MSVSphere debranding

5 months ago · edf66ef27e
parent e481ed4edc
commit edf66ef27e
12 changed files with 10 additions and 5213 deletions
--- a/SOURCES/001-rhel-shortnames-pyxis.conf
+++ b/SOURCES/001-rhel-shortnames-pyxis.conf
--- a/SOURCES/002-rhel-shortnames-overrides.conf
+++ b/SOURCES/002-rhel-shortnames-overrides.conf
@ -1,10 +0,0 @@
-[aliases]
-"skopeo"  = "registry.access.redhat.com/ubi8/skopeo"
-"ubi8/skopeo" = "registry.access.redhat.com/ubi8/skopeo"
-"rhel9/skopeo" = "registry.redhat.io/rhel9/skopeo"
-"buildah" = "registry.access.redhat.com/ubi8/buildah"
-"ubi8/buildah" = "registry.access.redhat.com/ubi8/buildah"
-"rhel9/buildah" = "registry.redhat.io/rhel9/buildah"
-"podman" = "registry.access.redhat.com/ubi8/podman"
-"ubi8/podman" = "registry.access.redhat.com/ubi8/podman"
-"rhel9/podman" = "registry.redhat.io/rhel9/podman"
--- a/SOURCES/RPM-GPG-KEY-redhat-beta
+++ b/SOURCES/RPM-GPG-KEY-redhat-beta
@ -1,29 +0,0 @@
-----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1.2.6 (GNU/Linux)
-
-mQINBEmkAzABEAC2/c7bP1lHQ3XScxbIk0LQWe1YOiibQBRLwf8Si5PktgtuPibT
-kKpZjw8p4D+fM7jD1WUzUE0X7tXg2l/eUlMM4dw6XJAQ1AmEOtlwSg7rrMtTvM0A
-BEtI7Km6fC6sU6RtBMdcqD1cH/6dbsfh8muznVA7UlX+PRBHVzdWzj6y8h84dBjo
-gzcbYu9Hezqgj/lLzicqsSZPz9UdXiRTRAIhp8V30BD8uRaaa0KDDnD6IzJv3D9P
-xQWbFM4Z12GN9LyeZqmD7bpKzZmXG/3drvfXVisXaXp3M07t3NlBa3Dt8NFIKZ0D
-FRXBz5bvzxRVmdH6DtkDWXDPOt+Wdm1rZrCOrySFpBZQRpHw12eo1M1lirANIov7
-Z+V1Qh/aBxj5EUu32u9ZpjAPPNtQF6F/KjaoHHHmEQAuj4DLex4LY646Hv1rcv2i
-QFuCdvLKQGSiFBrfZH0j/IX3/0JXQlZzb3MuMFPxLXGAoAV9UP/Sw/WTmAuTzFVm
-G13UYFeMwrToOiqcX2VcK0aC1FCcTP2z4JW3PsWvU8rUDRUYfoXovc7eg4Vn5wHt
-0NBYsNhYiAAf320AUIHzQZYi38JgVwuJfFu43tJZE4Vig++RQq6tsEx9Ftz3EwRR
-fJ9z9mEvEiieZm+vbOvMvIuimFVPSCmLH+bI649K8eZlVRWsx3EXCVb0nQARAQAB
-tDBSZWQgSGF0LCBJbmMuIChiZXRhIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0LmNv
-bT6JAjYEEwECACAFAkpSM+cCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCT
-ioDK8hVB6/9tEAC0+KmzeKceXQ/GTUoU6jy9vtkFCFrmv+c7ol4XpdTt0QhqBOwy
-6m2mKWwmm8KfYfy0cADQ4y/EcoXl7FtFBwYmkCuEQGXhTDn9DvVjhooIq59LEMBQ
-OW879RwwzRIZ8ebbjMUjDPF5MfPQqP2LBu9N4KvXlZp4voykwuuaJ+cbsKZR6pZ6
-0RQKPHKP+NgUFC0fff7XY9cuOZZWFAeKRhLN2K7bnRHKxp+kELWb6R9ZfrYwZjWc
-MIPbTd1khE53L4NTfpWfAnJRtkPSDOKEGVlVLtLq4HEAxQt07kbslqISRWyXER3u
-QOJj64D1ZiIMz6t6uZ424VE4ry9rBR0Jz55cMMx5O/ni9x3xzFUgH8Su2yM0r3jE
-Rf24+tbOaPf7tebyx4OKe+JW95hNVstWUDyGbs6K9qGfI/pICuO1nMMFTo6GqzQ6
-DwLZvJ9QdXo7ujEtySZnfu42aycaQ9ZLC2DOCQCUBY350Hx6FLW3O546TAvpTfk0
-B6x+DV7mJQH7MGmRXQsE7TLBJKjq28Cn4tVp04PmybQyTxZdGA/8zY6pPl6xyVMH
-V68hSBKEVT/rlouOHuxfdmZva1DhVvUC6Xj7+iTMTVJUAq/4Uyn31P1OJmA2a0PT
-CAqWkbJSgKFccsjPoTbLyxhuMSNkEZFHvlZrSK9vnPzmfiRH0Orx3wYpMQ==
-=21pb
-----END PGP PUBLIC KEY BLOCK-----
--- a/SOURCES/RPM-GPG-KEY-redhat-release
+++ b/SOURCES/RPM-GPG-KEY-redhat-release
@ -1,66 +0,0 @@
-The following public key can be used to verify RPM packages built and
-signed by Red Hat, Inc.  This key is used for packages in Red Hat
-products shipped after November 2009, and for all updates to those
-products.
-
-Questions about this key should be sent to security@redhat.com.
-
-pub  4096R/FD431D51 2009-10-22 Red Hat, Inc. (release key 2) <security@redhat.com>
-
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBErgSTsBEACh2A4b0O9t+vzC9VrVtL1AKvUWi9OPCjkvR7Xd8DtJxeeMZ5eF
-0HtzIG58qDRybwUe89FZprB1ffuUKzdE+HcL3FbNWSSOXVjZIersdXyH3NvnLLLF
-0DNRB2ix3bXG9Rh/RXpFsNxDp2CEMdUvbYCzE79K1EnUTVh1L0Of023FtPSZXX0c
-u7Pb5DI5lX5YeoXO6RoodrIGYJsVBQWnrWw4xNTconUfNPk0EGZtEnzvH2zyPoJh
-XGF+Ncu9XwbalnYde10OCvSWAZ5zTCpoLMTvQjWpbCdWXJzCm6G+/hx9upke546H
-5IjtYm4dTIVTnc3wvDiODgBKRzOl9rEOCIgOuGtDxRxcQkjrC+xvg5Vkqn7vBUyW
-9pHedOU+PoF3DGOM+dqv+eNKBvh9YF9ugFAQBkcG7viZgvGEMGGUpzNgN7XnS1gj
-/DPo9mZESOYnKceve2tIC87p2hqjrxOHuI7fkZYeNIcAoa83rBltFXaBDYhWAKS1
-PcXS1/7JzP0ky7d0L6Xbu/If5kqWQpKwUInXtySRkuraVfuK3Bpa+X1XecWi24JY
-HVtlNX025xx1ewVzGNCTlWn1skQN2OOoQTV4C8/qFpTW6DTWYurd4+fE0OJFJZQF
-buhfXYwmRlVOgN5i77NTIJZJQfYFj38c/Iv5vZBPokO6mffrOTv3MHWVgQARAQAB
-tDNSZWQgSGF0LCBJbmMuIChyZWxlYXNlIGtleSAyKSA8c2VjdXJpdHlAcmVkaGF0
-LmNvbT6JAjYEEwECACAFAkrgSTsCGwMGCwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAK
-CRAZni+R/UMdUWzpD/9s5SFR/ZF3yjY5VLUFLMXIKUztNN3oc45fyLdTI3+UClKC
-2tEruzYjqNHhqAEXa2sN1fMrsuKec61Ll2NfvJjkLKDvgVIh7kM7aslNYVOP6BTf
-C/JJ7/ufz3UZmyViH/WDl+AYdgk3JqCIO5w5ryrC9IyBzYv2m0HqYbWfphY3uHw5
-un3ndLJcu8+BGP5F+ONQEGl+DRH58Il9Jp3HwbRa7dvkPgEhfFR+1hI+Btta2C7E
-0/2NKzCxZw7Lx3PBRcU92YKyaEihfy/aQKZCAuyfKiMvsmzs+4poIX7I9NQCJpyE
-IGfINoZ7VxqHwRn/d5mw2MZTJjbzSf+Um9YJyA0iEEyD6qjriWQRbuxpQXmlAJbh
-8okZ4gbVFv1F8MzK+4R8VvWJ0XxgtikSo72fHjwha7MAjqFnOq6eo6fEC/75g3NL
-Ght5VdpGuHk0vbdENHMC8wS99e5qXGNDued3hlTavDMlEAHl34q2H9nakTGRF5Ki
-JUfNh3DVRGhg8cMIti21njiRh7gyFI2OccATY7bBSr79JhuNwelHuxLrCFpY7V25
-OFktl15jZJaMxuQBqYdBgSay2G0U6D1+7VsWufpzd/Abx1/c3oi9ZaJvW22kAggq
-dzdA27UUYjWvx42w9menJwh/0jeQcTecIUd0d0rFcw/c1pvgMMl/Q73yzKgKYw==
-=zbHE
-----END PGP PUBLIC KEY BLOCK-----
-----BEGIN PGP PUBLIC KEY BLOCK-----
-
-mQINBGIpIp4BEAC/o5e1WzLIsS6/JOQCs4XYATYTcf6B6ALzcP05G0W3uRpUQSrL
-FRKNrU8ZCelm/B+XSh2ljJNeklp2WLxYENDOsftDXGoyLr2hEkI5OyK267IHhFNJ
-g+BN+T5Cjh4ZiiWij6o9F7x2ZpxISE9M4iI80rwSv1KOnGSw5j2zD2EwoMjTVyVE
-/t3s5XJxnDclB7ZqL+cgjv0mWUY/4+b/OoRTkhq7b8QILuZp75Y64pkrndgakm1T
-8mAGXV02mEzpNj9DyAJdUqa11PIhMJMxxHOGHJ8CcHZ2NJL2e7yJf4orTj+cMhP5
-LzJcVlaXnQYu8Zkqa0V6J1Qdj8ZXL72QsmyicRYXAtK9Jm5pvBHuYU2m6Ja7dBEB
-Vkhe7lTKhAjkZC5ErPmANNS9kPdtXCOpwN1lOnmD2m04hks3kpH9OTX7RkTFUSws
-eARAfRID6RLfi59B9lmAbekecnsMIFMx7qR7ZKyQb3GOuZwNYOaYFevuxusSwCHv
-4FtLDIhk+Fge+EbPdEva+VLJeMOb02gC4V/cX/oFoPkxM1A5LHjkuAM+aFLAiIRd
-Np/tAPWk1k6yc+FqkcDqOttbP4ciiXb9JPtmzTCbJD8lgH0rGp8ufyMXC9x7/dqX
-TjsiGzyvlMnrkKB4GL4DqRFl8LAR02A3846DD8CAcaxoXggL2bJCU2rgUQARAQAB
-tDVSZWQgSGF0LCBJbmMuIChhdXhpbGlhcnkga2V5IDMpIDxzZWN1cml0eUByZWRo
-YXQuY29tPokCUgQTAQgAPBYhBH5GJCWMQGU11W1vE1BU5KRaY0CzBQJiKSKeAhsD
-BQsJCAcCAyICAQYVCgkICwIEFgIDAQIeBwIXgAAKCRBQVOSkWmNAsyBfEACuTN/X
-YR+QyzeRw0pXcTvMqzNE4DKKr97hSQEwZH1/v1PEPs5O3psuVUm2iam7bqYwG+ry
-EskAgMHi8AJmY0lioQD5/LTSLTrM8UyQnU3g17DHau1NHIFTGyaW4a7xviU4C2+k
-c6X0u1CPHI1U4Q8prpNcfLsldaNYlsVZtUtYSHKPAUcswXWliW7QYjZ5tMSbu8jR
-OMOc3mZuf0fcVFNu8+XSpN7qLhRNcPv+FCNmk/wkaQfH4Pv+jVsOgHqkV3aLqJeN
-kNUnpyEKYkNqo7mNfNVWOcl+Z1KKKwSkIi3vg8maC7rODsy6IX+Y96M93sqYDQom
-aaWue2gvw6thEoH4SaCrCL78mj2YFpeg1Oew4QwVcBnt68KOPfL9YyoOicNs4Vuu
-fb/vjU2ONPZAeepIKA8QxCETiryCcP43daqThvIgdbUIiWne3gae6eSj0EuUPoYe
-H5g2Lw0qdwbHIOxqp2kvN96Ii7s1DK3VyhMt/GSPCxRnDRJ8oQKJ2W/I1IT5VtiU
-zMjjq5JcYzRPzHDxfVzT9CLeU/0XQ+2OOUAiZKZ0dzSyyVn8xbpviT7iadvjlQX3
-CINaPB+d2Kxa6uFWh+ZYOLLAgZ9B8NKutUHpXN66YSfe79xFBSFWKkJ8cSIMk13/
-Ifs7ApKlKCCRDpwoDqx/sjIaj1cpOfLHYjnefg==
-=UZd/
-----END PGP PUBLIC KEY BLOCK-----
--- a/SOURCES/default-policy.json
+++ b/SOURCES/default-policy.json
@ -6,18 +6,9 @@
    ],
    "transports": {
        "docker": {
-	    "registry.access.redhat.com": [
+        "": [
 		{
-		    "type": "signedBy",
-		    "keyType": "GPGKeys",
-		    "keyPaths": ["/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta"]
-		}
-	    ],
-	    "registry.redhat.io": [
-		{
-		    "type": "signedBy",
-		    "keyType": "GPGKeys",
-		    "keyPaths": ["/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release", "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-beta"]
+		    "type": "insecureAcceptAnything"
 		}
 	    ]
 	},
--- a/SOURCES/pyxis.sh
+++ b/SOURCES/pyxis.sh
@ -30,12 +30,6 @@ while [ $IDX -lt ${#lines[@]} ]; do
     [[ $REPOSITORY != *[* ]] &&
     [[ $REGISTRY == *.* ]] &&
     [ "$REGISTRY" != "non_registry" ]; then
-    if [[ $REGISTRY == *quay.io* ]] ||
-       [[ $REGISTRY == *redhat.com* ]]; then
-      if [ "$REQ_TERMS" == "true" ]; then
-        REGISTRY=registry.redhat.io
-      fi
-    fi
    echo "\"$REPOSITORY\" = \"$REGISTRY/$REPOSITORY\""
    echo $PUBLISHED,$REQ_TERMS,$REPOSITORY,$REGISTRY,$RELEASE >> /tmp/pyx_debug
    echo "\"$REPOSITORY\" = \"$REGISTRY/$REPOSITORY\"" >> /tmp/rhel-shortnames.conf
--- a/SOURCES/registries.conf
+++ b/SOURCES/registries.conf
@ -19,7 +19,7 @@
 #
 # # An array of host[:port] registries to try when pulling an unqualified image, in order.

-unqualified-search-registries = ["registry.access.redhat.com", "registry.redhat.io", "docker.io"]
+unqualified-search-registries = ["docker.io"]

 # [[registry]]
 # # The "prefix" field is used to choose the relevant [[registry]] TOML table;
--- a/SOURCES/registry.access.redhat.com.yaml
+++ b/SOURCES/registry.access.redhat.com.yaml
@ -1,3 +0,0 @@
-docker:
-     registry.access.redhat.com:
-         sigstore: https://access.redhat.com/webassets/docker/content/sigstore
--- a/SOURCES/registry.redhat.io.yaml
+++ b/SOURCES/registry.redhat.io.yaml
@ -1,3 +0,0 @@
-docker:
-     registry.redhat.io:
-         sigstore: https://registry.redhat.io/containers/sigstore
--- a/SOURCES/shortnames.conf
+++ b/SOURCES/shortnames.conf
@ -22,6 +22,8 @@
  # Fedora
  "fedora-minimal" = "registry.fedoraproject.org/fedora-minimal"
  "fedora" = "registry.fedoraproject.org/fedora"
+  # MSVSphere
+  "msvsphere" = "docker.io/inferit/msvsphere"
  # Gentoo
  "gentoo" = "docker.io/gentoo/stage3"
  # openSUSE
--- a/SOURCES/update.sh
+++ b/SOURCES/update.sh
@ -33,7 +33,7 @@ ensure storage.conf    mountopt                      \"nodev,metacopy=on\"
 if pwd | grep rhel-8 > /dev/null
 then
 awk -i inplace '/#default_capabilities/,/#\]/{gsub("#","",$0)}1' containers.conf
-ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
+ensure registries.conf unqualified-search-registries [\"docker.io\"]
 ensure registries.conf short-name-mode               \"permissive\"
 ensure containers.conf runtime                       \"runc\"
 ensure containers.conf events_logger                 \"file\"
@ -50,7 +50,7 @@ then
  "SYS_CHROOT",' containers.conf
 fi
 else
-ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
+ensure registries.conf unqualified-search-registries [\"docker.io\"]
 ensure registries.conf short-name-mode               \"enforcing\"
 ensure containers.conf runtime                       \"crun\"
 fi
@ -58,10 +58,3 @@ fi
 				"keyctl",' seccomp.json
 [ `grep \"socket\", seccomp.json | wc -l` == 0 ] && sed -i '/\"socketcall\",/i \
 				"socket",' seccomp.json
-rhpkg clone redhat-release
-cd redhat-release
-rhpkg switch-branch rhel-9.4.0
-rhpkg prep
-cp -f redhat-release-*/RPM-GPG* ../
-cd -
-rm -rf redhat-release
--- a/SPECS/containers-common.spec
+++ b/SPECS/containers-common.spec
@ -12,7 +12,7 @@
 Epoch: 2
 Name: containers-common
 Version: 1
-Release: 81%{?dist}
+Release: 81%{?dist}.inferit
 Summary: Common configuration and documentation for containers
 License: ASL 2.0
 # arch limitation because of go-md2man (missing on i686)
@ -51,18 +51,12 @@ Source14: https://raw.githubusercontent.com/containers/common/%{common_branch}/d
 Source15: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-auth.json.5.md
 Source16: https://raw.githubusercontent.com/containers/image/%{image_branch}/docs/containers-registries.conf.d.5.md
 Source17: https://raw.githubusercontent.com/containers/shortnames/%{shortnames_branch}/shortnames.conf
-Source19: 001-rhel-shortnames-pyxis.conf
-Source20: 002-rhel-shortnames-overrides.conf
-Source21: RPM-GPG-KEY-redhat-release
-Source22: registry.access.redhat.com.yaml
-Source23: registry.redhat.io.yaml
 #Source24: https://raw.githubusercontent.com/containers/skopeo/%%{skopeo_branch}/default-policy.json
 Source24: default-policy.json
 Source25: https://raw.githubusercontent.com/containers/skopeo/%{skopeo_branch}/default.yaml
 # FIXME: fix the branch once these are available via regular c/common branch
 Source26: https://raw.githubusercontent.com/containers/common/main/docs/Containerfile.5.md
 Source27: https://raw.githubusercontent.com/containers/common/main/docs/containerignore.5.md
-Source28: RPM-GPG-KEY-redhat-beta

 # scripts used for synchronization with upstream and shortname generation
 Source100: update.sh
@ -87,18 +81,12 @@ install -dp %{buildroot}%{_datadir}/containers/systemd
 install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf
 install -m0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/registries.conf
 install -m0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/000-shortnames.conf
-install -m0644 %{SOURCE19} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/001-rhel-shortnames.conf
-install -m0644 %{SOURCE20} %{buildroot}%{_sysconfdir}/containers/registries.conf.d/002-rhel-shortnames-overrides.conf

 # for signature verification
 %if !0%{?rhel} || 0%{?centos}
 install -dp %{buildroot}%{_sysconfdir}/pki/rpm-gpg
-install -m0644 %{SOURCE21} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
-install -m0644 %{SOURCE28} %{buildroot}%{_sysconfdir}/pki/rpm-gpg
 %endif
 install -dp %{buildroot}%{_sysconfdir}/containers/registries.d
-install -m0644 %{SOURCE22} %{buildroot}%{_sysconfdir}/containers/registries.d
-install -m0644 %{SOURCE23} %{buildroot}%{_sysconfdir}/containers/registries.d
 install -m0644 %{SOURCE24} %{buildroot}%{_sysconfdir}/containers/policy.json
 install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
 install -m0644 %{SOURCE25} %{buildroot}%{_sysconfdir}/containers/registries.d/default.yaml
@ -131,19 +119,6 @@ ln -s %{_sysconfdir}/pki/entitlement %{buildroot}%{_datadir}/rhel/secrets/etc-pk
 ln -s %{_sysconfdir}/rhsm %{buildroot}%{_datadir}/rhel/secrets/rhsm
 ln -s %{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/rhel/secrets/redhat.repo

-# ship preconfigured /etc/containers/registries.d/ files with containers-common - #1903813
-cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.access.redhat.com.yaml
-docker:
-     registry.access.redhat.com:
-         sigstore: https://access.redhat.com/webassets/docker/content/sigstore
-EOF
-
-cat <<EOF > %{buildroot}%{_sysconfdir}/containers/registries.d/registry.redhat.io.yaml
-docker:
-     registry.redhat.io:
-         sigstore: https://registry.redhat.io/containers/sigstore
-EOF
-
 %files
 %dir %{_sysconfdir}/containers
 %dir %{_sysconfdir}/containers/certs.d
@ -175,7 +150,8 @@ EOF
 %{_datadir}/rhel/secrets/*

 %changelog
-* Wed Apr 03 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2:1-81
+* Wed Apr 24 2024 Sergey Cherevko <s.cherevko@msvsphere-os.ru> - 2:1-81.inferit
+- MSVSphere debranding
 - Rebuilt for MSVSphere 8.10 beta

 * Wed Feb 14 2024 Jindrich Novy <jnovy@redhat.com> - 2:1-81