Moving default-policy.json and default.yaml to containers/image #2173
Conversation
All major distros (Fedora, debian, archlinux, gentoo, alpine, opensuse) are placing these 2 files in containers-common package. Why not fix it upstream? 1st step towards addressing containers#2170 Signed-off-by: Rahil Bhimjiani <me@rahil.website>
rahilarious
force-pushed
the
default-yaml-policy-json-to-common
branch
from
492ab56
to
441249f
Compare
| @@ -147,6 +147,7 @@ ostree-rs-ext_task: | |||
| - dnf builddep -y skopeo | |||
| - make | |||
| - make install | |||
| - echo '{"default":[{"type":"insecureAcceptAnything"}],"transports":{"docker-daemon":{"":[{"type":"insecureAcceptAnything"}]}}}' > /etc/containers/policy.json | |||
There was a problem hiding this comment.
- I’m afraid this is failing
- I’m tempted to say that this should do the same thing we are asking other users to do. I.e. if users are expected to install the files from the c/image repo, this should also go through the troubler of installing the files from the c/image repo.
There was a problem hiding this comment.
* I’m tempted to say that this should do the same thing we are asking other users to do. I.e. if users are expected to install the files from the c/image repo, this should also go through the troubler of installing the files from the c/image repo.
I agree. I just don't know how to handle cirrus stuff. It's up to you to properly fix it.
There was a problem hiding this comment.
It is… just a shell script?
… Uh. The one thing we might need to provide some guidance on is to figure out which c/image version to use. ~Luckily the data is available in go.mod, but turning that into a git command is a bit cumbersome.
@lsm5 @jnovy @rhatdan What do we do for Podman users who build from source, and need containers.conf from c/common? It seems to be either “nothing and let them figure it out” or “install a previous packaged of containers-common and hope the files match”, is there something I’m missing?
There was a problem hiding this comment.
Nothing but let them figure it out. Luckily Podman runs fine with no containers.conf and we encourage distributions to comment out containers.conf to be used information purposes only, IE Document the default in the system file, and allow admin and users to customize individual fields.
There was a problem hiding this comment.
I’m afraid policy.json is mandatory. Oh well… I’m always happy to recommend using packaged versions :)
|
For the record, the files, and the Make rules to install them, were moved to containers/image#2215 . |
rahilarious
changed the title
All major distros (Fedora, debian, archlinux, gentoo, alpine, opensuse) are placing these 2 files in containers-common package. Why not fix it upstream?
1st step towards addressing #2170