Hello community, here is the log from the commit of package libcontainers-common.14211 for openSUSE:Leap:15.2:Update checked in at 2020-09-28 10:21:23 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.2:Update/libcontainers-common.14211 (Old) and /work/SRC/openSUSE:Leap:15.2:Update/.libcontainers-common.14211.new.4249 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "libcontainers-common.14211" Mon Sep 28 10:21:23 2020 rev:1 rq:837246 version:20200727 Changes: -------- New Changes file: --- /dev/null 2020-09-10 00:27:47.435250138 +0200 +++ /work/SRC/openSUSE:Leap:15.2:Update/.libcontainers-common.14211.new.4249/libcontainers-common.changes 2020-09-28 10:21:24.884996349 +0200 @@ -0,0 +1,574 @@ +------------------------------------------------------------------- +Mon Aug 3 17:10:46 UTC 2020 - Callum Farmer <callumjfarme...@gmail.com> + +- Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075) + +------------------------------------------------------------------- +Tue Jul 28 13:22:02 UTC 2020 - Ralf Haferkamp <rha...@suse.com> + +- Added containers/common tarball for containers.conf(5) man page +- Install containers.conf default configuration in + /usr/share/containers +- libpod repository on github got renamed to podman +- Update to image 5.5.1 + - Add documentation for credHelpera + - Add defaults for using the rootless policy path +- Update libpod/podman to 2.0.3 + - docs: user namespace can't be shared in pods + - Switch references from libpod.conf to containers.conf + - Allow empty host port in --publish flag + - update document login see config.json as valid +- Update storage to 1.20.2 + - Add back skip_mount_home + +------------------------------------------------------------------- +Fri Jun 19 09:57:44 UTC 2020 - Ralf Haferkamp <rha...@suse.com> + +- Remove remaining difference between SLE and openSUSE package and + ship the some mounts.conf default configuration on both platforms. + As the sources for the mount point do not exist on openSUSE by + default this config will basically have no effect on openSUSE. + (jsc#SLE-12122, bsc#1175821) + +------------------------------------------------------------------- +Wed Jun 3 14:37:20 UTC 2020 - Ralf Haferkamp <rha...@suse.com> + +- Update to image 5.4.4 + - Remove registries.conf VERSION 2 references from man page + - Intial authfile man page + - Add $HOME/.config/containers/certs.d to perHostCertDirPath + - Add $HOME/.config/containers/registries.conf to config path + - registries.conf.d: add stances for the registries.conf +- update to libpod 1.9.3 + - userns: support --userns=auto + - Switch to using --time as opposed to --timeout to better match Docker + - Add support for specifying CNI networks in podman play kube + - man pages: fix inconsistencies +- Update to storage 1.19.1 + - userns: add support for auto + - store: change the default user to containers + - config: honor XDG_CONFIG_HOME +- Remove the /var/lib/ca-certificates/pem/SUSE.pem workaround again. + It never ended up in SLES and a different way to fix the underlying + problem is being worked on. + +------------------------------------------------------------------- +Wed May 13 12:45:58 UTC 2020 - Richard Brown <rbr...@suse.com> + +- Add registry.opensuse.org as default registry [bsc#1171578] + +------------------------------------------------------------------- +Fri Apr 24 08:35:54 UTC 2020 - Ralf Haferkamp <rha...@suse.com> + +- Add /var/lib/ca-certificates/pem/SUSE.pem to the SLES mounts. + This for making container-suseconnect working in the public + cloud on-demand images. It needs that file for being able to + verify the server certificates of the RMT servers hosted + in the public cloud. + (https://github.com/SUSE/container-suseconnect/issues/41) + +------------------------------------------------------------------- +Fri Mar 6 11:14:24 UTC 2020 - Ralf Haferkamp <rha...@suse.com> + +- New snaphot (bsc#1165917) +- Update to image 5.2.1 + * Add documentation about rewriting docker.io registries + * Add registries warning to registries.conf +- Update to libpod 1.8.0 + * Fixed some spelling errors in oci-hooks documentations + * include containers-mounts.conf(5) man-page into the package +- Update to storage 1.16.1 + * Add `rootless_storage_path` directive to storage.conf + * Add better documentation for the mount_program in overlay driver + +------------------------------------------------------------------- +Wed Dec 11 16:13:32 UTC 2019 - Richard Brown <rbr...@suse.com> + +- Update to image 5.0.0 + - Clean up various imports primarily so that imports of packages that aren't in the standard library are all in one section. + - Update to major version v5 + - return resp error message + - copy.Image(): select the CopySystemImage image using the source context + - Add manifest list support + - docker: handle http 429 status codes + - allow for .dockercfg files to reside in non-home directories + - Use the correct module path in (make test-skopeo) +- Update to libpod 1.6.3 + - Handling of the libpod.conf configuration file has seen major changes. Most significantly, rootless users will no longer automatically receive a complete configuration file when they first use Podman, and will instead only receive differences from the global configuration. + - Initial support for the CNI DNS plugin, which allows containers to resolve the IPs of other containers via DNS name, has been added + - Podman now supports anonymous named volumes, created by specifying only a destination to the -v flag to the podman create and podman run commands + - Named volumes now support uid and gid options in --opt o=... to set UID and GID of the created volume +- Update to storage 1.15.3 + - overlay: allow storing images with more than 127 layers + - Lazy initialize the layer store + - tarlogger: drop state mutex + +------------------------------------------------------------------- +Wed Oct 2 08:29:50 UTC 2019 - Sascha Grunert <sgrun...@suse.com> + +- Update to image 4.0.0 + - Add http response to log + - Add tests for parsing OpenShift kubeconfig files + - Compress: define some consts for the compression algos + - Compression: add support for the zstd + - Compression: allow to specify the compression format + - Copy: add nil checks + - Copy: compression: default to gzip + - Copy: don't lose annotations of BlobInfo + - Copy: fix options.DestinationCtx nil check + - Copy: use a bigger buffer for the compression + - Fix cross-compilation by vendoring latest c/storage + - Internal/testing/explicitfilepath-tmpdir: handle unset TMPDIR + - Keyctl: clean up after tests + - Make container tools work with go+openssl + - Make test-skopeo: replace c/image module instead of copying code + - Media type checks + - Move keyctl to internal & func remove auth from keyring + - Replace vendor.conf by go.mod + - Update dependencies + - Update test certificates + - Update to mergo v0.3.5 + - Vendor.conf: update reference for containers/storage +- Update to storage 1.13.4 + - Update generated files + - ImageBigData: distinguish between no-such-image and no-such-item + - ImageSize: don't get tripped up by images with no layers + - tarlogger: disable raw accouting +- Update to libpod 1.6.0 + - Nothing changed regarding the OCI hooks documentation provided by this + package + +------------------------------------------------------------------- +Mon Sep 23 15:28:02 UTC 2019 - Richard Brown <rbr...@suse.com> + +- Update to image 1.4.4 + - Hard-code the kernel keyring use to be disabled for now +- Update to libpod 1.5.1 + - The hostname of pods is now set to the pod's name + - Minor bugfixes +- Update to storage 1.12.16 + - Ignore ro mount options in btrfs and windows drivers + +------------------------------------------------------------------- +Mon Sep 23 12:01:53 UTC 2019 - Richard Brown <rbr...@suse.com> + +- Check /var/lib/containers if possible before setting btrfs backend (bsc#1151028) + +------------------------------------------------------------------- +Wed Aug 7 10:35:07 UTC 2019 - Sascha Grunert <sgrun...@suse.com> + +- Add missing licenses to spec file + +------------------------------------------------------------------- +Tue Aug 6 11:42:17 UTC 2019 - Marco Vedovati <mvedov...@suse.com> + +- Add a default registries.d configuration file, used to specify images + signatures storage location. + +------------------------------------------------------------------- +Fri Aug 2 09:46:10 UTC 2019 - Sascha Grunert <sgrun...@suse.com> + +- Update to image v3.0.0 + - Add "Env" to ImageInspectInfo + - Add API function TryUpdatingCache + - Add ability to install man pages + - Add user registry auth to kernel keyring + - Fix policy.json.md -> containers-policy.json.5.md references + - Fix typo in docs/containers-registries.conf.5.md + - Remove pkg/sysregistries + - Touch up transport man page + - Try harder in storageImageDestination.TryReusingBlob + - Use the same HTTP client for contacting the bearer token server and the + registry + - ci: change GOCACHE to a writeable path + - config.go: improve debug message + - config.go: log where credentials come from + - docker client: error if registry is blocked + - docker: allow deleting OCI images + - docker: delete: support all MIME types + - ostree: default is no OStree support + - ostree: improve error message + - progress bar: use spinners for unknown blob sizes + - use 'containers_image_ostree' as build tag + - use keyring when authfile empty +- Update to storage v1.12.16 + - Add cirrus vendor check + - Add storage options to IgnoreChownErrors + - Add support for UID as well as UserName in /etc/subuid files. ++++ 377 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.2:Update/.libcontainers-common.14211.new.4249/libcontainers-common.changes New: ---- LICENSE _service common-0.14.6.tar.xz containers.conf default.yaml image-5.5.1.tar.xz libcontainers-common.changes libcontainers-common.spec mounts.conf podman-2.0.3.tar.xz policy.json registries.conf storage-1.20.2.tar.xz storage.conf ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcontainers-common.spec ++++++ # # spec file for package libcontainers-common # # Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # # commonver - version from containers/common %define commonver 0.14.6 # podman - version from containers/podman %define podmanver 2.0.3 # storagever - version from containers/storage %define storagever 1.20.2 # imagever - version from containers/image %define imagever 5.5.1 Name: libcontainers-common Version: 20200727 Release: 0 Summary: Configuration files common to github.com/containers License: Apache-2.0 and GPL-3.0+ Group: System/Management URL: https://github.com/containers Source0: image-%{imagever}.tar.xz Source1: storage-%{storagever}.tar.xz Source2: LICENSE Source3: policy.json Source4: storage.conf Source5: mounts.conf Source6: registries.conf Source7: podman-%{podmanver}.tar.xz Source8: default.yaml Source9: common-%{commonver}.tar.xz Source10: containers.conf BuildRequires: go-go-md2man Provides: libcontainers-image Provides: libcontainers-storage Obsoletes: libcontainers-image Obsoletes: libcontainers-storage Requires(post): util-linux Requires(post): grep BuildArch: noarch %description Configuration files and manpages shared by tools that are based on the github.com/containers libraries, such as Buildah, CRI-O, Podman and Skopeo. %prep %setup -q -T -D -b 0 -n image-%{imagever} %setup -q -T -D -b 1 -n storage-%{storagever} %setup -q -T -D -b 7 -n podman-%{podmanver} %setup -q -T -D -b 9 -n common-%{commonver} # copy the LICENSE file in the build root cd .. cp %{SOURCE2} . %build cd .. pwd # compile containers/image manpages cd image-%{imagever} for md in docs/*.md do go-md2man -in $md -out $md done rename '.5.md' '.5' docs/* rename '.md' '.1' docs/* cd .. # compile containers/storage manpages cd storage-%{storagever} for md in docs/*.md do go-md2man -in $md -out $md done rename '.5.md' '.5' docs/* rename '.md' '.1' docs/* cd .. # compile subset of containers/podman manpages cd podman-%{podmanver} go-md2man -in docs/source/markdown/containers-mounts.conf.5.md -out docs/source/markdown/containers-mounts.conf.5 go-md2man -in pkg/hooks/docs/oci-hooks.5.md -out pkg/hooks/docs/oci-hooks.5 cd .. cd common-%{commonver} make docs cd .. %install cd .. install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers/oci/hooks.d install -d -m 0755 %{buildroot}/%{_datadir}/containers/oci/hooks.d install -d -m 0755 %{buildroot}/%{_sysconfdir}/containers/registries.d install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/containers/policy.json install -D -m 0644 %{SOURCE4} %{buildroot}/%{_sysconfdir}/containers/storage.conf install -D -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/containers/mounts.conf install -D -m 0644 %{SOURCE5} %{buildroot}/%{_sysconfdir}/containers/mounts.conf install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/containers/registries.conf install -D -m 0644 %{SOURCE8} %{buildroot}/%{_sysconfdir}/containers/registries.d/default.yaml sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %{SOURCE10} install -D -m 0644 %{SOURCE10} %{buildroot}/%{_datadir}/containers/containers.conf install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_datadir}/containers/seccomp.json install -D -m 0644 podman-%{podmanver}/seccomp.json %{buildroot}/%{_sysconfdir}/containers/seccomp.json install -d %{buildroot}/%{_mandir}/man1 install -d %{buildroot}/%{_mandir}/man5 install -D -m 0644 image-%{imagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/ install -D -m 0644 image-%{imagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/ install -D -m 0644 storage-%{storagever}/docs/*.1 %{buildroot}/%{_mandir}/man1/ install -D -m 0644 storage-%{storagever}/docs/*.5 %{buildroot}/%{_mandir}/man5/ install -D -m 0644 podman-%{podmanver}/pkg/hooks/docs/oci-hooks.5 %{buildroot}/%{_mandir}/man5/ install -D -m 0644 podman-%{podmanver}/docs/source/markdown/containers-mounts.conf.5 %{buildroot}/%{_mandir}/man5/ install -D -m 0644 common-%{commonver}/docs/containers.conf.5 %{buildroot}/%{_mandir}/man5/ %post # If installing, check if /var/lib/containers (or /var/lib in its defect) is btrfs and set driver # to "btrfs" if true if [ $1 -eq 1 ] ; then fstype=$((findmnt -o FSTYPE -l --target /var/lib/containers || findmnt -o FSTYPE -l --target /var/lib) | grep -v FSTYPE) if [ "$fstype" = "btrfs" ]; then sed -i 's/driver = ""/driver = "btrfs"/g' %{_sysconfdir}/containers/storage.conf fi fi %files %dir %{_sysconfdir}/containers %dir %{_sysconfdir}/containers/oci %dir %{_sysconfdir}/containers/oci/hooks.d %dir %{_sysconfdir}/containers/registries.d %dir %{_datadir}/containers %dir %{_datadir}/containers/oci %dir %{_datadir}/containers/oci/hooks.d %config(noreplace) %{_sysconfdir}/containers/policy.json %config(noreplace) %{_sysconfdir}/containers/storage.conf %config(noreplace) %{_sysconfdir}/containers/mounts.conf %{_datadir}/containers/mounts.conf %config(noreplace) %{_sysconfdir}/containers/registries.conf %config(noreplace) %{_sysconfdir}/containers/seccomp.json %config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml %{_datadir}/containers/seccomp.json %{_datadir}/containers/containers.conf %{_mandir}/man1/*.1%{?ext_man} %{_mandir}/man5/*.5%{?ext_man} %license LICENSE %changelog ++++++ LICENSE ++++++ Apache License Version 2.0, January 2004 https://www.apache.org/licenses/ TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION 1. Definitions. "License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this document. "Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License. "Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity. "You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License. "Source" form shall mean the preferred form for making modifications, including but not limited to software source code, documentation source, and configuration files. "Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not limited to compiled object code, generated documentation, and conversions to other media types. "Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below). "Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof. "Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a Contribution." "Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work. 2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form. 3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work shall terminate as of the date such litigation is filed. 4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without modifications, and in Source or Object form, provided that You meet the following conditions: (a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as modifying the License. You may add Your own copyright statement to Your modifications and may provide additional or different license terms and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License. 5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed with Licensor regarding such Contributions. 6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of the NOTICE file. 7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under this License. 8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor has been advised of the possibility of such damages. 9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability. END OF TERMS AND CONDITIONS Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. You may obtain a copy of the License at https://www.apache.org/licenses/LICENSE-2.0 Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific language governing permissions and limitations under the License. ++++++ _service ++++++ <services> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/containers/storage.git</param> <param name="scm">git</param> <param name="filename">storage</param> <param name="versionformat">1.20.2</param> <param name="revision">v1.20.2</param> </service> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/containers/image.git</param> <param name="scm">git</param> <param name="filename">image</param> <param name="versionformat">5.5.1</param> <param name="revision">v5.5.1</param> </service> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/containers/podman.git</param> <param name="scm">git</param> <param name="filename">podman</param> <param name="versionformat">2.0.3</param> <param name="revision">v2.0.3</param> </service> <service name="tar_scm" mode="disabled"> <param name="url">https://github.com/containers/common.git</param> <param name="scm">git</param> <param name="filename">common</param> <param name="versionformat">0.14.6</param> <param name="revision">v0.14.6</param> </service> <service name="recompress" mode="disabled"> <param name="file">*.tar</param> <param name="compression">xz</param> </service> </services> ++++++ containers.conf ++++++ # The containers configuration file specifies all of the available configuration # command-line options/flags for container engine tools like Podman & Buildah, # but in a TOML format that can be easily modified and versioned. # Please refer to containers.conf(5) for details of all configuration options. # Not all container engines implement all of the options. # All of the options have hard coded defaults and these options will override # the built in defaults. Users can then override these options via the command # line. Container engines will read containers.conf files in up to three # locations in the following order: # 1. /usr/share/containers/containers.conf # 2. /etc/containers/containers.conf # 3. $HOME/.config/containers/containers.conf (Rootless containers ONLY) # Items specified in the latter containers.conf, if they exist, override the # previous containers.conf settings, or the default settings. [containers] # List of devices. Specified as # "<device-on-host>:<device-on-container>:<permissions>", for example: # "/dev/sdc:/dev/xvdc:rwm". # If it is empty or commented out, only the default devices will be used # # devices = [] # List of volumes. Specified as # "<directory-on-host>:<directory-in-container>:<options>", for example: # "/db:/var/lib/db:ro". # If it is empty or commented out, no volumes will be added # # volumes = [] # Used to change the name of the default AppArmor profile of container engine. # # apparmor_profile = "container-default" # List of annotation. Specified as # "key=value" # If it is empty or commented out, no annotations will be added # # annotations = [] # Default way to to create a cgroup namespace for the container # Options are: # `private` Create private Cgroup Namespace for the container. # `host` Share host Cgroup Namespace with the container. # # cgroupns = "private" # Control container cgroup configuration # Determines whether the container will create CGroups. # Options are: # `enabled` Enable cgroup support within container # `disabled` Disable cgroup support, will inherit cgroups from parent # `no-conmon` Container engine runs run without conmon # # cgroups = "enabled" # List of default capabilities for containers. If it is empty or commented out, # the default capabilities defined in the container engine will be added. # # default_capabilities = [ # "AUDIT_WRITE", # "CHOWN", # "DAC_OVERRIDE", # "FOWNER", # "FSETID", # "KILL", # "MKNOD", # "NET_BIND_SERVICE", # "NET_RAW", # "SETGID", # "SETPCAP", # "SETUID", # "SYS_CHROOT", # ] # A list of sysctls to be set in containers by default, # specified as "name=value", # for example:"net.ipv4.ping_group_range = 0 1000". # # default_sysctls = [ # "net.ipv4.ping_group_range=0 1000", # ] # A list of ulimits to be set in containers by default, specified as # "<ulimit name>=<soft limit>:<hard limit>", for example: # "nofile=1024:2048" # See setrlimit(2) for a list of resource names. # Any limit not specified here will be inherited from the process launching the # container engine. # Ulimits has limits for non privileged container engines. # # default_ulimits = [ # "nofile"="1280:2560", # ] # List of default DNS options to be added to /etc/resolv.conf inside of the container. # # dns_options = [] # List of default DNS search domains to be added to /etc/resolv.conf inside of the container. # # dns_searches = [] # Set default DNS servers. # This option can be used to override the DNS configuration passed to the # container. The special value "none" can be specified to disable creation of # /etc/resolv.conf in the container. # The /etc/resolv.conf file in the image will be used without changes. # # dns_servers = [] # Environment variable list for the conmon process; used for passing necessary # environment variables to conmon or the runtime. # # env = [ # "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", # ] # Pass all host environment variables into the container. # # env_host = false # Path to OCI hooks directories for automatically executed hooks. # # hooks_dir = [ # "/usr/share/containers/oci/hooks.d", # ] # Default proxy environment variables passed into the container. # The environment variables passed in include: # http_proxy, https_proxy, ftp_proxy, no_proxy, and the upper case versions of # these. This option is needed when host system uses a proxy but container # should not use proxy. Proxy environment variables specified for the container # in any other way will override the values passed from the host. # # http_proxy = true # Run an init inside the container that forwards signals and reaps processes. # # init = false # Container init binary, if init=true, this is the init binary to be used for containers. # init_path = "/usr/bin/catatonit" # Default way to to create an IPC namespace (POSIX SysV IPC) for the container # Options are: # `private` Create private IPC Namespace for the container. # `host` Share host IPC Namespace with the container. # # ipcns = "private" # Flag tells container engine to whether to use container separation using # MAC(SELinux)labeling or not. # Flag is ignored on label disabled systems. # # label = true # Logging driver for the container. Available options: k8s-file and journald. # # log_driver = "k8s-file" # Maximum size allowed for the container log file. Negative numbers indicate # that no size limit is imposed. If positive, it must be >= 8192 to match or # exceed conmon's read buffer. The file is truncated and re-opened so the # limit is never exceeded. # # log_size_max = -1 # Default way to to create a Network namespace for the container # Options are: # `private` Create private Network Namespace for the container. # `host` Share host Network Namespace with the container. # `none` Containers do not use the network # # netns = "private" # Create /etc/hosts for the container. By default, container engine manage # /etc/hosts, automatically adding the container's own IP address. # # no_hosts = false # Maximum number of processes allowed in a container. # # pids_limit = 2048 # Default way to to create a PID namespace for the container # Options are: # `private` Create private PID Namespace for the container. # `host` Share host PID Namespace with the container. # # pidns = "private" # Path to the seccomp.json profile which is used as the default seccomp profile # for the runtime. # # seccomp_profile = "/usr/share/containers/seccomp.json" # Size of /dev/shm. Specified as <number><unit>. # Unit is optional, values: # b (bytes), k (kilobytes), m (megabytes), or g (gigabytes). # If the unit is omitted, the system uses bytes. # # shm_size = "65536k" # Set timezone in container. Takes IANA timezones as well as "local", # which sets the timezone in the container to match the host machine. # # tz = "" # Set umask inside the container # # umask="0022" # Default way to to create a UTS namespace for the container # Options are: # `private` Create private UTS Namespace for the container. # `host` Share host UTS Namespace with the container. # # utsns = "private" # Default way to to create a User namespace for the container # Options are: # `auto` Create unique User Namespace for the container. # `host` Share host User Namespace with the container. # # userns = "host" # Number of UIDs to allocate for the automatic container creation. # UIDs are allocated from the "container" UIDs listed in # /etc/subuid & /etc/subgid # # userns_size=65536 # The network table contains settings pertaining to the management of # CNI plugins. [network] # Path to directory where CNI plugin binaries are located. # cni_plugin_dirs = ["@LIBEXECDIR@/cni"] # Path to the directory where CNI configuration files are located. # # network_config_dir = "/etc/cni/net.d/" [engine] # Cgroup management implementation used for the runtime. # Valid options "systemd" or "cgroupfs" # # cgroup_manager = "systemd" # Environment variables to pass into conmon # # conmon_env_vars = [ # "PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" # ] # Paths to look for the conmon container manager binary # # conmon_path = [ # "/usr/libexec/podman/conmon", # "/usr/local/libexec/podman/conmon", # "/usr/local/lib/podman/conmon", # "/usr/bin/conmon", # "/usr/sbin/conmon", # "/usr/local/bin/conmon", # "/usr/local/sbin/conmon" # ] # Specify the keys sequence used to detach a container. # Format is a single character [a-Z] or a comma separated sequence of # `ctrl-<value>`, where `<value>` is one of: # `a-z`, `@`, `^`, `[`, `\`, `]`, `^` or `_` # # detach_keys = "ctrl-p,ctrl-q" # Determines whether engine will reserve ports on the host when they are # forwarded to containers. When enabled, when ports are forwarded to containers, # ports are held open by as long as the container is running, ensuring that # they cannot be reused by other programs on the host. However, this can cause # significant memory usage if a container has many ports forwarded to it. # Disabling this can save memory. # # enable_port_reservation = true # Environment variables to be used when running the container engine (e.g., Podman, Buildah). # For example "http_proxy=internal.proxy.company.com". # Note these environment variables will not be used within the container. # Set the env section under [containers] table, if you want to set environment variables for the container. # env = [] # Selects which logging mechanism to use for container engine events. # Valid values are `journald`, `file` and `none`. # # events_logger = "journald" # Default transport method for pulling and pushing for images # # image_default_transport = "docker://" # Default command to run the infra container # # infra_command = "/pause" # Infra (pause) container image name for pod infra containers. When running a # pod, we start a `pause` process in a container to hold open the namespaces # associated with the pod. This container does nothing other then sleep, # reserving the pods resources for the lifetime of the pod. # # infra_image = "k8s.gcr.io/pause:3.2" # Specify the locking mechanism to use; valid values are "shm" and "file". # Change the default only if you are sure of what you are doing, in general # "file" is useful only on platforms where cgo is not available for using the # faster "shm" lock type. You may need to run "podman system renumber" after # you change the lock type. # # lock_type** = "shm" # Default engine namespace # If engine is joined to a namespace, it will see only containers and pods # that were created in the same namespace, and will create new containers and # pods in that namespace. # The default namespace is "", which corresponds to no namespace. When no # namespace is set, all containers and pods are visible. # # namespace = "" # Whether to use chroot instead of pivot_root in the runtime # # no_pivot_root = false # Number of locks available for containers and pods. # If this is changed, a lock renumber must be performed (e.g. with the # 'podman system renumber' command). # # num_locks = 2048 # Whether to pull new image before running a container # pull_policy = "missing" # Directory for persistent engine files (database, etc) # By default, this will be configured relative to where the containers/storage # stores containers # Uncomment to change location from this default # # static_dir = "/var/lib/containers/storage/libpod" # Directory for temporary files. Must be tmpfs (wiped after reboot) # # tmp_dir = "/var/run/libpod" # Directory for libpod named volumes. # By default, this will be configured relative to where containers/storage # stores containers. # Uncomment to change location from this default. # # volume_path = "/var/lib/containers/storage/volumes" # Default OCI runtime # # runtime = "runc" # List of the OCI runtimes that support --format=json. When json is supported # engine will use it for reporting nicer errors. # # runtime_supports_json = ["crun", "runc", "kata"] # List of the OCI runtimes that supports running containers without cgroups. # # runtime_supports_nocgroups = ["crun"] # List of the OCI runtimes that supports running containers with KVM Separation. # # runtime_supports_kvm = ["kata"] # Number of seconds to wait for container to exit before sending kill signal. # stop_timeout = 10 # Index to the active service # active_service = production # map of service destinations # [service_destinations] # [service_destinations.production] # URI to access the Podman service # Examples: # rootless "unix://run/user/$UID/podman/podman.sock" (Default) # rootfull "unix://run/podman/podman.sock (Default) # remote rootless ssh://engineering.lab.company.com/run/user/1000/podman/podman.sock # remote rootfull ssh://root@10.10.1.136:22/run/podman/podman.sock # uri="ssh://u...@production.example.com/run/user/1001/podman/podman.sock" # Path to file containing ssh identity key # identity = "~/.ssh/id_rsa" # Paths to look for a valid OCI runtime (runc, runv, kata, etc) [engine.runtimes] # runc = [ # "/usr/bin/runc", # "/usr/sbin/runc", # "/usr/local/bin/runc", # "/usr/local/sbin/runc", # "/sbin/runc", # "/bin/runc", # "/usr/lib/cri-o-runc/sbin/runc", # ] # crun = [ # "/usr/bin/crun", # "/usr/sbin/crun", # "/usr/local/bin/crun", # "/usr/local/sbin/crun", # "/sbin/crun", # "/bin/crun", # "/run/current-system/sw/bin/crun", # ] # kata = [ # "/usr/bin/kata-runtime", # "/usr/sbin/kata-runtime", # "/usr/local/bin/kata-runtime", # "/usr/local/sbin/kata-runtime", # "/sbin/kata-runtime", # "/bin/kata-runtime", # "/usr/bin/kata-qemu", # "/usr/bin/kata-fc", # ] # The [engine.runtimes] table MUST be the last entry in this file. # (Unless another table is added) # TOML does not provide a way to end a table other than a further table being # defined, so every key hereafter will be part of [runtimes] and not the main # config. ++++++ default.yaml ++++++ # This is a default registries.d configuration file. You may # add to this file or create additional files in registries.d/. # # sigstore: indicates a location that is read and write # sigstore-staging: indicates a location that is only for write # # sigstore and sigstore-staging take a value of the following: # sigstore: {schema}://location # # For reading signatures, schema may be http, https, or file. # For writing signatures, schema may only be file. # This is the default signature write location for docker registries. default-docker: # sigstore: file:///var/lib/containers/sigstore sigstore-staging: file:///var/lib/containers/sigstore # The 'docker' indicator here is the start of the configuration # for docker registries. # # docker: # # privateregistry.com: # sigstore: http://privateregistry.com/sigstore/ # sigstore-staging: /mnt/nfs/privateregistry/sigstore ++++++ mounts.conf ++++++ # This configuration file specifies the default mounts for each container of the # tools adhering to this file (e.g., CRI-O, Podman, Buildah). The format of the # config is /SRC:/DST, one mount per line. /etc/SUSEConnect:/etc/SUSEConnect /etc/zypp/credentials.d/SCCcredentials:/etc/zypp/credentials.d/SCCcredentials ++++++ policy.json ++++++ { "default": [ { "type": "insecureAcceptAnything" } ], "transports": { "docker-daemon": { "": [{"type":"insecureAcceptAnything"}] } } } ++++++ registries.conf ++++++ # For more information on this configuration file, see containers-registries.conf(5). # # Registries to search for images that are not fully-qualified. # i.e. foobar.com/my_image:latest vs my_image:latest [registries.search] registries = ["registry.opensuse.org", "docker.io"] # Registries that do not use TLS when pulling images or uses self-signed # certificates. [registries.insecure] registries = [] # Blocked Registries, blocks the `docker daemon` from pulling from the blocked registry. If you specify # "*", then the docker daemon will only be allowed to pull from registries listed above in the search # registries. Blocked Registries is deprecated because other container runtimes and tools will not use it. # It is recommended that you use the trust policy file /etc/containers/policy.json to control which # registries you want to allow users to pull and push from. policy.json gives greater flexibility, and # supports all container runtimes and tools including the docker daemon, cri-o, buildah ... [registries.block] registries = [] ++++++ storage.conf ++++++ # This file is is the configuration file for all tools # that use the containers/storage library. # See man 5 containers-storage.conf for more information # The "container storage" table contains all of the server options. [storage] # Default Storage Driver driver = "" # Temporary storage location runroot = "/var/run/containers/storage" # Primary Read/Write location of container storage graphroot = "/var/lib/containers/storage" [storage.options] # Storage options to be passed to underlying storage drivers # AdditionalImageStores is used to pass paths to additional Read/Only image stores # Must be comma separated list. additionalimagestores = [ ] # Size is used to set a maximum size of the container image. Only supported by # certain container storage drivers. size = "" # Path to an helper program to use for mounting the file system instead of mounting it # directly. #mount_program = "/usr/bin/fuse-overlayfs" # OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version # override_kernel_check = "false" # mountopt specifies comma separated list of extra mount options # mountopt = "nodev" # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of # a container, to UIDs/GIDs as they should appear outside of the container, and # the length of the range of UIDs/GIDs. Additional mapped sets can be listed # and will be heeded by libraries, but there are limits to the number of # mappings which the kernel will allow when you later attempt to run a # container. # # remap-uids = 0:1668442479:65536 # remap-gids = 0:1668442479:65536 # Remap-User/Group is a name which can be used to look up one or more UID/GID # ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting # with an in-container ID of 0 and the a host-level ID taken from the lowest # range that matches the specified name, and using the length of that range. # Additional ranges are then assigned, using the ranges which specify the # lowest host-level IDs first, to the lowest not-yet-mapped container-level ID, # until all of the entries have been used for maps. # # remap-user = "storage" # remap-group = "storage" # If specified, use OSTree to deduplicate files with the overlay backend ostree_repo = "" # Set to skip a PRIVATE bind mount on the storage home directory. Only supported by # certain container storage drivers # skip_mount_home = "false" [storage.options.thinpool] # Storage Options for thinpool # autoextend_percent determines the amount by which pool needs to be # grown. This is specified in terms of % of pool size. So a value of 20 means # that when threshold is hit, pool will be grown by 20% of existing # pool size. # autoextend_percent = "20" # autoextend_threshold determines the pool extension threshold in terms # of percentage of pool size. For example, if threshold is 60, that means when # pool is 60% full, threshold has been hit. # autoextend_threshold = "80" # basesize specifies the size to use when creating the base device, which # limits the size of images and containers. # basesize = "10G" # blocksize specifies a custom blocksize to use for the thin pool. # blocksize="64k" # directlvm_device specifies a custom block storage device to use for the # thin pool. Required if you setup devicemapper. # directlvm_device = "" # directlvm_device_force wipes device even if device already has a filesystem. # directlvm_device_force = "True" # fs specifies the filesystem type to use for the base device. # fs="xfs" # log_level sets the log level of devicemapper. # 0: LogLevelSuppress 0 (Default) # 2: LogLevelFatal # 3: LogLevelErr # 4: LogLevelWarn # 5: LogLevelNotice # 6: LogLevelInfo # 7: LogLevelDebug # log_level = "7" # min_free_space specifies the min free space percent in a thin pool require for # new device creation to succeed. Valid values are from 0% - 99%. # Value 0% disables # min_free_space = "10%" # mkfsarg specifies extra mkfs arguments to be used when creating the base. # device. # mkfsarg = "" # use_deferred_removal marks devicemapper block device for deferred removal. # If the thinpool is in use when the driver attempts to remove it, the driver # tells the kernel to remove it as soon as possible. Note this does not free # up the disk space, use deferred deletion to fully remove the thinpool. # use_deferred_removal = "True" # use_deferred_deletion marks thinpool device for deferred deletion. # If the device is busy when the driver attempts to delete it, the driver # will attempt to delete device every 30 seconds until successful. # If the program using the driver exits, the driver will continue attempting # to cleanup the next time the driver is used. Deferred deletion permanently # deletes the device and all data stored in device will be lost. # use_deferred_deletion = "True" # xfs_nospace_max_retries specifies the maximum number of retries XFS should # attempt to complete IO when ENOSPC (no space) error is returned by # underlying storage device. # xfs_nospace_max_retries = "0"