microsoft
/
CBL-Mariner
зеркало из https://github.com/microsoft/CBL-Mariner.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

[dev] Enable cri-o in Mariner (#1313) 

* save current changes

* save more changes

* wrap implementation

* cri-o implementation

* take out cni PR contents

* revert cni PR changes

* add license and manifest info

* fix typo in manifest

* fix licensing and manifest issue

* fix conmon spec naming issue

* fix license map

* fix linting

* resolve PR comments

* fix LICENSE-MAP

Co-authored-by: Henry Li <lihl@microsoft.com>
This commit is contained in:
Henry Li 2021-08-26 10:33:17 -07:00 коммит произвёл GitHub
Родитель f21e8f1518
Коммит 439e13cf51
Не найден ключ, соответствующий данной подписи
Идентификатор ключа GPG: 4AEE18F83AFDEB23
21 изменённых файлов: 4099 добавлений и 3 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

4
SPECS/LICENSES-AND-NOTICES/LICENSES-MAP.md
Просмотреть файл

Различия файлов скрыты, потому что одна или несколько строк слишком длинны

5
SPECS/LICENSES-AND-NOTICES/data/licenses.json
Просмотреть файл

@ -28,6 +28,7 @@
"collectd", "collectd",
"colm", "colm",
"conda", "conda",
"conmon",
"conntrack-tools", "conntrack-tools",
"cpprest", "cpprest",
"cryptsetup", "cryptsetup",
@ -290,11 +291,13 @@
"bazel-workspaces", "bazel-workspaces",
"boringssl", "boringssl",
"cni", "cni",
"cri-o",
"envoy", "envoy",
"fillup", "fillup",
"golang-packaging", "golang-packaging",
"jna", "jna",
"kured" "kured",
"libcontainers-common"
] ]
}, },
{ {

5
SPECS/conmon/conmon.signatures.json Normal file
Просмотреть файл

@ -0,0 +1,5 @@
{
"Signatures": {
"conmon-2.0.29.tar.gz": "eb4d5e157671a61b88786e44094775194e30e1d0ad0b9d50035532ece78dbc28"
}
}

395
SPECS/conmon/conmon.spec Normal file
Просмотреть файл

@ -0,0 +1,395 @@
%global with_debug 1
%if 0%{?with_debug}
%global _find_debuginfo_dwz_opts %{nil}
%global _dwz_low_mem_die_limit 0
%else
%global debug_package %{nil}
%endif
Summary: OCI container runtime monitor
Name: conmon
Version: 2.0.29
Release: 3%{?dist}
License: ASL 2.0
Vendor: Microsoft Corporation
Distribution: Mariner
URL: https://github.com/containers/conmon
#Source0: https://github.com/containers/conmon/archive/v%{version}.tar.gz
Source0: %{name}-%{version}.tar.gz
BuildRequires: gcc
BuildRequires: git
BuildRequires: glib2-devel
BuildRequires: go-md2man
BuildRequires: make
BuildRequires: systemd-devel
BuildRequires: systemd-libs
Requires: glib2
Requires: systemd-libs
%description
%{summary}.
%prep
%autosetup -Sgit -n %{name}-%{version}
%build
make GOMD2MAN=go-md2man DEBUGFLAG="-g" bin/conmon
make GOMD2MAN=go-md2man -C docs
%install
make PREFIX=%{buildroot}%{_prefix} install install.crio
%files
%license LICENSE
%doc README.md
%{_bindir}/%{name}
%{_libexecdir}/crio/%{name}
%{_mandir}/man8/%{name}*
%dir %{_libexecdir}/crio
%changelog
* Thu Aug 19 2021 Henry Li <lihl@microsoft.com> - 2.0.29-3
- Initial CBL-Mariner import from Fedora 34 (license: MIT)
- License Verified
- Remove epoch
- Remove unneeded macros/definitions
* Thu Jul 08 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.29-2
- rebuild with podman gating test timeout increased to 25m
* Thu Jun 03 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.29-1
- autobuilt v2.0.29
* Thu May 27 2021 Peter Hunt <pehunt@redhat.com> - 2:2.0.28-2
- rhbz#1965231: add /usr/libexec/crio to tracked files
* Fri May 14 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.28-1
- autobuilt v2.0.28
* Mon Apr 19 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.27-2
- bump release to for clean upgrade from f33
* Mon Mar 08 2021 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.27-1
- build v2.0.27
* Mon Feb 08 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.27-0.1.dev.gitc3f31c0
- bump to 2.0.27
- autobuilt c3f31c0
* Tue Feb 02 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.26-0.4.dev.git2b87314
- autobuilt 2b87314
* Fri Jan 29 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.26-0.3.dev.gitde1a153
- autobuilt de1a153
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.26-0.2.dev.gitde1c681
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Wed Jan 20 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.26-0.1.dev.gitde1c681
- bump to 2.0.26
- autobuilt de1c681
* Wed Jan 20 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.25-0.3.dev.git3af2776
- autobuilt 3af2776
* Fri Jan 15 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.25-0.2.dev.git6c8068c
- autobuilt 6c8068c
* Thu Jan 14 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.25-0.1.dev.git0331601
- bump to 2.0.25
- autobuilt 0331601
* Thu Jan 14 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.24-0.1.dev.git37217a3
- bump to 2.0.24
- autobuilt 37217a3
* Mon Jan 11 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.23-0.5.dev.git7bc96c7
- autobuilt 7bc96c7
* Mon Jan 4 2021 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.23-0.4.dev.git5e42e54
- autobuilt 5e42e54
* Mon Dec 28 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.23-0.3.dev.gitbae24d6
- autobuilt bae24d6
* Mon Dec 21 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.23-0.2.dev.git05b8046
- autobuilt 05b8046
* Thu Dec 17 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.23-0.1.dev.gitc704d3a
- bump to 2.0.23
- autobuilt c704d3a
* Tue Dec 1 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.11.dev.gitb1c5187
- autobuilt b1c5187
* Sat Nov 14 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.10.dev.git5df41fb
- autobuilt 5df41fb
* Fri Nov 13 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.9.dev.git2fbeb9f
- autobuilt 2fbeb9f
* Thu Nov 5 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.8.dev.gita0ddcb9
- autobuilt a0ddcb9
* Sat Oct 10 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.7.dev.gite5e2b93
- autobuilt e5e2b93
* Tue Oct 6 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.6.dev.git162c363
- autobuilt 162c363
* Fri Sep 18 09:34:35 EDT 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.22-0.5.dev.git59c2817
- build with journald support
* Wed Sep 16 16:12:47 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.4.dev.git59c2817
- autobuilt 59c2817
* Tue Sep 15 13:12:54 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.3.dev.gitd213bfa
- autobuilt d213bfa
* Mon Sep 14 14:12:03 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.2.dev.giteb93261
- autobuilt eb93261
* Tue Sep 8 22:12:10 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.22-0.1.dev.gitdd4fc17
- bump to 2.0.22
- autobuilt dd4fc17
* Tue Sep 8 21:12:42 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.11.dev.gitbc88ac5
- autobuilt bc88ac5
* Thu Sep 3 14:13:45 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.10.dev.git668b748
- autobuilt 668b748
* Wed Sep 02 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.21-0.9.dev.git1d7b3a5
- Resolves: #1786090 - build with -g for debuginfo
* Thu Aug 27 14:14:25 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.8.dev.git1d7b3a5
- autobuilt 1d7b3a5
* Wed Aug 26 13:11:37 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.7.dev.git6eb222d
- autobuilt 6eb222d
* Tue Aug 25 15:11:33 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.6.dev.git9d61f0f
- autobuilt 9d61f0f
* Mon Aug 24 14:11:36 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.5.dev.git76548e1
- autobuilt 76548e1
* Fri Aug 21 15:10:39 UTC 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.4.dev.git7ab6aa1
- autobuilt 7ab6aa1
* Wed Aug 05 16:10:09 GMT 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.3.dev.git5a6b2ac
- autobuilt 5a6b2ac
* Tue Aug 04 2020 Peter Hunt <pehunt@redhat.com> - 2:2.0.21-0.2.dev.gitfe1563c
- rebuild
* Tue Jul 28 14:09:38 GMT 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.21-0.1.dev.gitfe1563c
- bump to 2.0.21
- autobuilt fe1563c
* Mon Jul 27 21:09:33 GMT 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.20-0.3.dev.git5bc12e0
- autobuilt 5bc12e0
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.20-0.2.dev.git3c396d4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Wed Jul 15 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.20-0.1.dev.git3c396d4
- bump to 2.0.20
- autobuilt 3c396d4
* Wed Jul 15 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.19-0.6.dev.git4fea27e
- autobuilt 4fea27e
* Wed Jul 08 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.19-0.5.dev.giteff699e
- autobuilt eff699e
* Mon Jun 29 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.19-0.4.dev.git9a1d403
- autobuilt 9a1d403
* Mon Jun 22 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.19-0.3.dev.git42414b8
- autobuilt 42414b8
* Wed Jun 17 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.19-0.2.dev.gitab8f5e5
- autobuilt ab8f5e5
* Mon Jun 15 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.19-0.1.dev.git96ea3a2
- bump to 2.0.19
- autobuilt 96ea3a2
* Wed Jun 10 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.8.dev.git2c32b99
- autobuilt 2c32b99
* Mon Jun 08 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.7.dev.gitf951578
- autobuilt f951578
* Wed Jun 03 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.6.dev.git50aeae4
- autobuilt 50aeae4
* Wed Jun 03 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.5.dev.gitf12e90b
- autobuilt f12e90b
* Tue Jun 02 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.4.dev.gitd951a5a
- autobuilt d951a5a
* Mon Jun 01 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.3.dev.git63d0e3d
- autobuilt 63d0e3d
* Wed May 27 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.2.dev.gitd0f367d
- autobuilt d0f367d
* Tue May 26 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.18-0.1.dev.git27bb67e
- bump to 2.0.18
- autobuilt 27bb67e
* Tue May 26 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.17-0.3.dev.git27eb304
- autobuilt 27eb304
* Mon May 25 2020 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.17-0.2.dev.git82e9358
- depend on glib2
* Tue May 12 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.17-0.1.dev.git82e9358
- bump to 2.0.17
- autobuilt 82e9358
* Tue May 12 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.16-0.4.dev.gitedd4aaa
- autobuilt edd4aaa
* Tue May 12 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.16-0.3.dev.git6fa9c2a
- autobuilt 6fa9c2a
* Mon May 11 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.16-0.2.dev.git42cb289
- autobuilt 42cb289
* Thu Apr 02 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.16-0.1.dev.gite34c6d6
- bump to 2.0.16
- autobuilt e34c6d6
* Wed Apr 01 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.15-0.6.dev.gitb763fdd
- autobuilt b763fdd
* Tue Mar 31 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.15-0.5.dev.git9c9b3e7
- autobuilt 9c9b3e7
* Mon Mar 30 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.15-0.4.dev.git3ea6c68
- autobuilt 3ea6c68
* Wed Mar 25 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.15-0.3.dev.git89b2478
- autobuilt 89b2478
* Mon Mar 23 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.15-0.2.dev.gitff29dd6
- autobuilt ff29dd6
* Fri Mar 20 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.15-0.1.dev.gitb97c274
- bump to 2.0.15
- autobuilt b97c274
* Fri Mar 20 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.14-0.2.dev.git1b53637
- autobuilt 1b53637
* Tue Mar 17 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.14-0.1.dev.git849ab62
- bump to 2.0.14
- autobuilt 849ab62
* Mon Mar 16 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.12-0.1.dev.git51c0e7b
- bump to 2.0.12
- autobuilt 51c0e7b
* Tue Feb 11 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.11-0.6.dev.git86aa80b
- autobuilt 86aa80b
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 2:2.0.11-0.5.dev.git77f4a51
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Wed Jan 15 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.11-0.4.dev.git77f4a51
- autobuilt 77f4a51
* Tue Jan 14 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.11-0.3.dev.gitccfdbb6
- autobuilt ccfdbb6
* Sat Jan 11 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.11-0.2.dev.git5039b44
- autobuilt 5039b44
* Wed Jan 08 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.11-0.1.dev.gitad05887
- bump to 2.0.11
- autobuilt ad05887
* Tue Jan 07 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.10-0.3.dev.git26f6817
- autobuilt 26f6817
* Tue Jan 07 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.10-0.2.dev.git6e39a83
- autobuilt 6e39a83
* Mon Jan 06 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.10-0.1.dev.gitb7bfc7b
- bump to 2.0.10
- autobuilt b7bfc7b
* Mon Jan 06 2020 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.9-0.3.dev.git1560392
- autobuilt 1560392
* Fri Dec 20 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.9-0.2.dev.gitb17d81b
- autobuilt b17d81b
* Fri Dec 13 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.9-0.1.dev.gitc2e2e67
- bump to 2.0.9
- autobuilt c2e2e67
* Fri Dec 13 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.8-0.2.dev.gitc8f7443
- autobuilt c8f7443
* Thu Dec 12 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.8-0.1.dev.git036ff29
- bump to 2.0.8
- autobuilt 036ff29
* Thu Dec 12 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.7-0.3.dev.git4100fb2
- autobuilt 4100fb2
* Thu Dec 12 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.7-0.2.dev.git95ed45a
- autobuilt 95ed45a
* Wed Dec 11 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.7-0.1.dev.git8ba9575
- bump to 2.0.7
- autobuilt 8ba9575
* Wed Dec 11 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.6-0.2.dev.gitba14d9c
- autobuilt ba14d9c
* Tue Dec 10 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.6-0.1.dev.gitbc9e976
- bump to 2.0.6
- autobuilt bc9e976
* Tue Dec 10 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.5-0.2.dev.gitc792503
- autobuilt c792503
* Mon Dec 09 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.5-0.1.dev.gitfd5ac47
- bump to 2.0.5
- autobuilt fd5ac47
* Mon Dec 02 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.4-0.3.dev.gitdf8c6aa
- autobuilt df8c6aa
* Fri Nov 29 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.4-0.2.dev.git42bce45
- autobuilt 42bce45
* Mon Nov 11 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.4-0.1.dev.gitf6d23b5
- bump to 2.0.4
- autobuilt f6d23b5
* Mon Nov 11 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.3-0.3.dev.git098fcce
- autobuilt 098fcce
* Thu Nov 07 2019 RH Container Bot <rhcontainerbot@fedoraproject.org> - 2:2.0.3-0.2.dev.git002da25
- autobuilt 002da25
* Mon Oct 21 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.3-0.1.dev.gitbc758d8
- built commit bc758d8
* Wed Sep 25 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.2-0.1.dev.git422ce21
- build latest upstream master
* Tue Sep 10 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.0-2
- remove BR: go-md2man since no manpages yet
* Tue Sep 10 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:2.0.0-1
- bump to v2.0.0
* Fri May 31 2019 Lokesh Mandvekar <lsm5@fedoraproject.org> - 2:0.2.0-1
- initial package

10
SPECS/cri-o/cri-o-rpmlintrc Normal file
Просмотреть файл

@ -0,0 +1,10 @@
addFilter (".* W: explicit-lib-dependency libcontainers-common")
addFilter (".* W: explicit-lib-dependency libcontainers-image")
addFilter (".* W: explicit-lib-dependency libcontainers-storage")
addFilter (".* W: statically-linked-binary /usr/lib/crio/bin/pause")
addFilter (".* W: position-independent-executable-suggested /usr/lib/crio/bin/conmon")
addFilter (".* W: position-independent-executable-suggested /usr/lib/crio/bin/pause")
addFilter (".* W: unstripped-binary-or-object /usr/bin/crio")
addFilter (".* W: unstripped-binary-or-object /usr/lib/crio/bin/conmon")
addFilter (".* W: unstripped-binary-or-object /usr/lib/crio/bin/pause")
addFilter ("no-version-in-last-changelog")

11
SPECS/cri-o/cri-o.signatures.json Normal file
Просмотреть файл

@ -0,0 +1,11 @@
{
"Signatures": {
"cri-o-1.21.2-vendor.tar.gz": "a189bb12672719142a509813daf5203ae08b105c704e25816e37a32535030dc0",
"cri-o-1.21.2.tar.gz": "a8e745822b50d1581cb3d12edeede05eca316f1f57a3a865f7f7d600fe627828",
"cri-o-rpmlintrc": "851a8f7e0b91e011d19a123c2ec703590f3261bfc3fedc41f058dc7556de86cc",
"crio.conf": "0b4d11a34542656ad1077fefefdbd0782c15ea521da914bfed0fc7bf84215f0e",
"crio.service": "aa19713bbb91d0871de67a4a36a75e9558a31b5b4952b8cf81a667c41f0a7c0c",
"kubelet.env": "1569e237d627aa54c2bd391fb879956886ac335ce72211db9dff2e25799d0bf0",
"sysconfig.crio": "72330a238a86278545ede539a855fbbca55a74635939e5b26fefdae911577da1"
}
}

1711
SPECS/cri-o/cri-o.spec Normal file
Просмотреть файл

Разница между файлами не показана из-за своего большого размера Загрузить разницу

384
SPECS/cri-o/crio.conf Normal file
Просмотреть файл

@ -0,0 +1,384 @@
# The CRI-O configuration file specifies all of the available configuration
# options and command-line flags for the crio(8) OCI Kubernetes Container Runtime
# daemon, but in a TOML format that can be more easily modified and versioned.
#
# Please refer to crio.conf(5) for details of all configuration options.
# CRI-O supports partial configuration reload during runtime, which can be
# done by sending SIGHUP to the running process. Currently supported options
# are explicitly mentioned with: 'This option supports live configuration
# reload'.
# CRI-O reads its storage defaults from the containers-storage.conf(5) file
# located at /etc/containers/storage.conf. Modify this storage configuration if
# you want to change the system's defaults. If you want to modify storage just
# for CRI-O, you can change the storage configuration options here.
[crio]
# Path to the "root directory". CRI-O stores all of its data, including
# containers images, in this directory.
#root = "/var/lib/containers/storage"
# Path to the "run directory". CRI-O stores all of its state in this directory.
#runroot = "/var/run/containers/storage"
# Storage driver used to manage the storage of images and containers. Please
# refer to containers-storage.conf(5) to see all available storage drivers.
#storage_driver = "btrfs"
# List to pass options to the storage driver. Please refer to
# containers-storage.conf(5) to see all available storage options.
#storage_option = [
#]
# The default log directory where all logs will go unless directly specified by
# the kubelet. The log directory specified must be an absolute directory.
log_dir = "/var/log/crio/pods"
# Location for CRI-O to lay down the temporary version file.
# It is used to check if crio wipe should wipe containers, which should
# always happen on a node reboot
version_file = "/var/run/crio/version"
# Location for CRI-O to lay down the persistent version file.
# It is used to check if crio wipe should wipe images, which should
# only happen when CRI-O has been upgraded
version_file_persist = "/var/lib/crio/version"
# The crio.api table contains settings for the kubelet/gRPC interface.
[crio.api]
# Path to AF_LOCAL socket on which CRI-O will listen.
listen = "/var/run/crio/crio.sock"
# IP address on which the stream server will listen.
stream_address = "127.0.0.1"
# The port on which the stream server will listen. If the port is set to "0", then
# CRI-O will allocate a random free port number.
stream_port = "0"
# Enable encrypted TLS transport of the stream server.
stream_enable_tls = false
# Path to the x509 certificate file used to serve the encrypted stream. This
# file can change, and CRI-O will automatically pick up the changes within 5
# minutes.
stream_tls_cert = ""
# Path to the key file used to serve the encrypted stream. This file can
# change and CRI-O will automatically pick up the changes within 5 minutes.
stream_tls_key = ""
# Path to the x509 CA(s) file used to verify and authenticate client
# communication with the encrypted stream. This file can change and CRI-O will
# automatically pick up the changes within 5 minutes.
stream_tls_ca = ""
# Maximum grpc send message size in bytes. If not set or <=0, then CRI-O will default to 16 * 1024 * 1024.
grpc_max_send_msg_size = 16777216
# Maximum grpc receive message size. If not set or <= 0, then CRI-O will default to 16 * 1024 * 1024.
grpc_max_recv_msg_size = 16777216
# The crio.runtime table contains settings pertaining to the OCI runtime used
# and options for how to set up and manage the OCI runtime.
[crio.runtime]
# A list of ulimits to be set in containers by default, specified as
# "<ulimit name>=<soft limit>:<hard limit>", for example:
# "nofile=1024:2048"
# If nothing is set here, settings will be inherited from the CRI-O daemon
#default_ulimits = [
#]
# default_runtime is the _name_ of the OCI runtime to be used as the default.
# The name is matched against the runtimes map below. If this value is changed,
# the corresponding existing entry from the runtimes map below will be ignored.
default_runtime = "runc"
# If true, the runtime will not use pivot_root, but instead use MS_MOVE.
no_pivot = false
# decryption_keys_path is the path where the keys required for
# image decryption are stored. This option supports live configuration reload.
decryption_keys_path = "/etc/crio/keys/"
# Path to the conmon binary, used for monitoring the OCI runtime.
# Will be searched for using $PATH if empty.
conmon = ""
# Cgroup setting for conmon
conmon_cgroup = "system.slice"
# Environment variable list for the conmon process, used for passing necessary
# environment variables to conmon or the runtime.
conmon_env = [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
]
# Additional environment variables to set for all the
# containers. These are overridden if set in the
# container image spec or in the container runtime configuration.
default_env = [
]
# If true, SELinux will be used for pod separation on the host.
selinux = false
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime. If not specified, then the internal default seccomp profile
# will be used. This option supports live configuration reload.
seccomp_profile = ""
# Used to change the name of the default AppArmor profile of CRI-O. The default
# profile name is "crio-default". This profile only takes effect if the user
# does not specify a profile via the Kubernetes Pod's metadata annotation. If
# the profile is set to "unconfined", then this equals to disabling AppArmor.
# This option supports live configuration reload.
# apparmor_profile = "crio-default"
# Cgroup management implementation used for the runtime.
cgroup_manager = "systemd"
# List of default capabilities for containers. If it is empty or commented out,
# only the capabilities defined in the containers json file by the user/kube
# will be added.
default_capabilities = [
"CHOWN",
"DAC_OVERRIDE",
"FSETID",
"FOWNER",
"SETGID",
"SETUID",
"SETPCAP",
"NET_BIND_SERVICE",
"KILL",
]
# List of default sysctls. If it is empty or commented out, only the sysctls
# defined in the container json file by the user/kube will be added.
default_sysctls = [
]
# List of additional devices. specified as
# "<device-on-host>:<device-on-container>:<permissions>", for example: "--device=/dev/sdc:/dev/xvdc:rwm".
#If it is empty or commented out, only the devices
# defined in the container json file by the user/kube will be added.
additional_devices = [
]
# Path to OCI hooks directories for automatically executed hooks. If one of the
# directories does not exist, then CRI-O will automatically skip them.
hooks_dir = [
"/usr/share/containers/oci/hooks.d"
]
# List of default mounts for each container. **Deprecated:** this option will
# be removed in future versions in favor of default_mounts_file.
default_mounts = [
]
# Path to the file specifying the defaults mounts for each container. The
# format of the config is /SRC:/DST, one mount per line. Notice that CRI-O reads
# its default mounts from the following two files:
#
# 1) /etc/containers/mounts.conf (i.e., default_mounts_file): This is the
# override file, where users can either add in their own default mounts, or
# override the default mounts shipped with the package.
#
# 2) /usr/share/containers/mounts.conf: This is the default file read for
# mounts. If you want CRI-O to read from a different, specific mounts file,
# you can change the default_mounts_file. Note, if this is done, CRI-O will
# only add mounts it finds in this file.
#
#default_mounts_file = ""
# Maximum number of processes allowed in a container.
pids_limit = 1024
# Maximum sized allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If it is positive, it must be >= 8192 to
# match/exceed conmon's read buffer. The file is truncated and re-opened so the
# limit is never exceeded.
log_size_max = -1
# Whether container output should be logged to journald in addition to the kuberentes log file
log_to_journald = false
# Path to directory in which container exit files are written to by conmon.
container_exits_dir = "/var/run/crio/exits"
# Path to directory for container attach sockets.
container_attach_socket_dir = "/var/run/crio"
# The prefix to use for the source of the bind mounts.
bind_mount_prefix = ""
# If set to true, all containers will run in read-only mode.
read_only = false
# Changes the verbosity of the logs based on the level it is set to. Options
# are fatal, panic, error, warn, info, debug and trace. This option supports
# live configuration reload.
log_level = "info"
# Filter the log messages by the provided regular expression.
# This option supports live configuration reload.
log_filter = ""
# The UID mappings for the user namespace of each container. A range is
# specified in the form containerUID:HostUID:Size. Multiple ranges must be
# separated by comma.
uid_mappings = ""
# The GID mappings for the user namespace of each container. A range is
# specified in the form containerGID:HostGID:Size. Multiple ranges must be
# separated by comma.
gid_mappings = ""
# The minimal amount of time in seconds to wait before issuing a timeout
# regarding the proper termination of the container. The lowest possible
# value is 30s, whereas lower values are not considered by CRI-O.
ctr_stop_timeout = 30
# manage_ns_lifecycle determines whether we pin and remove namespaces
# and manage their lifecycle
manage_ns_lifecycle = true
# drop_infra_ctr determines whether CRI-O drops the infra container
# when a pod does not have a private PID namespace, and does not use
# a kernel separating runtime (like kata).
# It requires manage_ns_lifecycle to be true.
drop_infra_ctr = false
# The directory where the state of the managed namespaces gets tracked.
# Only used when manage_ns_lifecycle is true.
namespaces_dir = "/var/run"
# pinns_path is the path to find the pinns binary, which is needed to manage namespace lifecycle
pinns_path = ""
# The "crio.runtime.runtimes" table defines a list of OCI compatible runtimes.
# The runtime to use is picked based on the runtime_handler provided by the CRI.
# If no runtime_handler is provided, the runtime will be picked based on the level
# of trust of the workload. Each entry in the table should follow the format:
#
#[crio.runtime.runtimes.runtime-handler]
# runtime_path = "/path/to/the/executable"
# runtime_type = "oci"
# runtime_root = "/path/to/the/root"
#
# Where:
# - runtime-handler: name used to identify the runtime
# - runtime_path (optional, string): absolute path to the runtime executable in
# the host filesystem. If omitted, the runtime-handler identifier should match
# the runtime executable name, and the runtime executable should be placed
# in $PATH.
# - runtime_type (optional, string): type of runtime, one of: "oci", "vm". If
# omitted, an "oci" runtime is assumed.
# - runtime_root (optional, string): root directory for storage of containers
# state.
[crio.runtime.runtimes.runc]
# Kata Containers is an OCI runtime, where containers are run inside lightweight
# VMs. Kata provides additional isolation towards the host, minimizing the host attack
# surface and mitigating the consequences of containers breakout.
# Kata Containers with the default configured VMM
#[crio.runtime.runtimes.kata-runtime]
# Kata Containers with the QEMU VMM
#[crio.runtime.runtimes.kata-qemu]
# Kata Containers with the Firecracker VMM
#[crio.runtime.runtimes.kata-fc]
# The crio.image table contains settings pertaining to the management of OCI images.
#
# CRI-O reads its configured registries defaults from the system wide
# containers-registries.conf(5) located in /etc/containers/registries.conf. If
# you want to modify just CRI-O, you can change the registries configuration in
# this file. Otherwise, leave insecure_registries and registries commented out to
# use the system's defaults from /etc/containers/registries.conf.
[crio.image]
# Default transport for pulling images from a remote container storage.
default_transport = "docker://"
# The path to a file containing credentials necessary for pulling images from
# secure registries. The file is similar to that of /var/lib/kubelet/config.json
global_auth_file = ""
# The image used to instantiate infra containers.
# This option supports live configuration reload.
pause_image = "registry.opensuse.org/kubic/pause:3.2"
# The path to a file containing credentials specific for pulling the pause_image from
# above. The file is similar to that of /var/lib/kubelet/config.json
# This option supports live configuration reload.
pause_image_auth_file = ""
# The command to run to have a container stay in the paused state.
# When explicitly set to "", it will fallback to the entrypoint and command
# specified in the pause image. When commented out, it will fallback to the
# default: "/pause". This option supports live configuration reload.
pause_command = ""
# Path to the file which decides what sort of policy we use when deciding
# whether or not to trust an image that we've pulled. It is not recommended that
# this option be used, as the default behavior of using the system-wide default
# policy (i.e., /etc/containers/policy.json) is most often preferred. Please
# refer to containers-policy.json(5) for more details.
signature_policy = ""
# List of registries to skip TLS verification for pulling images. Please
# consider configuring the registries via /etc/containers/registries.conf before
# changing them here.
#insecure_registries = "[]"
# Controls how image volumes are handled. The valid values are mkdir, bind and
# ignore; the latter will ignore volumes entirely.
image_volumes = "mkdir"
# List of registries to be used when pulling an unqualified image (e.g.,
# "alpine:latest"). By default, registries is set to "docker.io" for
# compatibility reasons. Depending on your workload and usecase you may add more
# registries (e.g., "quay.io", "registry.fedoraproject.org",
# "registry.opensuse.org", etc.).
#registries = [
# ]
# Temporary directory to use for storing big files
big_files_temporary_dir = ""
# The crio.network table containers settings pertaining to the management of
# CNI plugins.
[crio.network]
# The default CNI network name to be selected. If not set or "", then
# CRI-O will pick-up the first one found in network_dir.
# cni_default_network = ""
# Path to the directory where CNI configuration files are located.
network_dir = "/etc/cni/net.d/"
# Paths to directories where CNI plugin binaries are located.
plugin_dirs = [
"/opt/cni/bin/",
"/usr/libexec/cni/",
]
# A necessary configuration for Prometheus based metrics retrieval
[crio.metrics]
# Globally enable or disable metrics support.
enable_metrics = false
# The port on which the metrics server will listen.
metrics_port = 9090
# Local socket path to bind the metrics server to
metrics_socket = ""

34
SPECS/cri-o/crio.service Normal file
Просмотреть файл

@ -0,0 +1,34 @@
[Unit]
Description=Container Runtime Interface for OCI (CRI-O)
Documentation=https://github.com/cri-o/cri-o
After=network.target
After=lwm2-monitor.service
After=SuSEfirewall2.service
[Service]
Type=notify
EnvironmentFile=-/etc/sysconfig/proxy
EnvironmentFile=-/etc/sysconfig/crio
Environment=GOTRACEBACK=crash
ExecStart=/usr/bin/crio $CRIO_OPTIONS
ExecReload=/bin/kill -s HUP $MAINPID
TasksMax=infinity
LimitNOFILE=1048576
LimitNPROC=1048576
LimitCORE=infinity
# Set delegate yes so that systemd does not reset the cgroups of containers.
# Only systemd 218 and above support this property.
Delegate=yes
OOMScoreAdjust=-999
TimeoutStartSec=0
Restart=on-abnormal
# Place cri-o under the podruntime slice, this is part of the recommended
# deployment to allow fine resource control on Kubernetes
Slice=podruntime.slice
[Install]
WantedBy=multi-user.target

1
SPECS/cri-o/kubelet.env Normal file
Просмотреть файл

@ -0,0 +1 @@
KUBELET_EXTRA_ARGS="--container-runtime=remote --container-runtime-endpoint=unix:///var/run/crio/crio.sock --runtime-request-timeout=15m --cgroup-driver=systemd -v=2"

7
SPECS/cri-o/sysconfig.crio Normal file
Просмотреть файл

@ -0,0 +1,7 @@
## Path : System/Management
## Description : Extra cli switches for crio daemon
## Type : string
## Default : ""
## ServiceRestart : crio
#
CRIO_OPTIONS=""

189
SPECS/libcontainers-common/LICENSE Normal file
Просмотреть файл

@ -0,0 +1,189 @@
Apache License
Version 2.0, January 2004
https://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction,
and distribution as defined by Sections 1 through 9 of this document.
"Licensor" shall mean the copyright owner or entity authorized by
the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all
other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition,
"control" means (i) the power, direct or indirect, to cause the
direction or management of such entity, whether by contract or
otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity
exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications,
including but not limited to software source code, documentation
source, and configuration files.
"Object" form shall mean any form resulting from mechanical
transformation or translation of a Source form, including but
not limited to compiled object code, generated documentation,
and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or
Object form, made available under the License, as indicated by a
copyright notice that is included in or attached to the work
(an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object
form, that is based on (or derived from) the Work and for which the
editorial revisions, annotations, elaborations, or other modifications
represent, as a whole, an original work of authorship. For the purposes
of this License, Derivative Works shall not include works that remain
separable from, or merely link (or bind by name) to the interfaces of,
the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including
the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally
submitted to Licensor for inclusion in the Work by the copyright owner
or by an individual or Legal Entity authorized to submit on behalf of
the copyright owner. For the purposes of this definition, "submitted"
means any form of electronic, verbal, or written communication sent
to the Licensor or its representatives, including but not limited to
communication on electronic mailing lists, source code control systems,
and issue tracking systems that are managed by, or on behalf of, the
Licensor for the purpose of discussing and improving the Work, but
excluding communication that is conspicuously marked or otherwise
designated in writing by the copyright owner as "Not a Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity
on behalf of whom a Contribution has been received by Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to reproduce, prepare Derivative Works of,
publicly display, publicly perform, sublicense, and distribute the
Work and such Derivative Works in Source or Object form.
3. Grant of Patent License. Subject to the terms and conditions of
this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
(except as stated in this section) patent license to make, have made,
use, offer to sell, sell, import, and otherwise transfer the Work,
where such license applies only to those patent claims licensable
by such Contributor that are necessarily infringed by their
Contribution(s) alone or by combination of their Contribution(s)
with the Work to which such Contribution(s) was submitted. If You
institute patent litigation against any entity (including a
cross-claim or counterclaim in a lawsuit) alleging that the Work
or a Contribution incorporated within the Work constitutes direct
or contributory patent infringement, then any patent licenses
granted to You under this License for that Work shall terminate
as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the
Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You
meet the following conditions:
(a) You must give any other recipients of the Work or
Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices
stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works
that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of
the Derivative Works; and
(d) If the Work includes a "NOTICE" text file as part of its
distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained
within such NOTICE file, excluding those notices that do not
pertain to any part of the Derivative Works, in at least one
of the following places: within a NOTICE text file distributed
as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or,
within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents
of the NOTICE file are for informational purposes only and
do not modify the License. You may add Your own attribution
notices within Derivative Works that You distribute, alongside
or as an addendum to the NOTICE text from the Work, provided
that such additional attribution notices cannot be construed
as modifying the License.
You may add Your own copyright statement to Your modifications and
may provide additional or different license terms and conditions
for use, reproduction, or distribution of Your modifications, or
for any such Derivative Works as a whole, provided Your use,
reproduction, and distribution of the Work otherwise complies with
the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise,
any Contribution intentionally submitted for inclusion in the Work
by You to the Licensor shall be under the terms and conditions of
this License, without any additional terms or conditions.
Notwithstanding the above, nothing herein shall supersede or modify
the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade
names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the
origin of the Work and reproducing the content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or
agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any
risks associated with Your exercise of permissions under this License.
8. Limitation of Liability. In no event and under no legal theory,
whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly
negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special,
incidental, or consequential damages of any character arising as a
result of this License or out of the use or inability to use the
Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all
other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing
the Work or Derivative Works thereof, You may choose to offer,
and charge a fee for, acceptance of support, warranty, indemnity,
or other liability obligations and/or rights consistent with this
License. However, in accepting such obligations, You may act only
on Your own behalf and on Your sole responsibility, not on behalf
of any other Contributor, and only if You agree to indemnify,
defend, and hold each Contributor harmless for any liability
incurred by, or claims asserted against, such Contributor by reason
of your accepting any such warranty or additional liability.
END OF TERMS AND CONDITIONS
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.

438
SPECS/libcontainers-common/containers.conf Normal file
Просмотреть файл

@ -0,0 +1,438 @@
# The containers configuration file specifies all of the available configuration
# command-line options/flags for container engine tools like Podman & Buildah,
# but in a TOML format that can be easily modified and versioned.
# Please refer to containers.conf(5) for details of all configuration options.
# Not all container engines implement all of the options.
# All of the options have hard coded defaults and these options will override
# the built in defaults. Users can then override these options via the command
# line. Container engines will read containers.conf files in up to three
# locations in the following order:
# 1. /usr/share/containers/containers.conf
# 2. /etc/containers/containers.conf
# 3. $HOME/.config/containers/containers.conf (Rootless containers ONLY)
# Items specified in the latter containers.conf, if they exist, override the
# previous containers.conf settings, or the default settings.
[containers]
# List of devices. Specified as
# "<device-on-host>:<device-on-container>:<permissions>", for example:
# "/dev/sdc:/dev/xvdc:rwm".
# If it is empty or commented out, only the default devices will be used
#
# devices = []
# List of volumes. Specified as
# "<directory-on-host>:<directory-in-container>:<options>", for example:
# "/db:/var/lib/db:ro".
# If it is empty or commented out, no volumes will be added
#
# volumes = []
# Used to change the name of the default AppArmor profile of container engine.
#
# apparmor_profile = "container-default"
# List of annotation. Specified as
# "key=value"
# If it is empty or commented out, no annotations will be added
#
# annotations = []
# Default way to to create a cgroup namespace for the container
# Options are:
# `private` Create private Cgroup Namespace for the container.
# `host` Share host Cgroup Namespace with the container.
#
# cgroupns = "private"
# Control container cgroup configuration
# Determines whether the container will create CGroups.
# Options are:
# `enabled` Enable cgroup support within container
# `disabled` Disable cgroup support, will inherit cgroups from parent
# `no-conmon` Container engine runs run without conmon
#
# cgroups = "enabled"
# List of default capabilities for containers. If it is empty or commented out,
# the default capabilities defined in the container engine will be added.
#
# default_capabilities = [
# "AUDIT_WRITE",
# "CHOWN",
# "DAC_OVERRIDE",
# "FOWNER",
# "FSETID",
# "KILL",
# "MKNOD",
# "NET_BIND_SERVICE",
# "NET_RAW",
# "SETGID",
# "SETPCAP",
# "SETUID",
# "SYS_CHROOT",
# ]
# A list of sysctls to be set in containers by default,
# specified as "name=value",
# for example:"net.ipv4.ping_group_range = 0 1000".
#
# default_sysctls = [
# "net.ipv4.ping_group_range=0 1000",
# ]
# A list of ulimits to be set in containers by default, specified as
# "<ulimit name>=<soft limit>:<hard limit>", for example:
# "nofile=1024:2048"
# See setrlimit(2) for a list of resource names.
# Any limit not specified here will be inherited from the process launching the
# container engine.
# Ulimits has limits for non privileged container engines.
#
# default_ulimits = [
# "nofile"="1280:2560",
# ]
# List of default DNS options to be added to /etc/resolv.conf inside of the container.
#
# dns_options = []
# List of default DNS search domains to be added to /etc/resolv.conf inside of the container.
#
# dns_searches = []
# Set default DNS servers.
# This option can be used to override the DNS configuration passed to the
# container. The special value "none" can be specified to disable creation of
# /etc/resolv.conf in the container.
# The /etc/resolv.conf file in the image will be used without changes.
#
# dns_servers = []
# Environment variable list for the conmon process; used for passing necessary
# environment variables to conmon or the runtime.
#
# env = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
# ]
# Pass all host environment variables into the container.
#
# env_host = false
# Path to OCI hooks directories for automatically executed hooks.
#
# hooks_dir = [
# "/usr/share/containers/oci/hooks.d",
# ]
# Default proxy environment variables passed into the container.
# The environment variables passed in include:
# http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of
# these. This option is needed when host system uses a proxy but container
# should not use proxy. Proxy environment variables specified for the container
# in any other way will override the values passed from the host.
#
# http_proxy = true
# Run an init inside the container that forwards signals and reaps processes.
#
# init = false
# Container init binary, if init=true, this is the init binary to be used for containers.
#
init_path = "/usr/bin/catatonit"
# Default way to to create an IPC namespace (POSIX SysV IPC) for the container
# Options are:
# `private` Create private IPC Namespace for the container.
# `host` Share host IPC Namespace with the container.
#
# ipcns = "private"
# Flag tells container engine to whether to use container separation using
# MAC(SELinux)labeling or not.
# Flag is ignored on label disabled systems.
#
# label = true
# Logging driver for the container. Available options: k8s-file and journald.
#
# log_driver = "k8s-file"
# Maximum size allowed for the container log file. Negative numbers indicate
# that no size limit is imposed. If positive, it must be >= 8192 to match or
# exceed conmon's read buffer. The file is truncated and re-opened so the
# limit is never exceeded.
#
# log_size_max = -1
# Default way to to create a Network namespace for the container
# Options are:
# `private` Create private Network Namespace for the container.
# `host` Share host Network Namespace with the container.
# `none` Containers do not use the network
#
# netns = "private"
# Create /etc/hosts for the container. By default, container engine manage
# /etc/hosts, automatically adding the container's own IP address.
#
# no_hosts = false
# Maximum number of processes allowed in a container.
#
# pids_limit = 2048
# Default way to to create a PID namespace for the container
# Options are:
# `private` Create private PID Namespace for the container.
# `host` Share host PID Namespace with the container.
#
# pidns = "private"
# Path to the seccomp.json profile which is used as the default seccomp profile
# for the runtime.
#
# seccomp_profile = "/usr/share/containers/seccomp.json"
# Size of /dev/shm. Specified as <number><unit>.
# Unit is optional, values:
# b (bytes), k (kilobytes), m (megabytes), or g (gigabytes).
# If the unit is omitted, the system uses bytes.
#
# shm_size = "65536k"
# Set timezone in container. Takes IANA timezones as well as "local",
# which sets the timezone in the container to match the host machine.
#
# tz = ""
# Set umask inside the container
#
# umask="0022"
# Default way to to create a UTS namespace for the container
# Options are:
# `private` Create private UTS Namespace for the container.
# `host` Share host UTS Namespace with the container.
#
# utsns = "private"
# Default way to to create a User namespace for the container
# Options are:
# `auto` Create unique User Namespace for the container.
# `host` Share host User Namespace with the container.
#
# userns = "host"
# Number of UIDs to allocate for the automatic container creation.
# UIDs are allocated from the "container" UIDs listed in
# /etc/subuid & /etc/subgid
#
# userns_size=65536
# The network table contains settings pertaining to the management of
# CNI plugins.
[network]
# Path to directory where CNI plugin binaries are located.
#
cni_plugin_dirs = ["/usr/lib/cni"]
# Path to the directory where CNI configuration files are located.
#
# network_config_dir = "/etc/cni/net.d/"
[engine]
# Cgroup management implementation used for the runtime.
# Valid options "systemd" or "cgroupfs"
#
# cgroup_manager = "systemd"
# Environment variables to pass into conmon
#
# conmon_env_vars = [
# "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
# ]
# Paths to look for the conmon container manager binary
#
# conmon_path = [
# "/usr/libexec/podman/conmon",
# "/usr/local/libexec/podman/conmon",
# "/usr/local/lib/podman/conmon",
# "/usr/bin/conmon",
# "/usr/sbin/conmon",
# "/usr/local/bin/conmon",
# "/usr/local/sbin/conmon"
# ]
# Specify the keys sequence used to detach a container.
# Format is a single character [a-Z] or a comma separated sequence of
# `ctrl-<value>`, where `<value>` is one of:
# `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_`
#
# detach_keys = "ctrl-p,ctrl-q"
# Determines whether engine will reserve ports on the host when they are
# forwarded to containers. When enabled, when ports are forwarded to containers,
# ports are held open by as long as the container is running, ensuring that
# they cannot be reused by other programs on the host. However, this can cause
# significant memory usage if a container has many ports forwarded to it.
# Disabling this can save memory.
#
# enable_port_reservation = true
# Environment variables to be used when running the container engine (e.g., Podman, Buildah).
# For example "http_proxy=internal.proxy.company.com".
# Note these environment variables will not be used within the container.
# Set the env section under [containers] table, if you want to set environment variables for the container.
# env = []
# Selects which logging mechanism to use for container engine events.
# Valid values are `journald`, `file` and `none`.
#
# events_logger = "journald"
# Default transport method for pulling and pushing for images
#
# image_default_transport = "docker://"
# Default command to run the infra container
#
# infra_command = "/pause"
# Infra (pause) container image name for pod infra containers. When running a
# pod, we start a `pause` process in a container to hold open the namespaces
# associated with the pod. This container does nothing other then sleep,
# reserving the pods resources for the lifetime of the pod.
#
# infra_image = "k8s.gcr.io/pause:3.2"
# Specify the locking mechanism to use; valid values are "shm" and "file".
# Change the default only if you are sure of what you are doing, in general
# "file" is useful only on platforms where cgo is not available for using the
# faster "shm" lock type. You may need to run "podman system renumber" after
# you change the lock type.
#
# lock_type** = "shm"
# Default engine namespace
# If engine is joined to a namespace, it will see only containers and pods
# that were created in the same namespace, and will create new containers and
# pods in that namespace.
# The default namespace is "", which corresponds to no namespace. When no
# namespace is set, all containers and pods are visible.
#
# namespace = ""
# Whether to use chroot instead of pivot_root in the runtime
#
# no_pivot_root = false
# Number of locks available for containers and pods.
# If this is changed, a lock renumber must be performed (e.g. with the
# 'podman system renumber' command).
#
# num_locks = 2048
# Whether to pull new image before running a container
# pull_policy = "missing"
# Directory for persistent engine files (database, etc)
# By default, this will be configured relative to where the containers/storage
# stores containers
# Uncomment to change location from this default
#
# static_dir = "/var/lib/containers/storage/libpod"
# Directory for temporary files. Must be tmpfs (wiped after reboot)
#
# tmp_dir = "/var/run/libpod"
# Directory for libpod named volumes.
# By default, this will be configured relative to where containers/storage
# stores containers.
# Uncomment to change location from this default.
#
# volume_path = "/var/lib/containers/storage/volumes"
# Default OCI runtime
#
# runtime = "runc"
# List of the OCI runtimes that support --format=json. When json is supported
# engine will use it for reporting nicer errors.
#
# runtime_supports_json = ["crun", "runc", "kata"]
# List of the OCI runtimes that supports running containers without cgroups.
#
# runtime_supports_nocgroups = ["crun"]
# List of the OCI runtimes that supports running containers with KVM Separation.
#
# runtime_supports_kvm = ["kata"]
# Number of seconds to wait for container to exit before sending kill signal.
# stop_timeout = 10
# Index to the active service
# active_service = production
# map of service destinations
# [service_destinations]
# [service_destinations.production]
# URI to access the Podman service
# Examples:
# rootless "unix://run/user/$UID/podman/podman.sock" (Default)
# rootfull "unix://run/podman/podman.sock (Default)
# remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock
# remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock
# uri="ssh://user@production.example.com/run/user/1001/podman/podman.sock"
# Path to file containing ssh identity key
# identity = "~/.ssh/id_rsa"
# Paths to look for a valid OCI runtime (runc, runv, kata, etc)
[engine.runtimes]
# runc = [
# "/usr/bin/runc",
# "/usr/sbin/runc",
# "/usr/local/bin/runc",
# "/usr/local/sbin/runc",
# "/sbin/runc",
# "/bin/runc",
# "/usr/lib/cri-o-runc/sbin/runc",
# ]
# crun = [
# "/usr/bin/crun",
# "/usr/sbin/crun",
# "/usr/local/bin/crun",
# "/usr/local/sbin/crun",
# "/sbin/crun",
# "/bin/crun",
# "/run/current-system/sw/bin/crun",
# ]
# kata = [
# "/usr/bin/kata-runtime",
# "/usr/sbin/kata-runtime",
# "/usr/local/bin/kata-runtime",
# "/usr/local/sbin/kata-runtime",
# "/sbin/kata-runtime",
# "/bin/kata-runtime",
# "/usr/bin/kata-qemu",
# "/usr/bin/kata-fc",
# ]
# The [engine.runtimes] table MUST be the last entry in this file.
# (Unless another table is added)
# TOML does not provide a way to end a table other than a further table being
# defined, so every key hereafter will be part of [runtimes] and not the main
# config.

26
SPECS/libcontainers-common/default.yaml Normal file
Просмотреть файл

@ -0,0 +1,26 @@
# This is a default registries.d configuration file. You may
# add to this file or create additional files in registries.d/.
#
# sigstore: indicates a location that is read and write
# sigstore-staging: indicates a location that is only for write
#
# sigstore and sigstore-staging take a value of the following:
# sigstore: {schema}://location
#
# For reading signatures, schema may be http, https, or file.
# For writing signatures, schema may only be file.
# This is the default signature write location for docker registries.
default-docker:
# sigstore: file:///var/lib/containers/sigstore
sigstore-staging: file:///var/lib/containers/sigstore
# The 'docker' indicator here is the start of the configuration
# for docker registries.
#
# docker:
#
# privateregistry.com:
# sigstore: http://privateregistry.com/sigstore/
# sigstore-staging: /mnt/nfs/privateregistry/sigstore

15
SPECS/libcontainers-common/libcontainers-common.signatures.json Normal file
Просмотреть файл

@ -0,0 +1,15 @@
{
"Signatures": {
"LICENSE": "716a8b80635c394681e652823e1e42e411ad2d254e1f202403422d74f4b0b106",
"containers.conf": "9ae0b69150290499efccd5369d56363ed11582ec137ad3c921f6ca4000b4b26b",
"default.yaml": "03068ffea9999235d611d8fb3dadc96afcbba607388e319f034499f5c6f3c469",
"libcontainers-common-common-0.14.6.tar.gz": "1ea0d41175a0c7ccb5ec75ac2f154262ca20c16352120b474e0e3499e0a2f1eb",
"libcontainers-common-image-5.5.1.tar.gz": "6b8f19a6f766c3bb59982927c1e0f556475b9ec93aa88345f557291344997034",
"libcontainers-common-podman-2.0.3.tar.gz": "5ce0b1196709292bb69abba684b4a69d9ee16a5da526998d9cc11791cf3d6803",
"libcontainers-common-storage-1.20.2.tar.gz": "d5c67e6d2b094450f1502a18b9019ed8552b4d45dd3117914b59f3e4481a87c3",
"mounts.conf": "e8e51f4df072d1be69ba83322f2cd6357305238e174e1d52ab843e5615bd5a21",
"policy.json": "cddfaa8e6a7e5497b67cc0dd8e8517058d0c97de91bf46fff867528415f2d946",
"registries.conf": "a34817b7c2a7e15fbcecf2f2da1678111fe4072ad7dd98af71f023dd965e7797",
"storage.conf": "9f5a3768a7d2e1f40f064cdc2f3d2496a0c7c73444877615bf0cfd22dcc92692"
}
}

665
SPECS/libcontainers-common/libcontainers-common.spec Normal file
Просмотреть файл

@ -0,0 +1,665 @@
#
# spec file for package libcontainers-common
#
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
# commonver - version from containers/common
%define commonver 0.14.6
# podman - version from containers/podman
%define podmanver 2.0.3
# storagever - version from containers/storage
%define storagever 1.20.2
# imagever - version from containers/image
%define imagever 5.5.1
Summary: Configuration files common to github.com/containers
Name: libcontainers-common
Version: 20200727
Release: 2%{?dist}
License: ASL 2.0 AND GPLv3+
Vendor: Microsoft Corporation
Distribution: Mariner
Group: System/Management
URL: https://github.com/containers
#Source0: https://github.com/containers/image/archive/v5.5.1.tar.gz
Source0: %{name}-image-%{imagever}.tar.gz
#Source1: https://github.com/containers/storage/archive/v1.20.2.tar.gz
Source1: %{name}-storage-%{storagever}.tar.gz
Source2: LICENSE
Source3: policy.json
Source4: storage.conf
Source5: mounts.conf
Source6: registries.conf
#Source7: https://github.com/containers/podman/archive/v2.0.3.tar.gz
Source7: %{name}-podman-%{podmanver}.tar.gz
Source8: default.yaml
#Source9: https://github.com/containers/common/archive/v0.14.6.tar.gz
Source9: %{name}-common-%{commonver}.tar.gz
Source10: containers.conf
BuildRequires: go-go-md2man
Requires(post): grep
Requires(post): util-linux
Provides: libcontainers-image = %{version}-%{release}
Provides: libcontainers-storage = %{version}-%{release}
BuildArch: noarch
%description
Configuration files and manpages shared by tools that are based on the
github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo.
%prep
%setup -q -T -D -b 0 -n image-%{imagever}
%setup -q -T -D -b 1 -n storage-%{storagever}
%setup -q -T -D -b 7 -n podman-%{podmanver}
%setup -q -T -D -b 9 -n common-%{commonver}
# copy the LICENSE file in the build root
cd ..
cp %{SOURCE2} .
%build
cd ..
pwd
# compile containers/image manpages
cd image-%{imagever}
for md in docs/*.md
do
go-md2man -in $md -out $md
done
rename '.5.md' '.5' docs/*
rename '.md' '.1' docs/*
cd ..
# compile containers/storage manpages
cd storage-%{storagever}
for md in docs/*.md
do
go-md2man -in $md -out $md
done
rename '.5.md' '.5' docs/*
rename '.md' '.1' docs/*
cd ..
# compile subset of containers/podman manpages
cd podman-%{podmanver}
go-md2man -in docs/source/markdown/containers-mounts.conf.5.md -out docs/source/markdown/containers-mounts.conf.5
go-md2man -in pkg/hooks/docs/oci-hooks.5.md -out pkg/hooks/docs/oci-hooks.5
cd ..
cd common-%{commonver}
make docs
cd ..
%install
cd ..
install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers
install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers/oci/hooks.d
install -d -m 0755 %{buildroot}/%{_datadir}/containers/oci/hooks.d
install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers/registries.d
install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/containers/policy.json
install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/containers/storage.conf
install -D -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/containers/mounts.conf
install -D -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/containers/mounts.conf
install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/containers/registries.conf
install -D -m 0644 %{SOURCE8} %{buildroot}/%{_sysconfdir}/containers/registries.d/default.yaml
sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE10}
install -D -m 0644 %{SOURCE10} %{buildroot}/%{_datadir}/containers/containers.conf
install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_datadir}/containers/seccomp.json
install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_sysconfdir}/containers/seccomp.json
install -d %{buildroot}/%{_mandir}/man1
install -d %{buildroot}/%{_mandir}/man5
install -D -m 0644 image-%{imagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/
install -D -m 0644 image-%{imagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/
install -D -m 0644 storage-%{storagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/
install -D -m 0644 storage-%{storagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/
install -D -m 0644 podman-%{podmanver}/pkg/hooks/docs/oci-hooks.5 %{buildroot}/%{_mandir}/man5/
install -D -m 0644 podman-%{podmanver}/docs/source/markdown/containers-mounts.conf.5 %{buildroot}/%{_mandir}/man5/
install -D -m 0644 common-%{commonver}/docs/containers.conf.5 %{buildroot}/%{_mandir}/man5/
%post
# If installing, check if /var/lib/containers (or /var/lib in its defect) is btrfs and set driver
# to "btrfs" if true
if [ $1 -eq 1 ] ; then
fstype=$((findmnt -o FSTYPE -l --target %{_sharedstatedir}/containers || findmnt -o FSTYPE -l --target %{_var}/lib) | grep -v FSTYPE)
if [ "$fstype" = "btrfs" ]; then
sed -i 's/driver = ""/driver = "btrfs"/g' %{_sysconfdir}/containers/storage.conf
fi
fi
%files
%dir %{_sysconfdir}/containers
%dir %{_sysconfdir}/containers/oci
%dir %{_sysconfdir}/containers/oci/hooks.d
%dir %{_sysconfdir}/containers/registries.d
%dir %{_datadir}/containers
%dir %{_datadir}/containers/oci
%dir %{_datadir}/containers/oci/hooks.d
%config(noreplace) %{_sysconfdir}/containers/policy.json
%config(noreplace) %{_sysconfdir}/containers/storage.conf
%config(noreplace) %{_sysconfdir}/containers/mounts.conf
%{_datadir}/containers/mounts.conf
%config(noreplace) %{_sysconfdir}/containers/registries.conf
%config(noreplace) %{_sysconfdir}/containers/seccomp.json
%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
%{_datadir}/containers/seccomp.json
%{_datadir}/containers/containers.conf
%{_mandir}/man1/*.1.*
%{_mandir}/man5/*.5.*
%license LICENSE
%changelog
* Thu Aug 19 2021 Henry Li <lihl@microsoft.com> - 20200727-2
- Initial CBL-Mariner import from OpenSUSE Tumbleweed
- License Verified
- Remove {?ext_man}, which is not supported in CBL-Mariner
* Mon Aug 3 2020 Callum Farmer <callumjfarmer13@gmail.com>
- Fixes for %%_libexecdir changing to /usr/libexec (bsc#1174075)
* Tue Jul 28 2020 Ralf Haferkamp <rhafer@suse.com>
- Added containers/common tarball for containers.conf(5) man page
- Install containers.conf default configuration in
/usr/share/containers
- libpod repository on github got renamed to podman
- Update to image 5.5.1
- Add documentation for credHelpera
- Add defaults for using the rootless policy path
- Update libpod/podman to 2.0.3
- docs: user namespace can't be shared in pods
- Switch references from libpod.conf to containers.conf
- Allow empty host port in --publish flag
- update document login see config.json as valid
- Update storage to 1.20.2
- Add back skip_mount_home
* Fri Jun 19 2020 Ralf Haferkamp <rhafer@suse.com>
- Remove remaining difference between SLE and openSUSE package and
ship the some mounts.conf default configuration on both platforms.
As the sources for the mount point do not exist on openSUSE by
default this config will basically have no effect on openSUSE.
(jsc#SLE-12122, bsc#1175821)
* Wed Jun 3 2020 Ralf Haferkamp <rhafer@suse.com>
- Update to image 5.4.4
- Remove registries.conf VERSION 2 references from man page
- Intial authfile man page
- Add $HOME/.config/containers/certs.d to perHostCertDirPath
- Add $HOME/.config/containers/registries.conf to config path
- registries.conf.d: add stances for the registries.conf
- update to libpod 1.9.3
- userns: support --userns=auto
- Switch to using --time as opposed to --timeout to better match Docker
- Add support for specifying CNI networks in podman play kube
- man pages: fix inconsistencies
- Update to storage 1.19.1
- userns: add support for auto
- store: change the default user to containers
- config: honor XDG_CONFIG_HOME
- Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again.
It never ended up in SLES and a different way to fix the underlying
problem is being worked on.
* Wed May 13 2020 Richard Brown <rbrown@suse.com>
- Add registry.opensuse.org as default registry [bsc#1171578]
* Fri Apr 24 2020 Ralf Haferkamp <rhafer@suse.com>
- Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts.
This for making container-suseconnect working in the public
cloud on-demand images. It needs that file for being able to
verify the server certificates of the RMT servers hosted
in the public cloud.
(https://github.com/SUSE/container-suseconnect/issues/41)
* Fri Mar 6 2020 Ralf Haferkamp <rhafer@suse.com>
- New snaphot (bsc#1165917)
- Update to image 5.2.1
* Add documentation about rewriting docker.io registries
* Add registries warning to registries.conf
- Update to libpod 1.8.0
* Fixed some spelling errors in oci-hooks documentations
* include containers-mounts.conf(5) man-page into the package
- Update to storage 1.16.1
* Add `rootless_storage_path` directive to storage.conf
* Add better documentation for the mount_program in overlay driver
* Wed Dec 11 2019 Richard Brown <rbrown@suse.com>
- Update to image 5.0.0
- Clean up various imports primarily so that imports of packages that aren't in the standard library are all in one section.
- Update to major version v5
- return resp error message
- copy.Image(): select the CopySystemImage image using the source context
- Add manifest list support
- docker: handle http 429 status codes
- allow for .dockercfg files to reside in non-home directories
- Use the correct module path in (make test-skopeo)
- Update to libpod 1.6.3
- Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration.
- Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added
- Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands
- Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume
- Update to storage 1.15.3
- overlay: allow storing images with more than 127 layers
- Lazy initialize the layer store
- tarlogger: drop state mutex
* Wed Oct 2 2019 Sascha Grunert <sgrunert@suse.com>
- Update to image 4.0.0
- Add http response to log
- Add tests for parsing OpenShift kubeconfig files
- Compress: define some consts for the compression algos
- Compression: add support for the zstd
- Compression: allow to specify the compression format
- Copy: add nil checks
- Copy: compression: default to gzip
- Copy: don't lose annotations of BlobInfo
- Copy: fix options.DestinationCtx nil check
- Copy: use a bigger buffer for the compression
- Fix cross-compilation by vendoring latest c/storage
- Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR
- Keyctl: clean up after tests
- Make container tools work with go+openssl
- Make test-skopeo: replace c/image module instead of copying code
- Media type checks
- Move keyctl to internal & func remove auth from keyring
- Replace vendor.conf by go.mod
- Update dependencies
- Update test certificates
- Update to mergo v0.3.5
- Vendor.conf: update reference for containers/storage
- Update to storage 1.13.4
- Update generated files
- ImageBigData: distinguish between no-such-image and no-such-item
- ImageSize: don't get tripped up by images with no layers
- tarlogger: disable raw accouting
- Update to libpod 1.6.0
- Nothing changed regarding the OCI hooks documentation provided by this
package
* Mon Sep 23 2019 Richard Brown <rbrown@suse.com>
- Update to image 1.4.4
- Hard-code the kernel keyring use to be disabled for now
- Update to libpod 1.5.1
- The hostname of pods is now set to the pod's name
- Minor bugfixes
- Update to storage 1.12.16
- Ignore ro mount options in btrfs and windows drivers
* Mon Sep 23 2019 Richard Brown <rbrown@suse.com>
- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028)
* Wed Aug 7 2019 Sascha Grunert <sgrunert@suse.com>
- Add missing licenses to spec file
* Tue Aug 6 2019 Marco Vedovati <mvedovati@suse.com>
- Add a default registries.d configuration file, used to specify images
signatures storage location.
* Fri Aug 2 2019 Sascha Grunert <sgrunert@suse.com>
- Update to image v3.0.0
- Add "Env" to ImageInspectInfo
- Add API function TryUpdatingCache
- Add ability to install man pages
- Add user registry auth to kernel keyring
- Fix policy.json.md -> containers-policy.json.5.md references
- Fix typo in docs/containers-registries.conf.5.md
- Remove pkg/sysregistries
- Touch up transport man page
- Try harder in storageImageDestination.TryReusingBlob
- Use the same HTTP client for contacting the bearer token server and the
registry
- ci: change GOCACHE to a writeable path
- config.go: improve debug message
- config.go: log where credentials come from
- docker client: error if registry is blocked
- docker: allow deleting OCI images
- docker: delete: support all MIME types
- ostree: default is no OStree support
- ostree: improve error message
- progress bar: use spinners for unknown blob sizes
- use 'containers_image_ostree' as build tag
- use keyring when authfile empty
- Update to storage v1.12.16
- Add cirrus vendor check
- Add storage options to IgnoreChownErrors
- Add support for UID as well as UserName in /etc/subuid files.
- Add support for ignoreChownErrors to vfs
- Add support for installing man pages
- Fix cross-compilation
- Keep track of the UIDs and GIDs used in applied layers
- Move lockfiles to their own package
- Remove merged directory when it is unmounted
- Switch to go modules
- Switch to golangci-lint
- Update generated files
- Use same variable name on both commands
- cirrus: ubuntu: try removing cryptsetup-initramfs
- compression: add support for the zstd algorithm
- getLockfile(): use the absolute path
- loadMounts(): reset counts before merging just-loaded data
- lockfile: don't bother releasing a lock when closing a file
- locking test updates
- locking: take read locks on read-only stores
- make local-cross more reliable for CI
- overlay: cache the results of supported/using-metacopy/use-naive-diff
feature tests
- overlay: fix small piece of repeated work
- utils: fix check for missing conf file
- zstd: use github.com/klauspost/compress directly
* Mon Jul 8 2019 Sascha Grunert <sgrunert@suse.com>
- Update to libpod v1.4.4
- Fixed a bug where rootless Podman would attempt to use the
entire root configuration if no rootless configuration was
present for the user, breaking rootless Podman for new
installations
- Fixed a bug where rootless Podman's pause process would block
SIGTERM, preventing graceful system shutdown and hanging until
the system's init send SIGKILL
- Fixed a bug where running Podman as root with sudo -E would not
work after running rootless Podman at least once
- Fixed a bug where options for tmpfs volumes added with the
- -tmpfs flag were being ignored
- Fixed a bug where images with no layers could not properly be
displayed and removed by Podman
- Fixed a bug where locks were not properly freed on failure to
create a container or pod
- Podman now has greatly improved support for containers using
multiple OCI runtimes. Containers now remember if they were
created with a different runtime using --runtime and will
always use that runtime
- The cached and delegated options for volume mounts are now
allowed for Docker compatability (#3340)
- The podman diff command now supports the --latest flag
- Fixed a bug where podman cp on a single file would create a
directory at the target and place the file in it (#3384)
- Fixed a bug where podman inspect --format '{{.Mounts}}' would
print a hexadecimal address instead of a container's mounts
- Fixed a bug where rootless Podman would not add an entry to
container's /etc/hosts files for their own hostname (#3405)
- Fixed a bug where podman ps --sync would segfault (#3411)
- Fixed a bug where podman generate kube would produce an invalid
ports configuration (#3408)
- Podman now performs much better on systems with heavy I/O load
- The --cgroup-manager flag to podman now shows the correct
default setting in help if the default was overridden by
libpod.conf
- For backwards compatability, setting --log-driver=json-file in
podman run is now supported as an alias for
- -log-driver=k8s-file. This is considered deprecated, and
json-file will be moved to a new implementation in the future
([#3363](https://github.com/containers/libpod/issues/3363))
- Podman's default libpod.conf file now allows the crun OCI
runtime to be used if it is installed
- Fixed a bug where Podman could not run containers using an
older version of Systemd as init (#3295)
- Updated vendored Buildah to v1.9.0 to resolve a critical bug
with Dockerfile RUN instructions
- The error message for running podman kill on containers that
are not running has been improved
- The Podman remote client can now log to a file if syslog is not
available
- The MacOS dmg file is experimental, use at your own risk.
- The podman exec command now sets its error code differently
based on whether the container does not exist, and the command
in the container does not exist
- The podman inspect command on containers now outputs Mounts
JSON that matches that of docker inspect, only including
user-specified volumes and differentiating bind mounts and
named volumes
- The podman inspect command now reports the path to a
container's OCI spec with the OCIConfigPath key (only included
when the container is initialized or running)
- The podman run --mount command now supports the
bind-nonrecursive option for bind mounts (#3314)
- Fixed a bug where podman play kube would fail to create
containers due to an unspecified log driver
- Fixed a bug where Podman would fail to build with musl libc
(#3284)
- Fixed a bug where rootless Podman using slirp4netns networking
in an environment with no nameservers on the host other than
localhost would result in nonfunctional networking (#3277)
- Fixed a bug where podman import would not properly set
environment variables, discarding their values and retaining
only keys
- Fixed a bug where Podman would fail to run when built with
Apparmor support but run on systems without the Apparmor kernel
module loaded (#3331)
- Remote Podman will now default the username it uses to log in
to remote systems to the username of the current user
- Podman now uses JSON logging with OCI runtimes that support it,
allowing for better error reporting
- Updated vendored Buildah to v1.8.4
- Updated vendored containers/image to v2.0
- Update to image v2.0.0
- Add registry mirror support
- Include missing man pages (bsc#1139526)
- Update to storage v1.12.10
- Add support for UID as well as UserName in /etc/subuid files.
- utils: fix check for missing conf file
- compression: add support for the zstd algorithm
- overlay: cache the results of
supported/using-metacopy/use-naive-diff feature tests
* Tue Jun 11 2019 Sascha Grunert <sgrunert@suse.com>
- Update to libpod v1.4.0
- The podman checkpoint and podman restore commands can now be
used to migrate containers between Podman installations on
different systems
- The podman cp command now supports a pause flag to pause
containers while copying into them
- The remote client now supports a configuration file for
pre-configuring connections to remote Podman installations
- Fixed CVE-2019-10152 - The podman cp command improperly
dereferenced symlinks in host context
- Fixed a bug where podman commit could improperly set
environment variables that contained = characters
- Fixed a bug where rootless Podman would sometimes fail to start
containers with forwarded ports
- Fixed a bug where podman version on the remote client could
segfault
- Fixed a bug where podman container runlabel would use
/proc/self/exe instead of the path of the Podman command when
printing the command being executed
- Fixed a bug where filtering images by label did not work
- Fixed a bug where specifying a bing mount or tmpfs mount over
an image volume would cause a container to be unable to start
- Fixed a bug where podman generate kube did not work with
containers with named volumes
- Fixed a bug where rootless Podman would receive permission
denied errors accessing conmon.pid
- Fixed a bug where podman cp with a folder specified as target
would replace the folder, as opposed to copying into it
- Fixed a bug where rootless Podman commands could double-unlock
a lock, causing a crash
- Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
mounts, causing errors when using the Kata containers runtime
- Fixed a bug where podman exec would fail on older kernels
- The podman commit command is now usable with the Podman remote
client
- The --signature-policy flag (used with several image-related
commands) has been deprecated
- The podman unshare command now defines two environment
variables in the spawned shell: CONTAINERS_RUNROOT and
CONTAINERS_GRAPHROOT, pointing to temporary and permanent
storage for rootless containers
- Updated vendored containers/storage and containers/image
libraries with numerous bugfixes
- Updated vendored Buildah to v1.8.3
- Podman now requires Conmon v0.2.0
- The podman cp command is now aliased as podman container cp
- Rootless Podman will now default init_path using root Podman's
configuration files (/etc/containers/libpod.conf and
/usr/share/containers/libpod.conf) if not overridden in the
rootless configuration
- Update to image v1.5.1
- Vendor in latest containers/storage
- docker/docker_client: Drop redundant Domain(ref.ref) call
- pkg/blobinfocache: Split implementations into subpackages
- copy: progress bar: show messages on completion
- docs: rename manpages to *.5.command
- add container-certs.d.md manpage
- pkg/docker/config: Bring auth tests from
docker/docker_client_test
- Don't allocate a sync.Mutex separately
- Update to storage v1.12.10
- Add function to parse out mount options from graphdriver
- Merge the disparate parts of all of the Unix-like lockfiles
- Fix unix-but-not-Linux compilation
- Return XDG_RUNTIME_DIR as RootlessRuntimeDir if set
- Cherry-pick moby/moby #39292 for CVE-2018-15664 fixes
- lockfile: add RecursiveLock() API
- Update generated files
- Fix crash on tesing of aufs code
- Let consumers know when Layers and Images came from read-only stores
- chown: do not change owner for the mountpoint
- locks: correctly mark updates to the layers list
- CreateContainer: don't worry about mapping layers unless necessary
- docs: fix manpage for containers-storage.conf
- docs: sort configuration options alphabetically
- docs: document OSTree file deduplication
- Add missing options to man page for containers-storage
- overlay: use the layer idmapping if present
- vfs: prefer layer custom idmappings
- layers: propagate down the idmapping settings
- Recreate symlink when not found
- docs: fix manpage for configuration file
- docs: add special handling for manpages in sect 5
- overlay: fix single-lower test
- Recreate symlink when not found
- overlay: propagate errors from mountProgram
- utils: root in a userns uses global conf file
- Fix handling of additional stores
- Correctly check permissions on rootless directory
- Fix possible integer overflow on 32bit builds
- Evaluate device path for lvm
- lockfile test: make concurrent RW test determinisitc
- lockfile test: make concurrent read tests deterministic
- drivers.DirCopy: fix filemode detection
- storage: move the logic to detect rootless into utils.go
- Don't set (struct flock).l_pid
- Improve documentation of getLockfile
- Rename getLockFile to createLockerForPath, and document it
- Add FILES section to containers-storage.5 man page
- add digest locks
- drivers/copy: add a non-cgo fallback
- Add default SLES mounts for container-suseconnect usage
* Tue Jun 4 2019 Richard Brown <rbrown@suse.com>
- Add util-linux and grep as Requires(post) to ensure btrfs config gets made correctly
* Mon Apr 1 2019 Richard Brown <rbrown@suse.com>
- Update to libpod v1.2.0
* Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
* Move pkg/util default storage functions from libpod to containers/storage
- Update to image v1.5
* Minor behind the scene bugfixes, no user facing changes
- Update to storage v1.12.1
* Move pkg/util default storage functions from libpod to containers/storage
* containers/storage no longer depends on containers/image
- Version 20190401
* Wed Feb 27 2019 Richard Brown <rbrown@suse.com>
- Update to libpod v1.1.0
* Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
* Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
* Tue Feb 19 2019 Richard Brown <rbrown@suse.com>
- Upgrade to storage v1.10
* enable parallel blob reads
* Teach images to hold multiple manifests
* Move structs for storage.conf to pkg/config
- Upgrade to libpod v1.0.1
* Do not unmarshal into c.config.Spec
* spec: add nosuid,noexec,nodev to ro bind mount
* Sat Feb 2 2019 Richard Brown <rbrown@suse.com>
- Restore non-upstream storage.conf, needed by CRI-O
* Fri Jan 25 2019 Richard Brown <rbrown@suse.com>
- Upgrade to storage v1.8
* Check for the OS when setting btrfs/libdm/ostree tags
- Upgrade to image v1.3
* vendor: use github.com/klauspost/pgzip instead of compress/gzip
* vendor latest ostree
- Refactor specfile to use versioned tarballs
- Established package versioning scheme (ISODATE of change)
- Remove non-upstream storage.conf
- Set btrfs as default driver if /var/lib is on btrfs [boo#1123119]
- Version 20190125
* Thu Jan 17 2019 Richard Brown <rbrown@suse.com>
- Upgrade to storage v1.6
* Remove private mount from zfs driver
* Update zfs driver to be closer to moby driver
* Use mount options when mounting the chown layer.
* Sun Jan 13 2019 Richard Brown <rbrown@suse.com>
- Upgrade to libpod v1.0.0
* Fixed a bug where storage.conf was sometimes ignored for rootless containers
* Tue Jan 8 2019 Richard Brown <rbrown@suse.com>
- Upgrade to libpod v0.12.1.2 and storage v1.4
* No significant functional or packaging changes
* Sun Jan 6 2019 Richard Brown <rbrown@suse.com>
- storage.conf - restore btrfs as the default driver
* Fri Dec 7 2018 Richard Brown <rbrown@suse.com>
- Update to latest libpod and storage to support cri-o 1.13
* Wed Dec 5 2018 Richard Brown <rbrown@suse.com>
- Use seccomp.json from github.com/containers/libpod, instead of
installing the tar.xz on users systems (boo#1118444)
* Mon Nov 12 2018 Valentin Rothberg <vrothberg@suse.com>
- Add oci-hooks(5) manpage from libpod.
* Mon Nov 12 2018 Valentin Rothberg <vrothberg@suse.com>
- Use seccomp.json from github.com/containers/libpod to align with the
upstream defaults.
- Update to the latest image and storage to pull in improvements to the
manpages.
* Mon Aug 27 2018 vrothberg@suse.com
- storage.conf: comment out options that are not supported by btrfs.
This simplifies switching the driver as it avoids the whack-a-mole
of commenting out "unsupported" options.
* Mon Aug 27 2018 vrothberg@suse.com
- Consolidate libcontainers-{common,image,storage} into one package,
libcontainers-common. That's the way upstream intended all libraries from
github.com/containers to be packaged. It facilitates updating and maintaining
the package, as all configs and manpages come from a central source.
Note that the `storage` binary that previously has been provided by the
libcontainers-storage package is not provided anymore as, despite the claims
in the manpages, it is not intended for production use.
* Mon Aug 13 2018 vrothberg@suse.com
- Make libcontainers-common arch independent.
- Add LICENSE.
* Thu Apr 12 2018 fcastelli@suse.com
- Added /usr/share/containers/oci/hooks.d and /etc/containers/oci/hooks.d
to the package. These are used by tools like cri-o and podman to store
custom hooks.
* Mon Mar 5 2018 vrothberg@suse.com
- Configuration files should generally be tagged as %%config(noreplace) in order
to keep the modified config files and to avoid losing data when the package
is being updated.
feature#crio
* Thu Feb 8 2018 vrothberg@suse.com
- Add libcontainers-common package.

5
SPECS/libcontainers-common/mounts.conf Normal file
Просмотреть файл

@ -0,0 +1,5 @@
# This configuration file specifies the default mounts for each container of the
# tools adhering to this file (e.g., CRI-O, Podman, Buildah). The format of the
# config is /SRC:/DST, one mount per line.
/etc/SUSEConnect:/etc/SUSEConnect
/etc/zypp/credentials.d/SCCcredentials:/etc/zypp/credentials.d/SCCcredentials

14
SPECS/libcontainers-common/policy.json Normal file
Просмотреть файл

@ -0,0 +1,14 @@
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
}
}
}

20
SPECS/libcontainers-common/registries.conf Normal file
Просмотреть файл

@ -0,0 +1,20 @@
# For more information on this configuration file, see containers-registries.conf(5).
#
# Registries to search for images that are not fully-qualified.
# i.e. foobar.com/my_image:latest vs my_image:latest
[registries.search]
registries = ["registry.opensuse.org", "docker.io"]
# Registries that do not use TLS when pulling images or uses self-signed
# certificates.
[registries.insecure]
registries = []
# Blocked Registries, blocks the `docker daemon` from pulling from the blocked registry. If you specify
# "*", then the docker daemon will only be allowed to pull from registries listed above in the search
# registries. Blocked Registries is deprecated because other container runtimes and tools will not use it.
# It is recommended that you use the trust policy file /etc/containers/policy.json to control which
# registries you want to allow users to pull and push from. policy.json gives greater flexibility, and
# supports all container runtimes and tools including the docker daemon, cri-o, buildah ...
[registries.block]
registries = []

133
SPECS/libcontainers-common/storage.conf Normal file
Просмотреть файл

@ -0,0 +1,133 @@
# This file is is the configuration file for all tools
# that use the containers/storage library.
# See man 5 containers-storage.conf for more information
# The "container storage" table contains all of the server options.
[storage]
# Default Storage Driver
driver = ""
# Temporary storage location
runroot = "/var/run/containers/storage"
# Primary Read/Write location of container storage
graphroot = "/var/lib/containers/storage"
[storage.options]
# Storage options to be passed to underlying storage drivers
# AdditionalImageStores is used to pass paths to additional Read/Only image stores
# Must be comma separated list.
additionalimagestores = [
]
# Size is used to set a maximum size of the container image. Only supported by
# certain container storage drivers.
size = ""
# Path to an helper program to use for mounting the file system instead of mounting it
# directly.
#mount_program = "/usr/bin/fuse-overlayfs"
# OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version
# override_kernel_check = "false"
# mountopt specifies comma separated list of extra mount options
# mountopt = "nodev"
# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of
# a container, to UIDs/GIDs as they should appear outside of the container, and
# the length of the range of UIDs/GIDs. Additional mapped sets can be listed
# and will be heeded by libraries, but there are limits to the number of
# mappings which the kernel will allow when you later attempt to run a
# container.
#
# remap-uids = 0:1668442479:65536
# remap-gids = 0:1668442479:65536
# Remap-User/Group is a name which can be used to look up one or more UID/GID
# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting
# with an in-container ID of 0 and the a host-level ID taken from the lowest
# range that matches the specified name, and using the length of that range.
# Additional ranges are then assigned, using the ranges which specify the
# lowest host-level IDs first, to the lowest not-yet-mapped container-level ID,
# until all of the entries have been used for maps.
#
# remap-user = "storage"
# remap-group = "storage"
# If specified, use OSTree to deduplicate files with the overlay backend
ostree_repo = ""
# Set to skip a PRIVATE bind mount on the storage home directory. Only supported by
# certain container storage drivers
# skip_mount_home = "false"
[storage.options.thinpool]
# Storage Options for thinpool
# autoextend_percent determines the amount by which pool needs to be
# grown. This is specified in terms of % of pool size. So a value of 20 means
# that when threshold is hit, pool will be grown by 20% of existing
# pool size.
# autoextend_percent = "20"
# autoextend_threshold determines the pool extension threshold in terms
# of percentage of pool size. For example, if threshold is 60, that means when
# pool is 60% full, threshold has been hit.
# autoextend_threshold = "80"
# basesize specifies the size to use when creating the base device, which
# limits the size of images and containers.
# basesize = "10G"
# blocksize specifies a custom blocksize to use for the thin pool.
# blocksize="64k"
# directlvm_device specifies a custom block storage device to use for the
# thin pool. Required if you setup devicemapper.
# directlvm_device = ""
# directlvm_device_force wipes device even if device already has a filesystem.
# directlvm_device_force = "True"
# fs specifies the filesystem type to use for the base device.
# fs="xfs"
# log_level sets the log level of devicemapper.
# 0: LogLevelSuppress 0 (Default)
# 2: LogLevelFatal
# 3: LogLevelErr
# 4: LogLevelWarn
# 5: LogLevelNotice
# 6: LogLevelInfo
# 7: LogLevelDebug
# log_level = "7"
# min_free_space specifies the min free space percent in a thin pool require for
# new device creation to succeed. Valid values are from 0% - 99%.
# Value 0% disables
# min_free_space = "10%"
# mkfsarg specifies extra mkfs arguments to be used when creating the base.
# device.
# mkfsarg = ""
# use_deferred_removal marks devicemapper block device for deferred removal.
# If the thinpool is in use when the driver attempts to remove it, the driver
# tells the kernel to remove it as soon as possible. Note this does not free
# up the disk space, use deferred deletion to fully remove the thinpool.
# use_deferred_removal = "True"
# use_deferred_deletion marks thinpool device for deferred deletion.
# If the device is busy when the driver attempts to delete it, the driver
# will attempt to delete device every 30 seconds until successful.
# If the program using the driver exits, the driver will continue attempting
# to cleanup the next time the driver is used. Deferred deletion permanently
# deletes the device and all data stored in device will be lost.
# use_deferred_deletion = "True"
# xfs_nospace_max_retries specifies the maximum number of retries XFS should
# attempt to complete IO when ENOSPC (no space) error is returned by
# underlying storage device.
# xfs_nospace_max_retries = "0"

30
cgmanifest.json
Просмотреть файл

@ -840,6 +840,16 @@
} }
} }
}, },
{
"component": {
"type": "other",
"other": {
"name": "conmon",
"version": "2.0.29",
"downloadUrl": "https://github.com/containers/conmon/archive/v2.0.29.tar.gz"
}
}
},
{ {
"component": { "component": {
"type": "other", "type": "other",
@ -950,6 +960,16 @@
} }
} }
}, },
{
"component": {
"type": "other",
"other": {
"name": "cri-o",
"version": "1.21.2",
"downloadUrl": "https://github.com/cri-o/cri-o/archive/refs/tags/v1.21.2.tar.gz"
}
}
},
{ {
"component": { "component": {
"type": "other", "type": "other",
@ -2904,6 +2924,16 @@
} }
} }
}, },
{
"component": {
"type": "other",
"other": {
"name": "libcontainers-common",
"version": "20200727",
"downloadUrl": "https://github.com/containers/image/archive/v5.5.1.tar.gz"
}
}
},
{ {
"component": { "component": {
"type": "other", "type": "other",