containers · lsm5 · Aug 12, 2025 · jnovy · Aug 13, 2025 · lsm5
diff --git a/common/.packit.yaml → .packit.yaml b/common/.packit.yaml → .packit.yaml
@@ -2,31 +2,28 @@
 # See the documentation for more information:
 # https://packit.dev/docs/configuration/
 
-upstream_tag_template: v{version}
+upstream_tag_template: common/v{version}
 
 packages:
   containers-common-fedora:
     downstream_package_name: containers-common
     pkg_tool: fedpkg
-    specfile_path: rpm/containers-common.spec
+    specfile_path: common/rpm/containers-common.spec
   containers-common-centos:
     downstream_package_name: containers-common
     pkg_tool: centpkg
-    specfile_path: rpm/containers-common.spec
+    specfile_path: common/rpm/containers-common.spec
   containers-common-eln:
     downstream_package_name: containers-common
-    specfile_path: rpm/containers-common.spec
-
-actions:
-  pre-sync: "bash rpm/update-lib-versions.sh"
+    specfile_path: common/rpm/containers-common.spec
 
 jobs:
   - job: copr_build
     trigger: pull_request
     packages: [containers-common-fedora]
     notifications: &ephemeral_build_failure_notification
       failure_comment:
-        message: "Ephemeral COPR build failed. @containers/packit-build please check."
+        message: "Packit jobs failed. @containers/packit-build please check."
     enable_net: true
     targets:
       - fedora-all
@@ -55,7 +52,7 @@ jobs:
 
   # Run on commit to main branch
   - job: copr_build
-    trigger: commit
+    trigger: ignore
     packages: [containers-common-fedora]
     notifications:
       failure_comment:
@@ -71,11 +68,13 @@ jobs:
     dist_git_branches: &fedora_targets
       - fedora-all
 
+  # Ignore CentOS Stream for now
   - job: propose_downstream
-    trigger: release
+    trigger: ignore
     packages: [containers-common-centos]
     dist_git_branches:
       - c10s
+      - c9s
 
   # Fedora Koji build
   - job: koji_build

diff --git a/common/rpm/containers-common.spec b/common/rpm/containers-common.spec
@@ -1,19 +1,5 @@
-# Below definitions are used to deliver config files from a particular branch
-# of c/image, c/storage  and c/shortnames vendored in all of Buildah, Podman and Skopeo.
-# These vendored components must have the same version. If it is not the case,
-# pick the oldest version on c/image, c/storage and c/shortnames vendored in
-# Buildah/Podman/Skopeo.
-
-# Packit will automatically update the image and storage versions on Fedora and
-# CentOS Stream dist-git PRs.
-%global image_branch main
-%global storage_branch main
-%global shortnames_branch main
-
 %global project containers
-%global repo common
-
-%global raw_github_url https://raw.githubusercontent.com/%{project}
+%global repo container-libs
 
 %if %{defined copr_username}
 %define copr_build 1
@@ -35,7 +21,7 @@ Epoch: 5
 %endif
 # DO NOT TOUCH the Version string!
 # The TRUE source of this specfile is:
-# https://github.com/containers/common/blob/main/rpm/containers-common.spec
+# https://github.com/containers/container-libs/blob/main/common/rpm/containers-common.spec
 # If that's what you're reading, Version must be 0, and will be updated by Packit for
 # copr and koji builds.
 # If you're reading this on dist-git, the version is automatically filled in by Packit.
@@ -57,25 +43,9 @@ Requires: (fuse-overlayfs if fedora-release-identity-server)
 Suggests: fuse-overlayfs
 %endif
 URL: https://github.com/%{project}/%{repo}
-Source0: %{url}/archive/v%{version_no_tilde}.tar.gz
-Source1: %{raw_github_url}/image/%{image_branch}/docs/containers-auth.json.5.md
-Source2: %{raw_github_url}/image/%{image_branch}/docs/containers-certs.d.5.md
-Source3: %{raw_github_url}/image/%{image_branch}/docs/containers-policy.json.5.md
-Source4: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.conf.5.md
-Source5: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.conf.d.5.md
-Source6: %{raw_github_url}/image/%{image_branch}/docs/containers-registries.d.5.md
-Source7: %{raw_github_url}/image/%{image_branch}/docs/containers-signature.5.md
-Source8: %{raw_github_url}/image/%{image_branch}/docs/containers-transports.5.md
-Source9: %{raw_github_url}/storage/%{storage_branch}/docs/containers-storage.conf.5.md
-Source10: %{raw_github_url}/shortnames/%{shortnames_branch}/shortnames.conf
-Source11: %{raw_github_url}/image/%{image_branch}/default.yaml
-Source12: %{raw_github_url}/image/%{image_branch}/default-policy.json
-Source13: %{raw_github_url}/image/%{image_branch}/registries.conf
-Source14: %{raw_github_url}/storage/%{storage_branch}/storage.conf
-# Fetch RPM-GPG-KEY-redhat-release from the authoritative source instead of storing
-# a copy in repo or dist-git. Depending on distribution-gpg-keys rpm is also
-# not an option because that package doesn't exist on CentOS Stream.
-Source15: https://access.redhat.com/security/data/fd431d51.txt
+Source0: %{url}/archive/refs/tags/common/v%{version}.tar.gz
+Source1: https://raw.githubusercontent.com/containers/shortnames/refs/heads/main/shortnames.conf
+Source2: https://access.redhat.com/security/data/fd431d51.txt
 
 %description
 This package contains common configuration files and documentation for container
@@ -109,34 +79,20 @@ This subpackage will handle dependencies common to Podman and Buildah which are
 not required by Skopeo.
 
 %prep
-%autosetup -Sgit -n %{repo}-%{version_no_tilde}
-
-# Copy manpages to docs subdir in builddir to build before installing.
-cp %{SOURCE1} docs/.
-cp %{SOURCE2} docs/.
-cp %{SOURCE3} docs/.
-cp %{SOURCE4} docs/.
-cp %{SOURCE5} docs/.
-cp %{SOURCE6} docs/.
-cp %{SOURCE7} docs/.
-cp %{SOURCE8} docs/.
-cp %{SOURCE9} docs/.
-
-# Copy config files to builddir to patch them before installing.
-# Currently, only registries.conf and storage.conf files are patched before
-# installing.
-cp %{SOURCE10} shortnames.conf
-cp %{SOURCE13} registries.conf
-cp %{SOURCE14} storage.conf
+%autosetup -Sgit -n %{repo}-common-v%{version}
 
 # Fine-grain distro- and release-specific tuning of config files,
 # e.g., seccomp, composefs, registries on different RHEL/Fedora versions
-bash rpm/update-config-files.sh
+bash common/rpm/update-config-files.sh
 
 %build
-mkdir -p man5
-for i in docs/*.5.md; do
-    go-md2man -in $i -out man5/$(basename $i .md)
+mkdir -p man1 man5
+for i in common/docs/*.md image/docs/*.md storage/docs/*.md; do
+    if [[ "$i" == *".5.md" ]]; then
+        go-md2man -in $i -out man5/$(basename $i .md)
+    else
+        go-md2man -in $i -out man1/$(basename $i .md)
+    fi
 done
 
 %install
@@ -150,32 +106,37 @@ touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-images/images.lock
 install -dp -m 700 %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers
 touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers/layers.lock
 
-install -Dp -m0644 shortnames.conf %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
-install -Dp -m0644 %{SOURCE11} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
-install -Dp -m0644 %{SOURCE12} %{buildroot}%{_sysconfdir}/containers/policy.json
-install -Dp -m0644 registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
-install -Dp -m0644 storage.conf %{buildroot}%{_datadir}/containers/storage.conf
+install -Dp -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
+install -Dp -m0644 image/default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
+install -Dp -m0644 image/default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
+install -Dp -m0644 image/registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
+install -Dp -m0644 storage/storage.conf %{buildroot}%{_datadir}/containers/storage.conf
 
 # RPM-GPG-KEY-redhat-release already exists on rhel envs, install only on
 # fedora and centos
 %if %{defined fedora} || %{defined centos}
-install -Dp -m0644 %{SOURCE15} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
+install -Dp -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 %endif
 
-install -Dp -m0644 contrib/redhat/registry.access.redhat.com.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d
-install -Dp -m0644 contrib/redhat/registry.redhat.io.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d
+install -Dp -m0644 common/contrib/redhat/registry.access.redhat.com.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d
+install -Dp -m0644 common/contrib/redhat/registry.redhat.io.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d
 
 # install manpages
-install -dp %{buildroot}%{_mandir}/man5
+install -dp -m 700 %{buildroot}%{_mandir}/man1
+pushd man1
+for i in *; do
+    install -p -m0644 $i -T %{buildroot}%{_mandir}/man1/$i.1
+done
+popd
 for i in man5/*.5; do
-   install -Dp -m0644 $i -t %{buildroot}%{_mandir}/man5
+    install -Dp -m0644 $i -t %{buildroot}%{_mandir}/man5
 done
 ln -s containerignore.5 %{buildroot}%{_mandir}/man5/.containerignore.5
 
 # install config files for mounts, containers and seccomp
-install -m0644 pkg/subscriptions/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
-install -m0644 pkg/seccomp/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
-install -m0644 pkg/config/containers.conf %{buildroot}%{_datadir}/containers/containers.conf
+install -m0644 common/pkg/subscriptions/mounts.conf %{buildroot}%{_datadir}/containers/mounts.conf
+install -m0644 common/pkg/seccomp/seccomp.json %{buildroot}%{_datadir}/containers/seccomp.json
+install -m0644 common/pkg/config/containers.conf %{buildroot}%{_datadir}/containers/containers.conf
 
 # install secrets patch directory
 install -d -p -m 755 %{buildroot}/%{_datadir}/rhel/secrets
@@ -184,7 +145,6 @@ ln -s ../../../..%{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/sec
 ln -s ../../../..%{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
 ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo
 
-# Placeholder check to silence rpmlint warnings
 %check
 
 %files
@@ -215,6 +175,8 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
 %ghost %{_sysconfdir}/containers/storage.conf
 %ghost %{_sysconfdir}/containers/containers.conf
 %dir %{_sharedstatedir}/containers/sigstore
+%{_mandir}/man1/containers-storage*.1.gz
+%{_mandir}/man1/signature-protocols.1.gz
 %{_mandir}/man5/Containerfile.5.gz
 %{_mandir}/man5/containerignore.5.gz
 %{_mandir}/man5/.containerignore.5.gz

diff --git a/common/rpm/update-config-files.sh b/common/rpm/update-config-files.sh
@@ -5,45 +5,45 @@
 set -exo pipefail
 
 ensure() {
-  if [[ ! -f $1 ]]; then
-      echo "File not found:" $1
+  if [[ ! -f "$1" ]]; then
+      echo "File not found:" "$1"
       exit 1
   fi
-  if grep ^$2[[:blank:]].*= $1 > /dev/null
+  if grep "^$2[[:blank:]].*=" "$1" > /dev/null
   then
-    sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" $1
+    sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" "$1"
   else
-    if grep ^\#.*$2[[:blank:]].*= $1 > /dev/null
+    if grep "^\#.*$2[[:blank:]].*=" "$1" > /dev/null
     then
       sed -i "/^#.*$2[[:blank:]].*=/a \
-$2 = $3" $1
+$2 = $3" "$1"
     else
-      echo "$2 = $3" >> $1
+      echo "$2 = $3" >> "$1"
     fi
   fi
 }
 
 # Common options enabled across all fedora, centos, rhel
 # TBD: Can these be enabled by default upstream?
-ensure registries.conf              short-name-mode     \"enforcing\"
+ensure image/registries.conf              short-name-mode     \"enforcing\"
 
-ensure storage.conf                 driver              \"overlay\"
-ensure storage.conf                 mountopt            \"nodev,metacopy=on\"
+ensure storage/storage.conf               driver              \"overlay\"
+ensure storage/storage.conf               mountopt            \"nodev,metacopy=on\"
 
-ensure pkg/config/containers.conf   runtime             \"crun\"
-ensure pkg/config/containers.conf   log_driver          \"journald\"
+ensure common/pkg/config/containers.conf  runtime             \"crun\"
+ensure common/pkg/config/containers.conf  log_driver          \"journald\"
 
 FEDORA=$(rpm --eval '%{?fedora}')
 RHEL=$(rpm --eval '%{?rhel}')
 
 # Set search registries
 if [[ -n "$FEDORA" ]]; then
-    ensure registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"docker.io\"]
+    ensure image/registries.conf unqualified-search-registries [\"registry.fedoraproject.org\",\ \"registry.access.redhat.com\",\ \"docker.io\"]
 else
-    ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
+    ensure image/registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
 fi
 
 # Set these on all Fedora and RHEL 10+
 if [[ -n "$FEDORA" ]] || [[ "$RHEL" -ge 10 ]]; then
-    sed -i -e '/^additionalimagestores\ =\ \[/a "\/usr\/lib\/containers\/storage",' storage.conf
+    sed -i -e '/^additionalimagestores\ =\ \[/a "\/usr\/lib\/containers\/storage",' storage/storage.conf
 fi
diff --git a/common/rpm/update-lib-versions.sh b/common/rpm/update-lib-versions.sh