rpm: update config files for drop ins

common/rpm/00-containers.conf

@@ -0,0 +1,5 @@
+[containers]
+log_driver = "journald"
+
+[engine]
+runtime = "crun"

common/rpm/00-fedora-registries.conf

@@ -0,0 +1,4 @@
+# Default search registries for fedora
+unqualified-search-registries = ["registry.fedoraproject.org", "registry.access.redhat.com", "docker.io"]
+
+short-name-mode="enforcing"

common/rpm/00-rhel-registries.conf

@@ -0,0 +1,4 @@
+# Default search registries for RHEL
+unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.io", "docker.io"]
+
+short-name-mode="enforcing"

common/rpm/00-storage-additional-store.conf

@@ -0,0 +1,2 @@
+[storage.options]
+additionalimagestores = ["/usr/lib/containers/storage"]

common/rpm/00-storage.conf

@@ -0,0 +1,6 @@
+[storage]
+driver = "overlay"
+
+[storage.options.overlay]
+# mountopt specifies comma separated list of extra mount options
+mountopt = "nodev,metacopy=on"

common/rpm/containers-common.spec

@@ -42,6 +42,11 @@ Requires: (fuse-overlayfs if fedora-release-identity-server)
 %else
 Suggests: fuse-overlayfs
 %endif
+# Conflict versions using the old config file loading to avoid mismatch between code and configs.
+Conflicts: podman < 5:6
+Conflicts: buildah < 2:1.44
+Conflicts: skopeo < 1:1.23
+
 URL: https://github.com/%{project}/%{repo}
 Source0: %{url}/archive/refs/tags/common/v%{version}.tar.gz
 Source1: https://raw.githubusercontent.com/containers/shortnames/refs/heads/main/shortnames.conf
@@ -65,11 +70,10 @@ Requires: container-network-stack
 Requires: oci-runtime
 Requires: passt
 %if %{defined fedora}
-Conflicts: podman < 5:5.0.0~rc4-1
 Recommends: composefs
 Recommends: crun
 Requires: (crun if fedora-release-identity-server)
-Requires: netavark >= %{netavark_epoch}:1.10.3-1
+Requires: netavark >= %{netavark_epoch}:2
 Suggests: slirp4netns
 Recommends: qemu-user-static
 Requires: (qemu-user-static-aarch64 if fedora-release-identity-server)
@@ -84,10 +88,6 @@ not required by Skopeo.
 %prep
 %autosetup -Sgit -n %{repo}-common-v%{version}
 
-# Fine-grain distro- and release-specific tuning of config files,
-# e.g., seccomp, composefs, registries on different RHEL/Fedora versions
-bash common/rpm/update-config-files.sh
-
 %build
 mkdir -p man5
 for i in common/docs/*.5.md image/docs/*.5.md storage/docs/*.5.md; do
@@ -96,7 +96,7 @@ done
 
 %install
 # install config and policy files for registries
-install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,networks,systemd}
+install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,networks,systemd,registries.conf.d,registries.d}
 install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
 install -dp %{buildroot}%{_datadir}/containers/systemd
 install -dp %{buildroot}%{_prefix}/lib/containers/storage
@@ -105,20 +105,32 @@ touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-images/images.lock
 install -dp -m 700 %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers
 touch %{buildroot}%{_prefix}/lib/containers/storage/overlay-layers/layers.lock
 
-install -Dp -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
-install -Dp -m0644 image/default.yaml %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
-install -Dp -m0644 image/default-policy.json %{buildroot}%{_sysconfdir}/containers/policy.json
-install -Dp -m0644 image/registries.conf %{buildroot}%{_sysconfdir}/containers/registries.conf
+install -Dp -m0644 %{SOURCE1} %{buildroot}%{_datadir}/containers/registries.conf.d/000-shortnames.conf
+install -Dp -m0644 image/default.yaml %{buildroot}%{_datadir}/containers/registries.d/default.yaml
+install -Dp -m0644 image/default-policy.json %{buildroot}%{_datadir}/containers/policy.json
+install -Dp -m0644 image/registries.conf %{buildroot}%{_datadir}/containers/registries.conf
 install -Dp -m0644 storage/storage.conf %{buildroot}%{_datadir}/containers/storage.conf
 
+# install custom vendor overwrites
+install -Dp -m0644 common/rpm/00-containers.conf %{buildroot}%{_datadir}/containers/containers.conf.d/00-vendor.conf
+install -Dp -m0644 common/rpm/00-storage.conf %{buildroot}%{_datadir}/containers/storage.conf.d/00-vendor.conf
+install -Dp -m0644 common/rpm/00-storage-additional-store.conf %{buildroot}%{_datadir}/containers/storage.rootful.conf.d/00-vendor-additional-store.conf
+
+%if %{defined fedora}
+install -Dp -m0644 common/rpm/00-fedora-registries.conf %{buildroot}%{_datadir}/containers/registries.conf.d/00-vendor.conf
+%else
+install -Dp -m0644 common/rpm/00-rhel-registries.conf %{buildroot}%{_datadir}/containers/registries.conf.d/00-vendor.conf
+%endif
+
+
 # RPM-GPG-KEY-redhat-release already exists on rhel envs, install only on
 # fedora and centos
 %if %{defined fedora} || %{defined centos}
 install -Dp -m0644 %{SOURCE2} %{buildroot}%{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 %endif
 
-install -Dp -m0644 common/contrib/redhat/registry.access.redhat.com.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d
-install -Dp -m0644 common/contrib/redhat/registry.redhat.io.yaml -t %{buildroot}%{_sysconfdir}/containers/registries.d
+install -Dp -m0644 common/contrib/redhat/registry.access.redhat.com.yaml -t %{buildroot}%{_datadir}/containers/registries.d
+install -Dp -m0644 common/contrib/redhat/registry.redhat.io.yaml -t %{buildroot}%{_datadir}/containers/registries.d
 
 # install manpages
 for i in man5/*.5; do
@@ -141,6 +153,22 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
 # Placeholder check to silence rpmlint warnings
 %check
 
+%posttrans
+  # Restore user-modified config files from .rpmsave
+  for file in \
+      policy.json \
+      registries.conf \
+      registries.conf.d/000-shortnames.conf \
+      registries.d/default.yaml \
+      registries.d/registry.redhat.io.yaml \
+      registries.d/registry.access.redhat.com.yaml
+  do
+      file="%{_sysconfdir}/containers/${file}"
+      if [ -f "${file}.rpmsave" ]; then
+          mv "${file}.rpmsave" "${file}"
+      fi
+  done
+
 %files
 %dir %{_sysconfdir}/containers
 %dir %{_sysconfdir}/containers/certs.d
@@ -157,15 +185,10 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
 %{_prefix}/lib/containers/storage/overlay-images/images.lock
 %{_prefix}/lib/containers/storage/overlay-layers/layers.lock
 
-%config(noreplace) %{_sysconfdir}/containers/policy.json
-%config(noreplace) %{_sysconfdir}/containers/registries.conf
-%config(noreplace) %{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
+
 %if 0%{?fedora} || 0%{?centos}
 %{_sysconfdir}/pki/rpm-gpg/RPM-GPG-KEY-redhat-release
 %endif
-%config(noreplace) %{_sysconfdir}/containers/registries.d/default.yaml
-%config(noreplace) %{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
-%config(noreplace) %{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
 %ghost %{_sysconfdir}/containers/storage.conf
 %ghost %{_sysconfdir}/containers/containers.conf
 %dir %{_sharedstatedir}/containers/sigstore
@@ -179,6 +202,21 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
 %{_datadir}/containers/containers.conf
 %{_datadir}/containers/mounts.conf
 %{_datadir}/containers/seccomp.json
+%{_datadir}/containers/policy.json
+%{_datadir}/containers/registries.conf
+%dir %{_datadir}/containers/registries.conf.d
+%{_datadir}/containers/registries.conf.d/000-shortnames.conf
+%{_datadir}/containers/registries.conf.d/00-vendor.conf
+%dir %{_datadir}/containers/registries.d
+%{_datadir}/containers/registries.d/default.yaml
+%{_datadir}/containers/registries.d/registry.redhat.io.yaml
+%{_datadir}/containers/registries.d/registry.access.redhat.com.yaml
+%dir %{_datadir}/containers/containers.conf.d
+%{_datadir}/containers/containers.conf.d/00-vendor.conf
+%dir %{_datadir}/containers/storage.conf.d
+%{_datadir}/containers/storage.conf.d/00-vendor.conf
+%dir %{_datadir}/containers/storage.rootful.conf.d
+%{_datadir}/containers/storage.rootful.conf.d/00-vendor-additional-store.conf
 %dir %{_datadir}/rhel
 %dir %{_datadir}/rhel/secrets
 %{_datadir}/rhel/secrets/*