File podman.changes of Package podman

Overview Repositories Revisions Requests Users Attributes Meta

File podman.changes of Package podman

-------------------------------------------------------------------
Tue Mar 18 06:51:33 UTC 2025 - Danish Prakash <danish.prakash@suse.com>

- Add patch for CVE-2025-22869 (bsc#1239330):
  * 0006-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
  * 0004-http2-close-connections-when-receiving-too-many-head.patch
  * 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch

-------------------------------------------------------------------
Mon Mar  3 05:42:37 UTC 2025 - Danish Prakash <danish.prakash@suse.com>

- Add patch for CVE-2025-27144 (bsc#1237641):
  * 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
  * 0004-http2-close-connections-when-receiving-too-many-head.patch

-------------------------------------------------------------------
Fri Feb  7 14:16:17 UTC 2025 - Danish Prakash <danish.prakash@suse.com>

- Add patch for CVE-2023-45288 (bsc#1236507):
  * 0004-http2-close-connections-when-receiving-too-many-head.patch
- Add supplemental patch for CVE-2024-6104 (bsc#1227052):
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch

-------------------------------------------------------------------
Thu Jan 23 07:36:42 UTC 2025 - Danish Prakash <danish.prakash@suse.com>

- Add patch for  CVE-2024-11218 (bsc#1236270):
  * 0002-vendor-update-c-buildah-to-1.33.12.patch
- Rebase patch:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
- Removed patches (merged upstream and into the new patch):
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
  * 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
  * 0004-Properly-validate-cache-IDs-and-sources.patch
  * 0005-Use-securejoin.SecureJoin-when-forming-userns-paths.patch

-------------------------------------------------------------------
Tue Oct 22 06:36:40 UTC 2024 - Danish Prakash <danish.prakash@suse.com>

- Add patch for CVE-2024-9676 (bsc#1231698):
  * 0005-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
- Rebase patches:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
  * 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
  * 0004-Properly-validate-cache-IDs-and-sources.patch

-------------------------------------------------------------------
Fri Oct 18 11:45:50 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Load ip_tables and ip6_tables kernel module (bsc#1214612)
  * Required for rootless mode as a regular user has no permission
    to load kernel modules

-------------------------------------------------------------------
Tue Oct 15 16:56:51 UTC 2024 - Danish Prakash <danish.prakash@suse.com>

- Add patch for CVE-2024-9675 (bsc#1231499):
  * 0004-Properly-validate-cache-IDs-and-sources.patch
- Add patch for CVE-2024-9407 (bsc#1231208):
  * 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
- Rebase patches:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch

-------------------------------------------------------------------
Thu Oct  3 07:05:10 UTC 2024 - Danish Prakash <danish.prakash@suse.com>

- Add patch for CVE-2024-9341 (bsc#1231230):
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
- Rebase patch:
  * 0001-Backport-fix-for-CVE-2024-6104.patch

-------------------------------------------------------------------
Mon Jul  1 05:41:23 UTC 2024 - Dan Čermák <dcermak@suse.com>

- Add patch to fix bsc#1227052 / CVE-2024-6104:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
- Add missing BuildRequires man

-------------------------------------------------------------------
Fri Jun 07 12:56:18 UTC 2024 - danish.prakash@suse.com

- Remove upstreamed patches:
  - 0001-CVE-2024-1753-container-escape-fix.patch
- Update to version 4.9.5:
  * Bump to v4.9.5
  * Update release notes for v4.9.5
  * fix "concurrent map writes" in network ls compat endpoint
  * [v4.9] Fix for CVE-2024-3727 (bsc#1224122)
  * Disable failing bud test
  * CI Maintenance: Disable machine tests
  * [CI:DOCS] Allow downgrade of WiX
  * [CI:DOCS] Force WiX 3.11
  * [CI:DOCS] Fix windows installer action
  * Bump to v4.9.5-dev
  * Bump to v4.9.4
  * Update release notes for v4.9.4
  * [v4.9] Bump Buildah to v1.33.7, CVE-2024-1753, CVE-2024-24786 (bsc#1226136)
  * Add farm command to commands list
  * Bump to FreeBSD 13.3 (13.2 vanished)
  * Update health-start-periods docs
  * Don't update health check status during initialDelaySeconds
  * image scp: don't require port for ssh URL
  * Ignore docker's end point config when the final network mode isn't bridge.
  * Fix running container from docker client with rootful in rootless podman.
  * [skip-ci] Packit: remove koji and bodhi tasks for v4.9
  * Bump to v4.9.4-dev
  * Bump to v4.9.3
  * Release notes for v4.9.3
  * Remove gitleaks scanning
  * [v4.9] [skip-ci] packit: update fedora downstream branches
  * @@option volume.image: be specific that -v only affects RUN
  * Accept a config blob alongside the "changes" slice when committing
  * container create: use ParseUserNamespace to parse a user namespace setting
  * Bump to v4.9.3-dev
  * Bump to v4.9.2
  * Release notes for v4.9.2
  * Cirrus: Update operating branch
  * [v4.9] Bump to c/common v0.57.4, buildkit v0.12.5, c/buidah v1.33.5
  * Fix updated runc dep breaking pod devices cgroup
  * systests: kube with policies test: fix race
  * Remove go.mod pin of runc and update to latest
  * systests: kube with policies test: fix race
  * Bump to v4.9.2-dev
  * Bump to v4.9.1
  * Release notes for v4.9.1
  * [v4.9] Bump Buildah to v1.33.4, c/common v0.57.3, c/image v5.29.2
  * pkginstaller: bump Qemu version to 8.2.1
  * Assign separate ports for each appleHV machine
  * Fix machine inspect test config
  * AppleHV: update LastUp time
  * applehv: return socket path from setupAPIForwarding
  * applehv: Remove unneeded cmd.ExtraFiles assignment
  * abi: drop check for IsRootless()
  * system: enhance check for re-exec into rootless userns
  * system: enhance check for re-exec into rootless userns
  * Fix `podman machine set --rootful` for applehv
  * applehv - fix vm lookup
  * rpm: use go-rpm-macros on RHEL 10
  * Bump to v4.9.1-dev
  * Bump to v4.9.0
  * Fix a small grammar error in RELEASE_NOTES.md
  * Fix push endpoint stream
  * Finalized release notes for v4.9.0
  * farm build: push built images to registry
  * Move the --farm flag to farm build command
  * Clean up farm-build miscommit
  * [CI:DOCS] Add podman farm build doc
  * Add release notes for v4.9.0
  * gvproxy: Update to 0.7.2 release
  * [v4.9] Bump Buildah to v1.33.3, c/common to v0.57.2, c/image to v5.29.1
  * Add a net health recovery service to Qemu machines
  * Set up podman machine remote user correctly
  * Remove Libpod special-init conditions
  * Fix `podman system reset` with external containers
  * [v4.8] podman kube play: fix broken annotation parsing
  * feat: disable pid max in the podman machine
  * systests: cp: add wait_for_ready
  * System tests: fixes for RHEL8 gating failures
  * Add API forwarding support for HyperV
  * bump to v4.8.4-dev

-------------------------------------------------------------------
Tue Mar 19 14:14:17 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Add patch for CVE-2024-1753 (bsc#1221677):
  0001-CVE-2024-1753-container-escape-fix.patch

-------------------------------------------------------------------
Thu Jan 04 05:59:42 UTC 2024 - danish.prakash@suse.com

- Update to version 4.8.3:
  * Release v4.8.3
  * Update RELEASE_NOTES.md for v4.8.3
  * update module golang.org/x/crypto to v0.17.0 [security]
  * Error on HyperV VM start when gvproxy has failed to start
  * bump release to v4.8.3-dev

-------------------------------------------------------------------
Wed Dec 13 12:51:44 UTC 2023 - Fabian Vogt <fvogt@suse.com>

- Refactor network backend dependencies:
  * podman requires either netavark or cni-plugins. On ALP, require
    netavark, otherwise prefer netavark but don't force it.
  * This fixes missing cni-plugins in some scenarios
  * Default to netavark everywhere where it's available

-------------------------------------------------------------------
Mon Dec 11 16:13:48 UTC 2023 - kastl@b1-systems.de

- Update to version 4.8.2:
  * v4.8.2
  * [CI:DOCS] Update RELEASE_NOTES.md for v4.8.2
  * Kube Play - set ReportWriter when building an image
  * Fix user-mode net init flag on first time install
  * bump c/common to v0.57.1
  * bump version to v4.8.2-dev

-------------------------------------------------------------------
Thu Dec  7 08:43:26 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Default to the new networking backend, netavark, on openSUSE (bsc#1217828)

-------------------------------------------------------------------
Wed Dec 06 06:02:02 UTC 2023 - danish.prakash@suse.com

- Update to version 4.8.1:
  * v4.8.1
  * Update RELEASE_NOTES.md for v4.8.1
  * Handle symlinks when checking DB vs runtime configs
  * libpod: Detect whether we have a private UTS namespace on FreeBSD
  * pkg/bindings: add new APIVersionError error type
  * fix podman-remote exec regression with v4.8
  * sqlite: fix issue in ValidateDBConfig()
  * sqlite: fix missing Commit() in RemovePodContainers()
  * sqlite: set busy timeout to 100s
  * Fix locking error in WSL machine rm -f
  * Gating test fixes
  * If API calls for kube play --replace, then replace pod
  * Fix wsl.conf generation when user-mode-networking is disabled
  * Bump to v4.8.1-dev

-------------------------------------------------------------------
Tue Nov 28 05:56:48 UTC 2023 - danish.prakash@suse.com

- Update to version 4.8.0:
  * Bump to v4.8.0
  * Update release notes for 4.8.0
  * Add notes on upcoming deprecations to release notes
  * [v4.8] Bump to Buildah v1.33.2
  * [CI:DOCS] Update release notes
  * machine applehv: create better error on start failure
  * Bump to v4.8.0-dev
  * Bump to v4.8.0-rc1
  * Create release notes for v4.8.0
  * Update release notes from v4.7 branch
  * Cirrus: Update operating branch
  * rootless_tutorial: modernize
  * Bump Buildah to v1.33.1
  * Bump Buildah to v1.33.0
  * Update to libhvee 0.5.0
  * vmtypes names cannot be used as machine names
  * Add support for --compat-auth-file in login/logout
  * Update tests for a c/common error message change
  * Update c/image and c/common to latest, c/buildah to main
  * CI: test overlay and vfs
  * [CI:DOCS] Add link to podman py docs
  * Test fixes for debian
  * pasta tests: remove some skips
  * VM images: bump to 2023-11-16
  * fix(deps): update module k8s.io/kubernetes to v1.28.4 [security]
  * [CI:DOCS] Machine test timeout env var
  * Quadlet - add support for UID and GID Mapping
  * Quadlet - Allow using symlink on the base search paths
  * [skip-ci] Update dessant/lock-threads action to v5
  * Avoid empty SSH keys on applehv
  * qemu,parseUSB: minor refactor
  * fix(deps): update module github.com/gorilla/handlers to v1.5.2
  * docs: fix relabeling command
  * Pass secrets from the host down to internal podman containers
  * (Temporary) Emergency CI fix: quay search is broken
  * Update podman-stats.1.md.in
  * [CI:BUILD] packit: handle builds for RC releases
  * Quadlet test - add case for multi = sign in mount
  * set RLIMIT_NOFILE soft limit to match the hard limit on mac
  * rootless: use functionalities from c/storage
  * CI: e2e: fix a smattering of test bugs that slipped in
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.1
  * vendor: update c/storage
  * Improve the documentation of quadlet
  * Fix socket mapping socket mapping nits
  * fix(deps): update module golang.org/x/tools to v0.15.0
  * fix(deps): update github.com/containers/libhvee digest to 9651e31
  * [skip-ci] Update github/issue-labeler action to v3.3
  * Document --userns=auto behaviour for rootless users
  * machine: qemu: add usb host passthrough
  * fix(deps): update module golang.org/x/net to v0.18.0
  * fix(deps): update module github.com/onsi/gomega to v1.30.0
  * Refactor Ignition configuration for virt providers
  * [CI:BUILD] rpm: disable GOPROXY
  * Automatic code cleanups - JetBrains
  * Refactor key machine objects
  * systests: add [NNN] prefix in logs, NNN = filename
  * systests: add a last-minute check for db backend
  * applehv: allow virtiofs to mount to /
  * Run codespell on podman
  * update completion scripts for cobra v1.8.0
  * Fix man page display of podman-kube-generate
  * Try to fix the broken formatting of man podman‐kube‐apply(1).
  * fix(deps): update module golang.org/x/text to v0.14.0
  * docs: make CNI removal explicit
  * fix(deps): update module github.com/gorilla/mux to v1.8.1
  * fix(deps): update module github.com/spf13/cobra to v1.8.0
  * fix(deps): update module golang.org/x/sync to v0.5.0
  * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18
  * Podman push --help should reveal default compression
  * Update container-device-interface (CDI) to v0.6.2
  * fix: adjust helper string in machine_common
  * fix: adjust helper string in machine_common
  * remote,test: remove .dockerignore which is a symlink
  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
  * fix: adjust helper string in machine_common
  * vendor: update github.com/coreos/go-systemd/v22 to latest main
  * CI: default to sqlite
  * vendor: update c/common
  * check system connections before machine init
  * Consume OCI images for machine image
  * freebsd: drop dead code
  * libpod: make removePodCgroup linux specific
  * containers: drop special handling for ErrCgroupV1Rootless
  * compose: fix compose provider debug message
  * image: replace GetStoreImage with ResolveReference
  * vendor: bump c/image to 373c52a9466f
  * Refactor machine socket mapping
  * AppleHV: Fix machine rm error message
  * Add status messages to podman --remote commit
  * End-of-Life policy for github issues
  * fix(deps): update module github.com/shirou/gopsutil/v3 to v3.23.10
  * Support passing of Ulimits as -1 to mean max
  * fix(deps): update github.com/docker/go-connections digest to 0b8c1f4
  * fix(deps): update github.com/crc-org/vfkit digest to f3c783d
  * Log gvproxy and server9 to file on log-level=debug
  * Change to using gopsutil for cross-OS process ops
  * Initial addition of 9p code to Podman
  * libpod: fix /etc/hostname with --uts=host
  * systests: stty test: retry once on flake
  * systests: pasta: avoid hangs
  * Fix secrets scanning GHA Workflow
  * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
  * docs: clarify systemd cgroup mount
  * podman build --remote URI Dockerfile shoud not be treated as file
  * Small fixes for wacko CI environments
  * Do not add powercap mask if no paths are masked
  * compose: try all possible providers before throwing an error
  * podman kube play --replace should force removal of pods and containers
  * Sort kube options alphabetically
  * container.conf: support attributed string slices
  * CI: podman farm tests cleanup
  * Mask /sys/devices/virtual/powercap
  * Update module github.com/google/uuid to v1.4.0
  * fix(deps): update module github.com/docker/docker to v24.0.7+incompatible
  * fix(deps): update module go.etcd.io/bbolt to v1.3.8
  * CI: systest: safer random_rfc1918_subnet
  * CI: e2e: safer GetPort()
  * Fix broken code block markup in Introduction.rst
  * chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
  * chore: remove npipe const and use vmtype const for checking
  * Update module github.com/onsi/gomega to v1.29.0
  * CI: try to fix more networking flakes
  * fix: check wsl npipe when executing podman compose
  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
  * Quadlet - explicit support for read-only-tmpfs
  * compat API: fix image-prune --all
  * Makefile - allow more control over Ginkgo parameters
  * Add e2e tests for farm build
  * vendor c/{buildah,common}: appendable containers.conf strings, Part 1
  * Add podman farm build command
  * Add emulation package
  * Use buildah default isolation when working with podman play kube
  * docs(API): Fix compat network (dis-)connect
  * test/e2e: do not import buildah
  * pkg/specgen: remove config_unsupported.go
  * pkg/parallel/ctr: add !remote tag
  * pkg/domain/filters: add !remote tag
  * pkg/ps: add !remote tag
  * pkg/systemd/generate: add !remote tag
  * libpod: add !remote tag
  * pkg/autoupdate: add !remote tag
  * vendor latest c/common
  * libpod: remove build support non linux/freebsd
  * Fix typo
  * test/apiv2: adapt apiv2 test on cgroups v1 environment
  * ginkgo setup: retry cache pulls
  * Support size option when creating tmpfs volumes
  * not mounted layers should be reported as info not error
  * CI: stop using registry.k8s.io
  * fix(deps): update module github.com/vbatts/git-validation to v1.2.1
  * test fixes for c/common tag chnages
  * vendor latest c/common
  * hyperV: Update lastUp time
  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
  * lint: disable testifylint
  * lint: fix warnings found by perfsprint
  * lint: fix warnings found by inamedparam
  * lint: fix warnings found by protogetter
  * libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon
  * Use node hostname in kube play when hostNetwork=true
  * cirrus setup: special-case perl unicode
  * network: document ports and macvlan interaction
  * quadlet: document cgroupv2 requirement
  * [skip-ci] Update actions/checkout digest to b4ffde6
  * Revert "Emergency workaround for CI breakage"
  * remote: exec: do not leak session IDs on errors
  * fix(deps): update github.com/containers/storage digest to 79aa304
  * fix(deps): update module k8s.io/kubernetes to v1.28.3
  * System tests: fix broken silence127
  * Add TERM iff TERM not defined in container when podman exec -t
  * Emergency workaround for CI breakage
  * Kill gvproxy when machine rm -f
  * Fix path for omvf vars on Darwin/arm64
  * Allow systemd specifiers in User and Group Quadlet keys
  * libpod: rename confusing import name
  * use FindInitBinary() for init binary
  * vendor latest c/common
  * exec: do not leak session IDs on errors
  * systests: cp test: lots of cleanup
  * Define better error message for container name conflicts with external storage.
  * Quadlet - support ImageName for .image files
  * test/system: ignore 127 if it is the expected rc
  * test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
  * image history: fix walking layers
  * fix(api): Ensure compatibality for network connect
  * [CI:DOCS] Add cross-build target info.
  * machine set: document --rootful better
  * libpod: restart+userns cleanup netns correctly
  * Minor log and doc fixes
  * Quadlet man page - discuss volume removal explicitly
  * Quadlet - add support for KubeDownForce
  * System Test - Quadlet kube oneshot
  * Fix output of podman --remote top
  * buildah-bud: test relative TMPDIR
  * Fix handling of --read-only-tmpfs flag
  * Vendor common and buildah main
  * remote,build: wire unsetlabels
  * test: build with TMPDIR as relative
  * docs: add unsetlabel
  * vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
  * fix: pull error response docker rest api compatibility
  * Show client info even if remote connection fails
  * fix(deps): update github.com/containers/libhvee digest to e51be96
  * Run codespell
  * SetLock for all virt providers
  * Machine: Teardown on init failure
  * healthcheck: make sure to always show health_status events
  * Apply suggestions from code review
  * [CI:DOCS]rtd: implement v2 build file
  * Quadlet - support oneshot .kube files
  * libpod: fix deadlock while parallel container create
  * fix(deps): update module golang.org/x/net to v0.17.0
  * api: add `compatMode` paramenter to libpod's pull endpoint
  * api: break out compat image pull
  * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.3
  * use sqlite as default database
  * vendor latest c/common
  * fix(deps): update module github.com/nxadm/tail to v1.4.11
  * Check for image with /libpod/containers/create
  * container: always check if mountpoint is mounted
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.0
  * vendor: update c/storage
  * api: drop debug statement
  * Quadlet - add support for global arguments
  * Add system test
  * fix(deps): update module golang.org/x/tools to v0.14.0
  * Don't ignore containerfiles outside of build context
  * fix(deps): update github.com/containers/libhvee digest to fcf1cc2
  * fix(deps): update module golang.org/x/term to v0.13.0
  * Update module golang.org/x/sys to v0.13.0
  * [CI:DOCS] Add updating version on podman.io to release process
  * containers.conf: add `privileged` field to containers table
  * Implement secrets/credential scanning
  * Cirrus: Execute Windows podman-machine e2e tests
  * vendor: bump c/storage
  * Update module golang.org/x/sync to v0.4.0
  * [CI:DOCS] update swagger version on docs.podman.io
  * Create Qemu command wrapper
  * Adjust to path name change for resolved unit
  * Revert "Fix WSL systemd detection"
  * [CI:BUILD] rpm/copr: gvforwarder recommends for RHEL
  * [CI:DOCS] update kube play delete endpoint docs
  * [CI:DOCS] Remove dead link from README
  * test/system: --env-file test fixes
  * Revert "feat(env): support multiline in env-file"
  * Revert "docs(env-file): improve document description"
  * Revert "fix(env): parsing --env incorrect in cli"
  * Filter health_check and exec events for logging in console
  * inspect: ignore ENOENT during device lookup
  * test, manifest: test push retry
  * Fix locale issues with WSL version detection
  * vendor: update module github.com/docker/distribution to v2.8.3+incompatible
  * vendor: bump c/common to v0.56.1-0.20231002091908-745eaa498509
  * Update github.com/containers/libhvee digest to e9b1811
  * windows: Use prebuilt gvproxy/win-sshproxy binaries
  * Volume create - fast exit when ignore is set and volume exists
  * Update golang.org/x/exp digest to 9212866
  * Update github.com/opencontainers/runtime-spec digest to c0e9043
  * remove selinux tag as not needed anymore
  * [skip-ci] Improve podmansh(1)
  * Build applehv for Intel Macs
  * Revert "GHA Workflow: Faster discussion-locking"
  * update vfkit vendored code
  * Add DefaultMode to kube play
  * Fix broken podman images filters
  * Remove `c.ExtraFiles` line in machine
  * podman: run --replace prints only the new container id
  * New machines should show Never as LastUp
  * podman machine: disable zincati update service
  * Revert "cirrus setup: install en_US.UTF-8 locale"
  * Cirrus: CI VM images w/ newer automation-library
  * CI VMs: bump to f39 + f38
  * [CI:DOCS] Update podman load doc
  * Update mac installer to latest gvproxy release
  * Fix WSL systemd detection
  * Add documentation for the vrf option on netavark
  * fix(deps): update github.com/containers/common digest to 9342cdd
  * fix: typos in links, path and code example
  * e2e: ExitCleanly(): manual special cases
  * e2e: ExitCleanly(): the final fron^Wcommit
  * [CI:DOCS] Add win-sshproxy target to winmake
  * wsl: enable machine init tests
  * Update docs/source/markdown/options/rdt-class.md
  * move IntelRdtClosID to HostConfig
  * use default when user does not provide rdt-class
  * Add documentation for Intel RDT support
  * Add test for Intel RDT support
  * Add Intel RDT support
  * [CI:DOCS] Fix podman form update --help examples
  * Quadlet container mount - support non key=val options
  * test/e2e: default to netavark
  * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
  * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.7.1
  * fix(deps): update github.com/containers/common digest to 4619314
  * applehv: enable machine tests for start
  * applehv: machine tests for stop and rm
  * Update machine tests README
  * Add podman socket info to machine inspect
  * Fix podman machine info test for hyperV
  * libpod: pass entire environment to conmon
  * e2e: ExitCleanly(): manual fixes to get tests working
  * e2e: ExitCleanly(): a few more
  * FCOS+podman-next: correct GHA conditional syntax
  * pkg/machine/e2e: wsl stop
  * wsl: machine tests for inspect
  * wsl: machine tests for ssh
  * fix(deps): update github.com/containers/common digest to e18cda8
  * wsl: machine start test
  * wsl machine tests: set
  * wsl: machine tests
  * Skip proxy test for hyperV
  * Enable machine e2e test for applehv
  * hyperV: Respect rootful option on machine init
  * [CI:BUILD] FCOS image: enable nightly build
  * e2e: use safe fedora-minimal image
  * hyperv: machine e2e tests for set command
  * podman build: correct default pull policy
  * fix handling of static/volume dir
  * unbreak CI: useradd not found
  * hyperv: set more realistic starting state
  * hyperv: use StopWithForce with remove
  * Fix all ports exposed by kube play
  * Fix setting timezone on HyperV
  * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 97028a6
  * Fix farm update to check for connections
  * Adjust machine CPU tests
  * Bump version on main
  * [CI:BUILD] Packit: show SHORT_SHA in `podman --version` for COPR builds
  * Vendor c/common
  * pod rm: do not log error if anonymous volume is still used
  * e2e: ExitCleanly(): manual fixes to get tests passing
  * e2e: ExitCleanly(): a few more
  * fixes for pkg/machine/e2e on hyperv
  * test: fix rootless propagation test
  * [CI:BUILD] packit: tag @containers/packit-build team on copr build failures
  * Enable disk resizing for applehv
  * Various updates for hyperv and machine e2e tests
  * test: update fedoraMinimal version
  * specgen, rootless: fix mount of cgroup without a netns
  * Automatically remove anonymous volumes when removing a container
  * Use ActiveServiceDestination in ssh remoteConnectionUsername
  * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 9298405
  * e2e: ExitCleanly(): generate_kube_test.go
  * e2e: generate kube -> kube generate
  * e2e: ExitCleanly(): generate_kube_test.go
  * windows cannot "do" extra files
  * e2e: ExitCleanly(): Fixes for breaking tests
  * play kube -> kube play
  * e2e: ExitCleanly(): play_kube_test.go
  * introduce pkg/strongunits
  * Makefile equiv Powershell script
  * pass --syslog to the cleanup process
  * vendor of containers/common
  * fix --authfile auto-update test
  * compat API: speed up network list
  * Change priority for cli-flags for remotely operating Podman
  * libpod: remove unused ContainerState() fucntion
  * [CI:BUILD] Packit: Enable failure notifications for cockpit tests
  * e2e: ExitCleanly(): more low-hanging fruit
  * e2e: ExitCleanly(): more low-hanging fruit
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
  * Enable machine e2e tests for WSL
  * systests: tighter checks for unwanted warnings
  * GHA Workflow: Faster discussion-locking
  * [CI:BUILD] FCOS + podman-next image: pull in wasm
  * [CI:BUILD] rpm: remove gvproxy subpackage
  * [CI:DOCS] Tweak podman to Podman in a few farm man pages
  * Docs on sig-proxy are wrong, we support TTY
  * e2e: ExitCleanly(): low-hanging fruit, part 2
  * e2e: ExitCleanly(): low-hanging fruit, part 1
  * Buildtag out unix commands for common OS files
  * systests: clean up after tests; fix missing path in logs
  * [CI:BUILD] followup PR for fcos with podman-next
  * Implement gvproxy networking using cmdline wrapper
  * fix, test: rmi should work with images w/o layers
  * vendor: bump c/common to v0.56.1-0.20230919073449-d1d9d38d8282
  * Quadlet Image test - rearrange test function
  * e2e: continuing ExitCleanly() work: manual tweaks
  * e2e: continuing ExitCleanly() work
  * [CI:DOCS] Improve podman-tag man page
  * [CI:DOCS] Improve podman-build man page
  * [CI:DOCS] Include precheck to release process
  * [CI:DOCS] consistentize filter options in man pages
  * Quadlet - add support for .image units
  * --env-host: use default from containers.conf
  * error when --module is specified on the command level
  * man page crossrefs: add --filter autocompletes
  * Fix specification of unix:///run
  * Add label! filter and tests to containers and pods
  * Add test for legacy address without two slashes
  * Use url with scheme and path for the unix address

-------------------------------------------------------------------
Wed Nov  8 07:48:11 UTC 2023 - Andreas Schwab <schwab@suse.de>

- Use crun only on selected archs

-------------------------------------------------------------------
Wed Nov 01 07:15:17 UTC 2023 - dcermak@suse.com

- Update to version 4.7.2:
  * v4.7.2
  * Update RELEASE_NOTES.md for v4.7.2
  * compose: try all possible providers before throwing an error
  * Mask /sys/devices/virtual/powercap
  * fix: check wsl npipe when executing podman compose
  * rtd: implement v2 build file
  * Adjust to path name change for resolved unit
  * Switch version to 4.7.2-dev

-------------------------------------------------------------------
Tue Oct 31 14:35:31 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>

- crun is not available for armv6 (because of criu), so use runc
  on armv6

-------------------------------------------------------------------
Thu Oct 12 09:47:46 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Use crun on Tumbleweed & ALP for WASM support

-------------------------------------------------------------------
Fri Oct 06 05:50:25 UTC 2023 - danish.prakash@suse.com

- podman-docker: Provides docker to avoid conflicts
  when using podman with docker-compose (bsc#1215926)
- Update to version 4.7.1:
  * New version: v4.7.1
  * Update RELEASE_NOTES.md for v4.7.1
  * compat API: speed up network list
  * inspect: ignore ENOENT during device lookup
  * test/system: --env-file test fixes
  * Revert "feat(env): support multiline in env-file"
  * Revert "docs(env-file): improve document description"
  * Revert "fix(env): parsing --env incorrect in cli"
  * [CI:DOCS] update swagger version on docs.podman.io
  * Fix locale issues with WSL version detection
  * switch version to 4.7.1-dev

-------------------------------------------------------------------
Fri Sep 29 03:21:32 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Build against latest stable Go version (bsc#1215807)

-------------------------------------------------------------------
Thu Sep 28 04:44:43 UTC 2023 - kastl@b1-systems.de

- Update to version 4.7.0:
  * Bump to v4.7.0
  * [CI:DOCS] v4.7.0 RELEASE_NOTES update
  * rpm: remove gvproxy subpackage
  * packit: tag @containers/packit-build team on copr build
    failures
  * specgen, rootless: fix mount of cgroup without a netns
  * pass --syslog to the cleanup process
  * fix --authfile auto-update test
  * version: switch back from -rc1 to -dev
  * New pre-release: v4.7.0-rc1
  * [CI:DOCS] Update release notes for v4.7.0-rc1
  * Cirrus: Update operating branch
  * Move podman build opts to common file
  * Add ability for machine rm -f for WSL
  * Plumbing to run machine tests with hyperv
  * CI: trace setup and runner scripts
  * Bump to Buildah v1.32.0
  * [CI:DOCS] bump release notes on main with the latest release
  * fix(deps): update module github.com/opencontainers/image-spec
    to v1.1.0-rc5
  * Add --filter pod= autocompletion
  * e2e: ExitCleanly(): manual test fixes
  * e2e: continuing ExitCleanly(): just the replacements
  * Fix some spelling and formatting
  * Add support for Ulimit in quadlet
  * Run codespell on code
  * wire in new buildah build options
  * make golangci-lint happy
  * add !remote tag to pkg/specgen/generate
  * pkg/specgen: do not depend on libimage for remote
  * bump buildah to latest
  * [CI:DOCS] restart.md: migrate to container unit
  * fix(deps): update module k8s.io/kubernetes to v1.28.2
  * Add support for PidsLimit in quadlet
  * Add DNS fields to Container and Network unit groups
  * [CI:DOCS] update API docs version list
  * Try to fix broken CI (gvisor-something)
  * e2e: more ExitCleanly(): manual test fixes
  * e2e: more ExitCleanly(): dumb string replacements
  * e2e: create_test: use ExitCleanly()
  * e2e: diff_test: use ExitCleanly()
  * The `podman init` command cannot modify containers.
  * bump c/common to latest main
  * Podmansh: use podmansh_timeout
  * e2e: more ExitCleanly(): low-hanging fruit
  * vendor: update checkpointctl to v1.1.0
  * kube: add DaemonSet support for generate
  * vendor of containers/(common, storage, image)
  * libpod: move oom_score_adj clamp to init
  * e2e: commit_test: use ExitCleanly()
  * e2e: container_clone_test.go: use ExitCleanly()
  * e2e: use ExitCleanly() in cleanup_test.go
  * Ensure HC events fire after logs are written
  * [CI:DOCS] podman-systemd.unit: fix equivalents
  * Add support for kube TerminationGracePeriodSeconds
  * Update podman-kube-play.1.md.in
  * Split up alt binaries to speed up build
  * Switch installer task to EC2
  * pod: fix duplicate volumes from containers.conf
  * tests: add test for pod cgroups
  * libpod: create the cgroup pod before containers
  * cmd, specgen: allow cgroup resources without --infra
  * specgen: allow --share-parent with --infra=false
  * libpod: allow cgroup path without infra container
  * libpod: check if cgroup exists before creating it
  * libpod: refactor platformMakePod signature
  * libpod: destroy pod cgroup on pod stop
  * utils: export MoveUnderCgroup
  * libpod: refactor code to new function
  * e2e: use ExitCleanly() in checkpoint tests
  * [CI:DOCS]Remove use of --latest|-l from tutorial
  * CI test runner: upgrade tests rely on system tests
  * run --rmi: "cannot remove" is a warning, not an error
  * StopContainer: display signal num when name unknown
  * URGENT: fix broken CI
  * Add support for kube  securityContext\.procMount
  * podman: don't restart after kill
  * Tmpfs should not be mounted noexec
  * sys tests: run_podman: check for unwanted warnings/errors
  * chore(deps): update dependency setuptools to ~=68.2.0
  * e2e: use ExitCleanly() in attach & build tests
  * Some distros do not default to docker.io for shortname searches
  * security: accept empty capabilities list
  * systests: random_free_port: fix EADDRINUSE flake
  * fix(deps): update module github.com/cyphar/filepath-securejoin
    to v0.2.4
  * Restrict fcos_test to amd64, arm64
  * fix(deps): update github.com/containers/libhvee digest to
    56fb235
  * fix(deps): update module github.com/docker/docker to
    v24.0.6+incompatible
  * fix(deps): update module golang.org/x/tools to v0.13.0
  * Ignore spurious container-removal errors
  * fix(deps): update module golang.org/x/net to v0.15.0
  * systests: manifest zstd test: lots of tiny cleanups
  * vendor: update github.com/opencontainers/runc to main
  * [skip-ci] Update actions/checkout action to v4
  * linux, rootless: clamp oom_score_adj if it is too low
  * machine: increase max number of inotify instances
  * fix(deps): update module golang.org/x/term to v0.12.0
  * Remove redundant nil checks in system connection remove
  * fix(deps): update module golang.org/x/text to v0.13.0
  * fix(deps): update module golang.org/x/sys to v0.12.0
  * fix(deps): update github.com/containers/libhvee digest to 2bf7930
  * docs(readme): fix a broken link
  * [CI:BUILD] Podman FCOS image from main
  * Update golang.org/x/exp digest to d852ddb
  * Add port forwarding and gvproxy machine test
  * libpod: do not parse --hostuser in base 8
  * fix: default typo
  * Add Japanese locale and translation of index
  * remove rh.container.bot@gmail.com
  * Tweaks and cleanups to prepare hyperv for CI
  * system tests: housekeeping: various small fixes
  * CI: e2e: first use of new ExitCleanly() matcher
  * CI: e2e: new ginkgo matcher, ExitCleanly()
  * CI: e2e: fetch the standard system-test image
  * kube play: fix pull policy
  * Fix gidmap command in example
  * vendor containers/common@12405381ff45
  * manifest,push: support add_compression from containers.conf
  * hyperv ignition: use gvforwarder instead of vm
  * Set remote username earlier for hyperv
  * Added an additional troubleshooting problem and solution
  * Remove a dependency on libimage from pkg/bindings
  * Rename parameter in pkg/bindings
  * Remove a dependency on libimage from pkg/api/handlers
  * Don't re-inspect an image
  * Cirrus: Remove multi-arch podman image builds
  * uid/gid mapping flags
  * [DOC] Clarify default behaviour on uidmap
  * Update containers/common to latest
  * update libhvee
  * /_ping handler: return OSType http header
  * e2e: fix race condition (kube play + logs)
  * Update module github.com/vbauerster/mpb/v8 to v8.6.0
  * Kube - support List documents
  * kube down/play --replace: handle absent objects
  * push, manifest-push: --force-compression must be true with
    --compression-format
  * oci: print stderr only after checking state
  * Updated docs to reflect pod spec sysctls support added in v4.6
  * [CI:BUILD] Packit: Disable unexpected journal message check for
    cockpit-podman
  * [CI:BUILD] Packit: Restrict cockpit tests to recent Fedoras
  * Update machine init/set tests
  * Add rootful status to machine inspect
  * Dedup and refactor image acquisition
  * Share podman sock bindings with other WSL distros
  * Fix user-mode validation check
  * system tests: try to fix sdnotify flakes
  * Cirrus: Disable only hello multiarch build
  * Set StopTimeout for service-container started under podman kube
    play
  * Set StopTimeout for compat API if not set by client
  * podman exec should set umask to match container
  * [CI:BUILD] Packit: run cockpit-podman tests in PRs
  * Add infra-name annotations to kube gen/play
  * kube: notifyproxy: close once
  * system service: unset NOTIFY_SOCKET
  * Update module k8s.io/kubernetes to v1.28.1
  * API attach: return vnd.docker.multiplexed-stream header
  * test/apiv2/60-auth.at: use `doesnotexists.podman.io`
  * e2e tests: use registry:2.8.2 (was 2.8)
  * create apiutils package
  * api docs: document stream format
  * Revert "Remove `hello` multi-arch image build"
  * manifest-push: add support for --force-compression
  * push: add support for --force-compression
  * Update module github.com/onsi/ginkgo/v2 to v2.12.0
  * Remove `hello` multi-arch image build
  * hack/perf/system-df.sh: add `df` benchmarks
  * Expand env variables for cmds/entrypoint with format $(ENV)
  * vendor c/storage@6902c2d
  * Ignore the resource limits on cgroups V1 rootless systems
  * Fixups for stopping gvproxy
  * Revert "GHA: Closed issue/PR comment-lock test"
  * GHA: Closed issue/PR comment-lock test
  * GHA: Add workflow to lock closed issues/PRs
  * [CI:DOCS] update auto-update docs
  * chore(deps): update dependency containers/automation_images to
    v20230816
  * fix(deps): update module github.com/google/uuid to v1.3.1
  * libpod: sum per-interface network stats for FreeBSD
  * Set default Umask for `podman kube play`
  * [CI:BUILD] rpm: spdx compatible license field
  * chore(deps): update dependency golangci/golangci-lint to
    v1.54.2
  * Implement automatic port reassignment on Windows
  * Add support for ramfs as well as tmpfs in volume mounts
  * Validate current generation of WSL2 with user-mode-networking
  * use container restart policy if user specifies one
  * Stop gvproxy on hyperv machine stop
  * [CI:BUILD] rpm: depend on man-db
  * Update machine list test
  * Update machine start tests
  * Update machine rm tests
  * libpod: improve conmon error handling
  * cirrus setup: install en_US.UTF-8 locale
  * fixup "podman logs with non ASCII log tag" tests
  * libpod: use /var/run instead of /run on FreeBSD
  * cirrus/lib.sh: extend env to passthrough at start for locale
    work
  * libpod: correctly pass env so alternative locales work
  * cgroups_linux: use SessionBusPrivateNoAutoStartup
  * podmansh man page UID=$(id -u lockedu) is not allowed
  * CI: systests: remove pasta ICMP tests
  * podman.1.md: Fix formatting of exit code 127, clarify wording
    of `exit code` example.
  * document available secret drivers
  * pkg/specgen: add support for read-only root on FreeBSD
  * add --module flag
  * Update dependency setuptools to ~=68.1.0
  * Add riscv64 architecture to the cross build target
  * GetFcosArch add `riscv64` arch
  * Update WSL backend to be compat with FCOS defaults
  * enabled hyperv image downloads
  * fix(deps): update module github.com/containers/ocicrypt to
    v1.1.8
  * [CI:DOCS] Fix git build example in build page
  * CI: e2e manifest_test: use image from quay
  * Cirrus: Remove EC2 experimental flag
  * sphinx: skip options include dir
  * Update rootfs.md: Fix formatting and wording of idmap option
  * fix: Docker API compatible bool deserialization
  * Revert "compat,build: pull must accept string"
  * Add missing verb in machinectl example
  * [CI:DOCS] Update Release Notes and Release Process
  * chore(deps): update dependency golangci/golangci-lint to
    v1.54.1
  * fix podman top missing output flake
  * New partial-line test is flaking
  * [CI:BUILD] Packit: add back fedora-eln targets
  * Cirrus: Prune defunct job + fix noop alias
  * Bump bundled gvproxy to 0.7.0
  * systests: tests for --env and --env-file
  * Update system connection add & remove
  * Add tests for podman farm
  * Add podman farm update command
  * Add podman farm remove command
  * Add podman farm list command
  * Add podman farm create command
  * Add podman farm subcommand
  * CI: e2e: add delay before podman logs or journalctl
  * Add completion for Farms
  * Vendor c/common changes
  * chore(deps): update dependency golangci/golangci-lint to
    v1.54.0
  * file logger: fix podman logs --tail with partial lines
  * fix(env): parsing --env incorrect in cli
  * Update docker.io/library/golang Docker tag to v1.21
  * podman stop --cidfile missing --ignore
  * Skip podman exec cannot be invoked on Debian
  * Re-enable checkpoint test on Debian SID
  * Require a non-generic reason for non-Fedora skip
  * CI FIXME removal/update.
  * Update dependency containers/automation_images to v20230807
  * [skip-ci] Update dawidd6/action-send-mail action to v3.8.0
  * [CI:DOCS] fixed couple typos in build docs
  * Stop timer in function waitPidStop
  * packit: Build PRs into default packit COPRs
  * Add support for host-gateway
  * Ensure volumes-from mounts override image volumes
  * Minor: Include shasums in GHA workflow artifacts
  * Minor: Add important comment to windows GHA workflow
  * Minor: Update/fix dry-run input descriptions
  * [CI:DOCS] Quadlet - provide more information about network
    files
  * man-page xref: check for duplicate entries
  * cp: close temporary file on error path
  * Makefile: work around the lack of 'man -l' on FreeBSD
  * Update module golang.org/x/net to v0.14.0
  * libpod: fix a crash in 'kube generate' on FreeBSD
  * remove temporary files when copy [NO NEW TESTS NEEDED]
  * Update module golang.org/x/sys to v0.11.0
  * [ci] Remove the podman socket in remove_packaged_podman_files()
  * [ci] Correct the podman systemd file names
  * Always show RemoteSocket.Exists in json
  * Fail if ssh key exists
  * Fix regression for hyperv
  * [CI:BUILD] Makefile: rpm target generates correct version
  * Fix nits in #19480
  * Add support for passing container stop timeout as -1 (infinite)
  * pkg/specgen: Add device support for FreeBSD
  * [CI:DOCS] man: remove duplicate entry .LastUp
  * CI: e2e: remove useless test
  * Check tty flag to set default terminal in Env
  * Run codespell on code
  * Deprecate podman generate systemd
  * manifest/push: add support for --add-compression
  * [CI:DOCS]Update Release Notes
  * CI: sys: quadlet %T test: do not rely on journal
  * GHA: Support testing build/sign workflows
  * Remove unnecessary backslashes
  * [docs] Use code blocks for commands in podman-completion
  * Make podman run --rmi automatically set --rm
  * machine: QEMU: recover from failed start
  * vendor: bump c/image to v5.26.1-0.20230801083106-fcf7f0e1712a
  * secret: add support for `--ignore` with rm
  * Move `writeConfig` logic to shared function
  * Move some logic of `setRootful` to a common file
  * move `removeFilesAndConnections` to a common file
  * Move `waitAPIAndPrintInfo` to common file
  * Move `addSSHConnectionsToPodmanSocket` code to shared file
  * Update module golang.org/x/net to v0.13.0
  * chore(deps): update dependency containers/automation_images to
    v20230726
  * Skip pasta local forwarder test on debian SID
  * Skip broken/flaky blkio-weight test
  * Skip tarball re-inport test in rawhide for CI
  * Cleanup CIDFile on podman-remote run --rm command
  * CI: e2e: remove workaround for missing login file
  * vendor: bump c/image and c/common
  * Add support for confined users
  * Cirrus: Temp. disable rawhide validation task
  * Limit git-validation to 'short-subject'
  * Fix up man page and add test on globs
  * Move alternate image acquisition to separate function
  * Move `getDevNullFiles` into a common file
  * Update github.com/digitalocean/go-qemu digest to 2e3d018
  * Convert QEMU functions to methods with documentation
  * Update docs/source/markdown/podman-build.1.md.in
  * do not redefine gobuild for eln
  * Set default userns from containers.conf file
  * Mention TimeoutStartSec in quadlet man page
  * inspect with network=none show SandboxKey netns path
  * [CI:DOCS] GHA: Use stable go for Mac/Win builds
  * Breakup AppleHV machine funcs
  * Codespell fixups
  * Update docs/source/markdown/podman-stats.1.md.in
  * CI: e2e: reenable containerized checkpoint tests
  * docs(env-file): improve document description
  * Don't log EOF error when using podman --remote build with an
    empty context directory.
  * API: kill: return 409 on invalid state
  * feat(env): support multiline in env-file
  * Adds documentation to new functions that were added
  * `startHostNetworking`: get DevNull files
  * `Remove`: remove network and ready sockets from registry
  * `Remove`: remove files and connections
  * `Remove`: collect files to destroy
  * `Init`: read and split ign file
  * `Init`: write ign config
  * `Init`: add network and registry socks to registry
  * `Init`: add SSH conns to podman sock
  * Improve the description of fields in podman-stats man page
  * make /dev & /dev/shm read/only when --read-only
    --read-only-tmpfs=false
  * Mention no comment lines in Containerfile.in podman-build man
    page
  * [CI:BUILD] RPM: define gobuild macro for rhel/centos stream
  * Fix HyperV loadMachineFromJSON function name
  * machine: QEMU: lock VM on stop/rm/set
  * libpod: add 'pod top' support on FreeBSD
  * [CI:DOCS] Build and Sign Mac Pkginstaller
  * Make sure users changes --authfile before checking
  * github: add issue type as link to podman github discussions
  * Break QEMU `config.go` code into its own functions
  * machine: QEMU: lock VM on start
  * libpod: fix 'podman kube generate' on FreeBSD
  * Add glob support to podman run/create --mount
  * kube: add DaemonSet support
  * Fix artifacts script after removal of msitools msi build
  * System tests: quadlet: fix race in %T test
  * If quadlets have same name, only use first
  * Add support for mounts listed in containers.conf
  * Update vendor of containers/common
  * System tests: add test tags
  * [CI:DOCS] socket_activation.md: increase socat timeout
  * go-md2man: use vendored-in version, not system
  * CI: use different TMPDIR on prior-fedora
  * system tests: authfile-exists: minor cleanup
  * start(): don't defer event
  * Fix: use --all in podman stats to get all containers stats
  * Verify authfile exists if user specifies it
  * libpod: don't generate errors for createTimer etc.
  * add "healthy" sdnotify policy
  * Remove LICENSE and general doc files that are installed by the
    main package
  * Add missing `
  * Remove legacy msitools based msi installer
  * Remove any quotes around distribution id
  * add a podman-compose command
  * pkg/specgen: Don't crash for device spec with...
  * fix(deps): update module github.com/docker/docker to
    v24.0.5+incompatible
  * Update vendor of containers/(storage,image)
  * Clean up /var/tmp/ when using oci-archives when creating
    containers
  * [CI:BUILD] RPM: separate out gvproxy for copr and rawhide
  * Reduce qemu machine function sizes
  * [CI:DOCS] migrate socket_activation.md to quadlet
  * [CI:DOCS] Update kube play volume support
  * Fix language, typos and markdown layout
  * [CI:DOCS] Add note about QUADLET_UNIT_DIRS to simplify quadlet
    debug
  * Add note on debugging quadlet unit files
  * Remove unnecessary use of the word "please".
  * libpod: fix FreeBSD 'podman-remote top' default behaviour
  * fix(deps): update module github.com/onsi/gomega to v1.27.9
  * Add support for ShmSize to quadlet
  * Quadlet system test - force journald log driver for short lived
    containers
  * fix(deps): update module github.com/containers/libhvee to
    v0.4.0
  * quadlet recursively scan for unit files
  * Ensure that we appropriately warn that TCP is insecure
  * systests: quadlet: fixes for RHEL8
  * Quadlet - Allow setting Service WorkingDirectory for Kube units
  * Quadlet system test - do not rely on journalctl in kube file
    tests
  * Fix markdown in docs for podman-network-create
  * Man pages: check for corrupt tables
  * quadlet systest: fix broken tmpdir references
  * Add `since` as valid filter option for `volume` subcommands
  * Podmansh: Better error, increase timeout to 30s
  * Fix multiple filter options logic for `podman volume ls `
  * Add bash-completion for podman inspect
  * Fix windows installer
  * Add missing reserved annotation support to `play`
  * Avoid progress hang with empty files
  * Revert the usage of `home.GetConfigHome()`
  * Fix bug report issue template README link
  * Replace error check for non-existent file
  * Emergency gating-test fixes for RHEL8
  * Add progress bar for decompress image
  * refactor: move progressbar to a function
  * Use pkg/homedir to get the home config directory
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
  * Should be checking tmpfs versus type not source
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
  * Enabled arm64 arch for podman applehv provider
  * [CI:BUILD] Packit: remove pre-sync action
  * Add `--podman-only` flag to `podman generate kube`
  * Update vendor containers/(common, buildah, image, storage)
  * Use constants for mount types
  * libpod: use define.TypeBind when resolving container paths
  * Tests: remove/update obsolete skips
  * Fix trust not using local policy file
  * Fix `podman container prune` docs for `--filter`
  * Add more tests for liveness probes with default hostname &
    named ports
  * docs: podman-build --network add slirp and pasta
  * docs: podman run --network mention comma separted names
  * Podman machine AppleHV pass number 3
  * Makefile: `package` -> `rpm`
  * network create: document --internal better
  * pkg/specgen: fix support for --rootfs on FreeBSD
  * machine start: qemu: wait for SSH readiness
  * [CI:BUILD] Packit: downstream task action fix
  * Fix container errors not being sent via pod removal API
  * Add missing return after utils.InternalServerError()
  * Update cmd/podman/login.go
  * [CI:DOCS] Reformat and reorder table with --userns options
  * Add secret support to podman login
  * netavark: macvlan networks keep custom nameservers
  * remote: fix podman-remote play kube --userns
  * fix(deps): update container-device-interface to v0.6.0
  * go mod: no longer use 1.18
  * fix(deps): update module github.com/containers/libhvee to
    v0.3.0
  * chore(deps): update module github.com/gin-gonic/gin to v1.9.1
    [security]
  * Run codespell on code
  * system service: unset listen fds on tcp
  * add hostname to network alias
  * libpod: set cid network alias in setupContainer()
  * AppleHV enablement pass #2
  * e2e: Fetch the correct user name
  * Add `--no-trunc` flag to maintain original annotation length
  * Fix TCP probes when the optional host field is not given
  * Add support for using port names in Kubernetes health probes
  * Fix: cgroup is not set: internal libpod error after os reboot
  * Allow setting volume and network names in Quadlet
  * pasta tests: automatically determine test parameters
  * test/e2e: wait for socket
  * manifest inspect: support authentication
  * api: fix slow version endpoint
  * libpod: don't make a broken symlink for /etc/mtab on FreeBSD
  * CI: remove build without cgo task
  * libpod: use io.Writer vs io.WriteCloser for attach streams
  * top: do not depend on ps(1) in container
  * make --syslog errors non fatal
  * api: fix doc for default ps_args
  * Fixes typo in the path where quadlet looks for files
  * Add --replace flag to podman secret create
  * [CI:DOCS] uidmap man pages: fix corrupt italics
  * [skip-ci] Update github/issue-labeler action to v3.2
  * [CI:DOCS] podman-system-service.1.md: document systemd usage
  * fix(deps): update module github.com/docker/docker to
    v24.0.4+incompatible
  * fix(deps): update module github.com/docker/docker to
    v24.0.3+incompatible
  * Use bytes size consistently instead of human size
  * bugfix: do not try to parse empty ranges
  * [CI:BUILD] Packit: fix pre-sync action for downstream tasks
  * fix(deps): update module golang.org/x/tools to v0.11.0
  * fix(deps): update module golang.org/x/net to v0.12.0
  * fix(deps): update module golang.org/x/term to v0.10.0
  * e2e: fix two toolbox flakes
  * test/e2e: use GinkgoT().TempDir() over MkdirTemp()
  * test/e2e: use random ImageCacheDir
  * test/e2e: remove RHEL7 workaround
  * test/e2e: remove unnecessary code in SynchronizedAfterSuite
  * test/e2e: do not use /tmp for podman commands
  * test/tools: vendor ginkgo v2.11
  * test/e2e: write timings directly to file
  * machine start: qemu: adjust backoffs
  * auto update: fix usage of --authfile
  * system tests: refactor registry code
  * fix(deps): update module golang.org/x/text to v0.11.0
  * pkg/specgen: properly identify image OS on FreeBSD
  * libpod: use new libcontainer BlockIO constructors
  * [CI:BUILD] Minor: Don't confuse osx-debugging
  * [CI:DOCS] Better document the default value of --userns
  * Cirrus: build FreeBSD binaries in a VM
  * Makefile: add support for building freebsd release tarballs
  * [CI:DOCS] uidmap man pages: fix corrupt tables
  * fix(deps): update github.com/crc-org/vfkit digest to c9a4b08
  * fix(deps): update module github.com/containers/buildah to
    v1.31.0
  * fix(deps): update module github.com/opencontainers/image-spec
    to v1.1.0-rc4
  * Use /proc/self/gid_map as intended, not uid_map
  * fix(command): ignore `--format` in `podman search --list-tags`
  * podman machine start: fix ready service
  * Makefile: don't rely on the non-standard -r flag for ln
  * pasta: Create /etc/hosts entries for pods using pasta
    networking
  * fix(deps): update module github.com/containers/libhvee to
    v0.2.0
  * pasta tests: add sanity check for test name vs function
  * pasta tests: cleanup + 1 new test
  * cmd/podman, pkg/domain/infra: sockets should live in /var/run
    on FreeBSD
  * cmd/podman/system: add API server support on FreeBSD
  * [CI:DOCS] Document support of pod security context IDs
  * rootless: use default_rootless_network_cmd config
  * Revert^3 "pasta: Use two connections instead of three in TCP
    range forward tests"
  * pasta: Workaround occasional socat failures in CI
  * pasta: Remove some leftover code from pasta bats tests
  * Bump c/image to v5.26.0, c/common 0.54.0
  * fix(deps): update module github.com/coreos/stream-metadata-go
    to v0.4.3
  * Display secret to user in inpspect
  * [CI:BUILD] RPM: Fix koji and ELN issues
  * e2e: systemd test: major fixes
  * pkg/specgen: add support for 'podman run --init' on FreeBSD
  * Bump version after v4.6 branch cut
  * Remove 'inspecting object' from inspect errors
  * pasta: Fix pasta tests to work on hosts with multiple
    interfaces
  * [CI:DOCS] fix command incorrect in windows
  * Fix readonly=false failure
  * pkg/specgen: Add support for Linux emulation on FreeBSD
  * Fix up podmansh man page
  * Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs
  * Fixes for vendoring Buildah
  * vendor in latest buildah
  * tests: fix "Storing signatures" check
  * update c/image and c/storage to latest
  * Kube quadlets can support autoupdate as well as containers
  * debug tail 800 lines flake
  * Pass in correct cwd value for hooks exe
  * specgen: honor --device-cgroup-rule with a new user namespace
  * specgen, rootless: raise error with --device-cgroup-rule
  * make image listing more resilient
  * Update module google.golang.org/protobuf to v1.31.0
  * Trim whitespace from unit files while parsing
  * Re-organize hypervisor implementations
  * play.go: remove volumes on down -f

-------------------------------------------------------------------
Tue Aug 29 11:07:37 UTC 2023 - danish.prakash@suse.com

- Update to version 4.6.2:
  * Bump to v4.6.2
  * Release notes for v4.6.2
  * Packit: Disable unexpected journal message check for cockpit-podman
  * Packit: Restrict cockpit tests to recent Fedoras
  * Packit: run cockpit-podman tests in PRs
  * rpm: spdx compatible license field
  * vendor c/storage@v1.48.1
  * rpm: depend on man-db
  * use container restart policy if user specifies one
  * podmansh man page UID=$(id -u lockedu) is not allowed
  * packit: Build PRs into default packit COPRs
  * Skip tests that fail in gating
  * fix: pull parma parsing for the /build compat ep
  * [CI:DOCS] Update Release Notes
  * Bumpt to v4.6.2-dev

-------------------------------------------------------------------
Wed Aug 16 05:27:24 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Fix build error on SLE due to dangling files clause
  on a discarded file, README.SLE.SUSE
- Fix unexpanded RPM macro error

-------------------------------------------------------------------
Fri Aug 11 05:42:19 UTC 2023 - danish.prakash@suse.com

- Update to version 4.6.1:
  * Bump to v4.6.1
  * Release notes for v4.6.1
  * Vendor buildah v1.31.2
  * [4.6] vendor c/common v0.55.3
  * [v4.6] Remove zstd:chunked reference
  * [v4.6] bump golang.org/x/net to v0.13.0
  * do not redefine gobuild for eln
  * [CI:BUILD] RPM: define gobuild macro for rhel/centos stream
  * [v4.6] [CI:BUILD] RPM: separate out gvproxy for copr and fedora >= 38
  * System tests: add test tags
  * API: kill: return 409 on invalid state
  * Mention TimeoutStartSec in quadlet man page
  * If quadlets have same name, only use first
  * Bump to v4.6.1-dev

-------------------------------------------------------------------
Thu Aug  3 13:05:43 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Discard outdated README.SUSE.SLES
- Recommend gvisor-tap-vsock, required for `podmand machine`

-------------------------------------------------------------------
Fri Jul 21 05:26:20 UTC 2023 - danish.prakash@suse.com

- Update to version 4.6.0:
  * Bump to v4.6.0
  * Update release notes for v4.6.0
  * Ensure that we appropriately warn that TCP is insecure
  * CI: remove build without cgo task
  * libpod: use io.Writer vs io.WriteCloser for attach streams
  * top: do not depend on ps(1) in container
  * api: fix doc for default ps_args
  * Add more tests for liveness probes with default hostname & named ports
  * Fix TCP probes when the optional host field is not given
  * Add support for using port names in Kubernetes health probes
  * [CI:DOCS] fix command incorrect in windows
  * [CI:DOCS] Reformat and reorder table with --userns options
  * [CI:DOCS] Better document the default value of --userns
  * Add missing return after utils.InternalServerError()
  * Fix markdown in docs for podman-network-create
  * Fix multiple filter options logic for `podman volume ls `
  * Should be checking tmpfs versus type not source
  * Use constants for mount types
  * Fix `podman container prune` docs for `--filter`
  * docs: podman-build --network add slirp and pasta
  * docs: podman run --network mention comma separted names
  * network create: document --internal better
  * pkg/specgen: fix support for --rootfs on FreeBSD
  * systests: quadlet: fixes for RHEL8
  * Fix windows installer
  * Podmansh: Better error, increase timeout to 30s
  * Emergency gating-test fixes for RHEL8
  * Packit: remove pre-sync action
  * [CI:DOCS] Update RELEASE_NOTES.md with Makefile change
  * Bump to v4.6.0-dev
  * Bump to v4.6.0-rc2
  * Makefile: `package` -> `rpm`
  * Update release notes
  * system tests: refactor registry code
  * machine start: qemu: wait for SSH readiness
  * machine start: qemu: adjust backoffs
  * auto update: fix usage of --authfile
  * [CI:BUILD] Packit: downstream task action fix
  * Fix container errors not being sent via pod removal API
  * netavark: macvlan networks keep custom nameservers
  * add hostname to network alias
  * libpod: set cid network alias in setupContainer()
  * Fix: cgroup is not set: internal libpod error after os reboot
  * test/e2e: wait for socket
  * api: fix slow version endpoint
  * manifest inspect: support authentication
  * libpod: don't make a broken symlink for /etc/mtab on FreeBSD
  * make --syslog errors non fatal
  * Fixes typo in the path where quadlet looks for files
  * [CI:DOCS] uidmap man pages: fix corrupt italics
  * [CI:DOCS] podman-system-service.1.md: document systemd usage
  * Use bytes size consistently instead of human size
  * bugfix: do not try to parse empty ranges
  * pkg/specgen: properly identify image OS on FreeBSD
  * [CI:DOCS] Document support of pod security context IDs
  * pkg/specgen: add support for 'podman run --init' on FreeBSD
  * Remove 'inspecting object' from inspect errors
  * Fix readonly=false failure
  * pkg/specgen: Add support for Linux emulation on FreeBSD
  * Fix up podmansh man page
  * Pass in correct cwd value for hooks exe
  * specgen: honor --device-cgroup-rule with a new user namespace
  * specgen, rootless: raise error with --device-cgroup-rule
  * make image listing more resilient
  * Trim whitespace from unit files while parsing
  * play.go: remove volumes on down -f
  * Vendor c/common v0.55.2
  * system service: unset listen fds on tcp
  * [CI:DOCS] [Release Notes]: add static routes
  * [CI:DOCS] tag podmansh as tech preview in RELEASE_NOTES.md
  * [CI:DOCS] uidmap man pages: fix corrupt tables
  * libpod: use new libcontainer BlockIO constructors
  * Bump to v4.6.0-dev
  * Bump to v4.6.0-rc1
  * Bump to v4.6.1-dev
  * Bump to v4.6.0
  * Release notes for v4.6.0
  * Update Release Notes for v4.5.1
  * rootless: use default_rootless_network_cmd config
  * tests: fix "Storing signatures" check
  * Fixes for vendoring Buildah
  * Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs
  * Do not use deprecated hook functions from c/common
  * Bump c/storage to v1.48.0, c/image to v5.26.1, c/common to v0.55.1, buildah to v1.31.0
  * pasta: Remove some leftover code from pasta bats tests
  * pasta: Fix pasta tests to work on hosts with multiple interfaces
  * fix(command): ignore `--format` in `podman search --list-tags`
  * Use /proc/self/gid_map as intended, not uid_map
  * podman machine start: fix ready service
  * Makefile: don't rely on the non-standard -r flag for ln
  * cmd/podman, pkg/domain/infra: sockets should live in /var/run on FreeBSD
  * cmd/podman/system: add API server support on FreeBSD
  * pasta: Create /etc/hosts entries for pods using pasta networking
  * RPM: Fix koji and ELN issues
  * Cirrus: Update operating branch
  * system tests: add and use _prefetch
  * pkg/api: BufferedResponseWriter flush correctly
  * pkg/api: top return error to client
  * container wait: support health states
  * [CI:DOCS] Fix example on PublishPort
  * container wait API: use string slice instead of state slice
  * podman wait: update man page
  * StopContainer(): ignore one more conmon warning
  * run,create: modify `--env-merge` behavior for non-existent vars
  * use libnetwork/slirp4netns from c/common
  * update c/common to latest
  * e2e: use parallel-safe /dev subdirectories
  * [CI:BUILD] Help Renovate manage the golangci-lint version
  * systests: test instrumentation
  * compat API create/pull: fix error handling
  * compat API push: fix error handling
  * GetSafeIPAddress(): discourage its use
  * libpod: write /etc/{hosts,resolv.conf} once
  * e2e: fix one of the many log flakes
  * cmd, push: expose --compression-level
  * vendor: bump containers/common
  * compat API container create: handle platform parameter
  * refactor(machine): remove hard code
  * vendor in latests containers/common
  * fix(machine): throw `connect: connection refused` after set proxy
  * [CI:BUILD] Packit: cleanups
  * Add console mode to podman machine
  * e2e: kube test: specify expected exit code
  * e2e --authfile test: fix test condition
  * chore(deps): update dependency setuptools to v68
  * make lint: re-enable revive
  * make lint: re-enable ginkgolinter
  * make lint: enable rowserrcheck
  * make lint: enable wastedassign
  * make lint: enable mirror
  * bump golangci-lint to v1.53.3
  * auto update: restart instead of stop+start
  * cmd/podman/root.go: fix help document issue of the image store
  * vendor: bump c/storage to v1.46.2-0.20230616083707-cc0d208e5e1c
  * podman: add support for splitting imagestore
  * network create --ip-range allow for custom range
  * fix(ssh): start machine failed to start with exit status 255
  * remote wait: fix "removed" condition
  * [CI:DOCS] Fix service_destinations description in podman man page
  * quadlet should exit non zero on failures
  * fix(deps): update module golang.org/x/tools to v0.10.0
  * e2e: GetSafeIPAddress() replaces GetRandomIPAddress
  * pasta: use code from c/common
  * Add support for setting autoupdate in quadlet
  * New command: podmansh
  * vendor: update c/common to latest
  * Add quadlet container support for Mask,Umask options
  * libpod: make conmon always log to syslog
  * Document how to get secret mounts working on RHEL8
  * Verify podman pull dup image only prints id once
  * Vendor in latests containers/common
  * Apply suggestions from code review
  * Revert "rootlessport: exclude storage drivers via build tags"
  * filters: use new FilterID function from c/common
  * logformatter: ignore 'TOP-LEVEL' headings
  * test/e2e: fix network ID test
  * update c/{common,image,storage} to latest
  * [CI:DOCS] clarify supported transports in manifest push
  * [CI:DOCS] podman-push: rm confusion on supported transports
  * container wait: indicate timeout in error
  * network-create: document new bclim option
  * fix(deps): update module golang.org/x/text to v0.10.0
  * libpod: Podman info output more network information
  * fix(deps): update module golang.org/x/term to v0.9.0
  * quadlet: adjust container unit documentation
  * e2e: GetRandomIPAddress(): parallelize
  * Makefile: add support for 'make help' on FreeBSD
  * criu: return error when checking for min version
  * Update docs/source/markdown/podman-systemd.unit.5.md
  * 250-systemd.bats: remove outdated comment
  * github: add issue type as link to podman-desktop
  * Add WorkingDir support to quadlet
  * rootlessport: exclude storage drivers via build tags
  * Add ability to set static routes
  * test/upgrade: correctly share mounts between host and container
  * Update common, image, and storage deps
  * Fix system service manpage name in API Documentation
  * style(specgen): omit nil check
  * fix(specgen): index out of range when unmask=[]
  * Makefile to force a shell when running command
  * cirrus,ci: default to overlay for debian env
  * Quadlet: Add support for --sysctl flag
  * chore(deps): update dependency requests-mock to ~=1.11.0
  * Ignore spurious warnings when killing containers
  * Makefile: don't hard-code the path for bash
  * fix(deps): update module github.com/burntsushi/toml to v1.3.2
  * GHA: Fix bad job-names & links in monitoring emails
  * podman-registry: simpler, safer invocations
  * Ensure our mutexes handle recursive locking properly
  * Fix an expected error message from pod removal
  * Fix a race removing multiple containers in the same pod
  * Discard errors when a pod is already removed
  * Change Inherit to use a pointer to a container
  * e2e: add ginkgo decorators to address flakes
  * filters: better handling of id=
  * fix(deps): update module github.com/onsi/gomega to v1.27.8
  * refactor: improve get ssh path duplicate code
  * logformatter: better recognition of ginkgo test names
  * Address review feedback and add manpage notes
  * Add support for SecurityLabelNested flag in quadlet
  * fix(deps): update module github.com/burntsushi/toml to v1.3.1
  * `system locks` now reports held locks
  * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.17
  * Add a new hidden command, podman system locks
  * Add number of free locks to `podman info`
  * Include lock number in pod/container/volume inspect
  * fix ignition config creation
  * Makefile binaries target adopted for Mac and Win
  * fix(deps): update github.com/crc-org/vfkit digest to 3d57f09
  * logformatter: proper status color for failed tests
  * pasta: Test handling of unknown protocols
  * pasta: Correct handling of unknown protocols
  * Quadlet - add support for Pull key in .container
  * fix(deps): update module github.com/sirupsen/logrus to v1.9.3
  * Add default ulimit test for gen kube
  * feat: add insecure registry troubleshooting solution
  * fix(deps): update module golang.org/x/tools to v0.9.3
  * fix(deps): update module github.com/coreos/stream-metadata-go to v0.4.2
  * e2e: GetPort(): safer allocation of random ports
  * The removeContainer function now accepts a struct
  * Revert "test/e2e: fix "podman run ipcns ipcmk container test""
  * Add a test for removing dependencies with rm -fa
  * Revert "ginkgo-v2 cleanup workaround for #18180"
  * Fix a deadlock when removing pods
  * Pods now return what containers were removed with them
  * Make RemoveContainer return containers and pods removed
  * Add an API for removing a container and dependencies
  * systests: fixes for coping with extra systemd image
  * libpod: fix timezone handling
  * fix(deps): update github.com/godbus/dbus/v5 digest to 7623695
  * fix(deps): update module golang.org/x/tools to v0.9.2
  * test/system: quadlet use correct systemd restart policy
  * systests: minimize race-condition window
  * systests: fix improper backgrounding of run_podman
  * set max ulimits for rootless on each start
  * Fix: display online_cpus in compat REST API
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.6
  * systests: fix race in quadlet tests
  * fix(deps): update module github.com/burntsushi/toml to v1.3.0
  * e2e: make BuildImage parallel-safe
  * completion: fix panic in simplePathJoinUnix()
  * Update module github.com/stretchr/testify to v1.8.4
  * authfile.md: add default path of file for Windows/macOS.
  * Update module github.com/rootless-containers/rootlesskit to v1.1.1
  * hack: fix typo in hack/podman-registry
  * man pages and command help: clean up descriptions
  * RPM: bump gvisor-tap-vsock subpackage and fix packit scripts
  * Man pages: fix broken tables
  * test/e2e: add regression testing for comma-containing labels
  * fix: volume create filters
  * fix: move filter flags from StringSliceVar to StringArrayVar
  * pkg/rootless: correctly handle proxy signals on reexec
  * [CI:BUILD] Packit: set propose-downstream action type to pre-sync
  * [CI:DOCS] fix Quadlet man page rendering
  * Quadlet: kube: use ExecStopPost
  * Quadlet: kube: add ExitCodePropagation field
  * kube play: exit-code propagation
  * prune exit codes only when container doesn't exist
  * podman: Add pasta to podman info
  * Revert "test/system/255-auto-update.bats: add debug logs"
  * Quadlet - add support for PodmanArgs to all groups
  * [CI:BUILD] Packit: add jobs for downstream Fedora package builds
  * In a concurrent removal test, don't remove concurrently with builds
  * Consolidate error handling in Runtime.removeContainer
  * Consolidate error handling in Container.cleanupStorage
  * Fix reporting errors on container unmount
  * TEMPORARY(?) instrumentation for unlinkat-ebusy
  * pkginstaller: bump Qemu to version 8.0.0
  * Support podman --remote when Containerfile is not in context directory
  * chore(deps): update dependency requests to ~=2.31.0
  * fix: podman event --filter volume=vol-name should compare the event name with volume name
  * fix(deps): update module github.com/docker/docker to v24
  * wait: look for exit code in stopped state
  * network create/update: allow dns servers comma separated
  * source code comments and docs: fix typos, language, Markdown layout
  * Increase download progress to 80ch
  * chore(deps): update dependency setuptools to ~=67.8.0
  * podman: Added find slirp4netns binary file from helper_binaries_dir [NO NEW TESTS NEEDED]
  * fix(deps): update module github.com/sirupsen/logrus to v1.9.2
  * stats: get mem limit from the cgroup
  * quadlet tests: enable device.volume test
  * quadlet tests: remove unused socketactivated.container
  * fix(deps): update module github.com/stretchr/testify to v1.8.3
  * Correct markdown in docs
  * fix(deps): update module github.com/onsi/gomega to v1.27.7
  * [CI:DOCS] Improve security in mysql examples
  * Cirrus: Record the buildah version for reference
  * test/e2e: do not call setenforce
  * Fix discombobulated kubernetes support table
  * run: ignore PODMAN_USERNS with --pod
  * Add --configmap to podman-remote kube play
  * compat: accept tag in /images/create?fromSrc
  * fix HTMLSpan warnings
  * generate systemd: error on init containers
  * Remove future tense from man pages
  * compat,build: pull must accept string
  * Cirrus: Add support for `[CI:NEXT]`
  * Cirrus: Remove support for `[CI:COPR]` magic
  * system tests: add precision timestamps
  * Makefile: add ginkgo FOCUS/FOCUS_FILE options
  * e2e: refactor and document serialization
  * machine: fix default connection URL to use 127.0.0.1
  * e2e: serialize gpg tests
  * Document podman-machine-default behavior
  * e2e: fix more test races (missing "wait")
  * fix(deps): update module github.com/openshift/imagebuilder to v1.2.5
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.5
  * Fix documentation of `--network-cmd-path` CLI option
  * Skip rhel-release branch unnecessary CI tasks
  * test/e2e: dedup Before/AfterEach nodes
  * remote-save: fix permissions and dir formats
  * Set machine docker.sock according to rootful flag
  * Fix handling of .containenv on tmpfs
  * Do not include image annotations when building spec
  * build(deps): bump github.com/docker/distribution
  * Kube Play - Support multi-doc YAML files for configmap argument
  * system tests: instrument, to try to catch unlinkat-ebusy
  * test: check restart policy of init containers
  * Update sigstore/rekor after https://github.com/sigstore/rekor/pull/1469
  * issue template: mention `su`
  * e2e: logs test: fix flakes
  * fix(deps): update module github.com/containernetworking/plugins to v1.3.0
  * e2e: stop podman.service test: wait for server
  * logformatter: handle podman-machine test logs
  * fix(deps): update module golang.org/x/tools to v0.9.1
  * [CI:DOCS] Disable Dependabot in favor of Renovate
  * Ensure the consistent setting of the HOME env variable on container start
  * Quadlet system tests - fix socket notification
  * sqlite: disable WAL mode
  * system tests: timeoutize quadlet, systemd
  * test: update README for integration tests
  * libpod/Container.rootFsSize(): use recorded image sizes
  * quadlet: support `HostName`
  * e2e: fix race in a play-kube test
  * Fix preference of user quadlets directories
  * fix(deps): update module golang.org/x/tools to v0.9.0
  * fix(deps): update module golang.org/x/net to v0.10.0
  * Check on client side for Containerfile, if none specified
  * build(deps): bump github.com/docker/docker
  * Buildah treadmill: several fixes
  * fix(deps): update github.com/containers/common digest to 3e93a76
  * chore(deps): update dependency docker to ~=6.1.0
  * Update docs/source/markdown/podman-systemd.unit.5.md
  * fix(deps): update github.com/containers/common digest to bc15b04
  * fix: initContainer restart policy overridden by pod
  * fix(deps): update module golang.org/x/sync to v0.2.0
  * chore(deps): update dependency requests to ~=2.30.0
  * ginkgo json output: only in CI, not on laptop runs
  * Allow user quadlets to be stored under /etc
  * fix(deps): update github.com/containers/common digest to ea87b34
  * libpod: do not Cleanup() more than once
  * compat container create: match duplicate mounts correctly
  * Update podman-completion.1.md
  * fix(deps): update github.com/containers/buildah digest to e925b58
  * Run generate.CompleteSpec() for initContainers as well
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.4
  * remote: return better connect error
  * Add missing man page links for Docker man pages
  * Replace egrep/fgrep with grep -E/-F
  * remote: exec inspect update exec session status
  * fix(deps): update github.com/digitalocean/go-qemu digest to f035778
  * fix(deps): update github.com/godbus/dbus/v5 digest to 6cc540d
  * fix(deps): update github.com/containers/buildah digest to f353690
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.3
  * MVP for Podman Machine with AppleHV
  * e2e tests: try writing & preserving ginkgo json artifacts
  * vendor: bump buildah to v1.30.1-0.20230501124043-3908816d5310
  * bindings, build: don't pass invalid platform in case of none
  * Revert "logformatter: anchors: link to test summary, not name"
  * More cleanup: volumes: do not export to stdout
  * e2e test cleanup
  * Update kube gen & play to use pod restart policy
  * Add {{.Restarts}} to podman pod ps
  * Add {{.Restarts}} to podman ps
  * Add --restart flag to pod create
  * history: correctly set tags
  * fix(deps): update module github.com/moby/term to v0.5.0
  * Makefile: do not run machine test in parallel
  * pkg/machine/e2e: switch to GinkgoWriter
  * api: fix parsing filters
  * ginkgo-v2 cleanup workaround for #18180
  * test/e2e: fix custom timing reporting
  * logformatter: anchors: link to test summary, not name
  * WIP: logformatter: handle ginkgo v2 logs
  * test/e2e: unshare --rootless-netns cleanup slirp4netns
  * test/e2e: run system reset test serial
  * test/e2e: fix CleanupVolume/Secrets()
  * ginkgo v2: fix new Skip() behavior
  * test/e2e: fix pause tests to unpause before cleanup()
  * ginkgo v2: drop localbenchmarks
  * test/e2e: switch to GinkgoWriter
  * test/e2e: unset CONTAINERS_CONF before Cleanup()
  * ginkgo: run on all cores
  * test/e2e: fix Cleanup()
  * test/e2e: fix "podman run ipcns ipcmk container test"
  * test/e2e: actually check for cleanup errors
  * Lower e2e timeout to not waste time when it hangs
  * test/e2e: containers.conf tests add missing Wait()
  * ginkgo v2: remove CurrentGinkgoTestDescription()
  * ginkgo v2: remove deprecated flags
  * update to ginkgo v2
  * test/e2e: do not remove CNI directory
  * e2e: login_logout: use unique authfile for each test
  * Fix clashing subuid
  * [CI:DOCS] troubleshooting: fix subuid example
  * manifest, push: use source as destination if not specified
  * Update github.com/moby/term digest to 0564e01
  * Add name-generation test
  * Implement machine provider selection
  * libpod: improve errors management in cleanupStorage
  * libpod: report unmount idmapped rootfs errors
  * test: do not wait 10 seconds before killing myyaml
  * podman: simplify code with a switch
  * test: fix typo
  * build(deps): bump github.com/docker/docker
  * swagger: fix Info name conflict
  * Nightly dependency treadmill: remove
  * Update short description for disconnect cmd
  * windows: podman save allow the use of stdout
  * Update c/common and avoid setting umask
  * Cirrus: Update CI VM Image to F38/37
  * Cirrus: Run code validation on rawhide
  * Fix rand.Seed() deprecation in golang 1.20
  * Add sha256: to images history id for docker compatibility
  * Support systemd optional prefix '-' for devices.
  * Fix a copy/paste error in an error message
  * chore(deps): update dependency requests to ~=2.29.0
  * Fix simple typo in podman-network-create.md
  * e2e cleanup: push with auth: add error checks
  * e2e: remove "-it" from podman run & exec
  * pkg/machine: rework RemoveConnection()
  * machine: qemu only remove connection after confirmation
  * Add file swith for pre-exec
  * system reset: show graphRoot/runRoot before removal
  * fix manifest annotate help
  * Netavark userns test: give aardvark time to come up
  * sqlite: move first read into a transaction
  * Recover from failed podman machine start
  * rootless: support joining contianers that use host ns
  * auto-update: return errors when checking for updates
  * [skip-ci] Update dawidd6/action-send-mail action to v3.7.2
  * fix(deps): update github.com/containers/common digest to 46c4463
  * Add user mode networking feature to Windows
  * system/reset.go: help: fix typo
  * e2e create same-IP: try to fix flake
  * system tests: safer container-stop signaling
  * Revert "Resolve symlink path for qemu directory if possible"
  * ps: --format {{.State}} match docker output
  * test/system/260-sdnotify.bats: fix test flake
  * [CI:DOCS] Quadlet: clarify overriding user/system services
  * Eliminate transient container deps from wslkerninst
  * Wording
  * fix(deps): update github.com/containers/common digest to 5547996
  * cmd/podman/pods: omit superfluous runtime.NumCPU call
  * support `--digestfile` for remote push
  * e2e: skip journald test if journald is unavailable
  * Cirrus: Enable testing on Fedora rawhide
  * [CI:BUILD] Cirrus: remove copr rpm build task
  * chore(deps): update dependency setuptools to ~=67.7.0
  * Cirrus: Drop benchmarks artifacts
  * test/e2e: correctly reap service process
  * test/e2e: add missing options to remote service
  * test/e2e: fix incorrect usage of CreateTempDirInTempDir()
  * test/e2e: "podman-remote send correct path to copier" do not leak file
  * test/e2e: fix network create flake due same subnet
  * test/e2e: fix SkipIfNotActive()
  * test/e2e: do not try to use docker as rootless
  * test/e2e: do not leak "hello" file
  * podman-remote logs: handle server error correctly
  * test/e2e: use custom network config v2
  * rename ImagePushReport to ImagePushStream
  * Specify format to buildah before commit
  * Add eBPF snooper that traces the entire fork/exec graph of podman
  * libpod: stop containers with --restart=always
  * test: fix race when listing cgroups
  * compat: Translate `noprune` into ImageRemoveOptions.NoPrune
  * [CI:DOCS] Update RELEASE_PROCESS.md
  * hyperv: add podman socket mapping
  * e2e networking test: better way to get host IP
  * Updated system test to be easier to read
  * bindings tests: bail out early on image errors
  * libpod: fix TestPostDeleteHooks do not depend on version
  * chore(deps): update dependency setuptools to v67
  * fix(deps): update module github.com/containers/libhvee to v0.0.5
  * e2e: quadlet uses PODMAN env for podman binary path
  * Fixes format inconsistencies with docker for certain history fields
  * Makefile: do not prefix /etc
  * libpod: configureNetNS() tear down on errors
  * libpod: rootlessNetNs.Cleanup() fix error message
  * HyperV: wait on stop
  * build(deps): bump github.com/docker/docker
  * Makefile: include `release-artifacts` target
  * Enabled network over vsock
  * fix(deps): update module github.com/microsoft/go-winio to v0.6.1
  * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2
  * fix remote start --filter
  * Update API reference to include v4.5
  * Add missing security options to /info response
  * Add mention of redir to doc `rootless.md`
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
  * docs(readme): add status badges and remove hardcoded release info
  * Don't use bytes.NewBuffer to read data
  * Add support for HVSOCK on hyperv
  * docs: update network tutorial with netavark DHCP support
  * bump main to v4.6.0-dev
  * Remove disused test/install
  * Return title fields as a list
  * [CI:BUILD] Packit: Initial Enablement
  * Quadlet - do not set log-driver by default
  * system tests: address COPY-hardlink flake
  * chore(deps): update registry.centos.org/centos/centos docker tag to v8
  * system tests: fix race in kube-play read-only
  * chore(deps): update dependency docker to v6
  * CI: enable sqlite system tests
  * test: enable test_wait_next_exit
  * Update dependency PyYAML to v6
  * test/e2e/systemd_activate_test.go: simplify test
  * Update docker.io/library/golang Docker tag to v1.20
  * api: auth: fix nil deref
  * Update dependency requests-mock to ~=1.10.0
  * Update dependency requests to ~=2.28.2
  * fix: Document removing anonymous volumes at create
  * Use a sane polling interval in WaitContainerDocker
  * podman: added the --out option for capturing formatted output emitted by various commands
  * Renovate: Ensure release-note-none label is added
  * Renovate: Update ignore paths
  * *: migrate image registry to registry.k8s.io
  * Do not display the resource limits warning message

-------------------------------------------------------------------
Thu Jun 29 09:19:01 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Don't unconditionally Obsolete podman-cni-config, ensure clean upgrade path.

-------------------------------------------------------------------
Tue Jun 27 12:04:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Prefer Podman's new network stack (netavark) exclusively on ALP
- Remove unused podman-cni-config subpackage, add systemd

-------------------------------------------------------------------
Mon May 29 10:56:00 UTC 2023 - danish.prakash@suse.com

- Update to version 4.5.1:
  * Release v4.5.1
  * [CI:DOCS] Final release notes for v4.5.1
  * [CI:BUILD] Packit: set propose-downstream action type to pre-sync
  * Revert "Resolve symlink path for qemu directory if possible"
  * no need for podman-next rpm test on maint branch
  * [CI:BUILD] Packit: add jobs for downstream Fedora package builds
  * libpod: configureNetNS() tear down on errors
  * libpod: rootlessNetNs.Cleanup() fix error message
  * network create/update: allow dns servers comma separated
  * machine: fix default connection URL to use 127.0.0.1
  * compat: accept tag in /images/create?fromSrc
  * compat container create: match duplicate mounts correctly
  * machine: qemu only remove connection after confirmation
  * windows: podman save allow the use of stdout
  * remote: exec inspect update exec session status
  * podman-remote logs: handle server error correctly
  * libpod: stop containers with --restart=always
  * Do not include image annotations when building spec
  * [v4.5] system tests: fix race in kube-play read-only
  * api: fix parsing filters
  * Support systemd optional prefix '-' for devices.
  * *: migrate image registry to registry.k8s.io
  * Makefile: include `release-artifacts` target
  * [CI:BUILD] Packit: Initial Enablement
  * Bump to v4.5.1-dev

-------------------------------------------------------------------
Tue Apr 18 06:46:57 UTC 2023 - danish.prakash@suse.com

- Update to version 4.5.0:
  * Release v4.5.0
  * [CI:DOCS] Final release notes for v4.5.0
  * Quadlet - do not set log-driver by default
  * Return title fields as a list
  * Bump to v4.5.0-dev
  * Bump to v4.5.0-RC2
  * Final release notes for v4.5.0-RC2
  * test/e2e: remove unnecessary SkipIfNetavark() calls
  * test/e2e: deduplicated network test
  * docs: update podman-network-create.1
  * network create: add --interface-name
  * test/system/252-quadlet.bats: fix flake
  * Read kube_generate_type from containers.conf
  * Debian setup: workaround for runc /dev/char/10:200 bug
  * pkg/rootless: use catatonit from /usr/libexec/podman
  * rootless: make sure we only use a single pause process
  * Use atomic config writing strategy for podman machine config files
  * Add remaining release notes for v4.5.0-RC2
  * GHA: Use version instead of SHA for actions
  * chore(deps): update dependency containers/automation_images to v20230405
  * build: pass env by reference
  * test: retrofit error message
  * test/system: expect 12 char for short id
  * vendor: bump containers/(storage, common, buildah, image)
  * [skip-ci] Update actions/upload-artifact action to v3
  * [skip-ci] Update actions/stale action to v8
  * [skip-ci] Update actions/setup-go action to v4
  * [skip-ci] Update github/issue-labeler action to v2.6
  * Fix up codespell errors
  * Capitalize all uid,gid and id words that are not options in docs
  * build(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 in /test/tools
  * Properly remove the service container during kube down
  * quadlet: add `UserNS` option key
  * [CI:DOCS] Release notes for 4.5.0 Part 1
  * "podman pull by digest and list --all" test: untag instead of rmi
  * build(deps): bump golang.org/x/text from 0.8.0 to 0.9.0
  * Add renovate.json configuration
  * CI: postbuild step: skip under nightly treadmill
  * The `--ulimit` option accepts the name with an `RLIMIT_` prefix both upper and lower case
  * test/e2e: use custom network config dir where needed
  * chore: replace `github.com/ghodss/yaml` with `sigs.k8s.io/yaml`
  * update completion scripts for cobra v1.7.0
  * libpod.storageService.CreateContainerStorage(): retrieve ID maps
  * Fix invalid pod name and hostname during kube generate
  * e2e tests: fix racy flakes
  * Cirrus: Enable labeling of EC2 VMs
  * Cirrus: Fix aarch64 clone_script 404 errors
  * e2e: GinkgoParallelNode() -> ...Process()
  * build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
  * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
  * [CI:DOCS] --creds and registries
  * Copr: fix build deps for /usr/bin/envsubst
  * Don't error when removing non-existant env vars
  * e2e: healthcheck on stopped container: fix flake
  * test/apiv2/80-kube.at
  * test/apiv2/80-kube.at
  * system service: do not close Body
  * rm `hack/release.sh`
  * build(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6
  * add `quadlet -version` flag
  * add version/rawversion package
  * quadlet: use `Flag` suffix for variables
  * quadlet: implement `Tmpfs` option
  * Bump to v4.5.0-dev
  * Bump to 4.5.0-rc1
  * Update release notes from 4.4 branch
  * rootless netns: recover from invalid netns
  * System tests: unverbosify a flake log
  * Add support for secret exists
  * Fix Win install task failures with large PR bodies
  * docs: add `starting` to `HealthCheckResults.Status`
  * Add support for cgroup_config from containers.conf
  * libpod: mount safely subpaths
  * Support Deployment generation with kube generate
  * Use secret.items to create volume mounts if present
  * [CI:DOCS] fix typo in --systemd option
  * rootless: drop preexec hook error message
  * Edit the docker wrapper to use the install prefix
  * Update podman-for-windows.md
  * Quadlet: RemapUsers documentation fixes
  * speed up image listing
  * vendor containers/common@e27c30ee9b1b
  * fix volume-plugin-test flake
  * Document building Podman remote on Windows hosts
  * test/e2e: gpg keep stdout/err attached
  * auto-update: stop+start instead of restart sytemd units
  * [CI:DOCS] Improve basic tutorial
  * Update docs/source/markdown/podman-network.1.md
  * Add debug to --wait test
  * fix slirp4netns resolv.conf ip with a userns
  * Quadlet: add support for keep-id with mapping values
  * Quadlet E2E test - run quadlet as user generator
  * sqlite: do not `Ping()` after connecting
  * Quadlet - treat paths starting with systemd specifiers as absolute
  * Update docs/source/markdown/podman-kube-play.1.md.in
  * system tests: use CONTAINERS_CONF_OVERRIDE
  * implement podman machine set for hyperv
  * [CI:DOCS] Add network subnets info to network man page
  * CI: retry the golangci install
  * system tests: fix racey sdnotify test
  * hyperv: lookup machine on local filesystem first
  * fix os.IsNotExist() CI check
  * Ensure that SQLite state handles name-ID collisions
  * macos pkginstaller: do not fail when podman-mac-helper fails
  * podman-mac-helper: install: do not error if already installed
  * build(deps): bump github.com/onsi/gomega from 1.27.4 to 1.27.5
  * Fix a race around SQLite DB config validation
  * add CONTAINERS_CONF_OVERRIDE
  * vendor containers/common@main
  * docs: minor grammar fix in `--volume` description
  * sqlite: do not use shared cache
  * test: podman checkpoint/restore the latest container
  * stats compat API: return "id" lowercase
  * Run make codespell
  * Drop SQLite max connections
  * sqlite: set connection attributes on open
  * Fix database locked errors with SQLite
  * quadlet tests: skip on RHEL8 rootless
  * Kube Play Doc: Document the support for K8S Secret
  * New ulimit test: bump up minimum nfiles
  * logformatter: hide --db-backend, and friendlyize quadlet
  * Quadlet - add support for relative path in Volume key in .container file
  * Add service ctr cleanup to PlayKubeDown
  * fix --health-on-failure=restart in transient unit
  * Quadlet Doc: Suggest the kill operation for HealthOnFailure
  * Quadlet - Add support for health checks configuration in .container files
  * Makefile: allow specifying /lib dir location
  * Fix option --opts -> --opt
  * basic hypverv machine implementation
  * Fix SQLite DB schema migration code
  * Add support for oom_score_adj value from containers.conf
  * Use default_ulimits field in containers.conf
  * CI: test and confirm DESIRED_DATABASE
  * build(deps): bump github.com/openshift/imagebuilder
  * logformatter: futureproof output filename
  * Vendor in latest containers/(storage, common, image)
  * build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.30.0
  * test/system/255-auto-update.bats: add debug logs
  * Revert "Revert "pasta: Use two connections instead of three in TCP range forward tests""
  * Add information for secret inspect
  * Add format to podman volume ls
  * Add format to podman volume inspect
  * Add format to podman secret ls
  * Add format to podman system df
  * Add format to podman machine info
  * Add format table to podman image inspect man page
  * Cirrus: Store podman machine benchmark data
  * Update Cirrus display names, and fix get-ci-vm script
  * Ensure SQLite places uses the runroot in transient mode
  * Fix various integration test issues with SQLite state
  * Remove test for pod/container name global uniqueness
  * Improve handling of existing container names in SQLite
  * Add SQLite job to CI
  * buildah treadmill: also run rootless tests
  * build(deps): bump github.com/vbatts/git-validation in /test/tools
  * auto update: return restart error
  * fix: Document removing anonymous volumes
  * events: no duplicates when streaming during a log rotation
  * Add search --cert-dir, --creds
  * podman-mac-helper: exit 1 on error
  * system service --log-level=trace: support hijack
  * test/system: fix wait_for_port() to wait for bind
  * cgroupns: private cgroupns on cgroupv1 breaks --systemd
  * libpod: remove error stutter
  * podman events: unhide --stream
  * test/system/255-auto-update.bats: multiple services
  * 255-auto-update.bats: turn off rollback where needed
  * Use append() to add elements to a slice
  * Revert "pasta: Use two connections instead of three in TCP range forward tests"
  * Support running nested SELinux container separation
  * bud tests: rootless remote: use correct socket path
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.2.1 to 8.3.0
  * compat: /auth: parse server address correctly
  * docs: fix cmd `set DOCKER_HOST` suggestion
  * test: reenable idmap test
  * Must use mountlabel when creating builtin volumes
  * podman.spec.rpkg: distro conditionals for modulesloaddir
  * build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
  * podman inspect list network when using --net=host or none
  * pasta: Re-enable "Local forwarder, IPv4" test, accept NXDOMAIN as response
  * build(deps): bump golang.org/x/tools from 0.6.0 to 0.7.0 in /test/tools
  * CI: Switch to c20230307t192532z-f37f36d12 images
  * Cirrus: Run system & integration tests in parallel
  * Update checkpointctl v0.1.0
  * Quadlet: add support for setting --ip and --ip6
  * build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
  * build(deps): bump golang.org/x/sys from 0.5.0 to 0.6.0
  * libpod: avoid nil pointer dereference in (*Container).Cleanup
  * [CI:DOCS] Add image not found info to troubleshooting
  * cmd: do not require userns for "version"
  * cmd: drop special handling for "scp"
  * cmd: clarify meaning of ParentNSRequired
  * Fix package restore
  * [CI:DOCS] Fix docs/version-check always requesting updates
  * sqlite: add a hidden --db-backend flag
  * fix: update the default machine value when the previously set default machine is deleted
  * podman machine: Adjust Chrony makestep config
  * sqlite: add container short ID to network aliases
  * sqlite: remove dead code
  * sqlite: addContainer: add named volume only once
  * sqlite: implement RewriteVolumeConfig
  * sqlite: LookupVolume: fix partial name match
  * sqlite: LookupVolume: wrap error
  * sqlite: fix type rewriting container config
  * sqlite: return correct error on pod-name conflict
  * sqlite: RewritePodConfig: update error message
  * test/system/255-auto-update.bats: wait 10 for update to finish
  * auto-update test: wait for service to be ready
  * Vendor in latest containers/(common, storage, image)
  * play kube: Add --wait option
  * Cirrus: Fix git config permission denied
  * Quadlet: Add support for the Mount key in .container files
  * build(deps): bump github.com/onsi/gomega from 1.27.1 to 1.27.2
  * fix "podman logs --since --follow" flake
  * Clarify that replicas are ignored in kubernetes deployment
  * Revert "Skip all pasta tests"
  * CI: Switch to c20230223t153813z-f37f36d12 images
  * Fix user socket path
  * pkginstaller: bump Qemu to version 7.2.0
  * Cirrus: Fix bud tests failing to apply patches
  * build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2
  * build(deps): bump github.com/coreos/stream-metadata-go
  * Vendor in latest containers/storage
  * buildah-bud tests: don't sudo when rootless is desired
  * Temporarily disable version-check
  * CI: new rootless buildah-bud tests (cron only)
  * sqlite: fix volume lookups with partial names
  * sqlite: fix container lookups with partial IDs
  * sqlite: fix LookupPod
  * sqlite: fix pod create/rm
  * sqlite: LookupContainer: update error message
  * sqlite: AddContainerExitCode: allow to replace
  * system: add warning when running rootless on cgroupv1
  * sqlite: fix AllContainers with state
  * sqlite: fix "UPDATE TABLE" typos
  * sqlite: SaveVolume: fix syntax error updating the volumes table
  * sqlite: exit code: allow -1
  * sqlite: fix typo when removing exec sessions
  * sqlite: AllContainers: fix inner join
  * sqlite: move migration after table creation
  * sqlite: implement pod methods
  * Quadlet - use the default runtime
  * docs: context is not optional for build
  * Fix an incorrect comment on NewSqliteState
  * Add support for containers.conf database setting
  * Add support for volume operations to SQLite state
  * Implement exec session handling in SQL database
  * Various fixes from code review
  * Remove `--namespace` flag from Podman root
  * Get E2E tests to pass
  * Implement network disconnect for SQLite state
  * Implement Network Connect/Modify for SQLite state
  * Fix various lint issues
  * Some further work on SQLite state
  * Remove concept of Namespaces from BoltDB
  * Add initial SQLite-backed state implementation
  * Cirrus: Support runc testing on debian VMs
  * Skip all pasta tests
  * Skip buildah-bud test
  * Skip buildx test with VFS podman storage driver
  * Skip 'podman kube --network' test for rootless CGv1
  * Skip tests which fail with CGv1 & runc
  * Skip rootless CGv1 quadlet tests due to issue
  * Makefile: Define SHELL
  * Machine refactor for QEMU/AppleHV
  * machine refactoring preparations for hyperv
  * [CI:BUILD] spec.rpkg: trim dependency list
  * Logs follow-until tests: loosen checks
  * [CI:DOCS] Windows/Mac docs link update
  * Doc update for docker network options via CLI
  * compat API: network create return 409 for duplicate
  * Apply suggestions to man page
  * vendor c/common@852ca05a1fbb
  * Quadlet: Add support for LogDriver key in container and kube units
  * machine refactoring preparations for hyperv
  * libpod: always use direct mapping
  * netavark: only use aardvark ip as nameserver
  * build(deps): bump github.com/container-orchestrated-devices/container-device-interface
  * podman logs passthrough driver support --cgroups=split
  * journald logs: simplify entry parsing
  * podman logs: read journald with passthrough
  * make docs: sanity check for broken man pages
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.6 to 8.2.0
  * build(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1
  * kube: rm secret on down, print secret on play
  * Fix spacing typo that triggered OCD & indent units in podman-systemd.unit(5)
  * Update remote_client.md
  * [CI:DOCS] Add restriction to option README
  * Revert "CI: Temporarily disable all AWS EC2-based tasks"
  * build(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0
  * kube play: only enforce passthrough in Quadlet
  * journald: remove initializeJournal()
  * auto-update: support pods
  * Emergency fix for man pages: check for broken includes
  * System tests: assert(): friendlier failure messages
  * Cirrus: Fix version-check to only run on `main` job
  * CI: Temporarily disable all AWS EC2-based tasks
  * build(deps): bump github.com/containerd/containerd from 1.6.16 to 1.6.18
  * volume,container: chroot to source before exporting content
  * Support sysctl configs via podman kube play
  * [CI:BUILD] copr: podman.spec.rpkg cleanups
  * quadlet system tests: add useful defaults, logging
  * libpod: support relative positions for idmaps
  * Experimental workaround for cdn03.quay.io flake
  * system tests: prevent leading tabs
  * Introduce podman machine os apply
  * create: add support for --group-entry
  * fix != filter in volume prune
  * Allow specification of podman --remote build -f -
  * Quadlet use crun specified in containers.conf
  * build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
  * Vendor c/image after https://github.com/containers/image/pull/1847
  * Don't set hostPort when generating a service
  * man page --format xref: tighten the autocompletion check
  * add support for limiting tmpfs size for systemd-specific mnts
  * build(deps): bump golang.org/x/text from 0.6.0 to 0.7.0
  * Add ulimit annotation to kube gen & play
  * man page xref: validate displayed man page names
  * quadlet: add ExecStop
  * install sigproxy before start/attach
  * build(deps): bump golang.org/x/tools from 0.5.0 to 0.6.0 in /test/tools
  * Fix typos
  * Cirrus: Make benchmarks .env file easier to load
  * Cirrus: Omit functions in env. file
  * kube play: set service container as main PID when possible
  * Fix typos. Improve language.
  * events + container inspect test: RHEL fixes
  * Add ctrName to network alias during kube play
  * Run codespell on codebase
  * podman image scp: added identity for ssh.Exec
  * [CI:DOCS] Clarify nomap constrains
  * [CI:DOCS] man-page checker: include --format (Go templates)
  * Vendor c/image after https://github.com/containers/image/pull/1816
  * [CI:DOCS] Cleanup some man pages to display options with line breaks
  * [CI:DOCS] Add tables to podman-systemd.unit man page
  * github: remove prefix from bugs/features
  * Quadlet: Add support for the Secret key in Container group
  * [CI:DOCS] OWNERS: add @ygalblum and @alexlarsson
  * build(deps): bump golang.org/x/term from 0.4.0 to 0.5.0
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.4 to 8.1.6
  * Sort quadlet keys to make it easier to read
  * e2e: fix some tests on remote
  * kube play: do not teardown unconditionally on error
  * Fix typos in comments
  * Resolve symlink path for qemu directory if possible
  * #17363 Fix contradicting documentation podman-commit
  * Fix a potential UID/GID collision in unit tests
  * golangci-lint: show all errors at once
  * update golangci-lint to version 1.51.1
  * [CI:DOCS] events: document journald identifiers
  * Quadlet: exit 0 when there are no files to process
  * network ls: handle removed container
  * e2e: adapt play kube test on remote rootless
  * docs/podman-systemd.unit: Explicitely mention network & kube units
  * docs/podman-systemd.unit: Update example to work out of the box
  * [CI:BUILD] Cirrus: Fix GraphQL ownerRepository:null error
  * Add missing return after errors
  * Revert "Cirrus: Emergency fix to un-stuck PRs"
  * pasta: Fix ICMPv6 Echo test, skip it for the moment
  * pasta: Fix ICMP Echo Request (IPv4) test
  * pasta: Use two connections instead of three in TCP range forward tests
  * Add SELinux label types support to quadlet
  * Add quadlet support for rootfs= containers
  * Cirrus: Emergency fix to un-stuck PRs
  * Move clean-binaries before podman-remote in podman-remote-docs target
  * oci: bind mount /sys with --userns=(auto|pod:)
  * Cleanup podman-systemd.unit file
  * Install podman-systemd.unit  man page, make quadlet discoverable
  * libpod: allow userns=keep-id for root
  * system-reset: use CleanCacheMount to clear build cache
  * vendor: bump buildah to v1.29.1-0.20230201192322-e56eb25575c7
  * system tests: fix noexistent labels test in the remote
  * Expose Podman named pipe in Inspect output
  * libpod: support idmap for --rootfs
  * test: adapt test to work on cgroupv1
  * Bump to v4.5.0-dev
  * Update main to reflect v4.4.0 release
  * Update from /github.com/vbauerster/mpb/v7 to /v8
  * hack/perf: cleanup after benchmarks
  * hack/perf/bz-2162111.sh: use custom network
  * Update bug_report.yaml
  * Handle filetype field in kubernetes.yaml files
  * hack/perf/bz-2162111.sh: measure stop
  * make hack/markdown-preprocess parallel-safe
  * system tests: fix volume exec/noexec test
  * system tests: minor fix for RHEL8 incompatibility
  * Cirrus: Use versionable IMAGE_SUFFIX
  * utils: new conversion method
  * libpod: use GraphRoot for overlay upper dir
  * vendor: update containers/storage
  * Do not mount /dev/tty into rootless containers
  * build(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7
  * e2e: fix run_staticip_test about no_proxy
  * docs: specify order preference for FROM
  * Fixes port collision issue on use of --publish-all
  * Support for Windows paths in the source position of the volume mounts
  * e2e tests: fix incorrect os.User.Name
  * Log data that we failed to unmarshal
  * [CI:DOCS] hack/perf: add script for BZ 216111
  * container rm: save once for exec removal and state change
  * [DOCS:CI] podman-events: document verbose create events
  * e2e: Avoid hard-coding included in quadlet test
  * e2e: Avoid hard-coding ImageCacheDir
  * Making gvproxy.exe optional for building Windows installer
  * Add gvproxy to Windows packages
  * Add comment to clarify error handling intention
  * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
  * Fix usage of absolute windows paths with --image-path
  * Match VT device paths to be blocked from mounting exactly
  * Fix default handling of pids-limit
  * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
  * journald: podman logs only show logs for current user
  * journald: podman events only show events for current user
  * e2e: Remove the cache with "podman unshare rm" when a rootless user
  * Clean up more language for inclusiveness
  * e2e: Remove some directories at SynchronizedAfterSuite
  * fix: don't output "ago" when container is currently up and running
  * fix: running check error when podman is default in wsl
  * fix CI: test fail due to merge
  * Bump Bulidah to v1.29.0
  * e2e: reduce dependency on /tmp for e2e tests
  * Bump cirrus image with easier dependency management
  * quadlet: Add device support for .volume files
  * remote,build: error if containerignore is symlink
  * DB: make loading container states optional
  * ps: do not sync container
  * Set runAsNonRoot=true in gen kube
  * WSL refactoring
  * kube-play: add support for HostIPC in pod.Spec
  * Allow --device-cgroup-rule to be passed in by docker API

-------------------------------------------------------------------
Fri Apr 14 14:18:34 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Don't build against EoL go versions, fixes bsc#1210299

-------------------------------------------------------------------
Tue Mar 28 04:36:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Update to version 4.4.4:
  * Bump to v4.4.4
  * Release notes for v4.4.4
  * libpod: always use direct mapping
  * macos pkginstaller: do not fail when podman-mac-helper fails
  * podman-mac-helper: install: do not error if already installed
  * Bump to v4.4.4-dev

- spec: Bump required version for libcontainers-common (bsc#1209495)

-------------------------------------------------------------------
Fri Mar 24 04:56:25 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Update to version 4.4.3:
  * Bump to v4.4.3
  * Release notes for v4.4.3
  * compat: /auth: parse server address correctly
  * vendor github.com/containers/common@v0.51.1
  * pkginstaller: bump Qemu to version 7.2.0
  * podman machine: Adjust Chrony makestep config
  * [v4.4] fix --health-on-failure=restart in transient unit
  * podman logs passthrough driver support --cgroups=split
  * journald logs: simplify entry parsing
  * podman logs: read journald with passthrough
  * journald: remove initializeJournal()
  * netavark: only use aardvark ip as nameserver
  * compat API: network create return 409 for duplicate
  * fix "podman logs --since --follow" flake
  * system service --log-level=trace: support hijack
  * podman-mac-helper: exit 1 on error
  * bump golang.org/x/net to v0.8.0
  * Fix package restore
  * Quadlet - use the default runtime
  * Bump to v4.4.3-dev

- Remove patch (merged upstream):
  * Quadlet-use-the-default-runtime.patch
    (https://github.com/containers/podman/pull/17601)

-------------------------------------------------------------------
Mon Feb 27 13:54:33 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Add patch to let quadlet use the default runtime
  Added patch:
  * Quadlet-use-the-default-runtime.patch
  => Remove dependency on crun

-------------------------------------------------------------------
Fri Feb 24 02:29:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Update to version 4.4.2:
  * Bump to v4.4.2
  * Release notes for v4.4.2
  * Revert "CI: Temporarily disable all AWS EC2-based tasks"
  * kube play: only enforce passthrough in Quadlet
  * Emergency fix for man pages: check for broken includes
  * CI: Temporarily disable all AWS EC2-based tasks
  * quadlet system tests: add useful defaults, logging
  * volume,container: chroot to source before exporting content
  * install sigproxy before start/attach
  * Update to c/image 5.24.1
  * events + container inspect test: RHEL fixes
  * Bump to v4.4.2-dev

- Remove patches (merged upstream):
  * volume-container-chroot-to-source-before-exporting-content.patch
- podman.spec: add `crun` requirement for quadlet
    (https://github.com/containers/podman/pull/17601)

-------------------------------------------------------------------
Tue Feb 21 07:40:30 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- podman.spec: set PREFIX at build stage (boo#1208510)

-------------------------------------------------------------------
Fri Feb 17 13:39:16 UTC 2023 - Dan Čermák <dcermak@suse.com>

- Add patch to fix bsc#1208364 aka CVE-2023-0778

Added patch:
  * volume-container-chroot-to-source-before-exporting-content.patch

-------------------------------------------------------------------
Thu Feb 09 12:15:40 UTC 2023 - fvogt@suse.com

- Update to version 4.4.1:
  * Bump to v4.4.1
  * Update release notes for Podman 4.4.1
  * kube play: do not teardown unconditionally on error
  * Resolve symlink path for qemu directory if possible
  * events: document journald identifiers
  * Quadlet: exit 0 when there are no files to process
  * Cleanup podman-systemd.unit file
  * Install podman-systemd.unit  man page, make quadlet discoverable
  * Add missing return after errors
  * oci: bind mount /sys with --userns=(auto|pod:)
  * docs: specify order preference for FROM
  * Cirrus: Fix & remove GraphQL API tests
  * test: adapt test to work on cgroupv1
  * make hack/markdown-preprocess parallel-safe
  * Fix default handling of pids-limit
  * system tests: fix volume exec/noexec test
  * Bump to v4.4.1-dev

-------------------------------------------------------------------
Thu Feb 02 12:57:45 UTC 2023 - dcermak@suse.com

- Remove patches (merged upstream or resolved otherwise):
  * 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
  * 0002-Make-the-priority-for-picking-the-storage-driver-con.patch
  * 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch

- remove long obsolete update scriptlets

- Update to version 4.4.0:
  * Bump to v4.4.0
  * Final release notes for v4.4.0
  * Emergency fix for RHEL8 gating tests
  * Do not mount /dev/tty into rootless containers
  * Fixes port collision issue on use of --publish-all
  * Fix usage of absolute windows paths with --image-path
  * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
  * podman-events: document verbose create events
  * Making gvproxy.exe optional for building Windows installer
  * Add gvproxy to Windows packages
  * Match VT device paths to be blocked from mounting exactly
  * Clean up more language for inclusiveness
  * Set runAsNonRoot=true in gen kube
  * quadlet: Add device support for .volume files
  * fix: running check error when podman is default in wsl
  * fix: don't output "ago" when container is currently up and running
  * journald: podman logs only show logs for current user
  * journald: podman events only show events for current user
  * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
  * DB: make loading container states optional
  * ps: do not sync container
  * Allow --device-cgroup-rule to be passed in by docker API
  * [v4.4] Bump to Buildah v1.29.0
  * Bump to v4.4.0-dev
  * Bump to v4.4.0-RC3
  * Create release notes for v4.4.0
  * Cirrus: Update operating branch
  * fix APIv2 python attach test flake
  * ps: query health check in batch mode
  * make example volume import, not import volume
  * Correct output when inspecting containers created with --ipc
  * Vendor containers/(storage, image, common, buildah)
  * Get correct username in pod when using --userns=keep-id
  * ps: get network data in batch mode
  * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
  * add hack/perf for comparing two container engines
  * systems: retrofit dns options test to honor other search domains
  * ps: do not create copy of container config
  * libpod: set search domain independently of nameservers
  * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
  * podman: relay custom DNS servers to network stack
  * (fix) mount_program is in storage.options.overlay
  * Change example target to default in doc
  * network create: do not allow `default` as name
  * kube-play: add support for HostPID in podSpec
  * build(deps): bump github.com/docker/docker
  * Let's see if #14653 is fixed or not
  * Add support for podman build --group-add
  * vendor in latests containers/(storage, common, build, image)
  * unskip network update test
  * do not install swagger by default
  * pasta: skip "Local forwarder, IPv4" test
  * add testbindings Makefile target
  * update CI images to include pasta
  * [CI:DOCS] Add CNI deprecation notices to documentation
  * Cirrus: preserve podman-server logs
  * waitPidStop: reduce sleep time to 10ms
  * StopContainer: return if cleanup process changed state
  * StopSignal: add a comment
  * StopContainer: small refactor
  * waitPidStop: simplify code
  * e2e tests: reenable long-skipped build test
  * Add openssh-clients to podmanimage
  * Reworks Windows smoke test to tunnel through interactive session.
  * fix bud-multiple-platform-with-base-as-default-arg flake
  * Remove ReservedAnnotations from kube generate specification
  * e2e: update test/README.md
  * e2e: use isRootless() instead of rootless.IsRootless()
  * Cleanup documentation on --userns=auto
  * Bump to v4.4.0-dev
  * Bump to v4.4.0-rc2
  * Vendor in latest c/common
  * sig-proxy system test: bump timeout
  * build(deps): bump github.com/containernetworking/plugins
  * rootless: rename auth-scripts to preexec-hooks
  * Docs: version-check updates
  * commit: use libimage code to parse changes
  * [CI:DOCS] Remove experimental mac tutorial
  * man: Document the interaction between --systemd and --privileged
  * Make rootless privileged containers share the same tty devices as rootfull ones
  * container kill: handle stopped/exited container
  * Vendor in latest containers/(image,ocicrypt)
  * add a comment to container removal
  * Vendor in latest containers/storage
  * Cirrus: Run machine tests on PR merge
  * fix flake in kube system test
  * kube play: complete container spec
  * E2E Tests: Use inspect instead of actual data to avoid UDP flake
  * Use containers/storage/pkg/regexp in place of regexp
  * Vendor in latest containers/storage
  * Cirrus: Support using updated/latest NV/AV in PRs
  * Limit replica count to 1 when deploying from kubernetes YAML
  * Set StoppedByUser earlier in the process of stopping
  * podman-play system test: refactor
  * Bump to v4.4.0-dev
  * Bump to v4.4.0-RC1
  * network: add support for podman network update and --network-dns-server
  * service container: less verbose error logs
  * Quadlet Kube - add support for PublishPort key
  * e2e: fix systemd_activate_test
  * Compile regex on demand not in init
  * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
  * E2E Test: Play Kube set deadline to connection to avoid hangs
  * Only prevent VTs to be mounted inside privileged systemd containers
  * e2e: fix play_kube_test
  * Updated error message for supported VolumeSource types
  * Introduce pkg retry logic in win installer task
  * logformatter: include base SHA, with history link
  * Network tests: ping redhat.com, not podman.io
  * cobra: move engine shutdown to Execute
  * Updated options for QEMU on Windows hosts
  * Update Mac installer to use gvproxy v0.5.0
  * podman: podman rm -f doesn't leave processes
  * oci: check for valid PID before kill(pid, 0)
  * linux: add /sys/fs/cgroup if /sys is a bind mount
  * Quadlet: Add support for ConfigMap key in Kube section
  * remove service container _after_ pods
  * Kube Play - allow setting and overriding published host ports
  * oci: terminate all container processes on cleanup
  * Update win-sshproxy to 0.5.0 gvisor tag
  * Vendor in latest containers/common
  * Fix a potential defer logic error around locking
  * logformatter: nicer formatting for bats failures
  * logformatter: refactor verbose line-print
  * e2e tests: stop using UBI images
  * k8s-file: podman logs --until --follow exit after time
  * journald: podman logs --until --follow exit after time
  * journald: seek to time when --since is used
  * podman logs: journald fix --since and --follow
  * Preprocess files in UTF-8 mode
  * Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools
  * Vendor in latest containers/(common, image, storage)
  * Switch to C based msi hooks for win installer
  * hack/bats: improve usage message
  * hack/bats: add --remote option
  * hack/bats: fix root/rootless logic
  * Describe copy volume options
  * Support sig-proxy for podman-remote attach and start
  * libpod: fix race condition rm'ing stopping containers
  * e2e: fix run_volume_test
  * Add support for Windows ARM64
  * Add shared --compress to man pages
  * Add container error message to ContainerState
  * Man page checker: require canonical name in SEE ALSO
  * system df: improve json output code
  * kube play: fix the error logic with --quiet
  * System tests: quadlet network test
  * Fix: List container with volume filter
  * adding -dryrun flag
  * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
  * Kube Play: use passthrough as the default log-driver if service-container is set
  * System tests: add missing cleanup
  * System tests: fix unquoted question marks
  * Build and use a newer systemd image
  * Quadlet Network - Fix the name of the required network service
  * System Test Quadlet - Volume dependency test did not test the dependency
  * fix `podman system connection - tcp` flake
  * vendor: bump c/storage to a747b27
  * Fix instructions about setting storage driver on command-line
  * Test README - point users to hack/bats
  * System test: quadlet kube basic test
  * Fixed `podman update --pids-limit`
  * podman-remote,bindings: trim context path correctly when its emptydir
  * Quadlet Doc: Add section for .kube files
  * e2e: fix containers_conf_test
  * Allow '/' to prefix container names to match Docker
  * Remove references to qcow2
  * Fix typos in man page regarding transient storage mode.
  * make: Use PYTHON var for .install.pre-commit
  * Add containers.conf read-only flag support
  * Explain that relabeling/chowning of volumes can take along time
  * events: support "die" filter
  * infra/abi: refactor ContainerRm
  * When in transient store mode, use rundir for bundlepath
  * quadlet: Support Type=oneshot container files
  * hacks/bats: keep QUADLET env var in test env
  * New system tests for conflicting options
  * Vendor in latest containers/(buildah, image, common)
  * Output Size and Reclaimable in human form for json output
  * podman service: close duplicated /dev/null fd
  * ginkgo tests: apply ginkgolinter fixes
  * Add support for hostPath and configMap subpath usage
  * export: use io.Writer instead of file
  * rootless: always create userns with euid != 0
  * rootless: inhibit copy mapping for euid != 0
  * pkg/domain/infra/abi: introduce `type containerWrapper`
  * vendor: bump to buildah ca578b290144 and use new cache API
  * quadlet: Handle booleans that have defaults better
  * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
  * Add podman-clean-transient.service service
  * Stop recording annotations set to false
  * Unify --noheading and -n to be consistent on all commands
  * pkg/domain/infra/abi: add `getContainers`
  * Update vendor of containters/(common, image)
  * specfile: Drop user-add depedency from quadlet subpackage.
  * quadlet: Default BINDIR to /usr/bin if tag not specified
  * Quadlet: add network support
  * Add comment for jsonMarshal command
  * Always allow pushing from containers-storage
  * libpod: move NetNS into state db instead of extra bucket
  * Add initial system tests for quadlets
  * quadlet: Add --user option
  * libpod: remove CNI word were no longer applicable
  * libpod: fix header length in http attach with logs
  * podman-kube@ template: use `podman kube`
  * build(deps): bump github.com/docker/docker
  * wait: add --ignore option
  * qudlet: Respect $PODMAN env var for podman binary
  * e2e: Add assert-key-is-regex check to quadlet e2e testsuite
  * e2e: Add some assert to quadlet test to make sure testcases are sane
  * remove unmapped ports from inspect port bindings
  * update podman-network-create for clarity
  * Vendor in latest containers/common with default capabilities
  * pkg/rootless: Change error text ...
  * rootless: add cli validator
  * rootless: define LIBEXECPODMAN
  * doc: fix documentation for idmapped mounts
  * bump golangci-lint to v1.50.1
  * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
  * [CI:DOCS] podman-mount: s/umount/unmount/
  * create/pull --help: list pull policies
  * Network Create: Add --ignore flag to support idempotent script
  * Make qemu security model none
  * libpod: use OCI idmappings for mounts
  * stop reporting errors removing containers that don't exist
  * test: added test from wait endpoint with to long label
  * quadlet: Default VolatileTmp to off
  * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
  * docs/options/ipc: fix list syntax
  * Docs: Add dedicated DOWNLOAD doc w/ links to bins
  * Make a consistently-named windows installer
  * checkpoint restore: fix --ignore-static-ip/mac
  * add support for subpath in play kube for named volumes
  * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
  * golangci-lint: remove three deprecated linters
  * parse-localbenchmarks: separate standard deviation
  * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
  * podman play kube support container startup probe
  * Add podman buildx version support
  * Cirrus: Collect benchmarks on machine instances
  * Cirrus: Remove escape codes from log files
  * [CI:DOCS] Clarify secret target behavior
  * Fix typo on network docs
  * podman-remote build add --volume support
  * remote: allow --http-proxy for remote clients
  * Cleanup kube play workloads if error happens
  * health check: ignore dependencies of transient systemd units/timers
  * fix: event read from syslog
  * Fixes secret (un)marshaling for kube play.
  * Remove 'you' from man pages
  * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
  * [CI:DOCS] test/README.md: run tests with podman-remote
  * e2e: keeps the http_proxy value
  * Makefile: Add podman-mac-helper to darwin client zip
  * test/e2e: enable "podman run with ipam none driver" for nv
  * [skip-ci] GHA/Cirrus-cron: Fix execution order
  * kube sdnotify: run proxies for the lifespan of the service
  * Update containers common package
  * podman manpage: Use man-page links instead of file names
  * e2e: fix e2e tests in proxy environment
  * Fix test
  * disable healthchecks automatically on non systemd systems
  * Quadlet Kube: Add support for userns flag
  * [CI:DOCS] Add warning about --opts,o with mount's -o
  * Add podman system prune --external
  * Add some tests for transient store
  * runtime: In transient_store mode, move bolt_state.db to rundir
  * runtime: Handle the transient store options
  * libpod: Move the creation of TmpDir to an earlier time
  * network create: support "-o parent=XXX" for ipvlan
  * compat API: allow MacAddress on container config
  * Quadlet Kube: Add support for relative path for YAML file
  * notify k8s system test: move sending message into exec
  * runtime: do not chown idmapped volumes
  * quadlet: Drop ExecStartPre=rm %t/%N.cid
  * Quadlet Kube: Set SyslogIdentifier if was not set
  * Add a FreeBSD cross build to the cirrus alt build task
  * Add completion for --init-ctr
  * Fix handling of readonly containers when defined in kube.yaml
  * Build cross-compilation fixes
  * libpod: Track healthcheck API changes in healthcheck_unsupported.go
  * quadlet: Use same default capability set as podman run
  * quadlet: Drop --pull=never
  * quadlet: Change default of ReadOnly to no
  * quadlet: Change RunInit default to no
  * quadlet: Change NoNewPrivileges default to false
  * test: podman run with checkpoint image
  * Enable 'podman run' for checkpoint images
  * test: Add tests for checkpoint images
  * CI setup: simplify environment passthrough code
  * Init containers should not be restarted
  * Update c/storage after https://github.com/containers/storage/pull/1436
  * Set the latest release explicitly
  * add friendly comment
  * fix an overriding logic and load config problem
  * Update the issue templates
  * Update vendor of containers/(image, buildah)
  * [CI:DOCS] Skip windows-smoke when not useful
  * [CI:DOCS] Remove broken gate-container docs
  * OWNERS: add Jason T. Greene
  * hack/podmansnoop: print arguments
  * Improve atomicity of VM state persistence on Windows
  * [CI:BUILD] copr: enable podman-restart.service on rpm installation
  * macos: pkg: Use -arm64 suffix instead of -aarch64
  * linux: Add -linux suffix to podman-remote-static binaries
  * linux: Build amd64 and arm64 podman-remote-static binaries
  * container create: add inspect data to event
  * Allow manual override of install location
  * Run codespell on code
  * Add missing parameters for checkpoint/restore endpoint
  * Add support for startup healthchecks
  * Add information on metrics to the `network create` docs
  * Introduce podman machine os commands
  * Document that ignoreRootFS depends on export/import
  * Document ignoreVolumes in checkpoint/restore endpoint
  * Remove leaveRunning from swagger restore endpoint
  * libpod: Add checks to avoid nil pointer dereference if network setup fails
  * Address golangci-lint issues
  * Bump golang version to 1.18
  * Documenting Hyper-V QEMU acceleration settings
  * Kube Play: fix the handling of the optional field of SecretVolumeSource
  * Update Vendor of containers/(common, image, buildah)
  * Fix swapped NetInput/-Output stats
  * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
  * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
  * test/tools: rebuild when files are changed
  * ginkgo tests: apply ginkgolinter fixes
  * ginkgo: restructure install work flow
  * Fix manpage emphasis
  * specgen: support CDI devices from containers.conf
  * vendor: update containers/common
  * pkg/trust: Take the default policy path from c/common/pkg/config
  * Add validate-in-container target
  * Adding encryption decryption feature
  * container restart: clean up healthcheck state
  * Add support for podman-remote manifest annotate
  * Quadlet: Add support for .kube files
  * Update vendor of containers/(buildah, common, storage, image)
  * specgen: honor user namespace value
  * [CI:DOCS] Migrate OSX Cross to M1
  * quadlet: Rework uid/gid remapping
  * GHA: Fix cirrus re-run workflow for other repos.
  * ssh system test: skip until it becomes a test
  * shell completion: fix hard coded network drivers
  * libpod: Report network setup errors properly on FreeBSD
  * E2E Tests: change the registry for the search test to avoid authentication
  * pkginstaller: install podman-mac-helper by default
  * Fix language. Mostly spelling a -> an
  * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
  * [CI:DOCS] Fix spelling and typos
  * Modify man page of "--pids-limit" option to correct a default value.
  * Update docs/source/markdown/podman-remote.1.md
  * Update pkg/bindings/connection.go
  * Add more documentation on UID/GID Mappings with --userns=keep-id
  * support podman-remote to connect tcpURL with proxy
  * Removing the RawInput from the API output
  * fix port issues for CONTAINER_HOST
  * CI: Package versions: run in the 'main' step
  * build(deps): bump github.com/rootless-containers/rootlesskit
  * pkg/domain: Make checkExecPreserveFDs platform-specific
  * e2e tests: fix restart race
  * Fix podman --noout to suppress all output
  * remove pod if creation has failed
  * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
  * Fix more podman-logs flakes
  * healthcheck system tests: try to fix flake
  * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
  * GHA: Configure workflows for reuse
  * compat,build: handle docker's preconfigured cacheTo,cacheFrom
  * docs: deprecate pasta network name
  * utils: Enable cgroup utils for FreeBSD
  * pkg/specgen: Disable kube play tests on FreeBSD
  * libpod/lock: Fix build and tests for SHM locks on FreeBSD
  * podman cp: fix copying with "." suffix
  * pkginstaller: bump Qemu to version 7.1.0
  * specgen,wasm: switch to crun-wasm wherever applicable
  * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
  * libpod: Make unit test for statToPercent Linux only
  * Update vendor of containers/storage
  * fix connection usage with containers.conf
  * Add --quiet and --no-info flags to podman machine start
  * Add hidden podman manifest inspect -v option
  * Bump github.com/onsi/gomega from 1.24.0 to 1.24.1
  * Add podman volume create -d short option for driver
  * Vendor in latest containers/(common,image,storage)
  * Add podman system events alias to podman events
  * Fix search_test to return correct version of alpine
  * Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools
  * GHA: Fix undefined secret env. var.
  * Release notes for 4.3.1
  * GHA: Fix make_email-body script reference
  * Add release keys to README
  * GHA: Fix typo setting output parameter
  * GHA: Fix typo.
  * New tool, docs/version-check
  * Formalize our compare-against-docker mechanism
  * Add restart-sec for container service files
  * test/tools: bump module to go 1.17
  * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
  * Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
  * Bump golang.org/x/term from 0.1.0 to 0.2.0
  * Bump golang.org/x/sys from 0.1.0 to 0.2.0
  * Bump github.com/container-orchestrated-devices/container-device-interface
  * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
  * libpod: Add FreeBSD support in packageVersion
  * Allow podman manigest push --purge|-p as alias for --rm
  * [CI:DOCS] Add performance tutorial
  * [CI:DOCS] Fix build targets in build_osx.md.
  * fix --format {{json .}} output to match docker
  * remote: fix manifest add --annotation
  * Skip test if `--events-backend` is necessary with podman-remote
  * kube play: update the handling of PersistentVolumeClaim
  * system tests: fix a system test in proxy environment
  * Use single unqualified search registry on Windows
  * test/system: Add, use tcp_port_probe() to check for listeners rather than binds
  * test/system: Add tests for pasta(1) connectivity
  * test/system: Move network-related helpers to helpers.network.bash
  * test/system: Use procfs to find bound ports, with optional address and protocol
  * test/system: Use port_is_free() from wait_for_port()
  * libpod: Add pasta networking mode
  * More log-flake work
  * Fix test flakes caused by improper podman-logs
  * fix incorrect systemd booted check
  * Cirrus: Add tests for GHA scripts
  * GHA: Update scripts to pass shellcheck
  * Cirrus: Shellcheck github-action scripts
  * Cirrus: shellcheck support for github-action scripts
  * GHA: Fix cirrus-cron scripts
  * Makefile: don't install to tmpfiles.d on FreeBSD
  * Make sure we can build and read each line of docker py's api client
  * Docker compat build api - make sure only one line appears per flush
  * Run codespell on code
  * Update vendor of containers/(image, storage, common)
  * Allow namespace path network option for pods.
  * Cirrus: Never skip running Windows Cross task
  * GHA: Auto. re-run failed cirrus-cron builds once
  * GHA: Migrate inline script to file
  * GHA: Simplify script reference
  * test/e2e: do not use apk in builds
  * remove container/pod id file along with container/pod
  * Cirrus: Synchronize windows image
  * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
  * runtime: add check for valid pod systemd cgroup
  * CI: set and verify DESIRED_NETWORK (netavark, cni)
  * [CI:DOCS] troubleshooting: document keep-id options
  * Man pages: refactor common options: --security-opt
  * Cirrus: Guarantee CNI testing w/o nv/av present
  * Cirrus: temp. disable all Ubuntu testing
  * Cirrus: Update to F37beta
  * buildah bud tests: better handling of remote
  * quadlet: Warn in generator if using short names
  * Add Windows Smoke Testing
  * Add podman kube apply command
  * docs: offer advice on installing test dependencies
  * Fix documentation on read-only-tmpfs
  * version bump to 4.4.0-dev
  * deps: bump go-criu to v6
  * Makefile: Add cross build targets for freebsd
  * pkg/machine: Make this build on FreeBSD/arm64
  * pkg/rctl: Remove unused cgo dependency
  * man pages: assorted underscore fixes
  * Upgrade GitHub actions packages from v2 to v3
  * vendor github.com/godbus/dbus/v5@4b691ce
  * [CI:DOCS] fix --tmpdir typos
  * Do not report that /usr/share/containers/storage.conf has been edited.
  * Eval symlinks on XDG_RUNTIME_DIR
  * hack/podmansnoop
  * rootless: support keep-id with one mapping
  * rootless: add argument to GetConfiguredMappings
  * Update vendor containers/(common,storage,buildah,image)
  * Fix deadlock between 'podman ps' and 'container inspect' commands
  * Add information about where the libpod/boltdb database lives
  * Consolidate the dependencies for the IsTerminal() API
  * Ensure that StartAndAttach locks while sending signals
  * ginkgo testing: fix podman usernamespace join
  * Test runners: nuke podman from $PATH before tests
  * volumes: Fix idmap not working for volumes
  * FIXME: Temporary workaround for ubi8 CI breakage
  * System tests: teardown: clean up volumes
  * update api versions on docs.podman.io
  * system tests: runlabel: use podman-under-test
  * system tests: podman network create: use random port
  * sig-proxy test: bump timeout
  * play kube: Allow the user to import the contents of a tar file into a volume
  * Clarify the docs on DropCapability
  * quadlet tests: Disable kmsg logging while testing
  * quadlet: Support multiple Network=
  * quadlet: Add support for Network=...
  * Fix manpage for podman run --network option
  * quadlet: Add support for AddDevice=
  * quadlet: Add support for setting seccomp profile
  * quadlet: Allow multiple elements on each Add/DropCaps line
  * quadlet: Embed the correct binary name in the generated comment
  * quadlet: Drop the SocketActivated key
  * quadlet: Switch log-driver to passthrough
  * quadlet: Change ReadOnly to default to enabled
  * quadlet tests: Run the tests even for (exected) failed tests
  * quadlet tests: Fix handling of stderr checks
  * Remove unused script file
  * notifyproxy: fix container watcher
  * container/pod id file: truncate instead of throwing an error
  * quadlet: Use the new podman create volume --ignore
  * Add podman volume create --ignore
  * logcollector: include aardvark-dns
  * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
  * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
  * docs: generate systemd: point to kube template
  * docs: kube play: mention restart policy
  * Fixes: 15858 (podman system reset --force destroy machine)
  * fix search flake
  * use cached containers.conf
  * adding regex support to the ancestor ps filter function
  * Fix `system df` issues with `-f` and `-v`
  * markdown-preprocess: cross-reference where opts are used
  * Default qemu flags for Windows amd64
  * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
  * Update main to reflect v4.3.0 release
  * build(deps): bump github.com/docker/docker
  * move quadlet packages into pkg/systemd
  * system df: fix image-size calculations
  * Add man page for quadlet
  * Fix small typo
  * testimage: add iproute2 & socat, for pasta networking
  * Set up minikube for k8s testing
  * Makefile: don't install systemd generator binaries on FreeBSD
  * [CI:BUILD] copr: podman rpm should depend on containers-common-extra
  * Podman image: Set default_sysctls to empty for rootless containers
  * Don't use  github.com/docker/distribution
  * libpod: Add support for 'podman top' on FreeBSD
  * libpod: Factor out jail name construction from stats_freebsd.go
  * pkg/util: Add pid information descriptors for FreeBSD
  * Initial quadlet version integrated in golang
  * bump golangci-lint to v1.49.0
  * Update vendor containers/(common,image,storage)
  * Allow volume mount dups, iff source and dest dirs
  * rootless: fix return value handling
  * Change to correct break statements
  * vendor containers/psgo@v1.8.0
  * Clarify that MacOSX docs are client specific
  * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
  * Add swagger install + allow version updates in CI
  * Cirrus: Fix windows clone race
  * build(deps): bump github.com/docker/docker
  * kill: wait for the container
  * generate systemd: set --stop-timeout for stopping containers
  * hack/tree_status.sh: print diff at the end
  * Fix markdown header typo
  * markdown-preprocess: add generic include mechanism
  * markdown-preprocess: almost complete OO rewrite
  * Update tests for changed error messages
  * Update c/image after https://github.com/containers/image/pull/1299
  * Man pages: refactor common options (misc)
  * Man pages: Refactor common options: --detach-keys
  * vendor containers/storage@main
  * Man pages: refactor common options: --attach
  * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
  * KillContainer: improve error message
  * docs: add missing options
  * Man pages: refactor common options: --annotation (manifest)
  * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
  * system tests: health-on-failure: fix broken logic
  * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
  * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
  * ContainerEngine.SetupRootless(): Avoid calling container.Config()
  * Container filters: Avoid use of ctr.Config()
  * Avoid unnecessary calls to Container.Spec()
  * Add and use Container.LinuxResource() helper
  * play kube: notifyproxy: listen before starting the pod
  * play kube: add support for configmap binaryData
  * Add and use libpod/Container.Terminal() helper
  * Revert "Add checkpoint image tests"
  * Revert "cmd/podman: add support for checkpoint images"
  * healthcheck: fix --on-failure=stop
  * Man pages: Add mention of behavior due to XDG_CONFIG_HOME
  * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
  * Avoid unnecessary timeout of 250msec when waiting on container shutdown
  * health checks: make on-failure action retry aware
  * libpod: Remove 100msec delay during shutdown
  * libpod: Add support for 'podman pod' on FreeBSD
  * libpod: Factor out cgroup validation from (*Runtime).NewPod
  * libpod: Move runtime_pod_linux.go to runtime_pod_common.go
  * specgen/generate: Avoid a nil dereference in MakePod
  * libpod: Factor out cgroups handling from (*Pod).refresh
  * Adds a link to OSX docs in CONTRIBUTING.md
  * Man pages: refactor common options: --os-version
  * Create full path to a directory when DirectoryOrCreate is used with play kube
  * Return error in podman system service if URI scheme is not unix/tcp
  * Man pages: refactor common options: --time
  * man pages: document some --format options: images
  * Clean up when stopping pods
  * Update vendor of containers/buildah v1.28.0
  * Proof of concept: nightly dependency treadmill

-------------------------------------------------------------------
Tue Jan 17 10:42:42 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- add patch: 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch
    (backport of https://github.com/containers/storage/pull/1468)

-------------------------------------------------------------------
Fri Jan 13 12:46:24 UTC 2023 - Danish Prakash <danish.prakash@suse.com>

- Make the priority for picking the storage driver configurable (bsc#1197093)
  (backport of https://github.com/containers/storage/pull/1460)
- add patch: 0002-Make-the-priority-for-picking-the-storage-driver-con.patch

-------------------------------------------------------------------
Tue Nov 22 08:20:16 UTC 2022 - dcermak@suse.com

- switch to building with go 1.17
- use %%make_* macros
- drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap
- remove rpmlintrc (contained only obsolete filters)
- remove obsolete with_libostree (we don't build on anything older than SLE 15)
- add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
  (hotfix for https://github.com/containers/podman/issues/16765)
- Update to version 4.3.1:

4.3.1:

### Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands

### Misc
- Updated the containers/image library to v5.23.1

4.3.0:

### Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)).
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)).
- The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)).
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)).
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)).
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)).
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)).
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)).
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)).
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)).
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)).

### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)).
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)).
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)).
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.

### Bugfixes
- Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)).
- Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)).
- Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)).
- Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)).
- Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)).
- Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)).
- Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes.
- Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress.
- Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)).
- Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use.
- Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)).
- Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)).
- Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot.
- Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)).
- Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)).
- Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)).
- Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)).
- Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)).
- Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)).
- Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option.
- Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)).
- Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted.
- Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)).
- Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)).
- Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)).
- Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)).
- Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command.
- Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status.
- Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)).
- Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)).
- Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed.
- Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic.
- Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)).

### API
- Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)).
- Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)).
- The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)).
- Fixed a bug where the REST API could panic while retrieving images.
- Fixed a bug where a cancelled connection to several endpoints could induce a memory leak.

### Misc
- Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)).
- Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)).
- Work is ongoing to port Podman to FreeBSD.
- The output of `podman generate systemd` has been adjusted to improve readability.
- A number of performance improvements have been made to `podman create` and `podman run`.
- A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed.
- Updated Buildah to v1.28.0
- Updated the containers/image library to v5.23.0
- Updated the containers/storage library to v1.43.0
- Updated the containers/common library to v0.50.1

-------------------------------------------------------------------
Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com

- Update to version 4.2.1:
  * Bump to v4.2.1
  * Add release notes for v4.2.1
  * remove SkipIfNotFedora() from events test
  * fix podman events with custom format
  * Drop stale config value resulting in asymmetric config
  * Fix list of default capabilities
  * Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch)
  * libpod: Ensure that generated container names are random
  * Fix bind-mount-option annotation in gen/play kube
  * Improved Windows compatibility for machine command
  * updated apiv2 tests to reflect hash compat fix
  * api: return imageID instead of imageName, for "Image" when Podman API is queried
  * Inhibit SIGTERM during Conmon startup
  * Fix example sections to follow the same format
  * Fix template name inconsistency
  * service: make move to sub-cgroup non fatal
  * Remove duplicate annotations in generated service yaml
  * Compat API image remove events now have 'delete' status
  * [CI:DOCS] Automatically set podman version in pkginstaller
  * Allow colons in windows file paths
  * Fixes isRootfull check using qemu machine on Windows
  * vendor containers/psgo@v1.7.3
  * Allow podman to run in an environment with keys containing spaces
  * Document restrictions on transport in FROM
  * Improved Windows compatibility
  * pass environment variables to container clone
  * podman save: update --compress validation
  * sort hc.Binds returned from compat api
  * Cirrus: Update podman-machine comment
  * podman images and friends can take one image as argument
  * [CI:DOCS] Add .DS_Store to gitignore
  * podman-kube@.service.in: Remove Restart=never option with typo
  * Fix #15499 already connected network
  * [CI:DOCS] Cirrus: Update meta-task for EC2 image
  * fix CI: remove hardcodeded alpine version
  * fix CI: remove hardcodeded alpine version
  * Preserve all unknown PolicyRequirement fields on (podman image trust set)
  * Reorganize the types in policy.go a bit
  * Add support for showing keyPaths in (podman image trust show)
  * Support (image trust show) for sigstoreSigned entries
  * BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements
  * Reorganize descriptionsOfPolicyRequirements a bit
  * Use the full descriptionsOfPolicyRequirements for the default scope
  * Rename haveMatchRegistry to registriesDConfigurationForScope
  * Rename tempTrustShowOutput to entry
  * Split descriptionsOfPolicyRequirements out of getPolicyShowOutput
  * Recognize the new lookaside names for simple signing sigstore
  * Add a unit test for trust.PolicyDescription
  * Make the output of (podman image trust show) deterministic
  * Make most of pkg/trust package-private
  * Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
  * Add support for sigstoreSigned in (podman image trust set)
  * Create new policy entries together with validating input
  * Improve validation of data in ImageEngine.SetTrust
  * Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries
  * Add a variable for scope
  * Make trust.CreateTempFile private
  * Reorganize pkg/trust
  * Remove an unused trust.ShowOutput type
  * Remove commented out code
  * libpod: UpdateContainerStatus: do not wait for container
  * Skip / update some tests under runc
  * Bump to v4.2.1-dev
  * test: update apply-podman-deltas for new tests
  * build: implement --cache-to,--cache-from and --cache-ttl
  * vendor: bump buildah to v1.27.0

-------------------------------------------------------------------
Thu Aug 11 08:50:55 UTC 2022 - michael@stroeder.com

- Update to version 4.2.0:
  * Features
    - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
    - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
    - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
    - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
    - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
    - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
    - The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
    - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
    - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
    - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
    - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
    - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
    - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
    - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
    - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
    - The podman create and podman run commands now include the -c short option for the --cpu-shares option.
    - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
    - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
    - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
    - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
    - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
    - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
    - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
    - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
    - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
    - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
    - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
    - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
    - The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
    - The remote Podman client now supports the podman image scp command.
    - The podman image scp command now supports tagging the transferred image with a new name.
    - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
    - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
    - The podman events command now includes the -f short option for the --filter option.
    - The podman pull command now includes the -a short option for the --all-tags option.
    - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
    - The Podman global option --url now has two aliases: -H and --host.
    - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
    - Added the ability to create sigstore signatures in podman push and podman manifest push.
    - Added an option to read image signing passphrase from a file.
  * Changes
    - Paused containers can now be killed with the podman kill command.
    - The podman system prune command now removes unused networks.
    - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
    - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
    - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
    - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
    - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
    - Init containers created with podman play kube now default to the once type (#14877).
    - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
    - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
    - The libpod/common package has been removed as it's not used anywhere.
    - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
  * Bugfixes
    - Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
    - Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
    - Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
    - Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
    - Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
    - Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420).
    - Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401).
    - Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303).
    - Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416).
    - Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640).
    - Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572).
    - Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154).
    - Fixed a bug where interrupting the podman machine start command could render the VM unable to start.
    - Fixed a bug where the podman machine list --format command would still print a heading.
    - Fixed a bug where the podman machine list command did not properly set the Starting field (#14738).
    - Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number.
    - Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837).
    - Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697).
    - Fixed a bug where the podman -h command did not show help output.
    - Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
    - Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493).
    - Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736).
    - Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516).
    - Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
    - Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
    - Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763).
    - Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option.
    - Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819).
    - Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030).
    - Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769).
    - Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output.
    - Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879).
    - Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966).
    - Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971).
    - Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929).
    - Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612).
    - Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055).
    - Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033).
    - Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049).
    - Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052).
    - Fixed a bug where the podman generate systemd --new command would fail when -h <hostname> was used to create the container (#15124).
  * API
    - The Docker-compatible API now supports API version v1.41 (#14204).
    - Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036).
    - Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831).
    - Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647).
    - Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676).
    - Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
    - Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493).
    - Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482).
    - Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983).
    - Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674).
    - The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674).
  * Misc
    - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
    - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
    - Podman Machine support for QEMU installations at non-default paths has been improved.
    - The podman machine ssh command no longer prints spurious warnings every time it is run.
    - When accessing the WSL prompt on Windows, the rootless user will be preferred.
    - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
    - The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
    - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
    - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
    - Updated the containers/image library to v5.22.0
    - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
    - Updated the containers/common library to v0.49.1
    - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
    - Fixed an incorrect release note about regexp.
    - A new MacOS installer (via pkginstaller) is now supported.

-------------------------------------------------------------------
Fri Jul  1 11:08:05 UTC 2022 - Predrag Ivanović <predivan@mts.rs>

- Fix build on Leap
    Use libexec macro to set correct, per-distribution specific, directory.

-------------------------------------------------------------------
Wed Jun 22 09:41:22 UTC 2022 - rbrown@suse.com

- Update to version 4.1.1:
  * The output of the podman load command now mirrors that of docker load.
  * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
  * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
  * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
  * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
  * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
  * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
  * The podman play kube command will now set default resource limits when the provided YAML does not include them.
  * The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
  * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
  * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
  * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
  * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
  * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
  * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
  * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
  * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
  * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
  * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
  * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
  * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
  * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
  * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
  * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
  * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
  * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
  * Fix CVE-2022-27191 / bsc#1197284
- Drop obsolete patches:
  * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
  * 0001-Relabel-relabel-links-instead-of-their-targets.patch
  * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
  * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch

-------------------------------------------------------------------
Mon May 23 11:48:34 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>

- Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath()
  skip empty line to avoid false error logging") for fixing "Error parsing
  cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies
  to Factory/Tumbleweed too)
  * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch

-------------------------------------------------------------------
Tue Apr 12 08:09:02 UTC 2022 - Richard Brown <rbrown@suse.com>

- Require catatonit >= 0.1.7 for pause functionality needed by pods

-------------------------------------------------------------------
Thu Apr  7 12:25:33 UTC 2022 - Fabian Vogt <fvogt@suse.com>

- Add patch to make buildah happy after selinux change:
  * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch

-------------------------------------------------------------------
Thu Apr  7 08:51:50 UTC 2022 - Fabian Vogt <fvogt@suse.com>

- Add patch to fix starting containers on btrfs with SELinux
  (gh#opencontainers/selinux#172):
  * 0001-Relabel-relabel-links-instead-of-their-targets.patch
- Add patch to fix starting containers as user service with systemd 250
  (boo#1197672, gh#containers/podman#13731):
  * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch

-------------------------------------------------------------------
Fri Apr 01 20:34:28 UTC 2022 - michael@stroeder.com

- Update to version 4.0.3:
  * Security
    - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
  * Changes
    - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
    - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
  * Bugfixes
    - Fixed a bug where devices added to containers by the --device option to podman run and podman create would not be accessible within the container.
    - Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
    - Fixed a bug where pods would be created with cgroups even if cgroups were disabled in containers.conf (#13411).
    - Fixed a bug where the podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).
    - Fixed a bug where the podman machine rm command would not remove the Podman API socket on the host that was associated with the VM.
    - Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
    - Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
    - Fixed a bug where the podman version command could sometimes print excess blank lines as part of its output.
    - Fixed a bug where the podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272).
    - Fixed a bug where locally building the pause image could fail if the current directory contained a .dockerignore file (#13529).
    - Fixed a bug where root containers in VMs created by podman machine could not bind ports to specific IPs on the host (#13543).
    - Fixed a bug where the storage utilization percentages displayed by podman system df were incorrect (#13516).
    - Fixed a bug where the CPU utilization percentages displayed by podman stats were incorrect (#13597).
    - Fixed a bug where containers created with the --no-healthcheck option would still display healthcheck status in podman inspect (#13578).
    - Fixed a bug where the podman pod rm command could print a warning about a missing cgroup (#13382).
    - Fixed a bug where the podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227).
    - Fixed a bug where virtual machines created by podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394).
    - Fixed a bug where the remote Podman client's podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293).
    - Fixed a bug where Podman would not properly detect the use of systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324).
    - Fixed a bug where rootless Podman could, on systems that do not use systemd as init, print a warning message about the rootless network namespace (#13703).
    - Fixed a bug where the default systemd unit file for podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710).
    - Fixed a bug where the slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643).
  * API
    - Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).
  * Misc
    - The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
    - Updated Buildah to v1.24.3
    - Updated the containers/storage library to v1.38.3
    - Updated the containers/image library to v5.19.2
    - Updated the containers/common library to v0.47.5

-------------------------------------------------------------------
Wed Mar 16 13:25:48 UTC 2022 - rbrown@suse.com

- Update to version 4.0.2:
  * Bump to v4.0.2
  * Update release notes for v4.0.2
  * Revert "use GetRuntimeDir() from c/common"
  * Revert "Option --url and --connection should imply --remote."
  * Option --url and --connection should imply --remote.
  * Bump to v4.0.2-dev
  * Bump to v4.0.1
  * Update release notes for v4.0.1
  * Fix a potential flake in volume plugins tests
  * Propagate $CONTAINERS_CONF to conmon
  * tests: Remove inaccurate comment
  * System tests: show one-line config overview
  * provide better error on invalid flag
  * use GetRuntimeDir() from c/common
  * kube: honor --build=false and make --build=true by default
  * system tests: cleanup networks on teardown
  * Remove the runtime lock
  * Don't log errors on removing volumes inuse, if container --volumes-from
  * kube: honor mount propagation mode
  * Load ip_tables modules at boot
  * Cirrus: Disable F34 aka prior-fedora testing
  * Cirrus: Update VM Images for 4.0 release
  * Bump to v4.0.1-dev
  * Bump to v4.0.0
  * Release notes for v4.0.0 final
  * Fix lint
  * Fix manifest 4.0 Endpoints Branch forced 4.0 only endpoints
  * Introduce podman machine init --root=t|f and podman machine set --root=t|f
  * Initial implementation of mac forwarding using a privileged docker sock claim helper
  * ignition: propagate proxy settings from a host into a vm
  * Update to podman4 copr stream
  * Unify ls --filter docs for networks and pods
  * e2e: merge after/since image-filter tests
  * podman network: add documentation for netavark
  * create: Fix key=value annotation in the flag output
  * enable netavark specific tests
  * Fix checkpoint/restore pod tests
  * Make sure building with relative paths work correctly.
  * Add 409 response to swagger godoc
  * Fix images since/after tests
  * Changes of docker descriptions
  * Temporarily pull machine images from side repo
  * Cirrus: TODO: netavark/aardvark release branches
  * Cirrus: Expand netavark testing to include rootless
  * Cirrus: Minor - limit release task applicability
  * Cirrus: Add [CI:BUILD] magic that only builds
  * CI: fix nightly builds
  * Cirrus: Log netavark/aardvark binary build info.
  * Cirrus: Add netavark/aardvark system test task
  * Cirrus: Also download aardvark-dns binary
  * Cirrus: Add e2e task w/ upstream netavark
  * Revert minimum API change
  * netavark e2e tests
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC5
  * Update release notes for v4.0.0-RC5
  * Modify /etc/resolv.conf when connecting/disconnecting
  * Do not set the network config dir to cni plugin dir
  * Show API doc for several versions
  * [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.
  * fix: Multiplication of durations
  * move rootless netns slirp4netns process to systemd user.slice
  * compat: endpoint /build must set header content type as application/json in reponse
  * Cleanup: remove obsolete/misleading bug workaround
  * tests: retrofit healthcheck system tests
  * healthcheck, libpod: Read healthcheck event output from os pipe
  * Fix: Do not print error when parsing journald log fails
  * Bump github.com/buger/goterm from 1.0.1 to 1.0.4
  * append podman dns search domain
  * Podman pod create --share-parent vs --share=cgroup
  * System tests: revert emergency skip of checkpoint tests
  * Add version guard to libpod API endpoints
  * [v4.0] Bump c/common to v0.47.4
  * idmap should be able to be specified along with other options
  * Vendor in containers/buildah v1.24.1
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC4
  * Disable failing E2E test
  * Revert "Move each search dns to its own line"
  * Move each search dns to its own line
  * Update release notes for v4.0.0-RC4
  * Document `schema` values in the `--url` flag
  * podman image scp syntax correction
  * system prune: remove all networks
  * Only change network fields if they were actually changed by the user
  * docs: clarify rootless net stats
  * Fix size to match Docker selection
  * libpod: enforce noexec,nosuid,nodev for /dev/shm
  * Clarify remote client means Mac and Windows
  * libpod: report slirp4netns network stats
  * Add notes to "--oom-kill-disable" not supported on cgroups V2
  * Fix use of infra image to clarify default
  * Adapt podman images ls filters docs to be aligned with prune filters docs
  * ignition, machine: delegate cpu,io cgroup controllers to machine's default users
  * pkg/bindings/images.Build(): slashify "dockerfile" values, too
  * Remove mention of IPv6 portfwd from release notes
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC3
  * Update release notes for v4.0.0-RC3
  * Fix Cirrus destination branch
  * volume: add support for non-volatile upperdir,workdir for overlay volumes
  * github: label issues based on os fix regex
  * github: label issues based on os
  * Cirrus: Fix get_ci_vm.sh initial setup
  * System tests: emergency skip of checkpoint tests
  * network create: allow multiple subnets
  * Update troubleshooting.md
  * Fix sort ordering of filters
  * Unify podman prune filter description: volumes, networks, system
  * Bump Buildah to v1.24.0
  * rootless: drop permission check for devices
  * switch podman image scp from depending on machinectl to just os/exec
  * Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
  * Bump github.com/containers/storage from 1.38.0 to 1.38.1
  * change location of where make outputs podman binary on osx
  * Github workflow: Fix parsing of GraphQL response JSON
  * Github-workflow: Fix YAML syntax
  * Update godoc, swagger using wrong struct
  * Makefile: install targets independent of build
  * [CI:DOCS] Fix typos and improve language
  * CI: enable rootless-remote system tests
  * pkg/specgen/generate/security: fix error message
  * Github workflow: Send e-mail on job error
  * Github workflow: Update Cirrus-cron GraphQL query
  * remote build: set rootless oci isolation correctly
  * [CI:DOCS] Fix typos and improve language
  * Fix handling of duplicate matches on id expansion
  * Show correct default values or show none
  * exec: retry rm -rf on ENOTEMPTY and EBUSY
  * container create: do not check for network dns support
  * libpod: fix leaking fd
  * libpod: fix connection leak
  * [CI:DOCS] fix typo subpordinate
  * Fix filter description and unify filters docs for containers/images prune
  * Remove unused param and clean API handlers
  * Restore machine start logic that was hanging
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC2
  * Final release notes for v4.0.0-rc2
  * Run codespell on code
  * Update release notes for Podman v4.0.0
  * Fix #2 for compat commit handling of --changes
  * Fix nil pointer dereference for configmap optional
  * Make error message matching in 030-run.bats less fragile
  * Don't explicitly check for crun|runc in package information
  * Don't segfault if an image layer has no creation timestamp
  * compat: remove hardcoded index from load images output report
  * compat: images/load must be able to load tar with multiple images
  * System tests: fix for new systemd on rawhide
  * Remove rootless_networking option from containers.conf
  * vendor c/psgo@v1.7.2 (fixes CVE-2022-1227 / bsc#1182428)
  * Engine.Remote from containers.conf
  * vendor: bump c/common and other vendors
  * rootless: report correctly the error
  * Implement API forwarding for podman machine on Windows
  * Implement env parsing on Windows
  * Handle changes in docker compat mode
  * Show package version when running on alpine
  * Handlers for `generate systemd` with custom dependencies
  * APIv2 tests: followup to recent log test
  * Add IndexConfigs to compat /info endpoint
  * Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
  * apiv2 test: add regression test for #12904
  * SECURITY.md: fix the project name
  * rename --cni-config-dir to --network-config-dir
  * compat attach: fix write on closed channel
  * upgrade all dependencies
  * Revert "Cirrus: Temporarily disable OSX Cross task"
  * Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
  * bump go module to version 4
  * [NO NEW TESTS NEEDED] add builddeps to copr template
  * CI: rootless user: also create in some root tests
  * [WIP] Tests for podman image scp (the sudo form)
  * Revamp Libpod state strings for Docker compat
  * Cirrus: Temporarily disable OSX Cross task
  * update c/common to latest
  * Use PODMAN_USERNS environment variable when running as a service
  * Unify the method of parsing filters in cmd
  * fix default branch links
  * [CI:DOCS] fix default branch links
  * [CI:DOCS] Unprivileged native overlayfs is now supported
  * [CI:DOCS] Fix typo in --env
  * Recursively copy cert files.
  * Refactor manifest list operations
  * Add rpkg template for COPR autobuild
  * Fix cgroup mode handling in api server
  * Standardize on capatalized Cgroups
  * test/system: podman run update /etc/hosts
  * Remove two GetImages functions from API
  * Use fully-qualified device name in CDI test
  * Use new CDI API
  * troubleshooting links to main branch
  * Podman Build use absolute filepath
  * Prohibit --uid/gid map and --pod for container create/run
  * podman container rm: remove pod
  * Manual fixes for PR #12642:
  * podman build enable --all-platforms and --unsetenv
  * use events_logfile_path from containers.conf for events log.
  * Podman Pod Create --sysctl support
  * Wait for podman stop to complete
  * libpod: fix check for systemd session
  * libpod: refine check for empty pod cgroup
  * fix buildah-bud test diff
  * upgrade test: check that network backend is cni
  * use netns package from c/common
  * update buildah to latest and use new network stack
  * podman image scp: implement --quiet
  * use libnetwork from c/common
  * Add --noout option to prevent the output of ids
  * remote events: convert TimeNano properly
  * Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0
  * vendor latest c/common
  * add additional fields to podman machine ls --json
  * buildah bud tests: skip failing tests
  * Fix permission on secrets directory
  * Add podman rm --depend
  * fix host.containers.internal entry for macvlan networks
  * It takes some time to start a VM
  * Pretty Print output of podman machine ls --format json
  * Use the InfraImage defined in containers.conf
  * Cirrus: Freshen VM images
  * Revert "Cirrus: Temp. ignore gitlab task failures"
  * pkg: use PROXY_VARS from c/common
  * ignition: add support from setting SSL_CERT_FILE
  * ignition: propogate HTTP proxy variables from host to remote
  * System tests: fix RHEL8 gating tests
  * vendor c/common
  * Remove dead RuntimeOption functions
  * Update docker cli message for case where user creates directory
  * Don't add env if optional and not found
  * Fix type-o in podman.wxs
  * [CI:DOCS] fixes indentation of example pod yaml
  * Prevent double decoding of storage options
  * Emergency system-test fixes
  * add OCI Runtime name to errors
  * fix healthcheck timeouts and ut8 coercion
  * Don't rename pod if container has the same name
  * Set volume NeedsCopyUp to false iff data was copied up
  * Fix CI
  * correct typo words in docs
  * Change Tests to ignore missing containers when removing --all
  * test/e2e/pod_initcontainers: fix a flake
  * test/e2e/run: don't use date +%N on Alpine
  * Support all volume mounts for rootless containers
  * Fix wrong 'podman search --format' placeholder
  * Fix Container List API call to return mount info
  * fix misleading comment regarding default value of cpu period [NO NEW TESTS NEEDED]
  * add --ip6 flag to podman create/run
  * legacy events: also set exitCode
  * Don't initialize the global RNG with GinkgoRandomSeed() in e2e tests
  * Avoid collisions on RemoteSocket paths
  * Refactor remote socket path determination in tests
  * fix doc
  * test/system: podman run image with filesystem permission
  * test/system: podman run with log-opt option
  * Update swagger documentation
  * Make it possible to select the volume driver
  * Check the mount type for future compatibility
  * Implement virtfs volumes for podman machine
  * [CI:DOCS] Add example of cpus to init command
  * prefix imageId with sha256: in containers list test for compat API ImageId
  * Pod Security Option support
  * ignition: add certs from current user into the machine while init
  * docs: sort swagger operations alpabetically
  * .service file removal on failure
  * Introduce Windows WSL implementation of podman machine
  * podman image scp never enter podman user NS
  * Allow users to add host user accounts to /etc/passwd
  * container creation: don't apply reserved annotations from image
  * [CI:DOCS] clarify `io.podman.annotations.seccomp`
  * Error out early if system does not support pre-copy checkpointing
  * Update go-criu to v5.3.0
  * [CI:DOCS] docs: document rootless userns mappings
  * Switch to a new installer approach using a path manipulation helper
  * e2e: Add dev/shm checkpoint/restore test
  * Enable checkpoint/restore for /dev/shm
  * Update github.com/checkpoint-restore/checkpointctl
  * Always run passwd management code when DB value is nil
  * Warn on use of --kernel-memory
  * support hosts without /etc/hosts
  * Podman run --passwd
  * ci: force scratch build for crun
  * Use hosts public ip address in rootless containers
  * compat: image normalization: handle sha256 prefix
  * specgen: honor userns=auto from containers.conf
  * [CI:DOCS] Small checkpoint/restore man page fixes
  * [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail
  * vendor: update containers/storage
  * build: fix test for subid 4
  * test: add --rm to podman run commands
  * fix(generate): fix up podman generate kube missing env field bug
  * legacy events: also set Action="die"
  * rootless: include the args in the debug message
  * apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
  * image rm: allow for force-remove infra images
  * tests: adjust old build test to expect exit code
  * Test for checkpoint specific inspect fields
  * Add more checkpoint/restore information to 'inspect'
  * build: relay exitcode from imagebuildah to registry
  * Removed .service file for healthchecks
  * Set machine timezone
  * MovePauseProcessToScope do not seed everytime
  * bindings rmi test: clarify behavior
  * bump cobra to 1.3.0
  * .github: revert to the old template
  * oci: configure the devices cgroup with default devices
  * kill: fix output
  * e2e: search flake: skip test on registry.redhat.io
  * APIv2 tests: fail on syntax/logic errors
  * Show --external containers even without --all option
  * apiv2 tests: refactor complicated curls
  * fix network id handling
  * Update Windows Install Doc
  * Fixes #12063 Add docker compatible output after image build.
  * pause scope: don't use the global math/rand RNG
  * specgen: check that networks are only set with bridge
  * container restore/import: store networks from db
  * play kube add support for multiple networks
  * support advanced network configuration via cli
  * Add new networks format to spegecen
  * fix incorrect swagger doc for network dis/connect
  * network connect allow ip, ipv6 and mac address
  * network db: add new strucutre to container create
  * remove unneeded return value from c.Networks()
  * network db rewrite: migrate existing settings
  * network ls: show networks in deterministic order
  * Bump github.com/docker/docker
  * pprof flakes: bump timeout to 20 seconds
  * Add secret list --filter to cli
  * Cirrus: Temp. ignore gitlab task failures
  * compat build: adhere to q/quiet
  * Make XRegistryAuthHeader and XRegistryConfigHeader private
  * Remove the authfile parameter of MakeXRegistryAuthHeader
  * Simplify the header decision in pkg/bindings/images.Build a bit
  * Remove the authfile parameter of MakeXRegistryConfigHeader
  * Remove no-longer-useful name variables
  * Consolidate creation of SystemContext with auth.json into a helper
  * Remove pkg/auth.Header
  * Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)
  * Turn headerAuth into MakeXRegistryAuthHeader
  * Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)
  * Turn headerConfig into MakeXRegistryConfigHeader
  * Move the auth file creation to GetCredentials
  * Consolidate the error handling path in GetCredentials
  * Only look up HTTP header values once in GetCredentials
  * Use Header.Values in GetCredentials.has
  * Beautify GetCredentials.has a bit
  * Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader
  * Simplify parseSingleAuthHeader
  * Simplify the interface of parseSingleAuthHeader
  * Don't return a header name from auth.GetCredentials
  * Fix normalizeAuthFileKey to use the correct semantics
  * Rename normalize and a few variables
  * Add TestHeaderGetCredentialsRoundtrip
  * Add tests for auth.Header
  * Improve TestAuthConfigsToAuthFile
  * Add unit tests for singleAuthHeader
  * Add unit tests for multiAuthHeader
  * fix e2e test missing network cleanup
  * pprof CI flakes: enforce 5 seconds grace period
  * [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
  * --hostname should be set when using --pod new:foobar
  * Cirrus: Use cached swagger binary
  * inotify: make sure to remove files
  * System tests: remove rm_pause_image()
  * specgen: honor empty args for entrypoint
  * generate systemd: support entrypoint JSON strings
  * Bump github.com/uber/jaeger-client-go
  * remove runlabel test for global opts
  * utils: reintroduce moveToCgroup
  * autocopr: distro conditionals for containers-common
  * vendor c/image/v5@main
  * Update vendor or containers/common moving pkg/cgroups there
  * volume: apply exact permission of target directory without adding extra 0111
  * Cirrus: Remove remnants of nix-based static build
  * Refactor podman pods to report.Formatter
  * rootless netns: resolve all path components for resolv.conf
  * tests: clean up FIXMEs and noise
  * fix remote run/start flake
  * e2e: fix pprof flakes
  * Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
  * vendor c/common@main
  * Escape trailing slash in install directory location so the closing quote is not escaped
  * centos 9 stream cannot use %autochangelog
  * Refactor podman system to report.Formatter [NO NEW TESTS NEEDED]
  * add spec file for automated copr builds
  * Add restart-sec option to systemd generate
  * Fix documentation of (podman image save --compress --uncompressed)
  * Improve documentation of (podman image save --format)
  * Add support for configmap volumes to play kube
  * cmd, push: use the configured compression format
  * [CI:DOCS] logformatter: fix corner case with links
  * UPdate vendor of image-spec and containers/storage
  * vendor: update containers/common
  * Update doc to explictly mention using ed25519 in ssh keys
  * Refactor podman image command output
  * Manual fixes
  * Same thing, with BeNumerically("==", x)
  * Use HaveLen(x) instead of Expect(len(y)).To(Equal(x))
  * Same thing, for BeNumerically("==", 0)
  * Use BeEmpty() instead of len(x).To(Equal(0))
  * Same as previous, for assertions other than Equal()
  * e2e tests: a little more minor cleanup
  * compat API: push: report size of manifest
  * compat: images/json
  * Add ashley-cui, lsm5 and floutoc to owners
  * remove ARTIFACT_DIR and ArtifactPath
  * Image caches: allow overriding cache dir
  * Rename CrioRoot as just Root
  * Fix possible rootless netns cleanup race
  * [NO NEW TESTS NEEDED] Refactor podman container command output
  * Hostname in `spec.hostname` should be passed to infra ctr init opt
  * container, cgroup: detect pid termination
  * top: parse ps(1) args correctly
  * podman, push: expose --compression-format
  * e2e: yet more cleanup of BeTrue/BeFalse
  * Ensure the generated NodePort values are unique
  * Allow containerPortsToServicePorts to fail
  * Don't use the global math/rand RNG for service ports
  * Move a comment to the relevant place
  * a few more manual BeTrue cleanups
  * Convert strings.Contains() to Expect(ContainSubstring)
  * e2e tests: more cleanup of BeTrue()s
  * Implement 'podman run --blkio-weight-device'
  * systemd: replace multi-user with default.target
  * compat API: allow enforcing short-names resolution to Docker Hub
  * Fixed the containerfile not found during remote build.
  * podman-remote: prevent leaking secret into image
  * podman-remote: copy secret to contextdir is absolute path on host
  * api: allow build api to accept secrets
  * Only open save output file with WRONLY
  * List /etc/containers/certs.d as default for --cert-path
  * e2e tests: enable golint
  * fix: parsing of HostConfig.Mounts for container create
  * Move the chown to after the ADDs
  * fix: error reporting for archive endpoint
  * Bindings test: emit GIT_COMMIT, for links in logs
  * checkpoint do not modify XDG_RUNTIME_DIR
  * libpod: improve heuristic to detect cgroup
  * libpod, inspect: export cgroup path
  * stats: get the memory limit from the spec
  * compat: Add compatiblity with Docker/Moby API for scenarios where build fails
  * libpod: leave thread locked on errors
  * Find and fix empty Expect()s
  * Unset SocketLabel after system finishes checkpointing
  * Remove StringInSlice(), part 2
  * Remove StringInSlice(), part 1
  * e2e test cleanup, continued
  * Update basic_networking.md
  * Warn on failing to update container status
  * oci: ack crun output when container is not there
  * oci: exit gracefully if container is already dead
  * Support env variables based on ConfigMaps sent in payload
  * image lookup: do not match *any* tags
  * generate systemd: add --start-timeout flag
  * Oops! Manual edits to broken tests
  * e2e tests: clean up antihelpful BeTrue()s
  * Cirrus: Strip out static nix build
  * Rename pod on generate of container
  * [CI:DOCS] Update notes on java TZ in man page
  * Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0
  * Fix netavark error handling and teardown issue
  * swagger: add layers to build api docs
  * compat: add layer caching compatiblity for non podman clients
  * Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
  * Add note about volume with unprivileged container
  * Add EXPOSE e2e test
  * Support EXPOSE with port ranges
  * compat: Add subnet mask behind IP address to match Docker API
  * [CI:DOCS] Add java TZ note to run manpage
  * Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6
  * podman-remote does not support signature-policy
  * Add tests for restore runtime verification
  * Use same runtime to restore a container as during checkpointing
  * Force iptables driver for netavark tests
  * Make sure netavark output is logged to the syslog
  * filter: use filepath.Match to maintain consistency with other pattern matching in podman
  * Semiperiodic cleanup of obsolete Skip()s
  * [CI:DOCS]upload a translation file
  * api/handlers: Add checkpoint/restore FileLocks
  * test: Update error string for --file-locks test
  * fix duplicated logs command
  * Bump github.com/docker/docker
  * Bump k8s.io/api from 0.22.3 to 0.22.4
  * Do not store the exit command in container config
  * Add test for checkpoint/restore with --file-locks
  * Add --file-locks checkpoint/restore option
  * Cirrus: Bump Fedora to release 35
  * Cirrus: Partially revert catatonit --force install
  * Revert "Cirrus: Temp. disable prior-fedora testing"
  * Cirrus: Workaround log_driver=journald setting
  * Cirrus: Fix bindings test hang b/c logging config mismatch
  * Cirrus: Timeout bindings test after 30m
  * Cirrus: Log more things in bindings and unit tests
  * Minor Makefile fix
  * rootless netns, one netns per libpod tmp dir
  * Introduce Address type to be used in secondary IPv4 and IPv6 inspect data structure.
  * volumes: add new option idmap
  * remote checkpoint/restore: more fixes
  * fix CI
  * fix: take absolute path for dd on apple silicon
  * System tests: new checkpoint tests
  * rootless: use catatonit to maintain user+mnt namespace
  * rootless: drop strerror(errno) calls
  * rootless: reuse existing open_namespace function
  * rootless: use auto cleanup functions
  * utils: use podman-pause-$RANDOM.scope name
  * hack/bats: deal with new bin helpers
  * Change error message for compatibility with docker
  * rename libpod nettypes fields
  * podman machine start wait for ssh
  * fix remote checkpoint/restore
  * Add --unsetenv & --unsetenv-all to remove def environment variables
  * Set config environment variables early in Podman init
  * journald logs: keep reading until the journal's end
  * secret: honor custom target for secrets with run
  * bindings: reuse context for API requests
  * podman machine improve port forwarding
  * Network test: fix podman-remote-rootless corner case
  * filter: add basic pattern matching for label keys
  * cirrus: force-install catatonit
  * infra container: replace pause with catatonit
  * Revert "add kubernetes pause"
  * Added test for checkpoint/restore --print-stats
  * Update man pages for checkpoint/restore --print-stats
  * Added optional container restore statistics
  * Added optional container checkpointing statistics
  * Error logs --follow if events-backend != journald, event-logger=journald
  * Enable 'podman run --memory-swappiness=0'
  * Fix network mode in play kube
  * Always create working directory when using compat API
  * play kube: don't force-pull infra image
  * Podman Image SCP transfer patch
  * --authfile command line argument for image sign command.
  * Cirrus: Temp. disable prior-fedora testing
  * Cirrus: Update to Ubuntu 21.10
  * Add failing run test for netavark
  * Add flag to overwrite network backend from config
  * libpod: create /etc/mtab safely
  * Add network backend to podman info
  * Add more netavark tests
  * select network backend based on config
  * Fix RUST_LOG envar for netavark
  * netavark IPAM assignment
  * netavark network interface
  * Make networking code reusable
  * Fix flake in upgrade tests
  * export adding id-specifier code to setContainerNameForTemplate
  * VOLUME must be declared after RUN chown command
  * network reload return error if we cannot reload ports
  * network reload without ports should not reload ports
  * Print headers for system connection ls
  * [CI:DOCS] Add CI check for SEE ALSO in man pages
  * podman load: support downloading files
  * Add links to all SEE ALSO sections
  * pod create: read infra image from containers.conf
  * rootless: adjust error message
  * Fix rootless networking with userns and ports
  * support health checks from image configs
  * change from run to create in 250-systemd.bats
  * Exclude already built sources for static build
  * shm_lock: Handle ENOSPC better in AllocateSemaphore
  * Fix Zsh completion command documentation
  * Match .c files in Makefile
  * Add Static Build download instructions to README
  * Add links to podman build,run, create see also
  * Minor test tweaks
  * pod create: read network mode from config
  * Bump Catatonit up to v0.1.7
  * test connection add
  * system: Adds support for removing all named destination via --all
  * pod/container create: resolve conflicts of generated names
  * podman-generate-kube - remove empty structs from YAML
  * Add some information about disabling SELinux when using system volumes
  * Fix swagger definition for the new mac address type
  * Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
  * Test to check for presence of 'stats-dump' in exported checkpoints
  * Add 'stats-dump' file to exported checkpoint
  * Podman Image SCP rootful to rootless transfer
  * rename rootless cni ns to rootless netns
  * mount full XDG_RUNTIME_DIR in rootless cni ns
  * Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0
  * Keep error semantics intact
  * Fix rootless cni netns cleanup logic
  * tweak a couple of flag descriptions in help output
  * Update swagger doc make filed optional
  * Fix bindings container log test
  * test: run --cgroups=split in new cgroup
  * MAC address json unmarshal should allow strings
  * Make stop message more similar to start
  * Implement top streaming for containers and pods
  * Handle HTTP 409 error messages properly for Pod actions
  * Add tests
  * Fix swagger definitions
  * More conforming libpod API and swagger types
  * More conforming libpod API and swagger types
  * Better emptiness test for custom JSON serializer
  * System tests: enhance volume test, add debug prints
  * add unit test to containers_test
  * Use correct swagger type in doc-comment
  * Cirrus: Authorize rootless user self-ssh
  * Fix libpod API conformance to swagger
  * Fix help message case for `podman version`
  * Fix pause usage example
  * Use systemctl in local system test
  * Allow label and labels when creating volumes
  * volumes: be more tolerant and fix infinite loop
  * Add information on how podman machine is updated
  * volumes: allow more options for devpts
  * volumes: do not pass mount opt as formatter string
  * Bump k8s.io/api from 0.22.2 to 0.22.3
  * runtime: change PID existence check
  * oci: rename sub-cgroup to runtime instead of supervisor
  * libpod: deduplicate ports in db
  * Set flags to test 'logs -f' with journald driver
  * Set Checkpointed state to false after restore
  * container create: fix --tls-verify parsing
  * runtime: check for pause pid existence
  * utils: do not overwrite the err variable
  * Fix systemd PID1 test
  * Record the image stream along with the path
  * cgroups: use SessionBusPrivateNoAutoStartup
  * vendor: update godbus to v5.0.6
  * Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
  * Fix a few problems in 'podman logs --tail' with journald driver
  * Allow 'container restore' with '--ipc host'
  * Document to not set K8S envars for CNI
  * Bump github.com/docker/docker
  * pod create: remove need for pause image
  * add kubernetes pause
  * cirrus: containers: mount directory in /var/tmp to /tmp
  * overlay root fs: create mount on runtime dir
  * Update vendor github.com/opencontainers/runtime-tools
  * If Dockerfile exists in same directory as service, we should not use it.
  * Fix tests of podman image trust --raw and --json
  * Tighten the expected output of the "podman image trust show" test
  * Use INTEGRATION_ROOT instead of current directory
  * Add support to play kube for --log-opt
  * [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
  * Fix some typos in documentation and comments (found by codespell)
  * Replace 'an user' => 'a user'
  * [CI:DOCS] Fix typo keep_id -> keep-id
  * Set DOCKER_HOST in the VM
  * fuse-overlay probably means fuse-overlayfs.
  * Support template unit files in podman generate systemd
  * Remove --kernel-memory options
  * tag: Support tagging manifest list instead of resolving to images
  * Remove infra ID from DB before removing containers
  * System tests: confirm that -a and -l clash
  * systemd: compatible with rootless mode
  * system tests: CONTAINER_* and --help: cleanup
  * podman run --memory=0 ... should not set memory limit
  * Add information on how to discover default log driver
  * Add test for system connection
  * Generate Kube should not print default structs
  * libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
  * Change podman connection list to use default field
  * Allow API to specify size and inode quota
  * Use exponential backoff when waiting for a journal entry
  * Pod Rm Infra Improvements
  * system tests: socket activation: clean up
  * rootfs-overlay: fix overlaybase path for cleanups
  * Move CONTAINER_HOST and _CONNECTION to IsRemote Function
  * We should only be relabeling when on first run
  * If CONTAINER_HOST env variable is set default podman --remote=true
  * Set targetPort to the port value in the kube yaml
  * Do not add TCP to protocol in generated kube yaml
  * Use CGO_ENABLED=1 when building natively on darwin
  * Test-hang fix: Wait for ready + timeout on connect.
  * Checkpoint/Restore test fixes
  * Don't include ctr.log if not using file logging
  * Don't use docker/pkg/archive, use containers/storage/pkg/archive
  * Fix codespell errors
  * Adjust tests to verify all subcommands show the help message
  * Fix panic in container create compat api
  * Don't add image entrypoint to the generate kube yaml
  * Display help text on empty subcommand by default
  * podman search: display only name and description by default
  * codespell code
  * Add information about .containerignore to podman build man page
  * CNI: fix network create --ip-range
  * Kube Gen run as user/group issues
  * rootlessport: reduce memory usage of the process
  * No space in kube annotations for bind mounts
  * Fix CI flake on time of shutdown for API service
  * Refactor podman search to be more code friendly
  * Unit files: Use actual installed path for podman
  * Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
  * cgroups: use cgroup.controllers to read controllers
  * builder: Add support for builder prune
  * Remove a volume with --force if container is running
  * Use SplitN(2) when copying env variables
  * podman stats: move cgroup validation to server
  * fix test
  * Support readonly rootfs contains colon
  * [CI:DOCS] oci-hooks.5.md: fixup section in header
  * Enable /debug/pprof API service endpoints
  * Not all fields in machine list were set properly
  * faster image inspection
  * Warn if podman stop timeout expires that sigkill was sent
  * [CI:DOCS] introduce --replace flag for play kube
  * [CI:DOCS] Include manifest example usage
  * Change podman.1 man page to show corret log-level default
  * Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
  * Fixes #11668
  * libpod: fix race when closing STDIN
  * Ensure `podman ps --sync` functions
  * Allow `podman stop` to be run on Stopping containers
  * Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
  * Bump github.com/docker/docker
  * It really should be no **NEW** tests needed
  * README.md: Point to Podman's channels
  * Add podman-plugins to upstream image
  * CNI networks: reload networks if needed
  * bump c/common to latest and c/storage to 1.37.0
  * Add --time out for podman * rm  -f commands
  * Cirrus: Fix defunct package metadata breaking cache
  * Pod Events Logging Fix
  * [NO TESTS NEEDED] Ignore removed containers
  * Pod Volumes From Support
  * Add note about empty fields and null values for API responses
  * Bump github.com/containers/buildah from 1.23.0 to 1.23.1
  * Add podman play kube --no-hosts options
  * Gating tests: fix permissions error
  * pkg/specgen: cache image in generator
  * cirrus: gitlab: download packages
  * Add guard for BuildOptions.CommonBuildOpts
  * System tests: tighten 'is' operator
  * Update README and release notes for v3.4.0
  * sdnotify test: accept MAINPID anywhere
  * machine: silently cleanup dangling sockets before rm if possible
  * Add expose type map[uint16]string to description
  * [NO TESTS NEEDED] Fix typo in storage.conf file exists message
  * Support selinux options with bind mounts play/gen
  * kube: fix conversion from milliCPU to period/quota
  * Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14
  * test: use new helper
  * test: skip test on rootless cgroupsv1
  * machine: Info on successfully stopping qemu machine
  * Allow a value of -1 to set unlimited pids limit
  * Vendor in latest containers/storage
  * Storage can remove ErrNotAContainer as well
  * libpod: container create: init variable: do not deep copy spec
  * libpod: add GetConfigNoCopy()
  * libpod: add execSessionNoCopy
  * libpod: do not call (*container).Spec()
  * Pod Device-Read-BPS support
  * Remind user to check connection or use podman machine
  * Ensure pod ID bucket is properly updated on rename
  * Fix contributor make targets on Ubuntu and Debian
  * Implement PR template to assist review & release
  * libpod: do not call (*container).Config()
  * [NO TESTS NEEDED] Add port configuration to first regular container
  * [CI:DOCS] cmd/podman: no dot for short descriptions
  * move network alias validation to container create
  * set --cni-config-dir for exit command
  * always add short container id as net alias
  * image prune: support removing external containers
  * System tests: speed up. They've gotten too slow.
  * Add dockerfile.5 as man link to containerfile man page
  * Set MSI to be 64-bit only.
  * fix podman network prune integration test flakes
  * Cirrus: Add gitlab podman runner test
  * CNI: network remove do not error for ENOENT
  * remote build: EvalSymlinks() the context directory
  * stop: Do nothing if container was never created in runtime
  * logging: new mode -l passthrough
  * Allow machine options to be set from containers.conf
  * Vendor in containers/common v0.46.0
  * podman machine: do not join userns
  * Disable docker and alias to podman in FCOS ignition
  * added healthcheck to ps command
  * Fix english on prune prompt
  * Document missing /images/search query parameters
  * rootful: do not set XDG_RUNTIME_DIR for cni plugins
  * Revert "rootful: unset XDG_RUNTIME_DIR"
  * Add completion for machine list format
  * Set context dir for play kube build
  * Makefile: use -ldflags/-gccgoflags depending on the go implemenatiton
  * Update docs for --platform in podman-build.1
  * shell completion: do not show images without tag
  * podman inspect add State.Health field for docker compat
  * podman save: enforce signature removal
  * Add JSON version of the machine list
  * Add support for :U flag with --mount option
  * [CI:DOCS] Add link to running ctrimage on enablesysadm
  * Ignore mount errors except ErrContainerUnknown when cleaningup container
  * standardize logrus messages to upper case
  * podman generate kube should not include images command
  * Fix machine image
  * sync container state before reading the healthcheck
  * Also show the (initial) disk size
  * Show cpus and memory in machine list
  * Eighty-six eighty-eighty
  * net types: remove omitempty from required fields
  * podman save: add `--uncompressed`
  * Bump CNI to v1.0.1
  * vendor c/psgo@v1.7.1
  * [CI:DOCS] Add network alias note in man pages
  * Add a backoff and retries to retrieving exited event
  * Cross-build release-archives w/ arch in filename
  * Fix Error, empty output for info: 'VERSION'
  * Generate kube should'd add podman default environment vars
  * volume: Add support for overlay on named volumes
  * Pod Device Support
  * Support --format tables in ps output
  * Remove references to kube being development
  * Add support for retrieving system service --timeout
  * Add podman image/container inspect man pages
  * [CI:DOCS] Add link to skopeo delete in podman rmi
  * vendor c/common@main
  * remote untag: support digests
  * Created MapOptions for PodCreate
  * Bump k8s.io/api from 0.22.1 to 0.22.2
  * compat API: /images/json prefix image id with sha256
  * podman machine: use gvproxy for host.containers.internal
  * utils: return error message from StartTransientUnit
  * utils: raise warning only on cgroupv2
  * Add podman machine init --now option
  * System tests: cleanup, and remove obsolete skips
  * Add username flag for machine ssh
  * Remove unused code from libpod
  * [CI:DOCS] markdown cleanup
  * Fix up build the docs site
  * Use a new markdown converter for sphinx
  * runtime: move pause process to scope
  * system: move MovePauseProcessToScope to utils
  * system: always move pause process when running on systemd
  * system: avoid reading pause pid file
  * Only add 127.0.0.1 entry to /etc/hosts with --net=none
  * Add no-trunc support to podman-events
  * CNI: add ipvlan driver
  * CNI: network create support macvlan modes
  * Do not allow network modes to be used as network names
  * fix inverted condition
  * Fix /auth compat endpoint
  * Add Drivers method to the Network Interface
  * CI: load ipv6 kernel modules for rootless tests
  * Drop OCICNI dependency
  * Wire network interface into libpod
  * cni network configs set ipv6 enables correctly
  * default network: do not validate the used subnets
  * network create: validate the input subnet
  * Set default storage from containers.conf for temporary images
  * container runlabel remove image tag from name
  * build.bats: fix copy tests after containers/buildah#3486
  * build: mirror --authfile to filesystem if pointing to FD instead of file
  * Fix example in podman machine init man page
  * vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0
  * api: handle nil pointer dereference in rest endpoints
  * build: take advantage of --platform lists
  * Document `all` query parameter for /libpod/images/prune
  * Show variant and codename of the distribution
  * Use new aarch64 fcos repos
  * Enhance bindings for IDE hints
  * Pod Volumes Support
  * test: enable --cgroup-parent test
  * libpod: honor --cgroups=split also with pods
  * tests: enable --cgroups=disabled test for rootless
  * tests: simplify --cgroups=disabled test
  * libpod: rootful close binded ports
  * Search gvproxy with config.FindHelperBinary()
  * rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108
  * fix restart always with rootlessport
  * Cirrus: NM/CNI workaround + Remove prior-Ubuntu
  * If container exits with 125 podman should exit with 125
  * Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
  * bump c/common to v0.44.0
  * remove rootlessport socket to prevent EADDRINUSE
  * Add deprecated fields for 1.22+ clients that still expect them
  * Use default username for podman machine ssh

-------------------------------------------------------------------
Thu Dec  9 10:49:22 UTC 2021 - Dan Čermák <dcermak@suse.com>

- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
  path from podman < 3.1.2

-------------------------------------------------------------------
Wed Dec 08 21:22:26 UTC 2021 - michael@stroeder.com

- Update to version 3.4.4:
  * Bugfixes
    - Fixed a bug where the podman exec command would, under some circumstances,
      print a warning message about failing to move conmon to the appropriate cgroup (#12535).
    - Fixed a bug where named volumes created as part of container creation
      (e.g. podman run --volume avolume:/a/mountpoint or similar) would be
      mounted with incorrect permissions (#12523).
    - Fixed a bug where the podman-remote create and podman-remote run commands
      did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).

-------------------------------------------------------------------
Tue Dec 07 17:54:32 UTC 2021 - michael@stroeder.com

- Update to version 3.4.3:
  * Security
    - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
    - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
  * Features
    - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).
  * Bugfixes
    - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
    - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
    - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
    - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
    - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
    - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
    - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
    - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
    - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
    - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
    - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
    - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
    - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
    - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
    - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).
  * API
    - Updated the containers/image library to v5.17.0
    - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.
    - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842).
    - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315).
    - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419).
    - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420).
    - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378).
    - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392).
    - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409).
    - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453).
  * Misc
    - Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737).

-------------------------------------------------------------------
Sat Nov 13 11:21:06 UTC 2021 - michael@stroeder.com

- Update to version 3.4.2:
  * Fixed a bug where podman tag could not tag manifest lists (#12046).
  * Fixed a bug where built-in volumes specified by images would not be
    created correctly under some circumstances.
  * Fixed a bug where, when using Podman Machine on OS X, containers in pods
    did not have working port forwarding from the host (#12207).
  * Fixed a bug where the podman network reload command command on containers
    using the slirp4netns network mode and the rootlessport port forwarding
    driver would make an unnecessary attempt to restart rootlessport
    on containers that did not forward ports.
  * Fixed a bug where the podman generate kube command would generate YAML
    including some unnecessary (set to default) fields (e.g. empty SELinux and
    DNS configuration blocks, and the privileged flag when set to false) (#11995).
  * Fixed a bug where the podman pod rm command could, if interrupted at the right moment,
    leave a reference to an already-removed infra container behind (#12034).
  * Fixed a bug where the podman pod rm command would not remove pods with
    more than one container if all containers save for the infra container
    were stopped unless --force was specified (#11713).
  * Fixed a bug where the --memory flag to podman run and podman create did
    not accept a limit of 0 (which should specify unlimited memory) (#12002).
  * Fixed a bug where the remote Podman client's podman build command could
    attempt to build a Dockerfile in the working directory of the podman
    system service instance instead of the Dockerfile specified by the user (#12054).
  * Fixed a bug where the podman logs --tail command could function improperly
    (printing more output than requested) when the journald log driver was used.
  * Fixed a bug where containers run using the slirp4netns network mode with
    IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).
  * Fixed a bug where some Podman commands could cause an extra dbus-daemon
    process to be created (#9727).
  * Fixed a bug where rootless Podman would sometimes print warnings
    about a failure to move the pause process into a given CGroup (#12065).
  * Fixed a bug where the checkpointed field in podman inspect on a container
    was not set to false after a container was restored.
  * Fixed a bug where the podman system service command would print
    overly-verbose logs about request IDs (#12181).
  * Fixed a bug where Podman could, when creating a new container without a name
    explicitly specified by the user, sometimes use an auto-generated name already
    in use by another container if multiple containers were being created in parallel (#11735).

-------------------------------------------------------------------
Wed Oct 20 14:55:38 UTC 2021 - michael@stroeder.com

- Update to version 3.4.1:
  * Bugfixes
    - Fixed a bug where podman machine init could, under some circumstances,
      create invalid machine configurations which could not be started (#11824).
    - Fixed a bug where the podman machine list command would not properly
      populate some output fields.
    - Fixed a bug where podman machine rm could leave dangling sockets from
      the removed machine (#11393).
    - Fixed a bug where podman run --pids-limit=-1 was not supported (it now
      sets the PID limit in the container to unlimited) (#11782).
    - Fixed a bug where podman run and podman attach could throw errors about
      a closed network connection when STDIN was closed by the client (#11856).
    - Fixed a bug where the podman stop command could fail when run on a
      container that had another podman stop command run on it previously.
    - Fixed a bug where the --sync flag to podman ps was nonfunctional.
    - Fixed a bug where the Windows and OS X remote clients' podman stats
      command would fail (#11909).
    - Fixed a bug where the podman play kube command did not properly handle
      environment variables whose values contained an = (#11891).
    - Fixed a bug where the podman generate kube command could generate
      invalid annotations when run on containers with volumes that use SELinux
      relabelling (:z or :Z) (#11929).
    - Fixed a bug where the podman generate kube command would generate YAML
      including some unnecessary (set to default) fields (e.g. user and group,
      entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).
    - Fixed a bug where the podman generate kube command could, under some
      circumstances, generate YAML including an invalid targetPort field for
      forwarded ports (#11930).
    - Fixed a bug where rootless Podman's podman info command could, under
      some circumstances, not read available CGroup controllers (#11931).
    - Fixed a bug where podman container checkpoint --export would fail to
      checkpoint any container created with --log-driver=none (#11974).
  * API
    - Fixed a bug where the Compat Create endpoint for Containers could panic
      when no options were passed to a bind mount of tmpfs (#11961).

-------------------------------------------------------------------
Fri Oct 01 08:45:30 UTC 2021 - michael@stroeder.com

- Update to version 3.4.0:
  * Features
    - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
    - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
    - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
    - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
    - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.
    - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
    - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
    - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
    - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
    - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
    - The podman image scp command has been added. This command allows images to be transferred between different hosts.
    - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
    - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
    - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
    - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
    - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
    - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.
    - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.
    - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.
    - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).
  * Changes
    - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
    - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
    - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
    - Podman no longer depends on ip for removing networks (#11403).
    - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
    - The podman machine start command now prints a message when the VM is successfully started.
    - The podman stats command can now be used on containers that are paused.
    - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
    - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
    - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.
  * Bugfixes
    - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
    - Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
    - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
    - Fixed a bug where images created by podman commit did not include ports exposed by the container.
    - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
    - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
    - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
    - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
    - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
    - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
    - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
    - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
    - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
    - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
    - Fixed a bug where the podman info command could segfault when accessing cgroup information.
    - Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
    - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
    - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
    - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732).
    - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
    - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
    - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
    - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
    - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
    - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
    - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
    - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
    - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
    - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
    - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
    - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
    - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557).
    - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output.
    - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687).
    - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).
    - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML.
    - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672).
    - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207).
    - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731).
    - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740).
    - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).
  * API
    - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
    - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
    - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623).
    - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
    - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831).
    - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered.
    - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
    - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
    - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
    - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
    - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).
  * Misc
    - Updated Buildah to v1.23.0
    - Updated the containers/storage library to v1.36.0
    - Updated the containers/image library to v5.16.0
    - Updated the containers/common library to v0.44.0

-------------------------------------------------------------------
Thu Sep  2 22:37:06 UTC 2021 - Michael Ströder <michael@stroeder.com>

- require runc >= 1.0.1

-------------------------------------------------------------------
Tue Aug 31 05:57:57 UTC 2021 - michael@stroeder.com

- Update to version 3.3.1:
  * Bugfixes
    - Fixed a bug where unit files created by podman generate systemd could
      not cleanup shut down containers when stopped by systemctl stop (#11304).
    - Fixed a bug where podman machine commands would not properly locate
      the gvproxy binary in some circumstances.
    - Fixed a bug where containers created as part of a pod using the
      --pod-id-file option would not join the pod's network namespace (#11303).
    - Fixed a bug where Podman, when using the systemd cgroups driver,
      could sometimes leak dbus sessions.
    - Fixed a bug where the until filter to podman logs and podman events
      was improperly handled, requiring input to be negated (#11158).
    - Fixed a bug where rootless containers using CNI networking run on
      systems using systemd-resolved for DNS would fail to start if resolved
      symlinked /etc/resolv.conf to an absolute path (#11358).
  * API
    - A large number of potential file descriptor leaks from improperly closing
      client connections have been fixed.

-------------------------------------------------------------------
Mon Aug 23 10:36:00 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Revert crun change due to crun having exclusive arch targets
  that would drop podman support in PPC and IBM Z

-------------------------------------------------------------------
Fri Aug 20 20:58:22 UTC 2021 - michael@stroeder.com

- Update to version 3.3.0:
  * Fix network aliases with network id
  * machine: compute sha256 as we read the image file
  * machine: check for file exists instead of listing directory
  * pkg/bindings/images.nTar(): slashify hdr.Name values
  * Volumes: Only remove from DB if plugin removal succeeds
  * For compatibility, ignore Content-Type
  * [v3.3] Bump c/image 5.15.2, buildah v1.22.3
  * Implement SD-NOTIFY proxy in conmon
  * Fix rootless cni dns without systemd stub resolver
  * fix rootlessport flake
  * Skip stats test in CGv1 container environments
  * Fix AVC denials in tests of volume mounts
  * Restore buildah-bud test requiring new images
  * Revert ".cirrus.yml: use fresh images for all VMs"
  * Fix device tests using ls test files
  * Enhance priv. dev. check
  * Workaround host availability of /dev/kvm
  * Skip cgroup-parent test due to frequent flakes
  * Cirrus: Fix not uploading logformatter html

-------------------------------------------------------------------
Fri Aug 13 11:26:44 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>

- Switch to crun (bsc#1188914)

-------------------------------------------------------------------
Sat Jul 17 16:37:58 UTC 2021 - michael@stroeder.com

- Update to version 3.2.3:
  * Bump to v3.2.3
  * Update release notes for v3.2.3
  * vendor containers/common@v0.38.16
  * vendor containers/buildah@v1.21.3
  * Fix race conditions in rootless cni setup
  * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
  * Make rootless-cni setup more robust
  * Support uid,gid,mode options for secrets
  * vendor containers/common@v0.38.15
  * [CI:DOCS] podman search: clarify that results depend on implementation
  * vendor containers/common@v0.38.14
  * vendor containers/common@v0.38.13
  * [3.2] vendor containers/common@v0.38.12
  * Bump README to v3.2.2
  * Bump to v3.2.3-dev

-------------------------------------------------------------------
Sun Jun 27 09:33:30 UTC 2021 - idesmi@protonmail.com

- Update to version 3.2.2:
  * Bump to v3.2.2
  * fix systemcontext to use correct TMPDIR
  * Scrub podman commands to use report package
  * Fix volumes with uid and gid options
  * Vendor in c/common v0.38.11
  * Initial release notes for v3.2.2
  * Fix restoring of privileged containers
  * Fix handling of podman-remote build --device
  * Add support for podman remote build -f - .
  * Fix panic condition in cgroups.getAvailableControllers
  * Fix permissions on initially created named volumes
  * Fix building static podman-remote
  * add correct slirp ip to /etc/hosts
  * disable tty-size exec checks in system tests
  * Fix resize race with podman exec -it
  * Fix documentation of the --format option of podman push
  * Fix systemd-resolved detection.
  * Health Check is not handled in the compat LibpodToContainerJSON
  * Do not use inotify for OCICNI
  * getContainerNetworkInfo: lock netNsCtr before sync
  * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership
  * Create the /etc/mtab file if does not exists
  * [v3.2] cp: do not allow dir->file copying
  * create: support images with invalid platform
  * vendor containers/common@v0.38.10
  * logs: k8s-file: restore poll sleep
  * logs: k8s-file: fix spurious error logs
  * utils: move message from warning to debug
  * Bump to v3.2.2-dev

-------------------------------------------------------------------
Mon Jun 14 18:07:50 UTC 2021 - idesmi@protonmail.com

- Update to version 3.2.1:
  * Bump to v3.2.1
  * Updated release notes for v3.2.1
  * Fix network connect race with docker-compose
  * Revert "Ensure minimum API version is set correctly in tests"
  * Fall back to string for dockerfile parameter
  * remote events: fix --stream=false
  * [CI:DOCS] fix incorrect network remove api doc
  * remote: always send resize before the container starts
  * remote events: support labels
  * remote pull: cancel pull when connection is closed
  * Fix network prune api docs
  * Improve systemd-resolved detection
  * logs: k8s-file: fix race
  * Fix image prune --filter cmd behavior
  * Several shell completion fixes
  * podman-remote build should handle -f option properly
  * System tests: deal with crun 0.20.1
  * Fix build tags for pkg/machine...
  * Fix pre-checkpointing
  * container: ignore named hierarchies
  * [v3.2] vendor containers/common@v0.38.9
  * rootless: fix fast join userns path
  * [v3.2] vendor containers/common@v0.38.7
  * [v3.2] vendor containers/common@v0.38.6
  * Correct qemu options for Intel macs
  * Ensure minimum API version is set correctly in tests
  * Bump to v3.2.1-dev

-------------------------------------------------------------------
Tue Jun 08 09:47:00 UTC 2021 - idesmi@protonmail.com

- Update to version 3.2.0:
  * Bump to v3.2.0
  * Fix network create macvlan with subnet option
  * Final release notes updates for v3.2.0
  * add ipv6 nameservers only when the container has ipv6 enabled
  * Use request context instead of background
  * [v.3.2] events: support disjunctive filters
  * System tests: add :Z to volume mounts
  * generate systemd: make mounts portable
  * vendor containers/storage@v1.31.3
  * vendor containers/common@v0.38.5
  * Bump to v3.2.0-dev
  * Bump to v3.2.0-RC3
  * Update release notes for v3.2.0-RC3
  * Fix race on podman start --all
  * Fix race condition in running ls container in a pod
  * docs: --cert-dir: point to containers-certs.d(5)
  * Handle hard links in different directories
  * Improve OCI Runtime error
  * Handle hard links in remote builds
  * Podman info add support for status of cgroup controllers
  * Drop container does not exist on removal to debugf
  * Downgrade API service routing table logging
  * add libimage events
  * docs: generate systemd: XDG_RUNTIME_DIR
  * Fix problem copying files when container is in host pid namespace
  * Bump to v3.2.0-dev
  * Bump to v3.2.0-RC2
  * update c/common
  * Update Cirrus DEST_BRANCH to v3.2
  * Updated vendors of c/image, c/storage, Buildah
  * Initial release notes for v3.2.0-RC2
  * Add script for identifying commits in release branches
  * Add host.containers.internal entry into container's etc/hosts
  * image prune: remove unused images only with `--all`
  * podman network reload add rootless support
  * Use more recent `stale` release...
  * network tutorial: update with rootless cni changes
  * [CI:DOCS] Update first line in intro page
  * Use updated VM images + updated automation tooling
  * auto-update service: prune images
  * make vendor
  * fix system upgrade tests
  * Print "extracting" only on compressed file
  * podman image tree: restore previous behavior
  * fix network restart always test
  * fix incorrect log driver in podman container image
  * Add support for cli network prune --filter flag
  * Move filter parsing to common utils
  * Bump github.com/containers/storage from 1.30.2 to 1.30.3
  * Update nix pin with `make nixpkgs`
  * [CI:DOCS] hack/bats - new helper for running system tests
  * fix restart always with slirp4netns
  * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
  * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
  * Add host.serviceIsRemote to podman info results
  * Add client disconnect to build handler loop
  * Remove obsolete skips
  * Fix podman-remote build --rm=false ...
  * fix: improved "containers/{name}/wait" endpoint
  * Bump github.com/containers/storage from 1.30.1 to 1.30.2
  * Add envars to the generated systemd unit
  * fix: use UTC Time Stamps in response JSON
  * fix container startup for empty pidfile
  * Kube like pods should share ipc,net,uts by default
  * fix: compat API "images/get" for multiple images
  * Revert escaped double dash man page flag syntax
  * Report Download complete in Compatibility mode
  * Add documentation on short-names
  * Bump github.com/docker/docker
  * Adds support to preserve auto update labels in generate and play kube
  * [CI:DOCS] Stop conversion of `--` into en dash
  * Revert Patch to relabel if selinux not enabled
  * fix per review request
  * Add support for environment variable secrets
  * fix pre review request
  * Fix infinite loop in isPathOnVolume
  * Add containers.conf information for changing defaults
  * CI: run rootless tests under ubuntu
  * Fix wrong macvlan PNG in networking doc.
  * Add restart-policy to container filters & --filter to podman start
  * Fixes docker-compose cannot set static ip when use ipam
  * channel: simplify implementation
  * build: improve regex for iidfile
  * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
  * cgroup: fix rootless --cgroup-parent with pods
  * fix: docker APIv2 `images/get`
  * codespell cleanup
  * Minor podmanimage docs updates.
  * Fix handling of runlabel IMAGE and NAME
  * Bump to v3.2.0-dev
  * Bump to v3.2.0-rc1
  * rootless: improve automatic range split
  * podman: set volatile storage flag for --rm containers
  * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
  * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
  * migrate Podman to containers/common/libimage
  * Add filepath glob support to --security-opt unmask
  * Force log_driver to k8s-file for containers in containers
  * add --mac-address to podman play kube
  * compat api: Networks must be empty instead of null
  * System tests: honor $OCI_RUNTIME (for CI)
  * is this a bug?
  * system test image: add arm64v8 image
  * Fix troubleshooting documentation on handling sublemental groups.
  * Add --all to podman start
  * Fix variable reference typo. in multi-arch image action
  * cgroup: always honor --cgroup-parent with cgroupfs
  * Bump github.com/uber/jaeger-client-go
  * Don't require tests for github-actions & metadata
  * Detect if in podman machine virtual vm
  * Fix multi-arch image workflow typo
  * [CI:DOCS] Add titles to remote docs (windows)
  * Remove unused VolumeList* structs
  * Cirrus: Update F34beta -> F34
  * Update container image docs + fix unstable execution
  * Bump github.com/containers/storage from 1.30.0 to 1.30.1
  * TODO complete
  * Docker returns 'die' status rather then 'died' status
  * Check if another VM is running on machine start
  * [CI:DOCS] Improve titles of command HTML pages
  * system tests: networking: fix another race condition
  * Use seccomp_profile as default profile if defined in containers.conf
  * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11
  * Vendored
  * Autoupdate local label functional
  * System tests: fix two race conditions
  * Add more documentation on conmon
  * Allow docker volume create API to pass without name
  * Cirrus: Update Ubuntu images to 21.04
  * Skip blkio-weight test when no kernel BFQ support
  * rootless: Tell the user what was led to the error, not just what it is
  * Add troubleshooting advice about the --userns option.
  * Fix images prune filter until
  * Fix logic for pushing stable multi-arch images
  * Fixes generate kube incorrect when bind-mounting "/" and "/root"
  * libpod/image: unit tests: don't use system's registries.conf.d
  * runtime: create userns when CAP_SYS_ADMIN is not present
  * rootless: attempt to copy current mappings first
  * [CI:DOCS] Restore missing content to manpages
  * [CI:DOCS] Fix Markdown layout bugs
  * Fix podman ps --filter ancestor to match exact ImageName/ImageID
  * Add machine-enabled to containers.conf for machine
  * Several multi-arch image build/push fixes
  * Add podman run --timeout option
  * Parse slirp4netns net options with compat api
  * Fix rootlesskit port forwarder with custom slirp cidr
  * Fix removal race condition in ListContainers
  * Add github-action workflow to build/push multi-arch
  * rootless: if root is not sub?id raise a debug message
  * Bump github.com/containers/common from 0.36.0 to 0.37.0
  * Add go template shell completion for --format
  * Add --group-add keep-groups: suplimentary groups into container
  * Fixes from make codespell
  * Typo fix to usage text of --compress option
  * corrupt-image test: fix an oops
  * Add --noheading flag to all list commands
  * Bump github.com/containers/storage from 1.29.0 to 1.30.0
  * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1
  * [CI:DOCS] Fix Markdown table layout bugs
  * podman-remote should show podman.sock info
  * rmi: don't break when the image is missing a manifest
  * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
  * Add support for CDI device configuration
  * [CI:DOCS] Add missing dash to verbose option
  * Bump github.com/uber/jaeger-client-go
  * Remove an advanced layer diff function
  * Ensure mount destination is clean, no trailing slash
  * add it for inspect pidfile
  * [CI:DOCS] Fix introduction page typo
  * support pidfile on container restore
  * fix start it
  * skip pidfile test on remote
  * improve document
  * set pidfile default value int containerconfig
  * add pidfile in inspection
  * add pidfile it for container start
  * skip pidfile it on remote
  * Modify according to comments
  * WIP: drop test requirement
  * runtime: bump required conmon version
  * runtime: return findConmon to libpod
  * oci: drop ExecContainerCleanup
  * oci: use `--full-path` option for conmon
  * use AttachSocketPath when removing conmon files
  * hide conmon-pidfile flag on remote mode
  * Fix possible panic in libpod/image/prune.go
  * add --ip to podman play kube
  * add flag autocomplete
  * add ut
  * add flag "--pidfile" for podman create/run
  * Add network bindings tests: remove and list
  * Fix build with GO111MODULE=off
  * system tests: build --pull-never: deal with flakes
  * compose test: diagnose flakes v3
  * podman play kube apply correct log driver
  * Fixes podman-remote save to directories does not work
  * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2
  * Update documentation of podman-run to reflect volume "U" option
  * Fix flake on failed podman-remote build : try 2
  * compose test: ongoing efforts to diagnose flakes
  * Test that we don't error out on advertised --log-level values
  * At trace log level, print error text using %+v instead of %v
  * pkg/errorhandling.JoinErrors: don't throw away context for lone errors
  * Recognize --log-level=trace
  * Fix flake on failed podman-remote build
  * System tests: fix racy podman-inspect
  * Fixes invalid expression in save command
  * Bump github.com/containers/common from 0.35.4 to 0.36.0
  * Update nix pin with `make nixpkgs`
  * compose test: try to get useful data from flakes
  * Remove in-memory state implementation
  * Fix message about runtime to show only the actual runtime
  * System tests: setup: better cleanup of stray images
  * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
  * Reflect current state of prune implementation in docs
  * Do not delete container twice
  * [CI:DOCS] Correct status code for /pods/create
  * vendor in containers/storage v1.29.0
  * cgroup: do not set cgroup parent when rootless and cgroupfs
  * Overhaul Makefile binary and release worflows
  * Reorganize Makefile with sections and guide
  * Simplify Makefile help target
  * Don't shell to obtain current directory
  * Remove unnecessary/not-needed release.txt target
  * Fix incorrect version number output
  * Exclude .gitignore from test req.
  * Fix handling of $NAME and $IMAGE in runlabel
  * Update podman image Dockerfile to support Podman in container
  * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0
  * Fix slashes in socket URLs
  * Add network prune filters support to bindings
  * Add support for play/generate kube volumes
  * Update manifest API endpoints
  * Fix panic when not giving a machine name for ssh
  * cgroups: force 64 bits to ParseUint
  * Bump k8s.io/api from 0.20.5 to 0.21.0
  * [CI:DOCS] Fix formatting of podman-build man page
  * buildah-bud tests: simplify
  * Add missing return
  * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1
  * speed up CI handling of images
  * Volumes prune endpoint should use only prune filters
  * Cirrus: Use Fedora 34beta images
  * Bump go.sum + Makefile for golang 1.16
  * Exempt Makefile changes from test requirements
  * Adjust libpod API Container Wait documentation to the code
  * [CI:DOCS] Update swagger definition of inspect manifest
  * use updated ubuntu images
  * podman unshare: add --rootless-cni to join the ns
  * Update swagger-check
  * swagger: remove name wildcards
  * Update buildah-bud diffs
  * Handle podman-remote --arch, --platform, --os
  * buildah-bud tests: handle go pseudoversions, plus...
  * Fix flaking rootless compose test
  * rootless cni add /usr/sbin to PATH if not present
  * System tests: special case for RHEL: require runc
  * Add --requires flag to podman run/create
  * [CI:DOCS] swagger-check: compare operations
  * [CI:DOCS] Polish swagger OpertionIDs
  * [NO TESTS NEEDED] Update nix pin with `make nixpkgs`
  * Ensure that `--userns=keep-id` sets user in config
  * [CI:DOCS] Set all operation id to be compatibile
  * Move operationIds to swagger:operation line
  * swagger: add operationIds that match with docker
  * Cirrus: Make use of shared get_ci_vm container
  * Don't relabel volumes if running in a privileged container
  * Allow users to override default storage opts with --storage-opt
  * Add support for podman --context default
  * Verify existence of auth file if specified
  * fix machine naming conventions
  * Initial network bindings tests
  * Update release notes to indicate CVE fix
  * Move socket activation check into init() and set global condition.
  * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0
  * Http api tests for network prune with until filter
  * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
  * Fix typos --uidmapping and --gidmapping
  * Add transport and destination info to manifest doc
  * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1
  * Add default template functions
  * Fix missing podman-remote build options
  * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1
  * Add ssh connection to root user
  * Add rootless docker-compose test to the CI
  * Use the slrip4netns dns in the rootless cni ns
  * Cleanup the rootless cni namespace
  * Add new docker-compose test for two networks
  * Make the docker-compose test work rootless
  * Remove unused rootless-cni-infra container files
  * Only use rootless RLK when the container has ports
  * Fix dnsname test
  * Enable rootless network connect/disconnect
  * Move slirp4netns functions into an extra file
  * Fix pod infra container cni network setup
  * Add rootless support for cni and --uidmap
  * rootless cni without infra container
  * Recreate until container prune tests for bindings
  * Remove --execute from podman machine ssh
  * Fixed podman-remote --network flag
  * Makefile: introduce install.docker-full
  * Makefile: ensure install.docker creates BINDIR
  * Fix unmount doc reference in image.rst
  * Should send the OCI runtime path not just the name to buildah
  * podman machine shell completion
  * Fix handling of remove --log-rusage param
  * Fix bindings prune containers flaky test
  * [CI:DOCS] Add local html build info to docs/README.md
  * Add podman machine list
  * Trim white space from /top endpoint results
  * Remove semantic version suffices from API calls
  * podman machine init --ignition-path
  * Document --volume from podman-remote run/create client
  * Update main branch to reflect the release of v3.1.0
  * Silence podman network reload errors with iptables-nft
  * Containers prune endpoint should use only prune filters
  * resolve proper aarch64 image names
  * APIv2 basic test: relax APIVersion check
  * Add machine support for qemu-system-aarch64
  * podman machine init user input
  * manpage xref: helpful diagnostic for unescaped dash-dash
  * Bump to v3.2.0-dev
  * swagger: update system version response body
  * buildah-bud tests: reenable pull-never test
  * [NO TESTS NEEDED] Shrink the size of podman-remote
  * Add powershell completions
  * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted
  * Fix long option format on docs.podman.io
  * system tests: friendier messages for 2-arg is()
  * service: use LISTEN_FDS
  * man pages: correct seccomp-policy label
  * rootless: use is_fd_inherited
  * podman generate systemd --new do not duplicate params
  * play kube: add support for env vars defined from secrets
  * play kube: support optional/mandatory env var from config map
  * play kube: prepare supporting other env source than config maps
  * Add machine support for more Linux distros
  * [NO TESTS NEEDED] Use same function podman-remote rmi as podman
  * Podman machine enhancements
  * Add problematic volume name to kube play error messages
  * Fix podman build --pull-never
  * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
  * [NO TESTS NEEDED] Turn on podman-remote build --isolation
  * Fix list pods filter handling in libpod api
  * Remove resize race condition
  * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
  * Use TMPDIR when commiting images
  * Add RequiresMountsFor= to systemd generate
  * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3
  * Fix swapped dimensions from terminal.GetSize
  * Rename podman machine create to init and clean up
  * Correct json field name
  * system tests: new interactive tests
  * Improvements for machine
  * libpod/image: unit tests: use a `registries.conf` for aliases
  * libpod/image: unit tests: defer cleanup
  * libpod/image: unit tests: use `require.NoError`
  * Add --execute flag to podman machine ssh
  * introduce podman machine
  * Podman machine CLI and interface stub
  * Support multi doc yaml for generate/play kube
  * Fix filters in image http compat/libpod api endpoints
  * Bump github.com/containers/common from 0.35.3 to 0.35.4
  * Bump github.com/containers/storage from 1.28.0 to 1.28.1
  * Check if stdin is a term in --interactive --tty mode
  * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
  * [NO TESTS NEEDED] Fix rootless volume plugins
  * Ensure manually-created volumes have correct ownership
  * Bump github.com/rootless-containers/rootlesskit
  * Unification of until filter across list/prune endpoints
  * Unification of label filter across list/prune endpoints
  * fixup
  * fix: build endpoint for compat API
  * [CI:DOCS] Add note to mappings for user/group userns in build
  * Bump k8s.io/api from 0.20.1 to 0.20.5
  * Validate passed in timezone from tz option
  * WIP: run buildah bud tests using podman
  * Fix containers list/prune http api filter behaviour
  * Generate Kubernetes PersistentVolumeClaims from named volumes

-------------------------------------------------------------------
Fri Apr 23 10:29:10 UTC 2021 - Fabian Vogt <fvogt@suse.com>

- Update to version 3.1.2:
  * Bump to v3.1.2
  * Update release notes for v3.1.2
  * Ensure mount destination is clean, no trailing slash
  * Fixes podman-remote save to directories does not work
  * [CI:DOCS] Add missing dash to verbose option
  * [CI:DOCS] Fix Markdown table layout bugs
  * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
  * rmi: don't break when the image is missing a manifest
  * Bump containers/image to v5.11.1
  * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1
  * Fix lint
  * Bump to v3.1.2-dev
- Split podman-remote into a subpackage
- Add missing scriptlets for systemd units
- Escape macros in comments
- Drop some obsolete workarounds, including %{go_nostrip}

-------------------------------------------------------------------
Mon Apr 19 09:29:17 UTC 2021 - alexandre.vicenzi@suse.com

- Update to version 3.1.1:
  * Bump to v3.1.1
  * Update release notes for v3.1.1
  * podman play kube apply correct log driver
  * Fix build with GO111MODULE=off
  * [CI:DOCS] Set all operation id to be compatibile
  * Move operationIds to swagger:operation line
  * swagger: add operationIds that match with docker
  * Fix missing podman-remote build options
  * [NO TESTS NEEDED] Shrink the size of podman-remote
  * Move socket activation check into init() and set global condition.
  * rootless: use is_fd_inherited
  * Recreate until container prune tests for bindings
  * System tests: special case for RHEL: require runc
  * Document --volume from podman-remote run/create client
  * Containers prune endpoint should use only prune filters
  * Trim white space from /top endpoint results
  * Fix unmount doc reference in image.rst
  * Fix handling of remove --log-rusage param
  * Makefile: introduce install.docker-full
  * Makefile: ensure install.docker creates BINDIR
  * Should send the OCI runtime path not just the name to buildah
  * Fixed podman-remote --network flag
  * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
  * Fix typos --uidmapping and --gidmapping
  * Add default template functions
  * Don't relabel volumes if running in a privileged container
  * Allow users to override default storage opts with --storage-opt
  * Add transport and destination info to manifest doc
  * Verify existence of auth file if specified
  * Ensure that `--userns=keep-id` sets user in config
  * [CI:DOCS] Update swagger definition of inspect manifest
  * Volumes prune endpoint should use only prune filters
  * Adjust libpod API Container Wait documentation to the code
  * Add missing return
  * [CI:DOCS] Fix formatting of podman-build man page
  * cgroups: force 64 bits to ParseUint
  * Fix slashes in socket URLs
  * [CI:DOCS] Correct status code for /pods/create
  * cgroup: do not set cgroup parent when rootless and cgroupfs
  * Reflect current state of prune implementation in docs
  * Do not delete container twice
  * Test that we don't error out on advertised --log-level values
  * At trace log level, print error text using %+v instead of %v
  * pkg/errorhandling.JoinErrors: don't throw away context for lone errors
  * Recognize --log-level=trace
  * Fix message about runtime to show only the actual runtime
  * Fix handling of $NAME and $IMAGE in runlabel
  * Fix flake on failed podman-remote build : try 2
  * Fix flake on failed podman-remote build
  * Update documentation of podman-run to reflect volume "U" option
  * Fixes invalid expression in save command
  * Fix possible panic in libpod/image/prune.go
  * Update all containers/ project vendors
  * Fix tests
  * Bump to v3.1.1-dev

-------------------------------------------------------------------
Fri Apr 09 16:55:51 UTC 2021 - alexandre.vicenzi@suse.com

- Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
  * Bump to v3.1.0
  * Fix test failure
  * Update release notes for v3.1.0 final release
  * [NO TESTS NEEDED] Turn on podman-remote build --isolation
  * Fix long option format on docs.podman.io
  * Fix containers list/prune http api filter behaviour
  * [CI:DOCS] Add note to mappings for user/group userns in build
  * Validate passed in timezone from tz option
  * Generate Kubernetes PersistentVolumeClaims from named volumes
  * libpod/image: unit tests: use a `registries.conf` for aliases
- Require systemd 241 or newer due to podman dependency go-systemd v22,
  otherwise build will fail with unknown C name errors

-------------------------------------------------------------------
Mon Mar 29 16:29:46 UTC 2021 - Frederic Crozat <fcrozat@suse.com>

- Create docker subpackage to allow replacing docker with
  corresponding aliases to podman.

-------------------------------------------------------------------
Wed Feb 24 13:46:35 UTC 2021 - Richard Brown <rbrown@suse.com>

- Drop obsolete varlink.patch

-------------------------------------------------------------------
Wed Feb 24 12:44:58 UTC 2021 - Duncan Mac-Vicar <dmacvicar@suse.com>

- Update to v3.0.1
  * Changes
    - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.
Bugfixes
    - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).
    - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output.
    - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems.
    - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393).
    - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415).
    - Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).
    - Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378).
    - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374).
    - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365).
    - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
    - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387).
    - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).
    - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191).
    - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247).
  * API
    - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351).
    - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
    - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
    - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232).
    - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library.
  * Misc
    - Updated Buildah to v1.19.4
    - Updated the containers/storage library to v1.24.6
- Changes from v3.0.0
  * Features
    - Podman now features initial support for Docker Compose.
    - Added the podman rename command, which allows containers to be renamed after they are created (#1925).
    - The Podman remote client now supports the podman copy command.
    - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
    - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
    - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
    - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
    - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
    - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
    - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
    - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
    - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
    - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
    - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
    - The podman pod create command now supports the --net=none option (#9165).
    - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
    - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
    - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
    - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
    - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
    - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
    - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
    The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
    - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
    - The podman volume prune commands now supports filtering what volumes will be pruned.
    - The podman system prune command now includes information on space reclaimed (#8658).
    - The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
    - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
    - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
    - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
    - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
    - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).
  * Security
    - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
  * Changes
    - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
    - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
    - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
    - The legacy Varlink API has been completely removed from Podman.
    - The default log level for Podman has been changed from Error to Warn.
    - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
    - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
    - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
    - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
    - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
    - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
    - Error messages for podman run when an invalid SELinux is specified have been improved.
    - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
    - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
    - SSH public key handling for remote Podman has been improved.
  * Bugfixes
    - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
    - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
    - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
    - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
    - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
    - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
    - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
    - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
    - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
    - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
    - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
    - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
    - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
    - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
    - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
    - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
    - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
    - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
    - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
    - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
    - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
    - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
    - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
    - Fixed a bug where locale environment variables were not properly passed on to Conmon.
    - Fixed a bug where Podman would not build on the MIPS architecture (#8782).
    - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
    - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
    - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
    - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
    - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
    - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
    - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
    - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
    - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
    - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
    - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
    - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
    - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
    - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
    - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
    - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
    - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
    - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
    - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
    - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
    - Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
    - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
    - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
    - Fixed a bug where --format did not support JSON output for individual fields (#8444).
    - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
    - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
    - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
    - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
    - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
    - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
    - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).
    - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773).
    - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).
    - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).
    - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003).

API

- Libpod API version has been bumped to v3.0.0.
    - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
    - The Compat API for Containers now supports the Rename and Copy APIs.
    - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
    - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281)
    - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
    - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
    - Fixed a bug where the Compat Create API for Containers did not set container name properly.
    - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
    - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
    - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
    - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
    - Fixed a bug where the Libpod Exists endpoint for Images could panic.
    - Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
    - Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
    - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
    - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
    - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
    - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
    - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
    - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
  * Misc
    - Updated Buildah to v1.19.2
    - Updated the containers/storage library to v1.24.5
    - Updated the containers/image library to v5.10.2
    - Updated the containers/common library to v0.33.4

-------------------------------------------------------------------
Tue Jan  5 18:14:52 UTC 2021 - Michael Ströder <michael@stroeder.com>

- Update to v2.2.1
  * Changes
    - Due to a conflict with a previously-removed field, we were forced to
      modify the way image volumes (mounting images into containers using
      --mount type=image) were handled in the database.
      As a result, containers created in Podman 2.2.0 with image volume
       will not have them in v2.2.1, and these containers will need to be re-created.
  * Bugfixes
    - Fixed a bug where rootless Podman would, on systems without the
      XDG_RUNTIME_DIR environment variable defined, use an incorrect path
      for the PID file of the Podman pause process, causing Podman to fail
      to start (#8539).
    - Fixed a bug where containers created using Podman v1.7 and earlier were
      unusable in Podman due to JSON decode errors (#8613).
    - Fixed a bug where Podman could retrieve invalid cgroup paths, instead
      of erroring, for containers that were not running.
    - Fixed a bug where the podman system reset command would print a warning
      about a duplicate shutdown handler being registered.
    - Fixed a bug where rootless Podman would attempt to mount sysfs in
      circumstances where it was not allowed; some OCI runtimes (notably
      crun) would fall back to alternatives and not fail, but others
      (notably runc) would fail to run containers.
    - Fixed a bug where the podman run and podman create commands would fail
      to create containers from untagged images (#8558).
    - Fixed a bug where remote Podman would prompt for a password even when
      the server did not support password authentication (#8498).
    - Fixed a bug where the podman exec command did not move the Conmon
      process for the exec session into the correct cgroup.
    - Fixed a bug where shell completion for the ancestor option to
      podman ps --filter did not work correctly.
    - Fixed a bug where detached containers would not properly clean themselves
      up (or remove themselves if --rm was set) if the Podman command that
      created them was invoked with --log-level=debug.
  * API
    - Fixed a bug where the Compat Create endpoint for Containers did not
      properly handle the Binds and Mounts parameters in HostConfig.
    - Fixed a bug where the Compat Create endpoint for Containers
      ignored the Name query parameter.
    - Fixed a bug where the Compat Create endpoint for Containers did not
      properly handle the "default" value for NetworkMode (this value is
      used extensively by docker-compose) (#8544).
    - Fixed a bug where the Compat Build endpoint for Images would sometimes
      incorrectly use the target query parameter as the image's tag.
  * Misc
    - Podman v2.2.0 vendored a non-released, custom version of the
      github.com/spf13/cobra package; this has been reverted to the latest
      upstream release to aid in packaging.
    - Updated the containers/image library to v5.9.0

-------------------------------------------------------------------
Wed Dec  2 13:24:06 UTC 2020 - Richard Brown <rbrown@suse.com>

- Update to v2.2.0
 * Features
  - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here.
  - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.
  - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
  - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
  - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
  - The podman play kube command now supports persistent volumes claims using Podman named volumes.
  - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
  - The podman play kube command now supports a --log-driver option to set the log driver for created containers.
  - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
  - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
  - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
  - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
  - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
  - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
  - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
  - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
  - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
  - The podman search command can now output JSON using the --format=json option.
  - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
  - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
  - The --tls-verify and --authfile options have been enabled for use with remote Podman.
  - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
  - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
  - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
  - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
  - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.
  - The podman pod ps command now supports a new filter status, that matches pods in a certain state.
 * Changes
  - The podman network rm --force command will now also remove pods that are using the network (#7791).
  - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
  - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
  - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
  - Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
  - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
  - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
  - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
  - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
  - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.
  - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container.
  - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).
  - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657).
  - The podman network rm command now has a new alias, podman network remove (#8402).
 * Bugfixes
  - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
  - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
  - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
  - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
  - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
  - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
  - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
  - Fixed a bug where the podman untag --all command was not supported with remote Podman.
  - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
  - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
  - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
  - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
  - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
  - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
  - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
  - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
  - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
  - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
  - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
  - Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.
  - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
  - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
  - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
  - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
  - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
  - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
  - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
  - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
  - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
  - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
  - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
  - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
  - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
  - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
  - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
  - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
  - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
  - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
  - Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
  - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
  - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
  - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
  - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
  - Fixed a bug where the --extract option to podman cp was nonfunctional.
  - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
  - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
  - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
  - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
  - Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
  - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
  - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
  - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
  - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
  - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
  - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
  - Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
  - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
  - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
  - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
  - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
  - Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
  - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
  - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).
  - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).
  - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables.
  - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473).
  - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.
  - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).
  - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck.
  - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).
  - Fixed a bug where the podman container ps alias for podman ps was missing (#8445).
 * API
  - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
  - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
  - The Compat Network Connect and Network Disconnect endpoints have been added.
  - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
  - The Compat Create endpoint for images now properly supports specifying images by digest.
  - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
  - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
  - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version).
  - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
  - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
  - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
  - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
  - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
  - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
  - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so).
  - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
  - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
  - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
  - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
  - Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
  - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
  - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.
  - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time.
  - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.

-------------------------------------------------------------------
Mon Oct 26 14:08:32 UTC 2020 - Adrian Schröter <adrian@suse.de>

- add dependency to timezone package or podman fails to build a
  container (bsc#1178122)

-------------------------------------------------------------------
Wed Sep 30 14:07:34 UTC 2020 - rhafer@suse.com
- Added patch varlink.patch to disable needless varlink code
  generation. This would cause compile failures in OBS.
  (https://github.com/containers/podman/pull/7854)
- Cleanup %build section a bit and no longer build in GOPATH.
  This shouldn't be needed anymore.
- Path BUILDFLAGS via enviroment variable to allow it being
  appended to the corresponding Makefile variable instead of
  completely overriding it.
- Install new auto-update system units
- Update to v2.1.1 (bsc#1178392):
  * Changes
    - The `podman info` command now includes the cgroup manager
      Podman is using.
  * API
    - The REST API now includes a Server header in all responses.
    - Fixed a bug where the Libpod and Compat Attach endpoints
      could terminate early, before sending all output from the
      container.
    - Fixed a bug where the Compat Create endpoint for containers
      did not properly handle the Interactive parameter.
    - Fixed a bug where the Compat Kill endpoint for containers
      could continue to run after a fatal error.
    - Fixed a bug where the Limit parameter of the Compat List
      endpoint for Containers did not properly handle a limit of 0
      (returning nothing, instead of all containers) [#7722].
    - The Libpod Stats endpoint for containers is being deprecated
      and will be replaced by a similar endpoint with additional
      features in a future release.
- Changes in v2.1.0
  * Features
    - A new command, `podman image mount`, has been added. This
      allows for an image to be mounted, read-only, to inspect its
      contents without creating a container from it [#1433].
    - The `podman save` and `podman load` commands can now create
      and load archives containing multiple images [#2669].
    - Rootless Podman now supports all `podman network` commands,
      and rootless containers can now be joined to networks.
    - The performance of `podman build` on `ADD` and `COPY`
      instructions has been greatly improved, especially when a
      `.dockerignore` is present.
    - The `podman run` and `podman create` commands now support a
      new mode for the `--cgroups` option, `--cgroups=split`.
      Podman will create two cgroups under the cgroup it was
      launched in, one for the container and one for Conmon. This
      mode is useful for running Podman in a systemd unit, as it
      ensures that all processes are retained in systemd's cgroup
      hierarchy [#6400].
    - The `podman run` and `podman create` commands can now specify
      options to slirp4netns by using the `--network` option as
      follows:  `--net slirp4netns:opt1,opt2`. This allows for,
      among other things, switching the port forwarder used by
      slirp4netns away from rootlessport.
    - The `podman ps` command now features a new option,
      `--storage`, to show containers from Buildah, CRI-O and other
      applications.
    - The `podman run` and `podman create` commands now feature a
      `--sdnotify` option to control the behavior of systemd's
      sdnotify with containers, enabling improved support for
      Podman in `Type=notify` units.
    - The `podman run` command now features a `--preserve-fds`
      opton to pass file descriptors from the host into the
      container [#6458].
    - The `podman run` and `podman create` commands can now create
      overlay volume mounts, by adding the `:O` option to a bind
      mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
      mount a directory into a container from the host and allow
      changes to it, but not write those changes back to the
      directory on the host.
    - The `podman play kube` command now supports the Socket
      HostPath type [#7112].
    - The `podman play kube` command now supports read-only mounts.
    - The `podman play kube` command now supports setting labels on
      pods from Kubernetes metadata labels.
    - The `podman play kube` command now supports setting container
      restart policy [#7656].
    - The `podman play kube` command now properly handles
      `HostAlias` entries.
    - The `podman generate kube` command now adds entries to
      `/etc/hosts` from `--host-add` generated YAML as `HostAlias`
      entries.
    - The `podman play kube` and `podman generate kube` commands
      now properly support `shareProcessNamespace` to share the PID
      namespace in pods.
    - The `podman volume ls` command now supports the `dangling`
      filter to identify volumes that are dangling (not attached to
      any container).
    - The `podman run` and `podman create` commands now feature a
      `--umask` option to set the umask of the created container.
    - The `podman create` and `podman run` commands now feature a
      `--tz` option to set the timezone within the container [#5128].
    - Environment variables for Podman can now be added in the
      `containers.conf` configuration file.
    - The `--mount` option of `podman run` and `podman create` now
      supports a new mount type, `type=devpts`, to add a `devpts`
      mount to the container. This is useful for containers that
      want to mount `/dev/` from the host into the container, but
      still create a terminal.
    - The `--security-opt` flag to `podman run` and `podman create`
      now supports a new option, `proc-opts`, to specify options
      for the container's `/proc` filesystem.
    - Podman with the `crun` OCI runtime now supports a new option
      to `podman run` and `podman create`, `--cgroup-conf`, which
      allows for advanced configuration of cgroups on cgroups v2
      systems.
    - The `podman create` and `podman run` commands now support a
      `--override-variant` option, to override the architecture
      variant of the image that will be pulled and ran.
    - A new global option has been added to Podman,
      `--runtime-flags`, which allows for setting flags to use when
      the OCI runtime is called.
    - The `podman manifest add` command now supports the
      `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
      options.
  * Security
    - This release resolves CVE-2020-14370, in which environment
      variables could be leaked between containers created using
      the Varlink API.
  * Changes
    - Podman will now retry pulling an image 3 times if a pull
      fails due to network errors.
    - The `podman exec` command would previously print error
      messages (e.g. `exec session exited with non-zero exit code
      -1`) when the command run exited with a non-0 exit code. It
      no longer does this. The `podman exec` command will still
      exit with the same exit code as the command run in the
      container did.
    - Error messages when creating a container or pod with a name
      that is already in use have been improved.
    - For read-only containers running systemd init, Podman creates
      a tmpfs filesystem at `/run`. This was previously limited to
      65k in size and mounted `noexec`, but is now unlimited size
      and mounted `exec`.
    - The `podman system reset` command no longer removes
      configuration files for rootless Podman.
  * API
    - The Libpod API version has been bumped to v2.0.0 due to a
      breaking change in the Image List API.
    - Docker-compatible Volume Endpoints (Create, Inspect, List,
      Remove, Prune) are now available!
    - Added an endpoint for generating systemd unit files for
      containers.
    - The `last` parameter to the Libpod container list endpoint
      now has an alias, `limit` [#6413].
    - The Libpod image list API new returns timestamps in Unix
      format, as integer, as opposed to as strings
    - The Compat Inspect endpoint for containers now includes port
      information in NetworkSettings.
    - The Compat List endpoint for images now features limited
      support for the (deprecated) `filter` query parameter [#6797].
    - Fixed a bug where the Compat Create endpoint for containers
      was not correctly handling bind mounts.
    - Fixed a bug where the Compat Create endpoint for containers
      would not return a 404 when the requested image was not
      present.
    - Fixed a bug where the Compat Create endpoint for containers
      did not properly handle Entrypoint and Command from images.
    - Fixed a bug where name history information was not properly
      added in the Libpod Image List endpoint.
    - Fixed a bug where the Libpod image search endpoint improperly
      populated the Description field of responses.
    - Added a `noTrunc` option to the Libpod image search endpoint.
    - Fixed a bug where the Pod List API would return null, instead
      of an empty array, when no pods were present [#7392].
    - Fixed a bug where endpoints that hijacked would do perform
      the hijack too early, before being ready to send and receive
      data [#7195].
    - Fixed a bug where Pod endpoints that can operate on multiple
      containers at once (e.g. Kill, Pause, Unpause, Stop) would
      not forward errors from individual containers that failed.
    - The Compat List endpoint for networks now supports filtering
      results [#7462].
    - Fixed a bug where the Top endpoint for pods would return both
      a 500 and 404 when run on a non-existant pod.
    - Fixed a bug where Pull endpoints did not stream progress back
      to the client.
    - The Version endpoints (Libpod and Compat) now provide version
      in a format compatible with Docker.
    - All non-hijacking responses to API requests should not
      include headers with the version of the server.
    - Fixed a bug where Libpod and Compat Events endpoints did not
      send response headers until the first event occurred [#7263].
    - Fixed a bug where the Build endpoints (Compat and Libpod) did
      not stream progress to the client.
    - Fixed a bug where the Stats endpoints (Compat and Libpod) did
      not properly handle clients disconnecting.
    - Fixed a bug where the Ignore parameter to the Libpod Stop
      endpoint was not performing properly.
    - Fixed a bug where the Compat Logs endpoint for containers did
      not stream its output in the correct format [#7196].

-------------------------------------------------------------------
Tue Sep  8 13:41:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Cleanup %install section to use "make install"
- install missing systemd units for the new Rest API (bsc#1175957)
  and a few man-pages that where missing before
- Drop varlink API related bits (in favor of the new API)
- fix install location for zsh completions

-------------------------------------------------------------------
Wed Sep  2 00:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>

- Update to v2.0.6
  * Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
  * Fixed a bug where /etc/passwd could be re-created every time a container
    is restarted if the container's /etc/passwd did not contain an entry
    for the user the container was started as.
  * Fixed a bug where containers without an /etc/passwd file specifying
    a non-root user would not start.
  * Fixed a bug where the --remote flag would sometimes not make
    remote connections and would instead attempt to run Podman locally.

-------------------------------------------------------------------
Tue Aug 25 07:01:13 UTC 2020 - Michael Ströder <michael@stroeder.com>

- Update to v2.0.5 (bsc#1175821)
  * Features
    - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.
    - The podman system connection command has been reworked to support multiple connections, and reenabled for use!
    - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.
  * Changes
    - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).
    - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.
  * Bugfixes
    - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964).
    - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271).
    - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present.
    - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]).
    - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893).
    - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124).
    - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).
    - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).
    - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting.
    - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).
    - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed.
    - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.
    - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
    - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image.
    - Fixed a bug where pod infra containers were not properly unmounted after exiting.
    - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route.
    - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017).
    - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host.
    - Fixed a bug where podman build would not generate an event on completion (#7022).
    - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122).
    - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
    - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115).
    - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
    - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).
    - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
    - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).
    - Fixed a bug where the podman version command did not properly include build time and Git commit.
    - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734).
    - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user.
    - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).
  * API
    - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185).
    - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197).
    - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
    - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping).
    - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294).
    - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
    - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.
  * Misc
    - Updated Buildah to v1.15.1
    - Updated containers/image library to v5.5.2

-------------------------------------------------------------------
Tue Aug 18 15:11:31 UTC 2020 - Richard Brown <rbrown@suse.com>

- Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib

-------------------------------------------------------------------
Wed Aug 12 09:35:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>

- Change hard requires for AppArmor to Recommends. They are not
  needed for runtime or with SELinux but already installed if
  AppArmor is used [jsc#SMO-15]

-------------------------------------------------------------------
Tue Aug  4 13:52:05 UTC 2020 - Richard Brown <rbrown@suse.com>

- Add BuildRequires for pkg-config(libselinux) to build with
  SELinux support [jsc#SMO-15]

-------------------------------------------------------------------
Mon Aug  3 06:47:04 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Update to v2.0.4
  * Fixed a bug where the output of podman image search did not
    populate the Description field as it was mistakenly assigned to
    the ID field.
  * Fixed a bug where podman build - and podman build on an HTTP
    target would fail.
  * Fixed a bug where rootless Podman would improperly chown the
    copied-up contents of anonymous volumes (#7130).
  * Fixed a bug where Podman would sometimes HTML-escape special
    characters in its CLI output.
  * Fixed a bug where the podman start --attach --interactive
    command would print the container ID of the container attached
    to when exiting (#7068).
  * Fixed a bug where podman run --ipc=host --pid=host would only
    set --pid=host and not --ipc=host (#7100).
  * Fixed a bug where the --publish argument to podman run, podman
    create and podman pod create would not allow binding the same
    container port to more than one host port (#7062).
  * Fixed a bug where incorrect arguments to podman images --format
    could cause Podman to segfault.
  * Fixed a bug where podman rmi --force on an image ID with more
    than one name and at least one container using the image would
    not completely remove containers using the image (#7153).
  * Fixed a bug where memory usage in bytes and memory use
    percentage were swapped in the output of podman stats
    --format=json.
  * Fixed a bug where the libpod and compat events endpoints would
    fail if no filters were specified (#7078).
  * Fixed a bug where the CgroupVersion field in responses from the
    compat Info endpoint was prefixed by "v" (instead of just being
    "1" or "2", as is documented).

-------------------------------------------------------------------
Fri Jul 31 13:07:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Remove obsolete libpod.conf from Package sources

-------------------------------------------------------------------
Tue Jul 28 13:16:55 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- libpod got renamed to podman on GitHub. Point _service file to
  the new name.
- Remove obsolete old Requires on libcontainers-image and -storage
  all of that is inside libcontainers-common
- Require a new enough libcontainers-common version to have the
  default containers.conf installed.
- Remove deprecated libpod.conf and create an update notice pointing
  to containers.conf for user that made changes to libpod.conf

-------------------------------------------------------------------
Tue Jul 28 09:13:49 UTC 2020 - Fabian Vogt <fvogt@suse.com>

- Suggest katacontainers instead of recommending it. It's not
  enabled by default, so it's just bloat

-------------------------------------------------------------------
Fri Jul 24 12:19:32 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Update to v2.0.3
  * Fix handling of entrypoint
  * log API: add context to allow for cancelling
  * fix API: Create container with an invalid configuration
  * Remove all instances of named return "err" from Libpod
  * Fix: Correct connection counters for hijacked connections
  * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
  * Remove hijacked connections from active connections list
  * version/info: format: allow more json variants
  * Correctly print STDOUT on non-terminal remote exec
  * Fix container and pod create commands for remote create
  * Mask out /sys/dev to prevent information leak from the host
  * Ensure sig-proxy default is propagated in start
  * Add SystemdMode to inspect for containers
  * When determining systemd mode, use full command
  * Fix lint
  * Populate remaining unused fields in `pod inspect`
  * Include infra container information in `pod inspect`
  * play-kube: add suport for "IfNotPresent" pull type
  * docs: user namespace can't be shared in pods
  * Fix "Error: unrecognized protocol \"TCP\" in port mapping"
  * Error on rootless mac and ip addresses
  * Fix & add notes regarding problematic language in codebase
  * abi: set default umask and rlimits
  * Used reference package with errors for parsing tag
  * fix: system df error when an image has no name
  * Fix Generate API title/description
  * Add noop function disable-content-trust
  * fix play kube doesn't override dockerfile ENTRYPOINT
  * Support default profile for apparmor
  * Bump github.com/containers/common to v0.14.6
  * events endpoint: backwards compat to old type
  * events endpoint: fix panic and race condition
  * Switch references from libpod.conf to containers.conf
  * podman.service: set type to simple
  * podman.service: set doc to podman-system-service
  * podman.service: use default registries.conf
  * podman.service: use default killmode
  * podman.service: remove stop timeout
  * systemd: symlink user->system
  * vendor golang.org/x/text@v0.3.3
  * Fix a bug where --pids-limit was parsed incorrectly
  * search: allow wildcards
  * [CI:DOCS]Do not copy policy.json into gating image
  * Fix systemd pid 1 test
  * Cirrus: Rotate keys post repo. rename
- The libpod.conf(5) man page got removed and all references are
  now pointing towards containers.conf(5), which will be part
  of the libcontainers-common package.

-------------------------------------------------------------------
Wed Jul  8 07:12:58 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Update to podman v2.0.2
  * fix race condition in `libpod.GetEvents(...)`
  * Fix bug where `podman mount` didn't error as rootless
  * remove podman system connection
  * Fix imports to ensure v2 is used with libpod
  * Update release notes for v2.0.2
  * specgen: fix order for setting rlimits
  * Ensure umask is set appropriately for 'system service'
  * generate systemd: improve pod-flags filter
  * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
  * Fixes --remote flag issues
  * Pids-limit should only be set if the user set it
  * Set console mode for windows
  * Allow empty host port in --publish flag
  * Add a note on the APIs supported by `system service`
  * fix: Don't override entrypoint if it's `nil`
  * Set TMPDIR to /var/tmp by default if not set
  * test: add tests for --user and volumes
  * container: move volume chown after spec generation
  * libpod: volume copyup honors namespace mappings
  * Fix `system service` panic from early hangup in events
  * stop podman service in e2e tests
  * Print errors from individual containers in pods
  * auto-update: clarify systemd-unit requirements
  * podman ps truncate the command
  * move go module to v2
  * Vendor containers/common v0.14.4
  * Bump to imagebuilder v1.1.6 on v2 branch
  * Account for non-default port number in image name
- Changes since v2.0.1
  * Update release notes with further v2.0.1 changes
  * Fix inspect to display multiple label: changes
  * Set syslog for exit commands on log-level=debug
  * Friendly amendment for pr 6751
  * podman run/create: support all transports
  * systemd generate: allow manual restart of container units in pods
  * Revert sending --remote flag to containers
  * Print port mappings in `ps` for ctrs sharing network
  * vendor github.com/containers/common@v0.14.3
  * Update release notes for v2.0.1
  * utils: drop default mapping when running uid!=0
  * Set stop signal to 15 when not explicitly set
  * podman untag: error if tag doesn't exist
  * Reformat inspect network settings
  * APIv2: Return `StatusCreated` from volume creation
  * APIv2:fix: Remove `/json` from compat network EPs
  * Fix ssh-agent support
  * libpod: specify mappings to the storage
  * APIv2:doc: Fix swagger doc to refer to volumes
  * Add podman network to bash command completions
  * Fix typo in manpage for `podman auto update`.
  * Add JSON output field for ps
  * V2 podman system connection
  * image load: no args required
  * Re-add PODMAN_USERNS environment variable
  * Fix conflicts between privileged and other flags
  * Bump required go version to 1.13
  * Add explicit command to alpine container in test case.
  * Use POLL_DURATION for timer
  * Stop following logs using timers
  * "pod" was being truncated to "po" in the names of the generated systemd unit files.
  * rootless_linux: improve error message
  * Fix podman build handling of --http-proxy flag
  * correct the absolute path of `rm` executable
  * Makefile: allow customizable GO_BUILD
  * Cirrus: Change DEST_BRANCH to v2.0

-------------------------------------------------------------------
Mon Jun 22 14:55:23 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Update to podman v2.0.0
  * The `podman generate systemd` command now supports the `--new`
    flag when used with pods, allowing portable services for pods
    to be created.
  * The `podman play kube` command now supports running Kubernetes
    Deployment YAML.
  * The `podman exec` command now supports the `--detach` flag to
    run commands in the container in the background.
  * The `-p` flag to `podman run` and `podman create` now supports
    forwarding ports to IPv6 addresses.
  * The `podman run`, `podman create` and `podman pod create`
    command now support a `--replace` flag to remove and replace any
    existing container (or, for `pod create`, pod) with the same name
  * The `--restart-policy` flag to `podman run` and `podman create`
    now supports the `unless-stopped` restart policy.
  * The `--log-driver` flag to `podman run` and `podman create`
    now supports the `none` driver, which does not log the
    container's output.
  * The `--mount` flag to `podman run` and `podman create` now
    accepts `readonly` option as an alias to `ro`.
  * The `podman generate systemd` command now supports the `--container-prefix`,
    `--pod-prefix`, and `--separator` arguments to control the
    name of generated unit files.
  * The `podman network ls` command now supports the `--filter`
    flag to filter results.
  * The `podman auto-update` command now supports specifying an
    authfile to use when pulling new images on a per-container
    basis using the `io.containers.autoupdate.authfile` label.
  * Fixed a bug where the `podman exec` command would log to journald
    when run in containers loggined to journald
    ([#6555](https://github.com/containers/libpod/issues/6555)).
  * Fixed a bug where the `podman auto-update` command would not
    preserve the OS and architecture of the original image when
    pulling a replacement
    ([#6613](https://github.com/containers/libpod/issues/6613)).
  * Fixed a bug where the `podman cp` command could create an extra
    `merged` directory when copying into an existing directory
    ([#6596](https://github.com/containers/libpod/issues/6596)).
  * Fixed a bug where the `podman pod stats` command would crash
    on pods run with `--network=host`
    ([#5652](https://github.com/containers/libpod/issues/5652)).
  * Fixed a bug where containers logs written to journald did not
    include the name of the container.
  * Fixed a bug where the `podman network inspect` and
    `podman network rm` commands did not properly handle non-default
    CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)).
  * Fixed a bug where Podman did not properly remove containers
    when using the Kata containers OCI runtime.
  * Fixed a bug where `podman inspect` would sometimes incorrectly
    report the network mode of containers started with `--net=none`.
  * Podman is now better able to deal with cases where `conmon`
    is killed before the container it is monitoring.
- Requires go 1.13 now

-------------------------------------------------------------------
Mon May 25 11:32:32 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>

- Update to podman v1.9.3:
  * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets
    were not properly mounted into containers
  * Fixed a bug where builds run over Varlink would hang
  * Fixed a bug where podman save would fail when the target
    image was specified by digest
  * Fixed a bug where rootless containers with ports forwarded to them
    could panic and dump core due to a concurrency issue (#6018)
  * Fixed a bug where rootless Podman could race when opening the
    rootless user namespace, resulting in commands failing to run
  * Fixed a bug where HTTP proxy environment variables forwarded into
    the container by the --http-proxy flag could not be overridden by --env or --env-file
  * Fixed a bug where rootless Podman was setting resource limits on cgroups
    v2 systems that were not using systemd-managed cgroups
    (and thus did not support resource limits), resulting in containers failing to start

-------------------------------------------------------------------
Wed Apr 29 06:34:51 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.9.1:
  * Bugfixes
    - Fixed a bug where healthchecks could become nonfunctional if
      container log paths were manually set with --log-path and
      multiple container logs were placed in the same directory
    - Fixed a bug where rootless Podman could, when using an older
      libpod.conf, print numerous warning messages about an invalid
      CGroup manager config
    - Fixed a bug where rootless Podman would sometimes fail to
      close the rootless user namespace when joining it
  * Misc
    - Updated containers/common to v0.8.2

-------------------------------------------------------------------
Thu Apr 16 06:33:21 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Switched to simple `make binaries` for building podman
- Update podman to v1.9.0:
  * Features
    - Experimental support has been added for podman run
      --userns=auto, which automatically allocates a unique UID and
      GID range for the new container's user namespace
    - The podman play kube command now has a --network flag to
      place the created pod in one or more CNI networks
    - The podman commit command now supports an --iidfile flag to
      write the ID of the committed image to a file
    - Initial support for the new containers.conf configuration
      file has been added. containers.conf allows for much more
      detailed configuration of some Podman functionality
  * Changes
    - There has been a major cleanup of the podman info command
      resulting in breaking changes. Many fields have been renamed
      to better suit usage with APIv2
    - All uses of the --timeout flag have been switched to prefer
      the alternative --time. The --timeout flag will continue to
      work, but man pages and --help will use the --time flag
      instead
  * Bugfixes
    - Fixed a bug where some volume mounts from the host would
      sometimes not properly determine the flags they should use
      when mounting
    - Fixed a bug where Podman was not propagating $PATH to Conmon
      and the OCI runtime, causing issues for some OCI runtimes
      that required it
    - Fixed a bug where rootless Podman would print error messages
      about missing support for systemd cgroups when run in a
      container with no cgroup support
    - Fixed a bug where podman play kube would not properly handle
      container-only port mappings (#5610)
    - Fixed a bug where the podman container prune command was not
      pruning containers in the created and configured states
    - Fixed a bug where Podman was not properly removing CNI IP
      address allocations after a reboot (#5433)
    - Fixed a bug where Podman was not properly applying the
      default Seccomp profile when --security-opt was not given at
      the command line
  * HTTP API
    - Many Libpod API endpoints have been added, including Changes,
      Checkpoint, Init, and Restore
    - Resolved issues where the podman system service command would
      time out and exit while there were still active connections
    - Stability overall has greatly improved as we prepare the API
      for a beta release soon with Podman 2.0
  * Misc
    - The default infra image for pods has been upgraded to
      k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the
      architecture metadata for non-AMD64 images
    - The slirp4netns networking utility in rootless Podman now
      uses Seccomp filtering where available for improved security
    - Updated Buildah to v1.14.8
    - Updated containers/storage to v1.18.2
    - Updated containers/image to v5.4.3
    - Updated containers/common to v0.8.1

-------------------------------------------------------------------
Fri Apr  3 14:30:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Add "systemd" BUILDFLAGS to build with support for journald
  logging (bsc#1162432)

-------------------------------------------------------------------
Fri Mar 27 12:40:44 UTC 2020 - Richard Brown <rbrown@suse.com>

- Use infra_image pause:3.2

-------------------------------------------------------------------
Fri Mar 27 09:52:26 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Fix dependency on slirp4netns. We need at least 0.4.0 now
  (bsc#1167850)

-------------------------------------------------------------------
Fri Mar 20 07:56:22 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.8.2:
  * Features
    - Initial support for automatically updating containers managed
      via Systemd unit files has been merged. This allows
      containers to automatically upgrade if a newer version of
      their image becomes available
  * Bugfixes
    - Fixed a bug where unit files generated by podman generate
      systemd --new would not force containers to detach, causing
      the unit to time out when trying to start
    - Fixed a bug where podman system reset could delete important
      system directories if run as rootless on installations
      created by older Podman (#4831)
    - Fixed a bug where image built by podman build would not
      properly set the OS and Architecture they were built with
      (#5503)
    - Fixed a bug where attached podman run with --sig-proxy
      enabled (the default), when built with Go 1.14, would
      repeatedly send signal 23 to the process in the container and
      could generate errors when the container stopped (#5483)
    - Fixed a bug where rootless podman run commands could hang
      when forwarding ports
    - Fixed a bug where rootless Podman would not work when /proc
      was mounted with the hidepid option set
    - Fixed a bug where the podman system service command would use
      large amounts of CPU when --timeout was set to 0 (#5531)
  * HTTP API
    - Initial support for Libpod endpoints related to creating and
      operating on image manifest lists has been added
    - The Libpod Healthcheck and Events API endpoints are now
      supported
    - The Swagger endpoint can now handle cases where no Swagger
      documentation has been generated
  * Misc
    - Updated Buildah to v1.14.3
    - Updated containers/storage to v1.16.5
    - Several performance improvements have been made to creating
      containers, which should somewhat improve the performance of
      podman create and podman run

-------------------------------------------------------------------
Thu Mar 12 07:36:52 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.8.1:
  * Features
    - Many networking-related flags have been added to podman pod
      create to enable customization of pod networks, including
      --add-host, --dns, --dns-opt, --dns-search, --ip,
      --mac-address, --network, and --no-hosts
    - The podman ps --format=json command now includes the ID of
      the image containers were created with
    - The podman run and podman create commands now feature an
      --rmi flag to remove the image the container was using after
      it exits (if no other containers are using said image)
      ([#4628](https://github.com/containers/libpod/issues/4628))
    - The podman create and podman run commands now support the
      --device-cgroup-rule flag (#4876)
    - While the HTTP API remains in alpha, many fixes and additions
      have landed. These are documented in a separate subsection
      below
    - The podman create and podman run commands now feature a
      --no-healthcheck flag to disable healthchecks for a container
      (#5299)
    - Containers now recognize the io.containers.capabilities
      label, which specifies a list of capabilities required by the
      image to run. These capabilities will be used as long as they
      are more restrictive than the default capabilities used
    - YAML produced by the podman generate kube command now
      includes SELinux configuration passed into the container via
      --security-opt label=... (#4950)
  * Bugfixes
    - Fixed CVE-2020-1726, a security issue where volumes manually
      populated before first being mounted into a container could
      have those contents overwritten on first being mounted into a
      container
    - Fixed a bug where Podman containers with user namespaces in
      CNI networks with the DNS plugin enabled would not have the
      DNS plugin's nameserver added to their resolv.conf
      ([#5256](https://github.com/containers/libpod/issues/5256))
    - Fixed a bug where trailing / characters in image volume
      definitions could cause them to not be overridden by a
      user-specified mount at the same location
      ([#5219](https://github.com/containers/libpod/issues/5219))
    - Fixed a bug where the label option in libpod.conf, used to
      disable SELinux by default, was not being respected (#5087)
    - Fixed a bug where the podman login and podman logout commands
      required the registry to log into be specified (#5146)
    - Fixed a bug where detached rootless Podman containers could
      not forward ports (#5167)
    - Fixed a bug where rootless Podman could fail to run if the
      pause process had died
    - Fixed a bug where Podman ignored labels that were specified
      with only a key and no value (#3854)
    - Fixed a bug where Podman would fail to create named volumes
      when the backing filesystem did not support SELinux labelling
      (#5200)
    - Fixed a bug where --detach-keys="" would not disable
      detaching from a container (#5166)
    - Fixed a bug where the podman ps command was too aggressive
      when filtering containers and would force --all on in too
      many situations
    - Fixed a bug where the podman play kube command was ignoring
      image configuration, including volumes, working directory,
      labels, and stop signal (#5174)
    - Fixed a bug where the Created and CreatedTime fields in
      podman images --format=json were misnamed, which also broke
      Go template output for those fields
      ([#5110](https://github.com/containers/libpod/issues/5110))
    - Fixed a bug where rootless Podman containers with ports
      forwarded could hang when started (#5182)
    - Fixed a bug where podman pull could fail to parse registry
      names including port numbers
    - Fixed a bug where Podman would incorrectly attempt to
      validate image OS and architecture when starting containers
    - Fixed a bug where Bash completion for podman build -f would
      not list available files that could be built (#3878)
    - Fixed a bug where podman commit --change would perform
      incorrect validation, resulting in valid changes being
      rejected (#5148)
    - Fixed a bug where podman logs --tail could take large amounts
      of memory when the log file for a container was large (#5131)
    - Fixed a bug where Podman would sometimes incorrectly generate
      firewall rules on systems using firewalld
    - Fixed a bug where the podman inspect command would not
      display network information for containers properly if a
      container joined multiple CNI networks
      ([#4907](https://github.com/containers/libpod/issues/4907))
    - Fixed a bug where the --uts flag to podman create and podman
      run would only allow specifying containers by full ID (#5289)
    - Fixed a bug where rootless Podman could segfault when passed
      a large number of file descriptors
    - Fixed a bug where the podman port command was incorrectly
      interpreting additional arguments as container names, instead
      of port numbers
    - Fixed a bug where units created by podman generate systemd
      did not depend on network targets, and so could start before
      the system network was ready (#4130)
    - Fixed a bug where exec sessions in containers which did not
      specify a user would not inherit supplemental groups added to
      the container via --group-add
    - Fixed a bug where Podman would not respect the $TMPDIR
      environment variable for placing large temporary files during
      some operations (e.g. podman pull)
      ([#5411](https://github.com/containers/libpod/issues/5411))
  * HTTP API
    - Initial support for secure connections to servers via SSH
      tunneling has been added
    - Initial support for the libpod create and logs endpoints for
      containers has been added
    - Added a /swagger/ endpoint to serve API documentation
    - The json endpoint for containers has received many fixes
    - Filtering images and containers has been greatly improved,
      with many bugs fixed and documentation improved
    - Image creation endpoints (commit, pull, etc) have seen many
      fixes
    - Server timeout has been fixed so that long operations will no
      longer trigger the timeout and shut the server down
    - The stats endpoint for containers has seen major fixes and
      now provides accurate output
    - Handling the HTTP 304 status code has been fixed for all
      endpoints
    - Many fixes have been made to API documentation to ensure it
      matches the code
  * Misc
    - Updated vendored Buildah to v1.14.2
    - Updated vendored containers/storage to v1.16.2
    - The Created field to podman images --format=json has been
      renamed to CreatedSince as part of the fix for (#5110). Go
      templates using the old name shou ld still work
    - The CreatedTime field to podman images --format=json has been
      renamed to CreatedAt as part of the fix for (#5110). Go
      templates using the old name should still work
    - The before filter to podman images has been renamed to since
      for Docker compatibility. Using before will still work, but
        documentation has been changed to use the new since filter
    - Using the --password flag to podman login now warns that
      passwords are being passed in plaintext
    - Some common cases where Podman would deadlock have been fixed
      to warn the user that podman system renumber must be run to
      resolve the deadlock

-------------------------------------------------------------------
Thu Mar  5 16:26:16 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Added SLE specific README.SUSE about current support status
  (jsc#SLE-9112, jsc#CAASP-60)

-------------------------------------------------------------------
Thu Mar  5 15:40:12 UTC 2020 - Richard Brown <rbrown@suse.com>

- Configure br_netfilter for podman automatically (boo#1165738)

-------------------------------------------------------------------
Thu Feb 20 15:57:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- The name of the cni-bridge in the default config changed from
  "cni0" to "podman-cni0" with podman-1.6.0. Add a %trigger to
  rename the bridge in the system to the new default if it exists.
  The trigger is only excuted when updating podman-cni-config
  from something older than 1.6.0. This is mainly needed for SLE
  where we're updating from 1.4.4 to 1.8.0 (bsc#1160460).

-------------------------------------------------------------------
Fri Feb  7 14:18:16 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Remove: 0001-clarify-container-prune-force.patch because it's now
  included in the release
- Update podman to v1.8.0 (bsc#1160460):
  * Features
    - The podman system service command has been added, providing a
      preview of Podman's new Docker-compatible API. This API is
      still very new, and not yet ready for production use, but is
      available for early testing
    - Rootless Podman now uses Rootlesskit for port forwarding,
      which should greatly improve performance and capabilities
    - The podman untag command has been added to remove tags from
      images without deleting them
    - The podman inspect command on images now displays previous
      names they used
    - The podman generate systemd command now supports a --new
      option to generate service files that create and run new
      containers instead of managing existing containers
    - Support for --log-opt tag= to set logging tags has been added
      to the journald log driver
    - Added support for using Seccomp profiles embedded in images
      for podman run and podman create via the new --seccomp-policy
        CLI flag
    - The podman play kube command now honors pull policy
  * Bugfixes
    - Fixed a bug where the podman cp command would not copy the
      contents of directories when paths ending in /. were given
    - Fixed a bug where the podman play kube command did not
      properly locate Seccomp profiles specified relative to
      localhost
    - Fixed a bug where the podman info command for remote Podman
      did not show registry information
    - Fixed a bug where the podman exec command did not support
      having input piped into it
    - Fixed a bug where the podman cp command with rootless Podman
      on CGroups v2 systems did not properly determine if the
      container could be paused while copying
    - Fixed a bug where the podman container prune --force command
      could possible remove running containers if they were started
      while the command was running
    - Fixed a bug where Podman, when run as root, would not
      properly configure slirp4netns networking when requested
    - Fixed a bug where podman run --userns=keep-id did not work
      when the user had a UID over 65535
    - Fixed a bug where rootless podman run and podman create with
      the --userns=keep-id option could change permissions on
      /run/user/$UID and break KDE
    - Fixed a bug where rootless Podman could not be run in a
      systemd service on systems using CGroups v2
    - Fixed a bug where podman inspect would show CPUShares as 0,
      instead of the default (1024), when it was not explicitly set
    - Fixed a bug where podman-remote push would segfault
    - Fixed a bug where image healthchecks were not shown in the
      output of podman inspect
    - Fixed a bug where named volumes created with containers from
      pre-1.6.3 releases of Podman would be autoremoved with their
      containers if the --rm flag was given, even if they were
      given names
    - Fixed a bug where podman history was not computing image
      sizes correctly
    - Fixed a bug where Podman would not error on invalid values to
      the --sort flag to podman images
    - Fixed a bug where providing a name for the image made by
      podman commit was mandatory, not optional as it should be
    - Fixed a bug where the remote Podman client would append an
      extra " to %PATH
    - Fixed a bug where the podman build command would sometimes
      ignore the -f option and build the wrong Containerfile
    - Fixed a bug where the podman ps --filter command would only
      filter running containers, instead of all containers, if
      --all was not passed
    - Fixed a bug where the podman load command on compressed
      images would leave an extra copy on disk
    - Fixed a bug where the podman restart command would not
      properly clean up the network, causing it to function
      differently from podman stop; podman start
    - Fixed a bug where setting the --memory-swap flag to podman
      create and podman run to -1 (to indicate unlimited) was not
      supported
  * Misc
    - Initial work on version 2 of the Podman remote API has been
      merged, but is still in an alpha state and not ready for use.
      Read more here
    - Many formatting corrections have been made to the manpages
    - The changes to address (#5009) may cause anonymous volumes
      created by Podman versions 1.6.3 to 1.7.0 to not be removed
      when their container is removed
    - Updated vendored Buildah to v1.13.1
    - Updated vendored containers/storage to v1.15.8
    - Updated vendored containers/image to v5.2.0

-------------------------------------------------------------------
Fri Jan 24 14:04:36 UTC 2020 - Sascha Grunert <sgrunert@suse.com>

- Add apparmor-abstractions as required runtime dependency to
  have `tunables/global` available.

-------------------------------------------------------------------
Mon Jan 13 11:13:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Add: 0001-clarify-container-prune-force.patch to fix the --force
  flag for the "container prune" command.
  (https://github.com/containers/libpod/issues/4844)

-------------------------------------------------------------------
Wed Jan  8 09:23:01 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>

- Update podman to v1.7.0
  * Features
    - Added support for setting a static MAC address for containers
    - Added support for creating macvlan networks with podman
      network create, allowing Podman containers to be attached
      directly to networks the host is connected to
    - The podman image prune and podman container prune commands
      now support the --filter flag to filter what will be pruned,
      and now prompts for confirmation when run without --force
      (#4410 and #4411)
    - Podman now creates CGroup namespaces by default on systems
      using CGroups v2 (#4363)
    - Added the podman system reset command to remove all Podman
      files and perform a factory reset of the Podman installation
    - Added the --history flag to podman images to display previous
      names used by images (#4566)
    - Added the --ignore flag to podman rm and podman stop to not
      error when requested containers no longer exist
    - Added the --cidfile flag to podman rm and podman stop to read
      the IDs of containers to be removed or stopped from a file
    - The podman play kube command now honors Seccomp annotations
      (#3111)
    - The podman play kube command now honors RunAsUser,
      RunAsGroup, and selinuxOptions
    - The output format of the podman version command has been
      changed to better match docker version when using the
      --format flag
    - Rootless Podman will no longer initialize containers/storage
      twice, removing a potential deadlock preventing Podman
      commands from running while an image was being pulled (#4591)
    - Added tmpcopyup and notmpcopyup options to the --tmpfs and
      --mount type=tmpfs flags to podman create and podman run to
      control whether the content of directories are copied into
      tmpfs filesystems mounted over them
    - Added support for disabling detaching from containers by
      setting empty detach keys via --detach-keys=""
    - The podman build command now supports the --pull and
      --pull-never flags to control when images are pulled during a
      build
    - The podman ps -p command now shows the name of the pod as
      well as its ID (#4703)
    - The podman inspect command on containers will now display the
      command used to create the container
    - The podman info command now displays information on registry
      mirrors (#4553)
  * Bugfixes
    - Fixed a bug where Podman would use an incorrect runtime
      directory as root, causing state to be deleted after root
      logged out and making Podman in systemd services not function
      properly
    - Fixed a bug where the --change flag to podman import and
      podman commit was not being parsed properly in many cases
    - Fixed a bug where detach keys specified in libpod.conf were
      not used by the podman attach and podman exec commands, which
      always used the global default ctrl-p,ctrl-q key combination
      (#4556)
    - Fixed a bug where rootless Podman was not able to run podman
      pod stats even on CGroups v2 enabled systems (#4634)
    - Fixed a bug where rootless Podman would fail on kernels
      without the renameat2 syscall (#4570)
    - Fixed a bug where containers with chained network namespace
      dependencies (IE, container A using --net container=B and
      container B using --net container=C) would not properly mount
      /etc/hosts and /etc/resolv.conf into the container (#4626)
    - Fixed a bug where podman run with the --rm flag and without
      -d could, when run in the background, throw a 'container does
      not exist' error when attempting to remove the container
      after it exited
    - Fixed a bug where named volume locks were not properly
      reacquired after a reboot, potentially leading to deadlocks
      when trying to start containers using the volume (#4605 and
      #4621)
    - Fixed a bug where Podman could not completely remove
      containers if sent SIGKILL during removal, leaving the
      container name unusable without the podman rm --storage
      command to complete removal (#3906)
    - Fixed a bug where checkpointing containers started with --rm
      was allowed when --export was not specified (the container,
      and checkpoint, would be removed after checkpointing was
      complete by --rm) (#3774)
    - Fixed a bug where the podman pod prune command would fail if
      containers were present in the pods and the --force flag was
      not passed (#4346)
    - Fixed a bug where containers could not set a static IP or
      static MAC address if they joined a non-default CNI network
      (#4500)
    - Fixed a bug where podman system renumber would always throw
      an error if a container was mounted when it was run
    - Fixed a bug where podman container restore would fail with
      containers using a user namespace
    - Fixed a bug where rootless Podman would attempt to use the
      journald events backend even on systems without systemd
      installed
    - Fixed a bug where podman history would sometimes not properly
      identify the IDs of layers in an image (#3359)
    - Fixed a bug where containers could not be restarted when
      Conmon v2.0.3 or later was used
    - Fixed a bug where Podman did not check image OS and
      Architecture against the host when starting a container
    - Fixed a bug where containers in pods did not function
      properly with the Kata OCI runtime (#4353)
    - Fixed a bug where `podman info --format '{{ json . }}' would
      not produce JSON output (#4391)
    - Fixed a bug where Podman would not verify if files passed to
      --authfile existed (#4328)
    - Fixed a bug where podman images --digest would not always
      print digests when they were available
    - Fixed a bug where rootless podman run could hang due to a
      race with reading and writing events
    - Fixed a bug where rootless Podman would print warning-level
      logs despite not be instructed to do so (#4456)
    - Fixed a bug where podman pull would attempt to fetch from
      remote registries when pulling an unqualified image using the
      docker-daemon transport (#4434)
    - Fixed a bug where podman cp would not work if STDIN was a
      pipe
    - Fixed a bug where podman exec could stop accepting input if
      anything was typed between the command being run and the exec
      session starting (#4397)
    - Fixed a bug where podman logs --tail 0 would print all lines
      of a container's logs, instead of no lines (#4396)
    - Fixed a bug where the timeout for slirp4netns was incorrectly
      set, resulting in an extremely long timeout (#4344)
    - Fixed a bug where the podman stats command would print CPU
      utilizations figures incorrectly (#4409)
    - Fixed a bug where the podman inspect --size command would not
      print the size of the container's read/write layer if the
      size was 0 (#4744)
    - Fixed a bug where the podman kill command was not properly
      validating signals before use (#4746)
    - Fixed a bug where the --quiet and --format flags to podman ps
      could not be used at the same time
    - Fixed a bug where the podman stop command was not stopping
      exec sessions when a container was created without a PID
      namespace (--pid=host)
    - Fixed a bug where the podman pod rm --force command was not
      removing anonymous volumes for containers that were removed
    - Fixed a bug where the podman checkpoint command would not
      export all changes to the root filesystem of the container if
      performed more than once on the same container (#4606)
    - Fixed a bug where containers started with --rm would not be
      automatically removed on being stopped if an exec session was
      running inside the container (#4666)
  * Misc
    - The fixes to runtime directory path as root can cause strange
      behavior if an upgrade is performed while containers are
      running
    - Updated vendored Buildah to v1.12.0
    - Updated vendored containers/storage library to v1.15.4
    - Updated vendored containers/image library to v5.1.0
    - Kata Containers runtimes (kata-runtime, kata-qemu, and
      kata-fc) are now present in the default libpod.conf, but will
      not be available unless Kata containers is installed on the
      system
    - Podman previously did not allow the creation of containers
      with a memory limit lower than 4MB. This restriction has been
      removed, as the crun runtime can create containers with
      significantly less memory
- Remove no longer needed workaround for *.5.md man page sources

-------------------------------------------------------------------
Thu Dec 12 14:30:34 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update podman to v1.6.4
  - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
  - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
  - Suppress spurious log messages when running rootless Podman
  - Update vendored containers/storage to v1.13.6
  - Fix a deadlock related to writing events
  - Do not use the journald event logger when it is not available
- Remove obsolete patch container-start-fix.patch

-------------------------------------------------------------------
Thu Oct 31 13:05:29 UTC 2019 - Richard Brown <rbrown@suse.com>

- Add container-start-fix.patch to correct output of container-start to show container_name, not _id.

-------------------------------------------------------------------
Mon Oct 21 07:21:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.6.2
  * Features
    - Added a --runtime flag to podman system migrate to allow the
      OCI runtime for all containers to be reset, to ease transition
      to the crun runtime on CGroups V2 systems until runc gains full
      support
    - The podman rm command can now remove containers in broken
      states which previously could not be removed
    - The podman info command, when run without root, now shows
      information on UID and GID mappings in the rootless user
      namespace
    - Added podman build --squash-all flag, which squashes all layers
      (including those of the base image) into one layer
    - The --systemd flag to podman run and podman create now accepts
      a string argument and allows a new value, always, which forces
      systemd support without checking if the the container
      entrypoint is systemd
  * Bugfixes
    - Fixed a bug where the podman top command did not work on
      systems using CGroups V2 (#4192)
    - Fixed a bug where rootless Podman could double-close a file,
      leading to a panic
    - Fixed a bug where rootless Podman could fail to retrieve some
      containers while refreshing the state
    - Fixed a bug where podman start --attach --sig-proxy=false would
      still proxy signals into the container
    - Fixed a bug where Podman would unconditionally use a
      non-default path for authentication credentials (auth.json),
      breaking podman login integration with skopeo and other tools
      using the containers/image library
    - Fixed a bug where podman ps --format=json and podman images
      --format=json would display null when no results were returned,
      instead of valid JSON
    - Fixed a bug where podman build --squash was incorrectly
      squashing all layers into one, instead of only new layers
    - Fixed a bug where rootless Podman would allow volumes with
      options to be mounted (mounting volumes requires root),
      creating an inconsistent state where volumes reported as
      mounted but were not (#4248)
    - Fixed a bug where volumes which failed to unmount could not be
      removed (#4247)
    - Fixed a bug where Podman incorrectly handled some errors
      relating to unmounted or missing containers in
      containers/storage
    - Fixed a bug where podman stats was broken on systems running
      CGroups V2 when run rootless (#4268)
    - Fixed a bug where the podman start command would print the
      short container ID, instead of the full ID
    - Fixed a bug where containers created with an OCI runtime that
      is no longer available (uninstalled or removed from the config
      file) would not appear in podman ps and could not be removed
      via podman rm
    - Fixed a bug where containers restored via podman container
      restore --import would retain the CGroup path of the original
      container, even if their container ID changed; thus, multiple
      containers created from the same checkpoint would all share the
      same CGroup
  * Misc
    - The default PID limit for containers is now set to 4096. It can
      be adjusted back to the old default (unlimited) by passing
      --pids-limit 0 to podman create and podman run
    - The podman start --attach command now automatically attaches
      STDIN if the container was created with -i
    - The podman network create command now validates network names
      using the same regular expression as container and pod names
    - The --systemd flag to podman run and podman create will now
      only enable systemd mode when the binary being run inside the
      container is /sbin/init, /usr/sbin/init, or ends in systemd
      (previously detected any path ending in init or systemd)
    - Updated vendored Buildah to 1.11.3
    - Updated vendored containers/storage to 1.13.5
    - Updated vendored containers/image to 4.0.1

-------------------------------------------------------------------
Fri Oct  4 06:57:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.6.1
  * Features
    - The podman network create, podman network rm, podman network
      inspect, and podman network ls commands have been added to
      manage CNI networks used by Podman
    - The podman volume create command can now create and mount
      volumes with options, allowing volumes backed by NFS, tmpfs,
      and many other filesystems
    - Podman can now run containers without CGroups for better
      integration with systemd by using the --cgroups=disabled flag
      with podman create and podman run. This is presently only
      supported with the crun OCI runtime
    - The podman volume rm and podman volume inspect commands can now
      refer to volumes by an unambiguous partial name, in addition to
      full name (e.g. podman volume rm myvol to remove a volume named
      myvolume) (#3891)
    - The podman run and podman create commands now support the
      --pull flag to allow forced re-pulling of images (#3734)
    - Mounting volumes into a container using --volume, --mount, and
      --tmpfs now allows the suid, dev, and exec mount options (the
      inverse of nosuid, nodev, noexec) (#3819)
    - Mounting volumes into a container using --mount now allows the
      relabel=Z and relabel=z options to relabel mounts.
    - The podman push command now supports the --digestfile option to
      save a file containing the pushed digest
    - Pods can now have their hostname set via podman pod create
      --hostname or providing Pod YAML with a hostname set to podman
      play kube (#3732)
    - The podman image sign command now supports the --cert-dir flag
    - The podman run and podman create commands now support the
      --security-opt label=filetype:$LABEL flag to set the SELinux
      label for container files
    - The remote Podman client now supports healthchecks
  * Bugfixes
    - Fixed a bug where remote podman pull would panic if a Varlink
      connection was not available (#4013)
    - Fixed a bug where podman exec would not properly set terminal
      size when creating a new exec session (#3903)
    - Fixed a bug where podman exec would not clean up socket
      symlinks on the host (#3962)
    - Fixed a bug where Podman could not run systemd in containers
      that created a CGroup namespace
    - Fixed a bug where podman prune -a would attempt to prune images
      used by Buildah and CRI-O, causing errors (#3983)
    - Fixed a bug where improper permissions on the ~/.config
      directory could cause rootless Podman to use an incorrect
      directory for storing some files
    - Fixed a bug where the bash completions for podman import threw
      errors
    - Fixed a bug where Podman volumes created with podman volume
      create would not copy the contents of their mountpoint the
      first time they were mounted into a container (#3945)
    - Fixed a bug where rootless Podman could not run podman exec
      when the container was not run inside a CGroup owned by the
      user (#3937)
    - Fixed a bug where podman play kube would panic when given Pod
      YAML without a securityContext (#3956)
    - Fixed a bug where Podman would place files incorrectly when
      storage.conf configuration items were set to the empty string
      (#3952)
    - Fixed a bug where podman build did not correctly inherit
      Podman's CGroup configuration, causing crashed on CGroups V2
      systems (#3938)
    - Fixed a bug where podman cp would improperly copy files on the
      host when copying a symlink in the container that included a
      glob operator (#3829)
    - Fixed a bug where remote podman run --rm would exit before the
      container was completely removed, allowing race conditions when
      removing container resources (#3870)
    - Fixed a bug where rootless Podman would not properly handle
      changes to /etc/subuid and /etc/subgid after a container was
      launched
    - Fixed a bug where rootless Podman could not include some
      devices in a container using the --device flag (#3905)
    - Fixed a bug where the commit Varlink API would segfault if
      provided incorrect arguments (#3897)
    - Fixed a bug where temporary files were not properly cleaned up
      after a build using remote Podman (#3869)
    - Fixed a bug where podman remote cp crashed instead of reporting
      it was not yet supported (#3861)
    - Fixed a bug where podman exec would run as the wrong user when
      execing into a container was started from an image with
      Dockerfile USER (or a user specified via podman run --user)
      (#3838)
    - Fixed a bug where images pulled using the oci: transport would
      be improperly named
    - Fixed a bug where podman varlink would hang when managed by
      systemd due to SD_NOTIFY support conflicting with Varlink
      (#3572)
    - Fixed a bug where mounts to the same destination would
      sometimes not trigger a conflict, causing a race as to which
      was actually mounted
    - Fixed a bug where podman exec --preserve-fds caused Podman to
      hang (#4020)
    - Fixed a bug where removing an unmounted container that was
      unmounted might sometimes not properly clean up the container
      (#4033)
    - Fixed a bug where the Varlink server would freeze when run in a
      systemd unit file (#4005)
    - Fixed a bug where Podman would not properly set the $HOME
      environment variable when the OCI runtime did not set it
    - Fixed a bug where rootless Podman would incorrectly print
      warning messages when an OCI runtime was not found (#4012)
    - Fixed a bug where named volumes would conflict with, instead of
      overriding, tmpfs filesystems added by the --read-only-tmpfs
      flag to podman create and podman run
    - Fixed a bug where podman cp would incorrectly make the target
      directory when copying to a symlink which pointed to a
      nonexistent directory (#3894)
    - Fixed a bug where remote Podman would incorrectly read STDIN
      when the -i flag was not set (#4095)
    - Fixed a bug where podman play kube would create an empty pod
      when given an unsupported YAML type (#4093)
    - Fixed a bug where podman import --change improperly parsed CMD
      (#4000)
    - Fixed a bug where rootless Podman on systems using CGroups V2
      would not function with the cgroupfs CGroups manager
    - Fixed a bug where rootless Podman could not correctly identify
      the DBus session address, causing containers to fail to start
      (#4162)
    - Fixed a bug where rootless Podman with slirp4netns networking
      would fail to start containers due to mount leaks
  * Misc
    - Significant changes were made to Podman volumes in this
      release. If you have pre-existing volumes, it is strongly
      recommended to run podman system renumber after upgrading.
    - Version 0.8.1 or greater of the CNI Plugins is now required for
      Podman
    - Version 2.0.1 or greater of Conmon is strongly recommended
    - Updated vendored Buildah to v1.11.2
    - Updated vendored containers/storage library to v1.13.4
    - Improved error messages when trying to create a pod with no
      name via podman play kube
    - Improved error messages when trying to run podman pause or
      podman stats on a rootless container on a system without
      CGroups V2 enabled
    - TMPDIR has been set to /var/tmp by default to better handle
      large temporary files
    - podman wait has been optimized to detect stopped containers
      more rapidly
    - Podman containers now include a ContainerManager annotation
      indicating they were created by libpod
    - The podman info command now includes information about
      slirp4netns and fuse-overlayfs if they are available
    - Podman no longer sets a default size of 65kb for tmpfs
      filesystems
    - The default Podman CNI network has been renamed in an attempt
      to prevent conflicts with CRI-O when both are run on the same
      system. This should only take effect on system restart
    - The output of podman volume inspect has been more closely
      matched to docker volume inspect
- Removed CVE-2019-10214.patch as it was merged upstream

-------------------------------------------------------------------
Thu Sep  5 15:26:01 UTC 2019 - Marco Vedovati <mvedovati@suse.com>

- Add katacontainers as a recommended package, and include it as an
  additional OCI runtime in the configuration.

-------------------------------------------------------------------
Mon Sep  2 12:02:44 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Add patch for CVE-2019-10214. bsc#1144065
  + CVE-2019-10214.patch

-------------------------------------------------------------------
Tue Aug 27 08:04:20 UTC 2019 - Marco Vedovati <mvedovati@suse.com>

- Update podman to v1.5.1
 * Features
   - The hostname of pods is now set to the pod's name
 * Bugfixes
   - Fixed a bug where podman run and podman create did not honor the --authfile
     option (#3730)
   - Fixed a bug where containers restored with podman container restore
     --import would incorrectly duplicate the Conmon PID file of the original container
   - Fixed a bug where podman build ignored the default OCI runtime configured
     in libpod.conf
   - Fixed a bug where podman run --rm (or force-removing any running container
     with podman rm --force) were not retrieving the correct exit code (#3795)
   - Fixed a bug where Podman would exit with an error if any configured hooks
     directory was not present
   - Fixed a bug where podman inspect and podman commit would not use the
     correct CMD for containers run with podman play kube
   - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801)
   - Fixed a bug where the podman events command with the --since or --until
     options could take a very long time to complete
 * Misc
   - Rootless Podman will now inherit OCI runtime configuration from the root
     configuration (#3781)
   - Podman now properly sets a user agent while contacting registries (#3788)

- Add zsh completion for podman commands

-------------------------------------------------------------------
Wed Aug 14 08:26:22 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.5.0
  * Features
    - Podman containers can now join the user namespaces of other
      containers with --userns=container:$ID, or a user namespace at
      an arbitary path with --userns=ns:$PATH
    - Rootless Podman can experimentally squash all UIDs and GIDs in
      an image to a single UID and GID (which does not require use of
      the newuidmap and newgidmap executables) by passing
      --storage-opt ignore_chown_errors
    - The podman generate kube command now produces YAML for any bind
      mounts the container has created (#2303)
    - The podman container restore command now features a new flag,
      --ignore-static-ip, that can be used with --import to import a
      single container with a static IP multiple times on the same
      host
    - Added the ability for podman events to output JSON by
      specifying --format=json
    - If the OCI runtime or conmon binary cannot be found at the
      paths specified in libpod.conf, Podman will now also search for
      them in the calling user's path
    - Added the ability to use podman import with URLs (#3609)
    - The podman ps command now supports filtering names using
      regular expressions (#3394)
    - Rootless Podman containers with --privileged set will now mount
      in all host devices that the user can access
    - The podman create and podman run commands now support the
      --env-host flag to forward all environment variables from the
      host into the container
    - Rootless Podman now supports healthchecks (#3523)
    - The format of the HostConfig portion of the output of podman
      inspect on containers has been improved and synced with Docker
    - Podman containers now support CGroup namespaces, and can create
      them by passing --cgroupns=private to podman run or podman
      create
    - The podman create and podman run commands now support the
      --ulimit=host flag, which uses any ulimits currently set on the
      host for the container
    - The podman rm and podman rmi commands now use different exit
      codes to indicate 'no such container' and 'container is
      running' errors
    - Support for CGroups V2 through the crun OCI runtime has been
      greatly improved, allowing resource limits to be set for
      rootless containers when the CGroups V2 hierarchy is in use
  * Bugfixes
    - Fixed a bug where a race condition could cause podman restart
      to fail to start containers with ports
    - Fixed a bug where containers restored from a checkpoint would
      not properly report the time they were started at
    - Fixed a bug where podman search would return at most 25
      results, even when the maximum number of results was set higher
    - Fixed a bug where podman play kube would not honor capabilities
      set in imported YAML (#3689)
    - Fixed a bug where podman run --env, when passed a single key
      (to use the value from the host), would set the environment
      variable in the container even if it was not set on the host
      (#3648)
    - Fixed a bug where podman commit --changes would not properly
      set environment variables
    - Fixed a bug where Podman could segfault while working with
      images with no history
    - Fixed a bug where podman volume rm could remove arbitrary
      volumes if given an ambiguous name (#3635)
    - Fixed a bug where podman exec invocations leaked memory by not
      cleaning up files in tmpfs
    - Fixed a bug where the --dns and --net=container flags to podman
      run and podman create were not mutually exclusive (#3553)
    - Fixed a bug where rootless Podman would be unable to run
      containers when less than 5 UIDs were available
    - Fixed a bug where containers in pods could not be removed
      without removing the entire pod (#3556)
    - Fixed a bug where Podman would not properly clean up all CGroup
      controllers for created cgroups when using the cgroupfs CGroup
      driver
    - Fixed a bug where Podman containers did not properly clean up
      files in tmpfs, resulting in a memory leak as containers
      stopped
    - Fixed a bug where healthchecks from images would not use
      default settings for interval, retries, timeout, and start
      period when they were not provided by the image (#3525)
    - Fixed a bug where healthchecks using the HEALTHCHECK CMD format
      where not properly supported (#3507)
    - Fixed a bug where volume mounts using relative source paths
      would not be properly resolved (#3504)
    - Fixed a bug where podman run did not use authorization
      credentials when a custom path was specified (#3524)
    - Fixed a bug where containers checkpointed with podman container
      checkpoint did not properly set their finished time
    - Fixed a bug where running podman inspect on any container not
      created with podman run or podman create (for example, pod
      infra containers) would result in a segfault (#3500)
    - Fixed a bug where healthcheck flags for podman create and
      podman run were incorrectly named (#3455)
    - Fixed a bug where Podman commands would fail to find targets if
      a partial ID was specified that was ambiguous between a
      container and pod (#3487)
    - Fixed a bug where restored containers would not have the
      correct SELinux label
    - Fixed a bug where Varlink endpoints were not working properly
      if more was not correctly specified
    - Fixed a bug where the Varlink PullImage endpoint would crash if
      an error occurred (#3715)
    - Fixed a bug where the --mount flag to podman create and podman
      run did not allow boolean arguments for its ro and rw options
      (#2980)
    - Fixed a bug where pods did not properly share the UTS
      namespace, resulting in incorrect behavior from some utilities
      which rely on hostname (#3547)
    - Fixed a bug where Podman would unconditionally append
      ENTRYPOINT to CMD during podman commit (and when reporting CMD
      in podman inspect) (#3708)
    - Fixed a bug where podman events with the journald events
      backend would incorrectly print 6 previous events when only new
      events were requested (#3616)
    - Fixed a bug where podman port would exit prematurely when a
      port number was specified (#3747)
    - Fixed a bug where passing . as an argument to the --dns-search
      flag to podman create and podman run was not properly clearing
      DNS search domains in the container
  * Misc
    - Updated vendored Buildah to v1.10.1
    - Updated vendored containers/image to v3.0.2
    - Updated vendored containers/storage to v1.13.1
    - Podman now requires conmon v2.0.0 or higher
    - The podman info command now displays the events logger being in
      use
    - The podman inspect command on containers now includes the ID of
      the pod a container has joined and the PID of the container's
      conmon process
    - The -v short flag for podman --version has been re-added
    - Error messages from podman pull should be significantly clearer
    - The podman exec command is now available in the remote client
    - The podman-v1.5.0.tar.gz file attached is podman packaged for
      MacOS. It can be installed using Homebrew.
- Use new conmon package as direct dependency
- Remove internal conmon package
- Update libpod.conf to support latest path discovery feature for
  `runc` and `conmon` binaries.
- Re-enable 32bit build

--------------------------------------------------------------------
Tue Jul 30 07:46:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on
  SLE (bsc#1143386)

-------------------------------------------------------------------
Thu Jul 25 09:20:47 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update libpod.conf to use correct infra_command

-------------------------------------------------------------------
Thu Jul 18 10:12:43 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update libpod.conf to use better versioned pause container

-------------------------------------------------------------------
Wed Jul 17 14:53:38 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update libpod.conf to use official kubic pause container

-------------------------------------------------------------------
Wed Jul 10 13:55:09 UTC 2019 - Marco Vedovati <mvedovati@suse.com>

- Update libpod.conf to match latest features set:
  detach_keys, lock_type, runtime_supports_json

-------------------------------------------------------------------
Mon Jul  8 10:46:43 UTC 2019 - Marco Vedovati <mvedovati@suse.com>

- Add podman-remote varlink client
- Update podman to v1.4.4
  * Features
    - Podman now has greatly improved support for containers using multiple OCI
      runtimes. Containers now remember if they were created with a different
      runtime using --runtime and will always use that runtime
    - The cached and delegated options for volume mounts are now allowed for
      Docker compatability (#3340)
    - The podman diff command now supports the --latest flag
  * Bugfixes
    - Fixed a bug where rootless Podman would attempt to use the entire root
      configuration if no rootless configuration was present for the user,
      breaking rootless Podman for new installations
    - Fixed a bug where rootless Podman's pause process would block SIGTERM,
      preventing graceful system shutdown and hanging until the system's init
      send SIGKILL
    - Fixed a bug where running Podman as root with sudo -E would not work after
      running rootless Podman at least once
    - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag
      were being ignored
    - Fixed a bug where images with no layers could not properly be displayed
      and removed by Podman
    - Fixed a bug where locks were not properly freed on failure to create a
      container or pod
    - Fixed a bug where podman cp on a single file would create a directory at
      the target and place the file in it (#3384)
    - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
      hexadecimal address instead of a container's mounts
    - Fixed a bug where rootless Podman would not add an entry to container's
      /etc/hosts files for their own hostname (#3405)
    - Fixed a bug where podman ps --sync would segfault (#3411)
    - Fixed a bug where podman generate kube would produce an invalid ports
      configuration (#3408)
  * Misc
    - Updated containers/storage to v1.12.13
    - Podman now performs much better on systems with heavy I/O load
    - The --cgroup-manager flag to podman now shows the correct default setting
      in help if the default was overridden by libpod.conf
    - For backwards compatability, setting --log-driver=json-file in podman run
      is now supported as an alias for --log-driver=k8s-file. This is considered
      deprecated, and json-file will be moved to a new implementation in the
      future ([#3363](https://github.com/containers/libpo\
      d/issues/3363))
    - Podman's default libpod.conf file now allows the crun OCI runtime to be
      used if it is installed

-------------------------------------------------------------------
Wed Jun 26 11:24:32 UTC 2019 - Robert Frohl <rfrohl@suse.com>

- Update podman to v1.4.2
  - Fixed a bug where Podman could not run containers using an older version of
    Systemd as init
  - Updated vendored Buildah to v1.9.0 to resolve a critical bug with
    Dockerfile RUN instructions
  - The error message for running podman kill on containers that are not
    running has been improved
  - Podman remote client can now log to a file if syslog is not available
  - The podman exec command now sets its error code differently based on
    whether the container does not exist, and the command in the container does
    not exist
  - The podman inspect command on containers now outputs Mounts JSON that matches
    that of docker inspect, only including user-specified volumes and
    differentiating bind mounts and named volumes
  - The podman inspect command now reports the path to a container's OCI spec
    with the OCIConfigPath key (only included when the container is initialized
    or running)
  - The podman run --mount command now supports the bind-nonrecursive option for
    bind mounts
  - Fixed a bug where podman play kube would fail to create containers due to an
    unspecified log driver
  - Fixed a bug where Podman would fail to build with musl libc
  - Fixed a bug where rootless Podman using slirp4netns networking in an
    environment with no nameservers on the host other than localhost would
    result in nonfunctional networking
  - Fixed a bug where podman import would not properly set environment
    variables, discarding their values and retaining only keys
  - Fixed a bug where Podman would fail to run when built with Apparmor support
    but run on systems without the Apparmor kernel module loaded
  - Remote Podman will now default the username it uses to log in to remote
    systems to the username of the current user
  - Podman now uses JSON logging with OCI runtimes that support it, allowing for
    better error reporting
  - Updated vendored containers/image to v2.0
- Update conmon to v0.3.0
  - Support OOM Monitor under cgroup V2
  - Add config binary and make target for configuring conmon with a go library
    for importing values

-------------------------------------------------------------------
Mon Jun 24 09:36:12 UTC 2019 - Robert Frohl <rfrohl@suse.com>

- update dependency for slirp4netns to 0.3.0 or newer

-------------------------------------------------------------------
Tue Jun 11 06:43:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.4.0:
  - The podman checkpoint and podman restore commands can now be
    used to migrate containers between Podman installations on
    different systems
  - The podman cp command now supports a pause flag to pause
    containers while copying into them
  - The remote client now supports a configuration file for
    pre-configuring connections to remote Podman installations
  - Fixed CVE-2019-10152 - The podman cp command improperly
    dereferenced symlinks in host context
  - Fixed a bug where podman commit could improperly set
    environment variables that contained = characters
  - Fixed a bug where rootless Podman would sometimes fail to start
    containers with forwarded ports
  - Fixed a bug where podman version on the remote client could
    segfault
  - Fixed a bug where podman container runlabel would use
    /proc/self/exe instead of the path of the Podman command when
    printing the command being executed
  - Fixed a bug where filtering images by label did not work
  - Fixed a bug where specifying a bing mount or tmpfs mount over
    an image volume would cause a container to be unable to start
  - Fixed a bug where podman generate kube did not work with
    containers with named volumes
  - Fixed a bug where rootless Podman would receive permission
    denied errors accessing conmon.pid
  - Fixed a bug where podman cp with a folder specified as target
    would replace the folder, as opposed to copying into it
  - Fixed a bug where rootless Podman commands could double-unlock
    a lock, causing a crash
  - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
    mounts, causing errors when using the Kata containers runtime
  - Fixed a bug where podman exec would fail on older kernels
  - The podman commit command is now usable with the Podman remote
    client
  - The --signature-policy flag (used with several image-related
    commands) has been deprecated
  - The podman unshare command now defines two environment
    variables in the spawned shell: CONTAINERS_RUNROOT and
    CONTAINERS_GRAPHROOT, pointing to temporary and permanent
    storage for rootless containers
  - Updated vendored containers/storage and containers/image
    libraries with numerous bugfixes
  - Updated vendored Buildah to v1.8.3
  - Podman now requires Conmon v0.2.0
  - The podman cp command is now aliased as podman container cp
  - Rootless Podman will now default init_path using root Podman's
    configuration files (/etc/containers/libpod.conf and
    /usr/share/containers/libpod.conf) if not overridden in the
    rootless configuration

-------------------------------------------------------------------
Fri Jun  7 11:48:27 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Add fuse-overlayfs dependency to support overlay based rootless image
  manipulations

-------------------------------------------------------------------
Wed May 29 14:16:08 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.3.2:
  - Fixed a bug where podman would fail to run if a volume was
    mounted over an image volume

-------------------------------------------------------------------
Wed May 22 07:04:24 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.3.1:
  - The podman cp command can now read input redirected to STDIN, and output to
    STDOUT instead of a file, using - instead of an argument.
  - The Podman remote client now displays version information from both the
    client and server in podman version
  - The podman unshare command has been added, allowing easy entry into the
    user namespace set up by rootless Podman (allowing the removal of files
    created by rootless Podman, among other things)
  - Fixed a bug where Podman containers with the --rm flag were removing
    created volumes when they were automatically removed
  - Fixed a bug where container and pod locks were incorrectly marked as
    released after a system reboot, causing errors on container and pod removal
  - Fixed a bug where Podman pods could not be removed if any container in the
    pod encountered an error during removal
  - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
    encounter a race condition during removal, potentially failing to remove
    the pod CGroup
  - Fixed a bug where the podman container checkpoint and podman container
    restore commands were not visible in the remote client
  - Fixed a bug where podman remote ps --ns would not print the container's
    namespaces
  - Fixed a bug where removing stopped containers with healthchecks could cause
    an error
  - Fixed a bug where the default libpod.conf file was causing parsing errors
  - Fixed a bug where pod locks were not being freed when pods were removed,
    potentially leading to lock exhaustion
  - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running
    containers, create an inconsistent state rendering the container unusable
  - The remote Podman client now uses the Varlink bridge to establish remote
    connections by default
- Update conmon to 0.2.0 and switched to containers/conmon upstream project

-------------------------------------------------------------------
Fri May 17 12:08:37 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update `systemd-devel` to actually be `pkgconfig(libsystemd)` to allow OBS to
  shortcut through systemd-mini-devel

-------------------------------------------------------------------
Thu May 16 15:04:52 UTC 2019 - Sascha Grunert <sgrunert@suse.com>

- Update podman to v1.3.0
  * Podman now supports container restart policies! The --restart-policy flag
    on podman create and podman run allows containers to be restarted after
    they exit. Please note that Podman cannot restart containers after a system
    reboot - for that, see our next feature
  * Podman podman generate systemd command was added to generate systemd unit
    files for managing Podman containers
  * The podman runlabel command now allows a $GLOBAL_OPTS variable, which will
    be populated by global options passed to the podman runlabel command,
    allowing custom storage configurations to be passed into containers run
    with runlabel
  * The podman play kube command now allows File and FileOrCreate volumes
  * The podman pod prune command was added to prune unused pods
  * Added the podman system migrate command to migrate containers using older
    configurations to allow their use by newer Libpod versions
  * Podman containers now forward proxy-related environment variables from the
    host into the container with the --http-proxy flag (enabled by default)
  * Read-only Podman containers can now create tmpfs filesystems on /tmp,
    /var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)
  * The podman init command was added, performing all container pre-start tasks
    without starting the container to allow pre-run debugging
- Update conmon to cri-o v1.14.1
- Update libpod.conf to match latest feature set

-------------------------------------------------------------------
Mon Apr  1 14:05:35 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to podman 1.2.0
  * Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect
  * The podman events command was added to show a stream of significant events
  * The podman ps command now supports a --watch flag that will refresh its output on a given interval
  * The podman image tree command was added to show a tree representation of an image's layers
  * The podman logs command can now display logs for multiple containers at the same time
  * The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option
  * The podman images command can now filter images by reference
  * The podman system df command was added to show disk usage by Podman
  * The --add-host option can now be used by containers sharing a network namespace
  * The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself
  * Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * The podman runlabel command now supports the --replace option to replace containers using the name requested
  * Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command
  * The podman play kube command now supports the HostPath and VolumeMounts YAML fields
  * Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create
  * The podman version command now supports the {{ json . }} template (which outputs JSON)
  * Podman can now forward ports using the SCTP protocol
- Update conmon to cri-o 1.14.0
- Stop building for i586 (not supported by upstream, does not build)

-------------------------------------------------------------------
Fri Mar 22 21:02:05 UTC 2019 - Flavio Castelli <fcastelli@suse.com>

- Change default libpod.conf configuration file: use the runtimes
  section to allow users to specify different OCI runtimes. This
  allows user to choose which runtime to use on a per container
  basis.

-------------------------------------------------------------------
Tue Mar 19 13:15:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>

- Add 'apparmor-parser' to list of requires (boo#1123387)

-------------------------------------------------------------------
Sat Mar 16 08:33:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>

- Scriptlets contain sh-compatible code, so drop -p /bin/bash.

-------------------------------------------------------------------
Fri Mar  8 09:47:25 UTC 2019 - Richard Brown <rbrown@suse.com>

- podman-cni-config: remove artificial conflicts with kubelet

-------------------------------------------------------------------
Thu Mar  7 15:22:22 UTC 2019 - Richard Brown <rbrown@suse.com>

- Disable build with PIE on ppc64le to avoid boo#1098017

-------------------------------------------------------------------
Wed Mar  6 14:07:01 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to v1.1.2
  * Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
  * Fixed a bug where the --label option to podman create and podman run was missing the -l alias
  * Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir
  * Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output
  * Fixed a bug where the podman cp command would automatically extract .tar files copied into the container
  * The podman container stop command is now usable with the Podman remote client

-------------------------------------------------------------------
Mon Mar  4 11:27:03 UTC 2019 - Flavio Castelli <fcastelli@suse.com>

- Update to v1.1.1
  * Update release notes for v1.1.1
  * Pull image for runlabel if not local
  * Fix SystemExec completion race
  * Fix link inconsistencies in man pages
  * Verify that used OCI runtime supports checkpoint
  * Should be defaulting to pull not pull-always
  * podman-commands script: refactor
  * Move Alias lines to descriptions of commands
  * Fix usage messages for podman image list, rm
  * Fix -s to --storage-driver in baseline test
  * No podman container ps command exists
  * Allow Exec API user to override streams
  * fix up a number of misplace commands
  * rootless, new[ug]idmap: on failure add output
  * [ci skip] Critical note about merge bot
  * podman port fix output
  * Fix ignored --time argument to podman restart
  * secrets: fix fips-mode with user namespaces
  * Fix four errors tagged by Cobra macro debugging
  * Clean up man pages to match commands
  * Add debugging for errors to Cobra compatibility macros
  * Command-line input validation: reject unused args
  * Fix ignored --stop-timeout flag to 'podman create'
  * fixup! Incorporate review feedback
  * fixup! missed some more:
  * fixup! Correction to 'checkpoint'
  * Followup to #2456: update examples, add trust
  * podman create: disable interspersed opts
  * fix up a number of misplace commands
  * Add a task to Cirrus gating to build w/o Varlink
  * Skip checkpoint/restore tests on Fedora for now
  * Fix build for non-Varlink-tagged Podman
  * Remove restore as podman subcommand
  * Better usage synopses for subcommands
  * Bump gitvalidation epoch
  * Bump to v1.2.0-dev
  * Centralize setting default volume path
  * Ensure volume path is set appropriately by default
  * Move all storage configuration defaults into libpod
  * rename pod when we have a name collision with a container
  * podman remote-client readme
- Update package to ship varlink required files

-------------------------------------------------------------------
Wed Feb 27 09:01:41 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to v1.1.0
  * Added --latest and --all flags to podman mount and podman umount
  * Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
  * Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
  * Added an alias -f for the --format flag of the podman info and podman version commands
  * Added an alias -s for the --size flag of the podman inspect command
  * Added the podman system info and podman system prune commands
  * Added the podman cp command to copy files between containers and the host
  * Added the --password-stdin flag to podman login
  * Added the --all-tags flag to podman pull
  * The --rm and --detach flags can now be used together with podman run
  * The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
  * Added the podman system renumber command to handle lock changes
  * The --net=host and --dns flags for podman run and podman create no longer conflict
  * Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:
  * Various bugfixes - full changelog https://github.com/containers/libpod/releases/tag/v1.1.0
- Removed obsolete patch containers-libpod-pull-2225.diff

-------------------------------------------------------------------
Tue Feb 26 17:17:32 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to conmon from cri-o v1.13.1
  * oci: read conmon process status

-------------------------------------------------------------------
Tue Feb 19 15:35:30 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to v1.0.1
  * rootless: join both userns and mount namespace with --pod
  * rootless: create the userns immediately when creating a new pod
  * Preserve exited state across reboot
  * podman image prune -- implement all flag
  * Add varlink support for prune
  * Make --quiet work in podman create/run
  * rootless: fix --pid=host without --privileged
  * podman-inspect: don't ignore errors

-------------------------------------------------------------------
Wed Jan 30 22:57:51 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de>

- Fix rootless mode with AppArmor
  https://github.com/containers/libpod/pull/2225
  Add patch containers-libpod-pull-2225.diff

-------------------------------------------------------------------
Mon Jan 28 10:32:38 UTC 2019 - Richard Brown <rbrown@suse.com>

- Stop using conmon from random git commits, use cri-o releases
- Update to conmon from cri-o v1.13.0
  * Solve gh#containers/libpod#527
- Tidy up .gitignore files from podman-1.0.0.tar.xz

-------------------------------------------------------------------
Thu Jan 17 11:44:58 UTC 2019 - Jordi Massaguer <jmassaguerpla@suse.com>

- Update requirement to go1.11 to stay in sync with CaaSP4 and use the same
  version as k8s and cri-o to prevent "weird" issues because of the go version
  (we had problems mixing go1.5 and go1.6 in the past)

-------------------------------------------------------------------
Wed Jan 16 09:42:52 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update libpod.conf to better align with upstream defaults [boo#1122024]
- Require catatonit for new --init flag

-------------------------------------------------------------------
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>

- Upgrade to v1.0.0
  * The podman exec command now includes a --workdir option to set working directory for the executed command
  * The podman create and podman run commands now support the --init flag to use a minimal init process in the container
  * Added the podman image sign command to GPG sign images
  * The podman run --device flag now accepts directories, and will added any device nodes in the directory to the container
  * Added the podman play kube command to create pods and containers from Kubernetes pod YAML
  * Rootless containers now unconditionally use postrun cleanup processes, ensuring resources are freed when the container stops
  * Pulling images has been parallelized, allowing individual layers to be pulled in parallel

-------------------------------------------------------------------
Tue Jan  8 11:20:42 UTC 2019 - Richard Brown <rbrown@suse.com>

- Update to v0.12.1.2
  * Rootless Podman now creates the storage.conf, libpod.conf, and mounts.conf configuration files automatically in ~/.config/containers/ for ease of reconfiguration
  * The podman pod create command can expose ports in the pod's network namespace, allowing public services to be created in pods
  * The podman container checkpoint command can now keep containers running after they are checkpointed with the --leave-running flag
  * The podman container checkpoint and podman container restore commands now support the --tcp-established flag to checkpoint and restore containers with active TCP connections
  * The podman version command now has a --format flag to produce machine-readable output
  * Added the podman container exists, podman pod exists, and podman image exists commands to easily check for a container/pod/image, respectively, by name or ID
  * The podman ps --pod flag now has a short alias, -p
  * The podman rmi and podman rm commands now have a --prune flag to prune unused images and containers, respectively
  * The podman ps command now has a --sync flag to force a sync of Podman's state against the OCI runtime, resolving some state desync errors
  * Added the podman volume set of commands for creating and managing local-only named volumes
  * Added the podman generate kube command to generate Kubernetes Pod and Service YAML for Podman containers and pods
  * The podman pod stop flag now accepts a --timeout flag to set the timeout for stopping containers in the pod

-------------------------------------------------------------------
Tue Dec 18 09:40:40 UTC 2018 - Marco Vedovati <mvedovati@suse.com>

- Update package summary and description

-------------------------------------------------------------------
Fri Dec  7 07:42:47 UTC 2018 - Adrian Schröter <adrian@suse.de>

- add dependency to iptables, build fails otherwise

-------------------------------------------------------------------
Fri Nov 16 08:22:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Changelog for v0.11.1.1 (2018-11-15)
  * Increase pidWaitTimeout to 60s
  * rootless: call IsRootless just once
  * Add space between num & unit in images output
  * Better document rootless containers
  * info: add rootless field
  * Do not hide errors when creating container with UserNSRoot
  * correct assignment of networkStatus
  * rootless: default to fuse-overlayfs when available

-------------------------------------------------------------------
Tue Nov 13 07:17:16 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Require golang >= 1.10.

-------------------------------------------------------------------
Fri Nov  9 07:46:46 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Changelog for v0.11.1 (2018-11-08)
  * update seccomp.json
  * Touch up --log* options and daemons in man pages
  * Don't fail if /etc/passwd or /etc/group does not exists
  * Properly set Running state when starting containers
  * If a container ceases to exist in runc, set exit status
  * rootless: mount /sys/fs/cgroup/systemd from the host
  * rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
  * Add hostname to /etc/hosts
  * Remove conmon cgroup before pod cgroup for cgroupfs
  * Make kill, pause, and unpause parallel.
  * Fix long image name handling
  * Make restart parallel and add --all
  * rootless: do not add an additional /run to runroot
  * rootless: avoid hang on failed slirp4netns
  * Fix setting of version information
  * runtime: do not allow runroot longer than 50 characters
  * attach: fix attach when cuid is too long
  * truncate command output in ps by default
  * make various changes to ps output
  * Use two spaces to pad PS fields
  * fix bug in rm -fa parallel deletes
  * Ensure test container in running state
  * Add tests for selinux labels
  * Add --max-workers and heuristics for parallel operations
  * Increase security and performance when looking up groups
  * run prepare in parallel
  * runlabel: run any command
  * Explain the device format in man pages
  * Add --all and --latest to checkpoint/restore
  * Use more reliable check for rootless for firewall init
  * Make podman ps fast
  * Support auth file environment variable in podman build
  * fix environment variable parsing
  * Use the CRIU version check in checkpoint/restore
  * Handle http/https in registry given to login/out
  * correct stats err with non-running containers
  * Make rm faster
  * Fix man page to show info on storage

- Changelog for v0.10.1.3 (2018-10-17)
  * Vendor in new new buildah/ci
  * Fix podman in podman

- Changelog for v0.10.1.2 (2018-10-17)
  * Fix CGroup paths used for systemd CGroup mount

-------------------------------------------------------------------
Tue Oct 30 06:57:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Require slirp4netns to enable networking for unprivileged network namespaces
  aka networking for rootless podman.

-------------------------------------------------------------------
Wed Oct 17 06:07:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Changelog for v0.10.1.1 (2018-10-16)
  * Mount proper cgroup for systemd to manage inside of the container.
  * volume: resolve symlinks in paths
  * volume: write the correct ID of the container in error messages
  * Support auth file environment variable & add change to man pages
  * Generate a passwd file for users not in container

-------------------------------------------------------------------
Fri Oct 12 06:43:30 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Changelog for v0.10.1 (2018-10-11)
  * Sort all command flags
  * rootless: detect when user namespaces are not enabled
  * Log an otherwise ignored error from joining a net ns
  * Update manpages for --ip flag
  * Add --ip flag and plumbing into libpod
  * Document --net as an alias of --network in podman run & create
  * rootless: report more error messages from the startup phase
  * rootless: fix an hang on older versions of setresuid/setresgid
  * fix runlabel functions based on QA feedback
  * Stop containers in parallel fashion
  * runlabel: execute /proc/self/exe and avoid recursion
  * Ensure resolv.conf has the right label and path
  * completions: add checkpoint/restore completions
  * Add support to checkpoint/restore containers
  * selinux: drop superflous relabel
  * rootless: always set XDG_RUNTIME_DIR
  * Address review comments and fix ps output
  * Disable SELinux labeling if --privileged
  * Implement pod varlink bindings
  * Add --all flag to podman kill
  * Add container runlabel command
  * run complex image names with short names

-------------------------------------------------------------------
Mon Oct  1 05:51:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Update conmon to 4cd5a7c60349be0678d9f1b0657683324c1a2726 and fetch
  it from its new home https://github.com/kubernetes-sigs/cri-o.

- Changelog for v0.9.3.1 (2018-09-25)
  * Disable problematic SELinux code causing runc issues

- Changelog for v0.9.3 (2018-09-21)
  * Add --mount option for `create` & `run` command
  * Don't mount /dev/shm if the user told you --ipc=none
  * rootless: error out if there are not enough UIDs/GIDs available
  * Add new field to libpod to indicate whether or not to use labelling
  * Bind Mounts should be mounted read-only when in read-only mode
  * report when rootless
  * Don't crash if an image has no names

- Changelog for v0.9.2 (2018-09-14)
  * Don't mount /dev/* if user mounted /dev
  * rootless: do not raise an error if the entrypoint is specified
  * Add a way to disable port reservation
  * Do not set rlimits if we are rootless
  * Add --interval flag to podman wait
  * Add `podman rm --volumes` flag
  * Explicitly set default CNI network name in libpod.conf

- Changelog for v0.9.1.1 (2018-09-10)
  * Replace existing iptables handler with firewall code
  * Vendor CNI plugins firewall code
  * Fix displaying size on size calculation error

- Changelog for v0.9.1 (2018-09-07)
  * Fix pod sharing for utsmode
  * Respect user-added mounts over default spec mounts
  * use layer cache when building images
  * Start pod infra container when pod is created
  * Fix up libpod.conf man pages and referencese to it.
  * We should fail Podman with ExitCode 125 by default
  * Add CRI logs parsing to podman logs
  * rmi remove all not error when no images are present
  * rootless, create: support --pod
  * rootless, run: support --pod

-------------------------------------------------------------------
Mon Sep  3 06:04:26 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>

- Changelog for v0.8.5 (2018-08-31)
  * Add proper support for systemd inside of podman
  * We are mistakenly seeing repos as registries.
  * Up time between checks for podman wait
  * Turn on test debugging
  * Add support for remote commands
  * fixup A few language changes and subuid(5)
  * Make the documentation of user namespace options in podman-run clearer
  * catch command-not-found errors
  * don't print help message for usage errors
  * docs: consistent format for example
  * docs: consistent headings
  * docs: make HISTORY consistent
  * docs: fix headers
  * varlink: fix --timeout usage
  * run/create: reserve `-h` flag for hostname
  * podman,varlink: inform user about --timeout 0
  * rootless: show an error when stats is used
  * rootless: show an error when pause/unpause are used
  * rootless: unexport GetUserNSForPid
  * rootless, exec: use the new function to join the userns
  * rootless: fix top
  * rootless: add new function to join existing namespace
  * Do not set max open files by default if we are rootless
  * Set default max open files in spec
  * Resolve /etc/resolv.conf before reading
  * document `--rm` semantics
  * rootless, search: do not create a new userns
  * rootless, login, logout: do not create a new userns
  * rootless, kill: do not create a new userns
  * rootless, stop: do not create a new userns
  * Fix manpage to note how multiple filters are combined
  * Fix handling of multiple filters in podman ps
  * Fix Mount Propagation
  * docs: add containers-mounts.conf(5)
  * docs: use "containers-" prefix for registries and storage
  * rootless: fix --pid=host
  * rootless: fix --ipc=host
  * spec: bind mount /sys only when userNS are enabled
  * rootless, tests: add test for --uts=host
  * rootless: don't use kill --all
  * rootless: exec handle processes that create an user namespace
  * rootless: fix exec

-------------------------------------------------------------------
Mon Aug 27 06:05:18 UTC 2018 - vrothberg@suse.com

- Changelog for v0.8.4 (2018-08-24)
  * Swap from FFJSON to easyjson
  * rootless: allow to override policy.json by the user
  * add completion for --pod in run and create
  * Fixed formatting and lowered verbosity of pod ps
  * Do not try to enable AppArmor in rootless mode
  * Reveal information about container capabilities
  * Fixing network ns segfault
  * Change pause container to infra container
  * Added option to share kernel namespaces in libpod and podman
  * Add podman pod top
  * Include pod stats and top in commands/completions
  * Fix syntax description of --ulimit command
  * Properly translate users into runc format for exec
  * rootless: fix --net host --privileged
  * Fixed segfault in stats where container had netNS none or from container
  * Enable pod stats with short ID and name
  * Touch up cert-dir in man pages
  * Support Attach subcommand in pypodman

-------------------------------------------------------------------
Mon Aug 20 06:40:02 UTC 2018 - vrothberg@suse.com

- Changelog for v0.8.3 (2018-08-17)
  * Switch from github.com/projectatomic to github.com/containers
  * Mention that systemd is the default cgroup manager
  * Fix handling of socket connection refusal.
  * podman: fix --uts=host
  * podman pod stats
  * Added reason to PodContainerError
  * Add Pod API to varlink.
  * Revert "spec: bind mount /sys only for rootless containers"
  * Document STORAGE_DRIVER and STORAGE_OPTS environment variable
  * Create pod CGroups when using the systemd cgroup driver
  * Switch systemd default CGroup parent to machine.slice
  * spec: bind mount /sys only for rootless containers
  * Add create and pull commands
  * rootless: not require userns for help/version
  * pkg/apparmor: use a pipe instead of a tmp file
  * podman in rootless mode will only work with cgroupfs at this point.
  * when searching, survive errors for multiple registries

-------------------------------------------------------------------
Mon Aug 13 06:32:40 UTC 2018 - vrothberg@suse.com

- Changelog for v0.8.2.1 (2018-08-11)
  * Ensure pod inspect is locked and validity-checked
  * Swap default CGroup manager to systemd

- Changelog for v0.8.2 (2018-08-10)
  * We need to sort mounts so that one mount does not over mount another.
  * search name should include registry
  * removeContainer: fix deadlock
  * Add FFJSON to build container
  * Add FFJSON generation to makefile
  * Fixed a bug setting dependencies on the wrong container
  * Always connect to the stdout and stderr of stream
  * apparmor: respect "unconfined" setting
  * oci.go: syslog: fix debug formatting
  * add podman pod inspect
  * Fix CGroupFS cgroup manager cgroup creation for pods
  * Pass newly-added --log-level flag to Conmon
  * Cleanup man pages
  * Improve ps handling of container start/stop time
  * rootless: fix user lookup if USER= is not set
  * Add dpkg support for returning oci/conmon versions
  * Have info print conmon/oci runtime information
  * Better pull error for fully-qualified images
  * Add Runc and Conmon versions to Podman Version

-------------------------------------------------------------------
Thu Aug  9 10:20:19 UTC 2018 - vrothberg@suse.com

- Add a dedicated conmon for podman as the requirements on the specific
  version started to differ from the ones of CRI-O.  This change implies
  dropping the requirement on the cri-o package.

- Add libpod.conf as a new source to allow tweaking the search paths
  for openSUSE.  This change makes execution slightly faster.

-------------------------------------------------------------------
Mon Aug  6 06:27:09 UTC 2018 - vrothberg@suse.com

- Changelog for v0.8.1 (2018-08-03)
  * Added ps --pod option
  * clarify pull error message
  * Man page fixes found by https://pagure.io/ManualPageScan
  * rootless: do not segfault if the parent already died
  * Document the properties of DefaultTransport a bit better.
  * Add --force to podman umount to force the unmounting of the rootfs
  * network: add support for rootless network with slirp4netns
  * Add documentations on how to setup /etc/subuid and /etc/subgid
  * podman rmi shouldn't delete named referenced images

-------------------------------------------------------------------
Mon Jul 30 05:45:52 UTC 2018 - vrothberg@suse.com

- Changelog for v0.7.4 (2018-07-27)
  * Add pod pause/unpause
  * Fix up docker compatibility messages
  * Fix handling of Linux network namespaces
  * Cleanup descriptions and help information
  * Add pod kill
  * Added pod restart
  * podman: allow to specify the IPC namespace to join
  * podman: allow to specify the UTS namespace to join
  * podman: allow to specify the PID namespace to join
  * podman: allow to specify the userns to join
  * spec: allow container:NAME network mode
  * Add libpod namespace to config
  * Add missing runtime.go lines to set namespace
  * Set namespace for new pods/containers based on runtime
  * Add --namespace flag to Podman
  * Update documentation for the State interface
  * Ensure pods are part of the set namespace when added
  * Enforce namespace checks on container add
  * Add container and pod namespaces to configs
  * AppArmor: runtime check if it's enabled on the host
  * Add format descriptors infor to podman top
  * docs/podman-top: fix typo and whitespace

-------------------------------------------------------------------
Mon Jul 23 06:18:32 UTC 2018 - vrothberg@suse.com

- Changelog for v0.7.3 (2018-07-20)
  * Podman load/tag/save prepend localhost when no repository is present
  * Pod ps now uses pod.Status()
  * Added pod start and stop
  * rootless: support a per-user mounts.conf
  * secrets: parse only one mounts configuration file
  * rootless: allow a per-user registries.conf file
  * rootless: allow a per-user storage.conf file
  * rootless, docs: document the libpod.conf file used in rootless mode
  * podman-top: use containers/psgo
  * oci: keep exposed ports busy and leak the fd into conmon
  * Fix ps filter with key=value labels
  * rootless: require subids to be present

-------------------------------------------------------------------
Mon Jul 16 05:37:36 UTC 2018 - vrothberg@suse.com

- Changelog for v0.7.2 (2018-07-13)
  * Only print container size JSON if --size was requested
  * Don't print rootfs and rw sizes if they're empty
  * Major fixes to podman ps --format=json output
  * Ignore running containers in ps exit-code filters
  * rootless: correctly propagate the exit status from the container
  * rootless: unshare mount namespace
  * Need to wait for container to exit before completing run/start completes
  * If proxy fails then then signal should be sent to the main process
  * fix pull image that includes a sha
  * Added full podman pod ps, with tests and man page
  * Podman pod create/rm commands with man page and tests.
  * Added created time to pod state
  * Support multiple networks
  * podman rmi should only untag image if parent of another
  * build: enable ostree in containers/storage when available
  * podman/libpod: add default AppArmor profile
  * rootless: propagate errors from GetRootlessRuntimeDir()
  * rootless: resolve the user home directory
  * rootless: fix when argv[0] is not an absolute path
  * urfave/cli: fix regression in short-opts parsing
  * Add --volumes-from flag to podman run and create
  * Mask /proc/keys to protect information leak about keys on host
  * Podman stats with no containers listed is the same as podman stats --all

- install missing podman (1) manpage

- podman-rpmlintrc: ignore missing-call-to-setgroups-before-setuid wari

- install bash completion at /usr/share/bash-completion/completions

- buildmode=pie: build position independent code

-------------------------------------------------------------------
Mon Jul  9 05:47:32 UTC 2018 - vrothberg@suse.com

- Changelog for v0.7.1 (2018-07-06)
  * Block use of /proc/acpi from inside containers
  * Remove per-container CGroup parents
  * rootless: add /run/user/$UID to the lookup paths
  * rootless: add function to retrieve the original UID
  * rootless: always set XDG_RUNTIME_DIR
  * rootless: set XDG_RUNTIME_DIR also for state and exec
  * urfave/cli: fix parsing of short opts
  * docs: Follow man-pages(7) suggestions for SYNOPSIS
  * Allow multiple mounts

- re-enable varlink support (build conditional)

-------------------------------------------------------------------
Mon Jul  2 05:53:26 UTC 2018 - vrothberg@suse.com

- Changelog for v0.6.5 (2018-06-29)
  * Fix built-in volume issue with podman run/create
  * Add `podman container cleanup` to CLI
  * Allow multiple containers and all for umount
  * Returning joining namespace error should not be fatal
  * Test to verify overlay quotas work, show container overhead on quota
  * Remove the --registry flag from podman search
  * utils: fix endless write of resize event
  * Start prints UUID or container name that user inputs on success
  * Fix podman hangs when detecting startup error in container attached mode
  * podman-build --help: update description
  * docs: add documentation for rootless containers
  * Add --authfile to podman search
  * Add podman-image and podman-container man page links
  * make varlink optional for podman

-------------------------------------------------------------------
Mon Jun 25 05:58:20 UTC 2018 - vrothberg@suse.com

- Changelog for v0.6.4 (2018-06-22)
  * Point podman-refresh at the right manpage
  * Add bash completions for podman refresh
  * Add manpages for podman refresh
  * Add podman refresh command
  * Add information about the configuration files to the install docs
  * Add unittests and fix bugs
  * Podman history now prints out intermediate image IDs
  * Add cap-add and cap-drop to build man page
  * Fix image volumes access and mount problems on restart
  * Add carriage return to log message when using --tty flag
  * Added --sort to ps
  * Fix podman build -q
  * Add extra debug so we can tell apart postdelete hooks
  * TLS verify is skipped per registry.
  * Add --all,-a flag to podman images
  * top: make output tabular
  * Add more network info ipv4/ipv6 and be more compatible with docker
  * Do not run iptablesDNS workaround on IPv6 addresses
  * Added --tls-verify functionality to podman search, with tests

-------------------------------------------------------------------
Mon Jun 18 05:46:23 UTC 2018 - vrothberg@suse.com

- Changelog for v0.6.3 (2018-06-15)
  * podman: use a different store for the rootless case
  * podman: do not use Chown in rootless mode
  * network: do not attempt to create a network in rootless mode
  * oci: do not set resources in rootless mode
  * oci: do not use hooks in rootless mode
  * oci: do not set the cgroup path in Rootless mode
  * spec: change mount options for /dev/pts in rootless mode
  * container: do not add shm in rootless mode
  * podman: provide a default UID mapping when non root
  * podman: accept option --rootfs to use exploded images
  * When setting a memory limit, also set a swap limit
  * Fix cleaning up network namespaces on detached ctrs
  * Implement --latest for ps
  * Added --sort flag to podman image
  * add podman container and image command
  * rmi: remove image if all tags are specified

-------------------------------------------------------------------
Mon Jun 11 06:22:30 UTC 2018 - vrothberg@suse.com

- Changelog for v0.6.2 (2018-06-08)
  * Vendor in latest buildah code
  * Update epoch to fix validation problems
  * Touch up whitespace issue in build man
  * Add disable-content flag info to man page for build
  * podman-run: clean up some formatting issues
  * Remove SELinux transition rule after conmon is started.
  * Add --all flag even though it is a noop so scripts will work
  * podman-varlink: log timeouts
  * bash completion: remove shebang
  * Vendor in latest containers/storage

-------------------------------------------------------------------
Fri Jun  8 14:26:33 UTC 2018 - dcassany@suse.com

- Make use of %license macro

-------------------------------------------------------------------
Tue Jun  5 13:36:00 UTC 2018 - vrothberg@suse.com

- Changelog for v0.6.1 (2018-06-01)
  * Fix lable handling
  * runtime: add /usr/libexec/podman/conmon to the conmon paths
  * varlink build
  * Add OnBuild support for podman build
  * return all inspect info for varlink containerinspect
  * hooks/exec: Allow successful reaps for 0s post-kill timeouts
  * fix panic with podman pull
  * Remove --net flag and make it an alias for --network
  * Clear all caps, except the bounding set, when --user is specified.
    Fix: bsc#1097970 CVE-2018-10856
  * do not allow port related args to be used with --network=container:
  * sort containers and images by create time
  * Cleanup man pages

-------------------------------------------------------------------
Tue May 29 12:35:47 UTC 2018 - parlt@suse.com

- Changelog for v0.5.4 (2018-05-25):
  * Make references to the Process part of Spec conditional
  * save and load should support multi-tag for docker-archive
  * Implement python podman create and start
  * Set Entrypoint from image only if not already set
  * Update podman build to match buildah bud functionality
  * Fix handling of command in images
  * Add support for Zulu timestamp parsing
  * Clarify using podman build with a URL, Git repo, or archive.
  * podman create, start, getattachsocket
  * oci-hooks.5: Discuss directory precedence and monitoring
  * Tighten the security on the podman varlink socket

-------------------------------------------------------------------
Tue May 22 10:16:03 UTC 2018 - parlt@suse.com

- Changelog for v0.5.3 (2018-05-18):
  * troubleshooting: Add console syntax highlighting
  * Refresh pods when refreshing podman state
  * Add per-pod CGroups
  * Add pod state
  * hooks: Fix monitoring of multiple directories
  * Add Troubleshooting guide
  * Add python3 package to podman
  * libpod: fix panic when using -t and the process fails to start
  * Allow push/save without image reference
  * Fix podman inspect bash completions
  * Support pulling Dockerfile from http
  * add more bash completions
  * implement varlink commit
  * fix segfault for podman push
  * Add the Podman Logo
  * hooks: Add package support for extension stages

-------------------------------------------------------------------
Mon May 14 08:33:11 UTC 2018 - vrothberg@suse.com

- Changelog for v0.5.2 (2018-05-11):
  * Fix varlink remove image force
  * Do not error trying to remove cgroups that don't exist
  * Remove parent cgroup we create with cgroupfs
  * Place Conmon and Container in separate CGroups
  * Add --cgroup-manager flag to Podman binary
  * Major fixes to systemd cgroup handling
  * Add validation for CGroup parents. Pass CGroups path into runc
  * varlink info
  * Dont eat the pull error message for varlink
  * podman push should honor registries.conf
  * alphabetize the varlink methods, types, and errors in the docs
  * Add missing newline to podman port
  * Fix calculation of RunningFor in ps json output
  * Should not error out if container no longer exists in oci
  * Make invalid state nonfatal when cleaning up in run
  * podman, userNS: configure an intermediate mount namespace
  * networking, userNS: configure the network namespace after create
  * Begin wiring in USERNS Support into podman

-------------------------------------------------------------------
Mon May  7 05:42:24 UTC 2018 - vrothberg@suse.com

- Remove runtime dependency on buildah, which isn't required anymore as
  libpod vendors in buildah's code directly.

- Changelog for v0.5.1 (2018-05-04):
  * Fix pulling from secure registry
  * Optionally init() during container restart
  * bashcompletion enhancements
  * Add directory for systemd socket and service if not present
  * varlink containers
  * Make podman commit to localhost rather then docker.io
  * Do not print unnecessary Buildah details during commit
  * Fix podman logout --all flag
  * podman should assign a host port to -p when omitted
  * libpod.conf: Podman's conmon path on openSUSE
  * correct varlink command in service file
  * Make ':' a restricted character for file names

-------------------------------------------------------------------
Mon Apr 30 06:53:09 UTC 2018 - vrothberg@suse.com

- Update podman to v0.4.4:
  * Use buildah commit and bud in podman
  * Remove systemd-cat support
  * Add --default-mounts-file hidden flag
  * Add isolation note to build man page
  * Strip transport from image name when looking for local image
  * Do not eat error messages from pullImage
  * Modify --user flag for podman create and run
  * add libpod.conf man page

-------------------------------------------------------------------
Mon Apr 23 08:37:57 UTC 2018 - parlt@suse.com

- Update podman to v0.4.3:
  * podman push without destination image
  * Add make .git target
  * Fix tests for podman run --attach
  * Vendor in latest containers/image and contaners/storage
  * It is OK to start an already running container (with no attach)
  * Allow podman start to attach to a running container
  * regression: tls verify should be set on registries.conf if insecure
  * ip validation game too strong
  * reverse host field order (ip goes first) - fix host string split to permit IPv6
  * Allow podman to exit exit codes of removed containers
  * validate dns-search values prior to creation
  * Add WaitContainerReady for wait for docker registry ready
  * podman pull should always try to pull
  * Allow the use of -i/-a on any container
  * Fix secrets patch

-------------------------------------------------------------------
Tue Apr 17 06:44:19 UTC 2018 - vrothberg@suse.com

- Require golang >= 1.9.

-------------------------------------------------------------------
Tue Apr 17 06:19:33 UTC 2018 - vrothberg@suse.com

- Update podman to v0.4.2:
  * Allowing attaching stdin to non-interactive containers
  * Fix terminal attach
  * Fix locking interaction in batched Exec() on container
  * Force host UID/GID mapping when creating containers
  * Do not lock all containers during pod kill
  * Do not lock all containers during pod start
  * Make pod stop lock one container at a time
  * Containers transitioning to stop should not break stats
  * Add -i to exec for compatibility reasons
  * Unescape characters in inspect JSON format output
  * Use buildah commit for podman commit

-------------------------------------------------------------------
Mon Apr  9 07:48:52 UTC 2018 - parlt@suse.com

- Update podman to v0.4.1:
  * Remove image via storage if a buildah container is associated
  * Add hooks support to podman
  * Run images with no names
  * Prevent a potential race when stopping containers
  * Only allocate tty when -t
  * Add conmon-pidfile flag to bash completions/manpages
  * --entrypoint= should delete existing entrypoint
  * Do not require Init() before Start()
  * Ensure dependencies are running before initializing containers
  * Add container dependencies to Inspect output
  * Vendor in latest containers/image
  * Change errorf to warnf in warning removing ctr storage

-------------------------------------------------------------------
Thu Apr  5 06:40:07 UTC 2018 - asarai@suse.com

- Split out podman's basic CNI configuration to podman-cni-config, to avoid
  breaking Kubernetes clusters due to misconfigured networking. On openSUSE we
  still install this configuration so things "just work" there.

-------------------------------------------------------------------
Tue Apr  3 05:41:54 UTC 2018 - vrothberg@suse.com

- Update podman to v0.3.5:
  * Allow sha256: prefix for input
  * Add secrets patch to podman
  * Only start containers that are not running in pod start
  * Check for duplicate names when generating new container and pod names.
  * podman: new option --conmon-pidfile=
  * Remove dependency on kubernetes
  * Vendor in lots of kubernetes stuff to shrink image size
  * cmd/podman/run.go: Error nicely when no image found
  * Update containers/storage to pick up overlay driver fix
  * First tag, untag THEN reload the image

-------------------------------------------------------------------
Mon Mar 26 05:57:07 UTC 2018 - vrothberg@suse.com

- Update podman to v0.3.4:
  * Make container env variable conditional
  * Small manpage reword
  * Document .containerenv in manpages. Move it to /run.
  * Add .containerenv file
  * Removing tagged images change in behavior
  * Image library stage 4 - create and commit
  * Add 'podman restart' asciinema

-------------------------------------------------------------------
Mon Mar 19 09:47:24 UTC 2018 - vrothberg@suse.com

- Remove old (redundant) source archive.

-------------------------------------------------------------------
Sat Mar 17 10:36:53 UTC 2018 - vrothberg@suse.com

- Do not compile commit hash into binary. `podman version` will not print
  the commit number as we are now following official releases.

- Change tar naming from commit to version to facilitate updates via the
  _service file.

- Update podman to v0.3.3.  This update includes several fixes and a new
  configuration file, libpod.conf.  By default, this config will be
  installed to /usr/share/containers and /etc/containers, whereas podman
  will always use the latter if present.  The config in
  /usr/share/containers can be used to check for new config options and
  will be replaced with each package update.  The libpod.conf config can
  be used to tweak some run-time paths of conmon, runc, etc., which is a
  more flexible approach than hard-coding those paths in podman.

Changelog:
  * Update containers/image
  * Add restart to main podman manpage
  * Add podman restart to podman bash completions and commands
  * Make manpage more clear
  * Add 'podman restart' command
  * Remove ability to specify mount label when mounting
  * Add signal proxying to podman run, start, and attach
  * We should not allow a user to mount a container with a different label
  * We should not have a default workdir
  * Add additional debug logging
  * Implement container restarting
  * sleep does not catch SIGTERM
  * Include tmpfs in inspect
  * Add run and search to commands page
  * Add new default location for conmon
  * podman-images: return correct image list
  * Remove crio.conf references from manpages
  * Fix a potential race around container removal in ps
  * podman ps command string too long
  * Podman load can pull in compressed files
  * Fix Conmon error to display Conmon paths
  * Add support to load runtime configuration from config file
  * Add default libpod config file
  * Change conmon and runtime paths to arrays
  * Update containers/storage to fix locking bug

-------------------------------------------------------------------
Thu Mar 15 15:24:23 UTC 2018 - vrothberg@suse.com

- Add requirement on cni-plugins to avoid potential issues in the
  future.
  feature#crio

-------------------------------------------------------------------
Tue Mar  6 11:00:09 UTC 2018 - vrothberg@suse.com

- Add run-time requirement on buildah to support `podman build`.
  feature#crio

-------------------------------------------------------------------
Tue Mar  6 08:01:37 UTC 2018 - vrothberg@suse.com

- Fix typo when setting the git commit at compile time.

-------------------------------------------------------------------
Sat Mar  3 14:20:06 UTC 2018 - vrothberg@suse.com

- Update podman to v0.3.1:
  * allow DNS resolution in containers
  * Adjust podman logs error message for clarity
  * Instead of erroring on exit file not being found, warn
  * podman logs -f: does not detect container stop or rm
  * Fix issue with podman logs on fresh containers
  * Replace usage of runc with runtime
  * Handle removing containers with active exec sessions
  * Ensure that Cleanup() will not run on active containers
  * Add tracking for exec session IDs
  * Add tracking for container exec sessions to DB
  * Small fixes to container Exec
  * docs/podman-info.1.md update man page
  * Update containers/storage
  * podman info add registries
  * podman stats add networking
  * CNIPluginDir: check "/usr/lib/cni"
  * remove build alias
  * Restrict top output to container's pids only
  * ps displays incorrect exit code
  * podman load dont panic when no repotags
  * Do not override user mounts
  * Tagging an image alias by shortname
  * Add support for --no-new-privs
  * podman ps json output use batched ops
  * CreateContainerStorage by image id
  * Implement --image-volumes for create and run
  * Add ability to start containers in a pod
  * Add kill and stop for pods
  * Add pod status command
  * Add tests and cleanup
  * Implement podman run option --cgroup-parent
  * Inspect output should be in array form
  * Add --time alias to manpages
  * Alias --time to --timeout for 'podman stop'
  * Resolve contention between copr and fedora repos
  * Ensure we don't repeatedly poll disk for exit codes
  * Change uptime format in `podman info` to human-readable

-------------------------------------------------------------------
Thu Feb 22 10:25:14 UTC 2018 - vrothberg@suse.com

- Replace macro by the entire URL in the spec file.

-------------------------------------------------------------------
Tue Feb 20 14:29:54 UTC 2018 - vrothberg@suse.com

- Add podman-rpmlintrc to ignore "explicit-lib-dependency" warnings. Those are
  intentional as we must include the libcontainers-* packages.
  + podman-rpmlintrc

- Update to podman v0.2.1 (change to semantic version scheme):
  * Run podman inside a podman container
  * Add FFJSON encoding/decoding for our container structs
  * images --all developer note
  * Add podman version
  * Touch up tutorial location and install reqs
  * No registries warning
  * Return imageid from podman pull
  * Squash logged errors from failed SQL rollbacks
  * Privileged containers should inherit host devices
  * Disable default Seccomp profile with privileged containers
  * Make libpod build on 32-bit systems
  * Add buckets for all containers and all pods
  * Containers in a pod can only join namespaces in that pod
  * Change json to match docker inspect
  * Honor ENTRYPOINT in image
  * Fix libpod to use given CGroup parent instead of a hardcoded one
  * podman logs: fix tailing
  * Allow removing pods with running containers if --force is given
  * Match podman inspect output to docker inspect
  * Touchup podman kill manpage
  * Change stop signal default to SIGTERM
  * Add podman search command
  * sysfs should be mounted rw for privileged
  * Need to add LISTEN_PID environment variable to conmon command
  * Add authfile, cert-dir and creds params to build

-------------------------------------------------------------------
Fri Feb  9 15:55:16 UTC 2018 - vrothberg@suse.com

- Add requirement on libcontainers-common, which now provides the
  /etc/containers/policy.json config.
- Use golang-packaging macros.
- Set version to +git%{rev_list} scheme as there's no official release yet.
- Spec file cleanups via spec-cleaner.
- Add requirement on libcontainers-{common,image,storage}, which provide
  configuration files, manpages and debugging tools useful and required by
  podman.

-------------------------------------------------------------------
Wed Feb  7 08:51:16 UTC 2018 - vrothberg@suse.com

- Fix typo to provide the correct package.
- Replace tabs with spaces.

-------------------------------------------------------------------
Mon Feb  5 06:40:05 UTC 2018 - vrothberg@suse.com

- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.

-------------------------------------------------------------------
Thu Feb  1 12:38:03 UTC 2018 - vrothberg@suse.com

- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowed
  because you cannot make hardlinks between certain partitions.

-------------------------------------------------------------------
Tue Jan 30 15:33:21 UTC 2018 - vrothberg@suse.com

- Add podman package: podman is a simple client only tool to help with
  debugging issues when daemons such as CRI runtime and the kubelet are not
  responding or failing.

 
-------------------------------------------------------------------
Tue Mar 18 06:51:33 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for CVE-2025-22869 (bsc#1239330):
  * 0006-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
  * 0004-http2-close-connections-when-receiving-too-many-head.patch
  * 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
​
-------------------------------------------------------------------
Mon Mar  3 05:42:37 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for CVE-2025-27144 (bsc#1237641):
  * 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
  * 0004-http2-close-connections-when-receiving-too-many-head.patch
​
-------------------------------------------------------------------
Fri Feb  7 14:16:17 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for CVE-2023-45288 (bsc#1236507):
  * 0004-http2-close-connections-when-receiving-too-many-head.patch
- Add supplemental patch for CVE-2024-6104 (bsc#1227052):
  * 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
- Rebase patches:
  * 0001-vendor-update-c-buildah-to-1.33.12.patch
  * 0002-Backport-fix-for-CVE-2024-6104.patch
​
-------------------------------------------------------------------
Thu Jan 23 07:36:42 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for  CVE-2024-11218 (bsc#1236270):
  * 0002-vendor-update-c-buildah-to-1.33.12.patch
- Rebase patch:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
- Removed patches (merged upstream and into the new patch):
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
  * 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
  * 0004-Properly-validate-cache-IDs-and-sources.patch
  * 0005-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
​
-------------------------------------------------------------------
Tue Oct 22 06:36:40 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for CVE-2024-9676 (bsc#1231698):
  * 0005-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
- Rebase patches:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
  * 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
  * 0004-Properly-validate-cache-IDs-and-sources.patch
​
-------------------------------------------------------------------
Fri Oct 18 11:45:50 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
  * Required for rootless mode as a regular user has no permission
    to load kernel modules
​
-------------------------------------------------------------------
Tue Oct 15 16:56:51 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for CVE-2024-9675 (bsc#1231499):
  * 0004-Properly-validate-cache-IDs-and-sources.patch
- Add patch for CVE-2024-9407 (bsc#1231208):
  * 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
- Rebase patches:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
​
-------------------------------------------------------------------
Thu Oct  3 07:05:10 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
​
- Add patch for CVE-2024-9341 (bsc#1231230):
  * 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
- Rebase patch:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
​
-------------------------------------------------------------------
Mon Jul  1 05:41:23 UTC 2024 - Dan Čermák <dcermak@suse.com>
​
- Add patch to fix bsc#1227052 / CVE-2024-6104:
  * 0001-Backport-fix-for-CVE-2024-6104.patch
- Add missing BuildRequires man
​
-------------------------------------------------------------------
Fri Jun 07 12:56:18 UTC 2024 - danish.prakash@suse.com
​
- Remove upstreamed patches:
  - 0001-CVE-2024-1753-container-escape-fix.patch
- Update to version 4.9.5:
  * Bump to v4.9.5
  * Update release notes for v4.9.5
  * fix "concurrent map writes" in network ls compat endpoint
  * [v4.9] Fix for CVE-2024-3727 (bsc#1224122)
  * Disable failing bud test
  * CI Maintenance: Disable machine tests
  * [CI:DOCS] Allow downgrade of WiX
  * [CI:DOCS] Force WiX 3.11
  * [CI:DOCS] Fix windows installer action
  * Bump to v4.9.5-dev
  * Bump to v4.9.4
  * Update release notes for v4.9.4
  * [v4.9] Bump Buildah to v1.33.7, CVE-2024-1753, CVE-2024-24786 (bsc#1226136)
  * Add farm command to commands list
  * Bump to FreeBSD 13.3 (13.2 vanished)
  * Update health-start-periods docs
  * Don't update health check status during initialDelaySeconds
  * image scp: don't require port for ssh URL
  * Ignore docker's end point config when the final network mode isn't bridge.
  * Fix running container from docker client with rootful in rootless podman.
  * [skip-ci] Packit: remove koji and bodhi tasks for v4.9
  * Bump to v4.9.4-dev
  * Bump to v4.9.3
  * Release notes for v4.9.3
  * Remove gitleaks scanning
  * [v4.9] [skip-ci] packit: update fedora downstream branches
  * @@option volume.image: be specific that -v only affects RUN
  * Accept a config blob alongside the "changes" slice when committing
  * container create: use ParseUserNamespace to parse a user namespace setting
  * Bump to v4.9.3-dev
  * Bump to v4.9.2
  * Release notes for v4.9.2
  * Cirrus: Update operating branch
  * [v4.9] Bump to c/common v0.57.4, buildkit v0.12.5, c/buidah v1.33.5
  * Fix updated runc dep breaking pod devices cgroup
  * systests: kube with policies test: fix race
  * Remove go.mod pin of runc and update to latest
  * systests: kube with policies test: fix race
  * Bump to v4.9.2-dev
  * Bump to v4.9.1
  * Release notes for v4.9.1
  * [v4.9] Bump Buildah to v1.33.4, c/common v0.57.3, c/image v5.29.2
  * pkginstaller: bump Qemu version to 8.2.1
  * Assign separate ports for each appleHV machine
  * Fix machine inspect test config
  * AppleHV: update LastUp time
  * applehv: return socket path from setupAPIForwarding
  * applehv: Remove unneeded cmd.ExtraFiles assignment
  * abi: drop check for IsRootless()
  * system: enhance check for re-exec into rootless userns
  * system: enhance check for re-exec into rootless userns
  * Fix `podman machine set --rootful` for applehv
  * applehv - fix vm lookup
  * rpm: use go-rpm-macros on RHEL 10
  * Bump to v4.9.1-dev
  * Bump to v4.9.0
  * Fix a small grammar error in RELEASE_NOTES.md
  * Fix push endpoint stream
  * Finalized release notes for v4.9.0
  * farm build: push built images to registry
  * Move the --farm flag to farm build command
  * Clean up farm-build miscommit
  * [CI:DOCS] Add podman farm build doc
  * Add release notes for v4.9.0
  * gvproxy: Update to 0.7.2 release
  * [v4.9] Bump Buildah to v1.33.3, c/common to v0.57.2, c/image to v5.29.1
  * Add a net health recovery service to Qemu machines
  * Set up podman machine remote user correctly
  * Remove Libpod special-init conditions
  * Fix `podman system reset` with external containers
  * [v4.8] podman kube play: fix broken annotation parsing
  * feat: disable pid max in the podman machine
  * systests: cp: add wait_for_ready
  * System tests: fixes for RHEL8 gating failures
  * Add API forwarding support for HyperV
  * bump to v4.8.4-dev
​
-------------------------------------------------------------------
Tue Mar 19 14:14:17 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Add patch for CVE-2024-1753 (bsc#1221677):
  0001-CVE-2024-1753-container-escape-fix.patch
​
-------------------------------------------------------------------
Thu Jan 04 05:59:42 UTC 2024 - danish.prakash@suse.com
​
- Update to version 4.8.3:
  * Release v4.8.3
  * Update RELEASE_NOTES.md for v4.8.3
  * update module golang.org/x/crypto to v0.17.0 [security]
  * Error on HyperV VM start when gvproxy has failed to start
  * bump release to v4.8.3-dev
​
-------------------------------------------------------------------
Wed Dec 13 12:51:44 UTC 2023 - Fabian Vogt <fvogt@suse.com>
​
- Refactor network backend dependencies:
  * podman requires either netavark or cni-plugins. On ALP, require
    netavark, otherwise prefer netavark but don't force it.
  * This fixes missing cni-plugins in some scenarios
  * Default to netavark everywhere where it's available
​
-------------------------------------------------------------------
Mon Dec 11 16:13:48 UTC 2023 - kastl@b1-systems.de
​
- Update to version 4.8.2:
  * v4.8.2
  * [CI:DOCS] Update RELEASE_NOTES.md for v4.8.2
  * Kube Play - set ReportWriter when building an image
  * Fix user-mode net init flag on first time install
  * bump c/common to v0.57.1
  * bump version to v4.8.2-dev
​
-------------------------------------------------------------------
Thu Dec  7 08:43:26 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Default to the new networking backend, netavark, on openSUSE (bsc#1217828)
​
-------------------------------------------------------------------
Wed Dec 06 06:02:02 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.8.1:
  * v4.8.1
  * Update RELEASE_NOTES.md for v4.8.1
  * Handle symlinks when checking DB vs runtime configs
  * libpod: Detect whether we have a private UTS namespace on FreeBSD
  * pkg/bindings: add new APIVersionError error type
  * fix podman-remote exec regression with v4.8
  * sqlite: fix issue in ValidateDBConfig()
  * sqlite: fix missing Commit() in RemovePodContainers()
  * sqlite: set busy timeout to 100s
  * Fix locking error in WSL machine rm -f
  * Gating test fixes
  * If API calls for kube play --replace, then replace pod
  * Fix wsl.conf generation when user-mode-networking is disabled
  * Bump to v4.8.1-dev
​
-------------------------------------------------------------------
Tue Nov 28 05:56:48 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.8.0:
  * Bump to v4.8.0
  * Update release notes for 4.8.0
  * Add notes on upcoming deprecations to release notes
  * [v4.8] Bump to Buildah v1.33.2
  * [CI:DOCS] Update release notes
  * machine applehv: create better error on start failure
  * Bump to v4.8.0-dev
  * Bump to v4.8.0-rc1
  * Create release notes for v4.8.0
  * Update release notes from v4.7 branch
  * Cirrus: Update operating branch
  * rootless_tutorial: modernize
  * Bump Buildah to v1.33.1
  * Bump Buildah to v1.33.0
  * Update to libhvee 0.5.0
  * vmtypes names cannot be used as machine names
  * Add support for --compat-auth-file in login/logout
  * Update tests for a c/common error message change
  * Update c/image and c/common to latest, c/buildah to main
  * CI: test overlay and vfs
  * [CI:DOCS] Add link to podman py docs
  * Test fixes for debian
  * pasta tests: remove some skips
  * VM images: bump to 2023-11-16
  * fix(deps): update module k8s.io/kubernetes to v1.28.4 [security]
  * [CI:DOCS] Machine test timeout env var
  * Quadlet - add support for UID and GID Mapping
  * Quadlet - Allow using symlink on the base search paths
  * [skip-ci] Update dessant/lock-threads action to v5
  * Avoid empty SSH keys on applehv
  * qemu,parseUSB: minor refactor
  * fix(deps): update module github.com/gorilla/handlers to v1.5.2
  * docs: fix relabeling command
  * Pass secrets from the host down to internal podman containers
  * (Temporary) Emergency CI fix: quay search is broken
  * Update podman-stats.1.md.in
  * [CI:BUILD] packit: handle builds for RC releases
  * Quadlet test - add case for multi = sign in mount
  * set RLIMIT_NOFILE soft limit to match the hard limit on mac
  * rootless: use functionalities from c/storage
  * CI: e2e: fix a smattering of test bugs that slipped in
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.1
  * vendor: update c/storage
  * Improve the documentation of quadlet
  * Fix socket mapping socket mapping nits
  * fix(deps): update module golang.org/x/tools to v0.15.0
  * fix(deps): update github.com/containers/libhvee digest to 9651e31
  * [skip-ci] Update github/issue-labeler action to v3.3
  * Document --userns=auto behaviour for rootless users
  * machine: qemu: add usb host passthrough
  * fix(deps): update module golang.org/x/net to v0.18.0
  * fix(deps): update module github.com/onsi/gomega to v1.30.0
  * Refactor Ignition configuration for virt providers
  * [CI:BUILD] rpm: disable GOPROXY
  * Automatic code cleanups - JetBrains
  * Refactor key machine objects
  * systests: add [NNN] prefix in logs, NNN = filename
  * systests: add a last-minute check for db backend
  * applehv: allow virtiofs to mount to /
  * Run codespell on podman
  * update completion scripts for cobra v1.8.0
  * Fix man page display of podman-kube-generate
  * Try to fix the broken formatting of man podman‐kube‐apply(1).
  * fix(deps): update module golang.org/x/text to v0.14.0
  * docs: make CNI removal explicit
  * fix(deps): update module github.com/gorilla/mux to v1.8.1
  * fix(deps): update module github.com/spf13/cobra to v1.8.0
  * fix(deps): update module golang.org/x/sync to v0.5.0
  * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18
  * Podman push --help should reveal default compression
  * Update container-device-interface (CDI) to v0.6.2
  * fix: adjust helper string in machine_common
  * fix: adjust helper string in machine_common
  * remote,test: remove .dockerignore which is a symlink
  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
  * fix: adjust helper string in machine_common
  * vendor: update github.com/coreos/go-systemd/v22 to latest main
  * CI: default to sqlite
  * vendor: update c/common
  * check system connections before machine init
  * Consume OCI images for machine image
  * freebsd: drop dead code
  * libpod: make removePodCgroup linux specific
  * containers: drop special handling for ErrCgroupV1Rootless
  * compose: fix compose provider debug message
  * image: replace GetStoreImage with ResolveReference
  * vendor: bump c/image to 373c52a9466f
  * Refactor machine socket mapping
  * AppleHV: Fix machine rm error message
  * Add status messages to podman --remote commit
  * End-of-Life policy for github issues
  * fix(deps): update module github.com/shirou/gopsutil/v3 to v3.23.10
  * Support passing of Ulimits as -1 to mean max
  * fix(deps): update github.com/docker/go-connections digest to 0b8c1f4
  * fix(deps): update github.com/crc-org/vfkit digest to f3c783d
  * Log gvproxy and server9 to file on log-level=debug
  * Change to using gopsutil for cross-OS process ops
  * Initial addition of 9p code to Podman
  * libpod: fix /etc/hostname with --uts=host
  * systests: stty test: retry once on flake
  * systests: pasta: avoid hangs
  * Fix secrets scanning GHA Workflow
  * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
  * docs: clarify systemd cgroup mount
  * podman build --remote URI Dockerfile shoud not be treated as file
  * Small fixes for wacko CI environments
  * Do not add powercap mask if no paths are masked
  * compose: try all possible providers before throwing an error
  * podman kube play --replace should force removal of pods and containers
  * Sort kube options alphabetically
  * container.conf: support attributed string slices
  * CI: podman farm tests cleanup
  * Mask /sys/devices/virtual/powercap
  * Update module github.com/google/uuid to v1.4.0
  * fix(deps): update module github.com/docker/docker to v24.0.7+incompatible
  * fix(deps): update module go.etcd.io/bbolt to v1.3.8
  * CI: systest: safer random_rfc1918_subnet
  * CI: e2e: safer GetPort()
  * Fix broken code block markup in Introduction.rst
  * chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
  * chore: remove npipe const and use vmtype const for checking
  * Update module github.com/onsi/gomega to v1.29.0
  * CI: try to fix more networking flakes
  * fix: check wsl npipe when executing podman compose
  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
  * Quadlet - explicit support for read-only-tmpfs
  * compat API: fix image-prune --all
  * Makefile - allow more control over Ginkgo parameters
  * Add e2e tests for farm build
  * vendor c/{buildah,common}: appendable containers.conf strings, Part 1
  * Add podman farm build command
  * Add emulation package
  * Use buildah default isolation when working with podman play kube
  * docs(API): Fix compat network (dis-)connect
  * test/e2e: do not import buildah
  * pkg/specgen: remove config_unsupported.go
  * pkg/parallel/ctr: add !remote tag
  * pkg/domain/filters: add !remote tag
  * pkg/ps: add !remote tag
  * pkg/systemd/generate: add !remote tag
  * libpod: add !remote tag
  * pkg/autoupdate: add !remote tag
  * vendor latest c/common
  * libpod: remove build support non linux/freebsd
  * Fix typo
  * test/apiv2: adapt apiv2 test on cgroups v1 environment
  * ginkgo setup: retry cache pulls
  * Support size option when creating tmpfs volumes
  * not mounted layers should be reported as info not error
  * CI: stop using registry.k8s.io
  * fix(deps): update module github.com/vbatts/git-validation to v1.2.1
  * test fixes for c/common tag chnages
  * vendor latest c/common
  * hyperV: Update lastUp time
  * [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
  * lint: disable testifylint
  * lint: fix warnings found by perfsprint
  * lint: fix warnings found by inamedparam
  * lint: fix warnings found by protogetter
  * libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon
  * Use node hostname in kube play when hostNetwork=true
  * cirrus setup: special-case perl unicode
  * network: document ports and macvlan interaction
  * quadlet: document cgroupv2 requirement
  * [skip-ci] Update actions/checkout digest to b4ffde6
  * Revert "Emergency workaround for CI breakage"
  * remote: exec: do not leak session IDs on errors
  * fix(deps): update github.com/containers/storage digest to 79aa304
  * fix(deps): update module k8s.io/kubernetes to v1.28.3
  * System tests: fix broken silence127
  * Add TERM iff TERM not defined in container when podman exec -t
  * Emergency workaround for CI breakage
  * Kill gvproxy when machine rm -f
  * Fix path for omvf vars on Darwin/arm64
  * Allow systemd specifiers in User and Group Quadlet keys
  * libpod: rename confusing import name
  * use FindInitBinary() for init binary
  * vendor latest c/common
  * exec: do not leak session IDs on errors
  * systests: cp test: lots of cleanup
  * Define better error message for container name conflicts with external storage.
  * Quadlet - support ImageName for .image files
  * test/system: ignore 127 if it is the expected rc
  * test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
  * image history: fix walking layers
  * fix(api): Ensure compatibality for network connect
  * [CI:DOCS] Add cross-build target info.
  * machine set: document --rootful better
  * libpod: restart+userns cleanup netns correctly
  * Minor log and doc fixes
  * Quadlet man page - discuss volume removal explicitly
  * Quadlet - add support for KubeDownForce
  * System Test - Quadlet kube oneshot
  * Fix output of podman --remote top
  * buildah-bud: test relative TMPDIR
  * Fix handling of --read-only-tmpfs flag
  * Vendor common and buildah main
  * remote,build: wire unsetlabels
  * test: build with TMPDIR as relative
  * docs: add unsetlabel
  * vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
  * fix: pull error response docker rest api compatibility
  * Show client info even if remote connection fails
  * fix(deps): update github.com/containers/libhvee digest to e51be96
  * Run codespell
  * SetLock for all virt providers
  * Machine: Teardown on init failure
  * healthcheck: make sure to always show health_status events
  * Apply suggestions from code review
  * [CI:DOCS]rtd: implement v2 build file
  * Quadlet - support oneshot .kube files
  * libpod: fix deadlock while parallel container create
  * fix(deps): update module golang.org/x/net to v0.17.0
  * api: add `compatMode` paramenter to libpod's pull endpoint
  * api: break out compat image pull
  * fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.3
  * use sqlite as default database
  * vendor latest c/common
  * fix(deps): update module github.com/nxadm/tail to v1.4.11
  * Check for image with /libpod/containers/create
  * container: always check if mountpoint is mounted
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.0
  * vendor: update c/storage
  * api: drop debug statement
  * Quadlet - add support for global arguments
  * Add system test
  * fix(deps): update module golang.org/x/tools to v0.14.0
  * Don't ignore containerfiles outside of build context
  * fix(deps): update github.com/containers/libhvee digest to fcf1cc2
  * fix(deps): update module golang.org/x/term to v0.13.0
  * Update module golang.org/x/sys to v0.13.0
  * [CI:DOCS] Add updating version on podman.io to release process
  * containers.conf: add `privileged` field to containers table
  * Implement secrets/credential scanning
  * Cirrus: Execute Windows podman-machine e2e tests
  * vendor: bump c/storage
  * Update module golang.org/x/sync to v0.4.0
  * [CI:DOCS] update swagger version on docs.podman.io
  * Create Qemu command wrapper
  * Adjust to path name change for resolved unit
  * Revert "Fix WSL systemd detection"
  * [CI:BUILD] rpm/copr: gvforwarder recommends for RHEL
  * [CI:DOCS] update kube play delete endpoint docs
  * [CI:DOCS] Remove dead link from README
  * test/system: --env-file test fixes
  * Revert "feat(env): support multiline in env-file"
  * Revert "docs(env-file): improve document description"
  * Revert "fix(env): parsing --env incorrect in cli"
  * Filter health_check and exec events for logging in console
  * inspect: ignore ENOENT during device lookup
  * test, manifest: test push retry
  * Fix locale issues with WSL version detection
  * vendor: update module github.com/docker/distribution to v2.8.3+incompatible
  * vendor: bump c/common to v0.56.1-0.20231002091908-745eaa498509
  * Update github.com/containers/libhvee digest to e9b1811
  * windows: Use prebuilt gvproxy/win-sshproxy binaries
  * Volume create - fast exit when ignore is set and volume exists
  * Update golang.org/x/exp digest to 9212866
  * Update github.com/opencontainers/runtime-spec digest to c0e9043
  * remove selinux tag as not needed anymore
  * [skip-ci] Improve podmansh(1)
  * Build applehv for Intel Macs
  * Revert "GHA Workflow: Faster discussion-locking"
  * update vfkit vendored code
  * Add DefaultMode to kube play
  * Fix broken podman images filters
  * Remove `c.ExtraFiles` line in machine
  * podman: run --replace prints only the new container id
  * New machines should show Never as LastUp
  * podman machine: disable zincati update service
  * Revert "cirrus setup: install en_US.UTF-8 locale"
  * Cirrus: CI VM images w/ newer automation-library
  * CI VMs: bump to f39 + f38
  * [CI:DOCS] Update podman load doc
  * Update mac installer to latest gvproxy release
  * Fix WSL systemd detection
  * Add documentation for the vrf option on netavark
  * fix(deps): update github.com/containers/common digest to 9342cdd
  * fix: typos in links, path and code example
  * e2e: ExitCleanly(): manual special cases
  * e2e: ExitCleanly(): the final fron^Wcommit
  * [CI:DOCS] Add win-sshproxy target to winmake
  * wsl: enable machine init tests
  * Update docs/source/markdown/options/rdt-class.md
  * move IntelRdtClosID to HostConfig
  * use default when user does not provide rdt-class
  * Add documentation for Intel RDT support
  * Add test for Intel RDT support
  * Add Intel RDT support
  * [CI:DOCS] Fix podman form update --help examples
  * Quadlet container mount - support non key=val options
  * test/e2e: default to netavark
  * [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
  * fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.7.1
  * fix(deps): update github.com/containers/common digest to 4619314
  * applehv: enable machine tests for start
  * applehv: machine tests for stop and rm
  * Update machine tests README
  * Add podman socket info to machine inspect
  * Fix podman machine info test for hyperV
  * libpod: pass entire environment to conmon
  * e2e: ExitCleanly(): manual fixes to get tests working
  * e2e: ExitCleanly(): a few more
  * FCOS+podman-next: correct GHA conditional syntax
  * pkg/machine/e2e: wsl stop
  * wsl: machine tests for inspect
  * wsl: machine tests for ssh
  * fix(deps): update github.com/containers/common digest to e18cda8
  * wsl: machine start test
  * wsl machine tests: set
  * wsl: machine tests
  * Skip proxy test for hyperV
  * Enable machine e2e test for applehv
  * hyperV: Respect rootful option on machine init
  * [CI:BUILD] FCOS image: enable nightly build
  * e2e: use safe fedora-minimal image
  * hyperv: machine e2e tests for set command
  * podman build: correct default pull policy
  * fix handling of static/volume dir
  * unbreak CI: useradd not found
  * hyperv: set more realistic starting state
  * hyperv: use StopWithForce with remove
  * Fix all ports exposed by kube play
  * Fix setting timezone on HyperV
  * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 97028a6
  * Fix farm update to check for connections
  * Adjust machine CPU tests
  * Bump version on main
  * [CI:BUILD] Packit: show SHORT_SHA in `podman --version` for COPR builds
  * Vendor c/common
  * pod rm: do not log error if anonymous volume is still used
  * e2e: ExitCleanly(): manual fixes to get tests passing
  * e2e: ExitCleanly(): a few more
  * fixes for pkg/machine/e2e on hyperv
  * test: fix rootless propagation test
  * [CI:BUILD] packit: tag @containers/packit-build team on copr build failures
  * Enable disk resizing for applehv
  * Various updates for hyperv and machine e2e tests
  * test: update fedoraMinimal version
  * specgen, rootless: fix mount of cgroup without a netns
  * Automatically remove anonymous volumes when removing a container
  * Use ActiveServiceDestination in ssh remoteConnectionUsername
  * fix(deps): update github.com/containers/gvisor-tap-vsock digest to 9298405
  * e2e: ExitCleanly(): generate_kube_test.go
  * e2e: generate kube -> kube generate
  * e2e: ExitCleanly(): generate_kube_test.go
  * windows cannot "do" extra files
  * e2e: ExitCleanly(): Fixes for breaking tests
  * play kube -> kube play
  * e2e: ExitCleanly(): play_kube_test.go
  * introduce pkg/strongunits
  * Makefile equiv Powershell script
  * pass --syslog to the cleanup process
  * vendor of containers/common
  * fix --authfile auto-update test
  * compat API: speed up network list
  * Change priority for cli-flags for remotely operating Podman
  * libpod: remove unused ContainerState() fucntion
  * [CI:BUILD] Packit: Enable failure notifications for cockpit tests
  * e2e: ExitCleanly(): more low-hanging fruit
  * e2e: ExitCleanly(): more low-hanging fruit
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
  * Enable machine e2e tests for WSL
  * systests: tighter checks for unwanted warnings
  * GHA Workflow: Faster discussion-locking
  * [CI:BUILD] FCOS + podman-next image: pull in wasm
  * [CI:BUILD] rpm: remove gvproxy subpackage
  * [CI:DOCS] Tweak podman to Podman in a few farm man pages
  * Docs on sig-proxy are wrong, we support TTY
  * e2e: ExitCleanly(): low-hanging fruit, part 2
  * e2e: ExitCleanly(): low-hanging fruit, part 1
  * Buildtag out unix commands for common OS files
  * systests: clean up after tests; fix missing path in logs
  * [CI:BUILD] followup PR for fcos with podman-next
  * Implement gvproxy networking using cmdline wrapper
  * fix, test: rmi should work with images w/o layers
  * vendor: bump c/common to v0.56.1-0.20230919073449-d1d9d38d8282
  * Quadlet Image test - rearrange test function
  * e2e: continuing ExitCleanly() work: manual tweaks
  * e2e: continuing ExitCleanly() work
  * [CI:DOCS] Improve podman-tag man page
  * [CI:DOCS] Improve podman-build man page
  * [CI:DOCS] Include precheck to release process
  * [CI:DOCS] consistentize filter options in man pages
  * Quadlet - add support for .image units
  * --env-host: use default from containers.conf
  * error when --module is specified on the command level
  * man page crossrefs: add --filter autocompletes
  * Fix specification of unix:///run
  * Add label! filter and tests to containers and pods
  * Add test for legacy address without two slashes
  * Use url with scheme and path for the unix address
​
-------------------------------------------------------------------
Wed Nov  8 07:48:11 UTC 2023 - Andreas Schwab <schwab@suse.de>
​
- Use crun only on selected archs
​
-------------------------------------------------------------------
Wed Nov 01 07:15:17 UTC 2023 - dcermak@suse.com
​
- Update to version 4.7.2:
  * v4.7.2
  * Update RELEASE_NOTES.md for v4.7.2
  * compose: try all possible providers before throwing an error
  * Mask /sys/devices/virtual/powercap
  * fix: check wsl npipe when executing podman compose
  * rtd: implement v2 build file
  * Adjust to path name change for resolved unit
  * Switch version to 4.7.2-dev
​
-------------------------------------------------------------------
Tue Oct 31 14:35:31 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
​
- crun is not available for armv6 (because of criu), so use runc
  on armv6
​
-------------------------------------------------------------------
Thu Oct 12 09:47:46 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Use crun on Tumbleweed & ALP for WASM support
​
-------------------------------------------------------------------
Fri Oct 06 05:50:25 UTC 2023 - danish.prakash@suse.com
​
- podman-docker: Provides docker to avoid conflicts
  when using podman with docker-compose (bsc#1215926)
- Update to version 4.7.1:
  * New version: v4.7.1
  * Update RELEASE_NOTES.md for v4.7.1
  * compat API: speed up network list
  * inspect: ignore ENOENT during device lookup
  * test/system: --env-file test fixes
  * Revert "feat(env): support multiline in env-file"
  * Revert "docs(env-file): improve document description"
  * Revert "fix(env): parsing --env incorrect in cli"
  * [CI:DOCS] update swagger version on docs.podman.io
  * Fix locale issues with WSL version detection
  * switch version to 4.7.1-dev
​
-------------------------------------------------------------------
Fri Sep 29 03:21:32 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Build against latest stable Go version (bsc#1215807)
​
-------------------------------------------------------------------
Thu Sep 28 04:44:43 UTC 2023 - kastl@b1-systems.de
​
- Update to version 4.7.0:
  * Bump to v4.7.0
  * [CI:DOCS] v4.7.0 RELEASE_NOTES update
  * rpm: remove gvproxy subpackage
  * packit: tag @containers/packit-build team on copr build
    failures
  * specgen, rootless: fix mount of cgroup without a netns
  * pass --syslog to the cleanup process
  * fix --authfile auto-update test
  * version: switch back from -rc1 to -dev
  * New pre-release: v4.7.0-rc1
  * [CI:DOCS] Update release notes for v4.7.0-rc1
  * Cirrus: Update operating branch
  * Move podman build opts to common file
  * Add ability for machine rm -f for WSL
  * Plumbing to run machine tests with hyperv
  * CI: trace setup and runner scripts
  * Bump to Buildah v1.32.0
  * [CI:DOCS] bump release notes on main with the latest release
  * fix(deps): update module github.com/opencontainers/image-spec
    to v1.1.0-rc5
  * Add --filter pod= autocompletion
  * e2e: ExitCleanly(): manual test fixes
  * e2e: continuing ExitCleanly(): just the replacements
  * Fix some spelling and formatting
  * Add support for Ulimit in quadlet
  * Run codespell on code
  * wire in new buildah build options
  * make golangci-lint happy
  * add !remote tag to pkg/specgen/generate
  * pkg/specgen: do not depend on libimage for remote
  * bump buildah to latest
  * [CI:DOCS] restart.md: migrate to container unit
  * fix(deps): update module k8s.io/kubernetes to v1.28.2
  * Add support for PidsLimit in quadlet
  * Add DNS fields to Container and Network unit groups
  * [CI:DOCS] update API docs version list
  * Try to fix broken CI (gvisor-something)
  * e2e: more ExitCleanly(): manual test fixes
  * e2e: more ExitCleanly(): dumb string replacements
  * e2e: create_test: use ExitCleanly()
  * e2e: diff_test: use ExitCleanly()
  * The `podman init` command cannot modify containers.
  * bump c/common to latest main
  * Podmansh: use podmansh_timeout
  * e2e: more ExitCleanly(): low-hanging fruit
  * vendor: update checkpointctl to v1.1.0
  * kube: add DaemonSet support for generate
  * vendor of containers/(common, storage, image)
  * libpod: move oom_score_adj clamp to init
  * e2e: commit_test: use ExitCleanly()
  * e2e: container_clone_test.go: use ExitCleanly()
  * e2e: use ExitCleanly() in cleanup_test.go
  * Ensure HC events fire after logs are written
  * [CI:DOCS] podman-systemd.unit: fix equivalents
  * Add support for kube TerminationGracePeriodSeconds
  * Update podman-kube-play.1.md.in
  * Split up alt binaries to speed up build
  * Switch installer task to EC2
  * pod: fix duplicate volumes from containers.conf
  * tests: add test for pod cgroups
  * libpod: create the cgroup pod before containers
  * cmd, specgen: allow cgroup resources without --infra
  * specgen: allow --share-parent with --infra=false
  * libpod: allow cgroup path without infra container
  * libpod: check if cgroup exists before creating it
  * libpod: refactor platformMakePod signature
  * libpod: destroy pod cgroup on pod stop
  * utils: export MoveUnderCgroup
  * libpod: refactor code to new function
  * e2e: use ExitCleanly() in checkpoint tests
  * [CI:DOCS]Remove use of --latest|-l from tutorial
  * CI test runner: upgrade tests rely on system tests
  * run --rmi: "cannot remove" is a warning, not an error
  * StopContainer: display signal num when name unknown
  * URGENT: fix broken CI
  * Add support for kube  securityContext\.procMount
  * podman: don't restart after kill
  * Tmpfs should not be mounted noexec
  * sys tests: run_podman: check for unwanted warnings/errors
  * chore(deps): update dependency setuptools to ~=68.2.0
  * e2e: use ExitCleanly() in attach & build tests
  * Some distros do not default to docker.io for shortname searches
  * security: accept empty capabilities list
  * systests: random_free_port: fix EADDRINUSE flake
  * fix(deps): update module github.com/cyphar/filepath-securejoin
    to v0.2.4
  * Restrict fcos_test to amd64, arm64
  * fix(deps): update github.com/containers/libhvee digest to
    56fb235
  * fix(deps): update module github.com/docker/docker to
    v24.0.6+incompatible
  * fix(deps): update module golang.org/x/tools to v0.13.0
  * Ignore spurious container-removal errors
  * fix(deps): update module golang.org/x/net to v0.15.0
  * systests: manifest zstd test: lots of tiny cleanups
  * vendor: update github.com/opencontainers/runc to main
  * [skip-ci] Update actions/checkout action to v4
  * linux, rootless: clamp oom_score_adj if it is too low
  * machine: increase max number of inotify instances
  * fix(deps): update module golang.org/x/term to v0.12.0
  * Remove redundant nil checks in system connection remove
  * fix(deps): update module golang.org/x/text to v0.13.0
  * fix(deps): update module golang.org/x/sys to v0.12.0
  * fix(deps): update github.com/containers/libhvee digest to 2bf7930
  * docs(readme): fix a broken link
  * [CI:BUILD] Podman FCOS image from main
  * Update golang.org/x/exp digest to d852ddb
  * Add port forwarding and gvproxy machine test
  * libpod: do not parse --hostuser in base 8
  * fix: default typo
  * Add Japanese locale and translation of index
  * remove rh.container.bot@gmail.com
  * Tweaks and cleanups to prepare hyperv for CI
  * system tests: housekeeping: various small fixes
  * CI: e2e: first use of new ExitCleanly() matcher
  * CI: e2e: new ginkgo matcher, ExitCleanly()
  * CI: e2e: fetch the standard system-test image
  * kube play: fix pull policy
  * Fix gidmap command in example
  * vendor containers/common@12405381ff45
  * manifest,push: support add_compression from containers.conf
  * hyperv ignition: use gvforwarder instead of vm
  * Set remote username earlier for hyperv
  * Added an additional troubleshooting problem and solution
  * Remove a dependency on libimage from pkg/bindings
  * Rename parameter in pkg/bindings
  * Remove a dependency on libimage from pkg/api/handlers
  * Don't re-inspect an image
  * Cirrus: Remove multi-arch podman image builds
  * uid/gid mapping flags
  * [DOC] Clarify default behaviour on uidmap
  * Update containers/common to latest
  * update libhvee
  * /_ping handler: return OSType http header
  * e2e: fix race condition (kube play + logs)
  * Update module github.com/vbauerster/mpb/v8 to v8.6.0
  * Kube - support List documents
  * kube down/play --replace: handle absent objects
  * push, manifest-push: --force-compression must be true with
    --compression-format
  * oci: print stderr only after checking state
  * Updated docs to reflect pod spec sysctls support added in v4.6
  * [CI:BUILD] Packit: Disable unexpected journal message check for
    cockpit-podman
  * [CI:BUILD] Packit: Restrict cockpit tests to recent Fedoras
  * Update machine init/set tests
  * Add rootful status to machine inspect
  * Dedup and refactor image acquisition
  * Share podman sock bindings with other WSL distros
  * Fix user-mode validation check
  * system tests: try to fix sdnotify flakes
  * Cirrus: Disable only hello multiarch build
  * Set StopTimeout for service-container started under podman kube
    play
  * Set StopTimeout for compat API if not set by client
  * podman exec should set umask to match container
  * [CI:BUILD] Packit: run cockpit-podman tests in PRs
  * Add infra-name annotations to kube gen/play
  * kube: notifyproxy: close once
  * system service: unset NOTIFY_SOCKET
  * Update module k8s.io/kubernetes to v1.28.1
  * API attach: return vnd.docker.multiplexed-stream header
  * test/apiv2/60-auth.at: use `doesnotexists.podman.io`
  * e2e tests: use registry:2.8.2 (was 2.8)
  * create apiutils package
  * api docs: document stream format
  * Revert "Remove `hello` multi-arch image build"
  * manifest-push: add support for --force-compression
  * push: add support for --force-compression
  * Update module github.com/onsi/ginkgo/v2 to v2.12.0
  * Remove `hello` multi-arch image build
  * hack/perf/system-df.sh: add `df` benchmarks
  * Expand env variables for cmds/entrypoint with format $(ENV)
  * vendor c/storage@6902c2d
  * Ignore the resource limits on cgroups V1 rootless systems
  * Fixups for stopping gvproxy
  * Revert "GHA: Closed issue/PR comment-lock test"
  * GHA: Closed issue/PR comment-lock test
  * GHA: Add workflow to lock closed issues/PRs
  * [CI:DOCS] update auto-update docs
  * chore(deps): update dependency containers/automation_images to
    v20230816
  * fix(deps): update module github.com/google/uuid to v1.3.1
  * libpod: sum per-interface network stats for FreeBSD
  * Set default Umask for `podman kube play`
  * [CI:BUILD] rpm: spdx compatible license field
  * chore(deps): update dependency golangci/golangci-lint to
    v1.54.2
  * Implement automatic port reassignment on Windows
  * Add support for ramfs as well as tmpfs in volume mounts
  * Validate current generation of WSL2 with user-mode-networking
  * use container restart policy if user specifies one
  * Stop gvproxy on hyperv machine stop
  * [CI:BUILD] rpm: depend on man-db
  * Update machine list test
  * Update machine start tests
  * Update machine rm tests
  * libpod: improve conmon error handling
  * cirrus setup: install en_US.UTF-8 locale
  * fixup "podman logs with non ASCII log tag" tests
  * libpod: use /var/run instead of /run on FreeBSD
  * cirrus/lib.sh: extend env to passthrough at start for locale
    work
  * libpod: correctly pass env so alternative locales work
  * cgroups_linux: use SessionBusPrivateNoAutoStartup
  * podmansh man page UID=$(id -u lockedu) is not allowed
  * CI: systests: remove pasta ICMP tests
  * podman.1.md: Fix formatting of exit code 127, clarify wording
    of `exit code` example.
  * document available secret drivers
  * pkg/specgen: add support for read-only root on FreeBSD
  * add --module flag
  * Update dependency setuptools to ~=68.1.0
  * Add riscv64 architecture to the cross build target
  * GetFcosArch add `riscv64` arch
  * Update WSL backend to be compat with FCOS defaults
  * enabled hyperv image downloads
  * fix(deps): update module github.com/containers/ocicrypt to
    v1.1.8
  * [CI:DOCS] Fix git build example in build page
  * CI: e2e manifest_test: use image from quay
  * Cirrus: Remove EC2 experimental flag
  * sphinx: skip options include dir
  * Update rootfs.md: Fix formatting and wording of idmap option
  * fix: Docker API compatible bool deserialization
  * Revert "compat,build: pull must accept string"
  * Add missing verb in machinectl example
  * [CI:DOCS] Update Release Notes and Release Process
  * chore(deps): update dependency golangci/golangci-lint to
    v1.54.1
  * fix podman top missing output flake
  * New partial-line test is flaking
  * [CI:BUILD] Packit: add back fedora-eln targets
  * Cirrus: Prune defunct job + fix noop alias
  * Bump bundled gvproxy to 0.7.0
  * systests: tests for --env and --env-file
  * Update system connection add & remove
  * Add tests for podman farm
  * Add podman farm update command
  * Add podman farm remove command
  * Add podman farm list command
  * Add podman farm create command
  * Add podman farm subcommand
  * CI: e2e: add delay before podman logs or journalctl
  * Add completion for Farms
  * Vendor c/common changes
  * chore(deps): update dependency golangci/golangci-lint to
    v1.54.0
  * file logger: fix podman logs --tail with partial lines
  * fix(env): parsing --env incorrect in cli
  * Update docker.io/library/golang Docker tag to v1.21
  * podman stop --cidfile missing --ignore
  * Skip podman exec cannot be invoked on Debian
  * Re-enable checkpoint test on Debian SID
  * Require a non-generic reason for non-Fedora skip
  * CI FIXME removal/update.
  * Update dependency containers/automation_images to v20230807
  * [skip-ci] Update dawidd6/action-send-mail action to v3.8.0
  * [CI:DOCS] fixed couple typos in build docs
  * Stop timer in function waitPidStop
  * packit: Build PRs into default packit COPRs
  * Add support for host-gateway
  * Ensure volumes-from mounts override image volumes
  * Minor: Include shasums in GHA workflow artifacts
  * Minor: Add important comment to windows GHA workflow
  * Minor: Update/fix dry-run input descriptions
  * [CI:DOCS] Quadlet - provide more information about network
    files
  * man-page xref: check for duplicate entries
  * cp: close temporary file on error path
  * Makefile: work around the lack of 'man -l' on FreeBSD
  * Update module golang.org/x/net to v0.14.0
  * libpod: fix a crash in 'kube generate' on FreeBSD
  * remove temporary files when copy [NO NEW TESTS NEEDED]
  * Update module golang.org/x/sys to v0.11.0
  * [ci] Remove the podman socket in remove_packaged_podman_files()
  * [ci] Correct the podman systemd file names
  * Always show RemoteSocket.Exists in json
  * Fail if ssh key exists
  * Fix regression for hyperv
  * [CI:BUILD] Makefile: rpm target generates correct version
  * Fix nits in #19480
  * Add support for passing container stop timeout as -1 (infinite)
  * pkg/specgen: Add device support for FreeBSD
  * [CI:DOCS] man: remove duplicate entry .LastUp
  * CI: e2e: remove useless test
  * Check tty flag to set default terminal in Env
  * Run codespell on code
  * Deprecate podman generate systemd
  * manifest/push: add support for --add-compression
  * [CI:DOCS]Update Release Notes
  * CI: sys: quadlet %T test: do not rely on journal
  * GHA: Support testing build/sign workflows
  * Remove unnecessary backslashes
  * [docs] Use code blocks for commands in podman-completion
  * Make podman run --rmi automatically set --rm
  * machine: QEMU: recover from failed start
  * vendor: bump c/image to v5.26.1-0.20230801083106-fcf7f0e1712a
  * secret: add support for `--ignore` with rm
  * Move `writeConfig` logic to shared function
  * Move some logic of `setRootful` to a common file
  * move `removeFilesAndConnections` to a common file
  * Move `waitAPIAndPrintInfo` to common file
  * Move `addSSHConnectionsToPodmanSocket` code to shared file
  * Update module golang.org/x/net to v0.13.0
  * chore(deps): update dependency containers/automation_images to
    v20230726
  * Skip pasta local forwarder test on debian SID
  * Skip broken/flaky blkio-weight test
  * Skip tarball re-inport test in rawhide for CI
  * Cleanup CIDFile on podman-remote run --rm command
  * CI: e2e: remove workaround for missing login file
  * vendor: bump c/image and c/common
  * Add support for confined users
  * Cirrus: Temp. disable rawhide validation task
  * Limit git-validation to 'short-subject'
  * Fix up man page and add test on globs
  * Move alternate image acquisition to separate function
  * Move `getDevNullFiles` into a common file
  * Update github.com/digitalocean/go-qemu digest to 2e3d018
  * Convert QEMU functions to methods with documentation
  * Update docs/source/markdown/podman-build.1.md.in
  * do not redefine gobuild for eln
  * Set default userns from containers.conf file
  * Mention TimeoutStartSec in quadlet man page
  * inspect with network=none show SandboxKey netns path
  * [CI:DOCS] GHA: Use stable go for Mac/Win builds
  * Breakup AppleHV machine funcs
  * Codespell fixups
  * Update docs/source/markdown/podman-stats.1.md.in
  * CI: e2e: reenable containerized checkpoint tests
  * docs(env-file): improve document description
  * Don't log EOF error when using podman --remote build with an
    empty context directory.
  * API: kill: return 409 on invalid state
  * feat(env): support multiline in env-file
  * Adds documentation to new functions that were added
  * `startHostNetworking`: get DevNull files
  * `Remove`: remove network and ready sockets from registry
  * `Remove`: remove files and connections
  * `Remove`: collect files to destroy
  * `Init`: read and split ign file
  * `Init`: write ign config
  * `Init`: add network and registry socks to registry
  * `Init`: add SSH conns to podman sock
  * Improve the description of fields in podman-stats man page
  * make /dev & /dev/shm read/only when --read-only
    --read-only-tmpfs=false
  * Mention no comment lines in Containerfile.in podman-build man
    page
  * [CI:BUILD] RPM: define gobuild macro for rhel/centos stream
  * Fix HyperV loadMachineFromJSON function name
  * machine: QEMU: lock VM on stop/rm/set
  * libpod: add 'pod top' support on FreeBSD
  * [CI:DOCS] Build and Sign Mac Pkginstaller
  * Make sure users changes --authfile before checking
  * github: add issue type as link to podman github discussions
  * Break QEMU `config.go` code into its own functions
  * machine: QEMU: lock VM on start
  * libpod: fix 'podman kube generate' on FreeBSD
  * Add glob support to podman run/create --mount
  * kube: add DaemonSet support
  * Fix artifacts script after removal of msitools msi build
  * System tests: quadlet: fix race in %T test
  * If quadlets have same name, only use first
  * Add support for mounts listed in containers.conf
  * Update vendor of containers/common
  * System tests: add test tags
  * [CI:DOCS] socket_activation.md: increase socat timeout
  * go-md2man: use vendored-in version, not system
  * CI: use different TMPDIR on prior-fedora
  * system tests: authfile-exists: minor cleanup
  * start(): don't defer event
  * Fix: use --all in podman stats to get all containers stats
  * Verify authfile exists if user specifies it
  * libpod: don't generate errors for createTimer etc.
  * add "healthy" sdnotify policy
  * Remove LICENSE and general doc files that are installed by the
    main package
  * Add missing `
  * Remove legacy msitools based msi installer
  * Remove any quotes around distribution id
  * add a podman-compose command
  * pkg/specgen: Don't crash for device spec with...
  * fix(deps): update module github.com/docker/docker to
    v24.0.5+incompatible
  * Update vendor of containers/(storage,image)
  * Clean up /var/tmp/ when using oci-archives when creating
    containers
  * [CI:BUILD] RPM: separate out gvproxy for copr and rawhide
  * Reduce qemu machine function sizes
  * [CI:DOCS] migrate socket_activation.md to quadlet
  * [CI:DOCS] Update kube play volume support
  * Fix language, typos and markdown layout
  * [CI:DOCS] Add note about QUADLET_UNIT_DIRS to simplify quadlet
    debug
  * Add note on debugging quadlet unit files
  * Remove unnecessary use of the word "please".
  * libpod: fix FreeBSD 'podman-remote top' default behaviour
  * fix(deps): update module github.com/onsi/gomega to v1.27.9
  * Add support for ShmSize to quadlet
  * Quadlet system test - force journald log driver for short lived
    containers
  * fix(deps): update module github.com/containers/libhvee to
    v0.4.0
  * quadlet recursively scan for unit files
  * Ensure that we appropriately warn that TCP is insecure
  * systests: quadlet: fixes for RHEL8
  * Quadlet - Allow setting Service WorkingDirectory for Kube units
  * Quadlet system test - do not rely on journalctl in kube file
    tests
  * Fix markdown in docs for podman-network-create
  * Man pages: check for corrupt tables
  * quadlet systest: fix broken tmpdir references
  * Add `since` as valid filter option for `volume` subcommands
  * Podmansh: Better error, increase timeout to 30s
  * Fix multiple filter options logic for `podman volume ls `
  * Add bash-completion for podman inspect
  * Fix windows installer
  * Add missing reserved annotation support to `play`
  * Avoid progress hang with empty files
  * Revert the usage of `home.GetConfigHome()`
  * Fix bug report issue template README link
  * Replace error check for non-existent file
  * Emergency gating-test fixes for RHEL8
  * Add progress bar for decompress image
  * refactor: move progressbar to a function
  * Use pkg/homedir to get the home config directory
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
  * Should be checking tmpfs versus type not source
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
  * Enabled arm64 arch for podman applehv provider
  * [CI:BUILD] Packit: remove pre-sync action
  * Add `--podman-only` flag to `podman generate kube`
  * Update vendor containers/(common, buildah, image, storage)
  * Use constants for mount types
  * libpod: use define.TypeBind when resolving container paths
  * Tests: remove/update obsolete skips
  * Fix trust not using local policy file
  * Fix `podman container prune` docs for `--filter`
  * Add more tests for liveness probes with default hostname &
    named ports
  * docs: podman-build --network add slirp and pasta
  * docs: podman run --network mention comma separted names
  * Podman machine AppleHV pass number 3
  * Makefile: `package` -> `rpm`
  * network create: document --internal better
  * pkg/specgen: fix support for --rootfs on FreeBSD
  * machine start: qemu: wait for SSH readiness
  * [CI:BUILD] Packit: downstream task action fix
  * Fix container errors not being sent via pod removal API
  * Add missing return after utils.InternalServerError()
  * Update cmd/podman/login.go
  * [CI:DOCS] Reformat and reorder table with --userns options
  * Add secret support to podman login
  * netavark: macvlan networks keep custom nameservers
  * remote: fix podman-remote play kube --userns
  * fix(deps): update container-device-interface to v0.6.0
  * go mod: no longer use 1.18
  * fix(deps): update module github.com/containers/libhvee to
    v0.3.0
  * chore(deps): update module github.com/gin-gonic/gin to v1.9.1
    [security]
  * Run codespell on code
  * system service: unset listen fds on tcp
  * add hostname to network alias
  * libpod: set cid network alias in setupContainer()
  * AppleHV enablement pass #2
  * e2e: Fetch the correct user name
  * Add `--no-trunc` flag to maintain original annotation length
  * Fix TCP probes when the optional host field is not given
  * Add support for using port names in Kubernetes health probes
  * Fix: cgroup is not set: internal libpod error after os reboot
  * Allow setting volume and network names in Quadlet
  * pasta tests: automatically determine test parameters
  * test/e2e: wait for socket
  * manifest inspect: support authentication
  * api: fix slow version endpoint
  * libpod: don't make a broken symlink for /etc/mtab on FreeBSD
  * CI: remove build without cgo task
  * libpod: use io.Writer vs io.WriteCloser for attach streams
  * top: do not depend on ps(1) in container
  * make --syslog errors non fatal
  * api: fix doc for default ps_args
  * Fixes typo in the path where quadlet looks for files
  * Add --replace flag to podman secret create
  * [CI:DOCS] uidmap man pages: fix corrupt italics
  * [skip-ci] Update github/issue-labeler action to v3.2
  * [CI:DOCS] podman-system-service.1.md: document systemd usage
  * fix(deps): update module github.com/docker/docker to
    v24.0.4+incompatible
  * fix(deps): update module github.com/docker/docker to
    v24.0.3+incompatible
  * Use bytes size consistently instead of human size
  * bugfix: do not try to parse empty ranges
  * [CI:BUILD] Packit: fix pre-sync action for downstream tasks
  * fix(deps): update module golang.org/x/tools to v0.11.0
  * fix(deps): update module golang.org/x/net to v0.12.0
  * fix(deps): update module golang.org/x/term to v0.10.0
  * e2e: fix two toolbox flakes
  * test/e2e: use GinkgoT().TempDir() over MkdirTemp()
  * test/e2e: use random ImageCacheDir
  * test/e2e: remove RHEL7 workaround
  * test/e2e: remove unnecessary code in SynchronizedAfterSuite
  * test/e2e: do not use /tmp for podman commands
  * test/tools: vendor ginkgo v2.11
  * test/e2e: write timings directly to file
  * machine start: qemu: adjust backoffs
  * auto update: fix usage of --authfile
  * system tests: refactor registry code
  * fix(deps): update module golang.org/x/text to v0.11.0
  * pkg/specgen: properly identify image OS on FreeBSD
  * libpod: use new libcontainer BlockIO constructors
  * [CI:BUILD] Minor: Don't confuse osx-debugging
  * [CI:DOCS] Better document the default value of --userns
  * Cirrus: build FreeBSD binaries in a VM
  * Makefile: add support for building freebsd release tarballs
  * [CI:DOCS] uidmap man pages: fix corrupt tables
  * fix(deps): update github.com/crc-org/vfkit digest to c9a4b08
  * fix(deps): update module github.com/containers/buildah to
    v1.31.0
  * fix(deps): update module github.com/opencontainers/image-spec
    to v1.1.0-rc4
  * Use /proc/self/gid_map as intended, not uid_map
  * fix(command): ignore `--format` in `podman search --list-tags`
  * podman machine start: fix ready service
  * Makefile: don't rely on the non-standard -r flag for ln
  * pasta: Create /etc/hosts entries for pods using pasta
    networking
  * fix(deps): update module github.com/containers/libhvee to
    v0.2.0
  * pasta tests: add sanity check for test name vs function
  * pasta tests: cleanup + 1 new test
  * cmd/podman, pkg/domain/infra: sockets should live in /var/run
    on FreeBSD
  * cmd/podman/system: add API server support on FreeBSD
  * [CI:DOCS] Document support of pod security context IDs
  * rootless: use default_rootless_network_cmd config
  * Revert^3 "pasta: Use two connections instead of three in TCP
    range forward tests"
  * pasta: Workaround occasional socat failures in CI
  * pasta: Remove some leftover code from pasta bats tests
  * Bump c/image to v5.26.0, c/common 0.54.0
  * fix(deps): update module github.com/coreos/stream-metadata-go
    to v0.4.3
  * Display secret to user in inpspect
  * [CI:BUILD] RPM: Fix koji and ELN issues
  * e2e: systemd test: major fixes
  * pkg/specgen: add support for 'podman run --init' on FreeBSD
  * Bump version after v4.6 branch cut
  * Remove 'inspecting object' from inspect errors
  * pasta: Fix pasta tests to work on hosts with multiple
    interfaces
  * [CI:DOCS] fix command incorrect in windows
  * Fix readonly=false failure
  * pkg/specgen: Add support for Linux emulation on FreeBSD
  * Fix up podmansh man page
  * Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs
  * Fixes for vendoring Buildah
  * vendor in latest buildah
  * tests: fix "Storing signatures" check
  * update c/image and c/storage to latest
  * Kube quadlets can support autoupdate as well as containers
  * debug tail 800 lines flake
  * Pass in correct cwd value for hooks exe
  * specgen: honor --device-cgroup-rule with a new user namespace
  * specgen, rootless: raise error with --device-cgroup-rule
  * make image listing more resilient
  * Update module google.golang.org/protobuf to v1.31.0
  * Trim whitespace from unit files while parsing
  * Re-organize hypervisor implementations
  * play.go: remove volumes on down -f
​
-------------------------------------------------------------------
Tue Aug 29 11:07:37 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.6.2:
  * Bump to v4.6.2
  * Release notes for v4.6.2
  * Packit: Disable unexpected journal message check for cockpit-podman
  * Packit: Restrict cockpit tests to recent Fedoras
  * Packit: run cockpit-podman tests in PRs
  * rpm: spdx compatible license field
  * vendor c/storage@v1.48.1
  * rpm: depend on man-db
  * use container restart policy if user specifies one
  * podmansh man page UID=$(id -u lockedu) is not allowed
  * packit: Build PRs into default packit COPRs
  * Skip tests that fail in gating
  * fix: pull parma parsing for the /build compat ep
  * [CI:DOCS] Update Release Notes
  * Bumpt to v4.6.2-dev
​
-------------------------------------------------------------------
Wed Aug 16 05:27:24 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Fix build error on SLE due to dangling files clause
  on a discarded file, README.SLE.SUSE
- Fix unexpanded RPM macro error
​
-------------------------------------------------------------------
Fri Aug 11 05:42:19 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.6.1:
  * Bump to v4.6.1
  * Release notes for v4.6.1
  * Vendor buildah v1.31.2
  * [4.6] vendor c/common v0.55.3
  * [v4.6] Remove zstd:chunked reference
  * [v4.6] bump golang.org/x/net to v0.13.0
  * do not redefine gobuild for eln
  * [CI:BUILD] RPM: define gobuild macro for rhel/centos stream
  * [v4.6] [CI:BUILD] RPM: separate out gvproxy for copr and fedora >= 38
  * System tests: add test tags
  * API: kill: return 409 on invalid state
  * Mention TimeoutStartSec in quadlet man page
  * If quadlets have same name, only use first
  * Bump to v4.6.1-dev
​
-------------------------------------------------------------------
Thu Aug  3 13:05:43 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Discard outdated README.SUSE.SLES
- Recommend gvisor-tap-vsock, required for `podmand machine`
​
-------------------------------------------------------------------
Fri Jul 21 05:26:20 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.6.0:
  * Bump to v4.6.0
  * Update release notes for v4.6.0
  * Ensure that we appropriately warn that TCP is insecure
  * CI: remove build without cgo task
  * libpod: use io.Writer vs io.WriteCloser for attach streams
  * top: do not depend on ps(1) in container
  * api: fix doc for default ps_args
  * Add more tests for liveness probes with default hostname & named ports
  * Fix TCP probes when the optional host field is not given
  * Add support for using port names in Kubernetes health probes
  * [CI:DOCS] fix command incorrect in windows
  * [CI:DOCS] Reformat and reorder table with --userns options
  * [CI:DOCS] Better document the default value of --userns
  * Add missing return after utils.InternalServerError()
  * Fix markdown in docs for podman-network-create
  * Fix multiple filter options logic for `podman volume ls `
  * Should be checking tmpfs versus type not source
  * Use constants for mount types
  * Fix `podman container prune` docs for `--filter`
  * docs: podman-build --network add slirp and pasta
  * docs: podman run --network mention comma separted names
  * network create: document --internal better
  * pkg/specgen: fix support for --rootfs on FreeBSD
  * systests: quadlet: fixes for RHEL8
  * Fix windows installer
  * Podmansh: Better error, increase timeout to 30s
  * Emergency gating-test fixes for RHEL8
  * Packit: remove pre-sync action
  * [CI:DOCS] Update RELEASE_NOTES.md with Makefile change
  * Bump to v4.6.0-dev
  * Bump to v4.6.0-rc2
  * Makefile: `package` -> `rpm`
  * Update release notes
  * system tests: refactor registry code
  * machine start: qemu: wait for SSH readiness
  * machine start: qemu: adjust backoffs
  * auto update: fix usage of --authfile
  * [CI:BUILD] Packit: downstream task action fix
  * Fix container errors not being sent via pod removal API
  * netavark: macvlan networks keep custom nameservers
  * add hostname to network alias
  * libpod: set cid network alias in setupContainer()
  * Fix: cgroup is not set: internal libpod error after os reboot
  * test/e2e: wait for socket
  * api: fix slow version endpoint
  * manifest inspect: support authentication
  * libpod: don't make a broken symlink for /etc/mtab on FreeBSD
  * make --syslog errors non fatal
  * Fixes typo in the path where quadlet looks for files
  * [CI:DOCS] uidmap man pages: fix corrupt italics
  * [CI:DOCS] podman-system-service.1.md: document systemd usage
  * Use bytes size consistently instead of human size
  * bugfix: do not try to parse empty ranges
  * pkg/specgen: properly identify image OS on FreeBSD
  * [CI:DOCS] Document support of pod security context IDs
  * pkg/specgen: add support for 'podman run --init' on FreeBSD
  * Remove 'inspecting object' from inspect errors
  * Fix readonly=false failure
  * pkg/specgen: Add support for Linux emulation on FreeBSD
  * Fix up podmansh man page
  * Pass in correct cwd value for hooks exe
  * specgen: honor --device-cgroup-rule with a new user namespace
  * specgen, rootless: raise error with --device-cgroup-rule
  * make image listing more resilient
  * Trim whitespace from unit files while parsing
  * play.go: remove volumes on down -f
  * Vendor c/common v0.55.2
  * system service: unset listen fds on tcp
  * [CI:DOCS] [Release Notes]: add static routes
  * [CI:DOCS] tag podmansh as tech preview in RELEASE_NOTES.md
  * [CI:DOCS] uidmap man pages: fix corrupt tables
  * libpod: use new libcontainer BlockIO constructors
  * Bump to v4.6.0-dev
  * Bump to v4.6.0-rc1
  * Bump to v4.6.1-dev
  * Bump to v4.6.0
  * Release notes for v4.6.0
  * Update Release Notes for v4.5.1
  * rootless: use default_rootless_network_cmd config
  * tests: fix "Storing signatures" check
  * Fixes for vendoring Buildah
  * Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs
  * Do not use deprecated hook functions from c/common
  * Bump c/storage to v1.48.0, c/image to v5.26.1, c/common to v0.55.1, buildah to v1.31.0
  * pasta: Remove some leftover code from pasta bats tests
  * pasta: Fix pasta tests to work on hosts with multiple interfaces
  * fix(command): ignore `--format` in `podman search --list-tags`
  * Use /proc/self/gid_map as intended, not uid_map
  * podman machine start: fix ready service
  * Makefile: don't rely on the non-standard -r flag for ln
  * cmd/podman, pkg/domain/infra: sockets should live in /var/run on FreeBSD
  * cmd/podman/system: add API server support on FreeBSD
  * pasta: Create /etc/hosts entries for pods using pasta networking
  * RPM: Fix koji and ELN issues
  * Cirrus: Update operating branch
  * system tests: add and use _prefetch
  * pkg/api: BufferedResponseWriter flush correctly
  * pkg/api: top return error to client
  * container wait: support health states
  * [CI:DOCS] Fix example on PublishPort
  * container wait API: use string slice instead of state slice
  * podman wait: update man page
  * StopContainer(): ignore one more conmon warning
  * run,create: modify `--env-merge` behavior for non-existent vars
  * use libnetwork/slirp4netns from c/common
  * update c/common to latest
  * e2e: use parallel-safe /dev subdirectories
  * [CI:BUILD] Help Renovate manage the golangci-lint version
  * systests: test instrumentation
  * compat API create/pull: fix error handling
  * compat API push: fix error handling
  * GetSafeIPAddress(): discourage its use
  * libpod: write /etc/{hosts,resolv.conf} once
  * e2e: fix one of the many log flakes
  * cmd, push: expose --compression-level
  * vendor: bump containers/common
  * compat API container create: handle platform parameter
  * refactor(machine): remove hard code
  * vendor in latests containers/common
  * fix(machine): throw `connect: connection refused` after set proxy
  * [CI:BUILD] Packit: cleanups
  * Add console mode to podman machine
  * e2e: kube test: specify expected exit code
  * e2e --authfile test: fix test condition
  * chore(deps): update dependency setuptools to v68
  * make lint: re-enable revive
  * make lint: re-enable ginkgolinter
  * make lint: enable rowserrcheck
  * make lint: enable wastedassign
  * make lint: enable mirror
  * bump golangci-lint to v1.53.3
  * auto update: restart instead of stop+start
  * cmd/podman/root.go: fix help document issue of the image store
  * vendor: bump c/storage to v1.46.2-0.20230616083707-cc0d208e5e1c
  * podman: add support for splitting imagestore
  * network create --ip-range allow for custom range
  * fix(ssh): start machine failed to start with exit status 255
  * remote wait: fix "removed" condition
  * [CI:DOCS] Fix service_destinations description in podman man page
  * quadlet should exit non zero on failures
  * fix(deps): update module golang.org/x/tools to v0.10.0
  * e2e: GetSafeIPAddress() replaces GetRandomIPAddress
  * pasta: use code from c/common
  * Add support for setting autoupdate in quadlet
  * New command: podmansh
  * vendor: update c/common to latest
  * Add quadlet container support for Mask,Umask options
  * libpod: make conmon always log to syslog
  * Document how to get secret mounts working on RHEL8
  * Verify podman pull dup image only prints id once
  * Vendor in latests containers/common
  * Apply suggestions from code review
  * Revert "rootlessport: exclude storage drivers via build tags"
  * filters: use new FilterID function from c/common
  * logformatter: ignore 'TOP-LEVEL' headings
  * test/e2e: fix network ID test
  * update c/{common,image,storage} to latest
  * [CI:DOCS] clarify supported transports in manifest push
  * [CI:DOCS] podman-push: rm confusion on supported transports
  * container wait: indicate timeout in error
  * network-create: document new bclim option
  * fix(deps): update module golang.org/x/text to v0.10.0
  * libpod: Podman info output more network information
  * fix(deps): update module golang.org/x/term to v0.9.0
  * quadlet: adjust container unit documentation
  * e2e: GetRandomIPAddress(): parallelize
  * Makefile: add support for 'make help' on FreeBSD
  * criu: return error when checking for min version
  * Update docs/source/markdown/podman-systemd.unit.5.md
  * 250-systemd.bats: remove outdated comment
  * github: add issue type as link to podman-desktop
  * Add WorkingDir support to quadlet
  * rootlessport: exclude storage drivers via build tags
  * Add ability to set static routes
  * test/upgrade: correctly share mounts between host and container
  * Update common, image, and storage deps
  * Fix system service manpage name in API Documentation
  * style(specgen): omit nil check
  * fix(specgen): index out of range when unmask=[]
  * Makefile to force a shell when running command
  * cirrus,ci: default to overlay for debian env
  * Quadlet: Add support for --sysctl flag
  * chore(deps): update dependency requests-mock to ~=1.11.0
  * Ignore spurious warnings when killing containers
  * Makefile: don't hard-code the path for bash
  * fix(deps): update module github.com/burntsushi/toml to v1.3.2
  * GHA: Fix bad job-names & links in monitoring emails
  * podman-registry: simpler, safer invocations
  * Ensure our mutexes handle recursive locking properly
  * Fix an expected error message from pod removal
  * Fix a race removing multiple containers in the same pod
  * Discard errors when a pod is already removed
  * Change Inherit to use a pointer to a container
  * e2e: add ginkgo decorators to address flakes
  * filters: better handling of id=
  * fix(deps): update module github.com/onsi/gomega to v1.27.8
  * refactor: improve get ssh path duplicate code
  * logformatter: better recognition of ginkgo test names
  * Address review feedback and add manpage notes
  * Add support for SecurityLabelNested flag in quadlet
  * fix(deps): update module github.com/burntsushi/toml to v1.3.1
  * `system locks` now reports held locks
  * fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.17
  * Add a new hidden command, podman system locks
  * Add number of free locks to `podman info`
  * Include lock number in pod/container/volume inspect
  * fix ignition config creation
  * Makefile binaries target adopted for Mac and Win
  * fix(deps): update github.com/crc-org/vfkit digest to 3d57f09
  * logformatter: proper status color for failed tests
  * pasta: Test handling of unknown protocols
  * pasta: Correct handling of unknown protocols
  * Quadlet - add support for Pull key in .container
  * fix(deps): update module github.com/sirupsen/logrus to v1.9.3
  * Add default ulimit test for gen kube
  * feat: add insecure registry troubleshooting solution
  * fix(deps): update module golang.org/x/tools to v0.9.3
  * fix(deps): update module github.com/coreos/stream-metadata-go to v0.4.2
  * e2e: GetPort(): safer allocation of random ports
  * The removeContainer function now accepts a struct
  * Revert "test/e2e: fix "podman run ipcns ipcmk container test""
  * Add a test for removing dependencies with rm -fa
  * Revert "ginkgo-v2 cleanup workaround for #18180"
  * Fix a deadlock when removing pods
  * Pods now return what containers were removed with them
  * Make RemoveContainer return containers and pods removed
  * Add an API for removing a container and dependencies
  * systests: fixes for coping with extra systemd image
  * libpod: fix timezone handling
  * fix(deps): update github.com/godbus/dbus/v5 digest to 7623695
  * fix(deps): update module golang.org/x/tools to v0.9.2
  * test/system: quadlet use correct systemd restart policy
  * systests: minimize race-condition window
  * systests: fix improper backgrounding of run_podman
  * set max ulimits for rootless on each start
  * Fix: display online_cpus in compat REST API
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.6
  * systests: fix race in quadlet tests
  * fix(deps): update module github.com/burntsushi/toml to v1.3.0
  * e2e: make BuildImage parallel-safe
  * completion: fix panic in simplePathJoinUnix()
  * Update module github.com/stretchr/testify to v1.8.4
  * authfile.md: add default path of file for Windows/macOS.
  * Update module github.com/rootless-containers/rootlesskit to v1.1.1
  * hack: fix typo in hack/podman-registry
  * man pages and command help: clean up descriptions
  * RPM: bump gvisor-tap-vsock subpackage and fix packit scripts
  * Man pages: fix broken tables
  * test/e2e: add regression testing for comma-containing labels
  * fix: volume create filters
  * fix: move filter flags from StringSliceVar to StringArrayVar
  * pkg/rootless: correctly handle proxy signals on reexec
  * [CI:BUILD] Packit: set propose-downstream action type to pre-sync
  * [CI:DOCS] fix Quadlet man page rendering
  * Quadlet: kube: use ExecStopPost
  * Quadlet: kube: add ExitCodePropagation field
  * kube play: exit-code propagation
  * prune exit codes only when container doesn't exist
  * podman: Add pasta to podman info
  * Revert "test/system/255-auto-update.bats: add debug logs"
  * Quadlet - add support for PodmanArgs to all groups
  * [CI:BUILD] Packit: add jobs for downstream Fedora package builds
  * In a concurrent removal test, don't remove concurrently with builds
  * Consolidate error handling in Runtime.removeContainer
  * Consolidate error handling in Container.cleanupStorage
  * Fix reporting errors on container unmount
  * TEMPORARY(?) instrumentation for unlinkat-ebusy
  * pkginstaller: bump Qemu to version 8.0.0
  * Support podman --remote when Containerfile is not in context directory
  * chore(deps): update dependency requests to ~=2.31.0
  * fix: podman event --filter volume=vol-name should compare the event name with volume name
  * fix(deps): update module github.com/docker/docker to v24
  * wait: look for exit code in stopped state
  * network create/update: allow dns servers comma separated
  * source code comments and docs: fix typos, language, Markdown layout
  * Increase download progress to 80ch
  * chore(deps): update dependency setuptools to ~=67.8.0
  * podman: Added find slirp4netns binary file from helper_binaries_dir [NO NEW TESTS NEEDED]
  * fix(deps): update module github.com/sirupsen/logrus to v1.9.2
  * stats: get mem limit from the cgroup
  * quadlet tests: enable device.volume test
  * quadlet tests: remove unused socketactivated.container
  * fix(deps): update module github.com/stretchr/testify to v1.8.3
  * Correct markdown in docs
  * fix(deps): update module github.com/onsi/gomega to v1.27.7
  * [CI:DOCS] Improve security in mysql examples
  * Cirrus: Record the buildah version for reference
  * test/e2e: do not call setenforce
  * Fix discombobulated kubernetes support table
  * run: ignore PODMAN_USERNS with --pod
  * Add --configmap to podman-remote kube play
  * compat: accept tag in /images/create?fromSrc
  * fix HTMLSpan warnings
  * generate systemd: error on init containers
  * Remove future tense from man pages
  * compat,build: pull must accept string
  * Cirrus: Add support for `[CI:NEXT]`
  * Cirrus: Remove support for `[CI:COPR]` magic
  * system tests: add precision timestamps
  * Makefile: add ginkgo FOCUS/FOCUS_FILE options
  * e2e: refactor and document serialization
  * machine: fix default connection URL to use 127.0.0.1
  * e2e: serialize gpg tests
  * Document podman-machine-default behavior
  * e2e: fix more test races (missing "wait")
  * fix(deps): update module github.com/openshift/imagebuilder to v1.2.5
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.5
  * Fix documentation of `--network-cmd-path` CLI option
  * Skip rhel-release branch unnecessary CI tasks
  * test/e2e: dedup Before/AfterEach nodes
  * remote-save: fix permissions and dir formats
  * Set machine docker.sock according to rootful flag
  * Fix handling of .containenv on tmpfs
  * Do not include image annotations when building spec
  * build(deps): bump github.com/docker/distribution
  * Kube Play - Support multi-doc YAML files for configmap argument
  * system tests: instrument, to try to catch unlinkat-ebusy
  * test: check restart policy of init containers
  * Update sigstore/rekor after https://github.com/sigstore/rekor/pull/1469
  * issue template: mention `su`
  * e2e: logs test: fix flakes
  * fix(deps): update module github.com/containernetworking/plugins to v1.3.0
  * e2e: stop podman.service test: wait for server
  * logformatter: handle podman-machine test logs
  * fix(deps): update module golang.org/x/tools to v0.9.1
  * [CI:DOCS] Disable Dependabot in favor of Renovate
  * Ensure the consistent setting of the HOME env variable on container start
  * Quadlet system tests - fix socket notification
  * sqlite: disable WAL mode
  * system tests: timeoutize quadlet, systemd
  * test: update README for integration tests
  * libpod/Container.rootFsSize(): use recorded image sizes
  * quadlet: support `HostName`
  * e2e: fix race in a play-kube test
  * Fix preference of user quadlets directories
  * fix(deps): update module golang.org/x/tools to v0.9.0
  * fix(deps): update module golang.org/x/net to v0.10.0
  * Check on client side for Containerfile, if none specified
  * build(deps): bump github.com/docker/docker
  * Buildah treadmill: several fixes
  * fix(deps): update github.com/containers/common digest to 3e93a76
  * chore(deps): update dependency docker to ~=6.1.0
  * Update docs/source/markdown/podman-systemd.unit.5.md
  * fix(deps): update github.com/containers/common digest to bc15b04
  * fix: initContainer restart policy overridden by pod
  * fix(deps): update module golang.org/x/sync to v0.2.0
  * chore(deps): update dependency requests to ~=2.30.0
  * ginkgo json output: only in CI, not on laptop runs
  * Allow user quadlets to be stored under /etc
  * fix(deps): update github.com/containers/common digest to ea87b34
  * libpod: do not Cleanup() more than once
  * compat container create: match duplicate mounts correctly
  * Update podman-completion.1.md
  * fix(deps): update github.com/containers/buildah digest to e925b58
  * Run generate.CompleteSpec() for initContainers as well
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.4
  * remote: return better connect error
  * Add missing man page links for Docker man pages
  * Replace egrep/fgrep with grep -E/-F
  * remote: exec inspect update exec session status
  * fix(deps): update github.com/digitalocean/go-qemu digest to f035778
  * fix(deps): update github.com/godbus/dbus/v5 digest to 6cc540d
  * fix(deps): update github.com/containers/buildah digest to f353690
  * fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.3
  * MVP for Podman Machine with AppleHV
  * e2e tests: try writing & preserving ginkgo json artifacts
  * vendor: bump buildah to v1.30.1-0.20230501124043-3908816d5310
  * bindings, build: don't pass invalid platform in case of none
  * Revert "logformatter: anchors: link to test summary, not name"
  * More cleanup: volumes: do not export to stdout
  * e2e test cleanup
  * Update kube gen & play to use pod restart policy
  * Add {{.Restarts}} to podman pod ps
  * Add {{.Restarts}} to podman ps
  * Add --restart flag to pod create
  * history: correctly set tags
  * fix(deps): update module github.com/moby/term to v0.5.0
  * Makefile: do not run machine test in parallel
  * pkg/machine/e2e: switch to GinkgoWriter
  * api: fix parsing filters
  * ginkgo-v2 cleanup workaround for #18180
  * test/e2e: fix custom timing reporting
  * logformatter: anchors: link to test summary, not name
  * WIP: logformatter: handle ginkgo v2 logs
  * test/e2e: unshare --rootless-netns cleanup slirp4netns
  * test/e2e: run system reset test serial
  * test/e2e: fix CleanupVolume/Secrets()
  * ginkgo v2: fix new Skip() behavior
  * test/e2e: fix pause tests to unpause before cleanup()
  * ginkgo v2: drop localbenchmarks
  * test/e2e: switch to GinkgoWriter
  * test/e2e: unset CONTAINERS_CONF before Cleanup()
  * ginkgo: run on all cores
  * test/e2e: fix Cleanup()
  * test/e2e: fix "podman run ipcns ipcmk container test"
  * test/e2e: actually check for cleanup errors
  * Lower e2e timeout to not waste time when it hangs
  * test/e2e: containers.conf tests add missing Wait()
  * ginkgo v2: remove CurrentGinkgoTestDescription()
  * ginkgo v2: remove deprecated flags
  * update to ginkgo v2
  * test/e2e: do not remove CNI directory
  * e2e: login_logout: use unique authfile for each test
  * Fix clashing subuid
  * [CI:DOCS] troubleshooting: fix subuid example
  * manifest, push: use source as destination if not specified
  * Update github.com/moby/term digest to 0564e01
  * Add name-generation test
  * Implement machine provider selection
  * libpod: improve errors management in cleanupStorage
  * libpod: report unmount idmapped rootfs errors
  * test: do not wait 10 seconds before killing myyaml
  * podman: simplify code with a switch
  * test: fix typo
  * build(deps): bump github.com/docker/docker
  * swagger: fix Info name conflict
  * Nightly dependency treadmill: remove
  * Update short description for disconnect cmd
  * windows: podman save allow the use of stdout
  * Update c/common and avoid setting umask
  * Cirrus: Update CI VM Image to F38/37
  * Cirrus: Run code validation on rawhide
  * Fix rand.Seed() deprecation in golang 1.20
  * Add sha256: to images history id for docker compatibility
  * Support systemd optional prefix '-' for devices.
  * Fix a copy/paste error in an error message
  * chore(deps): update dependency requests to ~=2.29.0
  * Fix simple typo in podman-network-create.md
  * e2e cleanup: push with auth: add error checks
  * e2e: remove "-it" from podman run & exec
  * pkg/machine: rework RemoveConnection()
  * machine: qemu only remove connection after confirmation
  * Add file swith for pre-exec
  * system reset: show graphRoot/runRoot before removal
  * fix manifest annotate help
  * Netavark userns test: give aardvark time to come up
  * sqlite: move first read into a transaction
  * Recover from failed podman machine start
  * rootless: support joining contianers that use host ns
  * auto-update: return errors when checking for updates
  * [skip-ci] Update dawidd6/action-send-mail action to v3.7.2
  * fix(deps): update github.com/containers/common digest to 46c4463
  * Add user mode networking feature to Windows
  * system/reset.go: help: fix typo
  * e2e create same-IP: try to fix flake
  * system tests: safer container-stop signaling
  * Revert "Resolve symlink path for qemu directory if possible"
  * ps: --format {{.State}} match docker output
  * test/system/260-sdnotify.bats: fix test flake
  * [CI:DOCS] Quadlet: clarify overriding user/system services
  * Eliminate transient container deps from wslkerninst
  * Wording
  * fix(deps): update github.com/containers/common digest to 5547996
  * cmd/podman/pods: omit superfluous runtime.NumCPU call
  * support `--digestfile` for remote push
  * e2e: skip journald test if journald is unavailable
  * Cirrus: Enable testing on Fedora rawhide
  * [CI:BUILD] Cirrus: remove copr rpm build task
  * chore(deps): update dependency setuptools to ~=67.7.0
  * Cirrus: Drop benchmarks artifacts
  * test/e2e: correctly reap service process
  * test/e2e: add missing options to remote service
  * test/e2e: fix incorrect usage of CreateTempDirInTempDir()
  * test/e2e: "podman-remote send correct path to copier" do not leak file
  * test/e2e: fix network create flake due same subnet
  * test/e2e: fix SkipIfNotActive()
  * test/e2e: do not try to use docker as rootless
  * test/e2e: do not leak "hello" file
  * podman-remote logs: handle server error correctly
  * test/e2e: use custom network config v2
  * rename ImagePushReport to ImagePushStream
  * Specify format to buildah before commit
  * Add eBPF snooper that traces the entire fork/exec graph of podman
  * libpod: stop containers with --restart=always
  * test: fix race when listing cgroups
  * compat: Translate `noprune` into ImageRemoveOptions.NoPrune
  * [CI:DOCS] Update RELEASE_PROCESS.md
  * hyperv: add podman socket mapping
  * e2e networking test: better way to get host IP
  * Updated system test to be easier to read
  * bindings tests: bail out early on image errors
  * libpod: fix TestPostDeleteHooks do not depend on version
  * chore(deps): update dependency setuptools to v67
  * fix(deps): update module github.com/containers/libhvee to v0.0.5
  * e2e: quadlet uses PODMAN env for podman binary path
  * Fixes format inconsistencies with docker for certain history fields
  * Makefile: do not prefix /etc
  * libpod: configureNetNS() tear down on errors
  * libpod: rootlessNetNs.Cleanup() fix error message
  * HyperV: wait on stop
  * build(deps): bump github.com/docker/docker
  * Makefile: include `release-artifacts` target
  * Enabled network over vsock
  * fix(deps): update module github.com/microsoft/go-winio to v0.6.1
  * fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2
  * fix remote start --filter
  * Update API reference to include v4.5
  * Add missing security options to /info response
  * Add mention of redir to doc `rootless.md`
  * fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
  * docs(readme): add status badges and remove hardcoded release info
  * Don't use bytes.NewBuffer to read data
  * Add support for HVSOCK on hyperv
  * docs: update network tutorial with netavark DHCP support
  * bump main to v4.6.0-dev
  * Remove disused test/install
  * Return title fields as a list
  * [CI:BUILD] Packit: Initial Enablement
  * Quadlet - do not set log-driver by default
  * system tests: address COPY-hardlink flake
  * chore(deps): update registry.centos.org/centos/centos docker tag to v8
  * system tests: fix race in kube-play read-only
  * chore(deps): update dependency docker to v6
  * CI: enable sqlite system tests
  * test: enable test_wait_next_exit
  * Update dependency PyYAML to v6
  * test/e2e/systemd_activate_test.go: simplify test
  * Update docker.io/library/golang Docker tag to v1.20
  * api: auth: fix nil deref
  * Update dependency requests-mock to ~=1.10.0
  * Update dependency requests to ~=2.28.2
  * fix: Document removing anonymous volumes at create
  * Use a sane polling interval in WaitContainerDocker
  * podman: added the --out option for capturing formatted output emitted by various commands
  * Renovate: Ensure release-note-none label is added
  * Renovate: Update ignore paths
  * *: migrate image registry to registry.k8s.io
  * Do not display the resource limits warning message
​
-------------------------------------------------------------------
Thu Jun 29 09:19:01 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Don't unconditionally Obsolete podman-cni-config, ensure clean upgrade path.
​
-------------------------------------------------------------------
Tue Jun 27 12:04:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Prefer Podman's new network stack (netavark) exclusively on ALP
- Remove unused podman-cni-config subpackage, add systemd
​
-------------------------------------------------------------------
Mon May 29 10:56:00 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.5.1:
  * Release v4.5.1
  * [CI:DOCS] Final release notes for v4.5.1
  * [CI:BUILD] Packit: set propose-downstream action type to pre-sync
  * Revert "Resolve symlink path for qemu directory if possible"
  * no need for podman-next rpm test on maint branch
  * [CI:BUILD] Packit: add jobs for downstream Fedora package builds
  * libpod: configureNetNS() tear down on errors
  * libpod: rootlessNetNs.Cleanup() fix error message
  * network create/update: allow dns servers comma separated
  * machine: fix default connection URL to use 127.0.0.1
  * compat: accept tag in /images/create?fromSrc
  * compat container create: match duplicate mounts correctly
  * machine: qemu only remove connection after confirmation
  * windows: podman save allow the use of stdout
  * remote: exec inspect update exec session status
  * podman-remote logs: handle server error correctly
  * libpod: stop containers with --restart=always
  * Do not include image annotations when building spec
  * [v4.5] system tests: fix race in kube-play read-only
  * api: fix parsing filters
  * Support systemd optional prefix '-' for devices.
  * *: migrate image registry to registry.k8s.io
  * Makefile: include `release-artifacts` target
  * [CI:BUILD] Packit: Initial Enablement
  * Bump to v4.5.1-dev
​
-------------------------------------------------------------------
Tue Apr 18 06:46:57 UTC 2023 - danish.prakash@suse.com
​
- Update to version 4.5.0:
  * Release v4.5.0
  * [CI:DOCS] Final release notes for v4.5.0
  * Quadlet - do not set log-driver by default
  * Return title fields as a list
  * Bump to v4.5.0-dev
  * Bump to v4.5.0-RC2
  * Final release notes for v4.5.0-RC2
  * test/e2e: remove unnecessary SkipIfNetavark() calls
  * test/e2e: deduplicated network test
  * docs: update podman-network-create.1
  * network create: add --interface-name
  * test/system/252-quadlet.bats: fix flake
  * Read kube_generate_type from containers.conf
  * Debian setup: workaround for runc /dev/char/10:200 bug
  * pkg/rootless: use catatonit from /usr/libexec/podman
  * rootless: make sure we only use a single pause process
  * Use atomic config writing strategy for podman machine config files
  * Add remaining release notes for v4.5.0-RC2
  * GHA: Use version instead of SHA for actions
  * chore(deps): update dependency containers/automation_images to v20230405
  * build: pass env by reference
  * test: retrofit error message
  * test/system: expect 12 char for short id
  * vendor: bump containers/(storage, common, buildah, image)
  * [skip-ci] Update actions/upload-artifact action to v3
  * [skip-ci] Update actions/stale action to v8
  * [skip-ci] Update actions/setup-go action to v4
  * [skip-ci] Update github/issue-labeler action to v2.6
  * Fix up codespell errors
  * Capitalize all uid,gid and id words that are not options in docs
  * build(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 in /test/tools
  * Properly remove the service container during kube down
  * quadlet: add `UserNS` option key
  * [CI:DOCS] Release notes for 4.5.0 Part 1
  * "podman pull by digest and list --all" test: untag instead of rmi
  * build(deps): bump golang.org/x/text from 0.8.0 to 0.9.0
  * Add renovate.json configuration
  * CI: postbuild step: skip under nightly treadmill
  * The `--ulimit` option accepts the name with an `RLIMIT_` prefix both upper and lower case
  * test/e2e: use custom network config dir where needed
  * chore: replace `github.com/ghodss/yaml` with `sigs.k8s.io/yaml`
  * update completion scripts for cobra v1.7.0
  * libpod.storageService.CreateContainerStorage(): retrieve ID maps
  * Fix invalid pod name and hostname during kube generate
  * e2e tests: fix racy flakes
  * Cirrus: Enable labeling of EC2 VMs
  * Cirrus: Fix aarch64 clone_script 404 errors
  * e2e: GinkgoParallelNode() -> ...Process()
  * build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
  * build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
  * [CI:DOCS] --creds and registries
  * Copr: fix build deps for /usr/bin/envsubst
  * Don't error when removing non-existant env vars
  * e2e: healthcheck on stopped container: fix flake
  * test/apiv2/80-kube.at
  * test/apiv2/80-kube.at
  * system service: do not close Body
  * rm `hack/release.sh`
  * build(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6
  * add `quadlet -version` flag
  * add version/rawversion package
  * quadlet: use `Flag` suffix for variables
  * quadlet: implement `Tmpfs` option
  * Bump to v4.5.0-dev
  * Bump to 4.5.0-rc1
  * Update release notes from 4.4 branch
  * rootless netns: recover from invalid netns
  * System tests: unverbosify a flake log
  * Add support for secret exists
  * Fix Win install task failures with large PR bodies
  * docs: add `starting` to `HealthCheckResults.Status`
  * Add support for cgroup_config from containers.conf
  * libpod: mount safely subpaths
  * Support Deployment generation with kube generate
  * Use secret.items to create volume mounts if present
  * [CI:DOCS] fix typo in --systemd option
  * rootless: drop preexec hook error message
  * Edit the docker wrapper to use the install prefix
  * Update podman-for-windows.md
  * Quadlet: RemapUsers documentation fixes
  * speed up image listing
  * vendor containers/common@e27c30ee9b1b
  * fix volume-plugin-test flake
  * Document building Podman remote on Windows hosts
  * test/e2e: gpg keep stdout/err attached
  * auto-update: stop+start instead of restart sytemd units
  * [CI:DOCS] Improve basic tutorial
  * Update docs/source/markdown/podman-network.1.md
  * Add debug to --wait test
  * fix slirp4netns resolv.conf ip with a userns
  * Quadlet: add support for keep-id with mapping values
  * Quadlet E2E test - run quadlet as user generator
  * sqlite: do not `Ping()` after connecting
  * Quadlet - treat paths starting with systemd specifiers as absolute
  * Update docs/source/markdown/podman-kube-play.1.md.in
  * system tests: use CONTAINERS_CONF_OVERRIDE
  * implement podman machine set for hyperv
  * [CI:DOCS] Add network subnets info to network man page
  * CI: retry the golangci install
  * system tests: fix racey sdnotify test
  * hyperv: lookup machine on local filesystem first
  * fix os.IsNotExist() CI check
  * Ensure that SQLite state handles name-ID collisions
  * macos pkginstaller: do not fail when podman-mac-helper fails
  * podman-mac-helper: install: do not error if already installed
  * build(deps): bump github.com/onsi/gomega from 1.27.4 to 1.27.5
  * Fix a race around SQLite DB config validation
  * add CONTAINERS_CONF_OVERRIDE
  * vendor containers/common@main
  * docs: minor grammar fix in `--volume` description
  * sqlite: do not use shared cache
  * test: podman checkpoint/restore the latest container
  * stats compat API: return "id" lowercase
  * Run make codespell
  * Drop SQLite max connections
  * sqlite: set connection attributes on open
  * Fix database locked errors with SQLite
  * quadlet tests: skip on RHEL8 rootless
  * Kube Play Doc: Document the support for K8S Secret
  * New ulimit test: bump up minimum nfiles
  * logformatter: hide --db-backend, and friendlyize quadlet
  * Quadlet - add support for relative path in Volume key in .container file
  * Add service ctr cleanup to PlayKubeDown
  * fix --health-on-failure=restart in transient unit
  * Quadlet Doc: Suggest the kill operation for HealthOnFailure
  * Quadlet - Add support for health checks configuration in .container files
  * Makefile: allow specifying /lib dir location
  * Fix option --opts -> --opt
  * basic hypverv machine implementation
  * Fix SQLite DB schema migration code
  * Add support for oom_score_adj value from containers.conf
  * Use default_ulimits field in containers.conf
  * CI: test and confirm DESIRED_DATABASE
  * build(deps): bump github.com/openshift/imagebuilder
  * logformatter: futureproof output filename
  * Vendor in latest containers/(storage, common, image)
  * build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.30.0
  * test/system/255-auto-update.bats: add debug logs
  * Revert "Revert "pasta: Use two connections instead of three in TCP range forward tests""
  * Add information for secret inspect
  * Add format to podman volume ls
  * Add format to podman volume inspect
  * Add format to podman secret ls
  * Add format to podman system df
  * Add format to podman machine info
  * Add format table to podman image inspect man page
  * Cirrus: Store podman machine benchmark data
  * Update Cirrus display names, and fix get-ci-vm script
  * Ensure SQLite places uses the runroot in transient mode
  * Fix various integration test issues with SQLite state
  * Remove test for pod/container name global uniqueness
  * Improve handling of existing container names in SQLite
  * Add SQLite job to CI
  * buildah treadmill: also run rootless tests
  * build(deps): bump github.com/vbatts/git-validation in /test/tools
  * auto update: return restart error
  * fix: Document removing anonymous volumes
  * events: no duplicates when streaming during a log rotation
  * Add search --cert-dir, --creds
  * podman-mac-helper: exit 1 on error
  * system service --log-level=trace: support hijack
  * test/system: fix wait_for_port() to wait for bind
  * cgroupns: private cgroupns on cgroupv1 breaks --systemd
  * libpod: remove error stutter
  * podman events: unhide --stream
  * test/system/255-auto-update.bats: multiple services
  * 255-auto-update.bats: turn off rollback where needed
  * Use append() to add elements to a slice
  * Revert "pasta: Use two connections instead of three in TCP range forward tests"
  * Support running nested SELinux container separation
  * bud tests: rootless remote: use correct socket path
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.2.1 to 8.3.0
  * compat: /auth: parse server address correctly
  * docs: fix cmd `set DOCKER_HOST` suggestion
  * test: reenable idmap test
  * Must use mountlabel when creating builtin volumes
  * podman.spec.rpkg: distro conditionals for modulesloaddir
  * build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
  * podman inspect list network when using --net=host or none
  * pasta: Re-enable "Local forwarder, IPv4" test, accept NXDOMAIN as response
  * build(deps): bump golang.org/x/tools from 0.6.0 to 0.7.0 in /test/tools
  * CI: Switch to c20230307t192532z-f37f36d12 images
  * Cirrus: Run system & integration tests in parallel
  * Update checkpointctl v0.1.0
  * Quadlet: add support for setting --ip and --ip6
  * build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
  * build(deps): bump golang.org/x/sys from 0.5.0 to 0.6.0
  * libpod: avoid nil pointer dereference in (*Container).Cleanup
  * [CI:DOCS] Add image not found info to troubleshooting
  * cmd: do not require userns for "version"
  * cmd: drop special handling for "scp"
  * cmd: clarify meaning of ParentNSRequired
  * Fix package restore
  * [CI:DOCS] Fix docs/version-check always requesting updates
  * sqlite: add a hidden --db-backend flag
  * fix: update the default machine value when the previously set default machine is deleted
  * podman machine: Adjust Chrony makestep config
  * sqlite: add container short ID to network aliases
  * sqlite: remove dead code
  * sqlite: addContainer: add named volume only once
  * sqlite: implement RewriteVolumeConfig
  * sqlite: LookupVolume: fix partial name match
  * sqlite: LookupVolume: wrap error
  * sqlite: fix type rewriting container config
  * sqlite: return correct error on pod-name conflict
  * sqlite: RewritePodConfig: update error message
  * test/system/255-auto-update.bats: wait 10 for update to finish
  * auto-update test: wait for service to be ready
  * Vendor in latest containers/(common, storage, image)
  * play kube: Add --wait option
  * Cirrus: Fix git config permission denied
  * Quadlet: Add support for the Mount key in .container files
  * build(deps): bump github.com/onsi/gomega from 1.27.1 to 1.27.2
  * fix "podman logs --since --follow" flake
  * Clarify that replicas are ignored in kubernetes deployment
  * Revert "Skip all pasta tests"
  * CI: Switch to c20230223t153813z-f37f36d12 images
  * Fix user socket path
  * pkginstaller: bump Qemu to version 7.2.0
  * Cirrus: Fix bud tests failing to apply patches
  * build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2
  * build(deps): bump github.com/coreos/stream-metadata-go
  * Vendor in latest containers/storage
  * buildah-bud tests: don't sudo when rootless is desired
  * Temporarily disable version-check
  * CI: new rootless buildah-bud tests (cron only)
  * sqlite: fix volume lookups with partial names
  * sqlite: fix container lookups with partial IDs
  * sqlite: fix LookupPod
  * sqlite: fix pod create/rm
  * sqlite: LookupContainer: update error message
  * sqlite: AddContainerExitCode: allow to replace
  * system: add warning when running rootless on cgroupv1
  * sqlite: fix AllContainers with state
  * sqlite: fix "UPDATE TABLE" typos
  * sqlite: SaveVolume: fix syntax error updating the volumes table
  * sqlite: exit code: allow -1
  * sqlite: fix typo when removing exec sessions
  * sqlite: AllContainers: fix inner join
  * sqlite: move migration after table creation
  * sqlite: implement pod methods
  * Quadlet - use the default runtime
  * docs: context is not optional for build
  * Fix an incorrect comment on NewSqliteState
  * Add support for containers.conf database setting
  * Add support for volume operations to SQLite state
  * Implement exec session handling in SQL database
  * Various fixes from code review
  * Remove `--namespace` flag from Podman root
  * Get E2E tests to pass
  * Implement network disconnect for SQLite state
  * Implement Network Connect/Modify for SQLite state
  * Fix various lint issues
  * Some further work on SQLite state
  * Remove concept of Namespaces from BoltDB
  * Add initial SQLite-backed state implementation
  * Cirrus: Support runc testing on debian VMs
  * Skip all pasta tests
  * Skip buildah-bud test
  * Skip buildx test with VFS podman storage driver
  * Skip 'podman kube --network' test for rootless CGv1
  * Skip tests which fail with CGv1 & runc
  * Skip rootless CGv1 quadlet tests due to issue
  * Makefile: Define SHELL
  * Machine refactor for QEMU/AppleHV
  * machine refactoring preparations for hyperv
  * [CI:BUILD] spec.rpkg: trim dependency list
  * Logs follow-until tests: loosen checks
  * [CI:DOCS] Windows/Mac docs link update
  * Doc update for docker network options via CLI
  * compat API: network create return 409 for duplicate
  * Apply suggestions to man page
  * vendor c/common@852ca05a1fbb
  * Quadlet: Add support for LogDriver key in container and kube units
  * machine refactoring preparations for hyperv
  * libpod: always use direct mapping
  * netavark: only use aardvark ip as nameserver
  * build(deps): bump github.com/container-orchestrated-devices/container-device-interface
  * podman logs passthrough driver support --cgroups=split
  * journald logs: simplify entry parsing
  * podman logs: read journald with passthrough
  * make docs: sanity check for broken man pages
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.6 to 8.2.0
  * build(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1
  * kube: rm secret on down, print secret on play
  * Fix spacing typo that triggered OCD & indent units in podman-systemd.unit(5)
  * Update remote_client.md
  * [CI:DOCS] Add restriction to option README
  * Revert "CI: Temporarily disable all AWS EC2-based tasks"
  * build(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0
  * kube play: only enforce passthrough in Quadlet
  * journald: remove initializeJournal()
  * auto-update: support pods
  * Emergency fix for man pages: check for broken includes
  * System tests: assert(): friendlier failure messages
  * Cirrus: Fix version-check to only run on `main` job
  * CI: Temporarily disable all AWS EC2-based tasks
  * build(deps): bump github.com/containerd/containerd from 1.6.16 to 1.6.18
  * volume,container: chroot to source before exporting content
  * Support sysctl configs via podman kube play
  * [CI:BUILD] copr: podman.spec.rpkg cleanups
  * quadlet system tests: add useful defaults, logging
  * libpod: support relative positions for idmaps
  * Experimental workaround for cdn03.quay.io flake
  * system tests: prevent leading tabs
  * Introduce podman machine os apply
  * create: add support for --group-entry
  * fix != filter in volume prune
  * Allow specification of podman --remote build -f -
  * Quadlet use crun specified in containers.conf
  * build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
  * Vendor c/image after https://github.com/containers/image/pull/1847
  * Don't set hostPort when generating a service
  * man page --format xref: tighten the autocompletion check
  * add support for limiting tmpfs size for systemd-specific mnts
  * build(deps): bump golang.org/x/text from 0.6.0 to 0.7.0
  * Add ulimit annotation to kube gen & play
  * man page xref: validate displayed man page names
  * quadlet: add ExecStop
  * install sigproxy before start/attach
  * build(deps): bump golang.org/x/tools from 0.5.0 to 0.6.0 in /test/tools
  * Fix typos
  * Cirrus: Make benchmarks .env file easier to load
  * Cirrus: Omit functions in env. file
  * kube play: set service container as main PID when possible
  * Fix typos. Improve language.
  * events + container inspect test: RHEL fixes
  * Add ctrName to network alias during kube play
  * Run codespell on codebase
  * podman image scp: added identity for ssh.Exec
  * [CI:DOCS] Clarify nomap constrains
  * [CI:DOCS] man-page checker: include --format (Go templates)
  * Vendor c/image after https://github.com/containers/image/pull/1816
  * [CI:DOCS] Cleanup some man pages to display options with line breaks
  * [CI:DOCS] Add tables to podman-systemd.unit man page
  * github: remove prefix from bugs/features
  * Quadlet: Add support for the Secret key in Container group
  * [CI:DOCS] OWNERS: add @ygalblum and @alexlarsson
  * build(deps): bump golang.org/x/term from 0.4.0 to 0.5.0
  * build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.4 to 8.1.6
  * Sort quadlet keys to make it easier to read
  * e2e: fix some tests on remote
  * kube play: do not teardown unconditionally on error
  * Fix typos in comments
  * Resolve symlink path for qemu directory if possible
  * #17363 Fix contradicting documentation podman-commit
  * Fix a potential UID/GID collision in unit tests
  * golangci-lint: show all errors at once
  * update golangci-lint to version 1.51.1
  * [CI:DOCS] events: document journald identifiers
  * Quadlet: exit 0 when there are no files to process
  * network ls: handle removed container
  * e2e: adapt play kube test on remote rootless
  * docs/podman-systemd.unit: Explicitely mention network & kube units
  * docs/podman-systemd.unit: Update example to work out of the box
  * [CI:BUILD] Cirrus: Fix GraphQL ownerRepository:null error
  * Add missing return after errors
  * Revert "Cirrus: Emergency fix to un-stuck PRs"
  * pasta: Fix ICMPv6 Echo test, skip it for the moment
  * pasta: Fix ICMP Echo Request (IPv4) test
  * pasta: Use two connections instead of three in TCP range forward tests
  * Add SELinux label types support to quadlet
  * Add quadlet support for rootfs= containers
  * Cirrus: Emergency fix to un-stuck PRs
  * Move clean-binaries before podman-remote in podman-remote-docs target
  * oci: bind mount /sys with --userns=(auto|pod:)
  * Cleanup podman-systemd.unit file
  * Install podman-systemd.unit  man page, make quadlet discoverable
  * libpod: allow userns=keep-id for root
  * system-reset: use CleanCacheMount to clear build cache
  * vendor: bump buildah to v1.29.1-0.20230201192322-e56eb25575c7
  * system tests: fix noexistent labels test in the remote
  * Expose Podman named pipe in Inspect output
  * libpod: support idmap for --rootfs
  * test: adapt test to work on cgroupv1
  * Bump to v4.5.0-dev
  * Update main to reflect v4.4.0 release
  * Update from /github.com/vbauerster/mpb/v7 to /v8
  * hack/perf: cleanup after benchmarks
  * hack/perf/bz-2162111.sh: use custom network
  * Update bug_report.yaml
  * Handle filetype field in kubernetes.yaml files
  * hack/perf/bz-2162111.sh: measure stop
  * make hack/markdown-preprocess parallel-safe
  * system tests: fix volume exec/noexec test
  * system tests: minor fix for RHEL8 incompatibility
  * Cirrus: Use versionable IMAGE_SUFFIX
  * utils: new conversion method
  * libpod: use GraphRoot for overlay upper dir
  * vendor: update containers/storage
  * Do not mount /dev/tty into rootless containers
  * build(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7
  * e2e: fix run_staticip_test about no_proxy
  * docs: specify order preference for FROM
  * Fixes port collision issue on use of --publish-all
  * Support for Windows paths in the source position of the volume mounts
  * e2e tests: fix incorrect os.User.Name
  * Log data that we failed to unmarshal
  * [CI:DOCS] hack/perf: add script for BZ 216111
  * container rm: save once for exec removal and state change
  * [DOCS:CI] podman-events: document verbose create events
  * e2e: Avoid hard-coding included in quadlet test
  * e2e: Avoid hard-coding ImageCacheDir
  * Making gvproxy.exe optional for building Windows installer
  * Add gvproxy to Windows packages
  * Add comment to clarify error handling intention
  * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
  * Fix usage of absolute windows paths with --image-path
  * Match VT device paths to be blocked from mounting exactly
  * Fix default handling of pids-limit
  * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
  * journald: podman logs only show logs for current user
  * journald: podman events only show events for current user
  * e2e: Remove the cache with "podman unshare rm" when a rootless user
  * Clean up more language for inclusiveness
  * e2e: Remove some directories at SynchronizedAfterSuite
  * fix: don't output "ago" when container is currently up and running
  * fix: running check error when podman is default in wsl
  * fix CI: test fail due to merge
  * Bump Bulidah to v1.29.0
  * e2e: reduce dependency on /tmp for e2e tests
  * Bump cirrus image with easier dependency management
  * quadlet: Add device support for .volume files
  * remote,build: error if containerignore is symlink
  * DB: make loading container states optional
  * ps: do not sync container
  * Set runAsNonRoot=true in gen kube
  * WSL refactoring
  * kube-play: add support for HostIPC in pod.Spec
  * Allow --device-cgroup-rule to be passed in by docker API
​
-------------------------------------------------------------------
Fri Apr 14 14:18:34 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Don't build against EoL go versions, fixes bsc#1210299
​
-------------------------------------------------------------------
Tue Mar 28 04:36:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Update to version 4.4.4:
  * Bump to v4.4.4
  * Release notes for v4.4.4
  * libpod: always use direct mapping
  * macos pkginstaller: do not fail when podman-mac-helper fails
  * podman-mac-helper: install: do not error if already installed
  * Bump to v4.4.4-dev
​
- spec: Bump required version for libcontainers-common (bsc#1209495)
​
-------------------------------------------------------------------
Fri Mar 24 04:56:25 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Update to version 4.4.3:
  * Bump to v4.4.3
  * Release notes for v4.4.3
  * compat: /auth: parse server address correctly
  * vendor github.com/containers/common@v0.51.1
  * pkginstaller: bump Qemu to version 7.2.0
  * podman machine: Adjust Chrony makestep config
  * [v4.4] fix --health-on-failure=restart in transient unit
  * podman logs passthrough driver support --cgroups=split
  * journald logs: simplify entry parsing
  * podman logs: read journald with passthrough
  * journald: remove initializeJournal()
  * netavark: only use aardvark ip as nameserver
  * compat API: network create return 409 for duplicate
  * fix "podman logs --since --follow" flake
  * system service --log-level=trace: support hijack
  * podman-mac-helper: exit 1 on error
  * bump golang.org/x/net to v0.8.0
  * Fix package restore
  * Quadlet - use the default runtime
  * Bump to v4.4.3-dev
​
- Remove patch (merged upstream):
  * Quadlet-use-the-default-runtime.patch
    (https://github.com/containers/podman/pull/17601)
​
-------------------------------------------------------------------
Mon Feb 27 13:54:33 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Add patch to let quadlet use the default runtime
  Added patch:
  * Quadlet-use-the-default-runtime.patch
  => Remove dependency on crun
​
-------------------------------------------------------------------
Fri Feb 24 02:29:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Update to version 4.4.2:
  * Bump to v4.4.2
  * Release notes for v4.4.2
  * Revert "CI: Temporarily disable all AWS EC2-based tasks"
  * kube play: only enforce passthrough in Quadlet
  * Emergency fix for man pages: check for broken includes
  * CI: Temporarily disable all AWS EC2-based tasks
  * quadlet system tests: add useful defaults, logging
  * volume,container: chroot to source before exporting content
  * install sigproxy before start/attach
  * Update to c/image 5.24.1
  * events + container inspect test: RHEL fixes
  * Bump to v4.4.2-dev
​
- Remove patches (merged upstream):
  * volume-container-chroot-to-source-before-exporting-content.patch
- podman.spec: add `crun` requirement for quadlet
    (https://github.com/containers/podman/pull/17601)
​
-------------------------------------------------------------------
Tue Feb 21 07:40:30 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- podman.spec: set PREFIX at build stage (boo#1208510)
​
-------------------------------------------------------------------
Fri Feb 17 13:39:16 UTC 2023 - Dan Čermák <dcermak@suse.com>
​
- Add patch to fix bsc#1208364 aka CVE-2023-0778
​
  Added patch:
  * volume-container-chroot-to-source-before-exporting-content.patch
​
-------------------------------------------------------------------
Thu Feb 09 12:15:40 UTC 2023 - fvogt@suse.com
​
- Update to version 4.4.1:
  * Bump to v4.4.1
  * Update release notes for Podman 4.4.1
  * kube play: do not teardown unconditionally on error
  * Resolve symlink path for qemu directory if possible
  * events: document journald identifiers
  * Quadlet: exit 0 when there are no files to process
  * Cleanup podman-systemd.unit file
  * Install podman-systemd.unit  man page, make quadlet discoverable
  * Add missing return after errors
  * oci: bind mount /sys with --userns=(auto|pod:)
  * docs: specify order preference for FROM
  * Cirrus: Fix & remove GraphQL API tests
  * test: adapt test to work on cgroupv1
  * make hack/markdown-preprocess parallel-safe
  * Fix default handling of pids-limit
  * system tests: fix volume exec/noexec test
  * Bump to v4.4.1-dev
​
-------------------------------------------------------------------
Thu Feb 02 12:57:45 UTC 2023 - dcermak@suse.com
​
- Remove patches (merged upstream or resolved otherwise):
  * 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
  * 0002-Make-the-priority-for-picking-the-storage-driver-con.patch
  * 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch
​
- remove long obsolete update scriptlets
​
- Update to version 4.4.0:
  * Bump to v4.4.0
  * Final release notes for v4.4.0
  * Emergency fix for RHEL8 gating tests
  * Do not mount /dev/tty into rootless containers
  * Fixes port collision issue on use of --publish-all
  * Fix usage of absolute windows paths with --image-path
  * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
  * podman-events: document verbose create events
  * Making gvproxy.exe optional for building Windows installer
  * Add gvproxy to Windows packages
  * Match VT device paths to be blocked from mounting exactly
  * Clean up more language for inclusiveness
  * Set runAsNonRoot=true in gen kube
  * quadlet: Add device support for .volume files
  * fix: running check error when podman is default in wsl
  * fix: don't output "ago" when container is currently up and running
  * journald: podman logs only show logs for current user
  * journald: podman events only show events for current user
  * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
  * DB: make loading container states optional
  * ps: do not sync container
  * Allow --device-cgroup-rule to be passed in by docker API
  * [v4.4] Bump to Buildah v1.29.0
  * Bump to v4.4.0-dev
  * Bump to v4.4.0-RC3
  * Create release notes for v4.4.0
  * Cirrus: Update operating branch
  * fix APIv2 python attach test flake
  * ps: query health check in batch mode
  * make example volume import, not import volume
  * Correct output when inspecting containers created with --ipc
  * Vendor containers/(storage, image, common, buildah)
  * Get correct username in pod when using --userns=keep-id
  * ps: get network data in batch mode
  * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
  * add hack/perf for comparing two container engines
  * systems: retrofit dns options test to honor other search domains
  * ps: do not create copy of container config
  * libpod: set search domain independently of nameservers
  * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
  * podman: relay custom DNS servers to network stack
  * (fix) mount_program is in storage.options.overlay
  * Change example target to default in doc
  * network create: do not allow `default` as name
  * kube-play: add support for HostPID in podSpec
  * build(deps): bump github.com/docker/docker
  * Let's see if #14653 is fixed or not
  * Add support for podman build --group-add
  * vendor in latests containers/(storage, common, build, image)
  * unskip network update test
  * do not install swagger by default
  * pasta: skip "Local forwarder, IPv4" test
  * add testbindings Makefile target
  * update CI images to include pasta
  * [CI:DOCS] Add CNI deprecation notices to documentation
  * Cirrus: preserve podman-server logs
  * waitPidStop: reduce sleep time to 10ms
  * StopContainer: return if cleanup process changed state
  * StopSignal: add a comment
  * StopContainer: small refactor
  * waitPidStop: simplify code
  * e2e tests: reenable long-skipped build test
  * Add openssh-clients to podmanimage
  * Reworks Windows smoke test to tunnel through interactive session.
  * fix bud-multiple-platform-with-base-as-default-arg flake
  * Remove ReservedAnnotations from kube generate specification
  * e2e: update test/README.md
  * e2e: use isRootless() instead of rootless.IsRootless()
  * Cleanup documentation on --userns=auto
  * Bump to v4.4.0-dev
  * Bump to v4.4.0-rc2
  * Vendor in latest c/common
  * sig-proxy system test: bump timeout
  * build(deps): bump github.com/containernetworking/plugins
  * rootless: rename auth-scripts to preexec-hooks
  * Docs: version-check updates
  * commit: use libimage code to parse changes
  * [CI:DOCS] Remove experimental mac tutorial
  * man: Document the interaction between --systemd and --privileged
  * Make rootless privileged containers share the same tty devices as rootfull ones
  * container kill: handle stopped/exited container
  * Vendor in latest containers/(image,ocicrypt)
  * add a comment to container removal
  * Vendor in latest containers/storage
  * Cirrus: Run machine tests on PR merge
  * fix flake in kube system test
  * kube play: complete container spec
  * E2E Tests: Use inspect instead of actual data to avoid UDP flake
  * Use containers/storage/pkg/regexp in place of regexp
  * Vendor in latest containers/storage
  * Cirrus: Support using updated/latest NV/AV in PRs
  * Limit replica count to 1 when deploying from kubernetes YAML
  * Set StoppedByUser earlier in the process of stopping
  * podman-play system test: refactor
  * Bump to v4.4.0-dev
  * Bump to v4.4.0-RC1
  * network: add support for podman network update and --network-dns-server
  * service container: less verbose error logs
  * Quadlet Kube - add support for PublishPort key
  * e2e: fix systemd_activate_test
  * Compile regex on demand not in init
  * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
  * E2E Test: Play Kube set deadline to connection to avoid hangs
  * Only prevent VTs to be mounted inside privileged systemd containers
  * e2e: fix play_kube_test
  * Updated error message for supported VolumeSource types
  * Introduce pkg retry logic in win installer task
  * logformatter: include base SHA, with history link
  * Network tests: ping redhat.com, not podman.io
  * cobra: move engine shutdown to Execute
  * Updated options for QEMU on Windows hosts
  * Update Mac installer to use gvproxy v0.5.0
  * podman: podman rm -f doesn't leave processes
  * oci: check for valid PID before kill(pid, 0)
  * linux: add /sys/fs/cgroup if /sys is a bind mount
  * Quadlet: Add support for ConfigMap key in Kube section
  * remove service container _after_ pods
  * Kube Play - allow setting and overriding published host ports
  * oci: terminate all container processes on cleanup
  * Update win-sshproxy to 0.5.0 gvisor tag
  * Vendor in latest containers/common
  * Fix a potential defer logic error around locking
  * logformatter: nicer formatting for bats failures
  * logformatter: refactor verbose line-print
  * e2e tests: stop using UBI images
  * k8s-file: podman logs --until --follow exit after time
  * journald: podman logs --until --follow exit after time
  * journald: seek to time when --since is used
  * podman logs: journald fix --since and --follow
  * Preprocess files in UTF-8 mode
  * Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools
  * Vendor in latest containers/(common, image, storage)
  * Switch to C based msi hooks for win installer
  * hack/bats: improve usage message
  * hack/bats: add --remote option
  * hack/bats: fix root/rootless logic
  * Describe copy volume options
  * Support sig-proxy for podman-remote attach and start
  * libpod: fix race condition rm'ing stopping containers
  * e2e: fix run_volume_test
  * Add support for Windows ARM64
  * Add shared --compress to man pages
  * Add container error message to ContainerState
  * Man page checker: require canonical name in SEE ALSO
  * system df: improve json output code
  * kube play: fix the error logic with --quiet
  * System tests: quadlet network test
  * Fix: List container with volume filter
  * adding -dryrun flag
  * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
  * Kube Play: use passthrough as the default log-driver if service-container is set
  * System tests: add missing cleanup
  * System tests: fix unquoted question marks
  * Build and use a newer systemd image
  * Quadlet Network - Fix the name of the required network service
  * System Test Quadlet - Volume dependency test did not test the dependency
  * fix `podman system connection - tcp` flake
  * vendor: bump c/storage to a747b27
  * Fix instructions about setting storage driver on command-line
  * Test README - point users to hack/bats
  * System test: quadlet kube basic test
  * Fixed `podman update --pids-limit`
  * podman-remote,bindings: trim context path correctly when its emptydir
  * Quadlet Doc: Add section for .kube files
  * e2e: fix containers_conf_test
  * Allow '/' to prefix container names to match Docker
  * Remove references to qcow2
  * Fix typos in man page regarding transient storage mode.
  * make: Use PYTHON var for .install.pre-commit
  * Add containers.conf read-only flag support
  * Explain that relabeling/chowning of volumes can take along time
  * events: support "die" filter
  * infra/abi: refactor ContainerRm
  * When in transient store mode, use rundir for bundlepath
  * quadlet: Support Type=oneshot container files
  * hacks/bats: keep QUADLET env var in test env
  * New system tests for conflicting options
  * Vendor in latest containers/(buildah, image, common)
  * Output Size and Reclaimable in human form for json output
  * podman service: close duplicated /dev/null fd
  * ginkgo tests: apply ginkgolinter fixes
  * Add support for hostPath and configMap subpath usage
  * export: use io.Writer instead of file
  * rootless: always create userns with euid != 0
  * rootless: inhibit copy mapping for euid != 0
  * pkg/domain/infra/abi: introduce `type containerWrapper`
  * vendor: bump to buildah ca578b290144 and use new cache API
  * quadlet: Handle booleans that have defaults better
  * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
  * Add podman-clean-transient.service service
  * Stop recording annotations set to false
  * Unify --noheading and -n to be consistent on all commands
  * pkg/domain/infra/abi: add `getContainers`
  * Update vendor of containters/(common, image)
  * specfile: Drop user-add depedency from quadlet subpackage.
  * quadlet: Default BINDIR to /usr/bin if tag not specified
  * Quadlet: add network support
  * Add comment for jsonMarshal command
  * Always allow pushing from containers-storage
  * libpod: move NetNS into state db instead of extra bucket
  * Add initial system tests for quadlets
  * quadlet: Add --user option
  * libpod: remove CNI word were no longer applicable
  * libpod: fix header length in http attach with logs
  * podman-kube@ template: use `podman kube`
  * build(deps): bump github.com/docker/docker
  * wait: add --ignore option
  * qudlet: Respect $PODMAN env var for podman binary
  * e2e: Add assert-key-is-regex check to quadlet e2e testsuite
  * e2e: Add some assert to quadlet test to make sure testcases are sane
  * remove unmapped ports from inspect port bindings
  * update podman-network-create for clarity
  * Vendor in latest containers/common with default capabilities
  * pkg/rootless: Change error text ...
  * rootless: add cli validator
  * rootless: define LIBEXECPODMAN
  * doc: fix documentation for idmapped mounts
  * bump golangci-lint to v1.50.1
  * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
  * [CI:DOCS] podman-mount: s/umount/unmount/
  * create/pull --help: list pull policies
  * Network Create: Add --ignore flag to support idempotent script
  * Make qemu security model none
  * libpod: use OCI idmappings for mounts
  * stop reporting errors removing containers that don't exist
  * test: added test from wait endpoint with to long label
  * quadlet: Default VolatileTmp to off
  * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
  * docs/options/ipc: fix list syntax
  * Docs: Add dedicated DOWNLOAD doc w/ links to bins
  * Make a consistently-named windows installer
  * checkpoint restore: fix --ignore-static-ip/mac
  * add support for subpath in play kube for named volumes
  * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
  * golangci-lint: remove three deprecated linters
  * parse-localbenchmarks: separate standard deviation
  * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
  * podman play kube support container startup probe
  * Add podman buildx version support
  * Cirrus: Collect benchmarks on machine instances
  * Cirrus: Remove escape codes from log files
  * [CI:DOCS] Clarify secret target behavior
  * Fix typo on network docs
  * podman-remote build add --volume support
  * remote: allow --http-proxy for remote clients
  * Cleanup kube play workloads if error happens
  * health check: ignore dependencies of transient systemd units/timers
  * fix: event read from syslog
  * Fixes secret (un)marshaling for kube play.
  * Remove 'you' from man pages
  * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
  * [CI:DOCS] test/README.md: run tests with podman-remote
  * e2e: keeps the http_proxy value
  * Makefile: Add podman-mac-helper to darwin client zip
  * test/e2e: enable "podman run with ipam none driver" for nv
  * [skip-ci] GHA/Cirrus-cron: Fix execution order
  * kube sdnotify: run proxies for the lifespan of the service
  * Update containers common package
  * podman manpage: Use man-page links instead of file names
  * e2e: fix e2e tests in proxy environment
  * Fix test
  * disable healthchecks automatically on non systemd systems
  * Quadlet Kube: Add support for userns flag
  * [CI:DOCS] Add warning about --opts,o with mount's -o
  * Add podman system prune --external
  * Add some tests for transient store
  * runtime: In transient_store mode, move bolt_state.db to rundir
  * runtime: Handle the transient store options
  * libpod: Move the creation of TmpDir to an earlier time
  * network create: support "-o parent=XXX" for ipvlan
  * compat API: allow MacAddress on container config
  * Quadlet Kube: Add support for relative path for YAML file
  * notify k8s system test: move sending message into exec
  * runtime: do not chown idmapped volumes
  * quadlet: Drop ExecStartPre=rm %t/%N.cid
  * Quadlet Kube: Set SyslogIdentifier if was not set
  * Add a FreeBSD cross build to the cirrus alt build task
  * Add completion for --init-ctr
  * Fix handling of readonly containers when defined in kube.yaml
  * Build cross-compilation fixes
  * libpod: Track healthcheck API changes in healthcheck_unsupported.go
  * quadlet: Use same default capability set as podman run
  * quadlet: Drop --pull=never
  * quadlet: Change default of ReadOnly to no
  * quadlet: Change RunInit default to no
  * quadlet: Change NoNewPrivileges default to false
  * test: podman run with checkpoint image
  * Enable 'podman run' for checkpoint images
  * test: Add tests for checkpoint images
  * CI setup: simplify environment passthrough code
  * Init containers should not be restarted
  * Update c/storage after https://github.com/containers/storage/pull/1436
  * Set the latest release explicitly
  * add friendly comment
  * fix an overriding logic and load config problem
  * Update the issue templates
  * Update vendor of containers/(image, buildah)
  * [CI:DOCS] Skip windows-smoke when not useful
  * [CI:DOCS] Remove broken gate-container docs
  * OWNERS: add Jason T. Greene
  * hack/podmansnoop: print arguments
  * Improve atomicity of VM state persistence on Windows
  * [CI:BUILD] copr: enable podman-restart.service on rpm installation
  * macos: pkg: Use -arm64 suffix instead of -aarch64
  * linux: Add -linux suffix to podman-remote-static binaries
  * linux: Build amd64 and arm64 podman-remote-static binaries
  * container create: add inspect data to event
  * Allow manual override of install location
  * Run codespell on code
  * Add missing parameters for checkpoint/restore endpoint
  * Add support for startup healthchecks
  * Add information on metrics to the `network create` docs
  * Introduce podman machine os commands
  * Document that ignoreRootFS depends on export/import
  * Document ignoreVolumes in checkpoint/restore endpoint
  * Remove leaveRunning from swagger restore endpoint
  * libpod: Add checks to avoid nil pointer dereference if network setup fails
  * Address golangci-lint issues
  * Bump golang version to 1.18
  * Documenting Hyper-V QEMU acceleration settings
  * Kube Play: fix the handling of the optional field of SecretVolumeSource
  * Update Vendor of containers/(common, image, buildah)
  * Fix swapped NetInput/-Output stats
  * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
  * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
  * test/tools: rebuild when files are changed
  * ginkgo tests: apply ginkgolinter fixes
  * ginkgo: restructure install work flow
  * Fix manpage emphasis
  * specgen: support CDI devices from containers.conf
  * vendor: update containers/common
  * pkg/trust: Take the default policy path from c/common/pkg/config
  * Add validate-in-container target
  * Adding encryption decryption feature
  * container restart: clean up healthcheck state
  * Add support for podman-remote manifest annotate
  * Quadlet: Add support for .kube files
  * Update vendor of containers/(buildah, common, storage, image)
  * specgen: honor user namespace value
  * [CI:DOCS] Migrate OSX Cross to M1
  * quadlet: Rework uid/gid remapping
  * GHA: Fix cirrus re-run workflow for other repos.
  * ssh system test: skip until it becomes a test
  * shell completion: fix hard coded network drivers
  * libpod: Report network setup errors properly on FreeBSD
  * E2E Tests: change the registry for the search test to avoid authentication
  * pkginstaller: install podman-mac-helper by default
  * Fix language. Mostly spelling a -> an
  * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
  * [CI:DOCS] Fix spelling and typos
  * Modify man page of "--pids-limit" option to correct a default value.
  * Update docs/source/markdown/podman-remote.1.md
  * Update pkg/bindings/connection.go
  * Add more documentation on UID/GID Mappings with --userns=keep-id
  * support podman-remote to connect tcpURL with proxy
  * Removing the RawInput from the API output
  * fix port issues for CONTAINER_HOST
  * CI: Package versions: run in the 'main' step
  * build(deps): bump github.com/rootless-containers/rootlesskit
  * pkg/domain: Make checkExecPreserveFDs platform-specific
  * e2e tests: fix restart race
  * Fix podman --noout to suppress all output
  * remove pod if creation has failed
  * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
  * Fix more podman-logs flakes
  * healthcheck system tests: try to fix flake
  * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
  * GHA: Configure workflows for reuse
  * compat,build: handle docker's preconfigured cacheTo,cacheFrom
  * docs: deprecate pasta network name
  * utils: Enable cgroup utils for FreeBSD
  * pkg/specgen: Disable kube play tests on FreeBSD
  * libpod/lock: Fix build and tests for SHM locks on FreeBSD
  * podman cp: fix copying with "." suffix
  * pkginstaller: bump Qemu to version 7.1.0
  * specgen,wasm: switch to crun-wasm wherever applicable
  * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
  * libpod: Make unit test for statToPercent Linux only
  * Update vendor of containers/storage
  * fix connection usage with containers.conf
  * Add --quiet and --no-info flags to podman machine start
  * Add hidden podman manifest inspect -v option
  * Bump github.com/onsi/gomega from 1.24.0 to 1.24.1
  * Add podman volume create -d short option for driver
  * Vendor in latest containers/(common,image,storage)
  * Add podman system events alias to podman events
  * Fix search_test to return correct version of alpine
  * Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools
  * GHA: Fix undefined secret env. var.
  * Release notes for 4.3.1
  * GHA: Fix make_email-body script reference
  * Add release keys to README
  * GHA: Fix typo setting output parameter
  * GHA: Fix typo.
  * New tool, docs/version-check
  * Formalize our compare-against-docker mechanism
  * Add restart-sec for container service files
  * test/tools: bump module to go 1.17
  * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
  * Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
  * Bump golang.org/x/term from 0.1.0 to 0.2.0
  * Bump golang.org/x/sys from 0.1.0 to 0.2.0
  * Bump github.com/container-orchestrated-devices/container-device-interface
  * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
  * libpod: Add FreeBSD support in packageVersion
  * Allow podman manigest push --purge|-p as alias for --rm
  * [CI:DOCS] Add performance tutorial
  * [CI:DOCS] Fix build targets in build_osx.md.
  * fix --format {{json .}} output to match docker
  * remote: fix manifest add --annotation
  * Skip test if `--events-backend` is necessary with podman-remote
  * kube play: update the handling of PersistentVolumeClaim
  * system tests: fix a system test in proxy environment
  * Use single unqualified search registry on Windows
  * test/system: Add, use tcp_port_probe() to check for listeners rather than binds
  * test/system: Add tests for pasta(1) connectivity
  * test/system: Move network-related helpers to helpers.network.bash
  * test/system: Use procfs to find bound ports, with optional address and protocol
  * test/system: Use port_is_free() from wait_for_port()
  * libpod: Add pasta networking mode
  * More log-flake work
  * Fix test flakes caused by improper podman-logs
  * fix incorrect systemd booted check
  * Cirrus: Add tests for GHA scripts
  * GHA: Update scripts to pass shellcheck
  * Cirrus: Shellcheck github-action scripts
  * Cirrus: shellcheck support for github-action scripts
  * GHA: Fix cirrus-cron scripts
  * Makefile: don't install to tmpfiles.d on FreeBSD
  * Make sure we can build and read each line of docker py's api client
  * Docker compat build api - make sure only one line appears per flush
  * Run codespell on code
  * Update vendor of containers/(image, storage, common)
  * Allow namespace path network option for pods.
  * Cirrus: Never skip running Windows Cross task
  * GHA: Auto. re-run failed cirrus-cron builds once
  * GHA: Migrate inline script to file
  * GHA: Simplify script reference
  * test/e2e: do not use apk in builds
  * remove container/pod id file along with container/pod
  * Cirrus: Synchronize windows image
  * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
  * runtime: add check for valid pod systemd cgroup
  * CI: set and verify DESIRED_NETWORK (netavark, cni)
  * [CI:DOCS] troubleshooting: document keep-id options
  * Man pages: refactor common options: --security-opt
  * Cirrus: Guarantee CNI testing w/o nv/av present
  * Cirrus: temp. disable all Ubuntu testing
  * Cirrus: Update to F37beta
  * buildah bud tests: better handling of remote
  * quadlet: Warn in generator if using short names
  * Add Windows Smoke Testing
  * Add podman kube apply command
  * docs: offer advice on installing test dependencies
  * Fix documentation on read-only-tmpfs
  * version bump to 4.4.0-dev
  * deps: bump go-criu to v6
  * Makefile: Add cross build targets for freebsd
  * pkg/machine: Make this build on FreeBSD/arm64
  * pkg/rctl: Remove unused cgo dependency
  * man pages: assorted underscore fixes
  * Upgrade GitHub actions packages from v2 to v3
  * vendor github.com/godbus/dbus/v5@4b691ce
  * [CI:DOCS] fix --tmpdir typos
  * Do not report that /usr/share/containers/storage.conf has been edited.
  * Eval symlinks on XDG_RUNTIME_DIR
  * hack/podmansnoop
  * rootless: support keep-id with one mapping
  * rootless: add argument to GetConfiguredMappings
  * Update vendor containers/(common,storage,buildah,image)
  * Fix deadlock between 'podman ps' and 'container inspect' commands
  * Add information about where the libpod/boltdb database lives
  * Consolidate the dependencies for the IsTerminal() API
  * Ensure that StartAndAttach locks while sending signals
  * ginkgo testing: fix podman usernamespace join
  * Test runners: nuke podman from $PATH before tests
  * volumes: Fix idmap not working for volumes
  * FIXME: Temporary workaround for ubi8 CI breakage
  * System tests: teardown: clean up volumes
  * update api versions on docs.podman.io
  * system tests: runlabel: use podman-under-test
  * system tests: podman network create: use random port
  * sig-proxy test: bump timeout
  * play kube: Allow the user to import the contents of a tar file into a volume
  * Clarify the docs on DropCapability
  * quadlet tests: Disable kmsg logging while testing
  * quadlet: Support multiple Network=
  * quadlet: Add support for Network=...
  * Fix manpage for podman run --network option
  * quadlet: Add support for AddDevice=
  * quadlet: Add support for setting seccomp profile
  * quadlet: Allow multiple elements on each Add/DropCaps line
  * quadlet: Embed the correct binary name in the generated comment
  * quadlet: Drop the SocketActivated key
  * quadlet: Switch log-driver to passthrough
  * quadlet: Change ReadOnly to default to enabled
  * quadlet tests: Run the tests even for (exected) failed tests
  * quadlet tests: Fix handling of stderr checks
  * Remove unused script file
  * notifyproxy: fix container watcher
  * container/pod id file: truncate instead of throwing an error
  * quadlet: Use the new podman create volume --ignore
  * Add podman volume create --ignore
  * logcollector: include aardvark-dns
  * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
  * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
  * docs: generate systemd: point to kube template
  * docs: kube play: mention restart policy
  * Fixes: 15858 (podman system reset --force destroy machine)
  * fix search flake
  * use cached containers.conf
  * adding regex support to the ancestor ps filter function
  * Fix `system df` issues with `-f` and `-v`
  * markdown-preprocess: cross-reference where opts are used
  * Default qemu flags for Windows amd64
  * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
  * Update main to reflect v4.3.0 release
  * build(deps): bump github.com/docker/docker
  * move quadlet packages into pkg/systemd
  * system df: fix image-size calculations
  * Add man page for quadlet
  * Fix small typo
  * testimage: add iproute2 & socat, for pasta networking
  * Set up minikube for k8s testing
  * Makefile: don't install systemd generator binaries on FreeBSD
  * [CI:BUILD] copr: podman rpm should depend on containers-common-extra
  * Podman image: Set default_sysctls to empty for rootless containers
  * Don't use  github.com/docker/distribution
  * libpod: Add support for 'podman top' on FreeBSD
  * libpod: Factor out jail name construction from stats_freebsd.go
  * pkg/util: Add pid information descriptors for FreeBSD
  * Initial quadlet version integrated in golang
  * bump golangci-lint to v1.49.0
  * Update vendor containers/(common,image,storage)
  * Allow volume mount dups, iff source and dest dirs
  * rootless: fix return value handling
  * Change to correct break statements
  * vendor containers/psgo@v1.8.0
  * Clarify that MacOSX docs are client specific
  * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
  * Add swagger install + allow version updates in CI
  * Cirrus: Fix windows clone race
  * build(deps): bump github.com/docker/docker
  * kill: wait for the container
  * generate systemd: set --stop-timeout for stopping containers
  * hack/tree_status.sh: print diff at the end
  * Fix markdown header typo
  * markdown-preprocess: add generic include mechanism
  * markdown-preprocess: almost complete OO rewrite
  * Update tests for changed error messages
  * Update c/image after https://github.com/containers/image/pull/1299
  * Man pages: refactor common options (misc)
  * Man pages: Refactor common options: --detach-keys
  * vendor containers/storage@main
  * Man pages: refactor common options: --attach
  * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
  * KillContainer: improve error message
  * docs: add missing options
  * Man pages: refactor common options: --annotation (manifest)
  * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
  * system tests: health-on-failure: fix broken logic
  * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
  * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
  * ContainerEngine.SetupRootless(): Avoid calling container.Config()
  * Container filters: Avoid use of ctr.Config()
  * Avoid unnecessary calls to Container.Spec()
  * Add and use Container.LinuxResource() helper
  * play kube: notifyproxy: listen before starting the pod
  * play kube: add support for configmap binaryData
  * Add and use libpod/Container.Terminal() helper
  * Revert "Add checkpoint image tests"
  * Revert "cmd/podman: add support for checkpoint images"
  * healthcheck: fix --on-failure=stop
  * Man pages: Add mention of behavior due to XDG_CONFIG_HOME
  * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
  * Avoid unnecessary timeout of 250msec when waiting on container shutdown
  * health checks: make on-failure action retry aware
  * libpod: Remove 100msec delay during shutdown
  * libpod: Add support for 'podman pod' on FreeBSD
  * libpod: Factor out cgroup validation from (*Runtime).NewPod
  * libpod: Move runtime_pod_linux.go to runtime_pod_common.go
  * specgen/generate: Avoid a nil dereference in MakePod
  * libpod: Factor out cgroups handling from (*Pod).refresh
  * Adds a link to OSX docs in CONTRIBUTING.md
  * Man pages: refactor common options: --os-version
  * Create full path to a directory when DirectoryOrCreate is used with play kube
  * Return error in podman system service if URI scheme is not unix/tcp
  * Man pages: refactor common options: --time
  * man pages: document some --format options: images
  * Clean up when stopping pods
  * Update vendor of containers/buildah v1.28.0
  * Proof of concept: nightly dependency treadmill
​
-------------------------------------------------------------------
Tue Jan 17 10:42:42 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- add patch: 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch
    (backport of https://github.com/containers/storage/pull/1468)
​
-------------------------------------------------------------------
Fri Jan 13 12:46:24 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
​
- Make the priority for picking the storage driver configurable (bsc#1197093)
  (backport of https://github.com/containers/storage/pull/1460)
- add patch: 0002-Make-the-priority-for-picking-the-storage-driver-con.patch
​
-------------------------------------------------------------------
Tue Nov 22 08:20:16 UTC 2022 - dcermak@suse.com
​
- switch to building with go 1.17
- use %%make_* macros
- drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap
- remove rpmlintrc (contained only obsolete filters)
- remove obsolete with_libostree (we don't build on anything older than SLE 15)
- add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
  (hotfix for https://github.com/containers/podman/issues/16765)
- Update to version 4.3.1:
​
4.3.1:
​
### Bugfixes
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
​
### Misc
- Updated the containers/image library to v5.23.1
​
​
4.3.0:
​
### Features
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)).
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)).
- The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)).
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)).
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)).
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)).
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)).
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)).
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
- The `podman stats` command now accepts the `--no-trunc` option.
- The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)).
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)).
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)).
​
### Changes
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)).
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
- The installer for the Windows Podman client has been improved.
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)).
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)).
- Events for containers that are part of a pod now include the ID of the pod in the event.
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
​
### Bugfixes
- Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)).
- Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)).
- Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)).
- Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)).
- Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)).
- Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)).
- Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes.
- Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress.
- Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)).
- Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use.
- Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)).
- Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)).
- Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot.
- Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)).
- Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)).
- Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)).
- Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)).
- Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)).
- Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)).
- Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option.
- Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)).
- Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted.
- Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)).
- Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)).
- Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)).
- Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)).
- Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command.
- Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status.
- Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)).
- Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)).
- Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed.
- Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic.
- Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)).
​
### API
- Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)).
- Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)).
- The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)).
- Fixed a bug where the REST API could panic while retrieving images.
- Fixed a bug where a cancelled connection to several endpoints could induce a memory leak.
​
### Misc
- Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)).
- Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)).
- Work is ongoing to port Podman to FreeBSD.
- The output of `podman generate systemd` has been adjusted to improve readability.
- A number of performance improvements have been made to `podman create` and `podman run`.
- A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed.
- Updated Buildah to v1.28.0
- Updated the containers/image library to v5.23.0
- Updated the containers/storage library to v1.43.0
- Updated the containers/common library to v0.50.1
​
​
-------------------------------------------------------------------
Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com
​
- Update to version 4.2.1:
  * Bump to v4.2.1
  * Add release notes for v4.2.1
  * remove SkipIfNotFedora() from events test
  * fix podman events with custom format
  * Drop stale config value resulting in asymmetric config
  * Fix list of default capabilities
  * Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch)
  * libpod: Ensure that generated container names are random
  * Fix bind-mount-option annotation in gen/play kube
  * Improved Windows compatibility for machine command
  * updated apiv2 tests to reflect hash compat fix
  * api: return imageID instead of imageName, for "Image" when Podman API is queried
  * Inhibit SIGTERM during Conmon startup
  * Fix example sections to follow the same format
  * Fix template name inconsistency
  * service: make move to sub-cgroup non fatal
  * Remove duplicate annotations in generated service yaml
  * Compat API image remove events now have 'delete' status
  * [CI:DOCS] Automatically set podman version in pkginstaller
  * Allow colons in windows file paths
  * Fixes isRootfull check using qemu machine on Windows
  * vendor containers/psgo@v1.7.3
  * Allow podman to run in an environment with keys containing spaces
  * Document restrictions on transport in FROM
  * Improved Windows compatibility
  * pass environment variables to container clone
  * podman save: update --compress validation
  * sort hc.Binds returned from compat api
  * Cirrus: Update podman-machine comment
  * podman images and friends can take one image as argument
  * [CI:DOCS] Add .DS_Store to gitignore
  * podman-kube@.service.in: Remove Restart=never option with typo
  * Fix #15499 already connected network
  * [CI:DOCS] Cirrus: Update meta-task for EC2 image
  * fix CI: remove hardcodeded alpine version
  * fix CI: remove hardcodeded alpine version
  * Preserve all unknown PolicyRequirement fields on (podman image trust set)
  * Reorganize the types in policy.go a bit
  * Add support for showing keyPaths in (podman image trust show)
  * Support (image trust show) for sigstoreSigned entries
  * BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements
  * Reorganize descriptionsOfPolicyRequirements a bit
  * Use the full descriptionsOfPolicyRequirements for the default scope
  * Rename haveMatchRegistry to registriesDConfigurationForScope
  * Rename tempTrustShowOutput to entry
  * Split descriptionsOfPolicyRequirements out of getPolicyShowOutput
  * Recognize the new lookaside names for simple signing sigstore
  * Add a unit test for trust.PolicyDescription
  * Make the output of (podman image trust show) deterministic
  * Make most of pkg/trust package-private
  * Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
  * Add support for sigstoreSigned in (podman image trust set)
  * Create new policy entries together with validating input
  * Improve validation of data in ImageEngine.SetTrust
  * Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries
  * Add a variable for scope
  * Make trust.CreateTempFile private
  * Reorganize pkg/trust
  * Remove an unused trust.ShowOutput type
  * Remove commented out code
  * libpod: UpdateContainerStatus: do not wait for container
  * Skip / update some tests under runc
  * Bump to v4.2.1-dev
  * test: update apply-podman-deltas for new tests
  * build: implement --cache-to,--cache-from and --cache-ttl
  * vendor: bump buildah to v1.27.0
​
-------------------------------------------------------------------
Thu Aug 11 08:50:55 UTC 2022 - michael@stroeder.com
​
- Update to version 4.2.0:
  * Features
    - Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
    - A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
    - A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
    - A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
    - Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
    - The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
    - The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
    - The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
    - The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
    - Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
    - The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
    - The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
    - The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
    - The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
    - The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
    - The podman create and podman run commands now include the -c short option for the --cpu-shares option.
    - The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
    - The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
    - The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
    - The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
    - The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
    - Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
    - The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
    - Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
    - The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
    - Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
    - The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
    - When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
    - The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
    - The remote Podman client now supports the podman image scp command.
    - The podman image scp command now supports tagging the transferred image with a new name.
    - The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
    - The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
    - The podman events command now includes the -f short option for the --filter option.
    - The podman pull command now includes the -a short option for the --all-tags option.
    - The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
    - The Podman global option --url now has two aliases: -H and --host.
    - The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
    - Added the ability to create sigstore signatures in podman push and podman manifest push.
    - Added an option to read image signing passphrase from a file.
  * Changes
    - Paused containers can now be killed with the podman kill command.
    - The podman system prune command now removes unused networks.
    - The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
    - If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
    - The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
    - All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
    - The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
    - Init containers created with podman play kube now default to the once type (#14877).
    - Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
    - The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
    - The libpod/common package has been removed as it's not used anywhere.
    - The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
  * Bugfixes
    - Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
    - Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
    - Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
    - Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
    - Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
    - Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420).
    - Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401).
    - Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303).
    - Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416).
    - Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640).
    - Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572).
    - Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154).
    - Fixed a bug where interrupting the podman machine start command could render the VM unable to start.
    - Fixed a bug where the podman machine list --format command would still print a heading.
    - Fixed a bug where the podman machine list command did not properly set the Starting field (#14738).
    - Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number.
    - Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837).
    - Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697).
    - Fixed a bug where the podman -h command did not show help output.
    - Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
    - Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493).
    - Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736).
    - Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516).
    - Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
    - Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
    - Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763).
    - Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option.
    - Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819).
    - Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030).
    - Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769).
    - Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output.
    - Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879).
    - Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966).
    - Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971).
    - Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929).
    - Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612).
    - Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055).
    - Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033).
    - Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049).
    - Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052).
    - Fixed a bug where the podman generate systemd --new command would fail when -h <hostname> was used to create the container (#15124).
  * API
    - The Docker-compatible API now supports API version v1.41 (#14204).
    - Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036).
    - Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831).
    - Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647).
    - Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676).
    - Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
    - Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493).
    - Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482).
    - Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983).
    - Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674).
    - The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674).
  * Misc
    - Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
    - The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
    - Podman Machine support for QEMU installations at non-default paths has been improved.
    - The podman machine ssh command no longer prints spurious warnings every time it is run.
    - When accessing the WSL prompt on Windows, the rootless user will be preferred.
    - The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
    - The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
    - The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
    - Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
    - Updated the containers/image library to v5.22.0
    - Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
    - Updated the containers/common library to v0.49.1
    - Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
    - Fixed an incorrect release note about regexp.
    - A new MacOS installer (via pkginstaller) is now supported.
​
-------------------------------------------------------------------
Fri Jul  1 11:08:05 UTC 2022 - Predrag Ivanović <predivan@mts.rs>
​
- Fix build on Leap
    Use libexec macro to set correct, per-distribution specific, directory.
​
-------------------------------------------------------------------
Wed Jun 22 09:41:22 UTC 2022 - rbrown@suse.com
​
- Update to version 4.1.1:
  * The output of the podman load command now mirrors that of docker load.
  * Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
  * A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
  * Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
  * Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
  * The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
  * The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
  * The podman play kube command will now set default resource limits when the provided YAML does not include them.
  * The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
  * The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
  * The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
  * The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
  * The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
  * The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
  * The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
  * The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
  * The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
  * The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
  * The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
  * The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
  * The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
  * The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
  * The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
  * The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
  * The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
  * The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
  * Fix CVE-2022-27191 / bsc#1197284
- Drop obsolete patches:
  * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
  * 0001-Relabel-relabel-links-instead-of-their-targets.patch
  * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
  * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
​
-------------------------------------------------------------------
Mon May 23 11:48:34 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
​
- Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath()
  skip empty line to avoid false error logging") for fixing "Error parsing
  cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies
  to Factory/Tumbleweed too)
  * 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
​
-------------------------------------------------------------------
Tue Apr 12 08:09:02 UTC 2022 - Richard Brown <rbrown@suse.com>
​
- Require catatonit >= 0.1.7 for pause functionality needed by pods
​
-------------------------------------------------------------------
Thu Apr  7 12:25:33 UTC 2022 - Fabian Vogt <fvogt@suse.com>
​
- Add patch to make buildah happy after selinux change:
  * 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
​
-------------------------------------------------------------------
Thu Apr  7 08:51:50 UTC 2022 - Fabian Vogt <fvogt@suse.com>
​
- Add patch to fix starting containers on btrfs with SELinux
  (gh#opencontainers/selinux#172):
  * 0001-Relabel-relabel-links-instead-of-their-targets.patch
- Add patch to fix starting containers as user service with systemd 250
  (boo#1197672, gh#containers/podman#13731):
  * 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
​
-------------------------------------------------------------------
Fri Apr 01 20:34:28 UTC 2022 - michael@stroeder.com
​
- Update to version 4.0.3:
  * Security
    - This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
  * Changes
    - The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
    - When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
  * Bugfixes
    - Fixed a bug where devices added to containers by the --device option to podman run and podman create would not be accessible within the container.
    - Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
    - Fixed a bug where pods would be created with cgroups even if cgroups were disabled in containers.conf (#13411).
    - Fixed a bug where the podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).
    - Fixed a bug where the podman machine rm command would not remove the Podman API socket on the host that was associated with the VM.
    - Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
    - Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
    - Fixed a bug where the podman version command could sometimes print excess blank lines as part of its output.
    - Fixed a bug where the podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272).
    - Fixed a bug where locally building the pause image could fail if the current directory contained a .dockerignore file (#13529).
    - Fixed a bug where root containers in VMs created by podman machine could not bind ports to specific IPs on the host (#13543).
    - Fixed a bug where the storage utilization percentages displayed by podman system df were incorrect (#13516).
    - Fixed a bug where the CPU utilization percentages displayed by podman stats were incorrect (#13597).
    - Fixed a bug where containers created with the --no-healthcheck option would still display healthcheck status in podman inspect (#13578).
    - Fixed a bug where the podman pod rm command could print a warning about a missing cgroup (#13382).
    - Fixed a bug where the podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227).
    - Fixed a bug where virtual machines created by podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394).
    - Fixed a bug where the remote Podman client's podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293).
    - Fixed a bug where Podman would not properly detect the use of systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324).
    - Fixed a bug where rootless Podman could, on systems that do not use systemd as init, print a warning message about the rootless network namespace (#13703).
    - Fixed a bug where the default systemd unit file for podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710).
    - Fixed a bug where the slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643).
  * API
    - Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).
  * Misc
    - The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
    - Updated Buildah to v1.24.3
    - Updated the containers/storage library to v1.38.3
    - Updated the containers/image library to v5.19.2
    - Updated the containers/common library to v0.47.5
​
-------------------------------------------------------------------
Wed Mar 16 13:25:48 UTC 2022 - rbrown@suse.com
​
- Update to version 4.0.2:
  * Bump to v4.0.2
  * Update release notes for v4.0.2
  * Revert "use GetRuntimeDir() from c/common"
  * Revert "Option --url and --connection should imply --remote."
  * Option --url and --connection should imply --remote.
  * Bump to v4.0.2-dev
  * Bump to v4.0.1
  * Update release notes for v4.0.1
  * Fix a potential flake in volume plugins tests
  * Propagate $CONTAINERS_CONF to conmon
  * tests: Remove inaccurate comment
  * System tests: show one-line config overview
  * provide better error on invalid flag
  * use GetRuntimeDir() from c/common
  * kube: honor --build=false and make --build=true by default
  * system tests: cleanup networks on teardown
  * Remove the runtime lock
  * Don't log errors on removing volumes inuse, if container --volumes-from
  * kube: honor mount propagation mode
  * Load ip_tables modules at boot
  * Cirrus: Disable F34 aka prior-fedora testing
  * Cirrus: Update VM Images for 4.0 release
  * Bump to v4.0.1-dev
  * Bump to v4.0.0
  * Release notes for v4.0.0 final
  * Fix lint
  * Fix manifest 4.0 Endpoints Branch forced 4.0 only endpoints
  * Introduce podman machine init --root=t|f and podman machine set --root=t|f
  * Initial implementation of mac forwarding using a privileged docker sock claim helper
  * ignition: propagate proxy settings from a host into a vm
  * Update to podman4 copr stream
  * Unify ls --filter docs for networks and pods
  * e2e: merge after/since image-filter tests
  * podman network: add documentation for netavark
  * create: Fix key=value annotation in the flag output
  * enable netavark specific tests
  * Fix checkpoint/restore pod tests
  * Make sure building with relative paths work correctly.
  * Add 409 response to swagger godoc
  * Fix images since/after tests
  * Changes of docker descriptions
  * Temporarily pull machine images from side repo
  * Cirrus: TODO: netavark/aardvark release branches
  * Cirrus: Expand netavark testing to include rootless
  * Cirrus: Minor - limit release task applicability
  * Cirrus: Add [CI:BUILD] magic that only builds
  * CI: fix nightly builds
  * Cirrus: Log netavark/aardvark binary build info.
  * Cirrus: Add netavark/aardvark system test task
  * Cirrus: Also download aardvark-dns binary
  * Cirrus: Add e2e task w/ upstream netavark
  * Revert minimum API change
  * netavark e2e tests
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC5
  * Update release notes for v4.0.0-RC5
  * Modify /etc/resolv.conf when connecting/disconnecting
  * Do not set the network config dir to cni plugin dir
  * Show API doc for several versions
  * [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.
  * fix: Multiplication of durations
  * move rootless netns slirp4netns process to systemd user.slice
  * compat: endpoint /build must set header content type as application/json in reponse
  * Cleanup: remove obsolete/misleading bug workaround
  * tests: retrofit healthcheck system tests
  * healthcheck, libpod: Read healthcheck event output from os pipe
  * Fix: Do not print error when parsing journald log fails
  * Bump github.com/buger/goterm from 1.0.1 to 1.0.4
  * append podman dns search domain
  * Podman pod create --share-parent vs --share=cgroup
  * System tests: revert emergency skip of checkpoint tests
  * Add version guard to libpod API endpoints
  * [v4.0] Bump c/common to v0.47.4
  * idmap should be able to be specified along with other options
  * Vendor in containers/buildah v1.24.1
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC4
  * Disable failing E2E test
  * Revert "Move each search dns to its own line"
  * Move each search dns to its own line
  * Update release notes for v4.0.0-RC4
  * Document `schema` values in the `--url` flag
  * podman image scp syntax correction
  * system prune: remove all networks
  * Only change network fields if they were actually changed by the user
  * docs: clarify rootless net stats
  * Fix size to match Docker selection
  * libpod: enforce noexec,nosuid,nodev for /dev/shm
  * Clarify remote client means Mac and Windows
  * libpod: report slirp4netns network stats
  * Add notes to "--oom-kill-disable" not supported on cgroups V2
  * Fix use of infra image to clarify default
  * Adapt podman images ls filters docs to be aligned with prune filters docs
  * ignition, machine: delegate cpu,io cgroup controllers to machine's default users
  * pkg/bindings/images.Build(): slashify "dockerfile" values, too
  * Remove mention of IPv6 portfwd from release notes
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC3
  * Update release notes for v4.0.0-RC3
  * Fix Cirrus destination branch
  * volume: add support for non-volatile upperdir,workdir for overlay volumes
  * github: label issues based on os fix regex
  * github: label issues based on os
  * Cirrus: Fix get_ci_vm.sh initial setup
  * System tests: emergency skip of checkpoint tests
  * network create: allow multiple subnets
  * Update troubleshooting.md
  * Fix sort ordering of filters
  * Unify podman prune filter description: volumes, networks, system
  * Bump Buildah to v1.24.0
  * rootless: drop permission check for devices
  * switch podman image scp from depending on machinectl to just os/exec
  * Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
  * Bump github.com/containers/storage from 1.38.0 to 1.38.1
  * change location of where make outputs podman binary on osx
  * Github workflow: Fix parsing of GraphQL response JSON
  * Github-workflow: Fix YAML syntax
  * Update godoc, swagger using wrong struct
  * Makefile: install targets independent of build
  * [CI:DOCS] Fix typos and improve language
  * CI: enable rootless-remote system tests
  * pkg/specgen/generate/security: fix error message
  * Github workflow: Send e-mail on job error
  * Github workflow: Update Cirrus-cron GraphQL query
  * remote build: set rootless oci isolation correctly
  * [CI:DOCS] Fix typos and improve language
  * Fix handling of duplicate matches on id expansion
  * Show correct default values or show none
  * exec: retry rm -rf on ENOTEMPTY and EBUSY
  * container create: do not check for network dns support
  * libpod: fix leaking fd
  * libpod: fix connection leak
  * [CI:DOCS] fix typo subpordinate
  * Fix filter description and unify filters docs for containers/images prune
  * Remove unused param and clean API handlers
  * Restore machine start logic that was hanging
  * Bump to v4.0.0-dev
  * Bump to v4.0.0-RC2
  * Final release notes for v4.0.0-rc2
  * Run codespell on code
  * Update release notes for Podman v4.0.0
  * Fix #2 for compat commit handling of --changes
  * Fix nil pointer dereference for configmap optional
  * Make error message matching in 030-run.bats less fragile
  * Don't explicitly check for crun|runc in package information
  * Don't segfault if an image layer has no creation timestamp
  * compat: remove hardcoded index from load images output report
  * compat: images/load must be able to load tar with multiple images
  * System tests: fix for new systemd on rawhide
  * Remove rootless_networking option from containers.conf
  * vendor c/psgo@v1.7.2 (fixes CVE-2022-1227 / bsc#1182428)
  * Engine.Remote from containers.conf
  * vendor: bump c/common and other vendors
  * rootless: report correctly the error
  * Implement API forwarding for podman machine on Windows
  * Implement env parsing on Windows
  * Handle changes in docker compat mode
  * Show package version when running on alpine
  * Handlers for `generate systemd` with custom dependencies
  * APIv2 tests: followup to recent log test
  * Add IndexConfigs to compat /info endpoint
  * Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
  * apiv2 test: add regression test for #12904
  * SECURITY.md: fix the project name
  * rename --cni-config-dir to --network-config-dir
  * compat attach: fix write on closed channel
  * upgrade all dependencies
  * Revert "Cirrus: Temporarily disable OSX Cross task"
  * Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
  * bump go module to version 4
  * [NO NEW TESTS NEEDED] add builddeps to copr template
  * CI: rootless user: also create in some root tests
  * [WIP] Tests for podman image scp (the sudo form)
  * Revamp Libpod state strings for Docker compat
  * Cirrus: Temporarily disable OSX Cross task
  * update c/common to latest
  * Use PODMAN_USERNS environment variable when running as a service
  * Unify the method of parsing filters in cmd
  * fix default branch links
  * [CI:DOCS] fix default branch links
  * [CI:DOCS] Unprivileged native overlayfs is now supported
  * [CI:DOCS] Fix typo in --env
  * Recursively copy cert files.
  * Refactor manifest list operations
  * Add rpkg template for COPR autobuild
  * Fix cgroup mode handling in api server
  * Standardize on capatalized Cgroups
  * test/system: podman run update /etc/hosts
  * Remove two GetImages functions from API
  * Use fully-qualified device name in CDI test
  * Use new CDI API
  * troubleshooting links to main branch
  * Podman Build use absolute filepath
  * Prohibit --uid/gid map and --pod for container create/run
  * podman container rm: remove pod
  * Manual fixes for PR #12642:
  * podman build enable --all-platforms and --unsetenv
  * use events_logfile_path from containers.conf for events log.
  * Podman Pod Create --sysctl support
  * Wait for podman stop to complete
  * libpod: fix check for systemd session
  * libpod: refine check for empty pod cgroup
  * fix buildah-bud test diff
  * upgrade test: check that network backend is cni
  * use netns package from c/common
  * update buildah to latest and use new network stack
  * podman image scp: implement --quiet
  * use libnetwork from c/common
  * Add --noout option to prevent the output of ids
  * remote events: convert TimeNano properly
  * Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0
  * vendor latest c/common
  * add additional fields to podman machine ls --json
  * buildah bud tests: skip failing tests
  * Fix permission on secrets directory
  * Add podman rm --depend
  * fix host.containers.internal entry for macvlan networks
  * It takes some time to start a VM
  * Pretty Print output of podman machine ls --format json
  * Use the InfraImage defined in containers.conf
  * Cirrus: Freshen VM images
  * Revert "Cirrus: Temp. ignore gitlab task failures"
  * pkg: use PROXY_VARS from c/common
  * ignition: add support from setting SSL_CERT_FILE
  * ignition: propogate HTTP proxy variables from host to remote
  * System tests: fix RHEL8 gating tests
  * vendor c/common
  * Remove dead RuntimeOption functions
  * Update docker cli message for case where user creates directory
  * Don't add env if optional and not found
  * Fix type-o in podman.wxs
  * [CI:DOCS] fixes indentation of example pod yaml
  * Prevent double decoding of storage options
  * Emergency system-test fixes
  * add OCI Runtime name to errors
  * fix healthcheck timeouts and ut8 coercion
  * Don't rename pod if container has the same name
  * Set volume NeedsCopyUp to false iff data was copied up
  * Fix CI
  * correct typo words in docs
  * Change Tests to ignore missing containers when removing --all
  * test/e2e/pod_initcontainers: fix a flake
  * test/e2e/run: don't use date +%N on Alpine
  * Support all volume mounts for rootless containers
  * Fix wrong 'podman search --format' placeholder
  * Fix Container List API call to return mount info
  * fix misleading comment regarding default value of cpu period [NO NEW TESTS NEEDED]
  * add --ip6 flag to podman create/run
  * legacy events: also set exitCode
  * Don't initialize the global RNG with GinkgoRandomSeed() in e2e tests
  * Avoid collisions on RemoteSocket paths
  * Refactor remote socket path determination in tests
  * fix doc
  * test/system: podman run image with filesystem permission
  * test/system: podman run with log-opt option
  * Update swagger documentation
  * Make it possible to select the volume driver
  * Check the mount type for future compatibility
  * Implement virtfs volumes for podman machine
  * [CI:DOCS] Add example of cpus to init command
  * prefix imageId with sha256: in containers list test for compat API ImageId
  * Pod Security Option support
  * ignition: add certs from current user into the machine while init
  * docs: sort swagger operations alpabetically
  * .service file removal on failure
  * Introduce Windows WSL implementation of podman machine
  * podman image scp never enter podman user NS
  * Allow users to add host user accounts to /etc/passwd
  * container creation: don't apply reserved annotations from image
  * [CI:DOCS] clarify `io.podman.annotations.seccomp`
  * Error out early if system does not support pre-copy checkpointing
  * Update go-criu to v5.3.0
  * [CI:DOCS] docs: document rootless userns mappings
  * Switch to a new installer approach using a path manipulation helper
  * e2e: Add dev/shm checkpoint/restore test
  * Enable checkpoint/restore for /dev/shm
  * Update github.com/checkpoint-restore/checkpointctl
  * Always run passwd management code when DB value is nil
  * Warn on use of --kernel-memory
  * support hosts without /etc/hosts
  * Podman run --passwd
  * ci: force scratch build for crun
  * Use hosts public ip address in rootless containers
  * compat: image normalization: handle sha256 prefix
  * specgen: honor userns=auto from containers.conf
  * [CI:DOCS] Small checkpoint/restore man page fixes
  * [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail
  * vendor: update containers/storage
  * build: fix test for subid 4
  * test: add --rm to podman run commands
  * fix(generate): fix up podman generate kube missing env field bug
  * legacy events: also set Action="die"
  * rootless: include the args in the debug message
  * apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
  * image rm: allow for force-remove infra images
  * tests: adjust old build test to expect exit code
  * Test for checkpoint specific inspect fields
  * Add more checkpoint/restore information to 'inspect'
  * build: relay exitcode from imagebuildah to registry
  * Removed .service file for healthchecks
  * Set machine timezone
  * MovePauseProcessToScope do not seed everytime
  * bindings rmi test: clarify behavior
  * bump cobra to 1.3.0
  * .github: revert to the old template
  * oci: configure the devices cgroup with default devices
  * kill: fix output
  * e2e: search flake: skip test on registry.redhat.io
  * APIv2 tests: fail on syntax/logic errors
  * Show --external containers even without --all option
  * apiv2 tests: refactor complicated curls
  * fix network id handling
  * Update Windows Install Doc
  * Fixes #12063 Add docker compatible output after image build.
  * pause scope: don't use the global math/rand RNG
  * specgen: check that networks are only set with bridge
  * container restore/import: store networks from db
  * play kube add support for multiple networks
  * support advanced network configuration via cli
  * Add new networks format to spegecen
  * fix incorrect swagger doc for network dis/connect
  * network connect allow ip, ipv6 and mac address
  * network db: add new strucutre to container create
  * remove unneeded return value from c.Networks()
  * network db rewrite: migrate existing settings
  * network ls: show networks in deterministic order
  * Bump github.com/docker/docker
  * pprof flakes: bump timeout to 20 seconds
  * Add secret list --filter to cli
  * Cirrus: Temp. ignore gitlab task failures
  * compat build: adhere to q/quiet
  * Make XRegistryAuthHeader and XRegistryConfigHeader private
  * Remove the authfile parameter of MakeXRegistryAuthHeader
  * Simplify the header decision in pkg/bindings/images.Build a bit
  * Remove the authfile parameter of MakeXRegistryConfigHeader
  * Remove no-longer-useful name variables
  * Consolidate creation of SystemContext with auth.json into a helper
  * Remove pkg/auth.Header
  * Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)
  * Turn headerAuth into MakeXRegistryAuthHeader
  * Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)
  * Turn headerConfig into MakeXRegistryConfigHeader
  * Move the auth file creation to GetCredentials
  * Consolidate the error handling path in GetCredentials
  * Only look up HTTP header values once in GetCredentials
  * Use Header.Values in GetCredentials.has
  * Beautify GetCredentials.has a bit
  * Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader
  * Simplify parseSingleAuthHeader
  * Simplify the interface of parseSingleAuthHeader
  * Don't return a header name from auth.GetCredentials
  * Fix normalizeAuthFileKey to use the correct semantics
  * Rename normalize and a few variables
  * Add TestHeaderGetCredentialsRoundtrip
  * Add tests for auth.Header
  * Improve TestAuthConfigsToAuthFile
  * Add unit tests for singleAuthHeader
  * Add unit tests for multiAuthHeader
  * fix e2e test missing network cleanup
  * pprof CI flakes: enforce 5 seconds grace period
  * [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
  * --hostname should be set when using --pod new:foobar
  * Cirrus: Use cached swagger binary
  * inotify: make sure to remove files
  * System tests: remove rm_pause_image()
  * specgen: honor empty args for entrypoint
  * generate systemd: support entrypoint JSON strings
  * Bump github.com/uber/jaeger-client-go
  * remove runlabel test for global opts
  * utils: reintroduce moveToCgroup
  * autocopr: distro conditionals for containers-common
  * vendor c/image/v5@main
  * Update vendor or containers/common moving pkg/cgroups there
  * volume: apply exact permission of target directory without adding extra 0111
  * Cirrus: Remove remnants of nix-based static build
  * Refactor podman pods to report.Formatter
  * rootless netns: resolve all path components for resolv.conf
  * tests: clean up FIXMEs and noise
  * fix remote run/start flake
  * e2e: fix pprof flakes
  * Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
  * vendor c/common@main
  * Escape trailing slash in install directory location so the closing quote is not escaped
  * centos 9 stream cannot use %autochangelog
  * Refactor podman system to report.Formatter [NO NEW TESTS NEEDED]
  * add spec file for automated copr builds
  * Add restart-sec option to systemd generate
  * Fix documentation of (podman image save --compress --uncompressed)
  * Improve documentation of (podman image save --format)
  * Add support for configmap volumes to play kube
  * cmd, push: use the configured compression format
  * [CI:DOCS] logformatter: fix corner case with links
  * UPdate vendor of image-spec and containers/storage
  * vendor: update containers/common
  * Update doc to explictly mention using ed25519 in ssh keys
  * Refactor podman image command output
  * Manual fixes
  * Same thing, with BeNumerically("==", x)
  * Use HaveLen(x) instead of Expect(len(y)).To(Equal(x))
  * Same thing, for BeNumerically("==", 0)
  * Use BeEmpty() instead of len(x).To(Equal(0))
  * Same as previous, for assertions other than Equal()
  * e2e tests: a little more minor cleanup
  * compat API: push: report size of manifest
  * compat: images/json
  * Add ashley-cui, lsm5 and floutoc to owners
  * remove ARTIFACT_DIR and ArtifactPath
  * Image caches: allow overriding cache dir
  * Rename CrioRoot as just Root
  * Fix possible rootless netns cleanup race
  * [NO NEW TESTS NEEDED] Refactor podman container command output
  * Hostname in `spec.hostname` should be passed to infra ctr init opt
  * container, cgroup: detect pid termination
  * top: parse ps(1) args correctly
  * podman, push: expose --compression-format
  * e2e: yet more cleanup of BeTrue/BeFalse
  * Ensure the generated NodePort values are unique
  * Allow containerPortsToServicePorts to fail
  * Don't use the global math/rand RNG for service ports
  * Move a comment to the relevant place
  * a few more manual BeTrue cleanups
  * Convert strings.Contains() to Expect(ContainSubstring)
  * e2e tests: more cleanup of BeTrue()s
  * Implement 'podman run --blkio-weight-device'
  * systemd: replace multi-user with default.target
  * compat API: allow enforcing short-names resolution to Docker Hub
  * Fixed the containerfile not found during remote build.
  * podman-remote: prevent leaking secret into image
  * podman-remote: copy secret to contextdir is absolute path on host
  * api: allow build api to accept secrets
  * Only open save output file with WRONLY
  * List /etc/containers/certs.d as default for --cert-path
  * e2e tests: enable golint
  * fix: parsing of HostConfig.Mounts for container create
  * Move the chown to after the ADDs
  * fix: error reporting for archive endpoint
  * Bindings test: emit GIT_COMMIT, for links in logs
  * checkpoint do not modify XDG_RUNTIME_DIR
  * libpod: improve heuristic to detect cgroup
  * libpod, inspect: export cgroup path
  * stats: get the memory limit from the spec
  * compat: Add compatiblity with Docker/Moby API for scenarios where build fails
  * libpod: leave thread locked on errors
  * Find and fix empty Expect()s
  * Unset SocketLabel after system finishes checkpointing
  * Remove StringInSlice(), part 2
  * Remove StringInSlice(), part 1
  * e2e test cleanup, continued
  * Update basic_networking.md
  * Warn on failing to update container status
  * oci: ack crun output when container is not there
  * oci: exit gracefully if container is already dead
  * Support env variables based on ConfigMaps sent in payload
  * image lookup: do not match *any* tags
  * generate systemd: add --start-timeout flag
  * Oops! Manual edits to broken tests
  * e2e tests: clean up antihelpful BeTrue()s
  * Cirrus: Strip out static nix build
  * Rename pod on generate of container
  * [CI:DOCS] Update notes on java TZ in man page
  * Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0
  * Fix netavark error handling and teardown issue
  * swagger: add layers to build api docs
  * compat: add layer caching compatiblity for non podman clients
  * Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
  * Add note about volume with unprivileged container
  * Add EXPOSE e2e test
  * Support EXPOSE with port ranges
  * compat: Add subnet mask behind IP address to match Docker API
  * [CI:DOCS] Add java TZ note to run manpage
  * Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6
  * podman-remote does not support signature-policy
  * Add tests for restore runtime verification
  * Use same runtime to restore a container as during checkpointing
  * Force iptables driver for netavark tests
  * Make sure netavark output is logged to the syslog
  * filter: use filepath.Match to maintain consistency with other pattern matching in podman
  * Semiperiodic cleanup of obsolete Skip()s
  * [CI:DOCS]upload a translation file
  * api/handlers: Add checkpoint/restore FileLocks
  * test: Update error string for --file-locks test
  * fix duplicated logs command
  * Bump github.com/docker/docker
  * Bump k8s.io/api from 0.22.3 to 0.22.4
  * Do not store the exit command in container config
  * Add test for checkpoint/restore with --file-locks
  * Add --file-locks checkpoint/restore option
  * Cirrus: Bump Fedora to release 35
  * Cirrus: Partially revert catatonit --force install
  * Revert "Cirrus: Temp. disable prior-fedora testing"
  * Cirrus: Workaround log_driver=journald setting
  * Cirrus: Fix bindings test hang b/c logging config mismatch
  * Cirrus: Timeout bindings test after 30m
  * Cirrus: Log more things in bindings and unit tests
  * Minor Makefile fix
  * rootless netns, one netns per libpod tmp dir
  * Introduce Address type to be used in secondary IPv4 and IPv6 inspect data structure.
  * volumes: add new option idmap
  * remote checkpoint/restore: more fixes
  * fix CI
  * fix: take absolute path for dd on apple silicon
  * System tests: new checkpoint tests
  * rootless: use catatonit to maintain user+mnt namespace
  * rootless: drop strerror(errno) calls
  * rootless: reuse existing open_namespace function
  * rootless: use auto cleanup functions
  * utils: use podman-pause-$RANDOM.scope name
  * hack/bats: deal with new bin helpers
  * Change error message for compatibility with docker
  * rename libpod nettypes fields
  * podman machine start wait for ssh
  * fix remote checkpoint/restore
  * Add --unsetenv & --unsetenv-all to remove def environment variables
  * Set config environment variables early in Podman init
  * journald logs: keep reading until the journal's end
  * secret: honor custom target for secrets with run
  * bindings: reuse context for API requests
  * podman machine improve port forwarding
  * Network test: fix podman-remote-rootless corner case
  * filter: add basic pattern matching for label keys
  * cirrus: force-install catatonit
  * infra container: replace pause with catatonit
  * Revert "add kubernetes pause"
  * Added test for checkpoint/restore --print-stats
  * Update man pages for checkpoint/restore --print-stats
  * Added optional container restore statistics
  * Added optional container checkpointing statistics
  * Error logs --follow if events-backend != journald, event-logger=journald
  * Enable 'podman run --memory-swappiness=0'
  * Fix network mode in play kube
  * Always create working directory when using compat API
  * play kube: don't force-pull infra image
  * Podman Image SCP transfer patch
  * --authfile command line argument for image sign command.
  * Cirrus: Temp. disable prior-fedora testing
  * Cirrus: Update to Ubuntu 21.10
  * Add failing run test for netavark
  * Add flag to overwrite network backend from config
  * libpod: create /etc/mtab safely
  * Add network backend to podman info
  * Add more netavark tests
  * select network backend based on config
  * Fix RUST_LOG envar for netavark
  * netavark IPAM assignment
  * netavark network interface
  * Make networking code reusable
  * Fix flake in upgrade tests
  * export adding id-specifier code to setContainerNameForTemplate
  * VOLUME must be declared after RUN chown command
  * network reload return error if we cannot reload ports
  * network reload without ports should not reload ports
  * Print headers for system connection ls
  * [CI:DOCS] Add CI check for SEE ALSO in man pages
  * podman load: support downloading files
  * Add links to all SEE ALSO sections
  * pod create: read infra image from containers.conf
  * rootless: adjust error message
  * Fix rootless networking with userns and ports
  * support health checks from image configs
  * change from run to create in 250-systemd.bats
  * Exclude already built sources for static build
  * shm_lock: Handle ENOSPC better in AllocateSemaphore
  * Fix Zsh completion command documentation
  * Match .c files in Makefile
  * Add Static Build download instructions to README
  * Add links to podman build,run, create see also
  * Minor test tweaks
  * pod create: read network mode from config
  * Bump Catatonit up to v0.1.7
  * test connection add
  * system: Adds support for removing all named destination via --all
  * pod/container create: resolve conflicts of generated names
  * podman-generate-kube - remove empty structs from YAML
  * Add some information about disabling SELinux when using system volumes
  * Fix swagger definition for the new mac address type
  * Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
  * Test to check for presence of 'stats-dump' in exported checkpoints
  * Add 'stats-dump' file to exported checkpoint
  * Podman Image SCP rootful to rootless transfer
  * rename rootless cni ns to rootless netns
  * mount full XDG_RUNTIME_DIR in rootless cni ns
  * Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0
  * Keep error semantics intact
  * Fix rootless cni netns cleanup logic
  * tweak a couple of flag descriptions in help output
  * Update swagger doc make filed optional
  * Fix bindings container log test
  * test: run --cgroups=split in new cgroup
  * MAC address json unmarshal should allow strings
  * Make stop message more similar to start
  * Implement top streaming for containers and pods
  * Handle HTTP 409 error messages properly for Pod actions
  * Add tests
  * Fix swagger definitions
  * More conforming libpod API and swagger types
  * More conforming libpod API and swagger types
  * Better emptiness test for custom JSON serializer
  * System tests: enhance volume test, add debug prints
  * add unit test to containers_test
  * Use correct swagger type in doc-comment
  * Cirrus: Authorize rootless user self-ssh
  * Fix libpod API conformance to swagger
  * Fix help message case for `podman version`
  * Fix pause usage example
  * Use systemctl in local system test
  * Allow label and labels when creating volumes
  * volumes: be more tolerant and fix infinite loop
  * Add information on how podman machine is updated
  * volumes: allow more options for devpts
  * volumes: do not pass mount opt as formatter string
  * Bump k8s.io/api from 0.22.2 to 0.22.3
  * runtime: change PID existence check
  * oci: rename sub-cgroup to runtime instead of supervisor
  * libpod: deduplicate ports in db
  * Set flags to test 'logs -f' with journald driver
  * Set Checkpointed state to false after restore
  * container create: fix --tls-verify parsing
  * runtime: check for pause pid existence
  * utils: do not overwrite the err variable
  * Fix systemd PID1 test
  * Record the image stream along with the path
  * cgroups: use SessionBusPrivateNoAutoStartup
  * vendor: update godbus to v5.0.6
  * Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
  * Fix a few problems in 'podman logs --tail' with journald driver
  * Allow 'container restore' with '--ipc host'
  * Document to not set K8S envars for CNI
  * Bump github.com/docker/docker
  * pod create: remove need for pause image
  * add kubernetes pause
  * cirrus: containers: mount directory in /var/tmp to /tmp
  * overlay root fs: create mount on runtime dir
  * Update vendor github.com/opencontainers/runtime-tools
  * If Dockerfile exists in same directory as service, we should not use it.
  * Fix tests of podman image trust --raw and --json
  * Tighten the expected output of the "podman image trust show" test
  * Use INTEGRATION_ROOT instead of current directory
  * Add support to play kube for --log-opt
  * [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
  * Fix some typos in documentation and comments (found by codespell)
  * Replace 'an user' => 'a user'
  * [CI:DOCS] Fix typo keep_id -> keep-id
  * Set DOCKER_HOST in the VM
  * fuse-overlay probably means fuse-overlayfs.
  * Support template unit files in podman generate systemd
  * Remove --kernel-memory options
  * tag: Support tagging manifest list instead of resolving to images
  * Remove infra ID from DB before removing containers
  * System tests: confirm that -a and -l clash
  * systemd: compatible with rootless mode
  * system tests: CONTAINER_* and --help: cleanup
  * podman run --memory=0 ... should not set memory limit
  * Add information on how to discover default log driver
  * Add test for system connection
  * Generate Kube should not print default structs
  * libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
  * Change podman connection list to use default field
  * Allow API to specify size and inode quota
  * Use exponential backoff when waiting for a journal entry
  * Pod Rm Infra Improvements
  * system tests: socket activation: clean up
  * rootfs-overlay: fix overlaybase path for cleanups
  * Move CONTAINER_HOST and _CONNECTION to IsRemote Function
  * We should only be relabeling when on first run
  * If CONTAINER_HOST env variable is set default podman --remote=true
  * Set targetPort to the port value in the kube yaml
  * Do not add TCP to protocol in generated kube yaml
  * Use CGO_ENABLED=1 when building natively on darwin
  * Test-hang fix: Wait for ready + timeout on connect.
  * Checkpoint/Restore test fixes
  * Don't include ctr.log if not using file logging
  * Don't use docker/pkg/archive, use containers/storage/pkg/archive
  * Fix codespell errors
  * Adjust tests to verify all subcommands show the help message
  * Fix panic in container create compat api
  * Don't add image entrypoint to the generate kube yaml
  * Display help text on empty subcommand by default
  * podman search: display only name and description by default
  * codespell code
  * Add information about .containerignore to podman build man page
  * CNI: fix network create --ip-range
  * Kube Gen run as user/group issues
  * rootlessport: reduce memory usage of the process
  * No space in kube annotations for bind mounts
  * Fix CI flake on time of shutdown for API service
  * Refactor podman search to be more code friendly
  * Unit files: Use actual installed path for podman
  * Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
  * cgroups: use cgroup.controllers to read controllers
  * builder: Add support for builder prune
  * Remove a volume with --force if container is running
  * Use SplitN(2) when copying env variables
  * podman stats: move cgroup validation to server
  * fix test
  * Support readonly rootfs contains colon
  * [CI:DOCS] oci-hooks.5.md: fixup section in header
  * Enable /debug/pprof API service endpoints
  * Not all fields in machine list were set properly
  * faster image inspection
  * Warn if podman stop timeout expires that sigkill was sent
  * [CI:DOCS] introduce --replace flag for play kube
  * [CI:DOCS] Include manifest example usage
  * Change podman.1 man page to show corret log-level default
  * Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
  * Fixes #11668
  * libpod: fix race when closing STDIN
  * Ensure `podman ps --sync` functions
  * Allow `podman stop` to be run on Stopping containers
  * Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
  * Bump github.com/docker/docker
  * It really should be no **NEW** tests needed
  * README.md: Point to Podman's channels
  * Add podman-plugins to upstream image
  * CNI networks: reload networks if needed
  * bump c/common to latest and c/storage to 1.37.0
  * Add --time out for podman * rm  -f commands
  * Cirrus: Fix defunct package metadata breaking cache
  * Pod Events Logging Fix
  * [NO TESTS NEEDED] Ignore removed containers
  * Pod Volumes From Support
  * Add note about empty fields and null values for API responses
  * Bump github.com/containers/buildah from 1.23.0 to 1.23.1
  * Add podman play kube --no-hosts options
  * Gating tests: fix permissions error
  * pkg/specgen: cache image in generator
  * cirrus: gitlab: download packages
  * Add guard for BuildOptions.CommonBuildOpts
  * System tests: tighten 'is' operator
  * Update README and release notes for v3.4.0
  * sdnotify test: accept MAINPID anywhere
  * machine: silently cleanup dangling sockets before rm if possible
  * Add expose type map[uint16]string to description
  * [NO TESTS NEEDED] Fix typo in storage.conf file exists message
  * Support selinux options with bind mounts play/gen
  * kube: fix conversion from milliCPU to period/quota
  * Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14
  * test: use new helper
  * test: skip test on rootless cgroupsv1
  * machine: Info on successfully stopping qemu machine
  * Allow a value of -1 to set unlimited pids limit
  * Vendor in latest containers/storage
  * Storage can remove ErrNotAContainer as well
  * libpod: container create: init variable: do not deep copy spec
  * libpod: add GetConfigNoCopy()
  * libpod: add execSessionNoCopy
  * libpod: do not call (*container).Spec()
  * Pod Device-Read-BPS support
  * Remind user to check connection or use podman machine
  * Ensure pod ID bucket is properly updated on rename
  * Fix contributor make targets on Ubuntu and Debian
  * Implement PR template to assist review & release
  * libpod: do not call (*container).Config()
  * [NO TESTS NEEDED] Add port configuration to first regular container
  * [CI:DOCS] cmd/podman: no dot for short descriptions
  * move network alias validation to container create
  * set --cni-config-dir for exit command
  * always add short container id as net alias
  * image prune: support removing external containers
  * System tests: speed up. They've gotten too slow.
  * Add dockerfile.5 as man link to containerfile man page
  * Set MSI to be 64-bit only.
  * fix podman network prune integration test flakes
  * Cirrus: Add gitlab podman runner test
  * CNI: network remove do not error for ENOENT
  * remote build: EvalSymlinks() the context directory
  * stop: Do nothing if container was never created in runtime
  * logging: new mode -l passthrough
  * Allow machine options to be set from containers.conf
  * Vendor in containers/common v0.46.0
  * podman machine: do not join userns
  * Disable docker and alias to podman in FCOS ignition
  * added healthcheck to ps command
  * Fix english on prune prompt
  * Document missing /images/search query parameters
  * rootful: do not set XDG_RUNTIME_DIR for cni plugins
  * Revert "rootful: unset XDG_RUNTIME_DIR"
  * Add completion for machine list format
  * Set context dir for play kube build
  * Makefile: use -ldflags/-gccgoflags depending on the go implemenatiton
  * Update docs for --platform in podman-build.1
  * shell completion: do not show images without tag
  * podman inspect add State.Health field for docker compat
  * podman save: enforce signature removal
  * Add JSON version of the machine list
  * Add support for :U flag with --mount option
  * [CI:DOCS] Add link to running ctrimage on enablesysadm
  * Ignore mount errors except ErrContainerUnknown when cleaningup container
  * standardize logrus messages to upper case
  * podman generate kube should not include images command
  * Fix machine image
  * sync container state before reading the healthcheck
  * Also show the (initial) disk size
  * Show cpus and memory in machine list
  * Eighty-six eighty-eighty
  * net types: remove omitempty from required fields
  * podman save: add `--uncompressed`
  * Bump CNI to v1.0.1
  * vendor c/psgo@v1.7.1
  * [CI:DOCS] Add network alias note in man pages
  * Add a backoff and retries to retrieving exited event
  * Cross-build release-archives w/ arch in filename
  * Fix Error, empty output for info: 'VERSION'
  * Generate kube should'd add podman default environment vars
  * volume: Add support for overlay on named volumes
  * Pod Device Support
  * Support --format tables in ps output
  * Remove references to kube being development
  * Add support for retrieving system service --timeout
  * Add podman image/container inspect man pages
  * [CI:DOCS] Add link to skopeo delete in podman rmi
  * vendor c/common@main
  * remote untag: support digests
  * Created MapOptions for PodCreate
  * Bump k8s.io/api from 0.22.1 to 0.22.2
  * compat API: /images/json prefix image id with sha256
  * podman machine: use gvproxy for host.containers.internal
  * utils: return error message from StartTransientUnit
  * utils: raise warning only on cgroupv2
  * Add podman machine init --now option
  * System tests: cleanup, and remove obsolete skips
  * Add username flag for machine ssh
  * Remove unused code from libpod
  * [CI:DOCS] markdown cleanup
  * Fix up build the docs site
  * Use a new markdown converter for sphinx
  * runtime: move pause process to scope
  * system: move MovePauseProcessToScope to utils
  * system: always move pause process when running on systemd
  * system: avoid reading pause pid file
  * Only add 127.0.0.1 entry to /etc/hosts with --net=none
  * Add no-trunc support to podman-events
  * CNI: add ipvlan driver
  * CNI: network create support macvlan modes
  * Do not allow network modes to be used as network names
  * fix inverted condition
  * Fix /auth compat endpoint
  * Add Drivers method to the Network Interface
  * CI: load ipv6 kernel modules for rootless tests
  * Drop OCICNI dependency
  * Wire network interface into libpod
  * cni network configs set ipv6 enables correctly
  * default network: do not validate the used subnets
  * network create: validate the input subnet
  * Set default storage from containers.conf for temporary images
  * container runlabel remove image tag from name
  * build.bats: fix copy tests after containers/buildah#3486
  * build: mirror --authfile to filesystem if pointing to FD instead of file
  * Fix example in podman machine init man page
  * vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0
  * api: handle nil pointer dereference in rest endpoints
  * build: take advantage of --platform lists
  * Document `all` query parameter for /libpod/images/prune
  * Show variant and codename of the distribution
  * Use new aarch64 fcos repos
  * Enhance bindings for IDE hints
  * Pod Volumes Support
  * test: enable --cgroup-parent test
  * libpod: honor --cgroups=split also with pods
  * tests: enable --cgroups=disabled test for rootless
  * tests: simplify --cgroups=disabled test
  * libpod: rootful close binded ports
  * Search gvproxy with config.FindHelperBinary()
  * rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108
  * fix restart always with rootlessport
  * Cirrus: NM/CNI workaround + Remove prior-Ubuntu
  * If container exits with 125 podman should exit with 125
  * Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
  * bump c/common to v0.44.0
  * remove rootlessport socket to prevent EADDRINUSE
  * Add deprecated fields for 1.22+ clients that still expect them
  * Use default username for podman machine ssh
​
-------------------------------------------------------------------
Thu Dec  9 10:49:22 UTC 2021 - Dan Čermák <dcermak@suse.com>
​
- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
  path from podman < 3.1.2
​
-------------------------------------------------------------------
Wed Dec 08 21:22:26 UTC 2021 - michael@stroeder.com
​
- Update to version 3.4.4:
  * Bugfixes
    - Fixed a bug where the podman exec command would, under some circumstances,
      print a warning message about failing to move conmon to the appropriate cgroup (#12535).
    - Fixed a bug where named volumes created as part of container creation
      (e.g. podman run --volume avolume:/a/mountpoint or similar) would be
      mounted with incorrect permissions (#12523).
    - Fixed a bug where the podman-remote create and podman-remote run commands
      did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).
​
-------------------------------------------------------------------
Tue Dec 07 17:54:32 UTC 2021 - michael@stroeder.com
​
- Update to version 3.4.3:
  * Security
    - This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
    - This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
  * Features
    - The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).
  * Bugfixes
    - Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
    - Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
    - Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
    - Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
    - Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
    - Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
    - Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
    - Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
    - Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
    - Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
    - Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
    - Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
    - Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
    - Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
    - Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).
  * API
    - Updated the containers/image library to v5.17.0
    - The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.
    - Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842).
    - Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315).
    - Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419).
    - Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420).
    - Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378).
    - Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392).
    - Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409).
    - Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453).
  * Misc
    - Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737).
​
-------------------------------------------------------------------
Sat Nov 13 11:21:06 UTC 2021 - michael@stroeder.com
​
- Update to version 3.4.2:
  * Fixed a bug where podman tag could not tag manifest lists (#12046).
  * Fixed a bug where built-in volumes specified by images would not be
    created correctly under some circumstances.
  * Fixed a bug where, when using Podman Machine on OS X, containers in pods
    did not have working port forwarding from the host (#12207).
  * Fixed a bug where the podman network reload command command on containers
    using the slirp4netns network mode and the rootlessport port forwarding
    driver would make an unnecessary attempt to restart rootlessport
    on containers that did not forward ports.
  * Fixed a bug where the podman generate kube command would generate YAML
    including some unnecessary (set to default) fields (e.g. empty SELinux and
    DNS configuration blocks, and the privileged flag when set to false) (#11995).
  * Fixed a bug where the podman pod rm command could, if interrupted at the right moment,
    leave a reference to an already-removed infra container behind (#12034).
  * Fixed a bug where the podman pod rm command would not remove pods with
    more than one container if all containers save for the infra container
    were stopped unless --force was specified (#11713).
  * Fixed a bug where the --memory flag to podman run and podman create did
    not accept a limit of 0 (which should specify unlimited memory) (#12002).
  * Fixed a bug where the remote Podman client's podman build command could
    attempt to build a Dockerfile in the working directory of the podman
    system service instance instead of the Dockerfile specified by the user (#12054).
  * Fixed a bug where the podman logs --tail command could function improperly
    (printing more output than requested) when the journald log driver was used.
  * Fixed a bug where containers run using the slirp4netns network mode with
    IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).
  * Fixed a bug where some Podman commands could cause an extra dbus-daemon
    process to be created (#9727).
  * Fixed a bug where rootless Podman would sometimes print warnings
    about a failure to move the pause process into a given CGroup (#12065).
  * Fixed a bug where the checkpointed field in podman inspect on a container
    was not set to false after a container was restored.
  * Fixed a bug where the podman system service command would print
    overly-verbose logs about request IDs (#12181).
  * Fixed a bug where Podman could, when creating a new container without a name
    explicitly specified by the user, sometimes use an auto-generated name already
    in use by another container if multiple containers were being created in parallel (#11735).
​
-------------------------------------------------------------------
Wed Oct 20 14:55:38 UTC 2021 - michael@stroeder.com
​
- Update to version 3.4.1:
  * Bugfixes
    - Fixed a bug where podman machine init could, under some circumstances,
      create invalid machine configurations which could not be started (#11824).
    - Fixed a bug where the podman machine list command would not properly
      populate some output fields.
    - Fixed a bug where podman machine rm could leave dangling sockets from
      the removed machine (#11393).
    - Fixed a bug where podman run --pids-limit=-1 was not supported (it now
      sets the PID limit in the container to unlimited) (#11782).
    - Fixed a bug where podman run and podman attach could throw errors about
      a closed network connection when STDIN was closed by the client (#11856).
    - Fixed a bug where the podman stop command could fail when run on a
      container that had another podman stop command run on it previously.
    - Fixed a bug where the --sync flag to podman ps was nonfunctional.
    - Fixed a bug where the Windows and OS X remote clients' podman stats
      command would fail (#11909).
    - Fixed a bug where the podman play kube command did not properly handle
      environment variables whose values contained an = (#11891).
    - Fixed a bug where the podman generate kube command could generate
      invalid annotations when run on containers with volumes that use SELinux
      relabelling (:z or :Z) (#11929).
    - Fixed a bug where the podman generate kube command would generate YAML
      including some unnecessary (set to default) fields (e.g. user and group,
      entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).
    - Fixed a bug where the podman generate kube command could, under some
      circumstances, generate YAML including an invalid targetPort field for
      forwarded ports (#11930).
    - Fixed a bug where rootless Podman's podman info command could, under
      some circumstances, not read available CGroup controllers (#11931).
    - Fixed a bug where podman container checkpoint --export would fail to
      checkpoint any container created with --log-driver=none (#11974).
  * API
    - Fixed a bug where the Compat Create endpoint for Containers could panic
      when no options were passed to a bind mount of tmpfs (#11961).
​
-------------------------------------------------------------------
Fri Oct 01 08:45:30 UTC 2021 - michael@stroeder.com
​
- Update to version 3.4.0:
  * Features
    - Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
    - Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
    - The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
    - The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
    - The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.
    - A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
    - Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
    - The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
    - Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
    - The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
    - The podman image scp command has been added. This command allows images to be transferred between different hosts.
    - The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
    - The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
    - The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
    - Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
    - The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
    - The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.
    - The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.
    - The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.
    - The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).
  * Changes
    - The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
    - Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
    - The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
    - Podman no longer depends on ip for removing networks (#11403).
    - The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
    - The podman machine start command now prints a message when the VM is successfully started.
    - The podman stats command can now be used on containers that are paused.
    - The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
    - Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
    - As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.
  * Bugfixes
    - Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
    - Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
    - Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
    - Fixed a bug where images created by podman commit did not include ports exposed by the container.
    - Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
    - Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
    - Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
    - Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
    - Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
    - Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
    - Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
    - Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
    - Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
    - Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
    - Fixed a bug where the podman info command could segfault when accessing cgroup information.
    - Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
    - Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
    - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
    - Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732).
    - Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
    - Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
    - Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
    - Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
    - Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
    - Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
    - Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
    - Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
    - Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
    - Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
    - Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
    - Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
    - Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557).
    - Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output.
    - Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687).
    - Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).
    - Fixed a bug where the podman generate kube command would add default environment variables to generated YAML.
    - Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672).
    - Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207).
    - Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731).
    - Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740).
    - Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).
  * API
    - The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
    - The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
    - The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623).
    - The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
    - The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831).
    - The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered.
    - The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
    - The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
    - Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
    - Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
    - Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).
  * Misc
    - Updated Buildah to v1.23.0
    - Updated the containers/storage library to v1.36.0
    - Updated the containers/image library to v5.16.0
    - Updated the containers/common library to v0.44.0
​
-------------------------------------------------------------------
Thu Sep  2 22:37:06 UTC 2021 - Michael Ströder <michael@stroeder.com>
​
- require runc >= 1.0.1
​
-------------------------------------------------------------------
Tue Aug 31 05:57:57 UTC 2021 - michael@stroeder.com
​
- Update to version 3.3.1:
  * Bugfixes
    - Fixed a bug where unit files created by podman generate systemd could
      not cleanup shut down containers when stopped by systemctl stop (#11304).
    - Fixed a bug where podman machine commands would not properly locate
      the gvproxy binary in some circumstances.
    - Fixed a bug where containers created as part of a pod using the
      --pod-id-file option would not join the pod's network namespace (#11303).
    - Fixed a bug where Podman, when using the systemd cgroups driver,
      could sometimes leak dbus sessions.
    - Fixed a bug where the until filter to podman logs and podman events
      was improperly handled, requiring input to be negated (#11158).
    - Fixed a bug where rootless containers using CNI networking run on
      systems using systemd-resolved for DNS would fail to start if resolved
      symlinked /etc/resolv.conf to an absolute path (#11358).
  * API
    - A large number of potential file descriptor leaks from improperly closing
      client connections have been fixed.
​
-------------------------------------------------------------------
Mon Aug 23 10:36:00 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Revert crun change due to crun having exclusive arch targets
  that would drop podman support in PPC and IBM Z
​
-------------------------------------------------------------------
Fri Aug 20 20:58:22 UTC 2021 - michael@stroeder.com
​
- Update to version 3.3.0:
  * Fix network aliases with network id
  * machine: compute sha256 as we read the image file
  * machine: check for file exists instead of listing directory
  * pkg/bindings/images.nTar(): slashify hdr.Name values
  * Volumes: Only remove from DB if plugin removal succeeds
  * For compatibility, ignore Content-Type
  * [v3.3] Bump c/image 5.15.2, buildah v1.22.3
  * Implement SD-NOTIFY proxy in conmon
  * Fix rootless cni dns without systemd stub resolver
  * fix rootlessport flake
  * Skip stats test in CGv1 container environments
  * Fix AVC denials in tests of volume mounts
  * Restore buildah-bud test requiring new images
  * Revert ".cirrus.yml: use fresh images for all VMs"
  * Fix device tests using ls test files
  * Enhance priv. dev. check
  * Workaround host availability of /dev/kvm
  * Skip cgroup-parent test due to frequent flakes
  * Cirrus: Fix not uploading logformatter html
​
-------------------------------------------------------------------
Fri Aug 13 11:26:44 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
​
- Switch to crun (bsc#1188914)
​
-------------------------------------------------------------------
Sat Jul 17 16:37:58 UTC 2021 - michael@stroeder.com
​
- Update to version 3.2.3:
  * Bump to v3.2.3
  * Update release notes for v3.2.3
  * vendor containers/common@v0.38.16
  * vendor containers/buildah@v1.21.3
  * Fix race conditions in rootless cni setup
  * CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
  * Make rootless-cni setup more robust
  * Support uid,gid,mode options for secrets
  * vendor containers/common@v0.38.15
  * [CI:DOCS] podman search: clarify that results depend on implementation
  * vendor containers/common@v0.38.14
  * vendor containers/common@v0.38.13
  * [3.2] vendor containers/common@v0.38.12
  * Bump README to v3.2.2
  * Bump to v3.2.3-dev
​
-------------------------------------------------------------------
Sun Jun 27 09:33:30 UTC 2021 - idesmi@protonmail.com
​
- Update to version 3.2.2:
  * Bump to v3.2.2
  * fix systemcontext to use correct TMPDIR
  * Scrub podman commands to use report package
  * Fix volumes with uid and gid options
  * Vendor in c/common v0.38.11
  * Initial release notes for v3.2.2
  * Fix restoring of privileged containers
  * Fix handling of podman-remote build --device
  * Add support for podman remote build -f - .
  * Fix panic condition in cgroups.getAvailableControllers
  * Fix permissions on initially created named volumes
  * Fix building static podman-remote
  * add correct slirp ip to /etc/hosts
  * disable tty-size exec checks in system tests
  * Fix resize race with podman exec -it
  * Fix documentation of the --format option of podman push
  * Fix systemd-resolved detection.
  * Health Check is not handled in the compat LibpodToContainerJSON
  * Do not use inotify for OCICNI
  * getContainerNetworkInfo: lock netNsCtr before sync
  * [NO TESTS NEEDED] Create /etc/mtab with the correct ownership
  * Create the /etc/mtab file if does not exists
  * [v3.2] cp: do not allow dir->file copying
  * create: support images with invalid platform
  * vendor containers/common@v0.38.10
  * logs: k8s-file: restore poll sleep
  * logs: k8s-file: fix spurious error logs
  * utils: move message from warning to debug
  * Bump to v3.2.2-dev
​
-------------------------------------------------------------------
Mon Jun 14 18:07:50 UTC 2021 - idesmi@protonmail.com
​
- Update to version 3.2.1:
  * Bump to v3.2.1
  * Updated release notes for v3.2.1
  * Fix network connect race with docker-compose
  * Revert "Ensure minimum API version is set correctly in tests"
  * Fall back to string for dockerfile parameter
  * remote events: fix --stream=false
  * [CI:DOCS] fix incorrect network remove api doc
  * remote: always send resize before the container starts
  * remote events: support labels
  * remote pull: cancel pull when connection is closed
  * Fix network prune api docs
  * Improve systemd-resolved detection
  * logs: k8s-file: fix race
  * Fix image prune --filter cmd behavior
  * Several shell completion fixes
  * podman-remote build should handle -f option properly
  * System tests: deal with crun 0.20.1
  * Fix build tags for pkg/machine...
  * Fix pre-checkpointing
  * container: ignore named hierarchies
  * [v3.2] vendor containers/common@v0.38.9
  * rootless: fix fast join userns path
  * [v3.2] vendor containers/common@v0.38.7
  * [v3.2] vendor containers/common@v0.38.6
  * Correct qemu options for Intel macs
  * Ensure minimum API version is set correctly in tests
  * Bump to v3.2.1-dev
​
-------------------------------------------------------------------
Tue Jun 08 09:47:00 UTC 2021 - idesmi@protonmail.com
​
- Update to version 3.2.0:
  * Bump to v3.2.0
  * Fix network create macvlan with subnet option
  * Final release notes updates for v3.2.0
  * add ipv6 nameservers only when the container has ipv6 enabled
  * Use request context instead of background
  * [v.3.2] events: support disjunctive filters
  * System tests: add :Z to volume mounts
  * generate systemd: make mounts portable
  * vendor containers/storage@v1.31.3
  * vendor containers/common@v0.38.5
  * Bump to v3.2.0-dev
  * Bump to v3.2.0-RC3
  * Update release notes for v3.2.0-RC3
  * Fix race on podman start --all
  * Fix race condition in running ls container in a pod
  * docs: --cert-dir: point to containers-certs.d(5)
  * Handle hard links in different directories
  * Improve OCI Runtime error
  * Handle hard links in remote builds
  * Podman info add support for status of cgroup controllers
  * Drop container does not exist on removal to debugf
  * Downgrade API service routing table logging
  * add libimage events
  * docs: generate systemd: XDG_RUNTIME_DIR
  * Fix problem copying files when container is in host pid namespace
  * Bump to v3.2.0-dev
  * Bump to v3.2.0-RC2
  * update c/common
  * Update Cirrus DEST_BRANCH to v3.2
  * Updated vendors of c/image, c/storage, Buildah
  * Initial release notes for v3.2.0-RC2
  * Add script for identifying commits in release branches
  * Add host.containers.internal entry into container's etc/hosts
  * image prune: remove unused images only with `--all`
  * podman network reload add rootless support
  * Use more recent `stale` release...
  * network tutorial: update with rootless cni changes
  * [CI:DOCS] Update first line in intro page
  * Use updated VM images + updated automation tooling
  * auto-update service: prune images
  * make vendor
  * fix system upgrade tests
  * Print "extracting" only on compressed file
  * podman image tree: restore previous behavior
  * fix network restart always test
  * fix incorrect log driver in podman container image
  * Add support for cli network prune --filter flag
  * Move filter parsing to common utils
  * Bump github.com/containers/storage from 1.30.2 to 1.30.3
  * Update nix pin with `make nixpkgs`
  * [CI:DOCS] hack/bats - new helper for running system tests
  * fix restart always with slirp4netns
  * Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
  * Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
  * Add host.serviceIsRemote to podman info results
  * Add client disconnect to build handler loop
  * Remove obsolete skips
  * Fix podman-remote build --rm=false ...
  * fix: improved "containers/{name}/wait" endpoint
  * Bump github.com/containers/storage from 1.30.1 to 1.30.2
  * Add envars to the generated systemd unit
  * fix: use UTC Time Stamps in response JSON
  * fix container startup for empty pidfile
  * Kube like pods should share ipc,net,uts by default
  * fix: compat API "images/get" for multiple images
  * Revert escaped double dash man page flag syntax
  * Report Download complete in Compatibility mode
  * Add documentation on short-names
  * Bump github.com/docker/docker
  * Adds support to preserve auto update labels in generate and play kube
  * [CI:DOCS] Stop conversion of `--` into en dash
  * Revert Patch to relabel if selinux not enabled
  * fix per review request
  * Add support for environment variable secrets
  * fix pre review request
  * Fix infinite loop in isPathOnVolume
  * Add containers.conf information for changing defaults
  * CI: run rootless tests under ubuntu
  * Fix wrong macvlan PNG in networking doc.
  * Add restart-policy to container filters & --filter to podman start
  * Fixes docker-compose cannot set static ip when use ipam
  * channel: simplify implementation
  * build: improve regex for iidfile
  * Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
  * cgroup: fix rootless --cgroup-parent with pods
  * fix: docker APIv2 `images/get`
  * codespell cleanup
  * Minor podmanimage docs updates.
  * Fix handling of runlabel IMAGE and NAME
  * Bump to v3.2.0-dev
  * Bump to v3.2.0-rc1
  * rootless: improve automatic range split
  * podman: set volatile storage flag for --rm containers
  * Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
  * Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
  * migrate Podman to containers/common/libimage
  * Add filepath glob support to --security-opt unmask
  * Force log_driver to k8s-file for containers in containers
  * add --mac-address to podman play kube
  * compat api: Networks must be empty instead of null
  * System tests: honor $OCI_RUNTIME (for CI)
  * is this a bug?
  * system test image: add arm64v8 image
  * Fix troubleshooting documentation on handling sublemental groups.
  * Add --all to podman start
  * Fix variable reference typo. in multi-arch image action
  * cgroup: always honor --cgroup-parent with cgroupfs
  * Bump github.com/uber/jaeger-client-go
  * Don't require tests for github-actions & metadata
  * Detect if in podman machine virtual vm
  * Fix multi-arch image workflow typo
  * [CI:DOCS] Add titles to remote docs (windows)
  * Remove unused VolumeList* structs
  * Cirrus: Update F34beta -> F34
  * Update container image docs + fix unstable execution
  * Bump github.com/containers/storage from 1.30.0 to 1.30.1
  * TODO complete
  * Docker returns 'die' status rather then 'died' status
  * Check if another VM is running on machine start
  * [CI:DOCS] Improve titles of command HTML pages
  * system tests: networking: fix another race condition
  * Use seccomp_profile as default profile if defined in containers.conf
  * Bump github.com/json-iterator/go from 1.1.10 to 1.1.11
  * Vendored
  * Autoupdate local label functional
  * System tests: fix two race conditions
  * Add more documentation on conmon
  * Allow docker volume create API to pass without name
  * Cirrus: Update Ubuntu images to 21.04
  * Skip blkio-weight test when no kernel BFQ support
  * rootless: Tell the user what was led to the error, not just what it is
  * Add troubleshooting advice about the --userns option.
  * Fix images prune filter until
  * Fix logic for pushing stable multi-arch images
  * Fixes generate kube incorrect when bind-mounting "/" and "/root"
  * libpod/image: unit tests: don't use system's registries.conf.d
  * runtime: create userns when CAP_SYS_ADMIN is not present
  * rootless: attempt to copy current mappings first
  * [CI:DOCS] Restore missing content to manpages
  * [CI:DOCS] Fix Markdown layout bugs
  * Fix podman ps --filter ancestor to match exact ImageName/ImageID
  * Add machine-enabled to containers.conf for machine
  * Several multi-arch image build/push fixes
  * Add podman run --timeout option
  * Parse slirp4netns net options with compat api
  * Fix rootlesskit port forwarder with custom slirp cidr
  * Fix removal race condition in ListContainers
  * Add github-action workflow to build/push multi-arch
  * rootless: if root is not sub?id raise a debug message
  * Bump github.com/containers/common from 0.36.0 to 0.37.0
  * Add go template shell completion for --format
  * Add --group-add keep-groups: suplimentary groups into container
  * Fixes from make codespell
  * Typo fix to usage text of --compress option
  * corrupt-image test: fix an oops
  * Add --noheading flag to all list commands
  * Bump github.com/containers/storage from 1.29.0 to 1.30.0
  * Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1
  * [CI:DOCS] Fix Markdown table layout bugs
  * podman-remote should show podman.sock info
  * rmi: don't break when the image is missing a manifest
  * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
  * Add support for CDI device configuration
  * [CI:DOCS] Add missing dash to verbose option
  * Bump github.com/uber/jaeger-client-go
  * Remove an advanced layer diff function
  * Ensure mount destination is clean, no trailing slash
  * add it for inspect pidfile
  * [CI:DOCS] Fix introduction page typo
  * support pidfile on container restore
  * fix start it
  * skip pidfile test on remote
  * improve document
  * set pidfile default value int containerconfig
  * add pidfile in inspection
  * add pidfile it for container start
  * skip pidfile it on remote
  * Modify according to comments
  * WIP: drop test requirement
  * runtime: bump required conmon version
  * runtime: return findConmon to libpod
  * oci: drop ExecContainerCleanup
  * oci: use `--full-path` option for conmon
  * use AttachSocketPath when removing conmon files
  * hide conmon-pidfile flag on remote mode
  * Fix possible panic in libpod/image/prune.go
  * add --ip to podman play kube
  * add flag autocomplete
  * add ut
  * add flag "--pidfile" for podman create/run
  * Add network bindings tests: remove and list
  * Fix build with GO111MODULE=off
  * system tests: build --pull-never: deal with flakes
  * compose test: diagnose flakes v3
  * podman play kube apply correct log driver
  * Fixes podman-remote save to directories does not work
  * Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2
  * Update documentation of podman-run to reflect volume "U" option
  * Fix flake on failed podman-remote build : try 2
  * compose test: ongoing efforts to diagnose flakes
  * Test that we don't error out on advertised --log-level values
  * At trace log level, print error text using %+v instead of %v
  * pkg/errorhandling.JoinErrors: don't throw away context for lone errors
  * Recognize --log-level=trace
  * Fix flake on failed podman-remote build
  * System tests: fix racy podman-inspect
  * Fixes invalid expression in save command
  * Bump github.com/containers/common from 0.35.4 to 0.36.0
  * Update nix pin with `make nixpkgs`
  * compose test: try to get useful data from flakes
  * Remove in-memory state implementation
  * Fix message about runtime to show only the actual runtime
  * System tests: setup: better cleanup of stray images
  * Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
  * Reflect current state of prune implementation in docs
  * Do not delete container twice
  * [CI:DOCS] Correct status code for /pods/create
  * vendor in containers/storage v1.29.0
  * cgroup: do not set cgroup parent when rootless and cgroupfs
  * Overhaul Makefile binary and release worflows
  * Reorganize Makefile with sections and guide
  * Simplify Makefile help target
  * Don't shell to obtain current directory
  * Remove unnecessary/not-needed release.txt target
  * Fix incorrect version number output
  * Exclude .gitignore from test req.
  * Fix handling of $NAME and $IMAGE in runlabel
  * Update podman image Dockerfile to support Podman in container
  * Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0
  * Fix slashes in socket URLs
  * Add network prune filters support to bindings
  * Add support for play/generate kube volumes
  * Update manifest API endpoints
  * Fix panic when not giving a machine name for ssh
  * cgroups: force 64 bits to ParseUint
  * Bump k8s.io/api from 0.20.5 to 0.21.0
  * [CI:DOCS] Fix formatting of podman-build man page
  * buildah-bud tests: simplify
  * Add missing return
  * Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1
  * speed up CI handling of images
  * Volumes prune endpoint should use only prune filters
  * Cirrus: Use Fedora 34beta images
  * Bump go.sum + Makefile for golang 1.16
  * Exempt Makefile changes from test requirements
  * Adjust libpod API Container Wait documentation to the code
  * [CI:DOCS] Update swagger definition of inspect manifest
  * use updated ubuntu images
  * podman unshare: add --rootless-cni to join the ns
  * Update swagger-check
  * swagger: remove name wildcards
  * Update buildah-bud diffs
  * Handle podman-remote --arch, --platform, --os
  * buildah-bud tests: handle go pseudoversions, plus...
  * Fix flaking rootless compose test
  * rootless cni add /usr/sbin to PATH if not present
  * System tests: special case for RHEL: require runc
  * Add --requires flag to podman run/create
  * [CI:DOCS] swagger-check: compare operations
  * [CI:DOCS] Polish swagger OpertionIDs
  * [NO TESTS NEEDED] Update nix pin with `make nixpkgs`
  * Ensure that `--userns=keep-id` sets user in config
  * [CI:DOCS] Set all operation id to be compatibile
  * Move operationIds to swagger:operation line
  * swagger: add operationIds that match with docker
  * Cirrus: Make use of shared get_ci_vm container
  * Don't relabel volumes if running in a privileged container
  * Allow users to override default storage opts with --storage-opt
  * Add support for podman --context default
  * Verify existence of auth file if specified
  * fix machine naming conventions
  * Initial network bindings tests
  * Update release notes to indicate CVE fix
  * Move socket activation check into init() and set global condition.
  * Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0
  * Http api tests for network prune with until filter
  * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
  * Fix typos --uidmapping and --gidmapping
  * Add transport and destination info to manifest doc
  * Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1
  * Add default template functions
  * Fix missing podman-remote build options
  * Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1
  * Add ssh connection to root user
  * Add rootless docker-compose test to the CI
  * Use the slrip4netns dns in the rootless cni ns
  * Cleanup the rootless cni namespace
  * Add new docker-compose test for two networks
  * Make the docker-compose test work rootless
  * Remove unused rootless-cni-infra container files
  * Only use rootless RLK when the container has ports
  * Fix dnsname test
  * Enable rootless network connect/disconnect
  * Move slirp4netns functions into an extra file
  * Fix pod infra container cni network setup
  * Add rootless support for cni and --uidmap
  * rootless cni without infra container
  * Recreate until container prune tests for bindings
  * Remove --execute from podman machine ssh
  * Fixed podman-remote --network flag
  * Makefile: introduce install.docker-full
  * Makefile: ensure install.docker creates BINDIR
  * Fix unmount doc reference in image.rst
  * Should send the OCI runtime path not just the name to buildah
  * podman machine shell completion
  * Fix handling of remove --log-rusage param
  * Fix bindings prune containers flaky test
  * [CI:DOCS] Add local html build info to docs/README.md
  * Add podman machine list
  * Trim white space from /top endpoint results
  * Remove semantic version suffices from API calls
  * podman machine init --ignition-path
  * Document --volume from podman-remote run/create client
  * Update main branch to reflect the release of v3.1.0
  * Silence podman network reload errors with iptables-nft
  * Containers prune endpoint should use only prune filters
  * resolve proper aarch64 image names
  * APIv2 basic test: relax APIVersion check
  * Add machine support for qemu-system-aarch64
  * podman machine init user input
  * manpage xref: helpful diagnostic for unescaped dash-dash
  * Bump to v3.2.0-dev
  * swagger: update system version response body
  * buildah-bud tests: reenable pull-never test
  * [NO TESTS NEEDED] Shrink the size of podman-remote
  * Add powershell completions
  * [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted
  * Fix long option format on docs.podman.io
  * system tests: friendier messages for 2-arg is()
  * service: use LISTEN_FDS
  * man pages: correct seccomp-policy label
  * rootless: use is_fd_inherited
  * podman generate systemd --new do not duplicate params
  * play kube: add support for env vars defined from secrets
  * play kube: support optional/mandatory env var from config map
  * play kube: prepare supporting other env source than config maps
  * Add machine support for more Linux distros
  * [NO TESTS NEEDED] Use same function podman-remote rmi as podman
  * Podman machine enhancements
  * Add problematic volume name to kube play error messages
  * Fix podman build --pull-never
  * [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
  * [NO TESTS NEEDED] Turn on podman-remote build --isolation
  * Fix list pods filter handling in libpod api
  * Remove resize race condition
  * [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
  * Use TMPDIR when commiting images
  * Add RequiresMountsFor= to systemd generate
  * Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3
  * Fix swapped dimensions from terminal.GetSize
  * Rename podman machine create to init and clean up
  * Correct json field name
  * system tests: new interactive tests
  * Improvements for machine
  * libpod/image: unit tests: use a `registries.conf` for aliases
  * libpod/image: unit tests: defer cleanup
  * libpod/image: unit tests: use `require.NoError`
  * Add --execute flag to podman machine ssh
  * introduce podman machine
  * Podman machine CLI and interface stub
  * Support multi doc yaml for generate/play kube
  * Fix filters in image http compat/libpod api endpoints
  * Bump github.com/containers/common from 0.35.3 to 0.35.4
  * Bump github.com/containers/storage from 1.28.0 to 1.28.1
  * Check if stdin is a term in --interactive --tty mode
  * [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
  * [NO TESTS NEEDED] Fix rootless volume plugins
  * Ensure manually-created volumes have correct ownership
  * Bump github.com/rootless-containers/rootlesskit
  * Unification of until filter across list/prune endpoints
  * Unification of label filter across list/prune endpoints
  * fixup
  * fix: build endpoint for compat API
  * [CI:DOCS] Add note to mappings for user/group userns in build
  * Bump k8s.io/api from 0.20.1 to 0.20.5
  * Validate passed in timezone from tz option
  * WIP: run buildah bud tests using podman
  * Fix containers list/prune http api filter behaviour
  * Generate Kubernetes PersistentVolumeClaims from named volumes
​
-------------------------------------------------------------------
Fri Apr 23 10:29:10 UTC 2021 - Fabian Vogt <fvogt@suse.com>
​
- Update to version 3.1.2:
  * Bump to v3.1.2
  * Update release notes for v3.1.2
  * Ensure mount destination is clean, no trailing slash
  * Fixes podman-remote save to directories does not work
  * [CI:DOCS] Add missing dash to verbose option
  * [CI:DOCS] Fix Markdown table layout bugs
  * [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
  * rmi: don't break when the image is missing a manifest
  * Bump containers/image to v5.11.1
  * Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1
  * Fix lint
  * Bump to v3.1.2-dev
- Split podman-remote into a subpackage
- Add missing scriptlets for systemd units
- Escape macros in comments
- Drop some obsolete workarounds, including %{go_nostrip}
​
-------------------------------------------------------------------
Mon Apr 19 09:29:17 UTC 2021 - alexandre.vicenzi@suse.com
​
- Update to version 3.1.1:
  * Bump to v3.1.1
  * Update release notes for v3.1.1
  * podman play kube apply correct log driver
  * Fix build with GO111MODULE=off
  * [CI:DOCS] Set all operation id to be compatibile
  * Move operationIds to swagger:operation line
  * swagger: add operationIds that match with docker
  * Fix missing podman-remote build options
  * [NO TESTS NEEDED] Shrink the size of podman-remote
  * Move socket activation check into init() and set global condition.
  * rootless: use is_fd_inherited
  * Recreate until container prune tests for bindings
  * System tests: special case for RHEL: require runc
  * Document --volume from podman-remote run/create client
  * Containers prune endpoint should use only prune filters
  * Trim white space from /top endpoint results
  * Fix unmount doc reference in image.rst
  * Fix handling of remove --log-rusage param
  * Makefile: introduce install.docker-full
  * Makefile: ensure install.docker creates BINDIR
  * Should send the OCI runtime path not just the name to buildah
  * Fixed podman-remote --network flag
  * podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
  * Fix typos --uidmapping and --gidmapping
  * Add default template functions
  * Don't relabel volumes if running in a privileged container
  * Allow users to override default storage opts with --storage-opt
  * Add transport and destination info to manifest doc
  * Verify existence of auth file if specified
  * Ensure that `--userns=keep-id` sets user in config
  * [CI:DOCS] Update swagger definition of inspect manifest
  * Volumes prune endpoint should use only prune filters
  * Adjust libpod API Container Wait documentation to the code
  * Add missing return
  * [CI:DOCS] Fix formatting of podman-build man page
  * cgroups: force 64 bits to ParseUint
  * Fix slashes in socket URLs
  * [CI:DOCS] Correct status code for /pods/create
  * cgroup: do not set cgroup parent when rootless and cgroupfs
  * Reflect current state of prune implementation in docs
  * Do not delete container twice
  * Test that we don't error out on advertised --log-level values
  * At trace log level, print error text using %+v instead of %v
  * pkg/errorhandling.JoinErrors: don't throw away context for lone errors
  * Recognize --log-level=trace
  * Fix message about runtime to show only the actual runtime
  * Fix handling of $NAME and $IMAGE in runlabel
  * Fix flake on failed podman-remote build : try 2
  * Fix flake on failed podman-remote build
  * Update documentation of podman-run to reflect volume "U" option
  * Fixes invalid expression in save command
  * Fix possible panic in libpod/image/prune.go
  * Update all containers/ project vendors
  * Fix tests
  * Bump to v3.1.1-dev
​
-------------------------------------------------------------------
Fri Apr 09 16:55:51 UTC 2021 - alexandre.vicenzi@suse.com
​
- Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
  * Bump to v3.1.0
  * Fix test failure
  * Update release notes for v3.1.0 final release
  * [NO TESTS NEEDED] Turn on podman-remote build --isolation
  * Fix long option format on docs.podman.io
  * Fix containers list/prune http api filter behaviour
  * [CI:DOCS] Add note to mappings for user/group userns in build
  * Validate passed in timezone from tz option
  * Generate Kubernetes PersistentVolumeClaims from named volumes
  * libpod/image: unit tests: use a `registries.conf` for aliases
- Require systemd 241 or newer due to podman dependency go-systemd v22,
  otherwise build will fail with unknown C name errors
​
-------------------------------------------------------------------
Mon Mar 29 16:29:46 UTC 2021 - Frederic Crozat <fcrozat@suse.com>
​
- Create docker subpackage to allow replacing docker with
  corresponding aliases to podman.
​
-------------------------------------------------------------------
Wed Feb 24 13:46:35 UTC 2021 - Richard Brown <rbrown@suse.com>
​
- Drop obsolete varlink.patch
​
-------------------------------------------------------------------
Wed Feb 24 12:44:58 UTC 2021 - Duncan Mac-Vicar <dmacvicar@suse.com>
​
- Update to v3.0.1
  * Changes
    - Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.
Bugfixes
    - Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).
    - Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output.
    - Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems.
    - Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393).
    - Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415).
    - Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).
    - Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378).
    - Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374).
    - Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365).
    - Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
    - Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387).
    - Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).
    - Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191).
    - Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247).
  * API
    - Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351).
    - Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
    - Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
    - Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232).
    - The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library.
  * Misc
    - Updated Buildah to v1.19.4
    - Updated the containers/storage library to v1.24.6
- Changes from v3.0.0
  * Features
    - Podman now features initial support for Docker Compose.
    - Added the podman rename command, which allows containers to be renamed after they are created (#1925).
    - The Podman remote client now supports the podman copy command.
    - A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
    - Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
    - Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
    - The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
    - The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
    - The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
    - The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
    - The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
    - The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
    - The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
    - The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
    - The podman pod create command now supports the --net=none option (#9165).
    - The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
    - Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
    - The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
    - The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
    - The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
    - The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
    - The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
    The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
    - The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
    - The podman volume prune commands now supports filtering what volumes will be pruned.
    - The podman system prune command now includes information on space reclaimed (#8658).
    - The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
    - The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
    - The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
    - The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
    - Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
    - The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).
  * Security
    - A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
  * Changes
    - Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
    - The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
    - The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
    - The legacy Varlink API has been completely removed from Podman.
    - The default log level for Podman has been changed from Error to Warn.
    - The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
    - The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
    - The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
    - The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
    - Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
    - Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
    - Error messages for podman run when an invalid SELinux is specified have been improved.
    - Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
    - Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
    - SSH public key handling for remote Podman has been improved.
  * Bugfixes
    - Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
    - Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
    - Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
    - Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
    - Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
    - Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
    - Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
    - Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
    - Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
    - Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
    - Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
    - Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
    - Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
    - Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
    - Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
    - Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
    - Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
    - Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
    - Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
    - Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
    - Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
    - Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
    - Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
    - Fixed a bug where locale environment variables were not properly passed on to Conmon.
    - Fixed a bug where Podman would not build on the MIPS architecture (#8782).
    - Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
    - Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
    - Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
    - Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
    - Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
    - Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
    - Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
    - Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
    - Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
    - Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
    - Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
    - Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
    - Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
    - Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
    - Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
    - Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
    - Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
    - Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
    - Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
    - Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
    - Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
    - Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
    - Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
    - Fixed a bug where --format did not support JSON output for individual fields (#8444).
    - Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
    - Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
    - Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
    - Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
    - Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
    - Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
    - Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).
    - Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773).
    - Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).
    - Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).
    - Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003).
​
API
​
    - Libpod API version has been bumped to v3.0.0.
    - All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
    - The Compat API for Containers now supports the Rename and Copy APIs.
    - Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
    - Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281)
    - Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
    - Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
    - Fixed a bug where the Compat Create API for Containers did not set container name properly.
    - Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
    - Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
    - Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
    - Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
    - Fixed a bug where the Libpod Exists endpoint for Images could panic.
    - Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
    - Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
    - Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
    - Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
    - Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
    - Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
    - Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
    - Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
  * Misc
    - Updated Buildah to v1.19.2
    - Updated the containers/storage library to v1.24.5
    - Updated the containers/image library to v5.10.2
    - Updated the containers/common library to v0.33.4
​
-------------------------------------------------------------------
Tue Jan  5 18:14:52 UTC 2021 - Michael Ströder <michael@stroeder.com>
​
- Update to v2.2.1
  * Changes
    - Due to a conflict with a previously-removed field, we were forced to
      modify the way image volumes (mounting images into containers using
      --mount type=image) were handled in the database.
      As a result, containers created in Podman 2.2.0 with image volume
       will not have them in v2.2.1, and these containers will need to be re-created.
  * Bugfixes
    - Fixed a bug where rootless Podman would, on systems without the
      XDG_RUNTIME_DIR environment variable defined, use an incorrect path
      for the PID file of the Podman pause process, causing Podman to fail
      to start (#8539).
    - Fixed a bug where containers created using Podman v1.7 and earlier were
      unusable in Podman due to JSON decode errors (#8613).
    - Fixed a bug where Podman could retrieve invalid cgroup paths, instead
      of erroring, for containers that were not running.
    - Fixed a bug where the podman system reset command would print a warning
      about a duplicate shutdown handler being registered.
    - Fixed a bug where rootless Podman would attempt to mount sysfs in
      circumstances where it was not allowed; some OCI runtimes (notably
      crun) would fall back to alternatives and not fail, but others
      (notably runc) would fail to run containers.
    - Fixed a bug where the podman run and podman create commands would fail
      to create containers from untagged images (#8558).
    - Fixed a bug where remote Podman would prompt for a password even when
      the server did not support password authentication (#8498).
    - Fixed a bug where the podman exec command did not move the Conmon
      process for the exec session into the correct cgroup.
    - Fixed a bug where shell completion for the ancestor option to
      podman ps --filter did not work correctly.
    - Fixed a bug where detached containers would not properly clean themselves
      up (or remove themselves if --rm was set) if the Podman command that
      created them was invoked with --log-level=debug.
  * API
    - Fixed a bug where the Compat Create endpoint for Containers did not
      properly handle the Binds and Mounts parameters in HostConfig.
    - Fixed a bug where the Compat Create endpoint for Containers
      ignored the Name query parameter.
    - Fixed a bug where the Compat Create endpoint for Containers did not
      properly handle the "default" value for NetworkMode (this value is
      used extensively by docker-compose) (#8544).
    - Fixed a bug where the Compat Build endpoint for Images would sometimes
      incorrectly use the target query parameter as the image's tag.
  * Misc
    - Podman v2.2.0 vendored a non-released, custom version of the
      github.com/spf13/cobra package; this has been reverted to the latest
      upstream release to aid in packaging.
    - Updated the containers/image library to v5.9.0
​
-------------------------------------------------------------------
Wed Dec  2 13:24:06 UTC 2020 - Richard Brown <rbrown@suse.com>
​
- Update to v2.2.0
 * Features
  - Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here.
  - Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.
  - The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
  - The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
  - The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
  - The podman play kube command now supports persistent volumes claims using Podman named volumes.
  - The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
  - The podman play kube command now supports a --log-driver option to set the log driver for created containers.
  - The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
  - The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
  - The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
  - The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
  - The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
  - The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
  - The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
  - The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
  - The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
  - The podman search command can now output JSON using the --format=json option.
  - The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
  - The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
  - The --tls-verify and --authfile options have been enabled for use with remote Podman.
  - The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
  - The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
  - The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
  - The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
  - The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.
  - The podman pod ps command now supports a new filter status, that matches pods in a certain state.
 * Changes
  - The podman network rm --force command will now also remove pods that are using the network (#7791).
  - The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
  - If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
  - Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
  - Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
  - The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
  - The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
  - Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
  - The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
  - A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.
  - Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container.
  - The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).
  - Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657).
  - The podman network rm command now has a new alias, podman network remove (#8402).
 * Bugfixes
  - Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
  - Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
  - Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
  - Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
  - Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
  - Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
  - Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
  - Fixed a bug where the podman untag --all command was not supported with remote Podman.
  - Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
  - Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
  - Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
  - Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
  - Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
  - Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
  - Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
  - Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
  - Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
  - Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
  - Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
  - Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.
  - Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
  - Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
  - Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
  - Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
  - Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
  - Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
  - Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
  - Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
  - Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
  - Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
  - Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
  - Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
  - Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
  - Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
  - Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
  - Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
  - Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
  - Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
  - Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
  - Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
  - Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
  - Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
  - Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
  - Fixed a bug where the --extract option to podman cp was nonfunctional.
  - Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
  - Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
  - Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
  - Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
  - Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
  - Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
  - Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
  - Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
  - Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
  - Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
  - Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
  - Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
  - Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
  - Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
  - Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
  - Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
  - Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
  - Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
  - Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).
  - Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).
  - Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables.
  - Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473).
  - Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.
  - Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).
  - Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck.
  - Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).
  - Fixed a bug where the podman container ps alias for podman ps was missing (#8445).
 * API
  - The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
  - A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
  - The Compat Network Connect and Network Disconnect endpoints have been added.
  - Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
  - The Compat Create endpoint for images now properly supports specifying images by digest.
  - The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
  - The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
  - Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version).
  - Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
  - Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
  - Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
  - Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
  - Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
  - Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
  - Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so).
  - Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
  - Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
  - Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
  - Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
  - Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
  - Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
  - Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.
  - Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time.
  - Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.
​
-------------------------------------------------------------------
Mon Oct 26 14:08:32 UTC 2020 - Adrian Schröter <adrian@suse.de>
​
- add dependency to timezone package or podman fails to build a
  container (bsc#1178122)
​
-------------------------------------------------------------------
Wed Sep 30 14:07:34 UTC 2020 - rhafer@suse.com
- Added patch varlink.patch to disable needless varlink code
  generation. This would cause compile failures in OBS.
  (https://github.com/containers/podman/pull/7854)
- Cleanup %build section a bit and no longer build in GOPATH.
  This shouldn't be needed anymore.
- Path BUILDFLAGS via enviroment variable to allow it being
  appended to the corresponding Makefile variable instead of
  completely overriding it.
- Install new auto-update system units
- Update to v2.1.1 (bsc#1178392):
  * Changes
    - The `podman info` command now includes the cgroup manager
      Podman is using.
  * API
    - The REST API now includes a Server header in all responses.
    - Fixed a bug where the Libpod and Compat Attach endpoints
      could terminate early, before sending all output from the
      container.
    - Fixed a bug where the Compat Create endpoint for containers
      did not properly handle the Interactive parameter.
    - Fixed a bug where the Compat Kill endpoint for containers
      could continue to run after a fatal error.
    - Fixed a bug where the Limit parameter of the Compat List
      endpoint for Containers did not properly handle a limit of 0
      (returning nothing, instead of all containers) [#7722].
    - The Libpod Stats endpoint for containers is being deprecated
      and will be replaced by a similar endpoint with additional
      features in a future release.
- Changes in v2.1.0
  * Features
    - A new command, `podman image mount`, has been added. This
      allows for an image to be mounted, read-only, to inspect its
      contents without creating a container from it [#1433].
    - The `podman save` and `podman load` commands can now create
      and load archives containing multiple images [#2669].
    - Rootless Podman now supports all `podman network` commands,
      and rootless containers can now be joined to networks.
    - The performance of `podman build` on `ADD` and `COPY`
      instructions has been greatly improved, especially when a
      `.dockerignore` is present.
    - The `podman run` and `podman create` commands now support a
      new mode for the `--cgroups` option, `--cgroups=split`.
      Podman will create two cgroups under the cgroup it was
      launched in, one for the container and one for Conmon. This
      mode is useful for running Podman in a systemd unit, as it
      ensures that all processes are retained in systemd's cgroup
      hierarchy [#6400].
    - The `podman run` and `podman create` commands can now specify
      options to slirp4netns by using the `--network` option as
      follows:  `--net slirp4netns:opt1,opt2`. This allows for,
      among other things, switching the port forwarder used by
      slirp4netns away from rootlessport.
    - The `podman ps` command now features a new option,
      `--storage`, to show containers from Buildah, CRI-O and other
      applications.
    - The `podman run` and `podman create` commands now feature a
      `--sdnotify` option to control the behavior of systemd's
      sdnotify with containers, enabling improved support for
      Podman in `Type=notify` units.
    - The `podman run` command now features a `--preserve-fds`
      opton to pass file descriptors from the host into the
      container [#6458].
    - The `podman run` and `podman create` commands can now create
      overlay volume mounts, by adding the `:O` option to a bind
      mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
      mount a directory into a container from the host and allow
      changes to it, but not write those changes back to the
      directory on the host.
    - The `podman play kube` command now supports the Socket
      HostPath type [#7112].
    - The `podman play kube` command now supports read-only mounts.
    - The `podman play kube` command now supports setting labels on
      pods from Kubernetes metadata labels.
    - The `podman play kube` command now supports setting container
      restart policy [#7656].
    - The `podman play kube` command now properly handles
      `HostAlias` entries.
    - The `podman generate kube` command now adds entries to
      `/etc/hosts` from `--host-add` generated YAML as `HostAlias`
      entries.
    - The `podman play kube` and `podman generate kube` commands
      now properly support `shareProcessNamespace` to share the PID
      namespace in pods.
    - The `podman volume ls` command now supports the `dangling`
      filter to identify volumes that are dangling (not attached to
      any container).
    - The `podman run` and `podman create` commands now feature a
      `--umask` option to set the umask of the created container.
    - The `podman create` and `podman run` commands now feature a
      `--tz` option to set the timezone within the container [#5128].
    - Environment variables for Podman can now be added in the
      `containers.conf` configuration file.
    - The `--mount` option of `podman run` and `podman create` now
      supports a new mount type, `type=devpts`, to add a `devpts`
      mount to the container. This is useful for containers that
      want to mount `/dev/` from the host into the container, but
      still create a terminal.
    - The `--security-opt` flag to `podman run` and `podman create`
      now supports a new option, `proc-opts`, to specify options
      for the container's `/proc` filesystem.
    - Podman with the `crun` OCI runtime now supports a new option
      to `podman run` and `podman create`, `--cgroup-conf`, which
      allows for advanced configuration of cgroups on cgroups v2
      systems.
    - The `podman create` and `podman run` commands now support a
      `--override-variant` option, to override the architecture
      variant of the image that will be pulled and ran.
    - A new global option has been added to Podman,
      `--runtime-flags`, which allows for setting flags to use when
      the OCI runtime is called.
    - The `podman manifest add` command now supports the
      `--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
      options.
  * Security
    - This release resolves CVE-2020-14370, in which environment
      variables could be leaked between containers created using
      the Varlink API.
  * Changes
    - Podman will now retry pulling an image 3 times if a pull
      fails due to network errors.
    - The `podman exec` command would previously print error
      messages (e.g. `exec session exited with non-zero exit code
      -1`) when the command run exited with a non-0 exit code. It
      no longer does this. The `podman exec` command will still
      exit with the same exit code as the command run in the
      container did.
    - Error messages when creating a container or pod with a name
      that is already in use have been improved.
    - For read-only containers running systemd init, Podman creates
      a tmpfs filesystem at `/run`. This was previously limited to
      65k in size and mounted `noexec`, but is now unlimited size
      and mounted `exec`.
    - The `podman system reset` command no longer removes
      configuration files for rootless Podman.
  * API
    - The Libpod API version has been bumped to v2.0.0 due to a
      breaking change in the Image List API.
    - Docker-compatible Volume Endpoints (Create, Inspect, List,
      Remove, Prune) are now available!
    - Added an endpoint for generating systemd unit files for
      containers.
    - The `last` parameter to the Libpod container list endpoint
      now has an alias, `limit` [#6413].
    - The Libpod image list API new returns timestamps in Unix
      format, as integer, as opposed to as strings
    - The Compat Inspect endpoint for containers now includes port
      information in NetworkSettings.
    - The Compat List endpoint for images now features limited
      support for the (deprecated) `filter` query parameter [#6797].
    - Fixed a bug where the Compat Create endpoint for containers
      was not correctly handling bind mounts.
    - Fixed a bug where the Compat Create endpoint for containers
      would not return a 404 when the requested image was not
      present.
    - Fixed a bug where the Compat Create endpoint for containers
      did not properly handle Entrypoint and Command from images.
    - Fixed a bug where name history information was not properly
      added in the Libpod Image List endpoint.
    - Fixed a bug where the Libpod image search endpoint improperly
      populated the Description field of responses.
    - Added a `noTrunc` option to the Libpod image search endpoint.
    - Fixed a bug where the Pod List API would return null, instead
      of an empty array, when no pods were present [#7392].
    - Fixed a bug where endpoints that hijacked would do perform
      the hijack too early, before being ready to send and receive
      data [#7195].
    - Fixed a bug where Pod endpoints that can operate on multiple
      containers at once (e.g. Kill, Pause, Unpause, Stop) would
      not forward errors from individual containers that failed.
    - The Compat List endpoint for networks now supports filtering
      results [#7462].
    - Fixed a bug where the Top endpoint for pods would return both
      a 500 and 404 when run on a non-existant pod.
    - Fixed a bug where Pull endpoints did not stream progress back
      to the client.
    - The Version endpoints (Libpod and Compat) now provide version
      in a format compatible with Docker.
    - All non-hijacking responses to API requests should not
      include headers with the version of the server.
    - Fixed a bug where Libpod and Compat Events endpoints did not
      send response headers until the first event occurred [#7263].
    - Fixed a bug where the Build endpoints (Compat and Libpod) did
      not stream progress to the client.
    - Fixed a bug where the Stats endpoints (Compat and Libpod) did
      not properly handle clients disconnecting.
    - Fixed a bug where the Ignore parameter to the Libpod Stop
      endpoint was not performing properly.
    - Fixed a bug where the Compat Logs endpoint for containers did
      not stream its output in the correct format [#7196].
​
-------------------------------------------------------------------
Tue Sep  8 13:41:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Cleanup %install section to use "make install"
- install missing systemd units for the new Rest API (bsc#1175957)
  and a few man-pages that where missing before
- Drop varlink API related bits (in favor of the new API)
- fix install location for zsh completions
​
-------------------------------------------------------------------
Wed Sep  2 00:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
​
- Update to v2.0.6
  * Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
  * Fixed a bug where /etc/passwd could be re-created every time a container
    is restarted if the container's /etc/passwd did not contain an entry
    for the user the container was started as.
  * Fixed a bug where containers without an /etc/passwd file specifying
    a non-root user would not start.
  * Fixed a bug where the --remote flag would sometimes not make
    remote connections and would instead attempt to run Podman locally.
​
-------------------------------------------------------------------
Tue Aug 25 07:01:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
​
- Update to v2.0.5 (bsc#1175821)
  * Features
    - Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.
    - The podman system connection command has been reworked to support multiple connections, and reenabled for use!
    - Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.
  * Changes
    - Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).
    - Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.
  * Bugfixes
    - Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964).
    - Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271).
    - Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present.
    - Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]).
    - Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893).
    - Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124).
    - Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).
    - Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).
    - Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting.
    - Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).
    - Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed.
    - Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.
    - Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
    - Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image.
    - Fixed a bug where pod infra containers were not properly unmounted after exiting.
    - Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route.
    - Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017).
    - Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host.
    - Fixed a bug where podman build would not generate an event on completion (#7022).
    - Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122).
    - Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
    - Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115).
    - Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
    - Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).
    - Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
    - Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).
    - Fixed a bug where the podman version command did not properly include build time and Git commit.
    - Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734).
    - Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user.
    - Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).
  * API
    - Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185).
    - Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197).
    - Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
    - Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping).
    - Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294).
    - Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
    - The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.
  * Misc
    - Updated Buildah to v1.15.1
    - Updated containers/image library to v5.5.2
​
-------------------------------------------------------------------
Tue Aug 18 15:11:31 UTC 2020 - Richard Brown <rbrown@suse.com>
​
- Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib
​
-------------------------------------------------------------------
Wed Aug 12 09:35:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
​
- Change hard requires for AppArmor to Recommends. They are not
  needed for runtime or with SELinux but already installed if
  AppArmor is used [jsc#SMO-15]
​
-------------------------------------------------------------------
Tue Aug  4 13:52:05 UTC 2020 - Richard Brown <rbrown@suse.com>
​
- Add BuildRequires for pkg-config(libselinux) to build with
  SELinux support [jsc#SMO-15]
​
-------------------------------------------------------------------
Mon Aug  3 06:47:04 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Update to v2.0.4
  * Fixed a bug where the output of podman image search did not
    populate the Description field as it was mistakenly assigned to
    the ID field.
  * Fixed a bug where podman build - and podman build on an HTTP
    target would fail.
  * Fixed a bug where rootless Podman would improperly chown the
    copied-up contents of anonymous volumes (#7130).
  * Fixed a bug where Podman would sometimes HTML-escape special
    characters in its CLI output.
  * Fixed a bug where the podman start --attach --interactive
    command would print the container ID of the container attached
    to when exiting (#7068).
  * Fixed a bug where podman run --ipc=host --pid=host would only
    set --pid=host and not --ipc=host (#7100).
  * Fixed a bug where the --publish argument to podman run, podman
    create and podman pod create would not allow binding the same
    container port to more than one host port (#7062).
  * Fixed a bug where incorrect arguments to podman images --format
    could cause Podman to segfault.
  * Fixed a bug where podman rmi --force on an image ID with more
    than one name and at least one container using the image would
    not completely remove containers using the image (#7153).
  * Fixed a bug where memory usage in bytes and memory use
    percentage were swapped in the output of podman stats
    --format=json.
  * Fixed a bug where the libpod and compat events endpoints would
    fail if no filters were specified (#7078).
  * Fixed a bug where the CgroupVersion field in responses from the
    compat Info endpoint was prefixed by "v" (instead of just being
    "1" or "2", as is documented).
​
-------------------------------------------------------------------
Fri Jul 31 13:07:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Remove obsolete libpod.conf from Package sources
​
-------------------------------------------------------------------
Tue Jul 28 13:16:55 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- libpod got renamed to podman on GitHub. Point _service file to
  the new name.
- Remove obsolete old Requires on libcontainers-image and -storage
  all of that is inside libcontainers-common
- Require a new enough libcontainers-common version to have the
  default containers.conf installed.
- Remove deprecated libpod.conf and create an update notice pointing
  to containers.conf for user that made changes to libpod.conf
​
-------------------------------------------------------------------
Tue Jul 28 09:13:49 UTC 2020 - Fabian Vogt <fvogt@suse.com>
​
- Suggest katacontainers instead of recommending it. It's not
  enabled by default, so it's just bloat
​
-------------------------------------------------------------------
Fri Jul 24 12:19:32 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Update to v2.0.3
  * Fix handling of entrypoint
  * log API: add context to allow for cancelling
  * fix API: Create container with an invalid configuration
  * Remove all instances of named return "err" from Libpod
  * Fix: Correct connection counters for hijacked connections
  * Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
  * Remove hijacked connections from active connections list
  * version/info: format: allow more json variants
  * Correctly print STDOUT on non-terminal remote exec
  * Fix container and pod create commands for remote create
  * Mask out /sys/dev to prevent information leak from the host
  * Ensure sig-proxy default is propagated in start
  * Add SystemdMode to inspect for containers
  * When determining systemd mode, use full command
  * Fix lint
  * Populate remaining unused fields in `pod inspect`
  * Include infra container information in `pod inspect`
  * play-kube: add suport for "IfNotPresent" pull type
  * docs: user namespace can't be shared in pods
  * Fix "Error: unrecognized protocol \"TCP\" in port mapping"
  * Error on rootless mac and ip addresses
  * Fix & add notes regarding problematic language in codebase
  * abi: set default umask and rlimits
  * Used reference package with errors for parsing tag
  * fix: system df error when an image has no name
  * Fix Generate API title/description
  * Add noop function disable-content-trust
  * fix play kube doesn't override dockerfile ENTRYPOINT
  * Support default profile for apparmor
  * Bump github.com/containers/common to v0.14.6
  * events endpoint: backwards compat to old type
  * events endpoint: fix panic and race condition
  * Switch references from libpod.conf to containers.conf
  * podman.service: set type to simple
  * podman.service: set doc to podman-system-service
  * podman.service: use default registries.conf
  * podman.service: use default killmode
  * podman.service: remove stop timeout
  * systemd: symlink user->system
  * vendor golang.org/x/text@v0.3.3
  * Fix a bug where --pids-limit was parsed incorrectly
  * search: allow wildcards
  * [CI:DOCS]Do not copy policy.json into gating image
  * Fix systemd pid 1 test
  * Cirrus: Rotate keys post repo. rename
- The libpod.conf(5) man page got removed and all references are
  now pointing towards containers.conf(5), which will be part
  of the libcontainers-common package.
​
-------------------------------------------------------------------
Wed Jul  8 07:12:58 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Update to podman v2.0.2
  * fix race condition in `libpod.GetEvents(...)`
  * Fix bug where `podman mount` didn't error as rootless
  * remove podman system connection
  * Fix imports to ensure v2 is used with libpod
  * Update release notes for v2.0.2
  * specgen: fix order for setting rlimits
  * Ensure umask is set appropriately for 'system service'
  * generate systemd: improve pod-flags filter
  * Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
  * Fixes --remote flag issues
  * Pids-limit should only be set if the user set it
  * Set console mode for windows
  * Allow empty host port in --publish flag
  * Add a note on the APIs supported by `system service`
  * fix: Don't override entrypoint if it's `nil`
  * Set TMPDIR to /var/tmp by default if not set
  * test: add tests for --user and volumes
  * container: move volume chown after spec generation
  * libpod: volume copyup honors namespace mappings
  * Fix `system service` panic from early hangup in events
  * stop podman service in e2e tests
  * Print errors from individual containers in pods
  * auto-update: clarify systemd-unit requirements
  * podman ps truncate the command
  * move go module to v2
  * Vendor containers/common v0.14.4
  * Bump to imagebuilder v1.1.6 on v2 branch
  * Account for non-default port number in image name
- Changes since v2.0.1
  * Update release notes with further v2.0.1 changes
  * Fix inspect to display multiple label: changes
  * Set syslog for exit commands on log-level=debug
  * Friendly amendment for pr 6751
  * podman run/create: support all transports
  * systemd generate: allow manual restart of container units in pods
  * Revert sending --remote flag to containers
  * Print port mappings in `ps` for ctrs sharing network
  * vendor github.com/containers/common@v0.14.3
  * Update release notes for v2.0.1
  * utils: drop default mapping when running uid!=0
  * Set stop signal to 15 when not explicitly set
  * podman untag: error if tag doesn't exist
  * Reformat inspect network settings
  * APIv2: Return `StatusCreated` from volume creation
  * APIv2:fix: Remove `/json` from compat network EPs
  * Fix ssh-agent support
  * libpod: specify mappings to the storage
  * APIv2:doc: Fix swagger doc to refer to volumes
  * Add podman network to bash command completions
  * Fix typo in manpage for `podman auto update`.
  * Add JSON output field for ps
  * V2 podman system connection
  * image load: no args required
  * Re-add PODMAN_USERNS environment variable
  * Fix conflicts between privileged and other flags
  * Bump required go version to 1.13
  * Add explicit command to alpine container in test case.
  * Use POLL_DURATION for timer
  * Stop following logs using timers
  * "pod" was being truncated to "po" in the names of the generated systemd unit files.
  * rootless_linux: improve error message
  * Fix podman build handling of --http-proxy flag
  * correct the absolute path of `rm` executable
  * Makefile: allow customizable GO_BUILD
  * Cirrus: Change DEST_BRANCH to v2.0
​
-------------------------------------------------------------------
Mon Jun 22 14:55:23 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Update to podman v2.0.0
  * The `podman generate systemd` command now supports the `--new`
    flag when used with pods, allowing portable services for pods
    to be created.
  * The `podman play kube` command now supports running Kubernetes
    Deployment YAML.
  * The `podman exec` command now supports the `--detach` flag to
    run commands in the container in the background.
  * The `-p` flag to `podman run` and `podman create` now supports
    forwarding ports to IPv6 addresses.
  * The `podman run`, `podman create` and `podman pod create`
    command now support a `--replace` flag to remove and replace any
    existing container (or, for `pod create`, pod) with the same name
  * The `--restart-policy` flag to `podman run` and `podman create`
    now supports the `unless-stopped` restart policy.
  * The `--log-driver` flag to `podman run` and `podman create`
    now supports the `none` driver, which does not log the
    container's output.
  * The `--mount` flag to `podman run` and `podman create` now
    accepts `readonly` option as an alias to `ro`.
  * The `podman generate systemd` command now supports the `--container-prefix`,
    `--pod-prefix`, and `--separator` arguments to control the
    name of generated unit files.
  * The `podman network ls` command now supports the `--filter`
    flag to filter results.
  * The `podman auto-update` command now supports specifying an
    authfile to use when pulling new images on a per-container
    basis using the `io.containers.autoupdate.authfile` label.
  * Fixed a bug where the `podman exec` command would log to journald
    when run in containers loggined to journald
    ([#6555](https://github.com/containers/libpod/issues/6555)).
  * Fixed a bug where the `podman auto-update` command would not
    preserve the OS and architecture of the original image when
    pulling a replacement
    ([#6613](https://github.com/containers/libpod/issues/6613)).
  * Fixed a bug where the `podman cp` command could create an extra
    `merged` directory when copying into an existing directory
    ([#6596](https://github.com/containers/libpod/issues/6596)).
  * Fixed a bug where the `podman pod stats` command would crash
    on pods run with `--network=host`
    ([#5652](https://github.com/containers/libpod/issues/5652)).
  * Fixed a bug where containers logs written to journald did not
    include the name of the container.
  * Fixed a bug where the `podman network inspect` and
    `podman network rm` commands did not properly handle non-default
    CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)).
  * Fixed a bug where Podman did not properly remove containers
    when using the Kata containers OCI runtime.
  * Fixed a bug where `podman inspect` would sometimes incorrectly
    report the network mode of containers started with `--net=none`.
  * Podman is now better able to deal with cases where `conmon`
    is killed before the container it is monitoring.
- Requires go 1.13 now
​
-------------------------------------------------------------------
Mon May 25 11:32:32 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
​
- Update to podman v1.9.3:
  * Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets
    were not properly mounted into containers
  * Fixed a bug where builds run over Varlink would hang
  * Fixed a bug where podman save would fail when the target
    image was specified by digest
  * Fixed a bug where rootless containers with ports forwarded to them
    could panic and dump core due to a concurrency issue (#6018)
  * Fixed a bug where rootless Podman could race when opening the
    rootless user namespace, resulting in commands failing to run
  * Fixed a bug where HTTP proxy environment variables forwarded into
    the container by the --http-proxy flag could not be overridden by --env or --env-file
  * Fixed a bug where rootless Podman was setting resource limits on cgroups
    v2 systems that were not using systemd-managed cgroups
    (and thus did not support resource limits), resulting in containers failing to start
​
​
-------------------------------------------------------------------
Wed Apr 29 06:34:51 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.9.1:
  * Bugfixes
    - Fixed a bug where healthchecks could become nonfunctional if
      container log paths were manually set with --log-path and
      multiple container logs were placed in the same directory
    - Fixed a bug where rootless Podman could, when using an older
      libpod.conf, print numerous warning messages about an invalid
      CGroup manager config
    - Fixed a bug where rootless Podman would sometimes fail to
      close the rootless user namespace when joining it
  * Misc
    - Updated containers/common to v0.8.2
​
-------------------------------------------------------------------
Thu Apr 16 06:33:21 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Switched to simple `make binaries` for building podman
- Update podman to v1.9.0:
  * Features
    - Experimental support has been added for podman run
      --userns=auto, which automatically allocates a unique UID and
      GID range for the new container's user namespace
    - The podman play kube command now has a --network flag to
      place the created pod in one or more CNI networks
    - The podman commit command now supports an --iidfile flag to
      write the ID of the committed image to a file
    - Initial support for the new containers.conf configuration
      file has been added. containers.conf allows for much more
      detailed configuration of some Podman functionality
  * Changes
    - There has been a major cleanup of the podman info command
      resulting in breaking changes. Many fields have been renamed
      to better suit usage with APIv2
    - All uses of the --timeout flag have been switched to prefer
      the alternative --time. The --timeout flag will continue to
      work, but man pages and --help will use the --time flag
      instead
  * Bugfixes
    - Fixed a bug where some volume mounts from the host would
      sometimes not properly determine the flags they should use
      when mounting
    - Fixed a bug where Podman was not propagating $PATH to Conmon
      and the OCI runtime, causing issues for some OCI runtimes
      that required it
    - Fixed a bug where rootless Podman would print error messages
      about missing support for systemd cgroups when run in a
      container with no cgroup support
    - Fixed a bug where podman play kube would not properly handle
      container-only port mappings (#5610)
    - Fixed a bug where the podman container prune command was not
      pruning containers in the created and configured states
    - Fixed a bug where Podman was not properly removing CNI IP
      address allocations after a reboot (#5433)
    - Fixed a bug where Podman was not properly applying the
      default Seccomp profile when --security-opt was not given at
      the command line
  * HTTP API
    - Many Libpod API endpoints have been added, including Changes,
      Checkpoint, Init, and Restore
    - Resolved issues where the podman system service command would
      time out and exit while there were still active connections
    - Stability overall has greatly improved as we prepare the API
      for a beta release soon with Podman 2.0
  * Misc
    - The default infra image for pods has been upgraded to
      k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the
      architecture metadata for non-AMD64 images
    - The slirp4netns networking utility in rootless Podman now
      uses Seccomp filtering where available for improved security
    - Updated Buildah to v1.14.8
    - Updated containers/storage to v1.18.2
    - Updated containers/image to v5.4.3
    - Updated containers/common to v0.8.1
​
-------------------------------------------------------------------
Fri Apr  3 14:30:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Add "systemd" BUILDFLAGS to build with support for journald
  logging (bsc#1162432)
​
-------------------------------------------------------------------
Fri Mar 27 12:40:44 UTC 2020 - Richard Brown <rbrown@suse.com>
​
- Use infra_image pause:3.2
​
-------------------------------------------------------------------
Fri Mar 27 09:52:26 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Fix dependency on slirp4netns. We need at least 0.4.0 now
  (bsc#1167850)
​
-------------------------------------------------------------------
Fri Mar 20 07:56:22 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.8.2:
  * Features
    - Initial support for automatically updating containers managed
      via Systemd unit files has been merged. This allows
      containers to automatically upgrade if a newer version of
      their image becomes available
  * Bugfixes
    - Fixed a bug where unit files generated by podman generate
      systemd --new would not force containers to detach, causing
      the unit to time out when trying to start
    - Fixed a bug where podman system reset could delete important
      system directories if run as rootless on installations
      created by older Podman (#4831)
    - Fixed a bug where image built by podman build would not
      properly set the OS and Architecture they were built with
      (#5503)
    - Fixed a bug where attached podman run with --sig-proxy
      enabled (the default), when built with Go 1.14, would
      repeatedly send signal 23 to the process in the container and
      could generate errors when the container stopped (#5483)
    - Fixed a bug where rootless podman run commands could hang
      when forwarding ports
    - Fixed a bug where rootless Podman would not work when /proc
      was mounted with the hidepid option set
    - Fixed a bug where the podman system service command would use
      large amounts of CPU when --timeout was set to 0 (#5531)
  * HTTP API
    - Initial support for Libpod endpoints related to creating and
      operating on image manifest lists has been added
    - The Libpod Healthcheck and Events API endpoints are now
      supported
    - The Swagger endpoint can now handle cases where no Swagger
      documentation has been generated
  * Misc
    - Updated Buildah to v1.14.3
    - Updated containers/storage to v1.16.5
    - Several performance improvements have been made to creating
      containers, which should somewhat improve the performance of
      podman create and podman run
​
-------------------------------------------------------------------
Thu Mar 12 07:36:52 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.8.1:
  * Features
    - Many networking-related flags have been added to podman pod
      create to enable customization of pod networks, including
      --add-host, --dns, --dns-opt, --dns-search, --ip,
      --mac-address, --network, and --no-hosts
    - The podman ps --format=json command now includes the ID of
      the image containers were created with
    - The podman run and podman create commands now feature an
      --rmi flag to remove the image the container was using after
      it exits (if no other containers are using said image)
      ([#4628](https://github.com/containers/libpod/issues/4628))
    - The podman create and podman run commands now support the
      --device-cgroup-rule flag (#4876)
    - While the HTTP API remains in alpha, many fixes and additions
      have landed. These are documented in a separate subsection
      below
    - The podman create and podman run commands now feature a
      --no-healthcheck flag to disable healthchecks for a container
      (#5299)
    - Containers now recognize the io.containers.capabilities
      label, which specifies a list of capabilities required by the
      image to run. These capabilities will be used as long as they
      are more restrictive than the default capabilities used
    - YAML produced by the podman generate kube command now
      includes SELinux configuration passed into the container via
      --security-opt label=... (#4950)
  * Bugfixes
    - Fixed CVE-2020-1726, a security issue where volumes manually
      populated before first being mounted into a container could
      have those contents overwritten on first being mounted into a
      container
    - Fixed a bug where Podman containers with user namespaces in
      CNI networks with the DNS plugin enabled would not have the
      DNS plugin's nameserver added to their resolv.conf
      ([#5256](https://github.com/containers/libpod/issues/5256))
    - Fixed a bug where trailing / characters in image volume
      definitions could cause them to not be overridden by a
      user-specified mount at the same location
      ([#5219](https://github.com/containers/libpod/issues/5219))
    - Fixed a bug where the label option in libpod.conf, used to
      disable SELinux by default, was not being respected (#5087)
    - Fixed a bug where the podman login and podman logout commands
      required the registry to log into be specified (#5146)
    - Fixed a bug where detached rootless Podman containers could
      not forward ports (#5167)
    - Fixed a bug where rootless Podman could fail to run if the
      pause process had died
    - Fixed a bug where Podman ignored labels that were specified
      with only a key and no value (#3854)
    - Fixed a bug where Podman would fail to create named volumes
      when the backing filesystem did not support SELinux labelling
      (#5200)
    - Fixed a bug where --detach-keys="" would not disable
      detaching from a container (#5166)
    - Fixed a bug where the podman ps command was too aggressive
      when filtering containers and would force --all on in too
      many situations
    - Fixed a bug where the podman play kube command was ignoring
      image configuration, including volumes, working directory,
      labels, and stop signal (#5174)
    - Fixed a bug where the Created and CreatedTime fields in
      podman images --format=json were misnamed, which also broke
      Go template output for those fields
      ([#5110](https://github.com/containers/libpod/issues/5110))
    - Fixed a bug where rootless Podman containers with ports
      forwarded could hang when started (#5182)
    - Fixed a bug where podman pull could fail to parse registry
      names including port numbers
    - Fixed a bug where Podman would incorrectly attempt to
      validate image OS and architecture when starting containers
    - Fixed a bug where Bash completion for podman build -f would
      not list available files that could be built (#3878)
    - Fixed a bug where podman commit --change would perform
      incorrect validation, resulting in valid changes being
      rejected (#5148)
    - Fixed a bug where podman logs --tail could take large amounts
      of memory when the log file for a container was large (#5131)
    - Fixed a bug where Podman would sometimes incorrectly generate
      firewall rules on systems using firewalld
    - Fixed a bug where the podman inspect command would not
      display network information for containers properly if a
      container joined multiple CNI networks
      ([#4907](https://github.com/containers/libpod/issues/4907))
    - Fixed a bug where the --uts flag to podman create and podman
      run would only allow specifying containers by full ID (#5289)
    - Fixed a bug where rootless Podman could segfault when passed
      a large number of file descriptors
    - Fixed a bug where the podman port command was incorrectly
      interpreting additional arguments as container names, instead
      of port numbers
    - Fixed a bug where units created by podman generate systemd
      did not depend on network targets, and so could start before
      the system network was ready (#4130)
    - Fixed a bug where exec sessions in containers which did not
      specify a user would not inherit supplemental groups added to
      the container via --group-add
    - Fixed a bug where Podman would not respect the $TMPDIR
      environment variable for placing large temporary files during
      some operations (e.g. podman pull)
      ([#5411](https://github.com/containers/libpod/issues/5411))
  * HTTP API
    - Initial support for secure connections to servers via SSH
      tunneling has been added
    - Initial support for the libpod create and logs endpoints for
      containers has been added
    - Added a /swagger/ endpoint to serve API documentation
    - The json endpoint for containers has received many fixes
    - Filtering images and containers has been greatly improved,
      with many bugs fixed and documentation improved
    - Image creation endpoints (commit, pull, etc) have seen many
      fixes
    - Server timeout has been fixed so that long operations will no
      longer trigger the timeout and shut the server down
    - The stats endpoint for containers has seen major fixes and
      now provides accurate output
    - Handling the HTTP 304 status code has been fixed for all
      endpoints
    - Many fixes have been made to API documentation to ensure it
      matches the code
  * Misc
    - Updated vendored Buildah to v1.14.2
    - Updated vendored containers/storage to v1.16.2
    - The Created field to podman images --format=json has been
      renamed to CreatedSince as part of the fix for (#5110). Go
      templates using the old name shou ld still work
    - The CreatedTime field to podman images --format=json has been
      renamed to CreatedAt as part of the fix for (#5110). Go
      templates using the old name should still work
    - The before filter to podman images has been renamed to since
      for Docker compatibility. Using before will still work, but
        documentation has been changed to use the new since filter
    - Using the --password flag to podman login now warns that
      passwords are being passed in plaintext
    - Some common cases where Podman would deadlock have been fixed
      to warn the user that podman system renumber must be run to
      resolve the deadlock
​
-------------------------------------------------------------------
Thu Mar  5 16:26:16 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Added SLE specific README.SUSE about current support status
  (jsc#SLE-9112, jsc#CAASP-60)
​
-------------------------------------------------------------------
Thu Mar  5 15:40:12 UTC 2020 - Richard Brown <rbrown@suse.com>
​
- Configure br_netfilter for podman automatically (boo#1165738)
​
-------------------------------------------------------------------
Thu Feb 20 15:57:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- The name of the cni-bridge in the default config changed from
  "cni0" to "podman-cni0" with podman-1.6.0. Add a %trigger to
  rename the bridge in the system to the new default if it exists.
  The trigger is only excuted when updating podman-cni-config
  from something older than 1.6.0. This is mainly needed for SLE
  where we're updating from 1.4.4 to 1.8.0 (bsc#1160460).
​
-------------------------------------------------------------------
Fri Feb  7 14:18:16 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Remove: 0001-clarify-container-prune-force.patch because it's now
  included in the release
- Update podman to v1.8.0 (bsc#1160460):
  * Features
    - The podman system service command has been added, providing a
      preview of Podman's new Docker-compatible API. This API is
      still very new, and not yet ready for production use, but is
      available for early testing
    - Rootless Podman now uses Rootlesskit for port forwarding,
      which should greatly improve performance and capabilities
    - The podman untag command has been added to remove tags from
      images without deleting them
    - The podman inspect command on images now displays previous
      names they used
    - The podman generate systemd command now supports a --new
      option to generate service files that create and run new
      containers instead of managing existing containers
    - Support for --log-opt tag= to set logging tags has been added
      to the journald log driver
    - Added support for using Seccomp profiles embedded in images
      for podman run and podman create via the new --seccomp-policy
        CLI flag
    - The podman play kube command now honors pull policy
  * Bugfixes
    - Fixed a bug where the podman cp command would not copy the
      contents of directories when paths ending in /. were given
    - Fixed a bug where the podman play kube command did not
      properly locate Seccomp profiles specified relative to
      localhost
    - Fixed a bug where the podman info command for remote Podman
      did not show registry information
    - Fixed a bug where the podman exec command did not support
      having input piped into it
    - Fixed a bug where the podman cp command with rootless Podman
      on CGroups v2 systems did not properly determine if the
      container could be paused while copying
    - Fixed a bug where the podman container prune --force command
      could possible remove running containers if they were started
      while the command was running
    - Fixed a bug where Podman, when run as root, would not
      properly configure slirp4netns networking when requested
    - Fixed a bug where podman run --userns=keep-id did not work
      when the user had a UID over 65535
    - Fixed a bug where rootless podman run and podman create with
      the --userns=keep-id option could change permissions on
      /run/user/$UID and break KDE
    - Fixed a bug where rootless Podman could not be run in a
      systemd service on systems using CGroups v2
    - Fixed a bug where podman inspect would show CPUShares as 0,
      instead of the default (1024), when it was not explicitly set
    - Fixed a bug where podman-remote push would segfault
    - Fixed a bug where image healthchecks were not shown in the
      output of podman inspect
    - Fixed a bug where named volumes created with containers from
      pre-1.6.3 releases of Podman would be autoremoved with their
      containers if the --rm flag was given, even if they were
      given names
    - Fixed a bug where podman history was not computing image
      sizes correctly
    - Fixed a bug where Podman would not error on invalid values to
      the --sort flag to podman images
    - Fixed a bug where providing a name for the image made by
      podman commit was mandatory, not optional as it should be
    - Fixed a bug where the remote Podman client would append an
      extra " to %PATH
    - Fixed a bug where the podman build command would sometimes
      ignore the -f option and build the wrong Containerfile
    - Fixed a bug where the podman ps --filter command would only
      filter running containers, instead of all containers, if
      --all was not passed
    - Fixed a bug where the podman load command on compressed
      images would leave an extra copy on disk
    - Fixed a bug where the podman restart command would not
      properly clean up the network, causing it to function
      differently from podman stop; podman start
    - Fixed a bug where setting the --memory-swap flag to podman
      create and podman run to -1 (to indicate unlimited) was not
      supported
  * Misc
    - Initial work on version 2 of the Podman remote API has been
      merged, but is still in an alpha state and not ready for use.
      Read more here
    - Many formatting corrections have been made to the manpages
    - The changes to address (#5009) may cause anonymous volumes
      created by Podman versions 1.6.3 to 1.7.0 to not be removed
      when their container is removed
    - Updated vendored Buildah to v1.13.1
    - Updated vendored containers/storage to v1.15.8
    - Updated vendored containers/image to v5.2.0
​
-------------------------------------------------------------------
Fri Jan 24 14:04:36 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
​
- Add apparmor-abstractions as required runtime dependency to
  have `tunables/global` available.
​
-------------------------------------------------------------------
Mon Jan 13 11:13:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Add: 0001-clarify-container-prune-force.patch to fix the --force
  flag for the "container prune" command.
  (https://github.com/containers/libpod/issues/4844)
​
-------------------------------------------------------------------
Wed Jan  8 09:23:01 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
​
- Update podman to v1.7.0
  * Features
    - Added support for setting a static MAC address for containers
    - Added support for creating macvlan networks with podman
      network create, allowing Podman containers to be attached
      directly to networks the host is connected to
    - The podman image prune and podman container prune commands
      now support the --filter flag to filter what will be pruned,
      and now prompts for confirmation when run without --force
      (#4410 and #4411)
    - Podman now creates CGroup namespaces by default on systems
      using CGroups v2 (#4363)
    - Added the podman system reset command to remove all Podman
      files and perform a factory reset of the Podman installation
    - Added the --history flag to podman images to display previous
      names used by images (#4566)
    - Added the --ignore flag to podman rm and podman stop to not
      error when requested containers no longer exist
    - Added the --cidfile flag to podman rm and podman stop to read
      the IDs of containers to be removed or stopped from a file
    - The podman play kube command now honors Seccomp annotations
      (#3111)
    - The podman play kube command now honors RunAsUser,
      RunAsGroup, and selinuxOptions
    - The output format of the podman version command has been
      changed to better match docker version when using the
      --format flag
    - Rootless Podman will no longer initialize containers/storage
      twice, removing a potential deadlock preventing Podman
      commands from running while an image was being pulled (#4591)
    - Added tmpcopyup and notmpcopyup options to the --tmpfs and
      --mount type=tmpfs flags to podman create and podman run to
      control whether the content of directories are copied into
      tmpfs filesystems mounted over them
    - Added support for disabling detaching from containers by
      setting empty detach keys via --detach-keys=""
    - The podman build command now supports the --pull and
      --pull-never flags to control when images are pulled during a
      build
    - The podman ps -p command now shows the name of the pod as
      well as its ID (#4703)
    - The podman inspect command on containers will now display the
      command used to create the container
    - The podman info command now displays information on registry
      mirrors (#4553)
  * Bugfixes
    - Fixed a bug where Podman would use an incorrect runtime
      directory as root, causing state to be deleted after root
      logged out and making Podman in systemd services not function
      properly
    - Fixed a bug where the --change flag to podman import and
      podman commit was not being parsed properly in many cases
    - Fixed a bug where detach keys specified in libpod.conf were
      not used by the podman attach and podman exec commands, which
      always used the global default ctrl-p,ctrl-q key combination
      (#4556)
    - Fixed a bug where rootless Podman was not able to run podman
      pod stats even on CGroups v2 enabled systems (#4634)
    - Fixed a bug where rootless Podman would fail on kernels
      without the renameat2 syscall (#4570)
    - Fixed a bug where containers with chained network namespace
      dependencies (IE, container A using --net container=B and
      container B using --net container=C) would not properly mount
      /etc/hosts and /etc/resolv.conf into the container (#4626)
    - Fixed a bug where podman run with the --rm flag and without
      -d could, when run in the background, throw a 'container does
      not exist' error when attempting to remove the container
      after it exited
    - Fixed a bug where named volume locks were not properly
      reacquired after a reboot, potentially leading to deadlocks
      when trying to start containers using the volume (#4605 and
      #4621)
    - Fixed a bug where Podman could not completely remove
      containers if sent SIGKILL during removal, leaving the
      container name unusable without the podman rm --storage
      command to complete removal (#3906)
    - Fixed a bug where checkpointing containers started with --rm
      was allowed when --export was not specified (the container,
      and checkpoint, would be removed after checkpointing was
      complete by --rm) (#3774)
    - Fixed a bug where the podman pod prune command would fail if
      containers were present in the pods and the --force flag was
      not passed (#4346)
    - Fixed a bug where containers could not set a static IP or
      static MAC address if they joined a non-default CNI network
      (#4500)
    - Fixed a bug where podman system renumber would always throw
      an error if a container was mounted when it was run
    - Fixed a bug where podman container restore would fail with
      containers using a user namespace
    - Fixed a bug where rootless Podman would attempt to use the
      journald events backend even on systems without systemd
      installed
    - Fixed a bug where podman history would sometimes not properly
      identify the IDs of layers in an image (#3359)
    - Fixed a bug where containers could not be restarted when
      Conmon v2.0.3 or later was used
    - Fixed a bug where Podman did not check image OS and
      Architecture against the host when starting a container
    - Fixed a bug where containers in pods did not function
      properly with the Kata OCI runtime (#4353)
    - Fixed a bug where `podman info --format '{{ json . }}' would
      not produce JSON output (#4391)
    - Fixed a bug where Podman would not verify if files passed to
      --authfile existed (#4328)
    - Fixed a bug where podman images --digest would not always
      print digests when they were available
    - Fixed a bug where rootless podman run could hang due to a
      race with reading and writing events
    - Fixed a bug where rootless Podman would print warning-level
      logs despite not be instructed to do so (#4456)
    - Fixed a bug where podman pull would attempt to fetch from
      remote registries when pulling an unqualified image using the
      docker-daemon transport (#4434)
    - Fixed a bug where podman cp would not work if STDIN was a
      pipe
    - Fixed a bug where podman exec could stop accepting input if
      anything was typed between the command being run and the exec
      session starting (#4397)
    - Fixed a bug where podman logs --tail 0 would print all lines
      of a container's logs, instead of no lines (#4396)
    - Fixed a bug where the timeout for slirp4netns was incorrectly
      set, resulting in an extremely long timeout (#4344)
    - Fixed a bug where the podman stats command would print CPU
      utilizations figures incorrectly (#4409)
    - Fixed a bug where the podman inspect --size command would not
      print the size of the container's read/write layer if the
      size was 0 (#4744)
    - Fixed a bug where the podman kill command was not properly
      validating signals before use (#4746)
    - Fixed a bug where the --quiet and --format flags to podman ps
      could not be used at the same time
    - Fixed a bug where the podman stop command was not stopping
      exec sessions when a container was created without a PID
      namespace (--pid=host)
    - Fixed a bug where the podman pod rm --force command was not
      removing anonymous volumes for containers that were removed
    - Fixed a bug where the podman checkpoint command would not
      export all changes to the root filesystem of the container if
      performed more than once on the same container (#4606)
    - Fixed a bug where containers started with --rm would not be
      automatically removed on being stopped if an exec session was
      running inside the container (#4666)
  * Misc
    - The fixes to runtime directory path as root can cause strange
      behavior if an upgrade is performed while containers are
      running
    - Updated vendored Buildah to v1.12.0
    - Updated vendored containers/storage library to v1.15.4
    - Updated vendored containers/image library to v5.1.0
    - Kata Containers runtimes (kata-runtime, kata-qemu, and
      kata-fc) are now present in the default libpod.conf, but will
      not be available unless Kata containers is installed on the
      system
    - Podman previously did not allow the creation of containers
      with a memory limit lower than 4MB. This restriction has been
      removed, as the crun runtime can create containers with
      significantly less memory
- Remove no longer needed workaround for *.5.md man page sources
​
-------------------------------------------------------------------
Thu Dec 12 14:30:34 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update podman to v1.6.4
  - Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
  - Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
  - Suppress spurious log messages when running rootless Podman
  - Update vendored containers/storage to v1.13.6
  - Fix a deadlock related to writing events
  - Do not use the journald event logger when it is not available
- Remove obsolete patch container-start-fix.patch
​
-------------------------------------------------------------------
Thu Oct 31 13:05:29 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Add container-start-fix.patch to correct output of container-start to show container_name, not _id.
​
-------------------------------------------------------------------
Mon Oct 21 07:21:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.6.2
  * Features
    - Added a --runtime flag to podman system migrate to allow the
      OCI runtime for all containers to be reset, to ease transition
      to the crun runtime on CGroups V2 systems until runc gains full
      support
    - The podman rm command can now remove containers in broken
      states which previously could not be removed
    - The podman info command, when run without root, now shows
      information on UID and GID mappings in the rootless user
      namespace
    - Added podman build --squash-all flag, which squashes all layers
      (including those of the base image) into one layer
    - The --systemd flag to podman run and podman create now accepts
      a string argument and allows a new value, always, which forces
      systemd support without checking if the the container
      entrypoint is systemd
  * Bugfixes
    - Fixed a bug where the podman top command did not work on
      systems using CGroups V2 (#4192)
    - Fixed a bug where rootless Podman could double-close a file,
      leading to a panic
    - Fixed a bug where rootless Podman could fail to retrieve some
      containers while refreshing the state
    - Fixed a bug where podman start --attach --sig-proxy=false would
      still proxy signals into the container
    - Fixed a bug where Podman would unconditionally use a
      non-default path for authentication credentials (auth.json),
      breaking podman login integration with skopeo and other tools
      using the containers/image library
    - Fixed a bug where podman ps --format=json and podman images
      --format=json would display null when no results were returned,
      instead of valid JSON
    - Fixed a bug where podman build --squash was incorrectly
      squashing all layers into one, instead of only new layers
    - Fixed a bug where rootless Podman would allow volumes with
      options to be mounted (mounting volumes requires root),
      creating an inconsistent state where volumes reported as
      mounted but were not (#4248)
    - Fixed a bug where volumes which failed to unmount could not be
      removed (#4247)
    - Fixed a bug where Podman incorrectly handled some errors
      relating to unmounted or missing containers in
      containers/storage
    - Fixed a bug where podman stats was broken on systems running
      CGroups V2 when run rootless (#4268)
    - Fixed a bug where the podman start command would print the
      short container ID, instead of the full ID
    - Fixed a bug where containers created with an OCI runtime that
      is no longer available (uninstalled or removed from the config
      file) would not appear in podman ps and could not be removed
      via podman rm
    - Fixed a bug where containers restored via podman container
      restore --import would retain the CGroup path of the original
      container, even if their container ID changed; thus, multiple
      containers created from the same checkpoint would all share the
      same CGroup
  * Misc
    - The default PID limit for containers is now set to 4096. It can
      be adjusted back to the old default (unlimited) by passing
      --pids-limit 0 to podman create and podman run
    - The podman start --attach command now automatically attaches
      STDIN if the container was created with -i
    - The podman network create command now validates network names
      using the same regular expression as container and pod names
    - The --systemd flag to podman run and podman create will now
      only enable systemd mode when the binary being run inside the
      container is /sbin/init, /usr/sbin/init, or ends in systemd
      (previously detected any path ending in init or systemd)
    - Updated vendored Buildah to 1.11.3
    - Updated vendored containers/storage to 1.13.5
    - Updated vendored containers/image to 4.0.1
​
-------------------------------------------------------------------
Fri Oct  4 06:57:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.6.1
  * Features
    - The podman network create, podman network rm, podman network
      inspect, and podman network ls commands have been added to
      manage CNI networks used by Podman
    - The podman volume create command can now create and mount
      volumes with options, allowing volumes backed by NFS, tmpfs,
      and many other filesystems
    - Podman can now run containers without CGroups for better
      integration with systemd by using the --cgroups=disabled flag
      with podman create and podman run. This is presently only
      supported with the crun OCI runtime
    - The podman volume rm and podman volume inspect commands can now
      refer to volumes by an unambiguous partial name, in addition to
      full name (e.g. podman volume rm myvol to remove a volume named
      myvolume) (#3891)
    - The podman run and podman create commands now support the
      --pull flag to allow forced re-pulling of images (#3734)
    - Mounting volumes into a container using --volume, --mount, and
      --tmpfs now allows the suid, dev, and exec mount options (the
      inverse of nosuid, nodev, noexec) (#3819)
    - Mounting volumes into a container using --mount now allows the
      relabel=Z and relabel=z options to relabel mounts.
    - The podman push command now supports the --digestfile option to
      save a file containing the pushed digest
    - Pods can now have their hostname set via podman pod create
      --hostname or providing Pod YAML with a hostname set to podman
      play kube (#3732)
    - The podman image sign command now supports the --cert-dir flag
    - The podman run and podman create commands now support the
      --security-opt label=filetype:$LABEL flag to set the SELinux
      label for container files
    - The remote Podman client now supports healthchecks
  * Bugfixes
    - Fixed a bug where remote podman pull would panic if a Varlink
      connection was not available (#4013)
    - Fixed a bug where podman exec would not properly set terminal
      size when creating a new exec session (#3903)
    - Fixed a bug where podman exec would not clean up socket
      symlinks on the host (#3962)
    - Fixed a bug where Podman could not run systemd in containers
      that created a CGroup namespace
    - Fixed a bug where podman prune -a would attempt to prune images
      used by Buildah and CRI-O, causing errors (#3983)
    - Fixed a bug where improper permissions on the ~/.config
      directory could cause rootless Podman to use an incorrect
      directory for storing some files
    - Fixed a bug where the bash completions for podman import threw
      errors
    - Fixed a bug where Podman volumes created with podman volume
      create would not copy the contents of their mountpoint the
      first time they were mounted into a container (#3945)
    - Fixed a bug where rootless Podman could not run podman exec
      when the container was not run inside a CGroup owned by the
      user (#3937)
    - Fixed a bug where podman play kube would panic when given Pod
      YAML without a securityContext (#3956)
    - Fixed a bug where Podman would place files incorrectly when
      storage.conf configuration items were set to the empty string
      (#3952)
    - Fixed a bug where podman build did not correctly inherit
      Podman's CGroup configuration, causing crashed on CGroups V2
      systems (#3938)
    - Fixed a bug where podman cp would improperly copy files on the
      host when copying a symlink in the container that included a
      glob operator (#3829)
    - Fixed a bug where remote podman run --rm would exit before the
      container was completely removed, allowing race conditions when
      removing container resources (#3870)
    - Fixed a bug where rootless Podman would not properly handle
      changes to /etc/subuid and /etc/subgid after a container was
      launched
    - Fixed a bug where rootless Podman could not include some
      devices in a container using the --device flag (#3905)
    - Fixed a bug where the commit Varlink API would segfault if
      provided incorrect arguments (#3897)
    - Fixed a bug where temporary files were not properly cleaned up
      after a build using remote Podman (#3869)
    - Fixed a bug where podman remote cp crashed instead of reporting
      it was not yet supported (#3861)
    - Fixed a bug where podman exec would run as the wrong user when
      execing into a container was started from an image with
      Dockerfile USER (or a user specified via podman run --user)
      (#3838)
    - Fixed a bug where images pulled using the oci: transport would
      be improperly named
    - Fixed a bug where podman varlink would hang when managed by
      systemd due to SD_NOTIFY support conflicting with Varlink
      (#3572)
    - Fixed a bug where mounts to the same destination would
      sometimes not trigger a conflict, causing a race as to which
      was actually mounted
    - Fixed a bug where podman exec --preserve-fds caused Podman to
      hang (#4020)
    - Fixed a bug where removing an unmounted container that was
      unmounted might sometimes not properly clean up the container
      (#4033)
    - Fixed a bug where the Varlink server would freeze when run in a
      systemd unit file (#4005)
    - Fixed a bug where Podman would not properly set the $HOME
      environment variable when the OCI runtime did not set it
    - Fixed a bug where rootless Podman would incorrectly print
      warning messages when an OCI runtime was not found (#4012)
    - Fixed a bug where named volumes would conflict with, instead of
      overriding, tmpfs filesystems added by the --read-only-tmpfs
      flag to podman create and podman run
    - Fixed a bug where podman cp would incorrectly make the target
      directory when copying to a symlink which pointed to a
      nonexistent directory (#3894)
    - Fixed a bug where remote Podman would incorrectly read STDIN
      when the -i flag was not set (#4095)
    - Fixed a bug where podman play kube would create an empty pod
      when given an unsupported YAML type (#4093)
    - Fixed a bug where podman import --change improperly parsed CMD
      (#4000)
    - Fixed a bug where rootless Podman on systems using CGroups V2
      would not function with the cgroupfs CGroups manager
    - Fixed a bug where rootless Podman could not correctly identify
      the DBus session address, causing containers to fail to start
      (#4162)
    - Fixed a bug where rootless Podman with slirp4netns networking
      would fail to start containers due to mount leaks
  * Misc
    - Significant changes were made to Podman volumes in this
      release. If you have pre-existing volumes, it is strongly
      recommended to run podman system renumber after upgrading.
    - Version 0.8.1 or greater of the CNI Plugins is now required for
      Podman
    - Version 2.0.1 or greater of Conmon is strongly recommended
    - Updated vendored Buildah to v1.11.2
    - Updated vendored containers/storage library to v1.13.4
    - Improved error messages when trying to create a pod with no
      name via podman play kube
    - Improved error messages when trying to run podman pause or
      podman stats on a rootless container on a system without
      CGroups V2 enabled
    - TMPDIR has been set to /var/tmp by default to better handle
      large temporary files
    - podman wait has been optimized to detect stopped containers
      more rapidly
    - Podman containers now include a ContainerManager annotation
      indicating they were created by libpod
    - The podman info command now includes information about
      slirp4netns and fuse-overlayfs if they are available
    - Podman no longer sets a default size of 65kb for tmpfs
      filesystems
    - The default Podman CNI network has been renamed in an attempt
      to prevent conflicts with CRI-O when both are run on the same
      system. This should only take effect on system restart
    - The output of podman volume inspect has been more closely
      matched to docker volume inspect
- Removed CVE-2019-10214.patch as it was merged upstream
​
-------------------------------------------------------------------
Thu Sep  5 15:26:01 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
​
- Add katacontainers as a recommended package, and include it as an
  additional OCI runtime in the configuration.
​
-------------------------------------------------------------------
Mon Sep  2 12:02:44 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Add patch for CVE-2019-10214. bsc#1144065
  + CVE-2019-10214.patch
​
-------------------------------------------------------------------
Tue Aug 27 08:04:20 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
​
- Update podman to v1.5.1
 * Features
   - The hostname of pods is now set to the pod's name
 * Bugfixes
   - Fixed a bug where podman run and podman create did not honor the --authfile
     option (#3730)
   - Fixed a bug where containers restored with podman container restore
     --import would incorrectly duplicate the Conmon PID file of the original container
   - Fixed a bug where podman build ignored the default OCI runtime configured
     in libpod.conf
   - Fixed a bug where podman run --rm (or force-removing any running container
     with podman rm --force) were not retrieving the correct exit code (#3795)
   - Fixed a bug where Podman would exit with an error if any configured hooks
     directory was not present
   - Fixed a bug where podman inspect and podman commit would not use the
     correct CMD for containers run with podman play kube
   - Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801)
   - Fixed a bug where the podman events command with the --since or --until
     options could take a very long time to complete
 * Misc
   - Rootless Podman will now inherit OCI runtime configuration from the root
     configuration (#3781)
   - Podman now properly sets a user agent while contacting registries (#3788)
​
- Add zsh completion for podman commands
​
-------------------------------------------------------------------
Wed Aug 14 08:26:22 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.5.0
  * Features
    - Podman containers can now join the user namespaces of other
      containers with --userns=container:$ID, or a user namespace at
      an arbitary path with --userns=ns:$PATH
    - Rootless Podman can experimentally squash all UIDs and GIDs in
      an image to a single UID and GID (which does not require use of
      the newuidmap and newgidmap executables) by passing
      --storage-opt ignore_chown_errors
    - The podman generate kube command now produces YAML for any bind
      mounts the container has created (#2303)
    - The podman container restore command now features a new flag,
      --ignore-static-ip, that can be used with --import to import a
      single container with a static IP multiple times on the same
      host
    - Added the ability for podman events to output JSON by
      specifying --format=json
    - If the OCI runtime or conmon binary cannot be found at the
      paths specified in libpod.conf, Podman will now also search for
      them in the calling user's path
    - Added the ability to use podman import with URLs (#3609)
    - The podman ps command now supports filtering names using
      regular expressions (#3394)
    - Rootless Podman containers with --privileged set will now mount
      in all host devices that the user can access
    - The podman create and podman run commands now support the
      --env-host flag to forward all environment variables from the
      host into the container
    - Rootless Podman now supports healthchecks (#3523)
    - The format of the HostConfig portion of the output of podman
      inspect on containers has been improved and synced with Docker
    - Podman containers now support CGroup namespaces, and can create
      them by passing --cgroupns=private to podman run or podman
      create
    - The podman create and podman run commands now support the
      --ulimit=host flag, which uses any ulimits currently set on the
      host for the container
    - The podman rm and podman rmi commands now use different exit
      codes to indicate 'no such container' and 'container is
      running' errors
    - Support for CGroups V2 through the crun OCI runtime has been
      greatly improved, allowing resource limits to be set for
      rootless containers when the CGroups V2 hierarchy is in use
  * Bugfixes
    - Fixed a bug where a race condition could cause podman restart
      to fail to start containers with ports
    - Fixed a bug where containers restored from a checkpoint would
      not properly report the time they were started at
    - Fixed a bug where podman search would return at most 25
      results, even when the maximum number of results was set higher
    - Fixed a bug where podman play kube would not honor capabilities
      set in imported YAML (#3689)
    - Fixed a bug where podman run --env, when passed a single key
      (to use the value from the host), would set the environment
      variable in the container even if it was not set on the host
      (#3648)
    - Fixed a bug where podman commit --changes would not properly
      set environment variables
    - Fixed a bug where Podman could segfault while working with
      images with no history
    - Fixed a bug where podman volume rm could remove arbitrary
      volumes if given an ambiguous name (#3635)
    - Fixed a bug where podman exec invocations leaked memory by not
      cleaning up files in tmpfs
    - Fixed a bug where the --dns and --net=container flags to podman
      run and podman create were not mutually exclusive (#3553)
    - Fixed a bug where rootless Podman would be unable to run
      containers when less than 5 UIDs were available
    - Fixed a bug where containers in pods could not be removed
      without removing the entire pod (#3556)
    - Fixed a bug where Podman would not properly clean up all CGroup
      controllers for created cgroups when using the cgroupfs CGroup
      driver
    - Fixed a bug where Podman containers did not properly clean up
      files in tmpfs, resulting in a memory leak as containers
      stopped
    - Fixed a bug where healthchecks from images would not use
      default settings for interval, retries, timeout, and start
      period when they were not provided by the image (#3525)
    - Fixed a bug where healthchecks using the HEALTHCHECK CMD format
      where not properly supported (#3507)
    - Fixed a bug where volume mounts using relative source paths
      would not be properly resolved (#3504)
    - Fixed a bug where podman run did not use authorization
      credentials when a custom path was specified (#3524)
    - Fixed a bug where containers checkpointed with podman container
      checkpoint did not properly set their finished time
    - Fixed a bug where running podman inspect on any container not
      created with podman run or podman create (for example, pod
      infra containers) would result in a segfault (#3500)
    - Fixed a bug where healthcheck flags for podman create and
      podman run were incorrectly named (#3455)
    - Fixed a bug where Podman commands would fail to find targets if
      a partial ID was specified that was ambiguous between a
      container and pod (#3487)
    - Fixed a bug where restored containers would not have the
      correct SELinux label
    - Fixed a bug where Varlink endpoints were not working properly
      if more was not correctly specified
    - Fixed a bug where the Varlink PullImage endpoint would crash if
      an error occurred (#3715)
    - Fixed a bug where the --mount flag to podman create and podman
      run did not allow boolean arguments for its ro and rw options
      (#2980)
    - Fixed a bug where pods did not properly share the UTS
      namespace, resulting in incorrect behavior from some utilities
      which rely on hostname (#3547)
    - Fixed a bug where Podman would unconditionally append
      ENTRYPOINT to CMD during podman commit (and when reporting CMD
      in podman inspect) (#3708)
    - Fixed a bug where podman events with the journald events
      backend would incorrectly print 6 previous events when only new
      events were requested (#3616)
    - Fixed a bug where podman port would exit prematurely when a
      port number was specified (#3747)
    - Fixed a bug where passing . as an argument to the --dns-search
      flag to podman create and podman run was not properly clearing
      DNS search domains in the container
  * Misc
    - Updated vendored Buildah to v1.10.1
    - Updated vendored containers/image to v3.0.2
    - Updated vendored containers/storage to v1.13.1
    - Podman now requires conmon v2.0.0 or higher
    - The podman info command now displays the events logger being in
      use
    - The podman inspect command on containers now includes the ID of
      the pod a container has joined and the PID of the container's
      conmon process
    - The -v short flag for podman --version has been re-added
    - Error messages from podman pull should be significantly clearer
    - The podman exec command is now available in the remote client
    - The podman-v1.5.0.tar.gz file attached is podman packaged for
      MacOS. It can be installed using Homebrew.
- Use new conmon package as direct dependency
- Remove internal conmon package
- Update libpod.conf to support latest path discovery feature for
  `runc` and `conmon` binaries.
- Re-enable 32bit build
​
--------------------------------------------------------------------
Tue Jul 30 07:46:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on
  SLE (bsc#1143386)
​
-------------------------------------------------------------------
Thu Jul 25 09:20:47 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update libpod.conf to use correct infra_command
​
-------------------------------------------------------------------
Thu Jul 18 10:12:43 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update libpod.conf to use better versioned pause container
​
-------------------------------------------------------------------
Wed Jul 17 14:53:38 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update libpod.conf to use official kubic pause container
​
-------------------------------------------------------------------
Wed Jul 10 13:55:09 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
​
- Update libpod.conf to match latest features set:
  detach_keys, lock_type, runtime_supports_json
​
-------------------------------------------------------------------
Mon Jul  8 10:46:43 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
​
- Add podman-remote varlink client
- Update podman to v1.4.4
  * Features
    - Podman now has greatly improved support for containers using multiple OCI
      runtimes. Containers now remember if they were created with a different
      runtime using --runtime and will always use that runtime
    - The cached and delegated options for volume mounts are now allowed for
      Docker compatability (#3340)
    - The podman diff command now supports the --latest flag
  * Bugfixes
    - Fixed a bug where rootless Podman would attempt to use the entire root
      configuration if no rootless configuration was present for the user,
      breaking rootless Podman for new installations
    - Fixed a bug where rootless Podman's pause process would block SIGTERM,
      preventing graceful system shutdown and hanging until the system's init
      send SIGKILL
    - Fixed a bug where running Podman as root with sudo -E would not work after
      running rootless Podman at least once
    - Fixed a bug where options for tmpfs volumes added with the --tmpfs flag
      were being ignored
    - Fixed a bug where images with no layers could not properly be displayed
      and removed by Podman
    - Fixed a bug where locks were not properly freed on failure to create a
      container or pod
    - Fixed a bug where podman cp on a single file would create a directory at
      the target and place the file in it (#3384)
    - Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
      hexadecimal address instead of a container's mounts
    - Fixed a bug where rootless Podman would not add an entry to container's
      /etc/hosts files for their own hostname (#3405)
    - Fixed a bug where podman ps --sync would segfault (#3411)
    - Fixed a bug where podman generate kube would produce an invalid ports
      configuration (#3408)
  * Misc
    - Updated containers/storage to v1.12.13
    - Podman now performs much better on systems with heavy I/O load
    - The --cgroup-manager flag to podman now shows the correct default setting
      in help if the default was overridden by libpod.conf
    - For backwards compatability, setting --log-driver=json-file in podman run
      is now supported as an alias for --log-driver=k8s-file. This is considered
      deprecated, and json-file will be moved to a new implementation in the
      future ([#3363](https://github.com/containers/libpo\
      d/issues/3363))
    - Podman's default libpod.conf file now allows the crun OCI runtime to be
      used if it is installed
​
-------------------------------------------------------------------
Wed Jun 26 11:24:32 UTC 2019 - Robert Frohl <rfrohl@suse.com>
​
- Update podman to v1.4.2
  - Fixed a bug where Podman could not run containers using an older version of
    Systemd as init
  - Updated vendored Buildah to v1.9.0 to resolve a critical bug with
    Dockerfile RUN instructions
  - The error message for running podman kill on containers that are not
    running has been improved
  - Podman remote client can now log to a file if syslog is not available
  - The podman exec command now sets its error code differently based on
    whether the container does not exist, and the command in the container does
    not exist
  - The podman inspect command on containers now outputs Mounts JSON that matches
    that of docker inspect, only including user-specified volumes and
    differentiating bind mounts and named volumes
  - The podman inspect command now reports the path to a container's OCI spec
    with the OCIConfigPath key (only included when the container is initialized
    or running)
  - The podman run --mount command now supports the bind-nonrecursive option for
    bind mounts
  - Fixed a bug where podman play kube would fail to create containers due to an
    unspecified log driver
  - Fixed a bug where Podman would fail to build with musl libc
  - Fixed a bug where rootless Podman using slirp4netns networking in an
    environment with no nameservers on the host other than localhost would
    result in nonfunctional networking
  - Fixed a bug where podman import would not properly set environment
    variables, discarding their values and retaining only keys
  - Fixed a bug where Podman would fail to run when built with Apparmor support
    but run on systems without the Apparmor kernel module loaded
  - Remote Podman will now default the username it uses to log in to remote
    systems to the username of the current user
  - Podman now uses JSON logging with OCI runtimes that support it, allowing for
    better error reporting
  - Updated vendored containers/image to v2.0
- Update conmon to v0.3.0
  - Support OOM Monitor under cgroup V2
  - Add config binary and make target for configuring conmon with a go library
    for importing values
​
-------------------------------------------------------------------
Mon Jun 24 09:36:12 UTC 2019 - Robert Frohl <rfrohl@suse.com>
​
- update dependency for slirp4netns to 0.3.0 or newer
​
-------------------------------------------------------------------
Tue Jun 11 06:43:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.4.0:
  - The podman checkpoint and podman restore commands can now be
    used to migrate containers between Podman installations on
    different systems
  - The podman cp command now supports a pause flag to pause
    containers while copying into them
  - The remote client now supports a configuration file for
    pre-configuring connections to remote Podman installations
  - Fixed CVE-2019-10152 - The podman cp command improperly
    dereferenced symlinks in host context
  - Fixed a bug where podman commit could improperly set
    environment variables that contained = characters
  - Fixed a bug where rootless Podman would sometimes fail to start
    containers with forwarded ports
  - Fixed a bug where podman version on the remote client could
    segfault
  - Fixed a bug where podman container runlabel would use
    /proc/self/exe instead of the path of the Podman command when
    printing the command being executed
  - Fixed a bug where filtering images by label did not work
  - Fixed a bug where specifying a bing mount or tmpfs mount over
    an image volume would cause a container to be unable to start
  - Fixed a bug where podman generate kube did not work with
    containers with named volumes
  - Fixed a bug where rootless Podman would receive permission
    denied errors accessing conmon.pid
  - Fixed a bug where podman cp with a folder specified as target
    would replace the folder, as opposed to copying into it
  - Fixed a bug where rootless Podman commands could double-unlock
    a lock, causing a crash
  - Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
    mounts, causing errors when using the Kata containers runtime
  - Fixed a bug where podman exec would fail on older kernels
  - The podman commit command is now usable with the Podman remote
    client
  - The --signature-policy flag (used with several image-related
    commands) has been deprecated
  - The podman unshare command now defines two environment
    variables in the spawned shell: CONTAINERS_RUNROOT and
    CONTAINERS_GRAPHROOT, pointing to temporary and permanent
    storage for rootless containers
  - Updated vendored containers/storage and containers/image
    libraries with numerous bugfixes
  - Updated vendored Buildah to v1.8.3
  - Podman now requires Conmon v0.2.0
  - The podman cp command is now aliased as podman container cp
  - Rootless Podman will now default init_path using root Podman's
    configuration files (/etc/containers/libpod.conf and
    /usr/share/containers/libpod.conf) if not overridden in the
    rootless configuration
​
-------------------------------------------------------------------
Fri Jun  7 11:48:27 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Add fuse-overlayfs dependency to support overlay based rootless image
  manipulations
​
-------------------------------------------------------------------
Wed May 29 14:16:08 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.3.2:
  - Fixed a bug where podman would fail to run if a volume was
    mounted over an image volume
​
-------------------------------------------------------------------
Wed May 22 07:04:24 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.3.1:
  - The podman cp command can now read input redirected to STDIN, and output to
    STDOUT instead of a file, using - instead of an argument.
  - The Podman remote client now displays version information from both the
    client and server in podman version
  - The podman unshare command has been added, allowing easy entry into the
    user namespace set up by rootless Podman (allowing the removal of files
    created by rootless Podman, among other things)
  - Fixed a bug where Podman containers with the --rm flag were removing
    created volumes when they were automatically removed
  - Fixed a bug where container and pod locks were incorrectly marked as
    released after a system reboot, causing errors on container and pod removal
  - Fixed a bug where Podman pods could not be removed if any container in the
    pod encountered an error during removal
  - Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
    encounter a race condition during removal, potentially failing to remove
    the pod CGroup
  - Fixed a bug where the podman container checkpoint and podman container
    restore commands were not visible in the remote client
  - Fixed a bug where podman remote ps --ns would not print the container's
    namespaces
  - Fixed a bug where removing stopped containers with healthchecks could cause
    an error
  - Fixed a bug where the default libpod.conf file was causing parsing errors
  - Fixed a bug where pod locks were not being freed when pods were removed,
    potentially leading to lock exhaustion
  - Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running
    containers, create an inconsistent state rendering the container unusable
  - The remote Podman client now uses the Varlink bridge to establish remote
    connections by default
- Update conmon to 0.2.0 and switched to containers/conmon upstream project
​
-------------------------------------------------------------------
Fri May 17 12:08:37 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update `systemd-devel` to actually be `pkgconfig(libsystemd)` to allow OBS to
  shortcut through systemd-mini-devel
​
-------------------------------------------------------------------
Thu May 16 15:04:52 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
​
- Update podman to v1.3.0
  * Podman now supports container restart policies! The --restart-policy flag
    on podman create and podman run allows containers to be restarted after
    they exit. Please note that Podman cannot restart containers after a system
    reboot - for that, see our next feature
  * Podman podman generate systemd command was added to generate systemd unit
    files for managing Podman containers
  * The podman runlabel command now allows a $GLOBAL_OPTS variable, which will
    be populated by global options passed to the podman runlabel command,
    allowing custom storage configurations to be passed into containers run
    with runlabel
  * The podman play kube command now allows File and FileOrCreate volumes
  * The podman pod prune command was added to prune unused pods
  * Added the podman system migrate command to migrate containers using older
    configurations to allow their use by newer Libpod versions
  * Podman containers now forward proxy-related environment variables from the
    host into the container with the --http-proxy flag (enabled by default)
  * Read-only Podman containers can now create tmpfs filesystems on /tmp,
    /var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)
  * The podman init command was added, performing all container pre-start tasks
    without starting the container to allow pre-run debugging
- Update conmon to cri-o v1.14.1
- Update libpod.conf to match latest feature set
​
-------------------------------------------------------------------
Mon Apr  1 14:05:35 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to podman 1.2.0
  * Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect
  * The podman events command was added to show a stream of significant events
  * The podman ps command now supports a --watch flag that will refresh its output on a given interval
  * The podman image tree command was added to show a tree representation of an image's layers
  * The podman logs command can now display logs for multiple containers at the same time
  * The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option
  * The podman images command can now filter images by reference
  * The podman system df command was added to show disk usage by Podman
  * The --add-host option can now be used by containers sharing a network namespace
  * The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself
  * Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag
  * Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
  * The podman runlabel command now supports the --replace option to replace containers using the name requested
  * Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command
  * The podman play kube command now supports the HostPath and VolumeMounts YAML fields
  * Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create
  * The podman version command now supports the {{ json . }} template (which outputs JSON)
  * Podman can now forward ports using the SCTP protocol
- Update conmon to cri-o 1.14.0
- Stop building for i586 (not supported by upstream, does not build)
​
-------------------------------------------------------------------
Fri Mar 22 21:02:05 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
​
- Change default libpod.conf configuration file: use the runtimes
  section to allow users to specify different OCI runtimes. This
  allows user to choose which runtime to use on a per container
  basis.
​
-------------------------------------------------------------------
Tue Mar 19 13:15:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
​
- Add 'apparmor-parser' to list of requires (boo#1123387)
​
-------------------------------------------------------------------
Sat Mar 16 08:33:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
​
- Scriptlets contain sh-compatible code, so drop -p /bin/bash.
​
-------------------------------------------------------------------
Fri Mar  8 09:47:25 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- podman-cni-config: remove artificial conflicts with kubelet
​
-------------------------------------------------------------------
Thu Mar  7 15:22:22 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Disable build with PIE on ppc64le to avoid boo#1098017
​
-------------------------------------------------------------------
Wed Mar  6 14:07:01 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to v1.1.2
  * Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
  * Fixed a bug where the --label option to podman create and podman run was missing the -l alias
  * Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir
  * Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output
  * Fixed a bug where the podman cp command would automatically extract .tar files copied into the container
  * The podman container stop command is now usable with the Podman remote client
​
-------------------------------------------------------------------
Mon Mar  4 11:27:03 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
​
- Update to v1.1.1
  * Update release notes for v1.1.1
  * Pull image for runlabel if not local
  * Fix SystemExec completion race
  * Fix link inconsistencies in man pages
  * Verify that used OCI runtime supports checkpoint
  * Should be defaulting to pull not pull-always
  * podman-commands script: refactor
  * Move Alias lines to descriptions of commands
  * Fix usage messages for podman image list, rm
  * Fix -s to --storage-driver in baseline test
  * No podman container ps command exists
  * Allow Exec API user to override streams
  * fix up a number of misplace commands
  * rootless, new[ug]idmap: on failure add output
  * [ci skip] Critical note about merge bot
  * podman port fix output
  * Fix ignored --time argument to podman restart
  * secrets: fix fips-mode with user namespaces
  * Fix four errors tagged by Cobra macro debugging
  * Clean up man pages to match commands
  * Add debugging for errors to Cobra compatibility macros
  * Command-line input validation: reject unused args
  * Fix ignored --stop-timeout flag to 'podman create'
  * fixup! Incorporate review feedback
  * fixup! missed some more:
  * fixup! Correction to 'checkpoint'
  * Followup to #2456: update examples, add trust
  * podman create: disable interspersed opts
  * fix up a number of misplace commands
  * Add a task to Cirrus gating to build w/o Varlink
  * Skip checkpoint/restore tests on Fedora for now
  * Fix build for non-Varlink-tagged Podman
  * Remove restore as podman subcommand
  * Better usage synopses for subcommands
  * Bump gitvalidation epoch
  * Bump to v1.2.0-dev
  * Centralize setting default volume path
  * Ensure volume path is set appropriately by default
  * Move all storage configuration defaults into libpod
  * rename pod when we have a name collision with a container
  * podman remote-client readme
- Update package to ship varlink required files
​
-------------------------------------------------------------------
Wed Feb 27 09:01:41 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to v1.1.0
  * Added --latest and --all flags to podman mount and podman umount
  * Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
  * Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
  * Added an alias -f for the --format flag of the podman info and podman version commands
  * Added an alias -s for the --size flag of the podman inspect command
  * Added the podman system info and podman system prune commands
  * Added the podman cp command to copy files between containers and the host
  * Added the --password-stdin flag to podman login
  * Added the --all-tags flag to podman pull
  * The --rm and --detach flags can now be used together with podman run
  * The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
  * Added the podman system renumber command to handle lock changes
  * The --net=host and --dns flags for podman run and podman create no longer conflict
  * Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:
  * Various bugfixes - full changelog https://github.com/containers/libpod/releases/tag/v1.1.0
- Removed obsolete patch containers-libpod-pull-2225.diff
​
-------------------------------------------------------------------
Tue Feb 26 17:17:32 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to conmon from cri-o v1.13.1
  * oci: read conmon process status
​
-------------------------------------------------------------------
Tue Feb 19 15:35:30 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to v1.0.1
  * rootless: join both userns and mount namespace with --pod
  * rootless: create the userns immediately when creating a new pod
  * Preserve exited state across reboot
  * podman image prune -- implement all flag
  * Add varlink support for prune
  * Make --quiet work in podman create/run
  * rootless: fix --pid=host without --privileged
  * podman-inspect: don't ignore errors
​
-------------------------------------------------------------------
Wed Jan 30 22:57:51 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de>
​
- Fix rootless mode with AppArmor
  https://github.com/containers/libpod/pull/2225
  Add patch containers-libpod-pull-2225.diff
​
-------------------------------------------------------------------
Mon Jan 28 10:32:38 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Stop using conmon from random git commits, use cri-o releases
- Update to conmon from cri-o v1.13.0
  * Solve gh#containers/libpod#527
- Tidy up .gitignore files from podman-1.0.0.tar.xz
​
-------------------------------------------------------------------
Thu Jan 17 11:44:58 UTC 2019 - Jordi Massaguer <jmassaguerpla@suse.com>
​
- Update requirement to go1.11 to stay in sync with CaaSP4 and use the same
  version as k8s and cri-o to prevent "weird" issues because of the go version
  (we had problems mixing go1.5 and go1.6 in the past)
​
-------------------------------------------------------------------
Wed Jan 16 09:42:52 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update libpod.conf to better align with upstream defaults [boo#1122024]
- Require catatonit for new --init flag
​
-------------------------------------------------------------------
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Upgrade to v1.0.0
  * The podman exec command now includes a --workdir option to set working directory for the executed command
  * The podman create and podman run commands now support the --init flag to use a minimal init process in the container
  * Added the podman image sign command to GPG sign images
  * The podman run --device flag now accepts directories, and will added any device nodes in the directory to the container
  * Added the podman play kube command to create pods and containers from Kubernetes pod YAML
  * Rootless containers now unconditionally use postrun cleanup processes, ensuring resources are freed when the container stops
  * Pulling images has been parallelized, allowing individual layers to be pulled in parallel
​
-------------------------------------------------------------------
Tue Jan  8 11:20:42 UTC 2019 - Richard Brown <rbrown@suse.com>
​
- Update to v0.12.1.2
  * Rootless Podman now creates the storage.conf, libpod.conf, and mounts.conf configuration files automatically in ~/.config/containers/ for ease of reconfiguration
  * The podman pod create command can expose ports in the pod's network namespace, allowing public services to be created in pods
  * The podman container checkpoint command can now keep containers running after they are checkpointed with the --leave-running flag
  * The podman container checkpoint and podman container restore commands now support the --tcp-established flag to checkpoint and restore containers with active TCP connections
  * The podman version command now has a --format flag to produce machine-readable output
  * Added the podman container exists, podman pod exists, and podman image exists commands to easily check for a container/pod/image, respectively, by name or ID
  * The podman ps --pod flag now has a short alias, -p
  * The podman rmi and podman rm commands now have a --prune flag to prune unused images and containers, respectively
  * The podman ps command now has a --sync flag to force a sync of Podman's state against the OCI runtime, resolving some state desync errors
  * Added the podman volume set of commands for creating and managing local-only named volumes
  * Added the podman generate kube command to generate Kubernetes Pod and Service YAML for Podman containers and pods
  * The podman pod stop flag now accepts a --timeout flag to set the timeout for stopping containers in the pod
​
-------------------------------------------------------------------
Tue Dec 18 09:40:40 UTC 2018 - Marco Vedovati <mvedovati@suse.com>
​
- Update package summary and description
​
-------------------------------------------------------------------
Fri Dec  7 07:42:47 UTC 2018 - Adrian Schröter <adrian@suse.de>
​
- add dependency to iptables, build fails otherwise
​
-------------------------------------------------------------------
Fri Nov 16 08:22:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Changelog for v0.11.1.1 (2018-11-15)
  * Increase pidWaitTimeout to 60s
  * rootless: call IsRootless just once
  * Add space between num & unit in images output
  * Better document rootless containers
  * info: add rootless field
  * Do not hide errors when creating container with UserNSRoot
  * correct assignment of networkStatus
  * rootless: default to fuse-overlayfs when available
​
-------------------------------------------------------------------
Tue Nov 13 07:17:16 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Require golang >= 1.10.
​
-------------------------------------------------------------------
Fri Nov  9 07:46:46 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Changelog for v0.11.1 (2018-11-08)
  * update seccomp.json
  * Touch up --log* options and daemons in man pages
  * Don't fail if /etc/passwd or /etc/group does not exists
  * Properly set Running state when starting containers
  * If a container ceases to exist in runc, set exit status
  * rootless: mount /sys/fs/cgroup/systemd from the host
  * rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
  * Add hostname to /etc/hosts
  * Remove conmon cgroup before pod cgroup for cgroupfs
  * Make kill, pause, and unpause parallel.
  * Fix long image name handling
  * Make restart parallel and add --all
  * rootless: do not add an additional /run to runroot
  * rootless: avoid hang on failed slirp4netns
  * Fix setting of version information
  * runtime: do not allow runroot longer than 50 characters
  * attach: fix attach when cuid is too long
  * truncate command output in ps by default
  * make various changes to ps output
  * Use two spaces to pad PS fields
  * fix bug in rm -fa parallel deletes
  * Ensure test container in running state
  * Add tests for selinux labels
  * Add --max-workers and heuristics for parallel operations
  * Increase security and performance when looking up groups
  * run prepare in parallel
  * runlabel: run any command
  * Explain the device format in man pages
  * Add --all and --latest to checkpoint/restore
  * Use more reliable check for rootless for firewall init
  * Make podman ps fast
  * Support auth file environment variable in podman build
  * fix environment variable parsing
  * Use the CRIU version check in checkpoint/restore
  * Handle http/https in registry given to login/out
  * correct stats err with non-running containers
  * Make rm faster
  * Fix man page to show info on storage
​
- Changelog for v0.10.1.3 (2018-10-17)
  * Vendor in new new buildah/ci
  * Fix podman in podman
​
- Changelog for v0.10.1.2 (2018-10-17)
  * Fix CGroup paths used for systemd CGroup mount
​
-------------------------------------------------------------------
Tue Oct 30 06:57:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Require slirp4netns to enable networking for unprivileged network namespaces
  aka networking for rootless podman.
​
-------------------------------------------------------------------
Wed Oct 17 06:07:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Changelog for v0.10.1.1 (2018-10-16)
  * Mount proper cgroup for systemd to manage inside of the container.
  * volume: resolve symlinks in paths
  * volume: write the correct ID of the container in error messages
  * Support auth file environment variable & add change to man pages
  * Generate a passwd file for users not in container
​
-------------------------------------------------------------------
Fri Oct 12 06:43:30 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Changelog for v0.10.1 (2018-10-11)
  * Sort all command flags
  * rootless: detect when user namespaces are not enabled
  * Log an otherwise ignored error from joining a net ns
  * Update manpages for --ip flag
  * Add --ip flag and plumbing into libpod
  * Document --net as an alias of --network in podman run & create
  * rootless: report more error messages from the startup phase
  * rootless: fix an hang on older versions of setresuid/setresgid
  * fix runlabel functions based on QA feedback
  * Stop containers in parallel fashion
  * runlabel: execute /proc/self/exe and avoid recursion
  * Ensure resolv.conf has the right label and path
  * completions: add checkpoint/restore completions
  * Add support to checkpoint/restore containers
  * selinux: drop superflous relabel
  * rootless: always set XDG_RUNTIME_DIR
  * Address review comments and fix ps output
  * Disable SELinux labeling if --privileged
  * Implement pod varlink bindings
  * Add --all flag to podman kill
  * Add container runlabel command
  * run complex image names with short names
​
-------------------------------------------------------------------
Mon Oct  1 05:51:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Update conmon to 4cd5a7c60349be0678d9f1b0657683324c1a2726 and fetch
  it from its new home https://github.com/kubernetes-sigs/cri-o.
​
- Changelog for v0.9.3.1 (2018-09-25)
  * Disable problematic SELinux code causing runc issues
​
- Changelog for v0.9.3 (2018-09-21)
  * Add --mount option for `create` & `run` command
  * Don't mount /dev/shm if the user told you --ipc=none
  * rootless: error out if there are not enough UIDs/GIDs available
  * Add new field to libpod to indicate whether or not to use labelling
  * Bind Mounts should be mounted read-only when in read-only mode
  * report when rootless
  * Don't crash if an image has no names
​
- Changelog for v0.9.2 (2018-09-14)
  * Don't mount /dev/* if user mounted /dev
  * rootless: do not raise an error if the entrypoint is specified
  * Add a way to disable port reservation
  * Do not set rlimits if we are rootless
  * Add --interval flag to podman wait
  * Add `podman rm --volumes` flag
  * Explicitly set default CNI network name in libpod.conf
​
- Changelog for v0.9.1.1 (2018-09-10)
  * Replace existing iptables handler with firewall code
  * Vendor CNI plugins firewall code
  * Fix displaying size on size calculation error
​
- Changelog for v0.9.1 (2018-09-07)
  * Fix pod sharing for utsmode
  * Respect user-added mounts over default spec mounts
  * use layer cache when building images
  * Start pod infra container when pod is created
  * Fix up libpod.conf man pages and referencese to it.
  * We should fail Podman with ExitCode 125 by default
  * Add CRI logs parsing to podman logs
  * rmi remove all not error when no images are present
  * rootless, create: support --pod
  * rootless, run: support --pod
​
-------------------------------------------------------------------
Mon Sep  3 06:04:26 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
​
- Changelog for v0.8.5 (2018-08-31)
  * Add proper support for systemd inside of podman
  * We are mistakenly seeing repos as registries.
  * Up time between checks for podman wait
  * Turn on test debugging
  * Add support for remote commands
  * fixup A few language changes and subuid(5)
  * Make the documentation of user namespace options in podman-run clearer
  * catch command-not-found errors
  * don't print help message for usage errors
  * docs: consistent format for example
  * docs: consistent headings
  * docs: make HISTORY consistent
  * docs: fix headers
  * varlink: fix --timeout usage
  * run/create: reserve `-h` flag for hostname
  * podman,varlink: inform user about --timeout 0
  * rootless: show an error when stats is used
  * rootless: show an error when pause/unpause are used
  * rootless: unexport GetUserNSForPid
  * rootless, exec: use the new function to join the userns
  * rootless: fix top
  * rootless: add new function to join existing namespace
  * Do not set max open files by default if we are rootless
  * Set default max open files in spec
  * Resolve /etc/resolv.conf before reading
  * document `--rm` semantics
  * rootless, search: do not create a new userns
  * rootless, login, logout: do not create a new userns
  * rootless, kill: do not create a new userns
  * rootless, stop: do not create a new userns
  * Fix manpage to note how multiple filters are combined
  * Fix handling of multiple filters in podman ps
  * Fix Mount Propagation
  * docs: add containers-mounts.conf(5)
  * docs: use "containers-" prefix for registries and storage
  * rootless: fix --pid=host
  * rootless: fix --ipc=host
  * spec: bind mount /sys only when userNS are enabled
  * rootless, tests: add test for --uts=host
  * rootless: don't use kill --all
  * rootless: exec handle processes that create an user namespace
  * rootless: fix exec
​
-------------------------------------------------------------------
Mon Aug 27 06:05:18 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.8.4 (2018-08-24)
  * Swap from FFJSON to easyjson
  * rootless: allow to override policy.json by the user
  * add completion for --pod in run and create
  * Fixed formatting and lowered verbosity of pod ps
  * Do not try to enable AppArmor in rootless mode
  * Reveal information about container capabilities
  * Fixing network ns segfault
  * Change pause container to infra container
  * Added option to share kernel namespaces in libpod and podman
  * Add podman pod top
  * Include pod stats and top in commands/completions
  * Fix syntax description of --ulimit command
  * Properly translate users into runc format for exec
  * rootless: fix --net host --privileged
  * Fixed segfault in stats where container had netNS none or from container
  * Enable pod stats with short ID and name
  * Touch up cert-dir in man pages
  * Support Attach subcommand in pypodman
​
-------------------------------------------------------------------
Mon Aug 20 06:40:02 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.8.3 (2018-08-17)
  * Switch from github.com/projectatomic to github.com/containers
  * Mention that systemd is the default cgroup manager
  * Fix handling of socket connection refusal.
  * podman: fix --uts=host
  * podman pod stats
  * Added reason to PodContainerError
  * Add Pod API to varlink.
  * Revert "spec: bind mount /sys only for rootless containers"
  * Document STORAGE_DRIVER and STORAGE_OPTS environment variable
  * Create pod CGroups when using the systemd cgroup driver
  * Switch systemd default CGroup parent to machine.slice
  * spec: bind mount /sys only for rootless containers
  * Add create and pull commands
  * rootless: not require userns for help/version
  * pkg/apparmor: use a pipe instead of a tmp file
  * podman in rootless mode will only work with cgroupfs at this point.
  * when searching, survive errors for multiple registries
​
-------------------------------------------------------------------
Mon Aug 13 06:32:40 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.8.2.1 (2018-08-11)
  * Ensure pod inspect is locked and validity-checked
  * Swap default CGroup manager to systemd
​
- Changelog for v0.8.2 (2018-08-10)
  * We need to sort mounts so that one mount does not over mount another.
  * search name should include registry
  * removeContainer: fix deadlock
  * Add FFJSON to build container
  * Add FFJSON generation to makefile
  * Fixed a bug setting dependencies on the wrong container
  * Always connect to the stdout and stderr of stream
  * apparmor: respect "unconfined" setting
  * oci.go: syslog: fix debug formatting
  * add podman pod inspect
  * Fix CGroupFS cgroup manager cgroup creation for pods
  * Pass newly-added --log-level flag to Conmon
  * Cleanup man pages
  * Improve ps handling of container start/stop time
  * rootless: fix user lookup if USER= is not set
  * Add dpkg support for returning oci/conmon versions
  * Have info print conmon/oci runtime information
  * Better pull error for fully-qualified images
  * Add Runc and Conmon versions to Podman Version
​
-------------------------------------------------------------------
Thu Aug  9 10:20:19 UTC 2018 - vrothberg@suse.com
​
- Add a dedicated conmon for podman as the requirements on the specific
  version started to differ from the ones of CRI-O.  This change implies
  dropping the requirement on the cri-o package.
​
- Add libpod.conf as a new source to allow tweaking the search paths
  for openSUSE.  This change makes execution slightly faster.
​
-------------------------------------------------------------------
Mon Aug  6 06:27:09 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.8.1 (2018-08-03)
  * Added ps --pod option
  * clarify pull error message
  * Man page fixes found by https://pagure.io/ManualPageScan
  * rootless: do not segfault if the parent already died
  * Document the properties of DefaultTransport a bit better.
  * Add --force to podman umount to force the unmounting of the rootfs
  * network: add support for rootless network with slirp4netns
  * Add documentations on how to setup /etc/subuid and /etc/subgid
  * podman rmi shouldn't delete named referenced images
​
-------------------------------------------------------------------
Mon Jul 30 05:45:52 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.7.4 (2018-07-27)
  * Add pod pause/unpause
  * Fix up docker compatibility messages
  * Fix handling of Linux network namespaces
  * Cleanup descriptions and help information
  * Add pod kill
  * Added pod restart
  * podman: allow to specify the IPC namespace to join
  * podman: allow to specify the UTS namespace to join
  * podman: allow to specify the PID namespace to join
  * podman: allow to specify the userns to join
  * spec: allow container:NAME network mode
  * Add libpod namespace to config
  * Add missing runtime.go lines to set namespace
  * Set namespace for new pods/containers based on runtime
  * Add --namespace flag to Podman
  * Update documentation for the State interface
  * Ensure pods are part of the set namespace when added
  * Enforce namespace checks on container add
  * Add container and pod namespaces to configs
  * AppArmor: runtime check if it's enabled on the host
  * Add format descriptors infor to podman top
  * docs/podman-top: fix typo and whitespace
​
-------------------------------------------------------------------
Mon Jul 23 06:18:32 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.7.3 (2018-07-20)
  * Podman load/tag/save prepend localhost when no repository is present
  * Pod ps now uses pod.Status()
  * Added pod start and stop
  * rootless: support a per-user mounts.conf
  * secrets: parse only one mounts configuration file
  * rootless: allow a per-user registries.conf file
  * rootless: allow a per-user storage.conf file
  * rootless, docs: document the libpod.conf file used in rootless mode
  * podman-top: use containers/psgo
  * oci: keep exposed ports busy and leak the fd into conmon
  * Fix ps filter with key=value labels
  * rootless: require subids to be present
​
-------------------------------------------------------------------
Mon Jul 16 05:37:36 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.7.2 (2018-07-13)
  * Only print container size JSON if --size was requested
  * Don't print rootfs and rw sizes if they're empty
  * Major fixes to podman ps --format=json output
  * Ignore running containers in ps exit-code filters
  * rootless: correctly propagate the exit status from the container
  * rootless: unshare mount namespace
  * Need to wait for container to exit before completing run/start completes
  * If proxy fails then then signal should be sent to the main process
  * fix pull image that includes a sha
  * Added full podman pod ps, with tests and man page
  * Podman pod create/rm commands with man page and tests.
  * Added created time to pod state
  * Support multiple networks
  * podman rmi should only untag image if parent of another
  * build: enable ostree in containers/storage when available
  * podman/libpod: add default AppArmor profile
  * rootless: propagate errors from GetRootlessRuntimeDir()
  * rootless: resolve the user home directory
  * rootless: fix when argv[0] is not an absolute path
  * urfave/cli: fix regression in short-opts parsing
  * Add --volumes-from flag to podman run and create
  * Mask /proc/keys to protect information leak about keys on host
  * Podman stats with no containers listed is the same as podman stats --all
​
- install missing podman (1) manpage
​
- podman-rpmlintrc: ignore missing-call-to-setgroups-before-setuid wari
​
- install bash completion at /usr/share/bash-completion/completions
​
- buildmode=pie: build position independent code
​
-------------------------------------------------------------------
Mon Jul  9 05:47:32 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.7.1 (2018-07-06)
  * Block use of /proc/acpi from inside containers
  * Remove per-container CGroup parents
  * rootless: add /run/user/$UID to the lookup paths
  * rootless: add function to retrieve the original UID
  * rootless: always set XDG_RUNTIME_DIR
  * rootless: set XDG_RUNTIME_DIR also for state and exec
  * urfave/cli: fix parsing of short opts
  * docs: Follow man-pages(7) suggestions for SYNOPSIS
  * Allow multiple mounts
​
- re-enable varlink support (build conditional)
​
-------------------------------------------------------------------
Mon Jul  2 05:53:26 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.6.5 (2018-06-29)
  * Fix built-in volume issue with podman run/create
  * Add `podman container cleanup` to CLI
  * Allow multiple containers and all for umount
  * Returning joining namespace error should not be fatal
  * Test to verify overlay quotas work, show container overhead on quota
  * Remove the --registry flag from podman search
  * utils: fix endless write of resize event
  * Start prints UUID or container name that user inputs on success
  * Fix podman hangs when detecting startup error in container attached mode
  * podman-build --help: update description
  * docs: add documentation for rootless containers
  * Add --authfile to podman search
  * Add podman-image and podman-container man page links
  * make varlink optional for podman
​
-------------------------------------------------------------------
Mon Jun 25 05:58:20 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.6.4 (2018-06-22)
  * Point podman-refresh at the right manpage
  * Add bash completions for podman refresh
  * Add manpages for podman refresh
  * Add podman refresh command
  * Add information about the configuration files to the install docs
  * Add unittests and fix bugs
  * Podman history now prints out intermediate image IDs
  * Add cap-add and cap-drop to build man page
  * Fix image volumes access and mount problems on restart
  * Add carriage return to log message when using --tty flag
  * Added --sort to ps
  * Fix podman build -q
  * Add extra debug so we can tell apart postdelete hooks
  * TLS verify is skipped per registry.
  * Add --all,-a flag to podman images
  * top: make output tabular
  * Add more network info ipv4/ipv6 and be more compatible with docker
  * Do not run iptablesDNS workaround on IPv6 addresses
  * Added --tls-verify functionality to podman search, with tests
​
-------------------------------------------------------------------
Mon Jun 18 05:46:23 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.6.3 (2018-06-15)
  * podman: use a different store for the rootless case
  * podman: do not use Chown in rootless mode
  * network: do not attempt to create a network in rootless mode
  * oci: do not set resources in rootless mode
  * oci: do not use hooks in rootless mode
  * oci: do not set the cgroup path in Rootless mode
  * spec: change mount options for /dev/pts in rootless mode
  * container: do not add shm in rootless mode
  * podman: provide a default UID mapping when non root
  * podman: accept option --rootfs to use exploded images
  * When setting a memory limit, also set a swap limit
  * Fix cleaning up network namespaces on detached ctrs
  * Implement --latest for ps
  * Added --sort flag to podman image
  * add podman container and image command
  * rmi: remove image if all tags are specified
​
-------------------------------------------------------------------
Mon Jun 11 06:22:30 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.6.2 (2018-06-08)
  * Vendor in latest buildah code
  * Update epoch to fix validation problems
  * Touch up whitespace issue in build man
  * Add disable-content flag info to man page for build
  * podman-run: clean up some formatting issues
  * Remove SELinux transition rule after conmon is started.
  * Add --all flag even though it is a noop so scripts will work
  * podman-varlink: log timeouts
  * bash completion: remove shebang
  * Vendor in latest containers/storage
​
-------------------------------------------------------------------
Fri Jun  8 14:26:33 UTC 2018 - dcassany@suse.com
​
- Make use of %license macro
​
-------------------------------------------------------------------
Tue Jun  5 13:36:00 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.6.1 (2018-06-01)
  * Fix lable handling
  * runtime: add /usr/libexec/podman/conmon to the conmon paths
  * varlink build
  * Add OnBuild support for podman build
  * return all inspect info for varlink containerinspect
  * hooks/exec: Allow successful reaps for 0s post-kill timeouts
  * fix panic with podman pull
  * Remove --net flag and make it an alias for --network
  * Clear all caps, except the bounding set, when --user is specified.
    Fix: bsc#1097970 CVE-2018-10856
  * do not allow port related args to be used with --network=container:
  * sort containers and images by create time
  * Cleanup man pages
​
-------------------------------------------------------------------
Tue May 29 12:35:47 UTC 2018 - parlt@suse.com
​
- Changelog for v0.5.4 (2018-05-25):
  * Make references to the Process part of Spec conditional
  * save and load should support multi-tag for docker-archive
  * Implement python podman create and start
  * Set Entrypoint from image only if not already set
  * Update podman build to match buildah bud functionality
  * Fix handling of command in images
  * Add support for Zulu timestamp parsing
  * Clarify using podman build with a URL, Git repo, or archive.
  * podman create, start, getattachsocket
  * oci-hooks.5: Discuss directory precedence and monitoring
  * Tighten the security on the podman varlink socket
​
-------------------------------------------------------------------
Tue May 22 10:16:03 UTC 2018 - parlt@suse.com
​
- Changelog for v0.5.3 (2018-05-18):
  * troubleshooting: Add console syntax highlighting
  * Refresh pods when refreshing podman state
  * Add per-pod CGroups
  * Add pod state
  * hooks: Fix monitoring of multiple directories
  * Add Troubleshooting guide
  * Add python3 package to podman
  * libpod: fix panic when using -t and the process fails to start
  * Allow push/save without image reference
  * Fix podman inspect bash completions
  * Support pulling Dockerfile from http
  * add more bash completions
  * implement varlink commit
  * fix segfault for podman push
  * Add the Podman Logo
  * hooks: Add package support for extension stages
​
-------------------------------------------------------------------
Mon May 14 08:33:11 UTC 2018 - vrothberg@suse.com
​
- Changelog for v0.5.2 (2018-05-11):
  * Fix varlink remove image force
  * Do not error trying to remove cgroups that don't exist
  * Remove parent cgroup we create with cgroupfs
  * Place Conmon and Container in separate CGroups
  * Add --cgroup-manager flag to Podman binary
  * Major fixes to systemd cgroup handling
  * Add validation for CGroup parents. Pass CGroups path into runc
  * varlink info
  * Dont eat the pull error message for varlink
  * podman push should honor registries.conf
  * alphabetize the varlink methods, types, and errors in the docs
  * Add missing newline to podman port
  * Fix calculation of RunningFor in ps json output
  * Should not error out if container no longer exists in oci
  * Make invalid state nonfatal when cleaning up in run
  * podman, userNS: configure an intermediate mount namespace
  * networking, userNS: configure the network namespace after create
  * Begin wiring in USERNS Support into podman
​
-------------------------------------------------------------------
Mon May  7 05:42:24 UTC 2018 - vrothberg@suse.com
​
- Remove runtime dependency on buildah, which isn't required anymore as
  libpod vendors in buildah's code directly.
​
- Changelog for v0.5.1 (2018-05-04):
  * Fix pulling from secure registry
  * Optionally init() during container restart
  * bashcompletion enhancements
  * Add directory for systemd socket and service if not present
  * varlink containers
  * Make podman commit to localhost rather then docker.io
  * Do not print unnecessary Buildah details during commit
  * Fix podman logout --all flag
  * podman should assign a host port to -p when omitted
  * libpod.conf: Podman's conmon path on openSUSE
  * correct varlink command in service file
  * Make ':' a restricted character for file names
​
-------------------------------------------------------------------
Mon Apr 30 06:53:09 UTC 2018 - vrothberg@suse.com
​
- Update podman to v0.4.4:
  * Use buildah commit and bud in podman
  * Remove systemd-cat support
  * Add --default-mounts-file hidden flag
  * Add isolation note to build man page
  * Strip transport from image name when looking for local image
  * Do not eat error messages from pullImage
  * Modify --user flag for podman create and run
  * add libpod.conf man page
​
-------------------------------------------------------------------
Mon Apr 23 08:37:57 UTC 2018 - parlt@suse.com
​
- Update podman to v0.4.3:
  * podman push without destination image
  * Add make .git target
  * Fix tests for podman run --attach
  * Vendor in latest containers/image and contaners/storage
  * It is OK to start an already running container (with no attach)
  * Allow podman start to attach to a running container
  * regression: tls verify should be set on registries.conf if insecure
  * ip validation game too strong
  * reverse host field order (ip goes first) - fix host string split to permit IPv6
  * Allow podman to exit exit codes of removed containers
  * validate dns-search values prior to creation
  * Add WaitContainerReady for wait for docker registry ready
  * podman pull should always try to pull
  * Allow the use of -i/-a on any container
  * Fix secrets patch
​
-------------------------------------------------------------------
Tue Apr 17 06:44:19 UTC 2018 - vrothberg@suse.com
​
- Require golang >= 1.9.
​
-------------------------------------------------------------------
Tue Apr 17 06:19:33 UTC 2018 - vrothberg@suse.com
​
- Update podman to v0.4.2:
  * Allowing attaching stdin to non-interactive containers
  * Fix terminal attach
  * Fix locking interaction in batched Exec() on container
  * Force host UID/GID mapping when creating containers
  * Do not lock all containers during pod kill
  * Do not lock all containers during pod start
  * Make pod stop lock one container at a time
  * Containers transitioning to stop should not break stats
  * Add -i to exec for compatibility reasons
  * Unescape characters in inspect JSON format output
  * Use buildah commit for podman commit
​
-------------------------------------------------------------------
Mon Apr  9 07:48:52 UTC 2018 - parlt@suse.com
​
- Update podman to v0.4.1:
  * Remove image via storage if a buildah container is associated
  * Add hooks support to podman
  * Run images with no names
  * Prevent a potential race when stopping containers
  * Only allocate tty when -t
  * Add conmon-pidfile flag to bash completions/manpages
  * --entrypoint= should delete existing entrypoint
  * Do not require Init() before Start()
  * Ensure dependencies are running before initializing containers
  * Add container dependencies to Inspect output
  * Vendor in latest containers/image
  * Change errorf to warnf in warning removing ctr storage
​
-------------------------------------------------------------------
Thu Apr  5 06:40:07 UTC 2018 - asarai@suse.com
​
- Split out podman's basic CNI configuration to podman-cni-config, to avoid
  breaking Kubernetes clusters due to misconfigured networking. On openSUSE we
  still install this configuration so things "just work" there.
​
-------------------------------------------------------------------
Tue Apr  3 05:41:54 UTC 2018 - vrothberg@suse.com
​
- Update podman to v0.3.5:
  * Allow sha256: prefix for input
  * Add secrets patch to podman
  * Only start containers that are not running in pod start
  * Check for duplicate names when generating new container and pod names.
  * podman: new option --conmon-pidfile=
  * Remove dependency on kubernetes
  * Vendor in lots of kubernetes stuff to shrink image size
  * cmd/podman/run.go: Error nicely when no image found
  * Update containers/storage to pick up overlay driver fix
  * First tag, untag THEN reload the image
​
-------------------------------------------------------------------
Mon Mar 26 05:57:07 UTC 2018 - vrothberg@suse.com
​
- Update podman to v0.3.4:
  * Make container env variable conditional
  * Small manpage reword
  * Document .containerenv in manpages. Move it to /run.
  * Add .containerenv file
  * Removing tagged images change in behavior
  * Image library stage 4 - create and commit
  * Add 'podman restart' asciinema
​
-------------------------------------------------------------------
Mon Mar 19 09:47:24 UTC 2018 - vrothberg@suse.com
​
- Remove old (redundant) source archive.
​
-------------------------------------------------------------------
Sat Mar 17 10:36:53 UTC 2018 - vrothberg@suse.com
​
- Do not compile commit hash into binary. `podman version` will not print
  the commit number as we are now following official releases.
​
- Change tar naming from commit to version to facilitate updates via the
  _service file.
​
- Update podman to v0.3.3.  This update includes several fixes and a new
  configuration file, libpod.conf.  By default, this config will be
  installed to /usr/share/containers and /etc/containers, whereas podman
  will always use the latter if present.  The config in
  /usr/share/containers can be used to check for new config options and
  will be replaced with each package update.  The libpod.conf config can
  be used to tweak some run-time paths of conmon, runc, etc., which is a
  more flexible approach than hard-coding those paths in podman.
​
  Changelog:
  * Update containers/image
  * Add restart to main podman manpage
  * Add podman restart to podman bash completions and commands
  * Make manpage more clear
  * Add 'podman restart' command
  * Remove ability to specify mount label when mounting
  * Add signal proxying to podman run, start, and attach
  * We should not allow a user to mount a container with a different label
  * We should not have a default workdir
  * Add additional debug logging
  * Implement container restarting
  * sleep does not catch SIGTERM
  * Include tmpfs in inspect
  * Add run and search to commands page
  * Add new default location for conmon
  * podman-images: return correct image list
  * Remove crio.conf references from manpages
  * Fix a potential race around container removal in ps
  * podman ps command string too long
  * Podman load can pull in compressed files
  * Fix Conmon error to display Conmon paths
  * Add support to load runtime configuration from config file
  * Add default libpod config file
  * Change conmon and runtime paths to arrays
  * Update containers/storage to fix locking bug
​
-------------------------------------------------------------------
Thu Mar 15 15:24:23 UTC 2018 - vrothberg@suse.com
​
- Add requirement on cni-plugins to avoid potential issues in the
  future.
  feature#crio
​
-------------------------------------------------------------------
Tue Mar  6 11:00:09 UTC 2018 - vrothberg@suse.com
​
- Add run-time requirement on buildah to support `podman build`.
  feature#crio
​
-------------------------------------------------------------------
Tue Mar  6 08:01:37 UTC 2018 - vrothberg@suse.com
​
- Fix typo when setting the git commit at compile time.
​
-------------------------------------------------------------------
Sat Mar  3 14:20:06 UTC 2018 - vrothberg@suse.com
​
- Update podman to v0.3.1:
  * allow DNS resolution in containers
  * Adjust podman logs error message for clarity
  * Instead of erroring on exit file not being found, warn
  * podman logs -f: does not detect container stop or rm
  * Fix issue with podman logs on fresh containers
  * Replace usage of runc with runtime
  * Handle removing containers with active exec sessions
  * Ensure that Cleanup() will not run on active containers
  * Add tracking for exec session IDs
  * Add tracking for container exec sessions to DB
  * Small fixes to container Exec
  * docs/podman-info.1.md update man page
  * Update containers/storage
  * podman info add registries
  * podman stats add networking
  * CNIPluginDir: check "/usr/lib/cni"
  * remove build alias
  * Restrict top output to container's pids only
  * ps displays incorrect exit code
  * podman load dont panic when no repotags
  * Do not override user mounts
  * Tagging an image alias by shortname
  * Add support for --no-new-privs
  * podman ps json output use batched ops
  * CreateContainerStorage by image id
  * Implement --image-volumes for create and run
  * Add ability to start containers in a pod
  * Add kill and stop for pods
  * Add pod status command
  * Add tests and cleanup
  * Implement podman run option --cgroup-parent
  * Inspect output should be in array form
  * Add --time alias to manpages
  * Alias --time to --timeout for 'podman stop'
  * Resolve contention between copr and fedora repos
  * Ensure we don't repeatedly poll disk for exit codes
  * Change uptime format in `podman info` to human-readable
​
-------------------------------------------------------------------
Thu Feb 22 10:25:14 UTC 2018 - vrothberg@suse.com
​
- Replace macro by the entire URL in the spec file.
​
-------------------------------------------------------------------
Tue Feb 20 14:29:54 UTC 2018 - vrothberg@suse.com
​
- Add podman-rpmlintrc to ignore "explicit-lib-dependency" warnings. Those are
  intentional as we must include the libcontainers-* packages.
  + podman-rpmlintrc
​
- Update to podman v0.2.1 (change to semantic version scheme):
  * Run podman inside a podman container
  * Add FFJSON encoding/decoding for our container structs
  * images --all developer note
  * Add podman version
  * Touch up tutorial location and install reqs
  * No registries warning
  * Return imageid from podman pull
  * Squash logged errors from failed SQL rollbacks
  * Privileged containers should inherit host devices
  * Disable default Seccomp profile with privileged containers
  * Make libpod build on 32-bit systems
  * Add buckets for all containers and all pods
  * Containers in a pod can only join namespaces in that pod
  * Change json to match docker inspect
  * Honor ENTRYPOINT in image
  * Fix libpod to use given CGroup parent instead of a hardcoded one
  * podman logs: fix tailing
  * Allow removing pods with running containers if --force is given
  * Match podman inspect output to docker inspect
  * Touchup podman kill manpage
  * Change stop signal default to SIGTERM
  * Add podman search command
  * sysfs should be mounted rw for privileged
  * Need to add LISTEN_PID environment variable to conmon command
  * Add authfile, cert-dir and creds params to build
​
-------------------------------------------------------------------
Fri Feb  9 15:55:16 UTC 2018 - vrothberg@suse.com
​
- Add requirement on libcontainers-common, which now provides the
  /etc/containers/policy.json config.
- Use golang-packaging macros.
- Set version to +git%{rev_list} scheme as there's no official release yet.
- Spec file cleanups via spec-cleaner.
- Add requirement on libcontainers-{common,image,storage}, which provide
  configuration files, manpages and debugging tools useful and required by
  podman.
​
-------------------------------------------------------------------
Wed Feb  7 08:51:16 UTC 2018 - vrothberg@suse.com
​
- Fix typo to provide the correct package.
- Replace tabs with spaces.
​
-------------------------------------------------------------------
Mon Feb  5 06:40:05 UTC 2018 - vrothberg@suse.com
​
- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.
​
-------------------------------------------------------------------
Thu Feb  1 12:38:03 UTC 2018 - vrothberg@suse.com
​
- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowed
  because you cannot make hardlinks between certain partitions.
​
-------------------------------------------------------------------
Tue Jan 30 15:33:21 UTC 2018 - vrothberg@suse.com
​
- Add podman package: podman is a simple client only tool to help with
  debugging issues when daemons such as CRI runtime and the kubelet are not
  responding or failing.
​

Places

File podman.changes of Package podman

Places