conmon icon indicating copy to clipboard operation
conmon copied to clipboard

Published 20 hours ago verified publisher icon containers

fix(deps): update module github.com/containers/podman/v4 to v5

Open renovate[bot] opened this issue 3 months ago • 0 comments

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
github.com/containers/podman/v4 v4.5.0 -> v5.0.0 age adoption passing confidence

Release Notes

containers/podman (github.com/containers/podman/v4)

v5.0.0

Compare Source

5.0.0

Security
  • Fixed CVE-2024-1753 in Buildah and podman build which allowed a user to write files to the / directory of the host machine if selinux was not enabled.
Features
  • VMs created by podman machine can now use the native Apple hypervisor (applehv) when run on MacOS.
  • A new command has been added, podman machine reset, which will remove all existing podman machine VMs and relevant configurations.
  • The podman manifest add command now supports a new --artifact option to add OCI artifacts to a manifest list.
  • The podman create, podman run, and podman push commands now support the --retry and --retry-delay options to configure retries for pushing and pulling images.
  • The podman run and podman exec commands now support a new option, --preserve-fd, which allows passing a list of file descriptors into the container (as an alternative to --preserve-fds, which passes a specific number of file descriptors).
  • Quadlet now supports templated units (#​17744).
  • The podman kube play command can now create image-based volumes using the volume.podman.io/image annotation.
  • Containers created with podman kube play can now include volumes from other containers (similar to the --volumes-from option) using a new annotation, io.podman.annotations.volumes-from (#​16819).
  • Pods created with podman kube play can now set user namespace options through the the io.podman.annotations.userns annotation in the pod definition (#​20658).
  • Macvlan and ipvlan networks can adjust the name of the network interface created inside containers via the new containers.conf field interface_name (#​21313).
  • The --gpus option to podman create and podman run is now compatible with Nvidia GPUs (#​21156).
  • The --mount option to podman create and podman run supports a new mount option, no-dereference, to mount a symlink (instead of its dereferenced target) into a container (#​20098).
  • Podman now supports a new global option, --config, to point to a Docker configuration where we can source registry login credentials.
  • The podman ps --format command now supports a new format specifier, .Label (#​20957).
  • The uidmapping and gidmapping options to the podman run --userns=auto option can now map to host IDs by prefixing host IDs with the @ symbol.
  • Quadlet now supports systemd-style drop-in directories.
  • Quadlet now supports creating pods via new .pod unit files (#​17687).
  • Quadlet now supports two new keys, Entrypoint and StopTimeout, in .container files (#​20585 and #​21134).
  • Quadlet now supports specifying the Ulimit key multiple times in .container files to set more than one ulimit on a container.
  • Quadlet now supports setting the Notify key to healthy in .container files, to only sdnotify that a container has started when its health check begins passing (#​18189).
Breaking Changes
  • The backend for the podman machine commands has seen extensive rewrites. Configuration files have changed format and VMs from Podman 4.x and earlier are no longer usable. podman machine VMs must be recreated with Podman 5.
  • The podman machine init command now pulls images as OCI artifacts, instead of using HTTP. As a result, a valid policy.json file is required on the host. Windows and Mac installers have been changed to install this file.
  • QEMU is no longer a supported VM provider for podman machine on Mac. Instead, the native Apple hypervisor is supported.
  • The ConfigPath and Image fields are no longer provided by the podman machine inspect command. Users can also no longer use {{ .ConfigPath }} or {{ .Image }} as arguments to podman machine inspect --format.
  • The output of podman inspect for containers has seen a number of breaking changes to improve Docker compatibility, including changing Entrypoint from a string to an array of strings and StopSignal from an int to a string.
  • The podman inspect command for containers now returns nil for healthchecks when inspecting containers without healthchecks.
  • The podman pod inspect command now outputs a JSON array regardless of the number of pods inspected (previously, inspecting a single pod would omit the array).
  • It is no longer possible to create new BoltDB databases; attempting to do so will result in an error. All new Podman installations will now use the SQLite database backend. Existing BoltDB databases remain usable.
  • Support for CNI networking has been gated by a build tag and will not be enabled by default.
  • Podman will now print warnings when used on cgroups v1 systems. Support for cgroups v1 is deprecated and will be removed in a future release. The PODMAN_CGROUPSV1_WARNING environment variable can be set to suppress warnings.
  • Network statistics sent over the Docker API are now per-interface, and not aggregated, improving Docker compatibility.
  • The default tool for rootless networking has been swapped from slirp4netns to pasta for improved performance. As a result, networks named pasta are no longer supported.
  • The --image option replaces the now deprecated --image-path option for podman machine init.
  • The output of podman events --format "{{json .}}" has been changed to improve Docker compatibility, including the time and timeNano fields (#​14993).
  • The name of podman machine VMs and the username used within the VM are now validated and must match this regex: [a-zA-Z0-9][a-zA-Z0-9_.-]*.
  • Using multiple filters with the List Images REST API now combines the filters with AND instead of OR, improving Docker compatibility (#​18412).
  • The parsing for a number of Podman CLI options which accept arrays has been changed to no longer accept string-delineated lists, and instead to require the option to be passed multiple times. These options are --annotation to podman manifest annotate and podman manifest add, the --configmap, --log-opt, and --annotation options to podman kube play, the --pubkeysfile option to podman image trust set, the --encryption-key and --decryption-key options to podman create, podman run, podman push and podman pull, the --env-file option to podman exec, the --bkio-weight-device, --device-read-bps, --device-write-bps --device-read-iops, --device-write-iops, --device, --label-file, --chrootdirs, --log-opt, and --env-file options to podman create and podman run, and the --hooks-dir and --module global options.
Changes
  • The podman system reset command no longer waits for running containers to gracefully stop, and instead immediately sends SIGKILL (#​21874).
  • The podman network inspect command now includes running containers using the network in its output (#​14126).
  • The podman compose command is now supported on non-AMD64/ARM64 architectures.
  • VMs created by podman machine will now pass HTTP proxy environment variables into the VM for all providers.
  • The --no-trunc option to the podman kube play and podman kube generate commands has been deprecated. Podman now complies to the Kubernetes specification for annotation size, removing the need for this option.
  • The DOCKER_HOST environment variable will be set by default for rootless users when podman-docker is installed.
  • Connections from podman system connection and farms from podman farm are now written to a new configuration file called podman-connections.conf. As a result, Podman no longer writes to containers.conf. Existing connections from containers.conf will still be respected.
  • Most podman farm subcommands (save for podman farm build) no longer need to connect to the machines in the farm to run.
  • The podman create and podman run commands no longer require specifying an entrypoint on the command line when the container image does not define one. In this case, an empty command will be passed to the OCI runtime, and the resulting behavior is runtime-specific.
  • The default SELinux label for content mounted from the host in podman machine VMs on Mac is now system_u:object_r:nfs_t:s0 so that it can be shared with all containers without issue.
  • Newly-created VMs created by podman machine will now share a single SSH key key for access. As a result, podman machine rm --save-keys is deprecated as the key will persist by default.
Bugfixes
  • Fixed a bug where the podman stats command would not show network statistics when the pasta network mode was used.
  • Fixed a bug where podman machine VMs using the HyperV provider could not mount shares on directories that did not yet exist.
  • Fixed a bug where the podman compose command did not respect the --connection and --url options.
  • Fixed a bug where the podman stop -t -1 command would wait for 0 seconds, not infinite seconds, before sending SIGKILL (#​21811).
  • Fixed a bug where Podman could deadlock when cleaning up a container when the slirp4netns network mode was used with a restart policy of always or unless-stopped or on-failure and a user namespace (#​21477).
  • Fixed a bug where uninstalling Podman on Mac did not remove the docker.sock symlink (#​20650).
  • Fixed a bug where preexisting volumes being mounted into a new container using a path that exists in said container would not be properly chowned (#​21608).
  • Fixed a bug where the podman image scp command could fail if there was not sufficient space in the destination machine's /tmp for the image (#​21239).
  • Fixed a bug where containers killed by running out of memory (including due to a memory limit) were not properly marked as OOM killed in podman inspect (#​13102).
  • Fixed a bug where podman kube play did not create memory-backed emptyDir volumes using a tmpfs filesystem.
  • Fixed a bug where containers started with --rm were sometimes not removed after a reboot (#​21482).
  • Fixed a bug where the podman events command using the remote Podman client did not display the network name associated with network events (#​21311).
  • Fixed a bug where the podman farm build did not properly handle the --tls-verify option and would override server defaults even if the option was not set by the user (#​21352).
  • Fixed a bug where the podman inspect command could segfault on FreeBSD (#​21117).
  • Fixed a bug where Quadlet did not properly handle comment lines ending with a backslash (#​21555).
  • Fixed a bug where Quadlet would sometimes not report errors when malformed quadlet files were present.
  • Fixed a bug where Quadlet could hang when given a .container file with certain types of trailing whitespace (#​21109).
  • Fixed a bug where Quadlet could panic when generating from Kubernetes YAML containing the bind-mount-options key (#​21080).
  • Fixed a bug where Quadlet did not properly strip quoting from values in .container files (#​20992).
  • Fixed a bug where the --publish-all option to podman kube play did not function when used with the remote Podman client.
  • Fixed a bug where the podman kube play --build command could not build images whose Dockerfile specified an image from a private registry with a self-signed certificate in a FROM directive (#​20890).
  • Fixed a bug where container remove events did not have the correct exit code set (#​19124).
API
  • A new API endpoint, /libpod/images/$name/resolve, has been added to resolve a (potential) short name to a list of fully-qualified image references Podman which could be used to pull the image.
  • Fixed a bug where the List API for Images did not properly handle filters and would discard all but the last listed filter.
  • Fixed a bug in the Docker Create API for Containers where entries from /etc/hosts were copied into create containers, resulting in incompatibility with network aliases.
  • Fixed a bug in the Libpod and Docker Exec APIs for Containers which caused incorrect header values to be set when upgrading a connection for an interactive exec session.
  • The API bindings have been refactored to reduce code size, leading to smaller binaries (#​17167).
Misc
  • Failed image pulls will now generate an event including the error.
  • The gzip compression library used for sending build contexts, improving performance for remote podman build.
  • Updated Buildah to v1.35.1
  • Updated the containers/image library to v5.30.0
  • Updated the containers/storage library to v1.53.0
  • Updated the containers/common library to v0.58.0
  • Updated the libhvee library to v0.7.0

v4.9.3

Compare Source

Features
  • The podman container commit command now features a --config option which accepts a filename containing a JSON-encoded container configuration to be merged in to the newly-created image.

v4.9.2

Compare Source

Security
Misc
  • Updated Buildah to v1.33.5
  • Updated the containers/common library to v0.57.4

v4.9.1

Compare Source

Bugfixes
  • Fixed a bug where the --rootful option to podman machine set would not set the machine to use the root connection (#​21195).
  • Fixed a bug where podman would crash when running in a containerized environment with euid != 0 and capabilities set (#​20766).
  • Fixed a bug where the podman info command would crash on if called multiple times when podman was running as euid=0 without CAP_SYS_ADMIN (#​20908).
  • Fixed a bug where podman machine commands were not relayed to the correct machine on AppleHV (#​21115).
  • Fixed a bug where the podman machine list and podman machine inspect commands would not show the correct Last Up time on AppleHV (#​21244).
Misc
  • Updated the Mac pkginstaller QEMU to v8.2.1
  • Updated Buildah to v1.33.4
  • Updated the containers/image library to v5.29.2
  • Updated the containers/common library to v0.57.3

v4.9.0

Compare Source

Features
  • The podman farm suite of commands for multi-architecture builds is now fully enabled and documented.
  • Add a network recovery service to Podman Machine VMs using the QEMU backend to detect and recover from an inoperable host networking issues experienced by Mac users when running for long periods of time.
Bugfixes
  • Fixed a bug where the HyperV provider for podman machine did not forward the API socket to the host machine.
  • Fixed a bug where improperly formatted annotations passed to podman kube play could cause Podman to panic.
  • Fixed a bug where podman system reset could fail if non-Podman containers (e.g. containers created by Buildah) were present.
Misc
  • Containers run in podman machine VMs now default to a PID limit of unlimited, instead of 2048.

v4.8.3

Compare Source

Security

v4.8.2

Compare Source

Bugfixes
  • Fixed a bug in the MacOS pkginstaller where Podman machine was using a different QEMU binary than the one installed using the installer, if it existed on the system (#​20808).
  • Fixed a bug on Windows (WSL) with the first-time install of user-mode networking when using the init command, as opposed to set (#​20921).
Quadlet
  • Fixed a bug where Kube image build failed when starting service with missing image (#​20432).

v4.8.1

Compare Source

Bugfixes
  • Fixed a bug on Windows (WSL) where wsl.conf/resolv.conf was not restored when user-mode networking was disabled after being enabled (#​20625).
  • Fixed a bug where currently if user specifies podman kube play --replace, the pod is removed on the client side, not the server side (#​20705).
  • Fixed a bug where podman machine rm -f would cause a deadlock when running with WSL.
  • Fixed database is locked errors with the new sqlite database backend (#​20809).
  • Fixed a bug where podman-remote exec would fail if the server API version is older than 4.8.0 (#​20821).
  • Fixed a bug where Podman would not run any command on systems with a symlinked $HOME (#​20872).

v4.8.0

Compare Source

Features
  • Podman machine now supports HyperV as a provider on Windows. This option can be set via the CONTAINERS_MACHINE_PROVIDER environment variable, or via containers.conf. HyperV requires Powershell to be run as Admin. Note that running WSL and HyperV machines at the same time is not supported.
  • The podman build command now supports Containerfiles with heredoc syntax.
  • The podman login and podman logout commands now support a new option, --compat-auth-file, which allows for editing Docker-compatible config files (#​18617).
  • The podman machine init and podman machine set commands now support a new option, --usb, which sets allows USB passthrough for the QEMU provider (#​16707).
  • The --ulimit option now supports setting -1 to indicate the maximum limit allowed for the current process (#​19319).
  • The podman play kube command now supports the BUILDAH_ISOLATION environment variable to change build isolation when the --build option is set (#​20024).
  • The podman volume create command now supports --opt o=size=XYZ on tmpfs file systems (#​20449).
  • The podman info command for remote calls now reports client information even if the remote connection is unreachable
  • Added a new field, privileged, to containers.conf, which sets the defaults for the --privileged flag when creating, running or exec'ing into a container.
  • The podman kube play command now supports setting DefaultMode for volumes (#​19313).
  • The --opt option to the podman network create command now accepts a new driver specific option, vrf, which assigns a VRF to the bridge interface.
  • A new option --rdt-class=COS has been added to the podman create and podman run commands that enables assigning a container to a Class Of Service (COS). The COS has to be pre-configured based on a pseudo-filesystem created by the resctrl kernel driver that enables interacting with the Intel RDT CAT feature.
  • The podman kube play command now supports a new option, --publish-all, which exposes all containerPorts on the host.
  • The --filter option now supports label!=, which filters for containers without the specified label.
Upcoming Deprecations
  • We are beginning development on Podman 5.0, which will include a number of breaking changes and deprecations. We are still finalizing what will be done, but a preliminary list is below. Please note that none of these changes are present in Podman 4.8; this is a preview of upcoming changes.
  • Podman 5.0 will deprecate the BoltDB database backend. Exact details on the transition to SQLite are still being decided - expect more news here soon.
  • The containers.conf configuration file will be broken up into multiple separate files, ensuring that it will never be rewritten by Podman.
  • Support for the CNI network backend and Cgroups V1 are being deprecated and gated by build tags. They will not be enabled in Podman builds by default.
  • A variety of small breaking changes to the REST API are planned, both to improve Docker compatibility and to better support containers.conf settings when creating and managing containers.
Changes
  • Podman now defaults to sqlite as its database backend. For backwards compatibility, if a boltdb database already exists on the system, Podman will continue using it.
  • RHEL Subscriptions from the host now flow through to quay.io/podman/* images.
  • The --help option to the podman push command now shows the compression algorithm used.
  • The remote Podman client’s commit command now shows progress messages (#​19947).
  • The podman kube play command now sets the pod hostname to the node/machine name when hostNetwork=true in k8s yaml (#​19321).
  • The --tty,-t option to the podman exec command now defines the TERM environment variable even if the container is not running with a terminal (#​20334).
  • Podman now also uses the helper_binaries_dir option in containers.conf to lookup the init binary (catatonit).
  • Podman healthcheck events are now logged as notices.
  • Podman machines no longer automatically update, preventing accidental service interruptions (#​20122).
  • The amount of CPUs a podman machine uses now defaults to available cores/2 (#​17066).
  • Podman machine now prohibits using provider names as machine names. applehv, qemu, wsl, and hyperv are no longer valid Podman machine names
Quadlet
  • Quadlet now supports the UIDMap, GIDMap, SubUIDMap, and SubGIDMap options in .container files.
  • Fixed a bug where symlinks were not resolved in search paths (#​20504).
  • Quadlet now supports the ReadOnlyTmpfs option.
  • The VolatileTmpfs option is now deprecated.
  • Quadlet now supports systemd specifiers in User and Group keys.
  • Quadlet now supports ImageName for .image files.
  • Quadlet now supports a new option, --force, to the stop command.
  • Quadlet now supports the oneshot service type for .kube files, which allows yaml files without containers.
  • Quadlet now supports podman level arguments (#​20246).
  • Fixed a bug where Quadlet would crash when specifying non key-value options (#​20104).
  • Quadlet now removes anonymous volumes when removing a container (#​20070).
  • Quadlet now supports a new unit type, .image.
Bugfixes
  • Fixed a bug where mounted volumes on Podman machines on MacOS would have a max open files limit (#​16106).
  • Fixed a bug where setting both the --uts and --network options to host did not fill /etc/hostname with the host's name (#​20448).
  • Fixed a bug where the remote Podman client’s build command would incorrectly parse https paths (#​20475).
  • Fixed a bug where running Docker Compose against a WSL podman machine would fail (#​20373).
  • Fixed a race condition where parallel tagging and untagging of images would fail (#​17515).
  • Fixed a bug where the podman exec command would leak sessions when the specified command does not existFixed a bug where the podman exec command would leak sessions when the specified command does not exist (#​20392).
  • Fixed a bug where the podman history command did not display the size of certain layers (#​20375).
  • Fixed a bug where a container with a custom user namespace and --restart always/on-failure would not correctly cleanup the netnsm on restart, resulting in leaked ips and network namespaces (#​18615).
  • Fixed a bug where remote calls to the podman top command would incorrectly parse options (#​19176).
  • Fixed a bug where the --read-only-tmpfs option to the podman run command was incorrectly handled when the --read-only option was set (#​20225).
  • Fixed a bug where creating containers in parallel may cause a deadlock if both containers attempt to use the same named volume (#​20313).
  • Fixed a bug where a container restarted by the Podman service would occasionally not mount its storage (#​17042).
  • Fixed a bug where the --filter option to the podman images command would not correctly filter ids, digests, or intermediates (#​19966).
  • Fixed a bug where setting the --replace option to the podman run command would print both the old and new container ID. Now, only the new container ID is printed.
  • Fixed a bug where the podman machine ls command would show Creation time as LastUp time for machines that have never been booted. Now, new machines show Never, with the json value being ZeroTime.
  • Fixed a bug in the podman build command where the default pull policy was not set to missing (#​20125).
  • Fixed a bug where setting the static or volume directory in containers.conf would lead to cleanup errors (#​19938).
  • Fixed a bug where the podman kube play command exposed all containerPorts on the host (#​17028).
  • Fixed a bug where the podman farm update command did not verify farm and connection existence before updating (#​20080).
  • Fixed a bug where remote Podman calls would not honor the --connection option while the CONTAINER_HOST environment variable was set. The active destination is not resolved with the correct priority, that is, CLI flags, env vars, ActiveService from containers.conf, RemoteURI (#​15588).
  • Fixed a bug where the --env-host option was not honoring the default from containers.conf
API
  • Fixed a bug in the Compat Image Prune endpoint where the dangling filter was set twice (#​20469).
  • Fixed a bug in the Compat API where attempting to connect a container to a network while the connection already exists returned a 200 status code. It now correctly returns a 500 error code.
  • Fixed a bug in the Compat API where some responses would not have compatible error details if progress data had not been sent yet (#​20013).
  • The Libpod Pull endpoint now supports a new option, compatMode which causes the streamed JSON payload to be identical to the Compat endpoint.
  • Fixed a bug in the Libpod Container Create endpoint where it would return an incorrect status code if the image was not found. The endpoint now correctly returns 404.
  • The Compat Network List endpoint should see a significant performance improvement (#​20035).
Misc
  • Updated Buildah to v1.33.2
  • Updated the containers/storage library to v1.51.0
  • Updated the containers/image library to v5.29.0
  • Updated the containers/common library to v0.57.0
  • Updated the containers/libhvee library to v0.5.0
  • Podman Machine now runs with gvproxy v0.7.1

v4.7.2

Compare Source

Security
Bugfixes
  • WSL: Fixed podman compose command.
  • Fixed a bug in podman compose to try all configured providers before throwing an error (#​20502).

v4.7.1

Compare Source

Bugfixes
  • Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#​20209).
  • Fixed a regression in --env-file handling (#​19565).
  • Fixed a bug where podman inspect would fail when stat'ing a device failed.
API
  • The network list compat API endpoint is now much faster (#​20035).

v4.7.0

Compare Source

Security
  • Now the io.containers.capabilities LABEL in an image can be an empty string.
Features
  • New command set: podman farm [create,list,remove,update] has been created to "farm" out builds to machines running Podman for different architectures.
  • New command: podman compose as a thin wrapper around an external compose provider such as docker-compose or podman-compose.
  • FreeBSD: podman run --device is now supported.
  • Linux: Add a new --module flag for Podman.
  • Podmansh: Timeout is now configurable using the podmansh_timeout option in containers.conf.
  • SELinux: Add support for confined users to create containers but restrict them from creating privileged containers.
  • WSL: Registers shared socket bindings on Windows, to allow other WSL distributions easy remote access (#​15190).
  • WSL: Enabling user-mode-networking on older WSL2 generations will now detect an error with upgrade guidance.
  • The podman build command now supports two new options: --layer-label and --cw.
  • The podman kube generate command now supports generation of k8s DaemonSet kind (#​18899).
  • The podman kube generate and podman kube play commands now support the k8s TerminationGracePeriodSeconds field (RH BZ#2218061).
  • The podman kube generate and podman kube play commands now support securityContext.procMount: Unmasked (#​19881).
  • The podman generate kube command now supports a --podman-only flag to allow podman-only reserved annotations to be used in the generated YAML file. These annotations cannot be used by Kubernetes.
  • The podman kube generate now supports a --no-trunc flag that supports YAML files with annotations longer than 63 characters. Warning: if an annotation is longer than 63 chars, then the generated yaml file is not Kubernetes compatible.
  • An infra name annotation io.podman.annotations.infra.name is added in the generated yaml when the pod create command has --infra-name set. This annotation can also be used with kube play when wanting to customize the infra container name (#​18312).
  • The syntax of --uidmap and --gidmap has been extended to lookup the parent user namespace and to extend default mappings (#​18333).
  • The podman kube commands now support the List kind (#​19052).
  • The podman kube play command now supports environment variables in kube.yaml (#​15983).
  • The podman push and podman manifest push commands now support the --force-compression optionto prevent reusing other blobs (#​18860).
  • The podman manifest push command now supports --add-compression to push with compressed variants.
  • The podman manifest push command now honors the add_compression field from containers.conf if --add-compression is not set.
  • The podman run and podman create --mount commands now support the ramfs type (#​19659).
  • When running under systemd (e.g., via Quadlet), Podman will extend the start timeout in 30 second steps up to a maximum of 5 minutes when pulling an image.
  • The --add-host option now accepts the special string host-gateway instead of an IP Address, which will be mapped to the host IP address.
  • The podman generate systemd command is deprecated. Use Quadlet for running containers and pods under systemd.
  • The podman secret rm command now supports an --ignore option.
  • The --env-file option now supports multiline variables (#​18724).
  • The --read-only-tmpfs flag now affects /dev and /dev/shm as well as /run, /tmp, /var/tmp (#​12937).
  • The Podman --mount option now supports bind mounts passed as globs.
  • The --mount option can now be specified in containers.conf using the mounts field.
  • The podman stats now has an --all option to get all containers stats (#​19252).
  • There is now a new --sdnotify=healthy policy where Podman sends the READY message once the container turns healthy (#​6160).
  • Temporary files created when dealing with images in /var/tmp will automatically be cleaned up on reboot.
  • There is now a new filter option since for podman volume ls and podman volume prune (#​19228).
  • The podman inspect command now has tab-completion support (#​18672).
  • The podman kube play command now has support for the use of reserved annotations in the generated YAML.
  • The progress bar is now displayed when decompressing a Podman machine image (#​19240).
  • The podman secret inspect command supports a new option --showsecret which will output the actual secret.
  • The podman secret create now supports a --replace option, which allows you to modify secrets without replacing containers.
  • The podman login command can now read the secret for a registry from its secret database created with podman secret create (#​18667).
  • The remote Podman client’s podman play kube command now works with the --userns option (#​17392).
Changes
  • The /tmp and /var/tmp inside of a podman kube play will no longer be noexec.
  • The limit of inotify instances has been bumped from 128 to 524288 for podman machine (#​19848).
  • The podman kube play has been improved to only pull a newer image for the "latest" tag (#​19801).
  • Pulling from an oci transport will use the optional name for naming the image.
  • The podman info command will always display the existence of the Podman socket.
  • The echo server example in socket_activation.md has been rewritten to use quadlet instead of podman generate systemd.
  • Kubernetes support table documentation correctly show volumes support.
  • The podman auto-update manpage and documentation has been updated and now includes references to Quadlet.
Quadlet
  • Quadlet now supports setting Ulimit values.
  • Quadlet now supports setting the PidsLimit option in a container.
  • Quadlet unit files allow DNS field in Network group and DNS, DNSSearch, and DNSOption field in Container group (#​19884).
  • Quadlet now supports ShmSize option in unit files.
  • Quadlet now recursively calls in user directories for unit files.
  • Quadlet now allows the user to set the service working directory relative to the YAML or Unit files (17177).
  • Quadlet now allows setting user-defined names for Volume and Network units via the VolumeName and NetworkName directives, respectively.
  • Kube quadlets can now support autoupdate.
Bugfixes
  • Fixed an issue where containers were being restarted after a podman kill.
  • Fixed a bug where events could report incorrect healthcheck results (#​19237).
  • Fixed a bug where running a container in a pod didn't fail if volumes or mounts were specified in the containers.conf file.
  • Fixed a bug where pod cgroup limits were not being honored after a reboot (#​19175).
  • Fixed a bug where podman rm -af could fail to remove containers under some circumstances (#​18874).
  • Fixed a bug in rootless to clamp oom_score_adj to current value if it is too low (#​19829).
  • Fixed a bug where --hostuser was being parsed in base 8 instead of base 10 (#​19800).
  • Fixed a bug where kube down would error when an object did not exist (#​19711).
  • Fixed a bug where containers created via DOCKER API without specifying StopTimeout had StopTimeout defaulting to 0 seconds (#​19139).
  • Fixed a bug in podman exec to set umask to match the container it's execing into (#​19713).
  • Fixed a bug where podman kube play failed to set a container's Umask to the default 0022.
  • Fixed a bug to automatically reassign Podman's machine ssh port on Windows when it conflicts with in-use system ports (#​19554).
  • Fixed a bug where locales weren't passed to conmon correctly, resulting in a crash if some characters were specified over CLI (containers/common/#​272).
  • Fixed a bug where podman top would sometimes not print the full output (#​19504).
  • Fixed a bug were podman logs --tail could return incorrect lines when the k8s-file logger is used (#​19545).
  • Fixed a bug where podman stop did not ignore cidfile not existing when user specified --ignore flag (#​19546).
  • Fixed a bug where a container with an image volume and an inherited mount from the --volumes-from option that used the same path could not be created (#​19529).
  • Fixed a bug where podman cp via STDIN did not delete temporary files (#​19496).
  • Fixed a bug where Compatibility API did not accept timeout=-1 for stopping containers (#​17542).
  • Fixed a bug where podman run --rmi did not remove the container (#​15640).
  • Fixed a bug to recover from inconsistent podman-machine states with QEMU (#​16054).
  • Fixed a bug where CID Files on remote clients are not removed when container is removed (#​19420).
  • Fixed a bug in podman inspect to show a .NetworkSettings.SandboxKey path for containers created with --net=none (#​16716).
  • Fixed a concurrency bug in podman machine start using the QEMU provider (#​18662).
  • Fixed a bug in podman run and podman create where the command fails if the user specifies a non-existent authfile path (#​18938).
  • Fixed a bug where some distributions added extra quotes around the distribution name removed from podman info output (#​19340).
  • Fixed a crash validating --device argument for create and run (#​19335).
  • Fixed a bug where .HostConfig.PublishAllPorts always evaluates to false when inspecting a container created with --publish-all.
  • Fixed a bug in podman image trust command to allow using the local policy.json file (#​19073).
  • Fixed a bug where the cgroup file system was not correctly mounted when running without a network namespace in rootless mode (#​20073).
  • Fixed a bug where the --syslog flag was not passed to the cleanup process.
API
  • Fixed a bug with parsing of the pull query parameter for the compat /build endpoint (#​17778).
Misc
  • Updated Buildah to v1.32.0.

v4.6.2

Compare Source

Changes
  • Fixed a performance issue when calculating diff sizes in overlay. The podman system df command should see a significant performance improvement (#​19467).
Bugfixes
  • Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy (#​19671).
API
  • Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean (#​17778).
Misc
  • Updated the containers/storage library to v1.48.1

v4.6.1

Compare Source

Quadlet
  • Quadlet now selects the first Quadlet file found when multiple Quadlets exist with the same name.
API
  • Fixed a bug in the container kill endpoint to correctly return 409 when a container is not running (#​19368).
Misc
  • Updated Buildah to v1.31.2
  • Updated the containers/common library to v0.55.3

v4.6.0

Compare Source

Features
  • The podman manifest inspect command now supports the --authfile option, for authentication purposes.
  • The podman wait command now supports --condition={healthy,unhealthy}, allowing waits on successful health checks.
  • The podman push command now supports a new option, --compression-level, which specifies the compression level to use (#​18939).
  • The podman machine start command, when run with --log-level=debug, now creates a console window to display the virtual machine while booting.
  • Podman now supports a new option, --imagestore, which allows images to be stored in a different directory than the graphroot.
  • The --ip-range option to the podman network create command now accepts a new syntax, <startIP>-<endIP>, which allows more flexibility when limiting the ip range that Podman assigns.
  • [Tech Preview] A new command, podmansh, has been added, which executes a user shell within a container when the user logs into the system. The container that the users get added to can be defined via a Podman Quadlet file. This feature is currently a Tech Preview which means it's ready for users to try out but changes can be expected in upcoming versions.
  • The podman network create command supports a new --option, bclim, for the macvlan driver.
  • The podman network create command now supports adding static routes using the --route option.
  • The podman network create command supports a new --option, no_default_route for all drivers.
  • The podman info command now prints network information about the binary path, package version, program version and DNS information (#​18443).
  • The podman info command now displays the number of free locks available, helping to debug lock exhaustion scenarios.
  • The podman info command now outputs information about pasta, if it exists in helper_binaries_dir or $PATH.
  • The remote Podman client’s podman build command now accepts Containerfiles that are not in the context directory (#​18239).
  • The remote Podman client’s podman play kube command now supports the --configmap option (#​17513).
  • The podman kube play command now supports multi-doc YAML files for configmap arguments. (#​18537).
  • The podman pod create command now supports a new flag, --restart, which sets the restart policy for all the containers in a pod.
  • The --format={{.Restarts}} option to the podman ps command now shows the number of times a container has been restarted based on its restart policy.
  • The --format={{.Restarts}} option to the podman pod ps command now shows the total number of container restarts in a pod.
  • The podman machine provider can now be specified via the CONTAINERS_MACHINE_PROVIDER environment variable, as well as via the provider field in containers.conf (#​17116).
  • A default list of pasta arguments can now be set in containers.conf via pasta_options.
  • The podman machine init and podman machine set commands now support a new option, --user-mode-networking, which improves interops with VPN configs that drop traffic from WSL networking, on Windows.
  • The remote Podman client’s podman push command now supports the --digestfile option (#​18216).
  • Podman now supports a new option, --out, that allows redirection or suppression of STDOUT (#​18120).
Changes
  • When looking up an image by digest, the entire repository of the specified value is now considered. This aligns with Docker's behavior since v20.10.20. Previously, both the repository and the tag was ignored and Podman looked for an image with only a matching digest. Ignoring the name, repository, and tag of the specified value can lead to security issues and is considered harmful.
  • The podman system service command now emits a warning when binding to a TCP socket. This is not a secure configuration and the Podman team recommends against using it.
  • The podman top command no longer depends on ps(1) being present in the container image and now uses the one from the host (#​19001).
  • The --filter id=xxx option will now treat xxx as a CID prefix, and not as a regular expression (#​18471).
  • The --filter option now requires multiple --filter flags to specify multiple filters. It will no longer support the comma syntax (--filter label=a,label=b).
  • The slirp4netns binary for will now be searched for in paths specified by the helper_binaries_dir option in containers.conf (#​18239).
  • Podman machine now updates /run/docker.sock within the guest to be consistent with its rootless/rootful setting (#​18480).
  • The podman system df command now counts files which podman generates for use with specific containers as part of the disk space used by those containers, and which can be reclaimed by removing those containers. It also counts space used by files it associates with specific images and volumes as being used by those images and volumes.
  • The podman build command now returns a clearer error message when the Containerfile cannot be found. (#​16354).
  • Containers created with --pid=host will no longer print errors on podman stop (#​18460).
  • The podman manifest push command no longer requires a destination to be specified. If a destination is not provided, the source is used as the destination (#​18360).
  • The podman system reset command now warns the user that the graphroot and runroot directories will be deleted (#​18349), (#​18295).
  • The package and package-install targets in Makefile have now been fixed and also renamed to rpm and rpm-install respectively for clarity (#​18817).
Quadlet
  • Quadlet now exits with a non-zero exit code when errors are found (#​18778).
  • Rootless podman quadlet files can now be installed in /etc/containers/systemd/users directory.
  • Quadlet now supports the AutoUpdate option.
  • Quadlet now supports the Mask and Unmask options.
  • Quadlet now supports the WorkingDir option, which specifies the default working dir in a container.
  • Quadlet now supports the Sysctl option, which sets namespaced kernel parameters for containers (#​18727).
  • Quadlet now supports the SecurityLabelNetsted=true option, which allows nested SELinux containers.
  • Quadlet now supports the Pull option in .container files (#​18779).
  • Quadlet now supports the ExitCode field in .kube files, which reflects the exit codes of failed containers.
  • Quadlet now supports PodmanArgs field.
  • Quadlet now supports the HostName field, which sets the container's host name, in .container files (#​18486).
Bugfixes
  • Fixed a bug where the podman machine start command would fail with a 255 exit code. It now waits for systemd-user sessions to be up, and for SSH to be ready, addressing the flaky machine starts (#​17403).
  • Fixed a bug where the podman auto update command did not correctly use authentication files when contacting container registries.
  • Fixed a bug where --label option to the podman volume ls command would return volumes that matched any of the filters, not all of them (#​19219).
  • Fixed a bug where the podman kube play command did not recognize containerPort names inside Kubernetes liveness probes. Now, liveness probes support both containerPort names as well as port numbers (#​18645).
  • Fixed a bug where the --dns option to the podman run command was ignored for macvlan networks (#​19169).
  • Fixed a bug in the podman system service command where setting LISTEN_FDS when listening on TCP would misbehave.
  • Fixed a bug where hostnames were not recognized as a network alias. Containers can now resolve other hostnames, in addition to their names (#​17370).
  • Fixed a bug where the podman pod run command would error after a reboot on a non-systemd system (#​19175).
  • Fixed a bug where the --syslog option returned a fatal error when no syslog server was found (#​19075).
  • Fixed a bug where the `--moun

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • [ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

renovate[bot] avatar Mar 19 '24 18:03 renovate[bot]