Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

libcontainers-openSUSE-policy-20250409-3.1 RPM for noarch

From OpenSuSE Tumbleweed for noarch

Name: libcontainers-openSUSE-policy Distribution: openSUSE Tumbleweed
Version: 20250409 Vendor: openSUSE
Release: 3.1 Build date: Mon Jul 14 09:24:58 2025
Group: System/Management Build host: reproducible
Size: 515 Source RPM: libcontainers-common-20250409-3.1.src.rpm
Packager: https://bugs.opensuse.org
Url: https://github.com/containers
Summary: Policy to enforce image verification for SLE BCI
This package ships a /etc/containers/policy.json which enforces image verification for SLE BCI.

Provides

Requires

License

Apache-2.0

Changelog

* Mon Jul 14 2025 Danish Prakash <danish.prakash@suse.com>
  - Remove subpackage libcontainers-sles-mounts and prevent auto mounting
    SUSEConnect credentials from host to container. SLE16 onwards, the idea is
    to expect users to explicitly mount secrets. (bsc#1246227)
* Thu May 29 2025 Danish Prakash <danish.prakash@suse.com>
  - Sync containers.conf & storage.conf with the current c/* versions
  - Rename storage-conf-prio-list.patch to 0002-storage-conf-prio-list.patch
  - Add patch to set SUSE defaults to containers.conf:
    * 0003-containers-conf-suse-defaults.patch
* Wed Apr 09 2025 Danish Prakash <danish.prakash@suse.com>
  - containers.conf default configuration modifications:
    * set runc as the default OCI runtime (bsc#1239088)
    * set nftables as the default firewall driver for netavark
  - New release 20250409
    * bump bundled c/common to 0.59.1
    * bump bundled c/image to 5.31.0
    * bump bundled c/storage to 1.54.0
* Fri Feb 07 2025 Dirk Müller <dmueller@suse.com>
  - fix shortnames.config by updating them from upstream
* Mon Jun 24 2024 Danish Prakash <danish.prakash@suse.com>
  - While migrating config files from /etc/containers/ to /usr/share/containers/,
    preserve config files *if* modified by the user (fixes bsc#1226825).
* Mon Jun 24 2024 Dan Čermák <dcermak@suse.com>
  - update storage.conf & containers.conf to latest versions from upstream
    The only functional changes are in storage.conf:
    * change storage.options.pull_options.enable_partial_images from false to true
    * change storage.options.overlay.mount_options from `mountopt =
      "nodev,metacopy=on"` to `mountopt = "nodev"`
  - add download_files service to fetch the latest config on `osc service mr`
  - add storage-conf-prio-list.patch that modifies the upstream storage.conf to
    add our storage driver priority list
* Tue Jun 18 2024 Danish Prakash <danish.prakash@suse.com>
  - Move the following distro configs files to /usr/share/containers/:
    * /etc/containers/mounts.json
    * /etc/containers/storage.conf
    * /etc/containers/seccomp.json
  - New release 20240618
  - bump bundled c/common to 0.59.1
  - bump bundled c/image to 5.31.0
  - bump bundled c/storage to 1.54.0
* Wed Apr 24 2024 Danish Prakash <danish.prakash@suse.com>
  - Introduce new subpackage that ships registries.conf that uses
    registry.suse.com as the only unqualified registry while pulling images on
    SL Micro and SP6. (jsc#SMO-376, jsc#PED-8289)
* Mon Apr 08 2024 Danish Prakash <danish.prakash@suse.com>
  - Add patch to keep containers.conf modifications in sync with upstream (bsc#1213556)
    + 0001-containers.conf-SUSE-clear-cni-config-dir-for-ALP.patch
  - Fallback to podman's default capabilities and journal driver via containers.conf
  - New release 20240408
  - bump bundled c/common to 0.58.0
  - bump bundled c/image to 5.30.0
  - bump bundled c/storage to 1.53.0
* Wed Mar 20 2024 Marcus Meissner <meissner@suse.com>
  - reenable SUSE registry key validation for new key.
* Fri Mar 01 2024 Marcus Meissner <meissner@suse.com>
  - disable the SUSE registry key validation temporary to switch the key on
    registry.suse.com.
* Tue Feb 06 2024 Dan Čermák <dcermak@suse.com>
  - New release 20240206
  - bump bundled c/common to 0.57.4
  - bump bundled c/image to 0.29.2
  - conditionally require libcontainers-sles-mounds for product(SLE-Micro) as well
    (SLE Micro 6.0 now no longer provides product(SUSE_SLE) and instead only
    provides product(SLE-Micro)), fixes bsc#1216443
* Mon Dec 04 2023 Danish Prakash <danish.prakash@suse.com>
  - New release 20231204
  -  bump c/common to 0.57.0
    * Bump to v0.56.0 by
    * Fix typo in comment
    * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
    * Fix specification of unix:///run
    * libimage/layer_tree: if parent is empty and a manifest list then ignore check.
    * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
    * Split up util package into pkg/password, pkg/copy, pkg/version
    * Remove ActiveDestination method to move into podman
    * Default machine CPUs to Cores/2
    * pkg/config: do NOT set StaticDir and VolumeDir
    * Implement negated label match function
    * chore: import packages only once
    * CoC: fix email link
  -  bump c/storage to 1.51.0
    * Bump to v1.50.2
    * overlay, composefs: mount loop device RO
    * Run codespell on code
    * fix(deps): update module github.com/klauspost/compress to v1.17.0
    * store: serialize container deletion
    * pkg/system: reduce retry timeout for EnsureRemoveAll
    * overlay, composefs: use data-only lower layers
    * store: call RecordWrite() before graphDriver Cleanup()
    * fix(deps): update module golang.org/x/sys to v0.13.0
  -  bump c/image to 5.29.0
    * Bump to v5.28.0
    * fix(deps): update module github.com/containers/storage to v1.50.2
    * Run codespell on code
    * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc5
    * Use constants and types from opencontainers/image-spec/specs-go/v1
    * progress: set Current before Refill
    * copy: fix nil pointer dereference when checking compression algorithm
    * fix(deps): update module github.com/klauspost/compress to v1.17.0
    * fix(deps): update module github.com/sylabs/sif/v2 to v2.14.0
    * ociarchive: Add new ArchiveFileNotFoundError
* Wed Sep 13 2023 Danish Prakash <danish.prakash@suse.com>
  - Require libcontainers-sles-mounts for *all* SLE products,
    and not just SLES. (bsc#1215291)
* Wed Sep 13 2023 Danish Prakash <danish.prakash@suse.com>
  - New release 20230913
  - bump c/image to 5.28.0
    * Bump to v5.26.0
    * fix(deps): update module github.com/sigstore/rekor to v1.2.2
    * fix(deps): update module github.com/sigstore/fulcio to v1.3.2
    * Adding IO decorator to copy progress bar
    * Ensure we close HTTP connections on all paths
    * fix(deps): update module github.com/containers/storage to v1.48.0
    * fix(deps): update module github.com/opencontainers/image-spec to v1.1.0-rc4
    * fix(deps): update github.com/cyberphone/json-canonicalization digest to 91eb5f1
    * fix(deps): update golang.org/x/exp digest to 97b1e66
    * fix(deps): update module github.com/klauspost/compress to v1.16.7
    * fix(deps): update module github.com/docker/docker to v24.0.3+incompatible
    * fix(deps): update module golang.org/x/oauth2 to v0.10.0
    * manifest: ListUpdate add imgspecv1.Platform field
    * fix(deps): update module github.com/docker/docker to v24.0.4+incompatible
    * pkg/docker: use the same default auth path as macOS on FreeBSD
    * fix(deps): update module github.com/sigstore/fulcio to v1.3.4
    * blob: TryReusingBlobWithOptions consider RequiredCompression if set
    * Fix tests of the ostree transport
    * helpers_test,cleanup: correct argument order
    * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
    * Make temporary names container/image specific
    * listupdate,oci: instance show read-only annotations and CompressionAlgorithmNames
    * fix(deps): update module github.com/docker/docker-credential-helpers to v0.8.0
    * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
    * Fix TestOCI1IndexChooseInstanc
    * Refactor data passing in c/image/copy
    * Update module github.com/sigstore/fulcio to v1.4.0
    * copy/multiple: instanceCopyCopy honor UpdateCompressionAlgorithms
    * Update vendor of containers/storage
    * copy/single: accept custom *Options and wrap arguments in copySingleImageOptions
    * Improve transport documentation
    * fix(deps): update module github.com/vbatts/tar-split to v0.11.5
    * fix(deps): update module github.com/docker/docker to v24.0.5+incompatible
    * copy: implement instanceCopyClone for zstd compression
    * copy/multiple: priority of instanceCopyCopy must be higher than instanceCopyClone
    * Clarify where mirrors are used
    * fix(deps): update github.com/cyberphone/json-canonicalization digest to aa7fe85
    * fix(deps): update github.com/containers/storage digest to c3da76f
    * Update x/exp/slices, and some small slice-related cleanups
    * Use consistent example domains in #2069
    * copy: add support for ForceCompressionFormat
    * fix(deps): update module golang.org/x/term to v0.11.0
    * fix(deps): update module golang.org/x/crypto to v0.12.0
    * fix(deps): update module golang.org/x/oauth2 to v0.11.0
    * [release-5.27] Preparing 5.27 backport
    * Update to Go 1.19
    * storage.storageImageDestination.Commit(): leverage image options
    * Rename SKOPEO_CI_TAG to SKOPEO_CI_BRANCH
    * [CI:DOCS] Add cirrus-cron retry/monitor jobs
    * chore(deps): update dependency containers/automation_images to v20230807
    * [release-5.27] Fix the branch we use for determining a git-validation starting point
    * fix(deps): update golang.org/x/exp digest to 352e893
    * fix(deps): update module github.com/sigstore/sigstore to v1.7.2
    * OCI image-spec / distribution-spec v1.1 updates, first round
    * fix(deps): update module github.com/sylabs/sif/v2 to v2.12.0
    * chore(deps): update dependency containers/automation_images to v20230809
    * Merge release branch into main
    * BREAKING: Update for move of github.com/theupdateframework/go-tuf/encrypted
    * Update module github.com/containers/ocicrypt to v1.1.8
    * chore(deps): update dependency containers/automation_images to v20230816
    * fix(deps): update module github.com/containers/storage to v1.49.0
    * fix(deps): update module github.com/sylabs/sif/v2 to v2.13.0
    * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.0
    * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.1
    * fix(deps): update golang.org/x/exp digest to d852ddb
    * fix(deps): update module golang.org/x/term to v0.12.0
    * fix(deps): update module github.com/sigstore/sigstore to v1.7.3
    * fix removal of temp file in GetBlob on Windows
    * fix(deps): update module golang.org/x/crypto to v0.13.0
    * Fix build with golangci-lint 1.54.2
    * fix(deps): update module golang.org/x/oauth2 to v0.12.0
    * Implement, and default to, a SQLite BlobInfoCache instead of BoltDB
    * fix(deps): update module github.com/docker/docker to v24.0.6+incompatible
    * Update dependencies of docker/docker
    * Correctly handle encryption/decryption changes in non-OCI formats
    * chore(deps): update module github.com/cyphar/filepath-securejoin to v0.2.4 [security]
    * fix(deps): update module github.com/containers/storage to v1.50.1
  - bump c/storage to 1.50.2
    * Bump to v1.50.1
    * Add an OWNERS file for the merge bot to refer to
  - bump c/common to 0.55.4
    * Bump c/image to v0.55.3
* Mon Aug 14 2023 Danish Prakash <danish.prakash@suse.com>
  - New release 20230814
  - bump c/storage to 1.48.0
    * Bump to v1.47.0
    * Fix error if continueWrite/continueRead pipe open fails
    * pkg/regexp: make sure that &Regexp implements the interfaces
    * Remove use of fillGo18FileTypeBits
  - bump c/image to 5.27.0
    * fix(deps): update module github.com/docker/docker to v23.0.3+incompatible
    * fix(deps): update module golang.org/x/term to v0.7.0
    * fix(deps): update module github.com/klauspost/compress to v1.16.4
    * fix(deps): update module github.com/sigstore/sigstore to v1.6.1
    * chore(deps): update dependency containers/automation_images to v20230405
    * fix(deps): update module golang.org/x/crypto to v0.8.0
    * fix(deps): update module golang.org/x/oauth2 to v0.7.0
    * fix(deps): update module github.com/containers/storage to v1.46.1
    * fix(deps): update module github.com/sigstore/sigstore to v1.6.2
    * Don't completely silently ignore non-OCI manifests in OCI layouts
    * fix(deps): update module github.com/klauspost/compress to v1.16.5
    * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
    * fix(deps): update module github.com/docker/docker to v23.0.4+incompatible
  - bump c/common to 0.55.3
    * Change default image volume mode to "nullfs" on FreeBSD
    * [v0.55][CI-DOCS] remove zstd:chunked from docs
    * libimage: harden lookup by digest
    * libimage: HasDifferentDigest: add InsecureSkipTLSVerify option
* Mon Jul 31 2023 Danish Prakash <danish.prakash@suse.com>
  - Disable CNI related configs on ALP (bsc#1213556)
    (https://github.com/containers/podman/issues/19327)
* Tue Jun 27 2023 Danish Prakash <danish.prakash@suse.com>
  - Remove unused grep requirement
* Mon Jun 26 2023 Danish Prakash <danish.prakash@suse.com>
  - Resolve choice on openSUSE distributions for libcontainer-policy
    by suggesting the libcontainers-openSUSE-policy explicitly.
* Mon Jun 05 2023 Danish Prakash <danish.prakash@suse.com>
  - Enforce BCI verification via Podman on openSUSE distributions
    using the already shipped container signing keys.
    (bsc#1197030)
* Tue May 16 2023 Danish Prakash <danish.prakash@suse.com>
  - Introduce new subpackage that adds SLE-specific mounts only
    on SLE systems (if sles-release) hence avoiding superfluous
    warnings on non-SLE systems while running podman commands.
    (bsc#1211124)
* Wed Apr 26 2023 Frederic Crozat <fcrozat@suse.com>
  - Own /etc/containers/systemd and /usr/share/containers/systemd,
    useful for podman quadlet.
* Wed Mar 15 2023 Dan Čermák <dcermak@suse.com>
  - Remove container-storage-driver.sh, we want to default to the overlay driver
    instead of btrfs.
    The btrfs driver is not really supported upstream (see
    e.g. https://github.com/containers/podman/issues/16882), there is no real
    development anymore and it appears to have subtle bugs (e.g. the one linked
    previously).
    To prevent further such issues, we will from now on default to the overlay
    driver.
* Wed Mar 15 2023 Dan Čermák <dcermak@suse.com>
  - Remove obsolete Requires(post): util-linux-systemd
* Mon Feb 27 2023 Dan Čermák <dcermak@suse.com>
  - Add registry.suse.com to the unqualified-search-registries
* Tue Feb 14 2023 Dan Čermák <dcermak@suse.com>
  - New upstream release 20230214
  - bump c/storage to 1.45.3
  - bump c/image to 5.24.1
  - bump c/common to 0.51.0
  - containers.conf:
    * add commented out options containers.read_only,
      engine.platform_to_oci_runtime, engine.events_container_create_inspect_data,
      network.volume_plugin_timeout, engine.runtimes.youki, machine.provider
    * remove deprecated setting containers.userns_size
    * add youki to engine.runtime_supports_json
  - shortnames.conf: pull in latest upstream version
  - storage.conf: add commented out option storage.transient_store
  - correct license to APACHE-2.0 only (there's no GPLv3 code to be found)
  - add source URLs to spec
  - drop pointless copyright year
* Wed Jan 25 2023 Danish Prakash <danish.prakash@suse.com>
  - Reverts https://build.opensuse.org/request/show/1060361
    Changes introduced to c/storage's storage.conf which adds
    a driver_priority attribute would break consumers of libcontainer-common
    as long as those packages are vendoring an older c/storage version.
    Instead of patching every consumer, we're reverting this change, until
    those packages have been updated downstream. [boo#1207509]
* Fri Jan 13 2023 Danish Prakash <danish.prakash@suse.com>
  - storage.conf: Unset 'driver' and set 'driver_priority' to
    allow podman to use 'btrfs' if available and fallback to
    'overlay' if not.
  - .spec: rm %post script to set 'btrfs' as storage driver
    in storage.conf
* Mon Dec 05 2022 Dan Čermák <dcermak@suse.com>
  - Remove registry.suse.com from search unqualified-search-registries:
    registry.suse.com responds very slowly to pagination repository listings
    (https://docs.docker.com/registry/spec/api/#pagination) and thereby causes
    every `podman search` to take over 90s. We have to remove it until this
    regression is fixed.
* Mon Nov 28 2022 Dirk Müller <dmueller@suse.com>
  - add requires on util-linux-systemd for findmnt in profile script
  - only set storage_driver env when no libpod exists
  - avoid quoting issue
* Tue Nov 22 2022 Dan Čermák <dcermak@suse.com>
  - Update bundled common to 0.50.1
  - Update bundled image to 5.23.1
  - Update bundled storage to 1.44.0
  - Drop bundled podman
  - Bump version to 20221122
  - Install container-storage-driver.sh in /etc/ on Leap & SLE
* Thu Nov 17 2022 Dirk Müller <dmueller@suse.com>
  - add container-storage-driver.sh (bsc#1197093)
* Thu Nov 10 2022 Dirk Müller <dmueller@suse.com>
  - postinstall script: slight cleanup, no functional change
* Tue Oct 25 2022 Dirk Müller <dmueller@suse.com>
  - set detached sigstore attachments for the SUSE controlled registries
* Tue Aug 09 2022 Fabian Vogt <fvogt@suse.com>
  - Fix obvious typo in containers.conf
* Wed Aug 03 2022 Frederic Crozat <fcrozat@suse.com>
  - Resync containers.conf / storage.conf with Fedora
  - Create /etc/containers/registries.conf.d and
    add 000-shortnames.conf to it.
* Wed Jun 15 2022 Fabian Vogt <fvogt@suse.com>
  - Use $() again in %post, but with a space for POSIX compliance
* Tue Jun 14 2022 Dan Čermák <dcermak@suse.com>
  - Add missing Requires(post): sed, fixes boo#1200524
  - Make %post compatible with dash
* Wed Jun 08 2022 Richard Brown <rbrown@suse.com>
  - Add missing comma to previous change
* Mon Jun 06 2022 Lubos Kocman <lubos.kocman@suse.com>
  - Add registry.suse.com as agreed on oSC22
    Let's advertise usage of BCI images in general
* Thu Feb 03 2022 Bruno Leon <bruno.leon@suse.com>
  - Update storage to 1.38.2
  - Update image to 5.19.1
  - Update Podman to 3.4.4
  - Update common to 0.47.3
* Tue Jan 11 2022 Dan Čermák <dcermak@suse.com>
  - Switch registries.conf to v2 format

Files

/etc/containers/policy.json


Generated by rpm2html 1.8.1

Fabrice Bellet, Wed Oct 22 22:25:06 2025