|
 |
bb3e91 |
#!/bin/bash
|
|
|
bb3e91 |
# This script delivers current documentation/configs and assures it has the intended
|
|
|
bb3e91 |
# settings for a particular branch/release.
|
|
|
bb3e91 |
# For questions reach to Jindrich Novy <jnovy@redhat.com>
|
|
|
bb3e91 |
|
|
|
bb3e91 |
ensure() {
|
|
|
bb3e91 |
if grep ^$2[[:blank:]].*= $1 > /dev/null
|
|
|
bb3e91 |
then
|
|
|
bb3e91 |
sed -i "s;^$2[[:blank:]]=.*;$2 = $3;" $1
|
|
|
bb3e91 |
else
|
|
|
bb3e91 |
if grep ^\#.*$2[[:blank:]].*= $1 > /dev/null
|
|
|
bb3e91 |
then
|
|
|
bb3e91 |
sed -i "/^#.*$2[[:blank:]].*=/a \
|
|
|
bb3e91 |
$2 = $3" $1
|
|
|
bb3e91 |
else
|
|
|
5604c2 |
echo "$2 = $3" >> $1
|
|
|
bb3e91 |
fi
|
|
|
bb3e91 |
fi
|
|
|
bb3e91 |
}
|
|
|
bb3e91 |
|
|
|
bb3e91 |
#./pyxis.sh
|
|
|
bb3e91 |
#./update-vendored.sh
|
|
|
bb3e91 |
spectool -f -g containers-common.spec
|
|
|
5604c2 |
for FILE in *; do
|
|
|
5604c2 |
[ -s "$FILE" ]
|
|
|
5604c2 |
if [ $? == 1 ] && [ "$FILE" != "sources" ]; then
|
|
|
5604c2 |
echo "empty file: $FILE"
|
|
|
5604c2 |
exit 1
|
|
|
5604c2 |
fi
|
|
|
5604c2 |
done
|
|
|
bb3e91 |
ensure storage.conf driver \"overlay\"
|
|
|
bb3e91 |
ensure storage.conf mountopt \"nodev,metacopy=on\"
|
|
|
bb3e91 |
if pwd | grep rhel-8 > /dev/null
|
|
|
bb3e91 |
then
|
|
|
5604c2 |
awk -i inplace '/#default_capabilities/,/#\]/{gsub("#","",$0)}1' containers.conf
|
|
|
947b07 |
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
|
|
|
bb3e91 |
ensure registries.conf short-name-mode \"permissive\"
|
|
|
bb3e91 |
ensure containers.conf runtime \"runc\"
|
|
|
bb3e91 |
ensure containers.conf events_logger \"file\"
|
|
|
bb3e91 |
ensure containers.conf log_driver \"k8s-file\"
|
|
|
bb3e91 |
ensure containers.conf network_backend \"cni\"
|
|
|
eec041 |
if ! grep \"NET_RAW\" containers.conf > /dev/null
|
|
|
eec041 |
then
|
|
|
eec041 |
sed -i '/^default_capabilities/a \
|
|
|
5604c2 |
"NET_RAW",' containers.conf
|
|
|
5604c2 |
fi
|
|
|
5604c2 |
if ! grep \"SYS_CHROOT\" containers.conf > /dev/null
|
|
|
5604c2 |
then
|
|
|
5604c2 |
sed -i '/^default_capabilities/a \
|
|
|
5604c2 |
"SYS_CHROOT",' containers.conf
|
|
|
eec041 |
fi
|
|
|
bb3e91 |
else
|
|
|
947b07 |
ensure registries.conf unqualified-search-registries [\"registry.access.redhat.com\",\ \"registry.redhat.io\",\ \"docker.io\"]
|
|
|
bb3e91 |
ensure registries.conf short-name-mode \"enforcing\"
|
|
|
bb3e91 |
ensure containers.conf runtime \"crun\"
|
|
|
bb3e91 |
fi
|
|
|
5604c2 |
[ `grep \"keyctl\", seccomp.json | wc -l` == 0 ] && sed -i '/\"kill\",/i \
|
|
|
bb3e91 |
"keyctl",' seccomp.json
|
|
|
5604c2 |
[ `grep \"socket\", seccomp.json | wc -l` == 0 ] && sed -i '/\"socketcall\",/i \
|
|
|
bb3e91 |
"socket",' seccomp.json
|