diff --git a/common/.packit.yaml b/.packit.yaml similarity index 86% rename from common/.packit.yaml rename to .packit.yaml index 655b0db020..abc5d202b0 100644 --- a/common/.packit.yaml +++ b/.packit.yaml @@ -2,23 +2,20 @@ # See the documentation for more information: # https://packit.dev/docs/configuration/ -upstream_tag_template: v{version} +upstream_tag_template: common/v{version} packages: containers-common-fedora: downstream_package_name: containers-common pkg_tool: fedpkg - specfile_path: rpm/containers-common.spec + specfile_path: common/rpm/containers-common.spec containers-common-centos: downstream_package_name: containers-common pkg_tool: centpkg - specfile_path: rpm/containers-common.spec + specfile_path: common/rpm/containers-common.spec containers-common-eln: downstream_package_name: containers-common - specfile_path: rpm/containers-common.spec - -actions: - pre-sync: "bash rpm/update-lib-versions.sh" + specfile_path: common/rpm/containers-common.spec jobs: - job: copr_build @@ -26,7 +23,7 @@ jobs: packages: [containers-common-fedora] notifications: &ephemeral_build_failure_notification failure_comment: - message: "Ephemeral COPR build failed. @containers/packit-build please check." + message: "Packit jobs failed. @containers/packit-build please check." enable_net: true targets: - fedora-all @@ -71,11 +68,13 @@ jobs: dist_git_branches: &fedora_targets - fedora-all + # Ignore CentOS Stream for now - job: propose_downstream - trigger: release + trigger: ignore packages: [containers-common-centos] dist_git_branches: - c10s + - c9s # Fedora Koji build - job: koji_build diff --git a/common/rpm/containers-common.spec b/common/rpm/containers-common.spec index 112cbaa620..d478ab7dee 100644 --- a/common/rpm/containers-common.spec +++ b/common/rpm/containers-common.spec @@ -1,19 +1,5 @@ -# Below definitions are used to deliver config files from a particular branch -# of c/image, c/storage and c/shortnames vendored in all of Buildah, Podman and Skopeo. -# These vendored components must have the same version. If it is not the case, -# pick the oldest version on c/image, c/storage and c/shortnames vendored in -# Buildah/Podman/Skopeo. - -# Packit will automatically update the image and storage versions on Fedora and -# CentOS Stream dist-git PRs. -%global image_branch main -%global storage_branch main -%global shortnames_branch main - %global project containers -%global repo common - -%global raw_github_url https://raw.githubusercontent.com/%{project} +%global repo container-libs %if %{defined copr_username} %define copr_build 1 @@ -35,7 +21,7 @@ Epoch: 5 %endif # DO NOT TOUCH the Version string! # The TRUE source of this specfile is: -# https://github.com/containers/common/blob/main/rpm/containers-common.spec +# https://github.com/containers/container-libs/blob/main/common/rpm/containers-common.spec # If that's what you're reading, Version must be 0, and will be updated by Packit for # copr and koji builds. # If you're reading this on dist-git, the version is automatically filled in by Packit. @@ -57,25 +43,12 @@ Requires: (fuse-overlayfs if fedora-release-identity-server) Suggests: fuse-overlayfs %endif URL: https://github.com/%{project}/%{repo} -Source0: %{url}/archive/v%{version_no_tilde}.tar.gz -Source1: %{raw_github_url}/image/%{image_branch}/docs/containers-auth.json.5.md -Source2: %{raw_github_url}/image/%{image_branch}/docs/containers-certs.d.5.md -Source3: %{raw_github_url}/image/%{image_branch}/docs/containers-policy.json.5.md -Source4: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.conf.5.md -Source5: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.conf.d.5.md -Source6: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.d.5.md -Source7: %{raw_github_url}/image/%{image_branch}/docs/containers-signature.5.md -Source8: %{raw_github_url}/image/%{image_branch}/docs/containers-transports.5.md -Source9: %{raw_github_url}/storage/%{storage_branch}/docs/containers-storage.conf.5.md -Source10: %{raw_github_url}/shortnames/%{shortnames_branch}/shortnames.conf -Source11: %{raw_github_url}/image/%{image_branch}/default.yaml -Source12: %{raw_github_url}/image/%{image_branch}/default-policy.json -Source13: %{raw_github_url}/image/%{image_branch}/registries.conf -Source14: %{raw_github_url}/storage/%{storage_branch}/storage.conf +Source0: %{url}/archive/refs/tags/common/v%{version}.tar.gz +Source1: https://raw.githubusercontent.com/containers/shortnames/refs/heads/main/shortnames.conf # Fetch RPM-GPG-KEY-redhat-release from the authoritative source instead of storing # a copy in repo or dist-git. Depending on distribution-gpg-keys rpm is also # not an option because that package doesn't exist on CentOS Stream. -Source15: https://access.redhat.com/security/data/fd431d51.txt +Source2: https://access.redhat.com/security/data/fd431d51.txt %description This package contains common configuration files and documentation for container @@ -109,34 +82,16 @@ This subpackage will handle dependencies common to Podman and Buildah which are not required by Skopeo. %prep -%autosetup -Sgit -n %{repo}-%{version_no_tilde} - -# Copy manpages to docs subdir in builddir to build before installing. -cp %{SOURCE1} docs/. -cp %{SOURCE2} docs/. -cp %{SOURCE3} docs/. -cp %{SOURCE4} docs/. -cp %{SOURCE5} docs/. -cp %{SOURCE6} docs/. -cp %{SOURCE7} docs/. -cp %{SOURCE8} docs/. -cp %{SOURCE9} docs/. - -# Copy config files to builddir to patch them before installing. -# Currently, only registries.conf and storage.conf files are patched before -# installing. -cp %{SOURCE10} shortnames.conf -cp %{SOURCE13} registries.conf -cp %{SOURCE14} storage.conf +%autosetup -Sgit -n %{repo}-common-v%{version} # Fine-grain distro- and release-specific tuning of config files, # e.g., seccomp, composefs, registries on different RHEL/Fedora versions -bash rpm/update-config-files.sh +bash common/rpm/update-config-files.sh %build mkdir -p man5 -for i in docs/*.5.md; do - go-md2man -in $i -out man5/$(basename $i .md) +for i in common/docs/*.5.md image/docs/*.5.md storage/docs/*.5.md; do + go-md2man -in $i -out man5/$(basename $i .md) done %install @@ -150,32 +105,31 @@ touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-images/images.lock install -dp -m 700 %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers/layers.lock -install -Dp -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf -install -Dp -m0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml -install -Dp -m0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/containers/policy.json -install -Dp -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf -install -Dp -m0644 storage.conf %{buildroot}%{_datadir}/containers/storage.conf +install -Dp -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf +install -Dp -m0644 image/default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml +install -Dp -m0644 image/default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json +install -Dp -m0644 image/registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf +install -Dp -m0644 storage/storage.conf %{buildroot}%{_datadir}/containers/storage.conf # RPM-GPG-KEY-redhat-release already exists on rhel envs, install only on # fedora and centos %if %{defined fedora} || %{defined centos} -install -Dp -m0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release +install -Dp -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release %endif -install -Dp -m0644 contrib/redhat/registry.access.redhat.com.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d -install -Dp -m0644 contrib/redhat/registry.redhat.io.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d +install -Dp -m0644 common/contrib/redhat/registry.access.redhat.com.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d +install -Dp -m0644 common/contrib/redhat/registry.redhat.io.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d # install manpages -install -dp %{buildroot}%{_mandir}/man5 for i in man5/*.5; do - install -Dp -m0644 $i -t %{buildroot}%{_mandir}/man5 + install -Dp -m0644 $i -t %{buildroot}%{_mandir}/man5 done ln -s containerignore.5 %{buildroot}%{_mandir}/man5/.containerignore.5 # install config files for mounts, containers and seccomp -install -m0644 pkg/subscriptions/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf -install -m0644 pkg/seccomp/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json -install -m0644 pkg/config/containers.conf %{buildroot}%{_datadir}/containers/containers.conf +install -m0644 common/pkg/subscriptions/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf +install -m0644 common/pkg/seccomp/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json +install -m0644 common/pkg/config/containers.conf %{buildroot}%{_datadir}/containers/containers.conf # install secrets patch directory install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets diff --git a/common/rpm/update-config-files.sh b/common/rpm/update-config-files.sh index 24127b5991..f2dfd5794e 100755 --- a/common/rpm/update-config-files.sh +++ b/common/rpm/update-config-files.sh @@ -5,45 +5,45 @@ set -exo pipefail ensure() { - if [[ ! -f $1 ]]; then - echo "File not found:" $1 + if [[ ! -f "$1" ]]; then + echo "File not found:" "$1" exit 1 fi - if grep ^$2[[:blank:]].*= $1 > /dev/null + if grep "^$2[[:blank:]].*=" "$1" > /dev/null then - sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" $1 + sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" "$1" else - if grep ^\#.*$2[[:blank:]].*= $1 > /dev/null + if grep "^\#.*$2[[:blank:]].*=" "$1" > /dev/null then sed -i "/^#.*$2[[:blank:]].*=/a \ -$2 = $3" $1 +$2 = $3" "$1" else - echo "$2 = $3" >> $1 + echo "$2 = $3" >> "$1" fi fi } # Common options enabled across all fedora, centos, rhel # TBD: Can these be enabled by default upstream? -ensure registries.conf short-name-mode \"enforcing\" +ensure image/registries.conf short-name-mode \"enforcing\" -ensure storage.conf driver \"overlay\" -ensure storage.conf mountopt \"nodev,metacopy=on\" +ensure storage/storage.conf driver \"overlay\" +ensure storage/storage.conf mountopt \"nodev,metacopy=on\" -ensure pkg/config/containers.conf runtime \"crun\" -ensure pkg/config/containers.conf log_driver \"journald\" +ensure common/pkg/config/containers.conf runtime \"crun\" +ensure common/pkg/config/containers.conf log_driver \"journald\" FEDORA=$(rpm --eval '%{?fedora}') RHEL=$(rpm --eval '%{?rhel}') # Set search registries if [[ -n "$FEDORA" ]]; then - ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"docker.io\"] + ensure image/registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"docker.io\"] else - ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"] + ensure image/registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"] fi # Set these on all Fedora and RHEL 10+ if [[ -n "$FEDORA" ]] || [[ "$RHEL" -ge 10 ]]; then - sed -i -e '/^additionalimagestores\ =\ \[/a "\/usr\/lib\/containers\/storage",' storage.conf + sed -i -e '/^additionalimagestores\ =\ \[/a "\/usr\/lib\/containers\/storage",' storage/storage.conf fi diff --git a/common/rpm/update-lib-versions.sh b/common/rpm/update-lib-versions.sh deleted file mode 100644 index 60f35a8d85..0000000000 --- a/common/rpm/update-lib-versions.sh +++ /dev/null @@ -1,13 +0,0 @@ -#!/usr/bin/env bash - -set -exo pipefail - -SPECFILE=rpm/containers-common.spec - -# Fetch versions from go.mod -IMAGE_VERSION=$(awk '/github.com\/containers\/image/ {print $2}' go.mod) -STORAGE_VERSION=$(awk '/github.com\/containers\/storage/ {print $2}' go.mod) - -# Update versions in rpm spec -sed -i "s/^%global image_branch main/%global image_branch $IMAGE_VERSION/" $SPECFILE -sed -i "s/^%global storage_branch main/%global storage_branch $STORAGE_VERSION/" $SPECFILE