From 94438a0dba49be92958f0060d23066911eb0128a Mon Sep 17 00:00:00 2001
From: Daniel J Walsh <dwalsh@redhat.com>
Date: Jun 15 2019 13:57:46 +0000
Subject: Bump to v0.1.37 Release


---

diff --git a/containers-registries.conf.5.md b/containers-registries.conf.5.md
index 34e3d87..22da933 100644
--- a/containers-registries.conf.5.md
+++ b/containers-registries.conf.5.md
@@ -7,14 +7,68 @@ containers-registries.conf - Syntax of System Registry Configuration File
 
 # DESCRIPTION
 The CONTAINERS-REGISTRIES configuration file is a system-wide configuration
-file for container image registries. The file format is TOML. The valid
-categories are: 'registries.search', 'registries.insecure', and
-'registries.block'.
+file for container image registries. The file format is TOML.
 
 By default, the configuration file is located at `/etc/containers/registries.conf`.
 
-# FORMAT
-The TOML_format is used to build a simple list format for registries under three
+# FORMATS
+
+## VERSION 2
+VERSION 2 is the latest format of the `registries.conf` and is currently in
+beta. This means in general VERSION 1 should be used in production environments
+for now.
+
+Every registry can have its own mirrors configured.  The mirrors will be tested
+in order for the availability of the remote manifest.  This happens currently
+only during an image pull.  If the manifest is not reachable due to connectivity
+issues or the unavailability of the remote manifest, then the next mirror will
+be tested instead.  If no mirror is configured or contains the manifest to be
+pulled, then the initially provided reference will be used as fallback.  It is
+possible to set the `insecure` option per mirror, too.
+
+Furthermore it is possible to specify a `prefix` for a registry.  The `prefix`
+is used to find the relevant target registry from where the image has to be
+pulled.  During the test for the availability of the image, the prefixed
+location will be rewritten to the correct remote location.  This applies to
+mirrors as well as the fallback `location`.  If no prefix is specified, it
+defaults to the specified `location`.  For example, if
+`prefix = "example.com/foo"`, `location = "example.com"` and the image will be
+pulled from `example.com/foo/image`, then the resulting pull will be effectively
+point to `example.com/image`.
+
+By default container runtimes use TLS when retrieving images from a registry.
+If the registry is not setup with TLS, then the container runtime will fail to
+pull images from the registry. If you set `insecure = true` for a registry or a
+mirror you overwrite the `insecure` flag for that specific entry.  This means
+that the container runtime will attempt use unencrypted HTTP to pull the image.
+It also allows you to pull from a registry with self-signed certificates.
+
+If you set the `unqualified-search = true` for the registry, then it is possible
+to omit the registry hostname when pulling images.  This feature does not work
+together with a specified `prefix`.
+
+If `blocked = true` then it is not allowed to pull images from that registry.
+
+### EXAMPLE
+
+```
+[[registry]]
+location = "example.com"
+insecure = false
+prefix = "example.com/foo"
+unqualified-search = false
+blocked = false
+mirror = [
+    { location = "example-mirror-0.local", insecure = false },
+    { location = "example-mirror-1.local", insecure = true }
+]
+```
+
+## VERSION 1
+VERSION 1 can be used as alternative to the VERSION 2, but it is not capable in
+using registry mirrors or a prefix.
+
+The TOML_format is used to build a simple list for registries under three
 categories: `registries.search`, `registries.insecure`, and `registries.block`.
 You can list multiple registries using a comma separated list.
 
@@ -22,18 +76,13 @@ Search registries are used when the caller of a container runtime does not fully
 container image that they want to execute.  These registries are prepended onto the front
 of the specified container image until the named image is found at a registry.
 
-Insecure Registries.  By default container runtimes use TLS when retrieving images
-from a registry.  If the registry is not setup with TLS, then the container runtime
-will fail to pull images from the registry. If you add the registry to the list of
-insecure registries then the container runtime will attempt use standard web protocols to
-pull the image.  It also allows you to pull from a registry with self-signed certificates.
 Note insecure registries can be used for any registry, not just the registries listed
 under search.
 
-Block Registries.  The registries in this category are are not pulled from when
-retrieving images.
+The fields `registries.insecure` and `registries.block` work as like as the
+`insecure` and `blocked` from VERSION 2.
 
-# EXAMPLE
+### EXAMPLE
 The following example configuration defines two searchable registries, one
 insecure registry, and two blocked registries.
 
@@ -49,6 +98,8 @@ registries = ['registry.untrusted.com', 'registry.unsafe.com']
 ```
 
 # HISTORY
+Mar 2019, Added additional configuration format by Sascha Grunert <sgrunert@suse.com>
+
 Aug 2018, Renamed to containers-registries.conf(5) by Valentin Rothberg <vrothberg@suse.com>
 
 Jun 2018, Updated by Tom Sweeney <tsweeney@redhat.com>
diff --git a/skopeo.spec b/skopeo.spec
index 5a2f4c7..00e24a6 100644
--- a/skopeo.spec
+++ b/skopeo.spec
@@ -47,10 +47,15 @@ Source0: %{git0}/archive/%{commit0}/%{name}-%{shortcommit0}.tar.gz
 Source1: storage.conf
 Source2: containers-storage.conf.5.md
 Source3: mounts.conf
-Source4: registries.conf.5.md
+Source4: containers-registries.conf.5.md
 Source5: registries.conf
-Source6: policy.json.5.md
+Source6: containers-policy.json.5.md
 Source7: seccomp.json
+Source8: containers-mounts.conf.5.md
+Source9: containers-signature.5.md
+Source10: containers-transports.5.md
+Source11: containers-certs.d.5.md
+Source12: containers-registries.d.5.md
 
 %if 0%{?fedora}
 BuildRequires: go-srpm-macros
@@ -290,7 +295,13 @@ install -m0644 %{SOURCE1} %{buildroot}%{_sysconfdir}/containers/storage.conf
 install -p -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/containers/
 go-md2man -in %{SOURCE2} -out %{buildroot}%{_mandir}/man5/containers-storage.conf.5
 go-md2man -in %{SOURCE4} -out %{buildroot}%{_mandir}/man5/containers-registries.conf.5
-go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/policy.json.5
+go-md2man -in %{SOURCE6} -out %{buildroot}%{_mandir}/man5/containers-policy.json.5
+go-md2man -in %{SOURCE8} -out %{buildroot}%{_mandir}/man5/containers-mounts.conf.5
+go-md2man -in %{SOURCE9} -out %{buildroot}%{_mandir}/man5/containers-signature.5
+go-md2man -in %{SOURCE10} -out %{buildroot}%{_mandir}/man5/containers-transports.5
+go-md2man -in %{SOURCE11} -out %{buildroot}%{_mandir}/man5/containers-certs.d.5
+go-md2man -in %{SOURCE12} -out %{buildroot}%{_mandir}/man5/containers-registries.d.5
+
 
 mkdir -p %{buildroot}%{_datadir}/containers
 install -m0644 %{SOURCE3} %{buildroot}%{_datadir}/containers/mounts.conf
@@ -383,7 +394,7 @@ export GOPATH=%{buildroot}/%{gopath}:$(pwd)/vendor:%{gopath}
 %license LICENSE
 %doc README.md
 %{_bindir}/%{name}
-%{_mandir}/man1/%{name}.1*
+%{_mandir}/man1/%{name}*
 %dir %{_datadir}/bash-completion
 %dir %{_datadir}/bash-completion/completions
 %{_datadir}/bash-completion/completions/%{name}