From 719024a2c13207de1f60ff82373f1a154634fee8 Mon Sep 17 00:00:00 2001
From: Colin Walters <walters@verbum.org>
Date: Sat, 23 Sep 2023 08:27:45 -0400
Subject: [PATCH] tier-1: Enable recommends, fix podman

We were missing `container-selinux`...oops.  Fix that.  While
we're here..

- Fully re-enable `recommends: true` - this is not a small image,
  and so let's not try to override things.
- Drop out the old-style compat networking packages for podman,
  since this is a new image
---
 tier-1/manifest.yaml        | 20 +++-----------------
 tier-1/podman.yaml          |  7 +++++++
 tier-1/user-experience.yaml |  4 ----
 3 files changed, 10 insertions(+), 21 deletions(-)
 create mode 100644 tier-1/podman.yaml

diff --git a/tier-1/manifest.yaml b/tier-1/manifest.yaml
index 2e3b38f..983b180 100644
--- a/tier-1/manifest.yaml
+++ b/tier-1/manifest.yaml
@@ -1,8 +1,11 @@
+# Flip this back on, we're going to be a larger system
+recommends: true
 
 include:
   - manifest-tier-0.yaml
   - bootable-rpm-ostree.yaml
   - dnf.yaml
+  - podman.yaml
   - firmware.yaml
   - networking-tools.yaml
   - system-configuration.yaml
@@ -14,23 +17,6 @@ packages:
   # Include and set the default editor
   - nano
   - fuse-overlayfs slirp4netns
-  # support for old style CNI networks and name resolution for
-  # podman containers with CNI networks
-  # https://github.com/coreos/fedora-coreos-tracker/issues/519
-  # https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071338097
-  - containernetworking-plugins podman-plugins dnsmasq
-  # For podman v4 netavark gets pulled in but it only recommends
-  # aardvark-dns (which provides name resolution based on container
-  # names). This functionality was previously provided by dnsname from
-  # podman-plugins in the podman v3 stack.
-  # See https://github.com/containers/netavark/pull/217
-  - aardvark-dns
-  # Since we need `containernetworking-plugins` installed to continue
-  # to support CNI networks we need to also explicitly install
-  # `netavark` so we get both of them installed since both of them
-  # provide `container-network-stack`.
-  # https://github.com/coreos/fedora-coreos-tracker/issues/1128#issuecomment-1071458717
-  - netavark
   # Minimal NFS client
   - nfs-utils-coreos
   # Additional firewall support; we aren't including these in RHCOS or they
diff --git a/tier-1/podman.yaml b/tier-1/podman.yaml
new file mode 100644
index 0000000..6c40c5d
--- /dev/null
+++ b/tier-1/podman.yaml
@@ -0,0 +1,7 @@
+# Core podman bits
+
+packages:
+  - crun
+  - podman
+  - container-selinux
+  - skopeo
diff --git a/tier-1/user-experience.yaml b/tier-1/user-experience.yaml
index b4ea30a..2118b67 100644
--- a/tier-1/user-experience.yaml
+++ b/tier-1/user-experience.yaml
@@ -34,9 +34,5 @@ packages:
   - kexec-tools
   # Remote Access
   - openssh-clients openssh-server
-  # Container tooling
-  - crun
-  - podman
-  - skopeo
   # nvme-cli for managing nvme disks
   - nvme-cli