir}/man5/ +install -D -m 0644 podman-%{podmanver}/docs/source/markdown/containers-mounts.conf.5 %{buildroot}/%{_mandir}/man5/ +install -D -m 0644 common-%{commonver}/docs/containers.conf.5 %{buildroot}/%{_mandir}/man5/ %post # If installing, check if /var/lib/containers (or /var/lib in its defect) is btrfs and set driver @@ -140,6 +152,7 @@ fi %config(noreplace) %{_sysconfdir}/containers/seccomp.json %config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml %{_datadir}/containers/seccomp.json +%{_datadir}/containers/containers.conf %{_mandir}/man1/*.1%{?ext_man} %{_mandir}/man5/*.5%{?ext_man} diff --git a/libpod-1.9.3.tar.xz b/libpod-1.9.3.tar.xz deleted file mode 100644 index e146767..0000000 --- a/libpod-1.9.3.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:040c48a18116eeae239dee548ca977f49fe5ce89663f39d5b720a918c0495a8e -size 5085100 diff --git a/podman-2.0.3.tar.xz b/podman-2.0.3.tar.xz new file mode 100644 index 0000000..a53ab5e --- /dev/null +++ b/podman-2.0.3.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:306e5d273a6b3d298bc921d1c71a7bcadc07f304c63264c57339b85197db4326 +size 5352032 diff --git a/storage-1.19.1.tar.xz b/storage-1.19.1.tar.xz deleted file mode 100644 index ca6c874..0000000 --- a/storage-1.19.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:8770d1183c94cca77c5f14f17528c619d9d0c0588bf2eb388163f00b613c0f63 -size 1550304 diff --git a/storage-1.20.2.tar.xz b/storage-1.20.2.tar.xz new file mode 100644 index 0000000..cb2f7e5 --- /dev/null +++ b/storage-1.20.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:e58d95f7fa0c3de2af79065e238865f40a44e43809f4f63a36997db740c56e7a +size 1564396