Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package libcontainers-common for openSUSE:Factory checked in at 2024-06-27 15:57:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/libcontainers-common (Old) and /work/SRC/openSUSE:Factory/.libcontainers-common.new.18349 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Package is "libcontainers-common" Thu Jun 27 15:57:54 2024 rev:73 rq:1183279 version:20240618 Changes: -------- --- /work/SRC/openSUSE:Factory/libcontainers-common/libcontainers-common.changes 2024-06-21 16:02:38.820836465 +0200 +++ /work/SRC/openSUSE:Factory/.libcontainers-common.new.18349/libcontainers-common.changes 2024-06-27 15:57:59.878900572 +0200 @@ -1,0 +2,20 @@ +Mon Jun 24 13:32:55 UTC 2024 - Danish Prakash <danish.prakash@suse.com> + +- While migrating config files from /etc/containers/ to /usr/share/containers/, + preserve config files *if* modified by the user (fixes bsc#1226825). + +------------------------------------------------------------------- +Mon Jun 24 07:46:23 UTC 2024 - Dan Čermák <dcermak@suse.com> + +- update storage.conf & containers.conf to latest versions from upstream + + The only functional changes are in storage.conf: + * change storage.options.pull_options.enable_partial_images from false to true + * change storage.options.overlay.mount_options from `mountopt = + "nodev,metacopy=on"` to `mountopt = "nodev"` + +- add download_files service to fetch the latest config on `osc service mr` +- add storage-conf-prio-list.patch that modifies the upstream storage.conf to + add our storage driver priority list + +------------------------------------------------------------------- New: ---- storage-conf-prio-list.patch BETA DEBUG BEGIN: New:- add download_files service to fetch the latest config on `osc service mr` - add storage-conf-prio-list.patch that modifies the upstream storage.conf to add our storage driver priority list BETA DEBUG END: ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ libcontainers-common.spec ++++++ --- /var/tmp/diff_new_pack.L49bCt/_old 2024-06-27 15:58:02.971014498 +0200 +++ /var/tmp/diff_new_pack.L49bCt/_new 2024-06-27 15:58:02.971014498 +0200 @@ -38,8 +38,7 @@ Source2: LICENSE # https://raw.githubusercontent.com/containers/skopeo/main/default-policy.json Source3: https://raw.githubusercontent.com/containers/skopeo/v%{skopeover}/default-policy.json#./policy.json -# https://github.com/containers/storage/blob/main/storage.conf + custom changes -Source4: storage.conf +Source4: https://raw.githubusercontent.com/containers/storage/v%{storagever}/storage.conf # heavily modified version of https://github.com/containers/common/blob/main/pkg/subscriptions/mounts.conf Source5: mounts.conf # https://raw.githubusercontent.com/containers/image/main/registries.conf with our own registries inserted @@ -52,6 +51,8 @@ Source11: https://raw.githubusercontent.com/containers/shortnames/v%{shortnamesver}/shortnames.conf Source12: openSUSE-policy.json Patch100: 0001-containers.conf-SUSE-clear-cni-config-dir-for-ALP.patch +# Downstream patch to add the commented out storage driver priority list +Patch101: storage-conf-prio-list.patch BuildRequires: go-go-md2man Requires(post): %{_bindir}/sed # add SLE-specific mounts for only SLES systems @@ -126,6 +127,8 @@ %patch -P100 -p3 sed -e 's-@LIBEXECDIR@-%{_libexecdir}-g' -i %_builddir/containers.conf %endif +cp %{SOURCE4} . +%patch -P101 %setup -q -Tcq -b0 -b1 -b8 # copy the LICENSE file in the build root @@ -183,7 +186,7 @@ install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/containers/policy.json.default install -D -m 0644 %{SOURCE3} %{buildroot}/%{_sysconfdir}/containers/policy.json.openSUSE install -D -m 0644 %{SOURCE5} %{buildroot}/%{_datadir}/containers/mounts.conf -install -D -m 0644 %{SOURCE4} %{buildroot}/%{_datadir}/containers/storage.conf +install -D -m 0644 storage.conf %{buildroot}/%{_datadir}/containers/storage.conf install -D -m 0644 %{SOURCE11} %{buildroot}/%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf install -D -m 0644 %{SOURCE7} %{buildroot}/%{_sysconfdir}/containers/registries.d/default.yaml install -D -m 0644 %_builddir/containers.conf %{buildroot}/%{_datadir}/containers/containers.conf @@ -205,10 +208,20 @@ install -D -m 0644 %{SOURCE6} %{buildroot}/%{_sysconfdir}/containers/registries.conf.default install -D -m 0644 registries.conf.suse %{buildroot}/%{_sysconfdir}/containers/registries.conf.suse +%pre +for i in %{_sysconfdir}/containers/{mounts.conf,seccomp.json,storage.conf} ; do + test -f ${i}.rpmsave && mv -v ${i}.rpmsave ${i}.rpmsave.old ||: +done + %post # Comment out ostree_repo if it's blank [boo#1189893] if [ -f %{_sysconfdir}/containers/storage.conf ]; then sed -i 's/ostree_repo = ""/\#ostree_repo = ""/g' %{_sysconfdir}/containers/storage.conf; fi +%posttrans +for i in %{_sysconfdir}/containers/{mounts.conf,seccomp.json,storage.conf} ; do + test -f ${i}.rpmsave && mv -v ${i}.rpmsave ${i} ||: +done + %files %dir %{_sysconfdir}/containers %dir %{_sysconfdir}/containers/oci ++++++ _service ++++++ --- /var/tmp/diff_new_pack.L49bCt/_old 2024-06-27 15:58:03.059017740 +0200 +++ /var/tmp/diff_new_pack.L49bCt/_new 2024-06-27 15:58:03.099019214 +0200 @@ -1,4 +1,5 @@ <services> + <service name="download_files" mode="manual"/> <service name="tar_scm" mode="manual"> <param name="url">https://github.com/containers/storage.git</param> <param name="scm">git</param> ++++++ containers.conf ++++++ --- /var/tmp/diff_new_pack.L49bCt/_old 2024-06-27 15:58:03.179022162 +0200 +++ /var/tmp/diff_new_pack.L49bCt/_new 2024-06-27 15:58:03.183022309 +0200 @@ -350,9 +350,9 @@ # The firewall driver to be used by netavark. # The default is empty which means netavark will pick one accordingly. Current supported -# drivers are "iptables", "none" (no firewall rules will be created) and "firewalld" (firewalld is -# experimental at the moment and not recommend outside of testing). In the future we are -# planning to add support for a "nftables" driver. +# drivers are "iptables", "nftables", "none" (no firewall rules will be created) and "firewalld" (firewalld is +# experimental at the moment and not recommend outside of testing). +# #firewall_driver = "" @@ -529,6 +529,15 @@ # with detailed information about the container. #events_container_create_inspect_data = false +# Whenever Podman should log healthcheck events. +# With many running healthcheck on short interval Podman will spam the event +# log a lot as it generates a event for each single healthcheck run. Because +# this event is optional and only useful to external consumers that may want +# to know when a healthcheck is run or failed allow users to turn it off by +# setting it to false. The default is true. +# +#healthcheck_events = true + # A is a list of directories which are used to search for helper binaries. # #helper_binaries_dir = [ @@ -544,6 +553,12 @@ # "/usr/share/containers/oci/hooks.d", #] +# Directories to scan for CDI Spec files. +# +#cdi_spec_dirs = [ +# "/etc/cdi", +#] + # Manifest Type (oci, v2s2, or v2s1) to use when pulling, pushing, building # container images. By default image pulled and pushed match the format of the # source image. Building/committing defaults to OCI. @@ -744,9 +759,6 @@ # A value of 0 is treated as no timeout. #volume_plugin_timeout = 5 -# Default timeout in seconds for podmansh logins. -#podmansh_timeout = 30 - # Paths to look for a valid OCI runtime (crun, runc, kata, runsc, krun, etc) [engine.runtimes] #crun = [ @@ -875,3 +887,14 @@ # map of existing farms #[farms.list] +[podmansh] +# Shell to spawn in container. Default: /bin/sh. +#shell = "/bin/sh" +# +# Name of the container the podmansh user should join. +#container = "podmansh" +# +# Default timeout in seconds for podmansh logins. +# Favored over the deprecated "podmansh_timeout" field. +#timeout = 30 + ++++++ storage-conf-prio-list.patch ++++++ Index: storage.conf =================================================================== --- storage.conf (revision 47301679d738dc753ca159ab9b151da5) +++ storage.conf (working copy) @@ -19,6 +19,10 @@ # Temporary storage location runroot = "/run/containers/storage" +# Priority list for the storage drivers that will be tested one +# after the other to pick the storage driver if it is not defined. +# driver_priority = ["btrfs", "overlay"] + # Primary Read/Write location of container storage # When changing the graphroot location on an SELINUX system, you must # ensure the labeling matches the default locations labels with the ++++++ storage.conf ++++++ --- /var/tmp/diff_new_pack.L49bCt/_old 2024-06-27 15:58:03.343028205 +0200 +++ /var/tmp/diff_new_pack.L49bCt/_new 2024-06-27 15:58:03.347028352 +0200 @@ -19,10 +19,6 @@ # Temporary storage location runroot = "/run/containers/storage" -# Priority list for the storage drivers that will be tested one -# after the other to pick the storage driver if it is not defined. -# driver_priority = ["btrfs", "overlay"] - # Primary Read/Write location of container storage # When changing the graphroot location on an SELINUX system, you must # ensure the labeling matches the default locations labels with the @@ -31,6 +27,10 @@ # restorecon -R -v /NEWSTORAGEPATH graphroot = "/var/lib/containers/storage" +# Optional alternate location of image store if a location separate from the +# container store is required. If set, it must be different than graphroot. +# imagestore = "" + # Storage path for rootless users # @@ -38,6 +38,8 @@ # Transient store mode makes all container metadata be saved in temporary storage # (i.e. runroot above). This is faster, but doesn't persist across reboots. +# Additional garbage collection must also be performed at boot-time, so this +# option should remain disabled in most configurations. # transient_store = true [storage.options] @@ -68,7 +70,12 @@ # Tells containers/storage where an ostree repository exists that might have # previously pulled content which can be used when attempting to avoid # pulling content from the container registry -pull_options = {enable_partial_images = "false", use_hard_links = "false", ostree_repos=""} +# * convert_images = "false" | "true" +# If set to true, containers/storage will convert images to a +# format compatible with partial pulls in order to take advantage +# of local deduplication and hard linking. It is an expensive +# operation so it is not enabled by default. +pull_options = {enable_partial_images = "true", use_hard_links = "false", ostree_repos=""} # Remap-UIDs/GIDs is the mapping from UIDs/GIDs as they should appear inside of # a container, to the UIDs/GIDs as they should appear outside of the container, @@ -77,8 +84,8 @@ # mappings which the kernel will allow when you later attempt to run a # container. # -# remap-uids = 0:1668442479:65536 -# remap-gids = 0:1668442479:65536 +# remap-uids = "0:1668442479:65536" +# remap-gids = "0:1668442479:65536" # Remap-User/Group is a user name which can be used to look up one or more UID/GID # ranges in the /etc/subuid or /etc/subgid file. Mappings are set up starting @@ -86,7 +93,8 @@ # range that matches the specified name, and using the length of that range. # Additional ranges are then assigned, using the ranges which specify the # lowest host-level IDs first, to the lowest not-yet-mapped in-container ID, -# until all of the entries have been used for maps. +# until all of the entries have been used for maps. This setting overrides the +# Remap-UIDs/GIDs setting. # # remap-user = "containers" # remap-group = "containers" @@ -102,7 +110,7 @@ # Auto-userns-min-size is the minimum size for a user namespace created automatically. # auto-userns-min-size=1024 # -# Auto-userns-max-size is the minimum size for a user namespace created automatically. +# Auto-userns-max-size is the maximum size for a user namespace created automatically. # auto-userns-max-size=65536 [storage.options.overlay] @@ -122,11 +130,14 @@ #mount_program = "/usr/bin/fuse-overlayfs" # mountopt specifies comma separated list of extra mount options -mountopt = "nodev,metacopy=on" +mountopt = "nodev" # Set to skip a PRIVATE bind mount on the storage home directory. # skip_mount_home = "false" +# Set to use composefs to mount data layers with overlay. +# use_composefs = "false" + # Size is used to set a maximum size of the container image. # size = "" @@ -158,84 +169,8 @@ # future. When "force_mask" is set the original permission mask is stored in # the "user.containers.override_stat" xattr and the "mount_program" option must # be specified. Mount programs like "/usr/bin/fuse-overlayfs" present the -# extended attribute permissions to processes within containers rather then the +# extended attribute permissions to processes within containers rather than the # "force_mask" permissions. # # force_mask = "" -[storage.options.thinpool] -# Storage Options for thinpool - -# autoextend_percent determines the amount by which pool needs to be -# grown. This is specified in terms of % of pool size. So a value of 20 means -# that when threshold is hit, pool will be grown by 20% of existing -# pool size. -# autoextend_percent = "20" - -# autoextend_threshold determines the pool extension threshold in terms -# of percentage of pool size. For example, if threshold is 60, that means when -# pool is 60% full, threshold has been hit. -# autoextend_threshold = "80" - -# basesize specifies the size to use when creating the base device, which -# limits the size of images and containers. -# basesize = "10G" - -# blocksize specifies a custom blocksize to use for the thin pool. -# blocksize="64k" - -# directlvm_device specifies a custom block storage device to use for the -# thin pool. Required if you setup devicemapper. -# directlvm_device = "" - -# directlvm_device_force wipes device even if device already has a filesystem. -# directlvm_device_force = "True" - -# fs specifies the filesystem type to use for the base device. -# fs="xfs" - -# log_level sets the log level of devicemapper. -# 0: LogLevelSuppress 0 (Default) -# 2: LogLevelFatal -# 3: LogLevelErr -# 4: LogLevelWarn -# 5: LogLevelNotice -# 6: LogLevelInfo -# 7: LogLevelDebug -# log_level = "7" - -# min_free_space specifies the min free space percent in a thin pool require for -# new device creation to succeed. Valid values are from 0% - 99%. -# Value 0% disables -# min_free_space = "10%" - -# mkfsarg specifies extra mkfs arguments to be used when creating the base -# device. -# mkfsarg = "" - -# metadata_size is used to set the `pvcreate --metadatasize` options when -# creating thin devices. Default is 128k -# metadata_size = "" - -# Size is used to set a maximum size of the container image. -# size = "" - -# use_deferred_removal marks devicemapper block device for deferred removal. -# If the thinpool is in use when the driver attempts to remove it, the driver -# tells the kernel to remove it as soon as possible. Note this does not free -# up the disk space, use deferred deletion to fully remove the thinpool. -# use_deferred_removal = "True" - -# use_deferred_deletion marks thinpool device for deferred deletion. -# If the device is busy when the driver attempts to delete it, the driver -# will attempt to delete device every 30 seconds until successful. -# If the program using the driver exits, the driver will continue attempting -# to cleanup the next time the driver is used. Deferred deletion permanently -# deletes the device and all data stored in device will be lost. -# use_deferred_deletion = "True" - -# xfs_nospace_max_retries specifies the maximum number of retries XFS should -# attempt to complete IO when ENOSPC (no space) error is returned by -# underlying storage device. -# xfs_nospace_max_retries = "0" -