Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Moving default-policy.json and default.yaml to containers/image #2173

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Moving default-policy.json and default.yaml to containers/image #2173

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .cirrus.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,7 +71,7 @@
"${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" build
"${SKOPEO_PATH}/${SCRIPT_BASE}/runner.sh" doccheck

osx_task:

Check warning on line 74 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L74 

task "osx" depends on task "validate", but their only_if conditions are different
# Don't run for docs-only builds.
# Also don't run on release-branches or their PRs,
# since base container-image is not version-constrained.
Expand Down Expand Up @@ -110,7 +110,7 @@
task_cleanup_script: *mac_cleanup


cross_task:

Check warning on line 113 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L113 

task "cross" depends on task "validate", but their only_if conditions are different
alias: cross
only_if: >-
$CIRRUS_CHANGE_TITLE !=~ '.*CI:DOCS.*'
Expand All @@ -133,7 +133,7 @@
"${GOSRC}/${SCRIPT_BASE}/runner.sh" cross


ostree-rs-ext_task:

Check warning on line 136 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L136 

task "ostree-rs-ext" depends on task "validate", but their only_if conditions are different
alias: proxy_ostree_ext
only_if: *not_docs_or_release_branch
# WARNING: This task potentially performs a container image
Expand All @@ -160,6 +160,7 @@
- dnf builddep -y skopeo
- make
- make install
- echo '{"default":[{"type":"insecureAcceptAnything"}],"transports":{"docker-daemon":{"":[{"type":"insecureAcceptAnything"}]}}}' > /etc/containers/policy.json
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • I’m afraid this is failing
  • I’m tempted to say that this should do the same thing we are asking other users to do. I.e. if users are expected to install the files from the c/image repo, this should also go through the troubler of installing the files from the c/image repo.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more. 

* I’m tempted to say that this should do the same thing we are asking other users to do. I.e. if users are expected to install the files from the c/image repo, this should also go through the troubler of installing the files from the c/image repo.

I agree. I just don't know how to handle cirrus stuff. It's up to you to properly fix it.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It is… just a shell script?

… Uh. The one thing we might need to provide some guidance on is to figure out which c/image version to use. ~Luckily the data is available in go.mod, but turning that into a git command is a bit cumbersome.

@lsm5 @jnovy @rhatdan What do we do for Podman users who build from source, and need containers.conf from c/common? It seems to be either “nothing and let them figure it out” or “install a previous packaged of containers-common and hope the files match”, is there something I’m missing?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nothing but let them figure it out. Luckily Podman runs fine with no containers.conf and we encourage distributions to comment out containers.conf to be used information purposes only, IE Document the default in the system file, and allow admin and users to customize individual fields.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I’m afraid policy.json is mandatory. Oh well… I’m always happy to recommend using packaged versions :)

proxy_ostree_ext_build_script:
- git clone --depth 1 $EXT_REPO $EXT_REPO_HOME
- cd $EXT_REPO_HOME
Expand All @@ -174,7 +175,7 @@
##### repository's `.cirrus.yml`. Changes made here should be fully merged
##### prior to being manually duplicated and maintained in containers/image.
#####
test_skopeo_task:

Check warning on line 178 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L178 

task "Skopeo Test" depends on task "validate", but their only_if conditions are different

Check warning on line 178 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L178 

task "Skopeo Test w/ opengpg" depends on task "validate", but their only_if conditions are different
alias: test_skopeo
# Don't test for [CI:DOCS], [CI:BUILD].
only_if: >-
Expand Down Expand Up @@ -239,7 +240,7 @@
# Status aggregator for all tests. This task simply ensures a defined
# set of tasks all passed, and allows confirming that based on the status
# of this task.
success_task:

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "validate", but their only_if conditions are different

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "doccheck", but their only_if conditions are different

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "osx", but their only_if conditions are different

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "cross", but their only_if conditions are different

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "ostree-rs-ext", but their only_if conditions are different

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "Skopeo Test", but their only_if conditions are different

Check warning on line 243 in .cirrus.yml

View check run for this annotation

Cirrus CI / Build Parsing Results

.cirrus.yml#L243 

task "Total Success" depends on task "Skopeo Test w/ opengpg", but their only_if conditions are different
name: "Total Success"
alias: success
# N/B: ALL tasks must be listed here, minus their '_task' suffix.
Expand Down
10 changes: 0 additions & 10 deletions Makefile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,6 @@ export GOPROXY=https://proxy.golang.org
# The following variables very roughly follow https://www.gnu.org/prep/standards/standards.html#Makefile-Conventions .
DESTDIR ?=
PREFIX ?= /usr/local
ifeq ($(shell uname -s),FreeBSD)
CONTAINERSCONFDIR ?= /usr/local/etc/containers
else
CONTAINERSCONFDIR ?= /etc/containers
endif
REGISTRIESDDIR ?= ${CONTAINERSCONFDIR}/registries.d
LOOKASIDEDIR ?= /var/lib/containers/sigstore
BINDIR ?= ${PREFIX}/bin
MANDIR ?= ${PREFIX}/share/man
Expand Down Expand Up @@ -159,10 +153,6 @@ clean:

install: install-binary install-docs install-completions
install -d -m 755 ${DESTDIR}${LOOKASIDEDIR}
install -d -m 755 ${DESTDIR}${CONTAINERSCONFDIR}
install -m 644 default-policy.json ${DESTDIR}${CONTAINERSCONFDIR}/policy.json
install -d -m 755 ${DESTDIR}${REGISTRIESDDIR}
install -m 644 default.yaml ${DESTDIR}${REGISTRIESDDIR}/default.yaml

install-binary: bin/skopeo
install -d -m 755 ${DESTDIR}${BINDIR}
Expand Down
14 changes: 0 additions & 14 deletions default-policy.json
View file
Open in desktop

This file was deleted.

28 changes: 0 additions & 28 deletions default.yaml
View file
Open in desktop

This file was deleted.