diff --git a/mounts.conf b/mounts.conf new file mode 100644 index 0000000..75d9c7f --- /dev/null +++ b/mounts.conf @@ -0,0 +1 @@ +/run/secrets diff --git a/registries.conf b/registries.conf new file mode 100644 index 0000000..73a9b20 --- /dev/null +++ b/registries.conf @@ -0,0 +1,8 @@ +[registries.search] +registries = ['docker.io'] + +[registries.insecure] +registries = [] + +[registries.block] +registries = [] diff --git a/seccomp.json b/seccomp.json new file mode 100644 index 0000000..fe9eda5 --- /dev/null +++ b/seccomp.json @@ -0,0 +1,773 @@ +{ + "defaultAction": "SCMP_ACT_ERRNO", + "archMap": [ + { + "architecture": "SCMP_ARCH_X86_64", + "subArchitectures": [ + "SCMP_ARCH_X86", + "SCMP_ARCH_X32" + ] + }, + { + "architecture": "SCMP_ARCH_AARCH64", + "subArchitectures": [ + "SCMP_ARCH_ARM" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPS64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPS", + "SCMP_ARCH_MIPS64" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64N32" + ] + }, + { + "architecture": "SCMP_ARCH_MIPSEL64N32", + "subArchitectures": [ + "SCMP_ARCH_MIPSEL", + "SCMP_ARCH_MIPSEL64" + ] + }, + { + "architecture": "SCMP_ARCH_S390X", + "subArchitectures": [ + "SCMP_ARCH_S390" + ] + } + ], + "syscalls": [ + { + "names": [ + "accept", + "accept4", + "access", + "adjtimex", + "alarm", + "bind", + "brk", + "capget", + "capset", + "chdir", + "chmod", + "chown", + "chown32", + "clock_getres", + "clock_gettime", + "clock_nanosleep", + "close", + "connect", + "copy_file_range", + "creat", + "dup", + "dup2", + "dup3", + "epoll_create", + "epoll_create1", + "epoll_ctl", + "epoll_ctl_old", + "epoll_pwait", + "epoll_wait", + "epoll_wait_old", + "eventfd", + "eventfd2", + "execve", + "execveat", + "exit", + "exit_group", + "faccessat", + "fadvise64", + "fadvise64_64", + "fallocate", + "fanotify_mark", + "fchdir", + "fchmod", + "fchmodat", + "fchown", + "fchown32", + "fchownat", + "fcntl", + "fcntl64", + "fdatasync", + "fgetxattr", + "flistxattr", + "flock", + "fork", + "fremovexattr", + "fsetxattr", + "fstat", + "fstat64", + "fstatat64", + "fstatfs", + "fstatfs64", + "fsync", + "ftruncate", + "ftruncate64", + "futex", + "futimesat", + "getcpu", + "getcwd", + "getdents", + "getdents64", + "getegid", + "getegid32", + "geteuid", + "geteuid32", + "getgid", + "getgid32", + "getgroups", + "getgroups32", + "getitimer", + "getpeername", + "getpgid", + "getpgrp", + "getpid", + "getppid", + "getpriority", + "getrandom", + "getresgid", + "getresgid32", + "getresuid", + "getresuid32", + "getrlimit", + "get_robust_list", + "getrusage", + "getsid", + "getsockname", + "getsockopt", + "get_thread_area", + "gettid", + "gettimeofday", + "getuid", + "getuid32", + "getxattr", + "inotify_add_watch", + "inotify_init", + "inotify_init1", + "inotify_rm_watch", + "io_cancel", + "ioctl", + "io_destroy", + "io_getevents", + "ioprio_get", + "ioprio_set", + "io_setup", + "io_submit", + "ipc", + "kill", + "lchown", + "lchown32", + "lgetxattr", + "link", + "linkat", + "listen", + "listxattr", + "llistxattr", + "_llseek", + "lremovexattr", + "lseek", + "lsetxattr", + "lstat", + "lstat64", + "madvise", + "memfd_create", + "mincore", + "mkdir", + "mkdirat", + "mknod", + "mknodat", + "mlock", + "mlock2", + "mlockall", + "mmap", + "mmap2", + "mprotect", + "mq_getsetattr", + "mq_notify", + "mq_open", + "mq_timedreceive", + "mq_timedsend", + "mq_unlink", + "mremap", + "msgctl", + "msgget", + "msgrcv", + "msgsnd", + "msync", + "munlock", + "munlockall", + "munmap", + "nanosleep", + "newfstatat", + "_newselect", + "open", + "openat", + "pause", + "pipe", + "pipe2", + "poll", + "ppoll", + "prctl", + "pread64", + "preadv", + "preadv2", + "prlimit64", + "pselect6", + "pwrite64", + "pwritev", + "pwritev2", + "read", + "readahead", + "readlink", + "readlinkat", + "readv", + "recv", + "recvfrom", + "recvmmsg", + "recvmsg", + "remap_file_pages", + "removexattr", + "rename", + "renameat", + "renameat2", + "restart_syscall", + "rmdir", + "rt_sigaction", + "rt_sigpending", + "rt_sigprocmask", + "rt_sigqueueinfo", + "rt_sigreturn", + "rt_sigsuspend", + "rt_sigtimedwait", + "rt_tgsigqueueinfo", + "sched_getaffinity", + "sched_getattr", + "sched_getparam", + "sched_get_priority_max", + "sched_get_priority_min", + "sched_getscheduler", + "sched_rr_get_interval", + "sched_setaffinity", + "sched_setattr", + "sched_setparam", + "sched_setscheduler", + "sched_yield", + "seccomp", + "select", + "semctl", + "semget", + "semop", + "semtimedop", + "send", + "sendfile", + "sendfile64", + "sendmmsg", + "sendmsg", + "sendto", + "setfsgid", + "setfsgid32", + "setfsuid", + "setfsuid32", + "setgid", + "setgid32", + "setgroups", + "setgroups32", + "setitimer", + "setpgid", + "setpriority", + "setregid", + "setregid32", + "setresgid", + "setresgid32", + "setresuid", + "setresuid32", + "setreuid", + "setreuid32", + "setrlimit", + "set_robust_list", + "setsid", + "setsockopt", + "set_thread_area", + "set_tid_address", + "setuid", + "setuid32", + "setxattr", + "shmat", + "shmctl", + "shmdt", + "shmget", + "shutdown", + "sigaltstack", + "signalfd", + "signalfd4", + "sigreturn", + "socket", + "socketcall", + "socketpair", + "splice", + "stat", + "stat64", + "statfs", + "statfs64", + "statx", + "symlink", + "symlinkat", + "sync", + "sync_file_range", + "syncfs", + "sysinfo", + "syslog", + "tee", + "tgkill", + "time", + "timer_create", + "timer_delete", + "timerfd_create", + "timerfd_gettime", + "timerfd_settime", + "timer_getoverrun", + "timer_gettime", + "timer_settime", + "times", + "tkill", + "truncate", + "truncate64", + "ugetrlimit", + "umask", + "uname", + "unlink", + "unlinkat", + "utime", + "utimensat", + "utimes", + "vfork", + "vmsplice", + "wait4", + "waitid", + "waitpid", + "write", + "writev", + "mount", + "umount2", + "reboot", + "name_to_handle_at", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 0, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 8, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 131072, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 131080, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "personality" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 4294967295, + "valueTwo": 0, + "op": "SCMP_CMP_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": {} + }, + { + "names": [ + "sync_file_range2" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "ppc64le" + ] + }, + "excludes": {} + }, + { + "names": [ + "arm_fadvise64_64", + "arm_sync_file_range", + "sync_file_range2", + "breakpoint", + "cacheflush", + "set_tls" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "arm", + "arm64" + ] + }, + "excludes": {} + }, + { + "names": [ + "arch_prctl" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32" + ] + }, + "excludes": {} + }, + { + "names": [ + "modify_ldt" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "amd64", + "x32", + "x86" + ] + }, + "excludes": {} + }, + { + "names": [ + "s390_pci_mmio_read", + "s390_pci_mmio_write", + "s390_runtime_instr" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": {} + }, + { + "names": [ + "open_by_handle_at" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_DAC_READ_SEARCH" + ] + }, + "excludes": {} + }, + { + "names": [ + "bpf", + "clone", + "fanotify_init", + "lookup_dcookie", + "mount", + "name_to_handle_at", + "perf_event_open", + "quotactl", + "setdomainname", + "sethostname", + "setns", + "umount", + "umount2", + "unshare" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + }, + "excludes": {} + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 0, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "", + "includes": {}, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ], + "arches": [ + "s390", + "s390x" + ] + } + }, + { + "names": [ + "clone" + ], + "action": "SCMP_ACT_ALLOW", + "args": [ + { + "index": 1, + "value": 2080505856, + "valueTwo": 0, + "op": "SCMP_CMP_MASKED_EQ" + } + ], + "comment": "s390 parameter ordering for clone is different", + "includes": { + "arches": [ + "s390", + "s390x" + ] + }, + "excludes": { + "caps": [ + "CAP_SYS_ADMIN" + ] + } + }, + { + "names": [ + "reboot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_BOOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "chroot" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_CHROOT" + ] + }, + "excludes": {} + }, + { + "names": [ + "delete_module", + "init_module", + "finit_module", + "query_module" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_MODULE" + ] + }, + "excludes": {} + }, + { + "names": [ + "get_mempolicy", + "mbind", + "name_to_handle_at", + "set_mempolicy" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_NICE" + ] + }, + "excludes": {} + }, + { + "names": [ + "acct" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PACCT" + ] + }, + "excludes": {} + }, + { + "names": [ + "kcmp", + "process_vm_readv", + "process_vm_writev", + "ptrace" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_PTRACE" + ] + }, + "excludes": {} + }, + { + "names": [ + "iopl", + "ioperm" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_RAWIO" + ] + }, + "excludes": {} + }, + { + "names": [ + "settimeofday", + "stime", + "clock_settime" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TIME" + ] + }, + "excludes": {} + }, + { + "names": [ + "vhangup" + ], + "action": "SCMP_ACT_ALLOW", + "args": [], + "comment": "", + "includes": { + "caps": [ + "CAP_SYS_TTY_CONFIG" + ] + }, + "excludes": {} + } + ] +} diff --git a/skopeo-e814f96.tar.gz b/skopeo-e814f96.tar.gz new file mode 100644 index 0000000..bdd9336 Binary files /dev/null and b/skopeo-e814f96.tar.gz differ diff --git a/skopeo.spec b/skopeo.spec new file mode 100644 index 0000000..7dba15e --- /dev/null +++ b/skopeo.spec @@ -0,0 +1,344 @@ +%global with_devel 0 +%global with_bundled 1 +%global with_unit_test 0 +%global with_check 0 + +%global with_debug 0 + +%if 0%{?with_debug} +%global _find_debuginfo_dwz_opts %{nil} +%global _dwz_low_mem_die_limit 0 +%else +%global debug_package %{nil} +%endif + +%global provider github +%global provider_tld com +%global project projectatomic +%global repo skopeo +# https://github.com/containers/skopeo +%global provider_prefix %{provider}.%{provider_tld}/%{project}/%{repo} +%global import_path %{provider_prefix} +%global git0 https://%{import_path} +%global commit0 e814f9605abe05a99b692225d458968a796d2843 +%global shortcommit0 %(c=%{commit0}; echo ${c:0:7}) + +%define epoch 1 + +ExcludeArch: ppc64 + +Name: %{repo} +Epoch: 1 +Version: 0.1.32 +Release: 2.dev.git%{shortcommit0} +Summary: Work with remote images registries - retrieving information, images, signing content +License: ASL 2.0 +URL: %{git0} +Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz +Source1: storage.conf +Source2: mounts.conf +Source3: registries.conf +Source4: seccomp.json + +BuildRequires: go-srpm-macros compiler(go-compiler) git pkgconfig(devmapper) make +# If go_compiler is not set to 1, there is no virtual provide. Use golang instead. +BuildRequires: %{?go_compiler:compiler(go-compiler)}%{!?go_compiler:golang} +BuildRequires: golang-github-cpuguy83-go-md2man +BuildRequires: gpgme-devel libassuan-devel btrfs-progs-devel ostree-devel glib2-devel +Requires: containers-common = %{epoch}:%{version}-%{release} + +Provides: bundled(golang(github.com/beorn7/perks)) = 4c0e84591b9aa9e6dcfdf3e020114cd81f89d5f9 +Provides: bundled(golang(github.com/BurntSushi/toml)) = master +Provides: bundled(golang(github.com/containerd/continuity)) = d8fb8589b0e8e85b8c8bbaa8840226d0dfeb7371 +Provides: bundled(golang(github.com/containers/image)) = master +Provides: bundled(golang(github.com/containers/storage)) = master +Provides: bundled(golang(github.com/davecgh/go-spew)) = master +Provides: bundled(golang(github.com/docker/distribution)) = master +Provides: bundled(golang(github.com/docker/docker-credential-helpers)) = d68f9aeca33f5fd3f08eeae5e9d175edf4e731d1 +Provides: bundled(golang(github.com/docker/docker)) = da99009bbb1165d1ac5688b5c81d2f589d418341 +Provides: bundled(golang(github.com/docker/go-connections)) = 7beb39f0b969b075d1325fecb092faf27fd357b6 +Provides: bundled(golang(github.com/docker/go-metrics)) = 399ea8c73916000c64c2c76e8da00ca82f8387ab +Provides: bundled(golang(github.com/docker/go-units)) = 8a7beacffa3009a9ac66bad506b18ffdd110cf97 +Provides: bundled(golang(github.com/docker/libtrust)) = master +Provides: bundled(golang(github.com/ghodss/yaml)) = 73d445a93680fa1a78ae23a5839bad48f32ba1ee +Provides: bundled(golang(github.com/go-check/check)) = v1 +Provides: bundled(golang(github.com/gogo/protobuf)) = fcdc5011193ff531a548e9b0301828d5a5b97fd8 +Provides: bundled(golang(github.com/golang/glog)) = 44145f04b68cf362d9c4df2182967c2275eaefed +Provides: bundled(golang(github.com/golang/protobuf)) = 8d92cf5fc15a4382f8964b08e1f42a75c0591aa3 +Provides: bundled(golang(github.com/gorilla/context)) = 14f550f51a +Provides: bundled(golang(github.com/gorilla/mux)) = e444e69cbd +Provides: bundled(golang(github.com/imdario/mergo)) = 6633656539c1639d9d78127b7d47c622b5d7b6dc +Provides: bundled(golang(github.com/kr/pretty)) = v0.1.0 +Provides: bundled(golang(github.com/kr/text)) = v0.1.0 +Provides: bundled(golang(github.com/matttproud/golang_protobuf_extensions)) = c12348ce28de40eed0136aa2b644d0ee0650e56c +Provides: bundled(golang(github.com/mistifyio/go-zfs)) = 22c9b32c84eb0d0c6f4043b6e90fc94073de92fa +Provides: bundled(golang(github.com/mtrmac/gpgme)) = master +Provides: bundled(golang(github.com/opencontainers/go-digest)) = master +Provides: bundled(golang(github.com/opencontainers/image-spec)) = 149252121d044fddff670adcdc67f33148e16226 +Provides: bundled(golang(github.com/opencontainers/image-tools)) = 6d941547fa1df31900990b3fb47ec2468c9c6469 +Provides: bundled(golang(github.com/opencontainers/runc)) = master +Provides: bundled(golang(github.com/opencontainers/runtime-spec)) = v1.0.0 +Provides: bundled(golang(github.com/opencontainers/selinux)) = master +Provides: bundled(golang(github.com/ostreedev/ostree-go)) = aeb02c6b6aa2889db3ef62f7855650755befd460 +Provides: bundled(golang(github.com/pborman/uuid)) = v1.0 +Provides: bundled(golang(github.com/pkg/errors)) = master +Provides: bundled(golang(github.com/pmezard/go-difflib)) = master +Provides: bundled(golang(github.com/pquerna/ffjson)) = d49c2bc1aa135aad0c6f4fc2056623ec78f5d5ac +Provides: bundled(golang(github.com/prometheus/client_golang)) = c332b6f63c0658a65eca15c0e5247ded801cf564 +Provides: bundled(golang(github.com/prometheus/client_model)) = 99fa1f4be8e564e8a6b613da7fa6f46c9edafc6c +Provides: bundled(golang(github.com/prometheus/common)) = 89604d197083d4781071d3c65855d24ecfb0a563 +Provides: bundled(golang(github.com/prometheus/procfs)) = cb4147076ac75738c9a7d279075a253c0cc5acbd +Provides: bundled(golang(github.com/sirupsen/logrus)) = v1.0.0 +Provides: bundled(golang(github.com/stretchr/testify)) = v1.1.3 +Provides: bundled(golang(github.com/syndtr/gocapability)) = master +Provides: bundled(golang(github.com/tchap/go-patricia)) = v2.2.6 +Provides: bundled(golang(github.com/ulikunitz/xz)) = v0.5.4 +Provides: bundled(golang(github.com/urfave/cli)) = v1.17.0 +Provides: bundled(golang(github.com/vbatts/tar-split)) = v0.10.2 +Provides: bundled(golang(github.com/xeipuuv/gojsonpointer)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonreference)) = master +Provides: bundled(golang(github.com/xeipuuv/gojsonschema)) = master +Provides: bundled(golang(go4.org)) = master +Provides: bundled(golang(golang.org/x/crypto)) = master +Provides: bundled(golang(golang.org/x/net)) = master +Provides: bundled(golang(golang.org/x/sys)) = master +Provides: bundled(golang(golang.org/x/text)) = master +Provides: bundled(golang(gopkg.in/cheggaaa/pb.v1)) = ad4efe000aa550bb54918c06ebbadc0ff17687b9 +Provides: bundled(golang(gopkg.in/yaml.v2)) = d466437aa4adc35830964cffc5b5f262c63ddcb4 +Provides: bundled(golang(k8s.io/client-go)) = master + +%description +A command line utility that performs various operations on container images and image repositories + +%if 0%{?with_devel} +%package devel +Summary: %{summary} +BuildArch: noarch + +%if 0%{?with_check} && ! 0%{?with_bundled} +BuildRequires: golang(github.com/Azure/go-ansiterm/winterm) +BuildRequires: golang(github.com/Sirupsen/logrus) +BuildRequires: golang(github.com/docker/distribution) +BuildRequires: golang(github.com/docker/distribution/context) +BuildRequires: golang(github.com/docker/distribution/digest) +BuildRequires: golang(github.com/docker/distribution/manifest) +BuildRequires: golang(github.com/docker/distribution/manifest/manifestlist) +BuildRequires: golang(github.com/docker/distribution/manifest/schema1) +BuildRequires: golang(github.com/docker/distribution/manifest/schema2) +BuildRequires: golang(github.com/docker/distribution/reference) +BuildRequires: golang(github.com/docker/distribution/registry/api/errcode) +BuildRequires: golang(github.com/docker/distribution/registry/api/v2) +BuildRequires: golang(github.com/docker/distribution/registry/client) +BuildRequires: golang(github.com/docker/distribution/registry/client/auth) +BuildRequires: golang(github.com/docker/distribution/registry/client/transport) +BuildRequires: golang(github.com/docker/distribution/registry/storage/cache) +BuildRequires: golang(github.com/docker/distribution/registry/storage/cache/memory) +BuildRequires: golang(github.com/docker/distribution/uuid) +BuildRequires: golang(github.com/docker/docker/api) +BuildRequires: golang(github.com/docker/docker/daemon/graphdriver) +BuildRequires: golang(github.com/docker/docker/distribution/metadata) +BuildRequires: golang(github.com/docker/docker/distribution/xfer) +BuildRequires: golang(github.com/docker/docker/dockerversion) +BuildRequires: golang(github.com/docker/docker/image) +BuildRequires: golang(github.com/docker/docker/image/v1) +BuildRequires: golang(github.com/docker/docker/layer) +BuildRequires: golang(github.com/docker/docker/opts) +BuildRequires: golang(github.com/docker/docker/pkg/archive) +BuildRequires: golang(github.com/docker/docker/pkg/chrootarchive) +BuildRequires: golang(github.com/docker/docker/pkg/fileutils) +BuildRequires: golang(github.com/docker/docker/pkg/homedir) +BuildRequires: golang(github.com/docker/docker/pkg/httputils) +BuildRequires: golang(github.com/docker/docker/pkg/idtools) +BuildRequires: golang(github.com/docker/docker/pkg/ioutils) +BuildRequires: golang(github.com/docker/docker/pkg/jsonlog) +BuildRequires: golang(github.com/docker/docker/pkg/jsonmessage) +BuildRequires: golang(github.com/docker/docker/pkg/longpath) +BuildRequires: golang(github.com/docker/docker/pkg/mflag) +BuildRequires: golang(github.com/docker/docker/pkg/parsers/kernel) +BuildRequires: golang(github.com/docker/docker/pkg/plugins) +BuildRequires: golang(github.com/docker/docker/pkg/pools) +BuildRequires: golang(github.com/docker/docker/pkg/progress) +BuildRequires: golang(github.com/docker/docker/pkg/promise) +BuildRequires: golang(github.com/docker/docker/pkg/random) +BuildRequires: golang(github.com/docker/docker/pkg/reexec) +BuildRequires: golang(github.com/docker/docker/pkg/stringid) +BuildRequires: golang(github.com/docker/docker/pkg/system) +BuildRequires: golang(github.com/docker/docker/pkg/tarsum) +BuildRequires: golang(github.com/docker/docker/pkg/term) +BuildRequires: golang(github.com/docker/docker/pkg/term/windows) +BuildRequires: golang(github.com/docker/docker/pkg/useragent) +BuildRequires: golang(github.com/docker/docker/pkg/version) +BuildRequires: golang(github.com/docker/docker/reference) +BuildRequires: golang(github.com/docker/docker/registry) +BuildRequires: golang(github.com/docker/engine-api/types) +BuildRequires: golang(github.com/docker/engine-api/types/blkiodev) +BuildRequires: golang(github.com/docker/engine-api/types/container) +BuildRequires: golang(github.com/docker/engine-api/types/filters) +BuildRequires: golang(github.com/docker/engine-api/types/image) +BuildRequires: golang(github.com/docker/engine-api/types/network) +BuildRequires: golang(github.com/docker/engine-api/types/registry) +BuildRequires: golang(github.com/docker/engine-api/types/strslice) +BuildRequires: golang(github.com/docker/go-connections/nat) +BuildRequires: golang(github.com/docker/go-connections/tlsconfig) +BuildRequires: golang(github.com/docker/go-units) +BuildRequires: golang(github.com/docker/libtrust) +BuildRequires: golang(github.com/gorilla/context) +BuildRequires: golang(github.com/gorilla/mux) +BuildRequires: golang(github.com/opencontainers/runc/libcontainer/user) +BuildRequires: golang(github.com/vbatts/tar-split/archive/tar) +BuildRequires: golang(github.com/vbatts/tar-split/tar/asm) +BuildRequires: golang(github.com/vbatts/tar-split/tar/storage) +BuildRequires: golang(golang.org/x/net/context) +%endif + +%description devel +%{summary} + +This package contains library source intended for +building other packages which use import path with +%{import_path} prefix. +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%package unit-test-devel +Summary: Unit tests for %{name} package +%if 0%{?with_check} +#Here comes all BuildRequires: PACKAGE the unit tests +#in %%check section need for running +%endif + +# test subpackage tests code from devel subpackage +Requires: %{name}-devel = %{version}-%{release} + +%description unit-test-devel +%{summary} + +This package contains unit tests for project +providing packages with %{import_path} prefix. +%endif + +%package -n containers-common +Summary: Configuration files for working with image signatures +Obsoletes: atomic <= 1.13.1-2 +Conflicts: atomic-registries <= 1.22.1-1 +Obsoletes: docker-rhsubscription <= 2:1.13.1-31 +Provides: %{name}-containers = %{version}-%{release} +Obsoletes: %{name}-containers <= 0.1.31-2 + +%description -n containers-common +This package installs a default signature store configuration and a default +policy under `/etc/containers/`. + +%prep +%autosetup -Sgit -n %{name}-%{commit0} + +%build +mkdir -p src/github.com/projectatomic +ln -s ../../../ src/%{import_path} + +mkdir -p vendor/src +for v in vendor/*; do + if test ${v} = vendor/src; then continue; fi + if test -d ${v}; then + mv ${v} vendor/src/ + fi +done + +%if ! 0%{?with_bundled} +rm -rf vendor/ +export GOPATH=$(pwd):%{gopath} +%else +export GOPATH=$(pwd):$(pwd)/vendor:%{gopath} +%endif + +%gobuild -o %{name} ./cmd/%{name} +%{__make} docs + +%install +make DESTDIR=%{buildroot} install +mkdir -p %{buildroot}%{_sysconfdir} +install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf +install -p -m 644 %{SOURCE3} %{buildroot}%{_sysconfdir}/containers/ + +mkdir -p %{buildroot}%{_datadir}/containers +install -m0644 %{SOURCE2} %{buildroot}%{_datadir}/containers/mounts.conf +install -m0644 %{SOURCE4} %{buildroot}%{_datadir}/containers/seccomp.json + +# source codes for building projects +%if 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ +echo "%%dir %%{gopath}/src/%%{import_path}/." >> devel.file-list +# find all *.go but no *_test.go files and generate devel.file-list +for file in $(find . -iname "*.go" \! -iname "*_test.go" | grep -v "./vendor") ; do + echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> devel.file-list +done +%endif + +# testing files for this project +%if 0%{?with_unit_test} && 0%{?with_devel} +install -d -p %{buildroot}/%{gopath}/src/%{import_path}/ +# find all *_test.go files and generate unit-test.file-list +for file in $(find . -iname "*_test.go" | grep -v "./vendor"); do + echo "%%dir %%{gopath}/src/%%{import_path}/$(dirname $file)" >> devel.file-list + install -d -p %{buildroot}/%{gopath}/src/%{import_path}/$(dirname $file) + cp -pav $file %{buildroot}/%{gopath}/src/%{import_path}/$file + echo "%%{gopath}/src/%%{import_path}/$file" >> unit-test-devel.file-list +done +%endif + +%if 0%{?with_devel} +sort -u -o devel.file-list devel.file-list +%endif + +%check +%if 0%{?with_check} && 0%{?with_unit_test} && 0%{?with_devel} +%if ! 0%{?with_bundled} +export GOPATH=%{buildroot}/%{gopath}:%{gopath} +%else +export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath} +%endif + +%gotest %{import_path}/integration +%endif + +#define license tag if not already defined +%{!?_licensedir:%global license %doc} + +%if 0%{?with_devel} +%files devel -f devel.file-list +%license LICENSE +%doc README.md +%dir %{gopath}/src/%{provider}.%{provider_tld}/%{project} +%endif + +%if 0%{?with_unit_test} && 0%{?with_devel} +%files unit-test-devel -f unit-test-devel.file-list +%license LICENSE +%doc README.md +%endif + +%files -n containers-common +%dir %{_sysconfdir}/containers +%dir %{_sysconfdir}/containers/registries.d +%config(noreplace) %{_sysconfdir}/containers/policy.json +%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml +%config(noreplace) %{_sysconfdir}/containers/storage.conf +%config(noreplace) %{_sysconfdir}/containers/registries.conf +%dir %{_sharedstatedir}/atomic/sigstore +%dir %{_datadir}/containers +%{_datadir}/containers/mounts.conf +%{_datadir}/containers/seccomp.json + +%files +%license LICENSE +%doc README.md +%{_bindir}/%{name} +%{_mandir}/man1/%{name}.1* +%dir %{_datadir}/bash-completion +%dir %{_datadir}/bash-completion/completions +%{_datadir}/bash-completion/completions/%{name} + +%changelog diff --git a/storage.conf b/storage.conf new file mode 100644 index 0000000..818cfe8 --- /dev/null +++ b/storage.conf @@ -0,0 +1,133 @@ +# This file is is the configuration file for all tools +# that use the containers/storage library. +# See man 5 containers-storage.conf for more information +# The "container storage" table contains all of the server options. +[storage] + +# Default Storage Driver +driver = "overlay" + +# Temporary storage location +runroot = "/var/run/containers/storage" + +# Primary Read/Write location of container storage +graphroot = "/var/lib/containers/storage" + +[storage.options] +# Storage options to be passed to underlying storage drivers + +# AdditionalImageStores is used to pass paths to additional Read/Only image stores +# Must be comma separated list. +additionalimagestores = [ +] + +# Size is used to set a maximum size of the container image. Only supported by +# certain container storage drivers. +size = "" + +# Path to an helper program to use for mounting the file system instead of mounting it +# directly. +#mount_program = "/usr/bin/fuse-overlayfs" + +# OverrideKernelCheck tells the driver to ignore kernel checks based on kernel version +override_kernel_check = "true" + +# mountopt specifies comma separated list of extra mount options +mountopt = "nodev" + +# Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of +# a container, to UIDs/GIDs as they should appear outside of the container, and +# the length of the range of UIDs/GIDs. Additional mapped sets can be listed +# and will be heeded by libraries, but there are limits to the number of +# mappings which the kernel will allow when you later attempt to run a +# container. +# +# remap-uids = 0:1668442479:65536 +# remap-gids = 0:1668442479:65536 + +# Remap-User/Group is a name which can be used to look up one or more UID/GID +# ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting +# with an in-container ID of 0 and the a host-level ID taken from the lowest +# range that matches the specified name, and using the length of that range. +# Additional ranges are then assigned, using the ranges which specify the +# lowest host-level IDs first, to the lowest not-yet-mapped container-level ID, +# until all of the entries have been used for maps. +# +# remap-user = "storage" +# remap-group = "storage" + +[storage.options.thinpool] +# Storage Options for thinpool + +# autoextend_percent determines the amount by which pool needs to be +# grown. This is specified in terms of % of pool size. So a value of 20 means +# that when threshold is hit, pool will be grown by 20% of existing +# pool size. +# autoextend_percent = "20" + +# autoextend_threshold determines the pool extension threshold in terms +# of percentage of pool size. For example, if threshold is 60, that means when +# pool is 60% full, threshold has been hit. +# autoextend_threshold = "80" + +# basesize specifies the size to use when creating the base device, which +# limits the size of images and containers. +# basesize = "10G" + +# blocksize specifies a custom blocksize to use for the thin pool. +# blocksize="64k" + +# directlvm_device specifies a custom block storage device to use for the +# thin pool. Required if you setup devicemapper. +# directlvm_device = "" + +# directlvm_device_force wipes device even if device already has a filesystem. +# directlvm_device_force = "True" + +# fs specifies the filesystem type to use for the base device. +# fs="xfs" + +# log_level sets the log level of devicemapper. +# 0: LogLevelSuppress 0 (Default) +# 2: LogLevelFatal +# 3: LogLevelErr +# 4: LogLevelWarn +# 5: LogLevelNotice +# 6: LogLevelInfo +# 7: LogLevelDebug +# log_level = "7" + +# min_free_space specifies the min free space percent in a thin pool require for +# new device creation to succeed. Valid values are from 0% - 99%. +# Value 0% disables +# min_free_space = "10%" + +# mkfsarg specifies extra mkfs arguments to be used when creating the base. +# device. +# mkfsarg = "" + +# use_deferred_removal marks devicemapper block device for deferred removal. +# If the thinpool is in use when the driver attempts to remove it, the driver +# tells the kernel to remove it as soon as possible. Note this does not free +# up the disk space, use deferred deletion to fully remove the thinpool. +# use_deferred_removal = "True" + +# use_deferred_deletion marks thinpool device for deferred deletion. +# If the device is busy when the driver attempts to delete it, the driver +# will attempt to delete device every 30 seconds until successful. +# If the program using the driver exits, the driver will continue attempting +# to cleanup the next time the driver is used. Deferred deletion permanently +# deletes the device and all data stored in device will be lost. +# use_deferred_deletion = "True" + +# xfs_nospace_max_retries specifies the maximum number of retries XFS should +# attempt to complete IO when ENOSPC (no space) error is returned by +# underlying storage device. +# xfs_nospace_max_retries = "0" + +# If specified, use OSTree to deduplicate files with the overlay backend +ostree_repo = "" + +# Set to skip a PRIVATE bind mount on the storage home directory. Only supported by +# certain container storage drivers +skip_mount_home = "false"