File podman.changes of Package podman
8510
1
-------------------------------------------------------------------
2
Tue Mar 18 06:51:33 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
3
4
- Add patch for CVE-2025-22869 (bsc#1239330):
5
* 0006-CVE-2025-22869-ssh-limit-the-size-of-the-internal-pa.patch
6
- Rebase patches:
7
* 0001-vendor-update-c-buildah-to-1.33.12.patch
8
* 0002-Backport-fix-for-CVE-2024-6104.patch
9
* 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
10
* 0004-http2-close-connections-when-receiving-too-many-head.patch
11
* 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
12
13
-------------------------------------------------------------------
14
Mon Mar 3 05:42:37 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
15
16
- Add patch for CVE-2025-27144 (bsc#1237641):
17
* 0005-CVE-2025-27144-vendor-don-t-allow-unbounded-amounts-.patch
18
- Rebase patches:
19
* 0001-vendor-update-c-buildah-to-1.33.12.patch
20
* 0002-Backport-fix-for-CVE-2024-6104.patch
21
* 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
22
* 0004-http2-close-connections-when-receiving-too-many-head.patch
23
24
-------------------------------------------------------------------
25
Fri Feb 7 14:16:17 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
26
27
- Add patch for CVE-2023-45288 (bsc#1236507):
28
* 0004-http2-close-connections-when-receiving-too-many-head.patch
29
- Add supplemental patch for CVE-2024-6104 (bsc#1227052):
30
* 0003-Switch-hashicorp-go-retryablehttp-to-the-SUSE-fork.patch
31
- Rebase patches:
32
* 0001-vendor-update-c-buildah-to-1.33.12.patch
33
* 0002-Backport-fix-for-CVE-2024-6104.patch
34
35
-------------------------------------------------------------------
36
Thu Jan 23 07:36:42 UTC 2025 - Danish Prakash <danish.prakash@suse.com>
37
38
- Add patch for CVE-2024-11218 (bsc#1236270):
39
* 0002-vendor-update-c-buildah-to-1.33.12.patch
40
- Rebase patch:
41
* 0001-Backport-fix-for-CVE-2024-6104.patch
42
- Removed patches (merged upstream and into the new patch):
43
* 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
44
* 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
45
* 0004-Properly-validate-cache-IDs-and-sources.patch
46
* 0005-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
47
48
-------------------------------------------------------------------
49
Tue Oct 22 06:36:40 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
50
51
- Add patch for CVE-2024-9676 (bsc#1231698):
52
* 0005-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
53
- Rebase patches:
54
* 0001-Backport-fix-for-CVE-2024-6104.patch
55
* 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
56
* 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
57
* 0004-Properly-validate-cache-IDs-and-sources.patch
58
59
-------------------------------------------------------------------
60
Fri Oct 18 11:45:50 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
61
62
- Load ip_tables and ip6_tables kernel module (bsc#1214612)
63
* Required for rootless mode as a regular user has no permission
64
to load kernel modules
65
66
-------------------------------------------------------------------
67
Tue Oct 15 16:56:51 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
68
69
- Add patch for CVE-2024-9675 (bsc#1231499):
70
* 0004-Properly-validate-cache-IDs-and-sources.patch
71
- Add patch for CVE-2024-9407 (bsc#1231208):
72
* 0003-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
73
- Rebase patches:
74
* 0001-Backport-fix-for-CVE-2024-6104.patch
75
* 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
76
77
-------------------------------------------------------------------
78
Thu Oct 3 07:05:10 UTC 2024 - Danish Prakash <danish.prakash@suse.com>
79
80
- Add patch for CVE-2024-9341 (bsc#1231230):
81
* 0002-pkg-subscriptions-use-securejoin-for-the-container-p.patch
82
- Rebase patch:
83
* 0001-Backport-fix-for-CVE-2024-6104.patch
84
85
-------------------------------------------------------------------
86
Mon Jul 1 05:41:23 UTC 2024 - Dan Čermák <dcermak@suse.com>
87
88
- Add patch to fix bsc#1227052 / CVE-2024-6104:
89
* 0001-Backport-fix-for-CVE-2024-6104.patch
90
- Add missing BuildRequires man
91
92
-------------------------------------------------------------------
93
Fri Jun 07 12:56:18 UTC 2024 - danish.prakash@suse.com
94
95
- Remove upstreamed patches:
96
- 0001-CVE-2024-1753-container-escape-fix.patch
97
- Update to version 4.9.5:
98
* Bump to v4.9.5
99
* Update release notes for v4.9.5
100
* fix "concurrent map writes" in network ls compat endpoint
101
* [v4.9] Fix for CVE-2024-3727 (bsc#1224122)
102
* Disable failing bud test
103
* CI Maintenance: Disable machine tests
104
* [CI:DOCS] Allow downgrade of WiX
105
* [CI:DOCS] Force WiX 3.11
106
* [CI:DOCS] Fix windows installer action
107
* Bump to v4.9.5-dev
108
* Bump to v4.9.4
109
* Update release notes for v4.9.4
110
* [v4.9] Bump Buildah to v1.33.7, CVE-2024-1753, CVE-2024-24786 (bsc#1226136)
111
* Add farm command to commands list
112
* Bump to FreeBSD 13.3 (13.2 vanished)
113
* Update health-start-periods docs
114
* Don't update health check status during initialDelaySeconds
115
* image scp: don't require port for ssh URL
116
* Ignore docker's end point config when the final network mode isn't bridge.
117
* Fix running container from docker client with rootful in rootless podman.
118
* [skip-ci] Packit: remove koji and bodhi tasks for v4.9
119
* Bump to v4.9.4-dev
120
* Bump to v4.9.3
121
* Release notes for v4.9.3
122
* Remove gitleaks scanning
123
* [v4.9] [skip-ci] packit: update fedora downstream branches
124
* @@option volume.image: be specific that -v only affects RUN
125
* Accept a config blob alongside the "changes" slice when committing
126
* container create: use ParseUserNamespace to parse a user namespace setting
127
* Bump to v4.9.3-dev
128
* Bump to v4.9.2
129
* Release notes for v4.9.2
130
* Cirrus: Update operating branch
131
* [v4.9] Bump to c/common v0.57.4, buildkit v0.12.5, c/buidah v1.33.5
132
* Fix updated runc dep breaking pod devices cgroup
133
* systests: kube with policies test: fix race
134
* Remove go.mod pin of runc and update to latest
135
* systests: kube with policies test: fix race
136
* Bump to v4.9.2-dev
137
* Bump to v4.9.1
138
* Release notes for v4.9.1
139
* [v4.9] Bump Buildah to v1.33.4, c/common v0.57.3, c/image v5.29.2
140
* pkginstaller: bump Qemu version to 8.2.1
141
* Assign separate ports for each appleHV machine
142
* Fix machine inspect test config
143
* AppleHV: update LastUp time
144
* applehv: return socket path from setupAPIForwarding
145
* applehv: Remove unneeded cmd.ExtraFiles assignment
146
* abi: drop check for IsRootless()
147
* system: enhance check for re-exec into rootless userns
148
* system: enhance check for re-exec into rootless userns
149
* Fix `podman machine set --rootful` for applehv
150
* applehv - fix vm lookup
151
* rpm: use go-rpm-macros on RHEL 10
152
* Bump to v4.9.1-dev
153
* Bump to v4.9.0
154
* Fix a small grammar error in RELEASE_NOTES.md
155
* Fix push endpoint stream
156
* Finalized release notes for v4.9.0
157
* farm build: push built images to registry
158
* Move the --farm flag to farm build command
159
* Clean up farm-build miscommit
160
* [CI:DOCS] Add podman farm build doc
161
* Add release notes for v4.9.0
162
* gvproxy: Update to 0.7.2 release
163
* [v4.9] Bump Buildah to v1.33.3, c/common to v0.57.2, c/image to v5.29.1
164
* Add a net health recovery service to Qemu machines
165
* Set up podman machine remote user correctly
166
* Remove Libpod special-init conditions
167
* Fix `podman system reset` with external containers
168
* [v4.8] podman kube play: fix broken annotation parsing
169
* feat: disable pid max in the podman machine
170
* systests: cp: add wait_for_ready
171
* System tests: fixes for RHEL8 gating failures
172
* Add API forwarding support for HyperV
173
* bump to v4.8.4-dev
174
175
-------------------------------------------------------------------
176
Tue Mar 19 14:14:17 UTC 2024 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
177
178
- Add patch for CVE-2024-1753 (bsc#1221677):
179
0001-CVE-2024-1753-container-escape-fix.patch
180
181
-------------------------------------------------------------------
182
Thu Jan 04 05:59:42 UTC 2024 - danish.prakash@suse.com
183
184
- Update to version 4.8.3:
185
* Release v4.8.3
186
* Update RELEASE_NOTES.md for v4.8.3
187
* update module golang.org/x/crypto to v0.17.0 [security]
188
* Error on HyperV VM start when gvproxy has failed to start
189
* bump release to v4.8.3-dev
190
191
-------------------------------------------------------------------
192
Wed Dec 13 12:51:44 UTC 2023 - Fabian Vogt <fvogt@suse.com>
193
194
- Refactor network backend dependencies:
195
* podman requires either netavark or cni-plugins. On ALP, require
196
netavark, otherwise prefer netavark but don't force it.
197
* This fixes missing cni-plugins in some scenarios
198
* Default to netavark everywhere where it's available
199
200
-------------------------------------------------------------------
201
Mon Dec 11 16:13:48 UTC 2023 - kastl@b1-systems.de
202
203
- Update to version 4.8.2:
204
* v4.8.2
205
* [CI:DOCS] Update RELEASE_NOTES.md for v4.8.2
206
* Kube Play - set ReportWriter when building an image
207
* Fix user-mode net init flag on first time install
208
* bump c/common to v0.57.1
209
* bump version to v4.8.2-dev
210
211
-------------------------------------------------------------------
212
Thu Dec 7 08:43:26 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
213
214
- Default to the new networking backend, netavark, on openSUSE (bsc#1217828)
215
216
-------------------------------------------------------------------
217
Wed Dec 06 06:02:02 UTC 2023 - danish.prakash@suse.com
218
219
- Update to version 4.8.1:
220
* v4.8.1
221
* Update RELEASE_NOTES.md for v4.8.1
222
* Handle symlinks when checking DB vs runtime configs
223
* libpod: Detect whether we have a private UTS namespace on FreeBSD
224
* pkg/bindings: add new APIVersionError error type
225
* fix podman-remote exec regression with v4.8
226
* sqlite: fix issue in ValidateDBConfig()
227
* sqlite: fix missing Commit() in RemovePodContainers()
228
* sqlite: set busy timeout to 100s
229
* Fix locking error in WSL machine rm -f
230
* Gating test fixes
231
* If API calls for kube play --replace, then replace pod
232
* Fix wsl.conf generation when user-mode-networking is disabled
233
* Bump to v4.8.1-dev
234
235
-------------------------------------------------------------------
236
Tue Nov 28 05:56:48 UTC 2023 - danish.prakash@suse.com
237
238
- Update to version 4.8.0:
239
* Bump to v4.8.0
240
* Update release notes for 4.8.0
241
* Add notes on upcoming deprecations to release notes
242
* [v4.8] Bump to Buildah v1.33.2
243
* [CI:DOCS] Update release notes
244
* machine applehv: create better error on start failure
245
* Bump to v4.8.0-dev
246
* Bump to v4.8.0-rc1
247
* Create release notes for v4.8.0
248
* Update release notes from v4.7 branch
249
* Cirrus: Update operating branch
250
* rootless_tutorial: modernize
251
* Bump Buildah to v1.33.1
252
* Bump Buildah to v1.33.0
253
* Update to libhvee 0.5.0
254
* vmtypes names cannot be used as machine names
255
* Add support for --compat-auth-file in login/logout
256
* Update tests for a c/common error message change
257
* Update c/image and c/common to latest, c/buildah to main
258
* CI: test overlay and vfs
259
* [CI:DOCS] Add link to podman py docs
260
* Test fixes for debian
261
* pasta tests: remove some skips
262
* VM images: bump to 2023-11-16
263
* fix(deps): update module k8s.io/kubernetes to v1.28.4 [security]
264
* [CI:DOCS] Machine test timeout env var
265
* Quadlet - add support for UID and GID Mapping
266
* Quadlet - Allow using symlink on the base search paths
267
* [skip-ci] Update dessant/lock-threads action to v5
268
* Avoid empty SSH keys on applehv
269
* qemu,parseUSB: minor refactor
270
* fix(deps): update module github.com/gorilla/handlers to v1.5.2
271
* docs: fix relabeling command
272
* Pass secrets from the host down to internal podman containers
273
* (Temporary) Emergency CI fix: quay search is broken
274
* Update podman-stats.1.md.in
275
* [CI:BUILD] packit: handle builds for RC releases
276
* Quadlet test - add case for multi = sign in mount
277
* set RLIMIT_NOFILE soft limit to match the hard limit on mac
278
* rootless: use functionalities from c/storage
279
* CI: e2e: fix a smattering of test bugs that slipped in
280
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.1
281
* vendor: update c/storage
282
* Improve the documentation of quadlet
283
* Fix socket mapping socket mapping nits
284
* fix(deps): update module golang.org/x/tools to v0.15.0
285
* fix(deps): update github.com/containers/libhvee digest to 9651e31
286
* [skip-ci] Update github/issue-labeler action to v3.3
287
* Document --userns=auto behaviour for rootless users
288
* machine: qemu: add usb host passthrough
289
* fix(deps): update module golang.org/x/net to v0.18.0
290
* fix(deps): update module github.com/onsi/gomega to v1.30.0
291
* Refactor Ignition configuration for virt providers
292
* [CI:BUILD] rpm: disable GOPROXY
293
* Automatic code cleanups - JetBrains
294
* Refactor key machine objects
295
* systests: add [NNN] prefix in logs, NNN = filename
296
* systests: add a last-minute check for db backend
297
* applehv: allow virtiofs to mount to /
298
* Run codespell on podman
299
* update completion scripts for cobra v1.8.0
300
* Fix man page display of podman-kube-generate
301
* Try to fix the broken formatting of man podman‐kube‐apply(1).
302
* fix(deps): update module golang.org/x/text to v0.14.0
303
* docs: make CNI removal explicit
304
* fix(deps): update module github.com/gorilla/mux to v1.8.1
305
* fix(deps): update module github.com/spf13/cobra to v1.8.0
306
* fix(deps): update module golang.org/x/sync to v0.5.0
307
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.18
308
* Podman push --help should reveal default compression
309
* Update container-device-interface (CDI) to v0.6.2
310
* fix: adjust helper string in machine_common
311
* fix: adjust helper string in machine_common
312
* remote,test: remove .dockerignore which is a symlink
313
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.2
314
* fix: adjust helper string in machine_common
315
* vendor: update github.com/coreos/go-systemd/v22 to latest main
316
* CI: default to sqlite
317
* vendor: update c/common
318
* check system connections before machine init
319
* Consume OCI images for machine image
320
* freebsd: drop dead code
321
* libpod: make removePodCgroup linux specific
322
* containers: drop special handling for ErrCgroupV1Rootless
323
* compose: fix compose provider debug message
324
* image: replace GetStoreImage with ResolveReference
325
* vendor: bump c/image to 373c52a9466f
326
* Refactor machine socket mapping
327
* AppleHV: Fix machine rm error message
328
* Add status messages to podman --remote commit
329
* End-of-Life policy for github issues
330
* fix(deps): update module github.com/shirou/gopsutil/v3 to v3.23.10
331
* Support passing of Ulimits as -1 to mean max
332
* fix(deps): update github.com/docker/go-connections digest to 0b8c1f4
333
* fix(deps): update github.com/crc-org/vfkit digest to f3c783d
334
* Log gvproxy and server9 to file on log-level=debug
335
* Change to using gopsutil for cross-OS process ops
336
* Initial addition of 9p code to Podman
337
* libpod: fix /etc/hostname with --uts=host
338
* systests: stty test: retry once on flake
339
* systests: pasta: avoid hangs
340
* Fix secrets scanning GHA Workflow
341
* [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
342
* docs: clarify systemd cgroup mount
343
* podman build --remote URI Dockerfile shoud not be treated as file
344
* Small fixes for wacko CI environments
345
* Do not add powercap mask if no paths are masked
346
* compose: try all possible providers before throwing an error
347
* podman kube play --replace should force removal of pods and containers
348
* Sort kube options alphabetically
349
* container.conf: support attributed string slices
350
* CI: podman farm tests cleanup
351
* Mask /sys/devices/virtual/powercap
352
* Update module github.com/google/uuid to v1.4.0
353
* fix(deps): update module github.com/docker/docker to v24.0.7+incompatible
354
* fix(deps): update module go.etcd.io/bbolt to v1.3.8
355
* CI: systest: safer random_rfc1918_subnet
356
* CI: e2e: safer GetPort()
357
* Fix broken code block markup in Introduction.rst
358
* chore(deps): update module google.golang.org/grpc to v1.57.1 [security]
359
* chore: remove npipe const and use vmtype const for checking
360
* Update module github.com/onsi/gomega to v1.29.0
361
* CI: try to fix more networking flakes
362
* fix: check wsl npipe when executing podman compose
363
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.1
364
* Quadlet - explicit support for read-only-tmpfs
365
* compat API: fix image-prune --all
366
* Makefile - allow more control over Ginkgo parameters
367
* Add e2e tests for farm build
368
* vendor c/{buildah,common}: appendable containers.conf strings, Part 1
369
* Add podman farm build command
370
* Add emulation package
371
* Use buildah default isolation when working with podman play kube
372
* docs(API): Fix compat network (dis-)connect
373
* test/e2e: do not import buildah
374
* pkg/specgen: remove config_unsupported.go
375
* pkg/parallel/ctr: add !remote tag
376
* pkg/domain/filters: add !remote tag
377
* pkg/ps: add !remote tag
378
* pkg/systemd/generate: add !remote tag
379
* libpod: add !remote tag
380
* pkg/autoupdate: add !remote tag
381
* vendor latest c/common
382
* libpod: remove build support non linux/freebsd
383
* Fix typo
384
* test/apiv2: adapt apiv2 test on cgroups v1 environment
385
* ginkgo setup: retry cache pulls
386
* Support size option when creating tmpfs volumes
387
* not mounted layers should be reported as info not error
388
* CI: stop using registry.k8s.io
389
* fix(deps): update module github.com/vbatts/git-validation to v1.2.1
390
* test fixes for c/common tag chnages
391
* vendor latest c/common
392
* hyperV: Update lastUp time
393
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.55.0
394
* lint: disable testifylint
395
* lint: fix warnings found by perfsprint
396
* lint: fix warnings found by inamedparam
397
* lint: fix warnings found by protogetter
398
* libpod: skip DBUS_SESSION_BUS_ADDRESS in conmon
399
* Use node hostname in kube play when hostNetwork=true
400
* cirrus setup: special-case perl unicode
401
* network: document ports and macvlan interaction
402
* quadlet: document cgroupv2 requirement
403
* [skip-ci] Update actions/checkout digest to b4ffde6
404
* Revert "Emergency workaround for CI breakage"
405
* remote: exec: do not leak session IDs on errors
406
* fix(deps): update github.com/containers/storage digest to 79aa304
407
* fix(deps): update module k8s.io/kubernetes to v1.28.3
408
* System tests: fix broken silence127
409
* Add TERM iff TERM not defined in container when podman exec -t
410
* Emergency workaround for CI breakage
411
* Kill gvproxy when machine rm -f
412
* Fix path for omvf vars on Darwin/arm64
413
* Allow systemd specifiers in User and Group Quadlet keys
414
* libpod: rename confusing import name
415
* use FindInitBinary() for init binary
416
* vendor latest c/common
417
* exec: do not leak session IDs on errors
418
* systests: cp test: lots of cleanup
419
* Define better error message for container name conflicts with external storage.
420
* Quadlet - support ImageName for .image files
421
* test/system: ignore 127 if it is the expected rc
422
* test/apiv2/20-containers.at: fix NanoCPUs tests on cgroups v1
423
* image history: fix walking layers
424
* fix(api): Ensure compatibality for network connect
425
* [CI:DOCS] Add cross-build target info.
426
* machine set: document --rootful better
427
* libpod: restart+userns cleanup netns correctly
428
* Minor log and doc fixes
429
* Quadlet man page - discuss volume removal explicitly
430
* Quadlet - add support for KubeDownForce
431
* System Test - Quadlet kube oneshot
432
* Fix output of podman --remote top
433
* buildah-bud: test relative TMPDIR
434
* Fix handling of --read-only-tmpfs flag
435
* Vendor common and buildah main
436
* remote,build: wire unsetlabels
437
* test: build with TMPDIR as relative
438
* docs: add unsetlabel
439
* vendor: bump buildah to v1.32.1-0.20231012130144-244170240d85
440
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.6.2
441
* fix: pull error response docker rest api compatibility
442
* Show client info even if remote connection fails
443
* fix(deps): update github.com/containers/libhvee digest to e51be96
444
* Run codespell
445
* SetLock for all virt providers
446
* Machine: Teardown on init failure
447
* healthcheck: make sure to always show health_status events
448
* Apply suggestions from code review
449
* [CI:DOCS]rtd: implement v2 build file
450
* Quadlet - support oneshot .kube files
451
* libpod: fix deadlock while parallel container create
452
* fix(deps): update module golang.org/x/net to v0.17.0
453
* api: add `compatMode` paramenter to libpod's pull endpoint
454
* api: break out compat image pull
455
* fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.3
456
* use sqlite as default database
457
* vendor latest c/common
458
* fix(deps): update module github.com/nxadm/tail to v1.4.11
459
* Check for image with /libpod/containers/create
460
* container: always check if mountpoint is mounted
461
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.13.0
462
* vendor: update c/storage
463
* api: drop debug statement
464
* Quadlet - add support for global arguments
465
* Add system test
466
* fix(deps): update module golang.org/x/tools to v0.14.0
467
* Don't ignore containerfiles outside of build context
468
* fix(deps): update github.com/containers/libhvee digest to fcf1cc2
469
* fix(deps): update module golang.org/x/term to v0.13.0
470
* Update module golang.org/x/sys to v0.13.0
471
* [CI:DOCS] Add updating version on podman.io to release process
472
* containers.conf: add `privileged` field to containers table
473
* Implement secrets/credential scanning
474
* Cirrus: Execute Windows podman-machine e2e tests
475
* vendor: bump c/storage
476
* Update module golang.org/x/sync to v0.4.0
477
* [CI:DOCS] update swagger version on docs.podman.io
478
* Create Qemu command wrapper
479
* Adjust to path name change for resolved unit
480
* Revert "Fix WSL systemd detection"
481
* [CI:BUILD] rpm/copr: gvforwarder recommends for RHEL
482
* [CI:DOCS] update kube play delete endpoint docs
483
* [CI:DOCS] Remove dead link from README
484
* test/system: --env-file test fixes
485
* Revert "feat(env): support multiline in env-file"
486
* Revert "docs(env-file): improve document description"
487
* Revert "fix(env): parsing --env incorrect in cli"
488
* Filter health_check and exec events for logging in console
489
* inspect: ignore ENOENT during device lookup
490
* test, manifest: test push retry
491
* Fix locale issues with WSL version detection
492
* vendor: update module github.com/docker/distribution to v2.8.3+incompatible
493
* vendor: bump c/common to v0.56.1-0.20231002091908-745eaa498509
494
* Update github.com/containers/libhvee digest to e9b1811
495
* windows: Use prebuilt gvproxy/win-sshproxy binaries
496
* Volume create - fast exit when ignore is set and volume exists
497
* Update golang.org/x/exp digest to 9212866
498
* Update github.com/opencontainers/runtime-spec digest to c0e9043
499
* remove selinux tag as not needed anymore
500
* [skip-ci] Improve podmansh(1)
501
* Build applehv for Intel Macs
502
* Revert "GHA Workflow: Faster discussion-locking"
503
* update vfkit vendored code
504
* Add DefaultMode to kube play
505
* Fix broken podman images filters
506
* Remove `c.ExtraFiles` line in machine
507
* podman: run --replace prints only the new container id
508
* New machines should show Never as LastUp
509
* podman machine: disable zincati update service
510
* Revert "cirrus setup: install en_US.UTF-8 locale"
511
* Cirrus: CI VM images w/ newer automation-library
512
* CI VMs: bump to f39 + f38
513
* [CI:DOCS] Update podman load doc
514
* Update mac installer to latest gvproxy release
515
* Fix WSL systemd detection
516
* Add documentation for the vrf option on netavark
517
* fix(deps): update github.com/containers/common digest to 9342cdd
518
* fix: typos in links, path and code example
519
* e2e: ExitCleanly(): manual special cases
520
* e2e: ExitCleanly(): the final fron^Wcommit
521
* [CI:DOCS] Add win-sshproxy target to winmake
522
* wsl: enable machine init tests
523
* Update docs/source/markdown/options/rdt-class.md
524
* move IntelRdtClosID to HostConfig
525
* use default when user does not provide rdt-class
526
* Add documentation for Intel RDT support
527
* Add test for Intel RDT support
528
* Add Intel RDT support
529
* [CI:DOCS] Fix podman form update --help examples
530
* Quadlet container mount - support non key=val options
531
* test/e2e: default to netavark
532
* [skip-ci] Update dawidd6/action-send-mail action to v3.9.0
533
* fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.7.1
534
* fix(deps): update github.com/containers/common digest to 4619314
535
* applehv: enable machine tests for start
536
* applehv: machine tests for stop and rm
537
* Update machine tests README
538
* Add podman socket info to machine inspect
539
* Fix podman machine info test for hyperV
540
* libpod: pass entire environment to conmon
541
* e2e: ExitCleanly(): manual fixes to get tests working
542
* e2e: ExitCleanly(): a few more
543
* FCOS+podman-next: correct GHA conditional syntax
544
* pkg/machine/e2e: wsl stop
545
* wsl: machine tests for inspect
546
* wsl: machine tests for ssh
547
* fix(deps): update github.com/containers/common digest to e18cda8
548
* wsl: machine start test
549
* wsl machine tests: set
550
* wsl: machine tests
551
* Skip proxy test for hyperV
552
* Enable machine e2e test for applehv
553
* hyperV: Respect rootful option on machine init
554
* [CI:BUILD] FCOS image: enable nightly build
555
* e2e: use safe fedora-minimal image
556
* hyperv: machine e2e tests for set command
557
* podman build: correct default pull policy
558
* fix handling of static/volume dir
559
* unbreak CI: useradd not found
560
* hyperv: set more realistic starting state
561
* hyperv: use StopWithForce with remove
562
* Fix all ports exposed by kube play
563
* Fix setting timezone on HyperV
564
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to 97028a6
565
* Fix farm update to check for connections
566
* Adjust machine CPU tests
567
* Bump version on main
568
* [CI:BUILD] Packit: show SHORT_SHA in `podman --version` for COPR builds
569
* Vendor c/common
570
* pod rm: do not log error if anonymous volume is still used
571
* e2e: ExitCleanly(): manual fixes to get tests passing
572
* e2e: ExitCleanly(): a few more
573
* fixes for pkg/machine/e2e on hyperv
574
* test: fix rootless propagation test
575
* [CI:BUILD] packit: tag @containers/packit-build team on copr build failures
576
* Enable disk resizing for applehv
577
* Various updates for hyperv and machine e2e tests
578
* test: update fedoraMinimal version
579
* specgen, rootless: fix mount of cgroup without a netns
580
* Automatically remove anonymous volumes when removing a container
581
* Use ActiveServiceDestination in ssh remoteConnectionUsername
582
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to 9298405
583
* e2e: ExitCleanly(): generate_kube_test.go
584
* e2e: generate kube -> kube generate
585
* e2e: ExitCleanly(): generate_kube_test.go
586
* windows cannot "do" extra files
587
* e2e: ExitCleanly(): Fixes for breaking tests
588
* play kube -> kube play
589
* e2e: ExitCleanly(): play_kube_test.go
590
* introduce pkg/strongunits
591
* Makefile equiv Powershell script
592
* pass --syslog to the cleanup process
593
* vendor of containers/common
594
* fix --authfile auto-update test
595
* compat API: speed up network list
596
* Change priority for cli-flags for remotely operating Podman
597
* libpod: remove unused ContainerState() fucntion
598
* [CI:BUILD] Packit: Enable failure notifications for cockpit tests
599
* e2e: ExitCleanly(): more low-hanging fruit
600
* e2e: ExitCleanly(): more low-hanging fruit
601
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.12.1
602
* Enable machine e2e tests for WSL
603
* systests: tighter checks for unwanted warnings
604
* GHA Workflow: Faster discussion-locking
605
* [CI:BUILD] FCOS + podman-next image: pull in wasm
606
* [CI:BUILD] rpm: remove gvproxy subpackage
607
* [CI:DOCS] Tweak podman to Podman in a few farm man pages
608
* Docs on sig-proxy are wrong, we support TTY
609
* e2e: ExitCleanly(): low-hanging fruit, part 2
610
* e2e: ExitCleanly(): low-hanging fruit, part 1
611
* Buildtag out unix commands for common OS files
612
* systests: clean up after tests; fix missing path in logs
613
* [CI:BUILD] followup PR for fcos with podman-next
614
* Implement gvproxy networking using cmdline wrapper
615
* fix, test: rmi should work with images w/o layers
616
* vendor: bump c/common to v0.56.1-0.20230919073449-d1d9d38d8282
617
* Quadlet Image test - rearrange test function
618
* e2e: continuing ExitCleanly() work: manual tweaks
619
* e2e: continuing ExitCleanly() work
620
* [CI:DOCS] Improve podman-tag man page
621
* [CI:DOCS] Improve podman-build man page
622
* [CI:DOCS] Include precheck to release process
623
* [CI:DOCS] consistentize filter options in man pages
624
* Quadlet - add support for .image units
625
* --env-host: use default from containers.conf
626
* error when --module is specified on the command level
627
* man page crossrefs: add --filter autocompletes
628
* Fix specification of unix:///run
629
* Add label! filter and tests to containers and pods
630
* Add test for legacy address without two slashes
631
* Use url with scheme and path for the unix address
632
633
-------------------------------------------------------------------
634
Wed Nov 8 07:48:11 UTC 2023 - Andreas Schwab <schwab@suse.de>
635
636
- Use crun only on selected archs
637
638
-------------------------------------------------------------------
639
Wed Nov 01 07:15:17 UTC 2023 - dcermak@suse.com
640
641
- Update to version 4.7.2:
642
* v4.7.2
643
* Update RELEASE_NOTES.md for v4.7.2
644
* compose: try all possible providers before throwing an error
645
* Mask /sys/devices/virtual/powercap
646
* fix: check wsl npipe when executing podman compose
647
* rtd: implement v2 build file
648
* Adjust to path name change for resolved unit
649
* Switch version to 4.7.2-dev
650
651
-------------------------------------------------------------------
652
Tue Oct 31 14:35:31 UTC 2023 - Guillaume GARDET <guillaume.gardet@opensuse.org>
653
654
- crun is not available for armv6 (because of criu), so use runc
655
on armv6
656
657
-------------------------------------------------------------------
658
Thu Oct 12 09:47:46 UTC 2023 - Dan Čermák <dcermak@suse.com>
659
660
- Use crun on Tumbleweed & ALP for WASM support
661
662
-------------------------------------------------------------------
663
Fri Oct 06 05:50:25 UTC 2023 - danish.prakash@suse.com
664
665
- podman-docker: Provides docker to avoid conflicts
666
when using podman with docker-compose (bsc#1215926)
667
- Update to version 4.7.1:
668
* New version: v4.7.1
669
* Update RELEASE_NOTES.md for v4.7.1
670
* compat API: speed up network list
671
* inspect: ignore ENOENT during device lookup
672
* test/system: --env-file test fixes
673
* Revert "feat(env): support multiline in env-file"
674
* Revert "docs(env-file): improve document description"
675
* Revert "fix(env): parsing --env incorrect in cli"
676
* [CI:DOCS] update swagger version on docs.podman.io
677
* Fix locale issues with WSL version detection
678
* switch version to 4.7.1-dev
679
680
-------------------------------------------------------------------
681
Fri Sep 29 03:21:32 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
682
683
- Build against latest stable Go version (bsc#1215807)
684
685
-------------------------------------------------------------------
686
Thu Sep 28 04:44:43 UTC 2023 - kastl@b1-systems.de
687
688
- Update to version 4.7.0:
689
* Bump to v4.7.0
690
* [CI:DOCS] v4.7.0 RELEASE_NOTES update
691
* rpm: remove gvproxy subpackage
692
* packit: tag @containers/packit-build team on copr build
693
failures
694
* specgen, rootless: fix mount of cgroup without a netns
695
* pass --syslog to the cleanup process
696
* fix --authfile auto-update test
697
* version: switch back from -rc1 to -dev
698
* New pre-release: v4.7.0-rc1
699
* [CI:DOCS] Update release notes for v4.7.0-rc1
700
* Cirrus: Update operating branch
701
* Move podman build opts to common file
702
* Add ability for machine rm -f for WSL
703
* Plumbing to run machine tests with hyperv
704
* CI: trace setup and runner scripts
705
* Bump to Buildah v1.32.0
706
* [CI:DOCS] bump release notes on main with the latest release
707
* fix(deps): update module github.com/opencontainers/image-spec
708
to v1.1.0-rc5
709
* Add --filter pod= autocompletion
710
* e2e: ExitCleanly(): manual test fixes
711
* e2e: continuing ExitCleanly(): just the replacements
712
* Fix some spelling and formatting
713
* Add support for Ulimit in quadlet
714
* Run codespell on code
715
* wire in new buildah build options
716
* make golangci-lint happy
717
* add !remote tag to pkg/specgen/generate
718
* pkg/specgen: do not depend on libimage for remote
719
* bump buildah to latest
720
* [CI:DOCS] restart.md: migrate to container unit
721
* fix(deps): update module k8s.io/kubernetes to v1.28.2
722
* Add support for PidsLimit in quadlet
723
* Add DNS fields to Container and Network unit groups
724
* [CI:DOCS] update API docs version list
725
* Try to fix broken CI (gvisor-something)
726
* e2e: more ExitCleanly(): manual test fixes
727
* e2e: more ExitCleanly(): dumb string replacements
728
* e2e: create_test: use ExitCleanly()
729
* e2e: diff_test: use ExitCleanly()
730
* The `podman init` command cannot modify containers.
731
* bump c/common to latest main
732
* Podmansh: use podmansh_timeout
733
* e2e: more ExitCleanly(): low-hanging fruit
734
* vendor: update checkpointctl to v1.1.0
735
* kube: add DaemonSet support for generate
736
* vendor of containers/(common, storage, image)
737
* libpod: move oom_score_adj clamp to init
738
* e2e: commit_test: use ExitCleanly()
739
* e2e: container_clone_test.go: use ExitCleanly()
740
* e2e: use ExitCleanly() in cleanup_test.go
741
* Ensure HC events fire after logs are written
742
* [CI:DOCS] podman-systemd.unit: fix equivalents
743
* Add support for kube TerminationGracePeriodSeconds
744
* Update podman-kube-play.1.md.in
745
* Split up alt binaries to speed up build
746
* Switch installer task to EC2
747
* pod: fix duplicate volumes from containers.conf
748
* tests: add test for pod cgroups
749
* libpod: create the cgroup pod before containers
750
* cmd, specgen: allow cgroup resources without --infra
751
* specgen: allow --share-parent with --infra=false
752
* libpod: allow cgroup path without infra container
753
* libpod: check if cgroup exists before creating it
754
* libpod: refactor platformMakePod signature
755
* libpod: destroy pod cgroup on pod stop
756
* utils: export MoveUnderCgroup
757
* libpod: refactor code to new function
758
* e2e: use ExitCleanly() in checkpoint tests
759
* [CI:DOCS]Remove use of --latest|-l from tutorial
760
* CI test runner: upgrade tests rely on system tests
761
* run --rmi: "cannot remove" is a warning, not an error
762
* StopContainer: display signal num when name unknown
763
* URGENT: fix broken CI
764
* Add support for kube securityContext\.procMount
765
* podman: don't restart after kill
766
* Tmpfs should not be mounted noexec
767
* sys tests: run_podman: check for unwanted warnings/errors
768
* chore(deps): update dependency setuptools to ~=68.2.0
769
* e2e: use ExitCleanly() in attach & build tests
770
* Some distros do not default to docker.io for shortname searches
771
* security: accept empty capabilities list
772
* systests: random_free_port: fix EADDRINUSE flake
773
* fix(deps): update module github.com/cyphar/filepath-securejoin
774
to v0.2.4
775
* Restrict fcos_test to amd64, arm64
776
* fix(deps): update github.com/containers/libhvee digest to
777
56fb235
778
* fix(deps): update module github.com/docker/docker to
779
v24.0.6+incompatible
780
* fix(deps): update module golang.org/x/tools to v0.13.0
781
* Ignore spurious container-removal errors
782
* fix(deps): update module golang.org/x/net to v0.15.0
783
* systests: manifest zstd test: lots of tiny cleanups
784
* vendor: update github.com/opencontainers/runc to main
785
* [skip-ci] Update actions/checkout action to v4
786
* linux, rootless: clamp oom_score_adj if it is too low
787
* machine: increase max number of inotify instances
788
* fix(deps): update module golang.org/x/term to v0.12.0
789
* Remove redundant nil checks in system connection remove
790
* fix(deps): update module golang.org/x/text to v0.13.0
791
* fix(deps): update module golang.org/x/sys to v0.12.0
792
* fix(deps): update github.com/containers/libhvee digest to 2bf7930
793
* docs(readme): fix a broken link
794
* [CI:BUILD] Podman FCOS image from main
795
* Update golang.org/x/exp digest to d852ddb
796
* Add port forwarding and gvproxy machine test
797
* libpod: do not parse --hostuser in base 8
798
* fix: default typo
799
* Add Japanese locale and translation of index
800
* remove rh.container.bot@gmail.com
801
* Tweaks and cleanups to prepare hyperv for CI
802
* system tests: housekeeping: various small fixes
803
* CI: e2e: first use of new ExitCleanly() matcher
804
* CI: e2e: new ginkgo matcher, ExitCleanly()
805
* CI: e2e: fetch the standard system-test image
806
* kube play: fix pull policy
807
* Fix gidmap command in example
808
* vendor containers/common@12405381ff45
809
* manifest,push: support add_compression from containers.conf
810
* hyperv ignition: use gvforwarder instead of vm
811
* Set remote username earlier for hyperv
812
* Added an additional troubleshooting problem and solution
813
* Remove a dependency on libimage from pkg/bindings
814
* Rename parameter in pkg/bindings
815
* Remove a dependency on libimage from pkg/api/handlers
816
* Don't re-inspect an image
817
* Cirrus: Remove multi-arch podman image builds
818
* uid/gid mapping flags
819
* [DOC] Clarify default behaviour on uidmap
820
* Update containers/common to latest
821
* update libhvee
822
* /_ping handler: return OSType http header
823
* e2e: fix race condition (kube play + logs)
824
* Update module github.com/vbauerster/mpb/v8 to v8.6.0
825
* Kube - support List documents
826
* kube down/play --replace: handle absent objects
827
* push, manifest-push: --force-compression must be true with
828
--compression-format
829
* oci: print stderr only after checking state
830
* Updated docs to reflect pod spec sysctls support added in v4.6
831
* [CI:BUILD] Packit: Disable unexpected journal message check for
832
cockpit-podman
833
* [CI:BUILD] Packit: Restrict cockpit tests to recent Fedoras
834
* Update machine init/set tests
835
* Add rootful status to machine inspect
836
* Dedup and refactor image acquisition
837
* Share podman sock bindings with other WSL distros
838
* Fix user-mode validation check
839
* system tests: try to fix sdnotify flakes
840
* Cirrus: Disable only hello multiarch build
841
* Set StopTimeout for service-container started under podman kube
842
play
843
* Set StopTimeout for compat API if not set by client
844
* podman exec should set umask to match container
845
* [CI:BUILD] Packit: run cockpit-podman tests in PRs
846
* Add infra-name annotations to kube gen/play
847
* kube: notifyproxy: close once
848
* system service: unset NOTIFY_SOCKET
849
* Update module k8s.io/kubernetes to v1.28.1
850
* API attach: return vnd.docker.multiplexed-stream header
851
* test/apiv2/60-auth.at: use `doesnotexists.podman.io`
852
* e2e tests: use registry:2.8.2 (was 2.8)
853
* create apiutils package
854
* api docs: document stream format
855
* Revert "Remove `hello` multi-arch image build"
856
* manifest-push: add support for --force-compression
857
* push: add support for --force-compression
858
* Update module github.com/onsi/ginkgo/v2 to v2.12.0
859
* Remove `hello` multi-arch image build
860
* hack/perf/system-df.sh: add `df` benchmarks
861
* Expand env variables for cmds/entrypoint with format $(ENV)
862
* vendor c/storage@6902c2d
863
* Ignore the resource limits on cgroups V1 rootless systems
864
* Fixups for stopping gvproxy
865
* Revert "GHA: Closed issue/PR comment-lock test"
866
* GHA: Closed issue/PR comment-lock test
867
* GHA: Add workflow to lock closed issues/PRs
868
* [CI:DOCS] update auto-update docs
869
* chore(deps): update dependency containers/automation_images to
870
v20230816
871
* fix(deps): update module github.com/google/uuid to v1.3.1
872
* libpod: sum per-interface network stats for FreeBSD
873
* Set default Umask for `podman kube play`
874
* [CI:BUILD] rpm: spdx compatible license field
875
* chore(deps): update dependency golangci/golangci-lint to
876
v1.54.2
877
* Implement automatic port reassignment on Windows
878
* Add support for ramfs as well as tmpfs in volume mounts
879
* Validate current generation of WSL2 with user-mode-networking
880
* use container restart policy if user specifies one
881
* Stop gvproxy on hyperv machine stop
882
* [CI:BUILD] rpm: depend on man-db
883
* Update machine list test
884
* Update machine start tests
885
* Update machine rm tests
886
* libpod: improve conmon error handling
887
* cirrus setup: install en_US.UTF-8 locale
888
* fixup "podman logs with non ASCII log tag" tests
889
* libpod: use /var/run instead of /run on FreeBSD
890
* cirrus/lib.sh: extend env to passthrough at start for locale
891
work
892
* libpod: correctly pass env so alternative locales work
893
* cgroups_linux: use SessionBusPrivateNoAutoStartup
894
* podmansh man page UID=$(id -u lockedu) is not allowed
895
* CI: systests: remove pasta ICMP tests
896
* podman.1.md: Fix formatting of exit code 127, clarify wording
897
of `exit code` example.
898
* document available secret drivers
899
* pkg/specgen: add support for read-only root on FreeBSD
900
* add --module flag
901
* Update dependency setuptools to ~=68.1.0
902
* Add riscv64 architecture to the cross build target
903
* GetFcosArch add `riscv64` arch
904
* Update WSL backend to be compat with FCOS defaults
905
* enabled hyperv image downloads
906
* fix(deps): update module github.com/containers/ocicrypt to
907
v1.1.8
908
* [CI:DOCS] Fix git build example in build page
909
* CI: e2e manifest_test: use image from quay
910
* Cirrus: Remove EC2 experimental flag
911
* sphinx: skip options include dir
912
* Update rootfs.md: Fix formatting and wording of idmap option
913
* fix: Docker API compatible bool deserialization
914
* Revert "compat,build: pull must accept string"
915
* Add missing verb in machinectl example
916
* [CI:DOCS] Update Release Notes and Release Process
917
* chore(deps): update dependency golangci/golangci-lint to
918
v1.54.1
919
* fix podman top missing output flake
920
* New partial-line test is flaking
921
* [CI:BUILD] Packit: add back fedora-eln targets
922
* Cirrus: Prune defunct job + fix noop alias
923
* Bump bundled gvproxy to 0.7.0
924
* systests: tests for --env and --env-file
925
* Update system connection add & remove
926
* Add tests for podman farm
927
* Add podman farm update command
928
* Add podman farm remove command
929
* Add podman farm list command
930
* Add podman farm create command
931
* Add podman farm subcommand
932
* CI: e2e: add delay before podman logs or journalctl
933
* Add completion for Farms
934
* Vendor c/common changes
935
* chore(deps): update dependency golangci/golangci-lint to
936
v1.54.0
937
* file logger: fix podman logs --tail with partial lines
938
* fix(env): parsing --env incorrect in cli
939
* Update docker.io/library/golang Docker tag to v1.21
940
* podman stop --cidfile missing --ignore
941
* Skip podman exec cannot be invoked on Debian
942
* Re-enable checkpoint test on Debian SID
943
* Require a non-generic reason for non-Fedora skip
944
* CI FIXME removal/update.
945
* Update dependency containers/automation_images to v20230807
946
* [skip-ci] Update dawidd6/action-send-mail action to v3.8.0
947
* [CI:DOCS] fixed couple typos in build docs
948
* Stop timer in function waitPidStop
949
* packit: Build PRs into default packit COPRs
950
* Add support for host-gateway
951
* Ensure volumes-from mounts override image volumes
952
* Minor: Include shasums in GHA workflow artifacts
953
* Minor: Add important comment to windows GHA workflow
954
* Minor: Update/fix dry-run input descriptions
955
* [CI:DOCS] Quadlet - provide more information about network
956
files
957
* man-page xref: check for duplicate entries
958
* cp: close temporary file on error path
959
* Makefile: work around the lack of 'man -l' on FreeBSD
960
* Update module golang.org/x/net to v0.14.0
961
* libpod: fix a crash in 'kube generate' on FreeBSD
962
* remove temporary files when copy [NO NEW TESTS NEEDED]
963
* Update module golang.org/x/sys to v0.11.0
964
* [ci] Remove the podman socket in remove_packaged_podman_files()
965
* [ci] Correct the podman systemd file names
966
* Always show RemoteSocket.Exists in json
967
* Fail if ssh key exists
968
* Fix regression for hyperv
969
* [CI:BUILD] Makefile: rpm target generates correct version
970
* Fix nits in #19480
971
* Add support for passing container stop timeout as -1 (infinite)
972
* pkg/specgen: Add device support for FreeBSD
973
* [CI:DOCS] man: remove duplicate entry .LastUp
974
* CI: e2e: remove useless test
975
* Check tty flag to set default terminal in Env
976
* Run codespell on code
977
* Deprecate podman generate systemd
978
* manifest/push: add support for --add-compression
979
* [CI:DOCS]Update Release Notes
980
* CI: sys: quadlet %T test: do not rely on journal
981
* GHA: Support testing build/sign workflows
982
* Remove unnecessary backslashes
983
* [docs] Use code blocks for commands in podman-completion
984
* Make podman run --rmi automatically set --rm
985
* machine: QEMU: recover from failed start
986
* vendor: bump c/image to v5.26.1-0.20230801083106-fcf7f0e1712a
987
* secret: add support for `--ignore` with rm
988
* Move `writeConfig` logic to shared function
989
* Move some logic of `setRootful` to a common file
990
* move `removeFilesAndConnections` to a common file
991
* Move `waitAPIAndPrintInfo` to common file
992
* Move `addSSHConnectionsToPodmanSocket` code to shared file
993
* Update module golang.org/x/net to v0.13.0
994
* chore(deps): update dependency containers/automation_images to
995
v20230726
996
* Skip pasta local forwarder test on debian SID
997
* Skip broken/flaky blkio-weight test
998
* Skip tarball re-inport test in rawhide for CI
999
* Cleanup CIDFile on podman-remote run --rm command
1000
* CI: e2e: remove workaround for missing login file
1001
* vendor: bump c/image and c/common
1002
* Add support for confined users
1003
* Cirrus: Temp. disable rawhide validation task
1004
* Limit git-validation to 'short-subject'
1005
* Fix up man page and add test on globs
1006
* Move alternate image acquisition to separate function
1007
* Move `getDevNullFiles` into a common file
1008
* Update github.com/digitalocean/go-qemu digest to 2e3d018
1009
* Convert QEMU functions to methods with documentation
1010
* Update docs/source/markdown/podman-build.1.md.in
1011
* do not redefine gobuild for eln
1012
* Set default userns from containers.conf file
1013
* Mention TimeoutStartSec in quadlet man page
1014
* inspect with network=none show SandboxKey netns path
1015
* [CI:DOCS] GHA: Use stable go for Mac/Win builds
1016
* Breakup AppleHV machine funcs
1017
* Codespell fixups
1018
* Update docs/source/markdown/podman-stats.1.md.in
1019
* CI: e2e: reenable containerized checkpoint tests
1020
* docs(env-file): improve document description
1021
* Don't log EOF error when using podman --remote build with an
1022
empty context directory.
1023
* API: kill: return 409 on invalid state
1024
* feat(env): support multiline in env-file
1025
* Adds documentation to new functions that were added
1026
* `startHostNetworking`: get DevNull files
1027
* `Remove`: remove network and ready sockets from registry
1028
* `Remove`: remove files and connections
1029
* `Remove`: collect files to destroy
1030
* `Init`: read and split ign file
1031
* `Init`: write ign config
1032
* `Init`: add network and registry socks to registry
1033
* `Init`: add SSH conns to podman sock
1034
* Improve the description of fields in podman-stats man page
1035
* make /dev & /dev/shm read/only when --read-only
1036
--read-only-tmpfs=false
1037
* Mention no comment lines in Containerfile.in podman-build man
1038
page
1039
* [CI:BUILD] RPM: define gobuild macro for rhel/centos stream
1040
* Fix HyperV loadMachineFromJSON function name
1041
* machine: QEMU: lock VM on stop/rm/set
1042
* libpod: add 'pod top' support on FreeBSD
1043
* [CI:DOCS] Build and Sign Mac Pkginstaller
1044
* Make sure users changes --authfile before checking
1045
* github: add issue type as link to podman github discussions
1046
* Break QEMU `config.go` code into its own functions
1047
* machine: QEMU: lock VM on start
1048
* libpod: fix 'podman kube generate' on FreeBSD
1049
* Add glob support to podman run/create --mount
1050
* kube: add DaemonSet support
1051
* Fix artifacts script after removal of msitools msi build
1052
* System tests: quadlet: fix race in %T test
1053
* If quadlets have same name, only use first
1054
* Add support for mounts listed in containers.conf
1055
* Update vendor of containers/common
1056
* System tests: add test tags
1057
* [CI:DOCS] socket_activation.md: increase socat timeout
1058
* go-md2man: use vendored-in version, not system
1059
* CI: use different TMPDIR on prior-fedora
1060
* system tests: authfile-exists: minor cleanup
1061
* start(): don't defer event
1062
* Fix: use --all in podman stats to get all containers stats
1063
* Verify authfile exists if user specifies it
1064
* libpod: don't generate errors for createTimer etc.
1065
* add "healthy" sdnotify policy
1066
* Remove LICENSE and general doc files that are installed by the
1067
main package
1068
* Add missing `
1069
* Remove legacy msitools based msi installer
1070
* Remove any quotes around distribution id
1071
* add a podman-compose command
1072
* pkg/specgen: Don't crash for device spec with...
1073
* fix(deps): update module github.com/docker/docker to
1074
v24.0.5+incompatible
1075
* Update vendor of containers/(storage,image)
1076
* Clean up /var/tmp/ when using oci-archives when creating
1077
containers
1078
* [CI:BUILD] RPM: separate out gvproxy for copr and rawhide
1079
* Reduce qemu machine function sizes
1080
* [CI:DOCS] migrate socket_activation.md to quadlet
1081
* [CI:DOCS] Update kube play volume support
1082
* Fix language, typos and markdown layout
1083
* [CI:DOCS] Add note about QUADLET_UNIT_DIRS to simplify quadlet
1084
debug
1085
* Add note on debugging quadlet unit files
1086
* Remove unnecessary use of the word "please".
1087
* libpod: fix FreeBSD 'podman-remote top' default behaviour
1088
* fix(deps): update module github.com/onsi/gomega to v1.27.9
1089
* Add support for ShmSize to quadlet
1090
* Quadlet system test - force journald log driver for short lived
1091
containers
1092
* fix(deps): update module github.com/containers/libhvee to
1093
v0.4.0
1094
* quadlet recursively scan for unit files
1095
* Ensure that we appropriately warn that TCP is insecure
1096
* systests: quadlet: fixes for RHEL8
1097
* Quadlet - Allow setting Service WorkingDirectory for Kube units
1098
* Quadlet system test - do not rely on journalctl in kube file
1099
tests
1100
* Fix markdown in docs for podman-network-create
1101
* Man pages: check for corrupt tables
1102
* quadlet systest: fix broken tmpdir references
1103
* Add `since` as valid filter option for `volume` subcommands
1104
* Podmansh: Better error, increase timeout to 30s
1105
* Fix multiple filter options logic for `podman volume ls `
1106
* Add bash-completion for podman inspect
1107
* Fix windows installer
1108
* Add missing reserved annotation support to `play`
1109
* Avoid progress hang with empty files
1110
* Revert the usage of `home.GetConfigHome()`
1111
* Fix bug report issue template README link
1112
* Replace error check for non-existent file
1113
* Emergency gating-test fixes for RHEL8
1114
* Add progress bar for decompress image
1115
* refactor: move progressbar to a function
1116
* Use pkg/homedir to get the home config directory
1117
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.2
1118
* Should be checking tmpfs versus type not source
1119
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.5.1
1120
* Enabled arm64 arch for podman applehv provider
1121
* [CI:BUILD] Packit: remove pre-sync action
1122
* Add `--podman-only` flag to `podman generate kube`
1123
* Update vendor containers/(common, buildah, image, storage)
1124
* Use constants for mount types
1125
* libpod: use define.TypeBind when resolving container paths
1126
* Tests: remove/update obsolete skips
1127
* Fix trust not using local policy file
1128
* Fix `podman container prune` docs for `--filter`
1129
* Add more tests for liveness probes with default hostname &
1130
named ports
1131
* docs: podman-build --network add slirp and pasta
1132
* docs: podman run --network mention comma separted names
1133
* Podman machine AppleHV pass number 3
1134
* Makefile: `package` -> `rpm`
1135
* network create: document --internal better
1136
* pkg/specgen: fix support for --rootfs on FreeBSD
1137
* machine start: qemu: wait for SSH readiness
1138
* [CI:BUILD] Packit: downstream task action fix
1139
* Fix container errors not being sent via pod removal API
1140
* Add missing return after utils.InternalServerError()
1141
* Update cmd/podman/login.go
1142
* [CI:DOCS] Reformat and reorder table with --userns options
1143
* Add secret support to podman login
1144
* netavark: macvlan networks keep custom nameservers
1145
* remote: fix podman-remote play kube --userns
1146
* fix(deps): update container-device-interface to v0.6.0
1147
* go mod: no longer use 1.18
1148
* fix(deps): update module github.com/containers/libhvee to
1149
v0.3.0
1150
* chore(deps): update module github.com/gin-gonic/gin to v1.9.1
1151
[security]
1152
* Run codespell on code
1153
* system service: unset listen fds on tcp
1154
* add hostname to network alias
1155
* libpod: set cid network alias in setupContainer()
1156
* AppleHV enablement pass #2
1157
* e2e: Fetch the correct user name
1158
* Add `--no-trunc` flag to maintain original annotation length
1159
* Fix TCP probes when the optional host field is not given
1160
* Add support for using port names in Kubernetes health probes
1161
* Fix: cgroup is not set: internal libpod error after os reboot
1162
* Allow setting volume and network names in Quadlet
1163
* pasta tests: automatically determine test parameters
1164
* test/e2e: wait for socket
1165
* manifest inspect: support authentication
1166
* api: fix slow version endpoint
1167
* libpod: don't make a broken symlink for /etc/mtab on FreeBSD
1168
* CI: remove build without cgo task
1169
* libpod: use io.Writer vs io.WriteCloser for attach streams
1170
* top: do not depend on ps(1) in container
1171
* make --syslog errors non fatal
1172
* api: fix doc for default ps_args
1173
* Fixes typo in the path where quadlet looks for files
1174
* Add --replace flag to podman secret create
1175
* [CI:DOCS] uidmap man pages: fix corrupt italics
1176
* [skip-ci] Update github/issue-labeler action to v3.2
1177
* [CI:DOCS] podman-system-service.1.md: document systemd usage
1178
* fix(deps): update module github.com/docker/docker to
1179
v24.0.4+incompatible
1180
* fix(deps): update module github.com/docker/docker to
1181
v24.0.3+incompatible
1182
* Use bytes size consistently instead of human size
1183
* bugfix: do not try to parse empty ranges
1184
* [CI:BUILD] Packit: fix pre-sync action for downstream tasks
1185
* fix(deps): update module golang.org/x/tools to v0.11.0
1186
* fix(deps): update module golang.org/x/net to v0.12.0
1187
* fix(deps): update module golang.org/x/term to v0.10.0
1188
* e2e: fix two toolbox flakes
1189
* test/e2e: use GinkgoT().TempDir() over MkdirTemp()
1190
* test/e2e: use random ImageCacheDir
1191
* test/e2e: remove RHEL7 workaround
1192
* test/e2e: remove unnecessary code in SynchronizedAfterSuite
1193
* test/e2e: do not use /tmp for podman commands
1194
* test/tools: vendor ginkgo v2.11
1195
* test/e2e: write timings directly to file
1196
* machine start: qemu: adjust backoffs
1197
* auto update: fix usage of --authfile
1198
* system tests: refactor registry code
1199
* fix(deps): update module golang.org/x/text to v0.11.0
1200
* pkg/specgen: properly identify image OS on FreeBSD
1201
* libpod: use new libcontainer BlockIO constructors
1202
* [CI:BUILD] Minor: Don't confuse osx-debugging
1203
* [CI:DOCS] Better document the default value of --userns
1204
* Cirrus: build FreeBSD binaries in a VM
1205
* Makefile: add support for building freebsd release tarballs
1206
* [CI:DOCS] uidmap man pages: fix corrupt tables
1207
* fix(deps): update github.com/crc-org/vfkit digest to c9a4b08
1208
* fix(deps): update module github.com/containers/buildah to
1209
v1.31.0
1210
* fix(deps): update module github.com/opencontainers/image-spec
1211
to v1.1.0-rc4
1212
* Use /proc/self/gid_map as intended, not uid_map
1213
* fix(command): ignore `--format` in `podman search --list-tags`
1214
* podman machine start: fix ready service
1215
* Makefile: don't rely on the non-standard -r flag for ln
1216
* pasta: Create /etc/hosts entries for pods using pasta
1217
networking
1218
* fix(deps): update module github.com/containers/libhvee to
1219
v0.2.0
1220
* pasta tests: add sanity check for test name vs function
1221
* pasta tests: cleanup + 1 new test
1222
* cmd/podman, pkg/domain/infra: sockets should live in /var/run
1223
on FreeBSD
1224
* cmd/podman/system: add API server support on FreeBSD
1225
* [CI:DOCS] Document support of pod security context IDs
1226
* rootless: use default_rootless_network_cmd config
1227
* Revert^3 "pasta: Use two connections instead of three in TCP
1228
range forward tests"
1229
* pasta: Workaround occasional socat failures in CI
1230
* pasta: Remove some leftover code from pasta bats tests
1231
* Bump c/image to v5.26.0, c/common 0.54.0
1232
* fix(deps): update module github.com/coreos/stream-metadata-go
1233
to v0.4.3
1234
* Display secret to user in inpspect
1235
* [CI:BUILD] RPM: Fix koji and ELN issues
1236
* e2e: systemd test: major fixes
1237
* pkg/specgen: add support for 'podman run --init' on FreeBSD
1238
* Bump version after v4.6 branch cut
1239
* Remove 'inspecting object' from inspect errors
1240
* pasta: Fix pasta tests to work on hosts with multiple
1241
interfaces
1242
* [CI:DOCS] fix command incorrect in windows
1243
* Fix readonly=false failure
1244
* pkg/specgen: Add support for Linux emulation on FreeBSD
1245
* Fix up podmansh man page
1246
* Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs
1247
* Fixes for vendoring Buildah
1248
* vendor in latest buildah
1249
* tests: fix "Storing signatures" check
1250
* update c/image and c/storage to latest
1251
* Kube quadlets can support autoupdate as well as containers
1252
* debug tail 800 lines flake
1253
* Pass in correct cwd value for hooks exe
1254
* specgen: honor --device-cgroup-rule with a new user namespace
1255
* specgen, rootless: raise error with --device-cgroup-rule
1256
* make image listing more resilient
1257
* Update module google.golang.org/protobuf to v1.31.0
1258
* Trim whitespace from unit files while parsing
1259
* Re-organize hypervisor implementations
1260
* play.go: remove volumes on down -f
1261
1262
-------------------------------------------------------------------
1263
Tue Aug 29 11:07:37 UTC 2023 - danish.prakash@suse.com
1264
1265
- Update to version 4.6.2:
1266
* Bump to v4.6.2
1267
* Release notes for v4.6.2
1268
* Packit: Disable unexpected journal message check for cockpit-podman
1269
* Packit: Restrict cockpit tests to recent Fedoras
1270
* Packit: run cockpit-podman tests in PRs
1271
* rpm: spdx compatible license field
1272
* vendor c/storage@v1.48.1
1273
* rpm: depend on man-db
1274
* use container restart policy if user specifies one
1275
* podmansh man page UID=$(id -u lockedu) is not allowed
1276
* packit: Build PRs into default packit COPRs
1277
* Skip tests that fail in gating
1278
* fix: pull parma parsing for the /build compat ep
1279
* [CI:DOCS] Update Release Notes
1280
* Bumpt to v4.6.2-dev
1281
1282
-------------------------------------------------------------------
1283
Wed Aug 16 05:27:24 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
1284
1285
- Fix build error on SLE due to dangling files clause
1286
on a discarded file, README.SLE.SUSE
1287
- Fix unexpanded RPM macro error
1288
1289
-------------------------------------------------------------------
1290
Fri Aug 11 05:42:19 UTC 2023 - danish.prakash@suse.com
1291
1292
- Update to version 4.6.1:
1293
* Bump to v4.6.1
1294
* Release notes for v4.6.1
1295
* Vendor buildah v1.31.2
1296
* [4.6] vendor c/common v0.55.3
1297
* [v4.6] Remove zstd:chunked reference
1298
* [v4.6] bump golang.org/x/net to v0.13.0
1299
* do not redefine gobuild for eln
1300
* [CI:BUILD] RPM: define gobuild macro for rhel/centos stream
1301
* [v4.6] [CI:BUILD] RPM: separate out gvproxy for copr and fedora >= 38
1302
* System tests: add test tags
1303
* API: kill: return 409 on invalid state
1304
* Mention TimeoutStartSec in quadlet man page
1305
* If quadlets have same name, only use first
1306
* Bump to v4.6.1-dev
1307
1308
-------------------------------------------------------------------
1309
Thu Aug 3 13:05:43 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
1310
1311
- Discard outdated README.SUSE.SLES
1312
- Recommend gvisor-tap-vsock, required for `podmand machine`
1313
1314
-------------------------------------------------------------------
1315
Fri Jul 21 05:26:20 UTC 2023 - danish.prakash@suse.com
1316
1317
- Update to version 4.6.0:
1318
* Bump to v4.6.0
1319
* Update release notes for v4.6.0
1320
* Ensure that we appropriately warn that TCP is insecure
1321
* CI: remove build without cgo task
1322
* libpod: use io.Writer vs io.WriteCloser for attach streams
1323
* top: do not depend on ps(1) in container
1324
* api: fix doc for default ps_args
1325
* Add more tests for liveness probes with default hostname & named ports
1326
* Fix TCP probes when the optional host field is not given
1327
* Add support for using port names in Kubernetes health probes
1328
* [CI:DOCS] fix command incorrect in windows
1329
* [CI:DOCS] Reformat and reorder table with --userns options
1330
* [CI:DOCS] Better document the default value of --userns
1331
* Add missing return after utils.InternalServerError()
1332
* Fix markdown in docs for podman-network-create
1333
* Fix multiple filter options logic for `podman volume ls `
1334
* Should be checking tmpfs versus type not source
1335
* Use constants for mount types
1336
* Fix `podman container prune` docs for `--filter`
1337
* docs: podman-build --network add slirp and pasta
1338
* docs: podman run --network mention comma separted names
1339
* network create: document --internal better
1340
* pkg/specgen: fix support for --rootfs on FreeBSD
1341
* systests: quadlet: fixes for RHEL8
1342
* Fix windows installer
1343
* Podmansh: Better error, increase timeout to 30s
1344
* Emergency gating-test fixes for RHEL8
1345
* Packit: remove pre-sync action
1346
* [CI:DOCS] Update RELEASE_NOTES.md with Makefile change
1347
* Bump to v4.6.0-dev
1348
* Bump to v4.6.0-rc2
1349
* Makefile: `package` -> `rpm`
1350
* Update release notes
1351
* system tests: refactor registry code
1352
* machine start: qemu: wait for SSH readiness
1353
* machine start: qemu: adjust backoffs
1354
* auto update: fix usage of --authfile
1355
* [CI:BUILD] Packit: downstream task action fix
1356
* Fix container errors not being sent via pod removal API
1357
* netavark: macvlan networks keep custom nameservers
1358
* add hostname to network alias
1359
* libpod: set cid network alias in setupContainer()
1360
* Fix: cgroup is not set: internal libpod error after os reboot
1361
* test/e2e: wait for socket
1362
* api: fix slow version endpoint
1363
* manifest inspect: support authentication
1364
* libpod: don't make a broken symlink for /etc/mtab on FreeBSD
1365
* make --syslog errors non fatal
1366
* Fixes typo in the path where quadlet looks for files
1367
* [CI:DOCS] uidmap man pages: fix corrupt italics
1368
* [CI:DOCS] podman-system-service.1.md: document systemd usage
1369
* Use bytes size consistently instead of human size
1370
* bugfix: do not try to parse empty ranges
1371
* pkg/specgen: properly identify image OS on FreeBSD
1372
* [CI:DOCS] Document support of pod security context IDs
1373
* pkg/specgen: add support for 'podman run --init' on FreeBSD
1374
* Remove 'inspecting object' from inspect errors
1375
* Fix readonly=false failure
1376
* pkg/specgen: Add support for Linux emulation on FreeBSD
1377
* Fix up podmansh man page
1378
* Pass in correct cwd value for hooks exe
1379
* specgen: honor --device-cgroup-rule with a new user namespace
1380
* specgen, rootless: raise error with --device-cgroup-rule
1381
* make image listing more resilient
1382
* Trim whitespace from unit files while parsing
1383
* play.go: remove volumes on down -f
1384
* Vendor c/common v0.55.2
1385
* system service: unset listen fds on tcp
1386
* [CI:DOCS] [Release Notes]: add static routes
1387
* [CI:DOCS] tag podmansh as tech preview in RELEASE_NOTES.md
1388
* [CI:DOCS] uidmap man pages: fix corrupt tables
1389
* libpod: use new libcontainer BlockIO constructors
1390
* Bump to v4.6.0-dev
1391
* Bump to v4.6.0-rc1
1392
* Bump to v4.6.1-dev
1393
* Bump to v4.6.0
1394
* Release notes for v4.6.0
1395
* Update Release Notes for v4.5.1
1396
* rootless: use default_rootless_network_cmd config
1397
* tests: fix "Storing signatures" check
1398
* Fixes for vendoring Buildah
1399
* Make Podman/Buildah use same DecryptConfig/EncryptConfig funcs
1400
* Do not use deprecated hook functions from c/common
1401
* Bump c/storage to v1.48.0, c/image to v5.26.1, c/common to v0.55.1, buildah to v1.31.0
1402
* pasta: Remove some leftover code from pasta bats tests
1403
* pasta: Fix pasta tests to work on hosts with multiple interfaces
1404
* fix(command): ignore `--format` in `podman search --list-tags`
1405
* Use /proc/self/gid_map as intended, not uid_map
1406
* podman machine start: fix ready service
1407
* Makefile: don't rely on the non-standard -r flag for ln
1408
* cmd/podman, pkg/domain/infra: sockets should live in /var/run on FreeBSD
1409
* cmd/podman/system: add API server support on FreeBSD
1410
* pasta: Create /etc/hosts entries for pods using pasta networking
1411
* RPM: Fix koji and ELN issues
1412
* Cirrus: Update operating branch
1413
* system tests: add and use _prefetch
1414
* pkg/api: BufferedResponseWriter flush correctly
1415
* pkg/api: top return error to client
1416
* container wait: support health states
1417
* [CI:DOCS] Fix example on PublishPort
1418
* container wait API: use string slice instead of state slice
1419
* podman wait: update man page
1420
* StopContainer(): ignore one more conmon warning
1421
* run,create: modify `--env-merge` behavior for non-existent vars
1422
* use libnetwork/slirp4netns from c/common
1423
* update c/common to latest
1424
* e2e: use parallel-safe /dev subdirectories
1425
* [CI:BUILD] Help Renovate manage the golangci-lint version
1426
* systests: test instrumentation
1427
* compat API create/pull: fix error handling
1428
* compat API push: fix error handling
1429
* GetSafeIPAddress(): discourage its use
1430
* libpod: write /etc/{hosts,resolv.conf} once
1431
* e2e: fix one of the many log flakes
1432
* cmd, push: expose --compression-level
1433
* vendor: bump containers/common
1434
* compat API container create: handle platform parameter
1435
* refactor(machine): remove hard code
1436
* vendor in latests containers/common
1437
* fix(machine): throw `connect: connection refused` after set proxy
1438
* [CI:BUILD] Packit: cleanups
1439
* Add console mode to podman machine
1440
* e2e: kube test: specify expected exit code
1441
* e2e --authfile test: fix test condition
1442
* chore(deps): update dependency setuptools to v68
1443
* make lint: re-enable revive
1444
* make lint: re-enable ginkgolinter
1445
* make lint: enable rowserrcheck
1446
* make lint: enable wastedassign
1447
* make lint: enable mirror
1448
* bump golangci-lint to v1.53.3
1449
* auto update: restart instead of stop+start
1450
* cmd/podman/root.go: fix help document issue of the image store
1451
* vendor: bump c/storage to v1.46.2-0.20230616083707-cc0d208e5e1c
1452
* podman: add support for splitting imagestore
1453
* network create --ip-range allow for custom range
1454
* fix(ssh): start machine failed to start with exit status 255
1455
* remote wait: fix "removed" condition
1456
* [CI:DOCS] Fix service_destinations description in podman man page
1457
* quadlet should exit non zero on failures
1458
* fix(deps): update module golang.org/x/tools to v0.10.0
1459
* e2e: GetSafeIPAddress() replaces GetRandomIPAddress
1460
* pasta: use code from c/common
1461
* Add support for setting autoupdate in quadlet
1462
* New command: podmansh
1463
* vendor: update c/common to latest
1464
* Add quadlet container support for Mask,Umask options
1465
* libpod: make conmon always log to syslog
1466
* Document how to get secret mounts working on RHEL8
1467
* Verify podman pull dup image only prints id once
1468
* Vendor in latests containers/common
1469
* Apply suggestions from code review
1470
* Revert "rootlessport: exclude storage drivers via build tags"
1471
* filters: use new FilterID function from c/common
1472
* logformatter: ignore 'TOP-LEVEL' headings
1473
* test/e2e: fix network ID test
1474
* update c/{common,image,storage} to latest
1475
* [CI:DOCS] clarify supported transports in manifest push
1476
* [CI:DOCS] podman-push: rm confusion on supported transports
1477
* container wait: indicate timeout in error
1478
* network-create: document new bclim option
1479
* fix(deps): update module golang.org/x/text to v0.10.0
1480
* libpod: Podman info output more network information
1481
* fix(deps): update module golang.org/x/term to v0.9.0
1482
* quadlet: adjust container unit documentation
1483
* e2e: GetRandomIPAddress(): parallelize
1484
* Makefile: add support for 'make help' on FreeBSD
1485
* criu: return error when checking for min version
1486
* Update docs/source/markdown/podman-systemd.unit.5.md
1487
* 250-systemd.bats: remove outdated comment
1488
* github: add issue type as link to podman-desktop
1489
* Add WorkingDir support to quadlet
1490
* rootlessport: exclude storage drivers via build tags
1491
* Add ability to set static routes
1492
* test/upgrade: correctly share mounts between host and container
1493
* Update common, image, and storage deps
1494
* Fix system service manpage name in API Documentation
1495
* style(specgen): omit nil check
1496
* fix(specgen): index out of range when unmask=[]
1497
* Makefile to force a shell when running command
1498
* cirrus,ci: default to overlay for debian env
1499
* Quadlet: Add support for --sysctl flag
1500
* chore(deps): update dependency requests-mock to ~=1.11.0
1501
* Ignore spurious warnings when killing containers
1502
* Makefile: don't hard-code the path for bash
1503
* fix(deps): update module github.com/burntsushi/toml to v1.3.2
1504
* GHA: Fix bad job-names & links in monitoring emails
1505
* podman-registry: simpler, safer invocations
1506
* Ensure our mutexes handle recursive locking properly
1507
* Fix an expected error message from pod removal
1508
* Fix a race removing multiple containers in the same pod
1509
* Discard errors when a pod is already removed
1510
* Change Inherit to use a pointer to a container
1511
* e2e: add ginkgo decorators to address flakes
1512
* filters: better handling of id=
1513
* fix(deps): update module github.com/onsi/gomega to v1.27.8
1514
* refactor: improve get ssh path duplicate code
1515
* logformatter: better recognition of ginkgo test names
1516
* Address review feedback and add manpage notes
1517
* Add support for SecurityLabelNested flag in quadlet
1518
* fix(deps): update module github.com/burntsushi/toml to v1.3.1
1519
* `system locks` now reports held locks
1520
* fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.17
1521
* Add a new hidden command, podman system locks
1522
* Add number of free locks to `podman info`
1523
* Include lock number in pod/container/volume inspect
1524
* fix ignition config creation
1525
* Makefile binaries target adopted for Mac and Win
1526
* fix(deps): update github.com/crc-org/vfkit digest to 3d57f09
1527
* logformatter: proper status color for failed tests
1528
* pasta: Test handling of unknown protocols
1529
* pasta: Correct handling of unknown protocols
1530
* Quadlet - add support for Pull key in .container
1531
* fix(deps): update module github.com/sirupsen/logrus to v1.9.3
1532
* Add default ulimit test for gen kube
1533
* feat: add insecure registry troubleshooting solution
1534
* fix(deps): update module golang.org/x/tools to v0.9.3
1535
* fix(deps): update module github.com/coreos/stream-metadata-go to v0.4.2
1536
* e2e: GetPort(): safer allocation of random ports
1537
* The removeContainer function now accepts a struct
1538
* Revert "test/e2e: fix "podman run ipcns ipcmk container test""
1539
* Add a test for removing dependencies with rm -fa
1540
* Revert "ginkgo-v2 cleanup workaround for #18180"
1541
* Fix a deadlock when removing pods
1542
* Pods now return what containers were removed with them
1543
* Make RemoveContainer return containers and pods removed
1544
* Add an API for removing a container and dependencies
1545
* systests: fixes for coping with extra systemd image
1546
* libpod: fix timezone handling
1547
* fix(deps): update github.com/godbus/dbus/v5 digest to 7623695
1548
* fix(deps): update module golang.org/x/tools to v0.9.2
1549
* test/system: quadlet use correct systemd restart policy
1550
* systests: minimize race-condition window
1551
* systests: fix improper backgrounding of run_podman
1552
* set max ulimits for rootless on each start
1553
* Fix: display online_cpus in compat REST API
1554
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.6
1555
* systests: fix race in quadlet tests
1556
* fix(deps): update module github.com/burntsushi/toml to v1.3.0
1557
* e2e: make BuildImage parallel-safe
1558
* completion: fix panic in simplePathJoinUnix()
1559
* Update module github.com/stretchr/testify to v1.8.4
1560
* authfile.md: add default path of file for Windows/macOS.
1561
* Update module github.com/rootless-containers/rootlesskit to v1.1.1
1562
* hack: fix typo in hack/podman-registry
1563
* man pages and command help: clean up descriptions
1564
* RPM: bump gvisor-tap-vsock subpackage and fix packit scripts
1565
* Man pages: fix broken tables
1566
* test/e2e: add regression testing for comma-containing labels
1567
* fix: volume create filters
1568
* fix: move filter flags from StringSliceVar to StringArrayVar
1569
* pkg/rootless: correctly handle proxy signals on reexec
1570
* [CI:BUILD] Packit: set propose-downstream action type to pre-sync
1571
* [CI:DOCS] fix Quadlet man page rendering
1572
* Quadlet: kube: use ExecStopPost
1573
* Quadlet: kube: add ExitCodePropagation field
1574
* kube play: exit-code propagation
1575
* prune exit codes only when container doesn't exist
1576
* podman: Add pasta to podman info
1577
* Revert "test/system/255-auto-update.bats: add debug logs"
1578
* Quadlet - add support for PodmanArgs to all groups
1579
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
1580
* In a concurrent removal test, don't remove concurrently with builds
1581
* Consolidate error handling in Runtime.removeContainer
1582
* Consolidate error handling in Container.cleanupStorage
1583
* Fix reporting errors on container unmount
1584
* TEMPORARY(?) instrumentation for unlinkat-ebusy
1585
* pkginstaller: bump Qemu to version 8.0.0
1586
* Support podman --remote when Containerfile is not in context directory
1587
* chore(deps): update dependency requests to ~=2.31.0
1588
* fix: podman event --filter volume=vol-name should compare the event name with volume name
1589
* fix(deps): update module github.com/docker/docker to v24
1590
* wait: look for exit code in stopped state
1591
* network create/update: allow dns servers comma separated
1592
* source code comments and docs: fix typos, language, Markdown layout
1593
* Increase download progress to 80ch
1594
* chore(deps): update dependency setuptools to ~=67.8.0
1595
* podman: Added find slirp4netns binary file from helper_binaries_dir [NO NEW TESTS NEEDED]
1596
* fix(deps): update module github.com/sirupsen/logrus to v1.9.2
1597
* stats: get mem limit from the cgroup
1598
* quadlet tests: enable device.volume test
1599
* quadlet tests: remove unused socketactivated.container
1600
* fix(deps): update module github.com/stretchr/testify to v1.8.3
1601
* Correct markdown in docs
1602
* fix(deps): update module github.com/onsi/gomega to v1.27.7
1603
* [CI:DOCS] Improve security in mysql examples
1604
* Cirrus: Record the buildah version for reference
1605
* test/e2e: do not call setenforce
1606
* Fix discombobulated kubernetes support table
1607
* run: ignore PODMAN_USERNS with --pod
1608
* Add --configmap to podman-remote kube play
1609
* compat: accept tag in /images/create?fromSrc
1610
* fix HTMLSpan warnings
1611
* generate systemd: error on init containers
1612
* Remove future tense from man pages
1613
* compat,build: pull must accept string
1614
* Cirrus: Add support for `[CI:NEXT]`
1615
* Cirrus: Remove support for `[CI:COPR]` magic
1616
* system tests: add precision timestamps
1617
* Makefile: add ginkgo FOCUS/FOCUS_FILE options
1618
* e2e: refactor and document serialization
1619
* machine: fix default connection URL to use 127.0.0.1
1620
* e2e: serialize gpg tests
1621
* Document podman-machine-default behavior
1622
* e2e: fix more test races (missing "wait")
1623
* fix(deps): update module github.com/openshift/imagebuilder to v1.2.5
1624
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.5
1625
* Fix documentation of `--network-cmd-path` CLI option
1626
* Skip rhel-release branch unnecessary CI tasks
1627
* test/e2e: dedup Before/AfterEach nodes
1628
* remote-save: fix permissions and dir formats
1629
* Set machine docker.sock according to rootful flag
1630
* Fix handling of .containenv on tmpfs
1631
* Do not include image annotations when building spec
1632
* build(deps): bump github.com/docker/distribution
1633
* Kube Play - Support multi-doc YAML files for configmap argument
1634
* system tests: instrument, to try to catch unlinkat-ebusy
1635
* test: check restart policy of init containers
1636
* Update sigstore/rekor after https://github.com/sigstore/rekor/pull/1469
1637
* issue template: mention `su`
1638
* e2e: logs test: fix flakes
1639
* fix(deps): update module github.com/containernetworking/plugins to v1.3.0
1640
* e2e: stop podman.service test: wait for server
1641
* logformatter: handle podman-machine test logs
1642
* fix(deps): update module golang.org/x/tools to v0.9.1
1643
* [CI:DOCS] Disable Dependabot in favor of Renovate
1644
* Ensure the consistent setting of the HOME env variable on container start
1645
* Quadlet system tests - fix socket notification
1646
* sqlite: disable WAL mode
1647
* system tests: timeoutize quadlet, systemd
1648
* test: update README for integration tests
1649
* libpod/Container.rootFsSize(): use recorded image sizes
1650
* quadlet: support `HostName`
1651
* e2e: fix race in a play-kube test
1652
* Fix preference of user quadlets directories
1653
* fix(deps): update module golang.org/x/tools to v0.9.0
1654
* fix(deps): update module golang.org/x/net to v0.10.0
1655
* Check on client side for Containerfile, if none specified
1656
* build(deps): bump github.com/docker/docker
1657
* Buildah treadmill: several fixes
1658
* fix(deps): update github.com/containers/common digest to 3e93a76
1659
* chore(deps): update dependency docker to ~=6.1.0
1660
* Update docs/source/markdown/podman-systemd.unit.5.md
1661
* fix(deps): update github.com/containers/common digest to bc15b04
1662
* fix: initContainer restart policy overridden by pod
1663
* fix(deps): update module golang.org/x/sync to v0.2.0
1664
* chore(deps): update dependency requests to ~=2.30.0
1665
* ginkgo json output: only in CI, not on laptop runs
1666
* Allow user quadlets to be stored under /etc
1667
* fix(deps): update github.com/containers/common digest to ea87b34
1668
* libpod: do not Cleanup() more than once
1669
* compat container create: match duplicate mounts correctly
1670
* Update podman-completion.1.md
1671
* fix(deps): update github.com/containers/buildah digest to e925b58
1672
* Run generate.CompleteSpec() for initContainers as well
1673
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.4
1674
* remote: return better connect error
1675
* Add missing man page links for Docker man pages
1676
* Replace egrep/fgrep with grep -E/-F
1677
* remote: exec inspect update exec session status
1678
* fix(deps): update github.com/digitalocean/go-qemu digest to f035778
1679
* fix(deps): update github.com/godbus/dbus/v5 digest to 6cc540d
1680
* fix(deps): update github.com/containers/buildah digest to f353690
1681
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.9.3
1682
* MVP for Podman Machine with AppleHV
1683
* e2e tests: try writing & preserving ginkgo json artifacts
1684
* vendor: bump buildah to v1.30.1-0.20230501124043-3908816d5310
1685
* bindings, build: don't pass invalid platform in case of none
1686
* Revert "logformatter: anchors: link to test summary, not name"
1687
* More cleanup: volumes: do not export to stdout
1688
* e2e test cleanup
1689
* Update kube gen & play to use pod restart policy
1690
* Add {{.Restarts}} to podman pod ps
1691
* Add {{.Restarts}} to podman ps
1692
* Add --restart flag to pod create
1693
* history: correctly set tags
1694
* fix(deps): update module github.com/moby/term to v0.5.0
1695
* Makefile: do not run machine test in parallel
1696
* pkg/machine/e2e: switch to GinkgoWriter
1697
* api: fix parsing filters
1698
* ginkgo-v2 cleanup workaround for #18180
1699
* test/e2e: fix custom timing reporting
1700
* logformatter: anchors: link to test summary, not name
1701
* WIP: logformatter: handle ginkgo v2 logs
1702
* test/e2e: unshare --rootless-netns cleanup slirp4netns
1703
* test/e2e: run system reset test serial
1704
* test/e2e: fix CleanupVolume/Secrets()
1705
* ginkgo v2: fix new Skip() behavior
1706
* test/e2e: fix pause tests to unpause before cleanup()
1707
* ginkgo v2: drop localbenchmarks
1708
* test/e2e: switch to GinkgoWriter
1709
* test/e2e: unset CONTAINERS_CONF before Cleanup()
1710
* ginkgo: run on all cores
1711
* test/e2e: fix Cleanup()
1712
* test/e2e: fix "podman run ipcns ipcmk container test"
1713
* test/e2e: actually check for cleanup errors
1714
* Lower e2e timeout to not waste time when it hangs
1715
* test/e2e: containers.conf tests add missing Wait()
1716
* ginkgo v2: remove CurrentGinkgoTestDescription()
1717
* ginkgo v2: remove deprecated flags
1718
* update to ginkgo v2
1719
* test/e2e: do not remove CNI directory
1720
* e2e: login_logout: use unique authfile for each test
1721
* Fix clashing subuid
1722
* [CI:DOCS] troubleshooting: fix subuid example
1723
* manifest, push: use source as destination if not specified
1724
* Update github.com/moby/term digest to 0564e01
1725
* Add name-generation test
1726
* Implement machine provider selection
1727
* libpod: improve errors management in cleanupStorage
1728
* libpod: report unmount idmapped rootfs errors
1729
* test: do not wait 10 seconds before killing myyaml
1730
* podman: simplify code with a switch
1731
* test: fix typo
1732
* build(deps): bump github.com/docker/docker
1733
* swagger: fix Info name conflict
1734
* Nightly dependency treadmill: remove
1735
* Update short description for disconnect cmd
1736
* windows: podman save allow the use of stdout
1737
* Update c/common and avoid setting umask
1738
* Cirrus: Update CI VM Image to F38/37
1739
* Cirrus: Run code validation on rawhide
1740
* Fix rand.Seed() deprecation in golang 1.20
1741
* Add sha256: to images history id for docker compatibility
1742
* Support systemd optional prefix '-' for devices.
1743
* Fix a copy/paste error in an error message
1744
* chore(deps): update dependency requests to ~=2.29.0
1745
* Fix simple typo in podman-network-create.md
1746
* e2e cleanup: push with auth: add error checks
1747
* e2e: remove "-it" from podman run & exec
1748
* pkg/machine: rework RemoveConnection()
1749
* machine: qemu only remove connection after confirmation
1750
* Add file swith for pre-exec
1751
* system reset: show graphRoot/runRoot before removal
1752
* fix manifest annotate help
1753
* Netavark userns test: give aardvark time to come up
1754
* sqlite: move first read into a transaction
1755
* Recover from failed podman machine start
1756
* rootless: support joining contianers that use host ns
1757
* auto-update: return errors when checking for updates
1758
* [skip-ci] Update dawidd6/action-send-mail action to v3.7.2
1759
* fix(deps): update github.com/containers/common digest to 46c4463
1760
* Add user mode networking feature to Windows
1761
* system/reset.go: help: fix typo
1762
* e2e create same-IP: try to fix flake
1763
* system tests: safer container-stop signaling
1764
* Revert "Resolve symlink path for qemu directory if possible"
1765
* ps: --format {{.State}} match docker output
1766
* test/system/260-sdnotify.bats: fix test flake
1767
* [CI:DOCS] Quadlet: clarify overriding user/system services
1768
* Eliminate transient container deps from wslkerninst
1769
* Wording
1770
* fix(deps): update github.com/containers/common digest to 5547996
1771
* cmd/podman/pods: omit superfluous runtime.NumCPU call
1772
* support `--digestfile` for remote push
1773
* e2e: skip journald test if journald is unavailable
1774
* Cirrus: Enable testing on Fedora rawhide
1775
* [CI:BUILD] Cirrus: remove copr rpm build task
1776
* chore(deps): update dependency setuptools to ~=67.7.0
1777
* Cirrus: Drop benchmarks artifacts
1778
* test/e2e: correctly reap service process
1779
* test/e2e: add missing options to remote service
1780
* test/e2e: fix incorrect usage of CreateTempDirInTempDir()
1781
* test/e2e: "podman-remote send correct path to copier" do not leak file
1782
* test/e2e: fix network create flake due same subnet
1783
* test/e2e: fix SkipIfNotActive()
1784
* test/e2e: do not try to use docker as rootless
1785
* test/e2e: do not leak "hello" file
1786
* podman-remote logs: handle server error correctly
1787
* test/e2e: use custom network config v2
1788
* rename ImagePushReport to ImagePushStream
1789
* Specify format to buildah before commit
1790
* Add eBPF snooper that traces the entire fork/exec graph of podman
1791
* libpod: stop containers with --restart=always
1792
* test: fix race when listing cgroups
1793
* compat: Translate `noprune` into ImageRemoveOptions.NoPrune
1794
* [CI:DOCS] Update RELEASE_PROCESS.md
1795
* hyperv: add podman socket mapping
1796
* e2e networking test: better way to get host IP
1797
* Updated system test to be easier to read
1798
* bindings tests: bail out early on image errors
1799
* libpod: fix TestPostDeleteHooks do not depend on version
1800
* chore(deps): update dependency setuptools to v67
1801
* fix(deps): update module github.com/containers/libhvee to v0.0.5
1802
* e2e: quadlet uses PODMAN env for podman binary path
1803
* Fixes format inconsistencies with docker for certain history fields
1804
* Makefile: do not prefix /etc
1805
* libpod: configureNetNS() tear down on errors
1806
* libpod: rootlessNetNs.Cleanup() fix error message
1807
* HyperV: wait on stop
1808
* build(deps): bump github.com/docker/docker
1809
* Makefile: include `release-artifacts` target
1810
* Enabled network over vsock
1811
* fix(deps): update module github.com/microsoft/go-winio to v0.6.1
1812
* fix(deps): update module github.com/opencontainers/runtime-spec to v1.1.0-rc.2
1813
* fix remote start --filter
1814
* Update API reference to include v4.5
1815
* Add missing security options to /info response
1816
* Add mention of redir to doc `rootless.md`
1817
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.4.0
1818
* docs(readme): add status badges and remove hardcoded release info
1819
* Don't use bytes.NewBuffer to read data
1820
* Add support for HVSOCK on hyperv
1821
* docs: update network tutorial with netavark DHCP support
1822
* bump main to v4.6.0-dev
1823
* Remove disused test/install
1824
* Return title fields as a list
1825
* [CI:BUILD] Packit: Initial Enablement
1826
* Quadlet - do not set log-driver by default
1827
* system tests: address COPY-hardlink flake
1828
* chore(deps): update registry.centos.org/centos/centos docker tag to v8
1829
* system tests: fix race in kube-play read-only
1830
* chore(deps): update dependency docker to v6
1831
* CI: enable sqlite system tests
1832
* test: enable test_wait_next_exit
1833
* Update dependency PyYAML to v6
1834
* test/e2e/systemd_activate_test.go: simplify test
1835
* Update docker.io/library/golang Docker tag to v1.20
1836
* api: auth: fix nil deref
1837
* Update dependency requests-mock to ~=1.10.0
1838
* Update dependency requests to ~=2.28.2
1839
* fix: Document removing anonymous volumes at create
1840
* Use a sane polling interval in WaitContainerDocker
1841
* podman: added the --out option for capturing formatted output emitted by various commands
1842
* Renovate: Ensure release-note-none label is added
1843
* Renovate: Update ignore paths
1844
* *: migrate image registry to registry.k8s.io
1845
* Do not display the resource limits warning message
1846
1847
-------------------------------------------------------------------
1848
Thu Jun 29 09:19:01 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
1849
1850
- Don't unconditionally Obsolete podman-cni-config, ensure clean upgrade path.
1851
1852
-------------------------------------------------------------------
1853
Tue Jun 27 12:04:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
1854
1855
- Prefer Podman's new network stack (netavark) exclusively on ALP
1856
- Remove unused podman-cni-config subpackage, add systemd
1857
1858
-------------------------------------------------------------------
1859
Mon May 29 10:56:00 UTC 2023 - danish.prakash@suse.com
1860
1861
- Update to version 4.5.1:
1862
* Release v4.5.1
1863
* [CI:DOCS] Final release notes for v4.5.1
1864
* [CI:BUILD] Packit: set propose-downstream action type to pre-sync
1865
* Revert "Resolve symlink path for qemu directory if possible"
1866
* no need for podman-next rpm test on maint branch
1867
* [CI:BUILD] Packit: add jobs for downstream Fedora package builds
1868
* libpod: configureNetNS() tear down on errors
1869
* libpod: rootlessNetNs.Cleanup() fix error message
1870
* network create/update: allow dns servers comma separated
1871
* machine: fix default connection URL to use 127.0.0.1
1872
* compat: accept tag in /images/create?fromSrc
1873
* compat container create: match duplicate mounts correctly
1874
* machine: qemu only remove connection after confirmation
1875
* windows: podman save allow the use of stdout
1876
* remote: exec inspect update exec session status
1877
* podman-remote logs: handle server error correctly
1878
* libpod: stop containers with --restart=always
1879
* Do not include image annotations when building spec
1880
* [v4.5] system tests: fix race in kube-play read-only
1881
* api: fix parsing filters
1882
* Support systemd optional prefix '-' for devices.
1883
* *: migrate image registry to registry.k8s.io
1884
* Makefile: include `release-artifacts` target
1885
* [CI:BUILD] Packit: Initial Enablement
1886
* Bump to v4.5.1-dev
1887
1888
-------------------------------------------------------------------
1889
Tue Apr 18 06:46:57 UTC 2023 - danish.prakash@suse.com
1890
1891
- Update to version 4.5.0:
1892
* Release v4.5.0
1893
* [CI:DOCS] Final release notes for v4.5.0
1894
* Quadlet - do not set log-driver by default
1895
* Return title fields as a list
1896
* Bump to v4.5.0-dev
1897
* Bump to v4.5.0-RC2
1898
* Final release notes for v4.5.0-RC2
1899
* test/e2e: remove unnecessary SkipIfNetavark() calls
1900
* test/e2e: deduplicated network test
1901
* docs: update podman-network-create.1
1902
* network create: add --interface-name
1903
* test/system/252-quadlet.bats: fix flake
1904
* Read kube_generate_type from containers.conf
1905
* Debian setup: workaround for runc /dev/char/10:200 bug
1906
* pkg/rootless: use catatonit from /usr/libexec/podman
1907
* rootless: make sure we only use a single pause process
1908
* Use atomic config writing strategy for podman machine config files
1909
* Add remaining release notes for v4.5.0-RC2
1910
* GHA: Use version instead of SHA for actions
1911
* chore(deps): update dependency containers/automation_images to v20230405
1912
* build: pass env by reference
1913
* test: retrofit error message
1914
* test/system: expect 12 char for short id
1915
* vendor: bump containers/(storage, common, buildah, image)
1916
* [skip-ci] Update actions/upload-artifact action to v3
1917
* [skip-ci] Update actions/stale action to v8
1918
* [skip-ci] Update actions/setup-go action to v4
1919
* [skip-ci] Update github/issue-labeler action to v2.6
1920
* Fix up codespell errors
1921
* Capitalize all uid,gid and id words that are not options in docs
1922
* build(deps): bump golang.org/x/tools from 0.7.0 to 0.8.0 in /test/tools
1923
* Properly remove the service container during kube down
1924
* quadlet: add `UserNS` option key
1925
* [CI:DOCS] Release notes for 4.5.0 Part 1
1926
* "podman pull by digest and list --all" test: untag instead of rmi
1927
* build(deps): bump golang.org/x/text from 0.8.0 to 0.9.0
1928
* Add renovate.json configuration
1929
* CI: postbuild step: skip under nightly treadmill
1930
* The `--ulimit` option accepts the name with an `RLIMIT_` prefix both upper and lower case
1931
* test/e2e: use custom network config dir where needed
1932
* chore: replace `github.com/ghodss/yaml` with `sigs.k8s.io/yaml`
1933
* update completion scripts for cobra v1.7.0
1934
* libpod.storageService.CreateContainerStorage(): retrieve ID maps
1935
* Fix invalid pod name and hostname during kube generate
1936
* e2e tests: fix racy flakes
1937
* Cirrus: Enable labeling of EC2 VMs
1938
* Cirrus: Fix aarch64 clone_script 404 errors
1939
* e2e: GinkgoParallelNode() -> ...Process()
1940
* build(deps): bump github.com/spf13/cobra from 1.6.1 to 1.7.0
1941
* build(deps): bump golang.org/x/sys from 0.6.0 to 0.7.0
1942
* [CI:DOCS] --creds and registries
1943
* Copr: fix build deps for /usr/bin/envsubst
1944
* Don't error when removing non-existant env vars
1945
* e2e: healthcheck on stopped container: fix flake
1946
* test/apiv2/80-kube.at
1947
* test/apiv2/80-kube.at
1948
* system service: do not close Body
1949
* rm `hack/release.sh`
1950
* build(deps): bump github.com/onsi/gomega from 1.27.5 to 1.27.6
1951
* add `quadlet -version` flag
1952
* add version/rawversion package
1953
* quadlet: use `Flag` suffix for variables
1954
* quadlet: implement `Tmpfs` option
1955
* Bump to v4.5.0-dev
1956
* Bump to 4.5.0-rc1
1957
* Update release notes from 4.4 branch
1958
* rootless netns: recover from invalid netns
1959
* System tests: unverbosify a flake log
1960
* Add support for secret exists
1961
* Fix Win install task failures with large PR bodies
1962
* docs: add `starting` to `HealthCheckResults.Status`
1963
* Add support for cgroup_config from containers.conf
1964
* libpod: mount safely subpaths
1965
* Support Deployment generation with kube generate
1966
* Use secret.items to create volume mounts if present
1967
* [CI:DOCS] fix typo in --systemd option
1968
* rootless: drop preexec hook error message
1969
* Edit the docker wrapper to use the install prefix
1970
* Update podman-for-windows.md
1971
* Quadlet: RemapUsers documentation fixes
1972
* speed up image listing
1973
* vendor containers/common@e27c30ee9b1b
1974
* fix volume-plugin-test flake
1975
* Document building Podman remote on Windows hosts
1976
* test/e2e: gpg keep stdout/err attached
1977
* auto-update: stop+start instead of restart sytemd units
1978
* [CI:DOCS] Improve basic tutorial
1979
* Update docs/source/markdown/podman-network.1.md
1980
* Add debug to --wait test
1981
* fix slirp4netns resolv.conf ip with a userns
1982
* Quadlet: add support for keep-id with mapping values
1983
* Quadlet E2E test - run quadlet as user generator
1984
* sqlite: do not `Ping()` after connecting
1985
* Quadlet - treat paths starting with systemd specifiers as absolute
1986
* Update docs/source/markdown/podman-kube-play.1.md.in
1987
* system tests: use CONTAINERS_CONF_OVERRIDE
1988
* implement podman machine set for hyperv
1989
* [CI:DOCS] Add network subnets info to network man page
1990
* CI: retry the golangci install
1991
* system tests: fix racey sdnotify test
1992
* hyperv: lookup machine on local filesystem first
1993
* fix os.IsNotExist() CI check
1994
* Ensure that SQLite state handles name-ID collisions
1995
* macos pkginstaller: do not fail when podman-mac-helper fails
1996
* podman-mac-helper: install: do not error if already installed
1997
* build(deps): bump github.com/onsi/gomega from 1.27.4 to 1.27.5
1998
* Fix a race around SQLite DB config validation
1999
* add CONTAINERS_CONF_OVERRIDE
2000
* vendor containers/common@main
2001
* docs: minor grammar fix in `--volume` description
2002
* sqlite: do not use shared cache
2003
* test: podman checkpoint/restore the latest container
2004
* stats compat API: return "id" lowercase
2005
* Run make codespell
2006
* Drop SQLite max connections
2007
* sqlite: set connection attributes on open
2008
* Fix database locked errors with SQLite
2009
* quadlet tests: skip on RHEL8 rootless
2010
* Kube Play Doc: Document the support for K8S Secret
2011
* New ulimit test: bump up minimum nfiles
2012
* logformatter: hide --db-backend, and friendlyize quadlet
2013
* Quadlet - add support for relative path in Volume key in .container file
2014
* Add service ctr cleanup to PlayKubeDown
2015
* fix --health-on-failure=restart in transient unit
2016
* Quadlet Doc: Suggest the kill operation for HealthOnFailure
2017
* Quadlet - Add support for health checks configuration in .container files
2018
* Makefile: allow specifying /lib dir location
2019
* Fix option --opts -> --opt
2020
* basic hypverv machine implementation
2021
* Fix SQLite DB schema migration code
2022
* Add support for oom_score_adj value from containers.conf
2023
* Use default_ulimits field in containers.conf
2024
* CI: test and confirm DESIRED_DATABASE
2025
* build(deps): bump github.com/openshift/imagebuilder
2026
* logformatter: futureproof output filename
2027
* Vendor in latest containers/(storage, common, image)
2028
* build(deps): bump google.golang.org/protobuf from 1.29.0 to 1.30.0
2029
* test/system/255-auto-update.bats: add debug logs
2030
* Revert "Revert "pasta: Use two connections instead of three in TCP range forward tests""
2031
* Add information for secret inspect
2032
* Add format to podman volume ls
2033
* Add format to podman volume inspect
2034
* Add format to podman secret ls
2035
* Add format to podman system df
2036
* Add format to podman machine info
2037
* Add format table to podman image inspect man page
2038
* Cirrus: Store podman machine benchmark data
2039
* Update Cirrus display names, and fix get-ci-vm script
2040
* Ensure SQLite places uses the runroot in transient mode
2041
* Fix various integration test issues with SQLite state
2042
* Remove test for pod/container name global uniqueness
2043
* Improve handling of existing container names in SQLite
2044
* Add SQLite job to CI
2045
* buildah treadmill: also run rootless tests
2046
* build(deps): bump github.com/vbatts/git-validation in /test/tools
2047
* auto update: return restart error
2048
* fix: Document removing anonymous volumes
2049
* events: no duplicates when streaming during a log rotation
2050
* Add search --cert-dir, --creds
2051
* podman-mac-helper: exit 1 on error
2052
* system service --log-level=trace: support hijack
2053
* test/system: fix wait_for_port() to wait for bind
2054
* cgroupns: private cgroupns on cgroupv1 breaks --systemd
2055
* libpod: remove error stutter
2056
* podman events: unhide --stream
2057
* test/system/255-auto-update.bats: multiple services
2058
* 255-auto-update.bats: turn off rollback where needed
2059
* Use append() to add elements to a slice
2060
* Revert "pasta: Use two connections instead of three in TCP range forward tests"
2061
* Support running nested SELinux container separation
2062
* bud tests: rootless remote: use correct socket path
2063
* build(deps): bump github.com/vbauerster/mpb/v8 from 8.2.1 to 8.3.0
2064
* compat: /auth: parse server address correctly
2065
* docs: fix cmd `set DOCKER_HOST` suggestion
2066
* test: reenable idmap test
2067
* Must use mountlabel when creating builtin volumes
2068
* podman.spec.rpkg: distro conditionals for modulesloaddir
2069
* build(deps): bump google.golang.org/protobuf from 1.28.1 to 1.29.0
2070
* podman inspect list network when using --net=host or none
2071
* pasta: Re-enable "Local forwarder, IPv4" test, accept NXDOMAIN as response
2072
* build(deps): bump golang.org/x/tools from 0.6.0 to 0.7.0 in /test/tools
2073
* CI: Switch to c20230307t192532z-f37f36d12 images
2074
* Cirrus: Run system & integration tests in parallel
2075
* Update checkpointctl v0.1.0
2076
* Quadlet: add support for setting --ip and --ip6
2077
* build(deps): bump golang.org/x/net from 0.7.0 to 0.8.0
2078
* build(deps): bump golang.org/x/sys from 0.5.0 to 0.6.0
2079
* libpod: avoid nil pointer dereference in (*Container).Cleanup
2080
* [CI:DOCS] Add image not found info to troubleshooting
2081
* cmd: do not require userns for "version"
2082
* cmd: drop special handling for "scp"
2083
* cmd: clarify meaning of ParentNSRequired
2084
* Fix package restore
2085
* [CI:DOCS] Fix docs/version-check always requesting updates
2086
* sqlite: add a hidden --db-backend flag
2087
* fix: update the default machine value when the previously set default machine is deleted
2088
* podman machine: Adjust Chrony makestep config
2089
* sqlite: add container short ID to network aliases
2090
* sqlite: remove dead code
2091
* sqlite: addContainer: add named volume only once
2092
* sqlite: implement RewriteVolumeConfig
2093
* sqlite: LookupVolume: fix partial name match
2094
* sqlite: LookupVolume: wrap error
2095
* sqlite: fix type rewriting container config
2096
* sqlite: return correct error on pod-name conflict
2097
* sqlite: RewritePodConfig: update error message
2098
* test/system/255-auto-update.bats: wait 10 for update to finish
2099
* auto-update test: wait for service to be ready
2100
* Vendor in latest containers/(common, storage, image)
2101
* play kube: Add --wait option
2102
* Cirrus: Fix git config permission denied
2103
* Quadlet: Add support for the Mount key in .container files
2104
* build(deps): bump github.com/onsi/gomega from 1.27.1 to 1.27.2
2105
* fix "podman logs --since --follow" flake
2106
* Clarify that replicas are ignored in kubernetes deployment
2107
* Revert "Skip all pasta tests"
2108
* CI: Switch to c20230223t153813z-f37f36d12 images
2109
* Fix user socket path
2110
* pkginstaller: bump Qemu to version 7.2.0
2111
* Cirrus: Fix bud tests failing to apply patches
2112
* build(deps): bump github.com/stretchr/testify from 1.8.1 to 1.8.2
2113
* build(deps): bump github.com/coreos/stream-metadata-go
2114
* Vendor in latest containers/storage
2115
* buildah-bud tests: don't sudo when rootless is desired
2116
* Temporarily disable version-check
2117
* CI: new rootless buildah-bud tests (cron only)
2118
* sqlite: fix volume lookups with partial names
2119
* sqlite: fix container lookups with partial IDs
2120
* sqlite: fix LookupPod
2121
* sqlite: fix pod create/rm
2122
* sqlite: LookupContainer: update error message
2123
* sqlite: AddContainerExitCode: allow to replace
2124
* system: add warning when running rootless on cgroupv1
2125
* sqlite: fix AllContainers with state
2126
* sqlite: fix "UPDATE TABLE" typos
2127
* sqlite: SaveVolume: fix syntax error updating the volumes table
2128
* sqlite: exit code: allow -1
2129
* sqlite: fix typo when removing exec sessions
2130
* sqlite: AllContainers: fix inner join
2131
* sqlite: move migration after table creation
2132
* sqlite: implement pod methods
2133
* Quadlet - use the default runtime
2134
* docs: context is not optional for build
2135
* Fix an incorrect comment on NewSqliteState
2136
* Add support for containers.conf database setting
2137
* Add support for volume operations to SQLite state
2138
* Implement exec session handling in SQL database
2139
* Various fixes from code review
2140
* Remove `--namespace` flag from Podman root
2141
* Get E2E tests to pass
2142
* Implement network disconnect for SQLite state
2143
* Implement Network Connect/Modify for SQLite state
2144
* Fix various lint issues
2145
* Some further work on SQLite state
2146
* Remove concept of Namespaces from BoltDB
2147
* Add initial SQLite-backed state implementation
2148
* Cirrus: Support runc testing on debian VMs
2149
* Skip all pasta tests
2150
* Skip buildah-bud test
2151
* Skip buildx test with VFS podman storage driver
2152
* Skip 'podman kube --network' test for rootless CGv1
2153
* Skip tests which fail with CGv1 & runc
2154
* Skip rootless CGv1 quadlet tests due to issue
2155
* Makefile: Define SHELL
2156
* Machine refactor for QEMU/AppleHV
2157
* machine refactoring preparations for hyperv
2158
* [CI:BUILD] spec.rpkg: trim dependency list
2159
* Logs follow-until tests: loosen checks
2160
* [CI:DOCS] Windows/Mac docs link update
2161
* Doc update for docker network options via CLI
2162
* compat API: network create return 409 for duplicate
2163
* Apply suggestions to man page
2164
* vendor c/common@852ca05a1fbb
2165
* Quadlet: Add support for LogDriver key in container and kube units
2166
* machine refactoring preparations for hyperv
2167
* libpod: always use direct mapping
2168
* netavark: only use aardvark ip as nameserver
2169
* build(deps): bump github.com/container-orchestrated-devices/container-device-interface
2170
* podman logs passthrough driver support --cgroups=split
2171
* journald logs: simplify entry parsing
2172
* podman logs: read journald with passthrough
2173
* make docs: sanity check for broken man pages
2174
* build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.6 to 8.2.0
2175
* build(deps): bump github.com/onsi/gomega from 1.27.0 to 1.27.1
2176
* kube: rm secret on down, print secret on play
2177
* Fix spacing typo that triggered OCD & indent units in podman-systemd.unit(5)
2178
* Update remote_client.md
2179
* [CI:DOCS] Add restriction to option README
2180
* Revert "CI: Temporarily disable all AWS EC2-based tasks"
2181
* build(deps): bump github.com/onsi/gomega from 1.26.0 to 1.27.0
2182
* kube play: only enforce passthrough in Quadlet
2183
* journald: remove initializeJournal()
2184
* auto-update: support pods
2185
* Emergency fix for man pages: check for broken includes
2186
* System tests: assert(): friendlier failure messages
2187
* Cirrus: Fix version-check to only run on `main` job
2188
* CI: Temporarily disable all AWS EC2-based tasks
2189
* build(deps): bump github.com/containerd/containerd from 1.6.16 to 1.6.18
2190
* volume,container: chroot to source before exporting content
2191
* Support sysctl configs via podman kube play
2192
* [CI:BUILD] copr: podman.spec.rpkg cleanups
2193
* quadlet system tests: add useful defaults, logging
2194
* libpod: support relative positions for idmaps
2195
* Experimental workaround for cdn03.quay.io flake
2196
* system tests: prevent leading tabs
2197
* Introduce podman machine os apply
2198
* create: add support for --group-entry
2199
* fix != filter in volume prune
2200
* Allow specification of podman --remote build -f -
2201
* Quadlet use crun specified in containers.conf
2202
* build(deps): bump golang.org/x/net from 0.6.0 to 0.7.0
2203
* Vendor c/image after https://github.com/containers/image/pull/1847
2204
* Don't set hostPort when generating a service
2205
* man page --format xref: tighten the autocompletion check
2206
* add support for limiting tmpfs size for systemd-specific mnts
2207
* build(deps): bump golang.org/x/text from 0.6.0 to 0.7.0
2208
* Add ulimit annotation to kube gen & play
2209
* man page xref: validate displayed man page names
2210
* quadlet: add ExecStop
2211
* install sigproxy before start/attach
2212
* build(deps): bump golang.org/x/tools from 0.5.0 to 0.6.0 in /test/tools
2213
* Fix typos
2214
* Cirrus: Make benchmarks .env file easier to load
2215
* Cirrus: Omit functions in env. file
2216
* kube play: set service container as main PID when possible
2217
* Fix typos. Improve language.
2218
* events + container inspect test: RHEL fixes
2219
* Add ctrName to network alias during kube play
2220
* Run codespell on codebase
2221
* podman image scp: added identity for ssh.Exec
2222
* [CI:DOCS] Clarify nomap constrains
2223
* [CI:DOCS] man-page checker: include --format (Go templates)
2224
* Vendor c/image after https://github.com/containers/image/pull/1816
2225
* [CI:DOCS] Cleanup some man pages to display options with line breaks
2226
* [CI:DOCS] Add tables to podman-systemd.unit man page
2227
* github: remove prefix from bugs/features
2228
* Quadlet: Add support for the Secret key in Container group
2229
* [CI:DOCS] OWNERS: add @ygalblum and @alexlarsson
2230
* build(deps): bump golang.org/x/term from 0.4.0 to 0.5.0
2231
* build(deps): bump github.com/vbauerster/mpb/v8 from 8.1.4 to 8.1.6
2232
* Sort quadlet keys to make it easier to read
2233
* e2e: fix some tests on remote
2234
* kube play: do not teardown unconditionally on error
2235
* Fix typos in comments
2236
* Resolve symlink path for qemu directory if possible
2237
* #17363 Fix contradicting documentation podman-commit
2238
* Fix a potential UID/GID collision in unit tests
2239
* golangci-lint: show all errors at once
2240
* update golangci-lint to version 1.51.1
2241
* [CI:DOCS] events: document journald identifiers
2242
* Quadlet: exit 0 when there are no files to process
2243
* network ls: handle removed container
2244
* e2e: adapt play kube test on remote rootless
2245
* docs/podman-systemd.unit: Explicitely mention network & kube units
2246
* docs/podman-systemd.unit: Update example to work out of the box
2247
* [CI:BUILD] Cirrus: Fix GraphQL ownerRepository:null error
2248
* Add missing return after errors
2249
* Revert "Cirrus: Emergency fix to un-stuck PRs"
2250
* pasta: Fix ICMPv6 Echo test, skip it for the moment
2251
* pasta: Fix ICMP Echo Request (IPv4) test
2252
* pasta: Use two connections instead of three in TCP range forward tests
2253
* Add SELinux label types support to quadlet
2254
* Add quadlet support for rootfs= containers
2255
* Cirrus: Emergency fix to un-stuck PRs
2256
* Move clean-binaries before podman-remote in podman-remote-docs target
2257
* oci: bind mount /sys with --userns=(auto|pod:)
2258
* Cleanup podman-systemd.unit file
2259
* Install podman-systemd.unit man page, make quadlet discoverable
2260
* libpod: allow userns=keep-id for root
2261
* system-reset: use CleanCacheMount to clear build cache
2262
* vendor: bump buildah to v1.29.1-0.20230201192322-e56eb25575c7
2263
* system tests: fix noexistent labels test in the remote
2264
* Expose Podman named pipe in Inspect output
2265
* libpod: support idmap for --rootfs
2266
* test: adapt test to work on cgroupv1
2267
* Bump to v4.5.0-dev
2268
* Update main to reflect v4.4.0 release
2269
* Update from /github.com/vbauerster/mpb/v7 to /v8
2270
* hack/perf: cleanup after benchmarks
2271
* hack/perf/bz-2162111.sh: use custom network
2272
* Update bug_report.yaml
2273
* Handle filetype field in kubernetes.yaml files
2274
* hack/perf/bz-2162111.sh: measure stop
2275
* make hack/markdown-preprocess parallel-safe
2276
* system tests: fix volume exec/noexec test
2277
* system tests: minor fix for RHEL8 incompatibility
2278
* Cirrus: Use versionable IMAGE_SUFFIX
2279
* utils: new conversion method
2280
* libpod: use GraphRoot for overlay upper dir
2281
* vendor: update containers/storage
2282
* Do not mount /dev/tty into rootless containers
2283
* build(deps): bump go.etcd.io/bbolt from 1.3.6 to 1.3.7
2284
* e2e: fix run_staticip_test about no_proxy
2285
* docs: specify order preference for FROM
2286
* Fixes port collision issue on use of --publish-all
2287
* Support for Windows paths in the source position of the volume mounts
2288
* e2e tests: fix incorrect os.User.Name
2289
* Log data that we failed to unmarshal
2290
* [CI:DOCS] hack/perf: add script for BZ 216111
2291
* container rm: save once for exec removal and state change
2292
* [DOCS:CI] podman-events: document verbose create events
2293
* e2e: Avoid hard-coding included in quadlet test
2294
* e2e: Avoid hard-coding ImageCacheDir
2295
* Making gvproxy.exe optional for building Windows installer
2296
* Add gvproxy to Windows packages
2297
* Add comment to clarify error handling intention
2298
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
2299
* Fix usage of absolute windows paths with --image-path
2300
* Match VT device paths to be blocked from mounting exactly
2301
* Fix default handling of pids-limit
2302
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
2303
* journald: podman logs only show logs for current user
2304
* journald: podman events only show events for current user
2305
* e2e: Remove the cache with "podman unshare rm" when a rootless user
2306
* Clean up more language for inclusiveness
2307
* e2e: Remove some directories at SynchronizedAfterSuite
2308
* fix: don't output "ago" when container is currently up and running
2309
* fix: running check error when podman is default in wsl
2310
* fix CI: test fail due to merge
2311
* Bump Bulidah to v1.29.0
2312
* e2e: reduce dependency on /tmp for e2e tests
2313
* Bump cirrus image with easier dependency management
2314
* quadlet: Add device support for .volume files
2315
* remote,build: error if containerignore is symlink
2316
* DB: make loading container states optional
2317
* ps: do not sync container
2318
* Set runAsNonRoot=true in gen kube
2319
* WSL refactoring
2320
* kube-play: add support for HostIPC in pod.Spec
2321
* Allow --device-cgroup-rule to be passed in by docker API
2322
2323
-------------------------------------------------------------------
2324
Fri Apr 14 14:18:34 UTC 2023 - Dan Čermák <dcermak@suse.com>
2325
2326
- Don't build against EoL go versions, fixes bsc#1210299
2327
2328
-------------------------------------------------------------------
2329
Tue Mar 28 04:36:49 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
2330
2331
- Update to version 4.4.4:
2332
* Bump to v4.4.4
2333
* Release notes for v4.4.4
2334
* libpod: always use direct mapping
2335
* macos pkginstaller: do not fail when podman-mac-helper fails
2336
* podman-mac-helper: install: do not error if already installed
2337
* Bump to v4.4.4-dev
2338
2339
- spec: Bump required version for libcontainers-common (bsc#1209495)
2340
2341
-------------------------------------------------------------------
2342
Fri Mar 24 04:56:25 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
2343
2344
- Update to version 4.4.3:
2345
* Bump to v4.4.3
2346
* Release notes for v4.4.3
2347
* compat: /auth: parse server address correctly
2348
* vendor github.com/containers/common@v0.51.1
2349
* pkginstaller: bump Qemu to version 7.2.0
2350
* podman machine: Adjust Chrony makestep config
2351
* [v4.4] fix --health-on-failure=restart in transient unit
2352
* podman logs passthrough driver support --cgroups=split
2353
* journald logs: simplify entry parsing
2354
* podman logs: read journald with passthrough
2355
* journald: remove initializeJournal()
2356
* netavark: only use aardvark ip as nameserver
2357
* compat API: network create return 409 for duplicate
2358
* fix "podman logs --since --follow" flake
2359
* system service --log-level=trace: support hijack
2360
* podman-mac-helper: exit 1 on error
2361
* bump golang.org/x/net to v0.8.0
2362
* Fix package restore
2363
* Quadlet - use the default runtime
2364
* Bump to v4.4.3-dev
2365
2366
- Remove patch (merged upstream):
2367
* Quadlet-use-the-default-runtime.patch
2368
(https://github.com/containers/podman/pull/17601)
2369
2370
-------------------------------------------------------------------
2371
Mon Feb 27 13:54:33 UTC 2023 - Dan Čermák <dcermak@suse.com>
2372
2373
- Add patch to let quadlet use the default runtime
2374
Added patch:
2375
* Quadlet-use-the-default-runtime.patch
2376
=> Remove dependency on crun
2377
2378
-------------------------------------------------------------------
2379
Fri Feb 24 02:29:18 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
2380
2381
- Update to version 4.4.2:
2382
* Bump to v4.4.2
2383
* Release notes for v4.4.2
2384
* Revert "CI: Temporarily disable all AWS EC2-based tasks"
2385
* kube play: only enforce passthrough in Quadlet
2386
* Emergency fix for man pages: check for broken includes
2387
* CI: Temporarily disable all AWS EC2-based tasks
2388
* quadlet system tests: add useful defaults, logging
2389
* volume,container: chroot to source before exporting content
2390
* install sigproxy before start/attach
2391
* Update to c/image 5.24.1
2392
* events + container inspect test: RHEL fixes
2393
* Bump to v4.4.2-dev
2394
2395
- Remove patches (merged upstream):
2396
* volume-container-chroot-to-source-before-exporting-content.patch
2397
- podman.spec: add `crun` requirement for quadlet
2398
(https://github.com/containers/podman/pull/17601)
2399
2400
-------------------------------------------------------------------
2401
Tue Feb 21 07:40:30 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
2402
2403
- podman.spec: set PREFIX at build stage (boo#1208510)
2404
2405
-------------------------------------------------------------------
2406
Fri Feb 17 13:39:16 UTC 2023 - Dan Čermák <dcermak@suse.com>
2407
2408
- Add patch to fix bsc#1208364 aka CVE-2023-0778
2409
2410
Added patch:
2411
* volume-container-chroot-to-source-before-exporting-content.patch
2412
2413
-------------------------------------------------------------------
2414
Thu Feb 09 12:15:40 UTC 2023 - fvogt@suse.com
2415
2416
- Update to version 4.4.1:
2417
* Bump to v4.4.1
2418
* Update release notes for Podman 4.4.1
2419
* kube play: do not teardown unconditionally on error
2420
* Resolve symlink path for qemu directory if possible
2421
* events: document journald identifiers
2422
* Quadlet: exit 0 when there are no files to process
2423
* Cleanup podman-systemd.unit file
2424
* Install podman-systemd.unit man page, make quadlet discoverable
2425
* Add missing return after errors
2426
* oci: bind mount /sys with --userns=(auto|pod:)
2427
* docs: specify order preference for FROM
2428
* Cirrus: Fix & remove GraphQL API tests
2429
* test: adapt test to work on cgroupv1
2430
* make hack/markdown-preprocess parallel-safe
2431
* Fix default handling of pids-limit
2432
* system tests: fix volume exec/noexec test
2433
* Bump to v4.4.1-dev
2434
2435
-------------------------------------------------------------------
2436
Thu Feb 02 12:57:45 UTC 2023 - dcermak@suse.com
2437
2438
- Remove patches (merged upstream or resolved otherwise):
2439
* 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
2440
* 0002-Make-the-priority-for-picking-the-storage-driver-con.patch
2441
* 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch
2442
2443
- remove long obsolete update scriptlets
2444
2445
- Update to version 4.4.0:
2446
* Bump to v4.4.0
2447
* Final release notes for v4.4.0
2448
* Emergency fix for RHEL8 gating tests
2449
* Do not mount /dev/tty into rootless containers
2450
* Fixes port collision issue on use of --publish-all
2451
* Fix usage of absolute windows paths with --image-path
2452
* fix #17244: use /etc/timezone where `timedatectl` is missing on Linux
2453
* podman-events: document verbose create events
2454
* Making gvproxy.exe optional for building Windows installer
2455
* Add gvproxy to Windows packages
2456
* Match VT device paths to be blocked from mounting exactly
2457
* Clean up more language for inclusiveness
2458
* Set runAsNonRoot=true in gen kube
2459
* quadlet: Add device support for .volume files
2460
* fix: running check error when podman is default in wsl
2461
* fix: don't output "ago" when container is currently up and running
2462
* journald: podman logs only show logs for current user
2463
* journald: podman events only show events for current user
2464
* Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml)
2465
* DB: make loading container states optional
2466
* ps: do not sync container
2467
* Allow --device-cgroup-rule to be passed in by docker API
2468
* [v4.4] Bump to Buildah v1.29.0
2469
* Bump to v4.4.0-dev
2470
* Bump to v4.4.0-RC3
2471
* Create release notes for v4.4.0
2472
* Cirrus: Update operating branch
2473
* fix APIv2 python attach test flake
2474
* ps: query health check in batch mode
2475
* make example volume import, not import volume
2476
* Correct output when inspecting containers created with --ipc
2477
* Vendor containers/(storage, image, common, buildah)
2478
* Get correct username in pod when using --userns=keep-id
2479
* ps: get network data in batch mode
2480
* build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0
2481
* add hack/perf for comparing two container engines
2482
* systems: retrofit dns options test to honor other search domains
2483
* ps: do not create copy of container config
2484
* libpod: set search domain independently of nameservers
2485
* libpod,netavark: correctly populate /etc/resolv.conf with custom dns server
2486
* podman: relay custom DNS servers to network stack
2487
* (fix) mount_program is in storage.options.overlay
2488
* Change example target to default in doc
2489
* network create: do not allow `default` as name
2490
* kube-play: add support for HostPID in podSpec
2491
* build(deps): bump github.com/docker/docker
2492
* Let's see if #14653 is fixed or not
2493
* Add support for podman build --group-add
2494
* vendor in latests containers/(storage, common, build, image)
2495
* unskip network update test
2496
* do not install swagger by default
2497
* pasta: skip "Local forwarder, IPv4" test
2498
* add testbindings Makefile target
2499
* update CI images to include pasta
2500
* [CI:DOCS] Add CNI deprecation notices to documentation
2501
* Cirrus: preserve podman-server logs
2502
* waitPidStop: reduce sleep time to 10ms
2503
* StopContainer: return if cleanup process changed state
2504
* StopSignal: add a comment
2505
* StopContainer: small refactor
2506
* waitPidStop: simplify code
2507
* e2e tests: reenable long-skipped build test
2508
* Add openssh-clients to podmanimage
2509
* Reworks Windows smoke test to tunnel through interactive session.
2510
* fix bud-multiple-platform-with-base-as-default-arg flake
2511
* Remove ReservedAnnotations from kube generate specification
2512
* e2e: update test/README.md
2513
* e2e: use isRootless() instead of rootless.IsRootless()
2514
* Cleanup documentation on --userns=auto
2515
* Bump to v4.4.0-dev
2516
* Bump to v4.4.0-rc2
2517
* Vendor in latest c/common
2518
* sig-proxy system test: bump timeout
2519
* build(deps): bump github.com/containernetworking/plugins
2520
* rootless: rename auth-scripts to preexec-hooks
2521
* Docs: version-check updates
2522
* commit: use libimage code to parse changes
2523
* [CI:DOCS] Remove experimental mac tutorial
2524
* man: Document the interaction between --systemd and --privileged
2525
* Make rootless privileged containers share the same tty devices as rootfull ones
2526
* container kill: handle stopped/exited container
2527
* Vendor in latest containers/(image,ocicrypt)
2528
* add a comment to container removal
2529
* Vendor in latest containers/storage
2530
* Cirrus: Run machine tests on PR merge
2531
* fix flake in kube system test
2532
* kube play: complete container spec
2533
* E2E Tests: Use inspect instead of actual data to avoid UDP flake
2534
* Use containers/storage/pkg/regexp in place of regexp
2535
* Vendor in latest containers/storage
2536
* Cirrus: Support using updated/latest NV/AV in PRs
2537
* Limit replica count to 1 when deploying from kubernetes YAML
2538
* Set StoppedByUser earlier in the process of stopping
2539
* podman-play system test: refactor
2540
* Bump to v4.4.0-dev
2541
* Bump to v4.4.0-RC1
2542
* network: add support for podman network update and --network-dns-server
2543
* service container: less verbose error logs
2544
* Quadlet Kube - add support for PublishPort key
2545
* e2e: fix systemd_activate_test
2546
* Compile regex on demand not in init
2547
* [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns.
2548
* E2E Test: Play Kube set deadline to connection to avoid hangs
2549
* Only prevent VTs to be mounted inside privileged systemd containers
2550
* e2e: fix play_kube_test
2551
* Updated error message for supported VolumeSource types
2552
* Introduce pkg retry logic in win installer task
2553
* logformatter: include base SHA, with history link
2554
* Network tests: ping redhat.com, not podman.io
2555
* cobra: move engine shutdown to Execute
2556
* Updated options for QEMU on Windows hosts
2557
* Update Mac installer to use gvproxy v0.5.0
2558
* podman: podman rm -f doesn't leave processes
2559
* oci: check for valid PID before kill(pid, 0)
2560
* linux: add /sys/fs/cgroup if /sys is a bind mount
2561
* Quadlet: Add support for ConfigMap key in Kube section
2562
* remove service container _after_ pods
2563
* Kube Play - allow setting and overriding published host ports
2564
* oci: terminate all container processes on cleanup
2565
* Update win-sshproxy to 0.5.0 gvisor tag
2566
* Vendor in latest containers/common
2567
* Fix a potential defer logic error around locking
2568
* logformatter: nicer formatting for bats failures
2569
* logformatter: refactor verbose line-print
2570
* e2e tests: stop using UBI images
2571
* k8s-file: podman logs --until --follow exit after time
2572
* journald: podman logs --until --follow exit after time
2573
* journald: seek to time when --since is used
2574
* podman logs: journald fix --since and --follow
2575
* Preprocess files in UTF-8 mode
2576
* Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools
2577
* Vendor in latest containers/(common, image, storage)
2578
* Switch to C based msi hooks for win installer
2579
* hack/bats: improve usage message
2580
* hack/bats: add --remote option
2581
* hack/bats: fix root/rootless logic
2582
* Describe copy volume options
2583
* Support sig-proxy for podman-remote attach and start
2584
* libpod: fix race condition rm'ing stopping containers
2585
* e2e: fix run_volume_test
2586
* Add support for Windows ARM64
2587
* Add shared --compress to man pages
2588
* Add container error message to ContainerState
2589
* Man page checker: require canonical name in SEE ALSO
2590
* system df: improve json output code
2591
* kube play: fix the error logic with --quiet
2592
* System tests: quadlet network test
2593
* Fix: List container with volume filter
2594
* adding -dryrun flag
2595
* Quadlet Container: Add support for EnvironmentFile and EnvironmentHost
2596
* Kube Play: use passthrough as the default log-driver if service-container is set
2597
* System tests: add missing cleanup
2598
* System tests: fix unquoted question marks
2599
* Build and use a newer systemd image
2600
* Quadlet Network - Fix the name of the required network service
2601
* System Test Quadlet - Volume dependency test did not test the dependency
2602
* fix `podman system connection - tcp` flake
2603
* vendor: bump c/storage to a747b27
2604
* Fix instructions about setting storage driver on command-line
2605
* Test README - point users to hack/bats
2606
* System test: quadlet kube basic test
2607
* Fixed `podman update --pids-limit`
2608
* podman-remote,bindings: trim context path correctly when its emptydir
2609
* Quadlet Doc: Add section for .kube files
2610
* e2e: fix containers_conf_test
2611
* Allow '/' to prefix container names to match Docker
2612
* Remove references to qcow2
2613
* Fix typos in man page regarding transient storage mode.
2614
* make: Use PYTHON var for .install.pre-commit
2615
* Add containers.conf read-only flag support
2616
* Explain that relabeling/chowning of volumes can take along time
2617
* events: support "die" filter
2618
* infra/abi: refactor ContainerRm
2619
* When in transient store mode, use rundir for bundlepath
2620
* quadlet: Support Type=oneshot container files
2621
* hacks/bats: keep QUADLET env var in test env
2622
* New system tests for conflicting options
2623
* Vendor in latest containers/(buildah, image, common)
2624
* Output Size and Reclaimable in human form for json output
2625
* podman service: close duplicated /dev/null fd
2626
* ginkgo tests: apply ginkgolinter fixes
2627
* Add support for hostPath and configMap subpath usage
2628
* export: use io.Writer instead of file
2629
* rootless: always create userns with euid != 0
2630
* rootless: inhibit copy mapping for euid != 0
2631
* pkg/domain/infra/abi: introduce `type containerWrapper`
2632
* vendor: bump to buildah ca578b290144 and use new cache API
2633
* quadlet: Handle booleans that have defaults better
2634
* quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault
2635
* Add podman-clean-transient.service service
2636
* Stop recording annotations set to false
2637
* Unify --noheading and -n to be consistent on all commands
2638
* pkg/domain/infra/abi: add `getContainers`
2639
* Update vendor of containters/(common, image)
2640
* specfile: Drop user-add depedency from quadlet subpackage.
2641
* quadlet: Default BINDIR to /usr/bin if tag not specified
2642
* Quadlet: add network support
2643
* Add comment for jsonMarshal command
2644
* Always allow pushing from containers-storage
2645
* libpod: move NetNS into state db instead of extra bucket
2646
* Add initial system tests for quadlets
2647
* quadlet: Add --user option
2648
* libpod: remove CNI word were no longer applicable
2649
* libpod: fix header length in http attach with logs
2650
* podman-kube@ template: use `podman kube`
2651
* build(deps): bump github.com/docker/docker
2652
* wait: add --ignore option
2653
* qudlet: Respect $PODMAN env var for podman binary
2654
* e2e: Add assert-key-is-regex check to quadlet e2e testsuite
2655
* e2e: Add some assert to quadlet test to make sure testcases are sane
2656
* remove unmapped ports from inspect port bindings
2657
* update podman-network-create for clarity
2658
* Vendor in latest containers/common with default capabilities
2659
* pkg/rootless: Change error text ...
2660
* rootless: add cli validator
2661
* rootless: define LIBEXECPODMAN
2662
* doc: fix documentation for idmapped mounts
2663
* bump golangci-lint to v1.50.1
2664
* build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2
2665
* [CI:DOCS] podman-mount: s/umount/unmount/
2666
* create/pull --help: list pull policies
2667
* Network Create: Add --ignore flag to support idempotent script
2668
* Make qemu security model none
2669
* libpod: use OCI idmappings for mounts
2670
* stop reporting errors removing containers that don't exist
2671
* test: added test from wait endpoint with to long label
2672
* quadlet: Default VolatileTmp to off
2673
* build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11
2674
* docs/options/ipc: fix list syntax
2675
* Docs: Add dedicated DOWNLOAD doc w/ links to bins
2676
* Make a consistently-named windows installer
2677
* checkpoint restore: fix --ignore-static-ip/mac
2678
* add support for subpath in play kube for named volumes
2679
* build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0
2680
* golangci-lint: remove three deprecated linters
2681
* parse-localbenchmarks: separate standard deviation
2682
* build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0
2683
* podman play kube support container startup probe
2684
* Add podman buildx version support
2685
* Cirrus: Collect benchmarks on machine instances
2686
* Cirrus: Remove escape codes from log files
2687
* [CI:DOCS] Clarify secret target behavior
2688
* Fix typo on network docs
2689
* podman-remote build add --volume support
2690
* remote: allow --http-proxy for remote clients
2691
* Cleanup kube play workloads if error happens
2692
* health check: ignore dependencies of transient systemd units/timers
2693
* fix: event read from syslog
2694
* Fixes secret (un)marshaling for kube play.
2695
* Remove 'you' from man pages
2696
* build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools
2697
* [CI:DOCS] test/README.md: run tests with podman-remote
2698
* e2e: keeps the http_proxy value
2699
* Makefile: Add podman-mac-helper to darwin client zip
2700
* test/e2e: enable "podman run with ipam none driver" for nv
2701
* [skip-ci] GHA/Cirrus-cron: Fix execution order
2702
* kube sdnotify: run proxies for the lifespan of the service
2703
* Update containers common package
2704
* podman manpage: Use man-page links instead of file names
2705
* e2e: fix e2e tests in proxy environment
2706
* Fix test
2707
* disable healthchecks automatically on non systemd systems
2708
* Quadlet Kube: Add support for userns flag
2709
* [CI:DOCS] Add warning about --opts,o with mount's -o
2710
* Add podman system prune --external
2711
* Add some tests for transient store
2712
* runtime: In transient_store mode, move bolt_state.db to rundir
2713
* runtime: Handle the transient store options
2714
* libpod: Move the creation of TmpDir to an earlier time
2715
* network create: support "-o parent=XXX" for ipvlan
2716
* compat API: allow MacAddress on container config
2717
* Quadlet Kube: Add support for relative path for YAML file
2718
* notify k8s system test: move sending message into exec
2719
* runtime: do not chown idmapped volumes
2720
* quadlet: Drop ExecStartPre=rm %t/%N.cid
2721
* Quadlet Kube: Set SyslogIdentifier if was not set
2722
* Add a FreeBSD cross build to the cirrus alt build task
2723
* Add completion for --init-ctr
2724
* Fix handling of readonly containers when defined in kube.yaml
2725
* Build cross-compilation fixes
2726
* libpod: Track healthcheck API changes in healthcheck_unsupported.go
2727
* quadlet: Use same default capability set as podman run
2728
* quadlet: Drop --pull=never
2729
* quadlet: Change default of ReadOnly to no
2730
* quadlet: Change RunInit default to no
2731
* quadlet: Change NoNewPrivileges default to false
2732
* test: podman run with checkpoint image
2733
* Enable 'podman run' for checkpoint images
2734
* test: Add tests for checkpoint images
2735
* CI setup: simplify environment passthrough code
2736
* Init containers should not be restarted
2737
* Update c/storage after https://github.com/containers/storage/pull/1436
2738
* Set the latest release explicitly
2739
* add friendly comment
2740
* fix an overriding logic and load config problem
2741
* Update the issue templates
2742
* Update vendor of containers/(image, buildah)
2743
* [CI:DOCS] Skip windows-smoke when not useful
2744
* [CI:DOCS] Remove broken gate-container docs
2745
* OWNERS: add Jason T. Greene
2746
* hack/podmansnoop: print arguments
2747
* Improve atomicity of VM state persistence on Windows
2748
* [CI:BUILD] copr: enable podman-restart.service on rpm installation
2749
* macos: pkg: Use -arm64 suffix instead of -aarch64
2750
* linux: Add -linux suffix to podman-remote-static binaries
2751
* linux: Build amd64 and arm64 podman-remote-static binaries
2752
* container create: add inspect data to event
2753
* Allow manual override of install location
2754
* Run codespell on code
2755
* Add missing parameters for checkpoint/restore endpoint
2756
* Add support for startup healthchecks
2757
* Add information on metrics to the `network create` docs
2758
* Introduce podman machine os commands
2759
* Document that ignoreRootFS depends on export/import
2760
* Document ignoreVolumes in checkpoint/restore endpoint
2761
* Remove leaveRunning from swagger restore endpoint
2762
* libpod: Add checks to avoid nil pointer dereference if network setup fails
2763
* Address golangci-lint issues
2764
* Bump golang version to 1.18
2765
* Documenting Hyper-V QEMU acceleration settings
2766
* Kube Play: fix the handling of the optional field of SecretVolumeSource
2767
* Update Vendor of containers/(common, image, buildah)
2768
* Fix swapped NetInput/-Output stats
2769
* libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory
2770
* chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template
2771
* test/tools: rebuild when files are changed
2772
* ginkgo tests: apply ginkgolinter fixes
2773
* ginkgo: restructure install work flow
2774
* Fix manpage emphasis
2775
* specgen: support CDI devices from containers.conf
2776
* vendor: update containers/common
2777
* pkg/trust: Take the default policy path from c/common/pkg/config
2778
* Add validate-in-container target
2779
* Adding encryption decryption feature
2780
* container restart: clean up healthcheck state
2781
* Add support for podman-remote manifest annotate
2782
* Quadlet: Add support for .kube files
2783
* Update vendor of containers/(buildah, common, storage, image)
2784
* specgen: honor user namespace value
2785
* [CI:DOCS] Migrate OSX Cross to M1
2786
* quadlet: Rework uid/gid remapping
2787
* GHA: Fix cirrus re-run workflow for other repos.
2788
* ssh system test: skip until it becomes a test
2789
* shell completion: fix hard coded network drivers
2790
* libpod: Report network setup errors properly on FreeBSD
2791
* E2E Tests: change the registry for the search test to avoid authentication
2792
* pkginstaller: install podman-mac-helper by default
2793
* Fix language. Mostly spelling a -> an
2794
* podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment.
2795
* [CI:DOCS] Fix spelling and typos
2796
* Modify man page of "--pids-limit" option to correct a default value.
2797
* Update docs/source/markdown/podman-remote.1.md
2798
* Update pkg/bindings/connection.go
2799
* Add more documentation on UID/GID Mappings with --userns=keep-id
2800
* support podman-remote to connect tcpURL with proxy
2801
* Removing the RawInput from the API output
2802
* fix port issues for CONTAINER_HOST
2803
* CI: Package versions: run in the 'main' step
2804
* build(deps): bump github.com/rootless-containers/rootlesskit
2805
* pkg/domain: Make checkExecPreserveFDs platform-specific
2806
* e2e tests: fix restart race
2807
* Fix podman --noout to suppress all output
2808
* remove pod if creation has failed
2809
* pkg/rootless: Implement rootless.IsFdInherited on FreeBSD
2810
* Fix more podman-logs flakes
2811
* healthcheck system tests: try to fix flake
2812
* libpod: treat ESRCH from /proc/PID/cgroup as ENOENT
2813
* GHA: Configure workflows for reuse
2814
* compat,build: handle docker's preconfigured cacheTo,cacheFrom
2815
* docs: deprecate pasta network name
2816
* utils: Enable cgroup utils for FreeBSD
2817
* pkg/specgen: Disable kube play tests on FreeBSD
2818
* libpod/lock: Fix build and tests for SHM locks on FreeBSD
2819
* podman cp: fix copying with "." suffix
2820
* pkginstaller: bump Qemu to version 7.1.0
2821
* specgen,wasm: switch to crun-wasm wherever applicable
2822
* vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1
2823
* libpod: Make unit test for statToPercent Linux only
2824
* Update vendor of containers/storage
2825
* fix connection usage with containers.conf
2826
* Add --quiet and --no-info flags to podman machine start
2827
* Add hidden podman manifest inspect -v option
2828
* Bump github.com/onsi/gomega from 1.24.0 to 1.24.1
2829
* Add podman volume create -d short option for driver
2830
* Vendor in latest containers/(common,image,storage)
2831
* Add podman system events alias to podman events
2832
* Fix search_test to return correct version of alpine
2833
* Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools
2834
* GHA: Fix undefined secret env. var.
2835
* Release notes for 4.3.1
2836
* GHA: Fix make_email-body script reference
2837
* Add release keys to README
2838
* GHA: Fix typo setting output parameter
2839
* GHA: Fix typo.
2840
* New tool, docs/version-check
2841
* Formalize our compare-against-docker mechanism
2842
* Add restart-sec for container service files
2843
* test/tools: bump module to go 1.17
2844
* contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor
2845
* Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0
2846
* Bump golang.org/x/term from 0.1.0 to 0.2.0
2847
* Bump golang.org/x/sys from 0.1.0 to 0.2.0
2848
* Bump github.com/container-orchestrated-devices/container-device-interface
2849
* build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools
2850
* libpod: Add FreeBSD support in packageVersion
2851
* Allow podman manigest push --purge|-p as alias for --rm
2852
* [CI:DOCS] Add performance tutorial
2853
* [CI:DOCS] Fix build targets in build_osx.md.
2854
* fix --format {{json .}} output to match docker
2855
* remote: fix manifest add --annotation
2856
* Skip test if `--events-backend` is necessary with podman-remote
2857
* kube play: update the handling of PersistentVolumeClaim
2858
* system tests: fix a system test in proxy environment
2859
* Use single unqualified search registry on Windows
2860
* test/system: Add, use tcp_port_probe() to check for listeners rather than binds
2861
* test/system: Add tests for pasta(1) connectivity
2862
* test/system: Move network-related helpers to helpers.network.bash
2863
* test/system: Use procfs to find bound ports, with optional address and protocol
2864
* test/system: Use port_is_free() from wait_for_port()
2865
* libpod: Add pasta networking mode
2866
* More log-flake work
2867
* Fix test flakes caused by improper podman-logs
2868
* fix incorrect systemd booted check
2869
* Cirrus: Add tests for GHA scripts
2870
* GHA: Update scripts to pass shellcheck
2871
* Cirrus: Shellcheck github-action scripts
2872
* Cirrus: shellcheck support for github-action scripts
2873
* GHA: Fix cirrus-cron scripts
2874
* Makefile: don't install to tmpfiles.d on FreeBSD
2875
* Make sure we can build and read each line of docker py's api client
2876
* Docker compat build api - make sure only one line appears per flush
2877
* Run codespell on code
2878
* Update vendor of containers/(image, storage, common)
2879
* Allow namespace path network option for pods.
2880
* Cirrus: Never skip running Windows Cross task
2881
* GHA: Auto. re-run failed cirrus-cron builds once
2882
* GHA: Migrate inline script to file
2883
* GHA: Simplify script reference
2884
* test/e2e: do not use apk in builds
2885
* remove container/pod id file along with container/pod
2886
* Cirrus: Synchronize windows image
2887
* Add --insecure,--tls-verify,--verbose flags to podman manifest inspect
2888
* runtime: add check for valid pod systemd cgroup
2889
* CI: set and verify DESIRED_NETWORK (netavark, cni)
2890
* [CI:DOCS] troubleshooting: document keep-id options
2891
* Man pages: refactor common options: --security-opt
2892
* Cirrus: Guarantee CNI testing w/o nv/av present
2893
* Cirrus: temp. disable all Ubuntu testing
2894
* Cirrus: Update to F37beta
2895
* buildah bud tests: better handling of remote
2896
* quadlet: Warn in generator if using short names
2897
* Add Windows Smoke Testing
2898
* Add podman kube apply command
2899
* docs: offer advice on installing test dependencies
2900
* Fix documentation on read-only-tmpfs
2901
* version bump to 4.4.0-dev
2902
* deps: bump go-criu to v6
2903
* Makefile: Add cross build targets for freebsd
2904
* pkg/machine: Make this build on FreeBSD/arm64
2905
* pkg/rctl: Remove unused cgo dependency
2906
* man pages: assorted underscore fixes
2907
* Upgrade GitHub actions packages from v2 to v3
2908
* vendor github.com/godbus/dbus/v5@4b691ce
2909
* [CI:DOCS] fix --tmpdir typos
2910
* Do not report that /usr/share/containers/storage.conf has been edited.
2911
* Eval symlinks on XDG_RUNTIME_DIR
2912
* hack/podmansnoop
2913
* rootless: support keep-id with one mapping
2914
* rootless: add argument to GetConfiguredMappings
2915
* Update vendor containers/(common,storage,buildah,image)
2916
* Fix deadlock between 'podman ps' and 'container inspect' commands
2917
* Add information about where the libpod/boltdb database lives
2918
* Consolidate the dependencies for the IsTerminal() API
2919
* Ensure that StartAndAttach locks while sending signals
2920
* ginkgo testing: fix podman usernamespace join
2921
* Test runners: nuke podman from $PATH before tests
2922
* volumes: Fix idmap not working for volumes
2923
* FIXME: Temporary workaround for ubi8 CI breakage
2924
* System tests: teardown: clean up volumes
2925
* update api versions on docs.podman.io
2926
* system tests: runlabel: use podman-under-test
2927
* system tests: podman network create: use random port
2928
* sig-proxy test: bump timeout
2929
* play kube: Allow the user to import the contents of a tar file into a volume
2930
* Clarify the docs on DropCapability
2931
* quadlet tests: Disable kmsg logging while testing
2932
* quadlet: Support multiple Network=
2933
* quadlet: Add support for Network=...
2934
* Fix manpage for podman run --network option
2935
* quadlet: Add support for AddDevice=
2936
* quadlet: Add support for setting seccomp profile
2937
* quadlet: Allow multiple elements on each Add/DropCaps line
2938
* quadlet: Embed the correct binary name in the generated comment
2939
* quadlet: Drop the SocketActivated key
2940
* quadlet: Switch log-driver to passthrough
2941
* quadlet: Change ReadOnly to default to enabled
2942
* quadlet tests: Run the tests even for (exected) failed tests
2943
* quadlet tests: Fix handling of stderr checks
2944
* Remove unused script file
2945
* notifyproxy: fix container watcher
2946
* container/pod id file: truncate instead of throwing an error
2947
* quadlet: Use the new podman create volume --ignore
2948
* Add podman volume create --ignore
2949
* logcollector: include aardvark-dns
2950
* build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1
2951
* build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1
2952
* docs: generate systemd: point to kube template
2953
* docs: kube play: mention restart policy
2954
* Fixes: 15858 (podman system reset --force destroy machine)
2955
* fix search flake
2956
* use cached containers.conf
2957
* adding regex support to the ancestor ps filter function
2958
* Fix `system df` issues with `-f` and `-v`
2959
* markdown-preprocess: cross-reference where opts are used
2960
* Default qemu flags for Windows amd64
2961
* build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0
2962
* Update main to reflect v4.3.0 release
2963
* build(deps): bump github.com/docker/docker
2964
* move quadlet packages into pkg/systemd
2965
* system df: fix image-size calculations
2966
* Add man page for quadlet
2967
* Fix small typo
2968
* testimage: add iproute2 & socat, for pasta networking
2969
* Set up minikube for k8s testing
2970
* Makefile: don't install systemd generator binaries on FreeBSD
2971
* [CI:BUILD] copr: podman rpm should depend on containers-common-extra
2972
* Podman image: Set default_sysctls to empty for rootless containers
2973
* Don't use github.com/docker/distribution
2974
* libpod: Add support for 'podman top' on FreeBSD
2975
* libpod: Factor out jail name construction from stats_freebsd.go
2976
* pkg/util: Add pid information descriptors for FreeBSD
2977
* Initial quadlet version integrated in golang
2978
* bump golangci-lint to v1.49.0
2979
* Update vendor containers/(common,image,storage)
2980
* Allow volume mount dups, iff source and dest dirs
2981
* rootless: fix return value handling
2982
* Change to correct break statements
2983
* vendor containers/psgo@v1.8.0
2984
* Clarify that MacOSX docs are client specific
2985
* libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit
2986
* Add swagger install + allow version updates in CI
2987
* Cirrus: Fix windows clone race
2988
* build(deps): bump github.com/docker/docker
2989
* kill: wait for the container
2990
* generate systemd: set --stop-timeout for stopping containers
2991
* hack/tree_status.sh: print diff at the end
2992
* Fix markdown header typo
2993
* markdown-preprocess: add generic include mechanism
2994
* markdown-preprocess: almost complete OO rewrite
2995
* Update tests for changed error messages
2996
* Update c/image after https://github.com/containers/image/pull/1299
2997
* Man pages: refactor common options (misc)
2998
* Man pages: Refactor common options: --detach-keys
2999
* vendor containers/storage@main
3000
* Man pages: refactor common options: --attach
3001
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0
3002
* KillContainer: improve error message
3003
* docs: add missing options
3004
* Man pages: refactor common options: --annotation (manifest)
3005
* build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0
3006
* system tests: health-on-failure: fix broken logic
3007
* build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8
3008
* build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1
3009
* ContainerEngine.SetupRootless(): Avoid calling container.Config()
3010
* Container filters: Avoid use of ctr.Config()
3011
* Avoid unnecessary calls to Container.Spec()
3012
* Add and use Container.LinuxResource() helper
3013
* play kube: notifyproxy: listen before starting the pod
3014
* play kube: add support for configmap binaryData
3015
* Add and use libpod/Container.Terminal() helper
3016
* Revert "Add checkpoint image tests"
3017
* Revert "cmd/podman: add support for checkpoint images"
3018
* healthcheck: fix --on-failure=stop
3019
* Man pages: Add mention of behavior due to XDG_CONFIG_HOME
3020
* build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6
3021
* Avoid unnecessary timeout of 250msec when waiting on container shutdown
3022
* health checks: make on-failure action retry aware
3023
* libpod: Remove 100msec delay during shutdown
3024
* libpod: Add support for 'podman pod' on FreeBSD
3025
* libpod: Factor out cgroup validation from (*Runtime).NewPod
3026
* libpod: Move runtime_pod_linux.go to runtime_pod_common.go
3027
* specgen/generate: Avoid a nil dereference in MakePod
3028
* libpod: Factor out cgroups handling from (*Pod).refresh
3029
* Adds a link to OSX docs in CONTRIBUTING.md
3030
* Man pages: refactor common options: --os-version
3031
* Create full path to a directory when DirectoryOrCreate is used with play kube
3032
* Return error in podman system service if URI scheme is not unix/tcp
3033
* Man pages: refactor common options: --time
3034
* man pages: document some --format options: images
3035
* Clean up when stopping pods
3036
* Update vendor of containers/buildah v1.28.0
3037
* Proof of concept: nightly dependency treadmill
3038
3039
-------------------------------------------------------------------
3040
Tue Jan 17 10:42:42 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
3041
3042
- add patch: 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch
3043
(backport of https://github.com/containers/storage/pull/1468)
3044
3045
-------------------------------------------------------------------
3046
Fri Jan 13 12:46:24 UTC 2023 - Danish Prakash <danish.prakash@suse.com>
3047
3048
- Make the priority for picking the storage driver configurable (bsc#1197093)
3049
(backport of https://github.com/containers/storage/pull/1460)
3050
- add patch: 0002-Make-the-priority-for-picking-the-storage-driver-con.patch
3051
3052
-------------------------------------------------------------------
3053
Tue Nov 22 08:20:16 UTC 2022 - dcermak@suse.com
3054
3055
- switch to building with go 1.17
3056
- use %%make_* macros
3057
- drop /usr/share/user-tmpfiles.d/podman-docker.conf on SLE & Leap
3058
- remove rpmlintrc (contained only obsolete filters)
3059
- remove obsolete with_libostree (we don't build on anything older than SLE 15)
3060
- add patch: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch
3061
(hotfix for https://github.com/containers/podman/issues/16765)
3062
- Update to version 4.3.1:
3063
3064
4.3.1:
3065
3066
### Bugfixes
3067
- Fixed a deadlock between the `podman ps` and `podman container inspect` commands
3068
3069
### Misc
3070
- Updated the containers/image library to v5.23.1
3071
3072
3073
4.3.0:
3074
3075
### Features
3076
- A new command, `podman generate spec`, has been added, which creates a JSON struct based on a given container that can be used with the Podman REST API to create containers.
3077
- A new command, `podman update`, has been added,which makes changes to the resource limits of existing containers. Please note that these changes do not persist if the container is restarted ([#15067](https://github.com/containers/podman/issues/15067)).
3078
- A new command, `podman kube down`, has been added, which removes pods and containers created by the given Kubernetes YAML (functionality is identical to `podman kube play --down`, but it now has its own command).
3079
- The `podman kube play` command now supports Kubernetes secrets using Podman's secrets backend.
3080
- Systemd-managed pods created by the `podman kube play` command now integrate with sd-notify, using the `io.containers.sdnotify` annotation (or `io.containers.sdnotify/$name` for specific containers).
3081
- Systemd-managed pods created by `podman kube play` can now be auto-updated, using the `io.containers.auto-update` annotation (or `io.containers.auto-update/$name` for specific containers).
3082
- The `podman kube play` command can now read YAML from URLs, e.g. `podman kube play https://example.com/demo.yml` ([#14955](https://github.com/containers/podman/issues/14955)).
3083
- The `podman kube play` command now supports the `emptyDir` volume type ([#13309](https://github.com/containers/podman/issues/13309)).
3084
- The `podman kube play` command now supports the `HostUsers` field in the pod spec.
3085
- The `podman play kube` command now supports `binaryData` in ConfigMaps.
3086
- The `podman pod create` command can now set additional resource limits for pods using the new `--memory-swap`, `--cpuset-mems`, `--device-read-bps`, `--device-write-bps`, `--blkio-weight`, `--blkio-weight-device`, and `--cpu-shares` options.
3087
- The `podman machine init` command now supports a new option, `--username`, to set the username that will be used to connect to the VM as a non-root user ([#15402](https://github.com/containers/podman/issues/15402)).
3088
- The `podman volume create` command's `-o timeout=` option can now set a timeout of 0, indicating volume plugin operations will never time out.
3089
- Added support for a new volume driver, `image`, which allows volumes to be created that are backed by images.
3090
- The `podman run` and `podman create` commands support a new option, `--env-merge`, allowing environment variables to be specified relative to other environment variables in the image (e.g. `podman run --env-merge "PATH=$PATH:/my/app" ...`) ([#15288](https://github.com/containers/podman/issues/15288)).
3091
- The `podman run` and `podman create` commands support a new option, `--on-failure`, to allow action to be taken when a container fails health checks, with the following supported actions: `none` (take no action, the default), `kill` (kill the container), `restart` (restart the container), and `stop` (stop the container).
3092
- The `--keep-id` option to `podman create` and `podman run` now supports new options, `uid` and `gid`, to set the UID and GID of the user in the container that will be mapped to the user running Podman (e.g. `--userns=keep-id:uid=11` will made the user running Podman to UID 11 in the container) ([#15294](https://github.com/containers/podman/issues/15294)).
3093
- The `podman generate systemd` command now supports a new option, `--env`/`-e`, to set environment variables in the generated unit file ([#15523](https://github.com/containers/podman/issues/15523)).
3094
- The `podman pause` and `podman unpause` commands now support the `--latest`, `--cidfile`, and `--filter` options.
3095
- The `podman restart` command now supports the `--cidfile` and `--filter` options.
3096
- The `podman rm` command now supports the `--filter` option to select which containers will be removed.
3097
- The `podman rmi` command now supports a new option, `--no-prune`, to prevent the removal of dangling parents of removed images.
3098
- The `--dns-opt` option to `podman create`, `podman run`, and `podman pod create` has received a new alias, `--dns-option`, to improve Docker compatibility.
3099
- The `podman` command now features a new global flag, `--debug`/`-D`, which enables debug-level logging (identical to `--log-level=debug`), improving Docker compatibility.
3100
- The `podman` command now features a new global flag, `--config`. This flag is ignored, and is only included for Docker compatibility ([#14767](https://github.com/containers/podman/issues/14767)).
3101
- The `podman manifest create` command now accepts a new option, `--amend`/`-a`.
3102
- The `podman manifest create`, `podman manifest add` and `podman manifest push` commands now accept a new option, `--insecure` (identical to `--tls-verify=false`), improving Docker compatibility.
3103
- The `podman secret create` command's `--driver` and `--format` options now have new aliases, `-d` for `--driver` and `-f` for `--format`.
3104
- The `podman secret create` command now supports a new option, `--label`/`-l`, to add labels to created secrets.
3105
- The `podman secret ls` command now accepts the `--quiet`/`-q` option.
3106
- The `podman secret inspect` command now accepts a new option, `--pretty`, to print output in human-readable format.
3107
- The `podman stats` command now accepts the `--no-trunc` option.
3108
- The `podman save` command now accepts the `--signature-policy` option ([#15869](https://github.com/containers/podman/issues/15869)).
3109
- The `podman pod inspect` command now allows multiple arguments to be passed. If so, it will return a JSON array of the inspected pods ([#15674](https://github.com/containers/podman/issues/15674)).
3110
- A series of new hidden commands have been added under `podman context` as aliases to existing `podman system connection` commands, to improve Docker compatibility.
3111
- The remote Podman client now supports proxying signals for attach sessions when the `--sig-proxy` option is set ([#14707](https://github.com/containers/podman/issues/14707)).
3112
3113
### Changes
3114
- Duplicate volume mounts are now allowed with the `-v` option to `podman run`, `podman create`, and `podman pod create`, so long as source, destination, and options all match ([#4217](https://github.com/containers/podman/issues/4217)).
3115
- The `podman generate kube` and `podman play kube` commands have been renamed to `podman kube generate` and `podman kube play` to group Kubernetes-related commands. Aliases have been added to ensure the old command names still function.
3116
- A number of Podman commands (`podman init`, `podman container checkpoint`, `podman container restore`, `podman container cleanup`) now print the user-inputted name of the container, instead of its full ID, on success.
3117
- When an unsupported option (e.g. resource limit) is specified for a rootless container on a cgroups v1 system, a warning message is now printed that the limit will not be honored.
3118
- The installer for the Windows Podman client has been improved.
3119
- The `--cpu-rt-period` and `--cpu-rt-runtime` options to `podman run` and `podman create` now print a warning and are ignored on cgroups v2 systems (cgroups v2 having dropped support for these controllers) ([#15666](https://github.com/containers/podman/issues/15666)).
3120
- Privileged containers running systemd will no longer mount `/dev/tty*` devices other than `/dev/tty` itself into the container ([#15878](https://github.com/containers/podman/issues/15878)).
3121
- Events for containers that are part of a pod now include the ID of the pod in the event.
3122
- SSH functionality for `podman machine` commands has seen a thorough rework, addressing many issues about authentication.
3123
- The `--network` option to `podman kube play` now allows passing `host` to set the pod to use host networking, even if the YAML does not request this.
3124
- The `podman inspect` command on containers now includes the digest of the image used to create the container.
3125
- Pods created by `podman play kube` are now, by default, placed into a network named `podman-kube`. If the `podman-kube` network does not exist, it will be created. This ensures pods can connect to each other by their names, as the network has DNS enabled.
3126
3127
### Bugfixes
3128
- Fixed a bug where the `podman network prune` and `podman container prune` commands did not properly support the `--filter label!=` option ([#14182](https://github.com/containers/podman/issues/14182)).
3129
- Fixed a bug where the `podman kube generate` command added an unnecessary `Secret: null` line to generated YAML ([#15156](https://github.com/containers/podman/issues/15156)).
3130
- Fixed a bug where the `podman kube generate` command did not set `enableServiceLinks` and `automountServiceAccountToken` to false in generated YAML ([#15478](https://github.com/containers/podman/issues/15478) and [#15243](https://github.com/containers/podman/issues/15243)).
3131
- Fixed a bug where the `podman kube play` command did not properly handle CPU limits ([#15726](https://github.com/containers/podman/issues/15726)).
3132
- Fixed a bug where the `podman kube play` command did not respect default values for liveness probes ([#15855](https://github.com/containers/podman/issues/15855)).
3133
- Fixed a bug where the `podman kube play` command did not bind ports if `hostPort` was not specified but `containerPort` was ([#15942](https://github.com/containers/podman/issues/15942)).
3134
- Fixed a bug where the `podman kube play` command sometimes did not create directories on the host for `hostPath` volumes.
3135
- Fixed a bug where the remote Podman client's `podman manifest push` command did not display progress.
3136
- Fixed a bug where the `--filter "{{.Config.Healthcheck}}"` option to `podman image inspect` did not print the image's configured healthcheck ([#14661](https://github.com/containers/podman/issues/14661)).
3137
- Fixed a bug where the `podman volume create -o timeout=` option could be specified even when no volume plugin was in use.
3138
- Fixed a bug where the `podman rmi` command did not emit `untag` events when removing tagged images ([#15485](https://github.com/containers/podman/issues/15485)).
3139
- Fixed a bug where API forwarding with `podman machine` VMs on windows could sometimes fail because the pipe was not created in time ([#14811](https://github.com/containers/podman/issues/14811)).
3140
- Fixed a bug where the `podman pod rm` command could error if removal of a container in the pod was interrupted by a reboot.
3141
- Fixed a bug where the `exited` and `exec died` events for containers did not include the container's labels ([#15617](https://github.com/containers/podman/issues/15617)).
3142
- Fixed a bug where running Systemd containers on a system not using Systemd as PID 1 could fail ([#15647](https://github.com/containers/podman/issues/15647)).
3143
- Fixed a bug where Podman did not pass all necessary environment variables (including `$PATH`) to Conmon when starting containers ([#15707](https://github.com/containers/podman/issues/15707)).
3144
- Fixed a bug where the `podman events` command could function improperly when no events were present ([#15688](https://github.com/containers/podman/issues/15688)).
3145
- Fixed a bug where the `--format` flag to various Podman commands did not properly handle template strings including a newline (`\n`) ([#13446](https://github.com/containers/podman/issues/13446)).
3146
- Fixed a bug where Systemd-managed pods would kill every container in a pod when a single container exited ([#14546](https://github.com/containers/podman/issues/14546)).
3147
- Fixed a bug where the `podman generate systemd` command would generate incorrect YAML for pods created without the `--name` option.
3148
- Fixed a bug where the `podman generate systemd --new` command did not properly set stop timeout ([#16149](https://github.com/containers/podman/issues/16149)).
3149
- Fixed a bug where a broken OCI spec resulting from the system rebooting while a container is being started could cause the `podman inspect` command to be unable to inspect the container until it was restarted.
3150
- Fixed a bug where creating a container with a working directory on an overlay volume would result in the container being unable to start ([#15789](https://github.com/containers/podman/issues/15789)).
3151
- Fixed a bug where attempting to remove a pod with running containers without `--force` would not error and instead would result in the pod, and its remaining containers, being placed in an unusable state ([#15526](https://github.com/containers/podman/issues/15526)).
3152
- Fixed a bug where memory limits reported by `podman stats` could exceed the maximum memory available on the system ([#15765](https://github.com/containers/podman/issues/15765)).
3153
- Fixed a bug where the `podman container clone` command did not properly handle environment variables whose value contained an `=` character ([#15836](https://github.com/containers/podman/issues/15836)).
3154
- Fixed a bug where the remote Podman client would not print the container ID when running the `podman-remote run --attach stdin` command.
3155
- Fixed a bug where the `podman machine list --format json` command did not properly show machine starting status.
3156
- Fixed a bug where automatic updates would not error when attempting to update a container with a non-fully qualified image name ([#15879](https://github.com/containers/podman/issues/15879)).
3157
- Fixed a bug where the `podman pod logs --latest` command could panic ([#15556](https://github.com/containers/podman/issues/15556)).
3158
- Fixed a bug where Podman could leave lingering network namespace mounts on the system if cleaning up the network failed.
3159
- Fixed a bug where specifying an unsupported URI scheme for `podman system service` to listen at would result in a panic.
3160
- Fixed a bug where the `podman kill` command would sometimes not transition containers to the exited state ([#16142](https://github.com/containers/podman/issues/16142)).
3161
3162
### API
3163
- Fixed a bug where the Compat DF endpoint reported incorrect reference counts for volumes ([#15720](https://github.com/containers/podman/issues/15720)).
3164
- Fixed a bug in the Compat Inspect endpoint for Networks where an incorrect network option was displayed, causing issues with `docker-compose` ([#15580](https://github.com/containers/podman/issues/15580)).
3165
- The Libpod Restore endpoint for Containers now features a new query parameter, `pod`, to set the pod that the container will be restored into ([#15018](https://github.com/containers/podman/issues/15018)).
3166
- Fixed a bug where the REST API could panic while retrieving images.
3167
- Fixed a bug where a cancelled connection to several endpoints could induce a memory leak.
3168
3169
### Misc
3170
- Error messages when attempting to remove an image used by a non-Podman container have been improved ([#15006](https://github.com/containers/podman/issues/15006)).
3171
- Podman will no longer print a warning that `/` is not a shared mount when run inside a container ([#15295](https://github.com/containers/podman/issues/15295)).
3172
- Work is ongoing to port Podman to FreeBSD.
3173
- The output of `podman generate systemd` has been adjusted to improve readability.
3174
- A number of performance improvements have been made to `podman create` and `podman run`.
3175
- A major reworking of the manpages to ensure duplicated options between commands have the same description text has been performed.
3176
- Updated Buildah to v1.28.0
3177
- Updated the containers/image library to v5.23.0
3178
- Updated the containers/storage library to v1.43.0
3179
- Updated the containers/common library to v0.50.1
3180
3181
3182
-------------------------------------------------------------------
3183
Wed Sep 21 02:01:16 UTC 2022 - asarai@suse.com
3184
3185
- Update to version 4.2.1:
3186
* Bump to v4.2.1
3187
* Add release notes for v4.2.1
3188
* remove SkipIfNotFedora() from events test
3189
* fix podman events with custom format
3190
* Drop stale config value resulting in asymmetric config
3191
* Fix list of default capabilities
3192
* Add container GID to additional groups (CVE-2022-2989 / bsc#1202809, removes patch 0001-Add-container-GID-to-additional-groups.patch)
3193
* libpod: Ensure that generated container names are random
3194
* Fix bind-mount-option annotation in gen/play kube
3195
* Improved Windows compatibility for machine command
3196
* updated apiv2 tests to reflect hash compat fix
3197
* api: return imageID instead of imageName, for "Image" when Podman API is queried
3198
* Inhibit SIGTERM during Conmon startup
3199
* Fix example sections to follow the same format
3200
* Fix template name inconsistency
3201
* service: make move to sub-cgroup non fatal
3202
* Remove duplicate annotations in generated service yaml
3203
* Compat API image remove events now have 'delete' status
3204
* [CI:DOCS] Automatically set podman version in pkginstaller
3205
* Allow colons in windows file paths
3206
* Fixes isRootfull check using qemu machine on Windows
3207
* vendor containers/psgo@v1.7.3
3208
* Allow podman to run in an environment with keys containing spaces
3209
* Document restrictions on transport in FROM
3210
* Improved Windows compatibility
3211
* pass environment variables to container clone
3212
* podman save: update --compress validation
3213
* sort hc.Binds returned from compat api
3214
* Cirrus: Update podman-machine comment
3215
* podman images and friends can take one image as argument
3216
* [CI:DOCS] Add .DS_Store to gitignore
3217
* podman-kube@.service.in: Remove Restart=never option with typo
3218
* Fix #15499 already connected network
3219
* [CI:DOCS] Cirrus: Update meta-task for EC2 image
3220
* fix CI: remove hardcodeded alpine version
3221
* fix CI: remove hardcodeded alpine version
3222
* Preserve all unknown PolicyRequirement fields on (podman image trust set)
3223
* Reorganize the types in policy.go a bit
3224
* Add support for showing keyPaths in (podman image trust show)
3225
* Support (image trust show) for sigstoreSigned entries
3226
* BREAKING CHANGE: Change how (podman image trust show) represents multiple requirements
3227
* Reorganize descriptionsOfPolicyRequirements a bit
3228
* Use the full descriptionsOfPolicyRequirements for the default scope
3229
* Rename haveMatchRegistry to registriesDConfigurationForScope
3230
* Rename tempTrustShowOutput to entry
3231
* Split descriptionsOfPolicyRequirements out of getPolicyShowOutput
3232
* Recognize the new lookaside names for simple signing sigstore
3233
* Add a unit test for trust.PolicyDescription
3234
* Make the output of (podman image trust show) deterministic
3235
* Make most of pkg/trust package-private
3236
* Move most of ImageEngine.ShowTrust into pkg/trust.PolicyDescription
3237
* Add support for sigstoreSigned in (podman image trust set)
3238
* Create new policy entries together with validating input
3239
* Improve validation of data in ImageEngine.SetTrust
3240
* Move most of imageEngine.SetTrust to pkg/trust.AddPolicyEntries
3241
* Add a variable for scope
3242
* Make trust.CreateTempFile private
3243
* Reorganize pkg/trust
3244
* Remove an unused trust.ShowOutput type
3245
* Remove commented out code
3246
* libpod: UpdateContainerStatus: do not wait for container
3247
* Skip / update some tests under runc
3248
* Bump to v4.2.1-dev
3249
* test: update apply-podman-deltas for new tests
3250
* build: implement --cache-to,--cache-from and --cache-ttl
3251
* vendor: bump buildah to v1.27.0
3252
3253
-------------------------------------------------------------------
3254
Thu Aug 11 08:50:55 UTC 2022 - michael@stroeder.com
3255
3256
- Update to version 4.2.0:
3257
* Features
3258
- Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
3259
- A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
3260
- A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
3261
- A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
3262
- Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
3263
- The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
3264
- The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
3265
- The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
3266
- The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
3267
- Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
3268
- The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
3269
- The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
3270
- The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
3271
- The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
3272
- The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
3273
- The podman create and podman run commands now include the -c short option for the --cpu-shares option.
3274
- The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
3275
- The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
3276
- The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
3277
- The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
3278
- The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
3279
- Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
3280
- The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
3281
- Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
3282
- The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
3283
- Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
3284
- The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
3285
- When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
3286
- The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
3287
- The remote Podman client now supports the podman image scp command.
3288
- The podman image scp command now supports tagging the transferred image with a new name.
3289
- The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
3290
- The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
3291
- The podman events command now includes the -f short option for the --filter option.
3292
- The podman pull command now includes the -a short option for the --all-tags option.
3293
- The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
3294
- The Podman global option --url now has two aliases: -H and --host.
3295
- The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
3296
- Added the ability to create sigstore signatures in podman push and podman manifest push.
3297
- Added an option to read image signing passphrase from a file.
3298
* Changes
3299
- Paused containers can now be killed with the podman kill command.
3300
- The podman system prune command now removes unused networks.
3301
- The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
3302
- If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
3303
- The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
3304
- All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.
3305
- The podman unpause --all command will now only attempt to unpause containers that are paused, not all containers.
3306
- Init containers created with podman play kube now default to the once type (#14877).
3307
- Pods created with no shared namespaces will no longer create an infra container unless one is explicitly requested (#15048).
3308
- The podman create, podman run, and podman cp commands can now autocomplete paths in the image or container via the shell completion.
3309
- The libpod/common package has been removed as it's not used anywhere.
3310
- The --userns option to podman create and podman run is no longer accepted when an explicit UID or GID mapping is specified (#15233).
3311
* Bugfixes
3312
- Fixed a bug where bind-mounting /dev into a container which used the --init flag would cause the container to fail to start (#14251).
3313
- Fixed a bug where the podman image mount command would not pretty-print its output when multiple images were mounted.
3314
- Fixed a bug where the podman volume import command would print an unrelated error when attempting to import into a nonexistent volume (#14411).
3315
- Fixed a bug where the podman system reset command could race against other Podman commands (#9075).
3316
- Fixed a bug where privileged containers were not able to restart if the layout of host devices changed (#13899).
3317
- Fixed a bug where the podman cp command would overwrite directories with non-directories and vice versa. A new --overwrite flag to podman cp allows for retaining the old behavior if needed (#14420).
3318
- Fixed a bug where the podman machine ssh command would not preserve the exit code from the command run via ssh (#14401).
3319
- Fixed a bug where VMs created by podman machine would fail to start when created with more than 3072MB of RAM on Macs with M1 CPUs (#14303).
3320
- Fixed a bug where the podman machine init command would fail when run from C:\Windows\System32 on Windows systems (#14416).
3321
- Fixed a bug where the podman machine init --now did not respect proxy environment variables (#14640).
3322
- Fixed a bug where the podman machine init command would fail if there is no $HOME/.ssh dir (#14572).
3323
- Fixed a bug where the podman machine init command would add a connection even if creating the VM failed (#15154).
3324
- Fixed a bug where interrupting the podman machine start command could render the VM unable to start.
3325
- Fixed a bug where the podman machine list --format command would still print a heading.
3326
- Fixed a bug where the podman machine list command did not properly set the Starting field (#14738).
3327
- Fixed a bug where the podman machine start command could fail to start QEMU VMs when the machine name started with a number.
3328
- Fixed a bug where Podman Machine VMs with proxy variables could not be started more than once (#14636 and #14837).
3329
- Fixed a bug where containers created using the Podman API would, when the Podman API service was managed by systemd, be killed when the API service was stopped (BZ 2052697).
3330
- Fixed a bug where the podman -h command did not show help output.
3331
- Fixed a bug where the podman wait command (and the associated REST API endpoint) could return before a container had fully exited, breaking some tools like the Gitlab Runner.
3332
- Fixed a bug where healthchecks generated exec events, instead of health_status events (#13493).
3333
- Fixed a bug where the podman pod ps command could return an error when run at the same time as podman pod rm (#14736).
3334
- Fixed a bug where the podman systemd df command incorrectly calculated reclaimable storage for volumes (#13516).
3335
- Fixed a bug where an exported container checkpoint using a non-default OCI runtime could not be restored.
3336
- Fixed a bug where Podman, when used with a recent runc version, could not remove paused containers.
3337
- Fixed a bug where the remote Podman client's podman manifest rm command would remove images, not manifests (#14763).
3338
- Fixed a bug where Podman did not correctly parse wildcards for device major number in the podman run and podman create commands' --device-cgroup-rule option.
3339
- Fixed a bug where the podman play kube command on 32 bit systems where the total memory was calculated incorrectly (#14819).
3340
- Fixed a bug where the podman generate kube command could set ports and hostname incorrectly in generated YAML (#13030).
3341
- Fixed a bug where the podman system df --format "{{ json . }}" command would not output the Size and Reclaimable fields (#14769).
3342
- Fixed a bug where the remote Podman client's podman pull command would display duplicate progress output.
3343
- Fixed a bug where the podman system service command could leak memory when a client unexpectedly closed a connection when reading events or logs (#14879).
3344
- Fixed a bug where Podman containers could fail to run if the image did not contain an /etc/passwd file (#14966).
3345
- Fixed a bug where the remote Podman client's podman push command did not display progress information (#14971).
3346
- Fixed a bug where a lock ordering issue could cause podman pod rm to deadlock if it was run at the same time as a command that attempted to lock multiple containers at once (#14929).
3347
- Fixed a bug where the podman rm --force command would exit with a non-0 code if the container in question did not exist (#14612).
3348
- Fixed a bug where the podman container restore command would fail when attempting to restore a checkpoint for a container with the same name as an image (#15055).
3349
- Fixed a bug where the podman manifest push --rm command could remove image, instead of manifest lists (#15033).
3350
- Fixed a bug where the podman run --rm command could fail to remove the container if it failed to start (#15049).
3351
- Fixed a bug where the podman generate systemd --new command would create incorrect unit files when the container was created with the --sdnotify parameter (#15052).
3352
- Fixed a bug where the podman generate systemd --new command would fail when -h <hostname> was used to create the container (#15124).
3353
* API
3354
- The Docker-compatible API now supports API version v1.41 (#14204).
3355
- Fixed a bug where containers created via the Libpod API had an incorrect umask set (#15036).
3356
- Fixed a bug where the remote parameter to the Libpod API's Build endpoint for Images was nonfunctional (#13831).
3357
- Fixed a bug where the Libpod List endpoint for Containers did not return the application/json content type header when there were no containers present (#14647).
3358
- Fixed a bug where the Compat Stats endpoint for Containers could return incorrect memory limits (#14676).
3359
- Fixed a bug where the Compat List and Inspect endpoints for Containers could return incorrect strings for container status.
3360
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle disabling healthchecks (#14493).
3361
- Fixed a bug where the Compat Create endpoint for Networks did not support the mtu, name, mode, and parent options (#14482).
3362
- Fixed a bug where the Compat Create endpoint for Networks did not allow the creation of networks name bridge (#14983).
3363
- Fixed a bug where the Compat Inspect endpoint for Networks did not properly set netmasks in the SecondaryIPAddresses and SecondaryIPv6Addresses fields (#14674).
3364
- The Libpod Stats endpoint for Pods now supports streaming output via two new parameters, stream and delay (#14674).
3365
* Misc
3366
- Podman will now check for nameservers in /run/NetworkManager/no-stub-resolv.conf if the /etc/resolv.conf file only contains a localhost server.
3367
- The podman build command now supports caching with builds that specify --squash-all by allowing the --layers flag to be used at the same time.
3368
- Podman Machine support for QEMU installations at non-default paths has been improved.
3369
- The podman machine ssh command no longer prints spurious warnings every time it is run.
3370
- When accessing the WSL prompt on Windows, the rootless user will be preferred.
3371
- The podman info command now includes a field for information on supported authentication plugins for improved Docker compatibility. Authentication plugins are not presently supported by Podman, so this field is always empty.
3372
- The podman system prune command now no longer prints the Deleted Images header if no images were pruned.
3373
- The podman system service command now automatically creates and moves to a sub-cgroup when running in the root cgroup (#14573).
3374
- Updated Buildah to v1.27.0 (fixes CVE-2022-21698 / bsc#1196338)
3375
- Updated the containers/image library to v5.22.0
3376
- Updated the containers/storage library to v1.42.0 (fixes bsc#1196751)
3377
- Updated the containers/common library to v0.49.1
3378
- Podman will automatically create a sub-cgroup and move itself into it when it detects that it is running inside a container (#14884).
3379
- Fixed an incorrect release note about regexp.
3380
- A new MacOS installer (via pkginstaller) is now supported.
3381
3382
-------------------------------------------------------------------
3383
Fri Jul 1 11:08:05 UTC 2022 - Predrag Ivanović <predivan@mts.rs>
3384
3385
- Fix build on Leap
3386
Use libexec macro to set correct, per-distribution specific, directory.
3387
3388
-------------------------------------------------------------------
3389
Wed Jun 22 09:41:22 UTC 2022 - rbrown@suse.com
3390
3391
- Update to version 4.1.1:
3392
* The output of the podman load command now mirrors that of docker load.
3393
* Podman now supports Docker Compose v2.2 and higher. Please note that it may be necessary to disable the use of Buildkit by setting the environment variable DOCKER_BUILDKIT=0.
3394
* A new container command has been added, podman container clone. This command makes a copy of an existing container, with the ability to change some settings (e.g. resource limits) while doing so.
3395
* Podman now supports sending JSON events related to machines to a Unix socket named machine_events.*\.sock in XDG_RUNTIME_DIR/podman or to a socket whose path is set in the PODMAN_MACHINE_EVENTS_SOCK environment variable.
3396
* Two new volume commands have been added, podman volume mount and podman volume unmount. These allow for Podman-managed named volumes to be mounted and accessed from outside containers.
3397
* The podman container checkpoint and podman container restore options now support checkpointing to and restoring from OCI images. This allows checkpoints to be distributed via standard image registries.
3398
* The podman play kube command now supports environment variables that are specified using the fieldRef and resourceFieldRef sources.
3399
* The podman play kube command will now set default resource limits when the provided YAML does not include them.
3400
* The podman play kube command now supports a new option, --annotation, to add annotations to created containers.
3401
* The podman play kube --build command now supports a new option, --context-dir, which allows the user to specify the context directory to use when building the Containerfile.
3402
* The podman container commit command now supports a new option, --squash, which squashes the generated image into a single layer.
3403
* The podman pod logs command now supports two new options, --names, which identifies which container generated a log message by name, instead of ID and --color, which colors messages based on what container generated them.
3404
* The podman rmi command now supports a new option, --ignore, which will ignore errors caused by missing images.
3405
* The podman network create command now features a new option, --ipam-driver, to specify details about how IP addresses are assigned to containers in the network.
3406
* The podman machine list command now features a new option, --quiet, to print only the names of configured VMs and no other information.
3407
* The --ipc option to the podman create, podman run, and podman pod create commands now supports three new modes: none, private, and shareable. The default IPC mode is now shareable, indicating the the IPC namespace can be shared with other containers.
3408
* The --mount option to the podman create and podman run commands can now set options for created named volumes via the volume-opt parameter.
3409
* The --mount option to the podman create and podman run commands now allows parameters to be passed in CSV format.
3410
* The --userns option to the podman create and podman run commands now supports a new option, nomap, that (only for rootless containers) does not map the UID of the user that started the container into the container, increasing security.
3411
* The podman import command now supports three new options, --arch, --os, and --variant, to specify what system the imported image was built for.
3412
* The podman inspect command now includes information on the network configuration of containers that joined a pre-configured network namespace with the --net ns: option to podman run, podman create, and podman pod create.
3413
* The podman run and podman create commands now support a new option, --chrootdirs, which specifies additional locations where container-specific files managed by Podman (e.g. /etc/hosts, `/etc/resolv.conf, etc) will be mounted inside the container (#12961).
3414
* The podman run and podman create commands now support a new option, --passwd-entry, allowing entries to be added to the container's /etc/passwd file.
3415
* The podman images --format command now accepts two new format directives: {{.CreatedAt}} and {{.CreatedSince}}.
3416
* The podman volume create command's -o option now accepts a new argument, o=noquota, to disable XFS quotas entirely and avoid potential issues when Podman is run on an XFS filesystem with existing quotas defined.
3417
* The podman info command now includes additional information on the machine Podman is running on, including disk utilization on the drive Podman is storing containers and images on, and CPU utilization.
3418
* Fix CVE-2022-27191 / bsc#1197284
3419
- Drop obsolete patches:
3420
* 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
3421
* 0001-Relabel-relabel-links-instead-of-their-targets.patch
3422
* 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
3423
* 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
3424
3425
-------------------------------------------------------------------
3426
Mon May 23 11:48:34 UTC 2022 - Dario Faggioli <dfaggioli@suse.com>
3427
3428
- Backport upstream commit be5abf03ababc ("fix: Container.cGroupPath()
3429
skip empty line to avoid false error logging") for fixing "Error parsing
3430
cgroup: expected 3 fields but got 1" (see bsc#1199790, as it applies
3431
to Factory/Tumbleweed too)
3432
* 0004-fix-Container.cGroupPath-skip-empty-line-to-avoid-fa.patch
3433
3434
-------------------------------------------------------------------
3435
Tue Apr 12 08:09:02 UTC 2022 - Richard Brown <rbrown@suse.com>
3436
3437
- Require catatonit >= 0.1.7 for pause functionality needed by pods
3438
3439
-------------------------------------------------------------------
3440
Thu Apr 7 12:25:33 UTC 2022 - Fabian Vogt <fvogt@suse.com>
3441
3442
- Add patch to make buildah happy after selinux change:
3443
* 0001-Adjust-buildah-to-opencontainers-selinux-v1.10.1.patch
3444
3445
-------------------------------------------------------------------
3446
Thu Apr 7 08:51:50 UTC 2022 - Fabian Vogt <fvogt@suse.com>
3447
3448
- Add patch to fix starting containers on btrfs with SELinux
3449
(gh#opencontainers/selinux#172):
3450
* 0001-Relabel-relabel-links-instead-of-their-targets.patch
3451
- Add patch to fix starting containers as user service with systemd 250
3452
(boo#1197672, gh#containers/podman#13731):
3453
* 0002-specgen-do-not-set-OOMScoreAdj-by-default.patch
3454
3455
-------------------------------------------------------------------
3456
Fri Apr 01 20:34:28 UTC 2022 - michael@stroeder.com
3457
3458
- Update to version 4.0.3:
3459
* Security
3460
- This release fixes CVE-2022-27649, where containers run by Podman would have excess inheritable capabilities set.
3461
* Changes
3462
- The podman machine rm --force command will now remove running machines as well (such machines are shut down first, then removed) (#13448).
3463
- When a podman machine VM is started that is using a too-old VM image, it will now start in a reduced functionality mode, and provide instructions on how to recreate it (previously, VMs were effectively unusable) (#13510).
3464
* Bugfixes
3465
- Fixed a bug where devices added to containers by the --device option to podman run and podman create would not be accessible within the container.
3466
- Fixed a bug where Podman would refuse to create containers when the working directory in the container was a symlink (#13346).
3467
- Fixed a bug where pods would be created with cgroups even if cgroups were disabled in containers.conf (#13411).
3468
- Fixed a bug where the podman play kube command would produce confusing errors if invalid YAML with duplicated container named was passed (#13332).
3469
- Fixed a bug where the podman machine rm command would not remove the Podman API socket on the host that was associated with the VM.
3470
- Fixed a bug where the remote Podman client was unable to properly resize the TTYs of containers on non-Linux OSes.
3471
- Fixed a bug where rootless Podman could hang indefinitely when starting containers on systems with IPv6 disabled (#13388).
3472
- Fixed a bug where the podman version command could sometimes print excess blank lines as part of its output.
3473
- Fixed a bug where the podman generate systemd command would sometimes generate systemd services with names beginning with a hyphen (#13272).
3474
- Fixed a bug where locally building the pause image could fail if the current directory contained a .dockerignore file (#13529).
3475
- Fixed a bug where root containers in VMs created by podman machine could not bind ports to specific IPs on the host (#13543).
3476
- Fixed a bug where the storage utilization percentages displayed by podman system df were incorrect (#13516).
3477
- Fixed a bug where the CPU utilization percentages displayed by podman stats were incorrect (#13597).
3478
- Fixed a bug where containers created with the --no-healthcheck option would still display healthcheck status in podman inspect (#13578).
3479
- Fixed a bug where the podman pod rm command could print a warning about a missing cgroup (#13382).
3480
- Fixed a bug where the podman exec command could sometimes print a timed out waiting for file error after the process in the container exited (#13227).
3481
- Fixed a bug where virtual machines created by podman machine were not tolerant of changes to the path to the qemu binary on the host (#13394).
3482
- Fixed a bug where the remote Podman client's podman build command did not properly handle the context directory if a Containerfile was manually specified using -f (#13293).
3483
- Fixed a bug where Podman would not properly detect the use of systemd as PID 1 in a container when the entrypoint was prefixed with /bin/sh -c (#13324).
3484
- Fixed a bug where rootless Podman could, on systems that do not use systemd as init, print a warning message about the rootless network namespace (#13703).
3485
- Fixed a bug where the default systemd unit file for podman system service did not delegate all cgroup controllers, resulting in podman info queries against the remote API returning incorrect cgroup controllers (#13710).
3486
- Fixed a bug where the slirp4netns port forwarder for rootless Podman would only publish the first port of a range (#13643).
3487
* API
3488
- Fixed a bug where the Compat Create API for containers did not properly handle permissions for tmpfs mounts (#13108).
3489
* Misc
3490
- The static binary for Linux is now built with CGo disabled to avoid panics due to a Golang bug (#13557).
3491
- Updated Buildah to v1.24.3
3492
- Updated the containers/storage library to v1.38.3
3493
- Updated the containers/image library to v5.19.2
3494
- Updated the containers/common library to v0.47.5
3495
3496
-------------------------------------------------------------------
3497
Wed Mar 16 13:25:48 UTC 2022 - rbrown@suse.com
3498
3499
- Update to version 4.0.2:
3500
* Bump to v4.0.2
3501
* Update release notes for v4.0.2
3502
* Revert "use GetRuntimeDir() from c/common"
3503
* Revert "Option --url and --connection should imply --remote."
3504
* Option --url and --connection should imply --remote.
3505
* Bump to v4.0.2-dev
3506
* Bump to v4.0.1
3507
* Update release notes for v4.0.1
3508
* Fix a potential flake in volume plugins tests
3509
* Propagate $CONTAINERS_CONF to conmon
3510
* tests: Remove inaccurate comment
3511
* System tests: show one-line config overview
3512
* provide better error on invalid flag
3513
* use GetRuntimeDir() from c/common
3514
* kube: honor --build=false and make --build=true by default
3515
* system tests: cleanup networks on teardown
3516
* Remove the runtime lock
3517
* Don't log errors on removing volumes inuse, if container --volumes-from
3518
* kube: honor mount propagation mode
3519
* Load ip_tables modules at boot
3520
* Cirrus: Disable F34 aka prior-fedora testing
3521
* Cirrus: Update VM Images for 4.0 release
3522
* Bump to v4.0.1-dev
3523
* Bump to v4.0.0
3524
* Release notes for v4.0.0 final
3525
* Fix lint
3526
* Fix manifest 4.0 Endpoints Branch forced 4.0 only endpoints
3527
* Introduce podman machine init --root=t|f and podman machine set --root=t|f
3528
* Initial implementation of mac forwarding using a privileged docker sock claim helper
3529
* ignition: propagate proxy settings from a host into a vm
3530
* Update to podman4 copr stream
3531
* Unify ls --filter docs for networks and pods
3532
* e2e: merge after/since image-filter tests
3533
* podman network: add documentation for netavark
3534
* create: Fix key=value annotation in the flag output
3535
* enable netavark specific tests
3536
* Fix checkpoint/restore pod tests
3537
* Make sure building with relative paths work correctly.
3538
* Add 409 response to swagger godoc
3539
* Fix images since/after tests
3540
* Changes of docker descriptions
3541
* Temporarily pull machine images from side repo
3542
* Cirrus: TODO: netavark/aardvark release branches
3543
* Cirrus: Expand netavark testing to include rootless
3544
* Cirrus: Minor - limit release task applicability
3545
* Cirrus: Add [CI:BUILD] magic that only builds
3546
* CI: fix nightly builds
3547
* Cirrus: Log netavark/aardvark binary build info.
3548
* Cirrus: Add netavark/aardvark system test task
3549
* Cirrus: Also download aardvark-dns binary
3550
* Cirrus: Add e2e task w/ upstream netavark
3551
* Revert minimum API change
3552
* netavark e2e tests
3553
* Bump to v4.0.0-dev
3554
* Bump to v4.0.0-RC5
3555
* Update release notes for v4.0.0-RC5
3556
* Modify /etc/resolv.conf when connecting/disconnecting
3557
* Do not set the network config dir to cni plugin dir
3558
* Show API doc for several versions
3559
* [NO NEW TEST NEEDED] Add schema for ImageCreate 200 response.
3560
* fix: Multiplication of durations
3561
* move rootless netns slirp4netns process to systemd user.slice
3562
* compat: endpoint /build must set header content type as application/json in reponse
3563
* Cleanup: remove obsolete/misleading bug workaround
3564
* tests: retrofit healthcheck system tests
3565
* healthcheck, libpod: Read healthcheck event output from os pipe
3566
* Fix: Do not print error when parsing journald log fails
3567
* Bump github.com/buger/goterm from 1.0.1 to 1.0.4
3568
* append podman dns search domain
3569
* Podman pod create --share-parent vs --share=cgroup
3570
* System tests: revert emergency skip of checkpoint tests
3571
* Add version guard to libpod API endpoints
3572
* [v4.0] Bump c/common to v0.47.4
3573
* idmap should be able to be specified along with other options
3574
* Vendor in containers/buildah v1.24.1
3575
* Bump to v4.0.0-dev
3576
* Bump to v4.0.0-RC4
3577
* Disable failing E2E test
3578
* Revert "Move each search dns to its own line"
3579
* Move each search dns to its own line
3580
* Update release notes for v4.0.0-RC4
3581
* Document `schema` values in the `--url` flag
3582
* podman image scp syntax correction
3583
* system prune: remove all networks
3584
* Only change network fields if they were actually changed by the user
3585
* docs: clarify rootless net stats
3586
* Fix size to match Docker selection
3587
* libpod: enforce noexec,nosuid,nodev for /dev/shm
3588
* Clarify remote client means Mac and Windows
3589
* libpod: report slirp4netns network stats
3590
* Add notes to "--oom-kill-disable" not supported on cgroups V2
3591
* Fix use of infra image to clarify default
3592
* Adapt podman images ls filters docs to be aligned with prune filters docs
3593
* ignition, machine: delegate cpu,io cgroup controllers to machine's default users
3594
* pkg/bindings/images.Build(): slashify "dockerfile" values, too
3595
* Remove mention of IPv6 portfwd from release notes
3596
* Bump to v4.0.0-dev
3597
* Bump to v4.0.0-RC3
3598
* Update release notes for v4.0.0-RC3
3599
* Fix Cirrus destination branch
3600
* volume: add support for non-volatile upperdir,workdir for overlay volumes
3601
* github: label issues based on os fix regex
3602
* github: label issues based on os
3603
* Cirrus: Fix get_ci_vm.sh initial setup
3604
* System tests: emergency skip of checkpoint tests
3605
* network create: allow multiple subnets
3606
* Update troubleshooting.md
3607
* Fix sort ordering of filters
3608
* Unify podman prune filter description: volumes, networks, system
3609
* Bump Buildah to v1.24.0
3610
* rootless: drop permission check for devices
3611
* switch podman image scp from depending on machinectl to just os/exec
3612
* Bump github.com/containers/image/v5 from 5.18.0 to 5.19.0
3613
* Bump github.com/containers/storage from 1.38.0 to 1.38.1
3614
* change location of where make outputs podman binary on osx
3615
* Github workflow: Fix parsing of GraphQL response JSON
3616
* Github-workflow: Fix YAML syntax
3617
* Update godoc, swagger using wrong struct
3618
* Makefile: install targets independent of build
3619
* [CI:DOCS] Fix typos and improve language
3620
* CI: enable rootless-remote system tests
3621
* pkg/specgen/generate/security: fix error message
3622
* Github workflow: Send e-mail on job error
3623
* Github workflow: Update Cirrus-cron GraphQL query
3624
* remote build: set rootless oci isolation correctly
3625
* [CI:DOCS] Fix typos and improve language
3626
* Fix handling of duplicate matches on id expansion
3627
* Show correct default values or show none
3628
* exec: retry rm -rf on ENOTEMPTY and EBUSY
3629
* container create: do not check for network dns support
3630
* libpod: fix leaking fd
3631
* libpod: fix connection leak
3632
* [CI:DOCS] fix typo subpordinate
3633
* Fix filter description and unify filters docs for containers/images prune
3634
* Remove unused param and clean API handlers
3635
* Restore machine start logic that was hanging
3636
* Bump to v4.0.0-dev
3637
* Bump to v4.0.0-RC2
3638
* Final release notes for v4.0.0-rc2
3639
* Run codespell on code
3640
* Update release notes for Podman v4.0.0
3641
* Fix #2 for compat commit handling of --changes
3642
* Fix nil pointer dereference for configmap optional
3643
* Make error message matching in 030-run.bats less fragile
3644
* Don't explicitly check for crun|runc in package information
3645
* Don't segfault if an image layer has no creation timestamp
3646
* compat: remove hardcoded index from load images output report
3647
* compat: images/load must be able to load tar with multiple images
3648
* System tests: fix for new systemd on rawhide
3649
* Remove rootless_networking option from containers.conf
3650
* vendor c/psgo@v1.7.2 (fixes CVE-2022-1227 / bsc#1182428)
3651
* Engine.Remote from containers.conf
3652
* vendor: bump c/common and other vendors
3653
* rootless: report correctly the error
3654
* Implement API forwarding for podman machine on Windows
3655
* Implement env parsing on Windows
3656
* Handle changes in docker compat mode
3657
* Show package version when running on alpine
3658
* Handlers for `generate systemd` with custom dependencies
3659
* APIv2 tests: followup to recent log test
3660
* Add IndexConfigs to compat /info endpoint
3661
* Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
3662
* apiv2 test: add regression test for #12904
3663
* SECURITY.md: fix the project name
3664
* rename --cni-config-dir to --network-config-dir
3665
* compat attach: fix write on closed channel
3666
* upgrade all dependencies
3667
* Revert "Cirrus: Temporarily disable OSX Cross task"
3668
* Bump github.com/opencontainers/runc from 1.0.3 to 1.1.0
3669
* bump go module to version 4
3670
* [NO NEW TESTS NEEDED] add builddeps to copr template
3671
* CI: rootless user: also create in some root tests
3672
* [WIP] Tests for podman image scp (the sudo form)
3673
* Revamp Libpod state strings for Docker compat
3674
* Cirrus: Temporarily disable OSX Cross task
3675
* update c/common to latest
3676
* Use PODMAN_USERNS environment variable when running as a service
3677
* Unify the method of parsing filters in cmd
3678
* fix default branch links
3679
* [CI:DOCS] fix default branch links
3680
* [CI:DOCS] Unprivileged native overlayfs is now supported
3681
* [CI:DOCS] Fix typo in --env
3682
* Recursively copy cert files.
3683
* Refactor manifest list operations
3684
* Add rpkg template for COPR autobuild
3685
* Fix cgroup mode handling in api server
3686
* Standardize on capatalized Cgroups
3687
* test/system: podman run update /etc/hosts
3688
* Remove two GetImages functions from API
3689
* Use fully-qualified device name in CDI test
3690
* Use new CDI API
3691
* troubleshooting links to main branch
3692
* Podman Build use absolute filepath
3693
* Prohibit --uid/gid map and --pod for container create/run
3694
* podman container rm: remove pod
3695
* Manual fixes for PR #12642:
3696
* podman build enable --all-platforms and --unsetenv
3697
* use events_logfile_path from containers.conf for events log.
3698
* Podman Pod Create --sysctl support
3699
* Wait for podman stop to complete
3700
* libpod: fix check for systemd session
3701
* libpod: refine check for empty pod cgroup
3702
* fix buildah-bud test diff
3703
* upgrade test: check that network backend is cni
3704
* use netns package from c/common
3705
* update buildah to latest and use new network stack
3706
* podman image scp: implement --quiet
3707
* use libnetwork from c/common
3708
* Add --noout option to prevent the output of ids
3709
* remote events: convert TimeNano properly
3710
* Bump github.com/BurntSushi/toml from 0.4.1 to 1.0.0
3711
* vendor latest c/common
3712
* add additional fields to podman machine ls --json
3713
* buildah bud tests: skip failing tests
3714
* Fix permission on secrets directory
3715
* Add podman rm --depend
3716
* fix host.containers.internal entry for macvlan networks
3717
* It takes some time to start a VM
3718
* Pretty Print output of podman machine ls --format json
3719
* Use the InfraImage defined in containers.conf
3720
* Cirrus: Freshen VM images
3721
* Revert "Cirrus: Temp. ignore gitlab task failures"
3722
* pkg: use PROXY_VARS from c/common
3723
* ignition: add support from setting SSL_CERT_FILE
3724
* ignition: propogate HTTP proxy variables from host to remote
3725
* System tests: fix RHEL8 gating tests
3726
* vendor c/common
3727
* Remove dead RuntimeOption functions
3728
* Update docker cli message for case where user creates directory
3729
* Don't add env if optional and not found
3730
* Fix type-o in podman.wxs
3731
* [CI:DOCS] fixes indentation of example pod yaml
3732
* Prevent double decoding of storage options
3733
* Emergency system-test fixes
3734
* add OCI Runtime name to errors
3735
* fix healthcheck timeouts and ut8 coercion
3736
* Don't rename pod if container has the same name
3737
* Set volume NeedsCopyUp to false iff data was copied up
3738
* Fix CI
3739
* correct typo words in docs
3740
* Change Tests to ignore missing containers when removing --all
3741
* test/e2e/pod_initcontainers: fix a flake
3742
* test/e2e/run: don't use date +%N on Alpine
3743
* Support all volume mounts for rootless containers
3744
* Fix wrong 'podman search --format' placeholder
3745
* Fix Container List API call to return mount info
3746
* fix misleading comment regarding default value of cpu period [NO NEW TESTS NEEDED]
3747
* add --ip6 flag to podman create/run
3748
* legacy events: also set exitCode
3749
* Don't initialize the global RNG with GinkgoRandomSeed() in e2e tests
3750
* Avoid collisions on RemoteSocket paths
3751
* Refactor remote socket path determination in tests
3752
* fix doc
3753
* test/system: podman run image with filesystem permission
3754
* test/system: podman run with log-opt option
3755
* Update swagger documentation
3756
* Make it possible to select the volume driver
3757
* Check the mount type for future compatibility
3758
* Implement virtfs volumes for podman machine
3759
* [CI:DOCS] Add example of cpus to init command
3760
* prefix imageId with sha256: in containers list test for compat API ImageId
3761
* Pod Security Option support
3762
* ignition: add certs from current user into the machine while init
3763
* docs: sort swagger operations alpabetically
3764
* .service file removal on failure
3765
* Introduce Windows WSL implementation of podman machine
3766
* podman image scp never enter podman user NS
3767
* Allow users to add host user accounts to /etc/passwd
3768
* container creation: don't apply reserved annotations from image
3769
* [CI:DOCS] clarify `io.podman.annotations.seccomp`
3770
* Error out early if system does not support pre-copy checkpointing
3771
* Update go-criu to v5.3.0
3772
* [CI:DOCS] docs: document rootless userns mappings
3773
* Switch to a new installer approach using a path manipulation helper
3774
* e2e: Add dev/shm checkpoint/restore test
3775
* Enable checkpoint/restore for /dev/shm
3776
* Update github.com/checkpoint-restore/checkpointctl
3777
* Always run passwd management code when DB value is nil
3778
* Warn on use of --kernel-memory
3779
* support hosts without /etc/hosts
3780
* Podman run --passwd
3781
* ci: force scratch build for crun
3782
* Use hosts public ip address in rootless containers
3783
* compat: image normalization: handle sha256 prefix
3784
* specgen: honor userns=auto from containers.conf
3785
* [CI:DOCS] Small checkpoint/restore man page fixes
3786
* [CI:DOCS] Explicitly mention that checkpointing systemd containers might fail
3787
* vendor: update containers/storage
3788
* build: fix test for subid 4
3789
* test: add --rm to podman run commands
3790
* fix(generate): fix up podman generate kube missing env field bug
3791
* legacy events: also set Action="die"
3792
* rootless: include the args in the debug message
3793
* apiv2 tests: use quay.io/libpod/testimage:20210610 for platform tests
3794
* image rm: allow for force-remove infra images
3795
* tests: adjust old build test to expect exit code
3796
* Test for checkpoint specific inspect fields
3797
* Add more checkpoint/restore information to 'inspect'
3798
* build: relay exitcode from imagebuildah to registry
3799
* Removed .service file for healthchecks
3800
* Set machine timezone
3801
* MovePauseProcessToScope do not seed everytime
3802
* bindings rmi test: clarify behavior
3803
* bump cobra to 1.3.0
3804
* .github: revert to the old template
3805
* oci: configure the devices cgroup with default devices
3806
* kill: fix output
3807
* e2e: search flake: skip test on registry.redhat.io
3808
* APIv2 tests: fail on syntax/logic errors
3809
* Show --external containers even without --all option
3810
* apiv2 tests: refactor complicated curls
3811
* fix network id handling
3812
* Update Windows Install Doc
3813
* Fixes #12063 Add docker compatible output after image build.
3814
* pause scope: don't use the global math/rand RNG
3815
* specgen: check that networks are only set with bridge
3816
* container restore/import: store networks from db
3817
* play kube add support for multiple networks
3818
* support advanced network configuration via cli
3819
* Add new networks format to spegecen
3820
* fix incorrect swagger doc for network dis/connect
3821
* network connect allow ip, ipv6 and mac address
3822
* network db: add new strucutre to container create
3823
* remove unneeded return value from c.Networks()
3824
* network db rewrite: migrate existing settings
3825
* network ls: show networks in deterministic order
3826
* Bump github.com/docker/docker
3827
* pprof flakes: bump timeout to 20 seconds
3828
* Add secret list --filter to cli
3829
* Cirrus: Temp. ignore gitlab task failures
3830
* compat build: adhere to q/quiet
3831
* Make XRegistryAuthHeader and XRegistryConfigHeader private
3832
* Remove the authfile parameter of MakeXRegistryAuthHeader
3833
* Simplify the header decision in pkg/bindings/images.Build a bit
3834
* Remove the authfile parameter of MakeXRegistryConfigHeader
3835
* Remove no-longer-useful name variables
3836
* Consolidate creation of SystemContext with auth.json into a helper
3837
* Remove pkg/auth.Header
3838
* Call MakeXRegistryAuthHeader instead of Header(..., XRegistryAuthHeader)
3839
* Turn headerAuth into MakeXRegistryAuthHeader
3840
* Call MakeXRegistryConfigHeader instead of Header(..., XRegistryConfigHeader)
3841
* Turn headerConfig into MakeXRegistryConfigHeader
3842
* Move the auth file creation to GetCredentials
3843
* Consolidate the error handling path in GetCredentials
3844
* Only look up HTTP header values once in GetCredentials
3845
* Use Header.Values in GetCredentials.has
3846
* Beautify GetCredentials.has a bit
3847
* Pass a header value directly to parseSingleAuthHeader and parseMultiAuthHeader
3848
* Simplify parseSingleAuthHeader
3849
* Simplify the interface of parseSingleAuthHeader
3850
* Don't return a header name from auth.GetCredentials
3851
* Fix normalizeAuthFileKey to use the correct semantics
3852
* Rename normalize and a few variables
3853
* Add TestHeaderGetCredentialsRoundtrip
3854
* Add tests for auth.Header
3855
* Improve TestAuthConfigsToAuthFile
3856
* Add unit tests for singleAuthHeader
3857
* Add unit tests for multiAuthHeader
3858
* fix e2e test missing network cleanup
3859
* pprof CI flakes: enforce 5 seconds grace period
3860
* [NO NEW TESTS NEEDED] rootless: declare TEMP_FAILURE_RETRY before usage (Fixes: #12563)
3861
* --hostname should be set when using --pod new:foobar
3862
* Cirrus: Use cached swagger binary
3863
* inotify: make sure to remove files
3864
* System tests: remove rm_pause_image()
3865
* specgen: honor empty args for entrypoint
3866
* generate systemd: support entrypoint JSON strings
3867
* Bump github.com/uber/jaeger-client-go
3868
* remove runlabel test for global opts
3869
* utils: reintroduce moveToCgroup
3870
* autocopr: distro conditionals for containers-common
3871
* vendor c/image/v5@main
3872
* Update vendor or containers/common moving pkg/cgroups there
3873
* volume: apply exact permission of target directory without adding extra 0111
3874
* Cirrus: Remove remnants of nix-based static build
3875
* Refactor podman pods to report.Formatter
3876
* rootless netns: resolve all path components for resolv.conf
3877
* tests: clean up FIXMEs and noise
3878
* fix remote run/start flake
3879
* e2e: fix pprof flakes
3880
* Bump github.com/opencontainers/runc from 1.0.2 to 1.0.3
3881
* vendor c/common@main
3882
* Escape trailing slash in install directory location so the closing quote is not escaped
3883
* centos 9 stream cannot use %autochangelog
3884
* Refactor podman system to report.Formatter [NO NEW TESTS NEEDED]
3885
* add spec file for automated copr builds
3886
* Add restart-sec option to systemd generate
3887
* Fix documentation of (podman image save --compress --uncompressed)
3888
* Improve documentation of (podman image save --format)
3889
* Add support for configmap volumes to play kube
3890
* cmd, push: use the configured compression format
3891
* [CI:DOCS] logformatter: fix corner case with links
3892
* UPdate vendor of image-spec and containers/storage
3893
* vendor: update containers/common
3894
* Update doc to explictly mention using ed25519 in ssh keys
3895
* Refactor podman image command output
3896
* Manual fixes
3897
* Same thing, with BeNumerically("==", x)
3898
* Use HaveLen(x) instead of Expect(len(y)).To(Equal(x))
3899
* Same thing, for BeNumerically("==", 0)
3900
* Use BeEmpty() instead of len(x).To(Equal(0))
3901
* Same as previous, for assertions other than Equal()
3902
* e2e tests: a little more minor cleanup
3903
* compat API: push: report size of manifest
3904
* compat: images/json
3905
* Add ashley-cui, lsm5 and floutoc to owners
3906
* remove ARTIFACT_DIR and ArtifactPath
3907
* Image caches: allow overriding cache dir
3908
* Rename CrioRoot as just Root
3909
* Fix possible rootless netns cleanup race
3910
* [NO NEW TESTS NEEDED] Refactor podman container command output
3911
* Hostname in `spec.hostname` should be passed to infra ctr init opt
3912
* container, cgroup: detect pid termination
3913
* top: parse ps(1) args correctly
3914
* podman, push: expose --compression-format
3915
* e2e: yet more cleanup of BeTrue/BeFalse
3916
* Ensure the generated NodePort values are unique
3917
* Allow containerPortsToServicePorts to fail
3918
* Don't use the global math/rand RNG for service ports
3919
* Move a comment to the relevant place
3920
* a few more manual BeTrue cleanups
3921
* Convert strings.Contains() to Expect(ContainSubstring)
3922
* e2e tests: more cleanup of BeTrue()s
3923
* Implement 'podman run --blkio-weight-device'
3924
* systemd: replace multi-user with default.target
3925
* compat API: allow enforcing short-names resolution to Docker Hub
3926
* Fixed the containerfile not found during remote build.
3927
* podman-remote: prevent leaking secret into image
3928
* podman-remote: copy secret to contextdir is absolute path on host
3929
* api: allow build api to accept secrets
3930
* Only open save output file with WRONLY
3931
* List /etc/containers/certs.d as default for --cert-path
3932
* e2e tests: enable golint
3933
* fix: parsing of HostConfig.Mounts for container create
3934
* Move the chown to after the ADDs
3935
* fix: error reporting for archive endpoint
3936
* Bindings test: emit GIT_COMMIT, for links in logs
3937
* checkpoint do not modify XDG_RUNTIME_DIR
3938
* libpod: improve heuristic to detect cgroup
3939
* libpod, inspect: export cgroup path
3940
* stats: get the memory limit from the spec
3941
* compat: Add compatiblity with Docker/Moby API for scenarios where build fails
3942
* libpod: leave thread locked on errors
3943
* Find and fix empty Expect()s
3944
* Unset SocketLabel after system finishes checkpointing
3945
* Remove StringInSlice(), part 2
3946
* Remove StringInSlice(), part 1
3947
* e2e test cleanup, continued
3948
* Update basic_networking.md
3949
* Warn on failing to update container status
3950
* oci: ack crun output when container is not there
3951
* oci: exit gracefully if container is already dead
3952
* Support env variables based on ConfigMaps sent in payload
3953
* image lookup: do not match *any* tags
3954
* generate systemd: add --start-timeout flag
3955
* Oops! Manual edits to broken tests
3956
* e2e tests: clean up antihelpful BeTrue()s
3957
* Cirrus: Strip out static nix build
3958
* Rename pod on generate of container
3959
* [CI:DOCS] Update notes on java TZ in man page
3960
* Bump github.com/containers/image/v5 from 5.16.1 to 5.17.0
3961
* Fix netavark error handling and teardown issue
3962
* swagger: add layers to build api docs
3963
* compat: add layer caching compatiblity for non podman clients
3964
* Bump github.com/opencontainers/selinux from 1.9.1 to 1.10.0
3965
* Add note about volume with unprivileged container
3966
* Add EXPOSE e2e test
3967
* Support EXPOSE with port ranges
3968
* compat: Add subnet mask behind IP address to match Docker API
3969
* [CI:DOCS] Add java TZ note to run manpage
3970
* Bump github.com/rootless-containers/rootlesskit from 0.14.5 to 0.14.6
3971
* podman-remote does not support signature-policy
3972
* Add tests for restore runtime verification
3973
* Use same runtime to restore a container as during checkpointing
3974
* Force iptables driver for netavark tests
3975
* Make sure netavark output is logged to the syslog
3976
* filter: use filepath.Match to maintain consistency with other pattern matching in podman
3977
* Semiperiodic cleanup of obsolete Skip()s
3978
* [CI:DOCS]upload a translation file
3979
* api/handlers: Add checkpoint/restore FileLocks
3980
* test: Update error string for --file-locks test
3981
* fix duplicated logs command
3982
* Bump github.com/docker/docker
3983
* Bump k8s.io/api from 0.22.3 to 0.22.4
3984
* Do not store the exit command in container config
3985
* Add test for checkpoint/restore with --file-locks
3986
* Add --file-locks checkpoint/restore option
3987
* Cirrus: Bump Fedora to release 35
3988
* Cirrus: Partially revert catatonit --force install
3989
* Revert "Cirrus: Temp. disable prior-fedora testing"
3990
* Cirrus: Workaround log_driver=journald setting
3991
* Cirrus: Fix bindings test hang b/c logging config mismatch
3992
* Cirrus: Timeout bindings test after 30m
3993
* Cirrus: Log more things in bindings and unit tests
3994
* Minor Makefile fix
3995
* rootless netns, one netns per libpod tmp dir
3996
* Introduce Address type to be used in secondary IPv4 and IPv6 inspect data structure.
3997
* volumes: add new option idmap
3998
* remote checkpoint/restore: more fixes
3999
* fix CI
4000
* fix: take absolute path for dd on apple silicon
4001
* System tests: new checkpoint tests
4002
* rootless: use catatonit to maintain user+mnt namespace
4003
* rootless: drop strerror(errno) calls
4004
* rootless: reuse existing open_namespace function
4005
* rootless: use auto cleanup functions
4006
* utils: use podman-pause-$RANDOM.scope name
4007
* hack/bats: deal with new bin helpers
4008
* Change error message for compatibility with docker
4009
* rename libpod nettypes fields
4010
* podman machine start wait for ssh
4011
* fix remote checkpoint/restore
4012
* Add --unsetenv & --unsetenv-all to remove def environment variables
4013
* Set config environment variables early in Podman init
4014
* journald logs: keep reading until the journal's end
4015
* secret: honor custom target for secrets with run
4016
* bindings: reuse context for API requests
4017
* podman machine improve port forwarding
4018
* Network test: fix podman-remote-rootless corner case
4019
* filter: add basic pattern matching for label keys
4020
* cirrus: force-install catatonit
4021
* infra container: replace pause with catatonit
4022
* Revert "add kubernetes pause"
4023
* Added test for checkpoint/restore --print-stats
4024
* Update man pages for checkpoint/restore --print-stats
4025
* Added optional container restore statistics
4026
* Added optional container checkpointing statistics
4027
* Error logs --follow if events-backend != journald, event-logger=journald
4028
* Enable 'podman run --memory-swappiness=0'
4029
* Fix network mode in play kube
4030
* Always create working directory when using compat API
4031
* play kube: don't force-pull infra image
4032
* Podman Image SCP transfer patch
4033
* --authfile command line argument for image sign command.
4034
* Cirrus: Temp. disable prior-fedora testing
4035
* Cirrus: Update to Ubuntu 21.10
4036
* Add failing run test for netavark
4037
* Add flag to overwrite network backend from config
4038
* libpod: create /etc/mtab safely
4039
* Add network backend to podman info
4040
* Add more netavark tests
4041
* select network backend based on config
4042
* Fix RUST_LOG envar for netavark
4043
* netavark IPAM assignment
4044
* netavark network interface
4045
* Make networking code reusable
4046
* Fix flake in upgrade tests
4047
* export adding id-specifier code to setContainerNameForTemplate
4048
* VOLUME must be declared after RUN chown command
4049
* network reload return error if we cannot reload ports
4050
* network reload without ports should not reload ports
4051
* Print headers for system connection ls
4052
* [CI:DOCS] Add CI check for SEE ALSO in man pages
4053
* podman load: support downloading files
4054
* Add links to all SEE ALSO sections
4055
* pod create: read infra image from containers.conf
4056
* rootless: adjust error message
4057
* Fix rootless networking with userns and ports
4058
* support health checks from image configs
4059
* change from run to create in 250-systemd.bats
4060
* Exclude already built sources for static build
4061
* shm_lock: Handle ENOSPC better in AllocateSemaphore
4062
* Fix Zsh completion command documentation
4063
* Match .c files in Makefile
4064
* Add Static Build download instructions to README
4065
* Add links to podman build,run, create see also
4066
* Minor test tweaks
4067
* pod create: read network mode from config
4068
* Bump Catatonit up to v0.1.7
4069
* test connection add
4070
* system: Adds support for removing all named destination via --all
4071
* pod/container create: resolve conflicts of generated names
4072
* podman-generate-kube - remove empty structs from YAML
4073
* Add some information about disabling SELinux when using system volumes
4074
* Fix swagger definition for the new mac address type
4075
* Log Apache access_log-like entries at Info level [NO NEW TESTS NEEDED]
4076
* Test to check for presence of 'stats-dump' in exported checkpoints
4077
* Add 'stats-dump' file to exported checkpoint
4078
* Podman Image SCP rootful to rootless transfer
4079
* rename rootless cni ns to rootless netns
4080
* mount full XDG_RUNTIME_DIR in rootless cni ns
4081
* Bump github.com/checkpoint-restore/go-criu/v5 from 5.1.0 to 5.2.0
4082
* Keep error semantics intact
4083
* Fix rootless cni netns cleanup logic
4084
* tweak a couple of flag descriptions in help output
4085
* Update swagger doc make filed optional
4086
* Fix bindings container log test
4087
* test: run --cgroups=split in new cgroup
4088
* MAC address json unmarshal should allow strings
4089
* Make stop message more similar to start
4090
* Implement top streaming for containers and pods
4091
* Handle HTTP 409 error messages properly for Pod actions
4092
* Add tests
4093
* Fix swagger definitions
4094
* More conforming libpod API and swagger types
4095
* More conforming libpod API and swagger types
4096
* Better emptiness test for custom JSON serializer
4097
* System tests: enhance volume test, add debug prints
4098
* add unit test to containers_test
4099
* Use correct swagger type in doc-comment
4100
* Cirrus: Authorize rootless user self-ssh
4101
* Fix libpod API conformance to swagger
4102
* Fix help message case for `podman version`
4103
* Fix pause usage example
4104
* Use systemctl in local system test
4105
* Allow label and labels when creating volumes
4106
* volumes: be more tolerant and fix infinite loop
4107
* Add information on how podman machine is updated
4108
* volumes: allow more options for devpts
4109
* volumes: do not pass mount opt as formatter string
4110
* Bump k8s.io/api from 0.22.2 to 0.22.3
4111
* runtime: change PID existence check
4112
* oci: rename sub-cgroup to runtime instead of supervisor
4113
* libpod: deduplicate ports in db
4114
* Set flags to test 'logs -f' with journald driver
4115
* Set Checkpointed state to false after restore
4116
* container create: fix --tls-verify parsing
4117
* runtime: check for pause pid existence
4118
* utils: do not overwrite the err variable
4119
* Fix systemd PID1 test
4120
* Record the image stream along with the path
4121
* cgroups: use SessionBusPrivateNoAutoStartup
4122
* vendor: update godbus to v5.0.6
4123
* Slirp4netns with ipv6 set net.ipv6.conf.default.accept_dad=0
4124
* Fix a few problems in 'podman logs --tail' with journald driver
4125
* Allow 'container restore' with '--ipc host'
4126
* Document to not set K8S envars for CNI
4127
* Bump github.com/docker/docker
4128
* pod create: remove need for pause image
4129
* add kubernetes pause
4130
* cirrus: containers: mount directory in /var/tmp to /tmp
4131
* overlay root fs: create mount on runtime dir
4132
* Update vendor github.com/opencontainers/runtime-tools
4133
* If Dockerfile exists in same directory as service, we should not use it.
4134
* Fix tests of podman image trust --raw and --json
4135
* Tighten the expected output of the "podman image trust show" test
4136
* Use INTEGRATION_ROOT instead of current directory
4137
* Add support to play kube for --log-opt
4138
* [NO NEW TESTS NEEDED] Fix off-by-one index comparision (reported by LGTM)
4139
* Fix some typos in documentation and comments (found by codespell)
4140
* Replace 'an user' => 'a user'
4141
* [CI:DOCS] Fix typo keep_id -> keep-id
4142
* Set DOCKER_HOST in the VM
4143
* fuse-overlay probably means fuse-overlayfs.
4144
* Support template unit files in podman generate systemd
4145
* Remove --kernel-memory options
4146
* tag: Support tagging manifest list instead of resolving to images
4147
* Remove infra ID from DB before removing containers
4148
* System tests: confirm that -a and -l clash
4149
* systemd: compatible with rootless mode
4150
* system tests: CONTAINER_* and --help: cleanup
4151
* podman run --memory=0 ... should not set memory limit
4152
* Add information on how to discover default log driver
4153
* Add test for system connection
4154
* Generate Kube should not print default structs
4155
* libpod: change mountpoint ownership c.Root when using overlay on top of external rootfs
4156
* Change podman connection list to use default field
4157
* Allow API to specify size and inode quota
4158
* Use exponential backoff when waiting for a journal entry
4159
* Pod Rm Infra Improvements
4160
* system tests: socket activation: clean up
4161
* rootfs-overlay: fix overlaybase path for cleanups
4162
* Move CONTAINER_HOST and _CONNECTION to IsRemote Function
4163
* We should only be relabeling when on first run
4164
* If CONTAINER_HOST env variable is set default podman --remote=true
4165
* Set targetPort to the port value in the kube yaml
4166
* Do not add TCP to protocol in generated kube yaml
4167
* Use CGO_ENABLED=1 when building natively on darwin
4168
* Test-hang fix: Wait for ready + timeout on connect.
4169
* Checkpoint/Restore test fixes
4170
* Don't include ctr.log if not using file logging
4171
* Don't use docker/pkg/archive, use containers/storage/pkg/archive
4172
* Fix codespell errors
4173
* Adjust tests to verify all subcommands show the help message
4174
* Fix panic in container create compat api
4175
* Don't add image entrypoint to the generate kube yaml
4176
* Display help text on empty subcommand by default
4177
* podman search: display only name and description by default
4178
* codespell code
4179
* Add information about .containerignore to podman build man page
4180
* CNI: fix network create --ip-range
4181
* Kube Gen run as user/group issues
4182
* rootlessport: reduce memory usage of the process
4183
* No space in kube annotations for bind mounts
4184
* Fix CI flake on time of shutdown for API service
4185
* Refactor podman search to be more code friendly
4186
* Unit files: Use actual installed path for podman
4187
* Bump github.com/onsi/ginkgo from 1.16.4 to 1.16.5
4188
* cgroups: use cgroup.controllers to read controllers
4189
* builder: Add support for builder prune
4190
* Remove a volume with --force if container is running
4191
* Use SplitN(2) when copying env variables
4192
* podman stats: move cgroup validation to server
4193
* fix test
4194
* Support readonly rootfs contains colon
4195
* [CI:DOCS] oci-hooks.5.md: fixup section in header
4196
* Enable /debug/pprof API service endpoints
4197
* Not all fields in machine list were set properly
4198
* faster image inspection
4199
* Warn if podman stop timeout expires that sigkill was sent
4200
* [CI:DOCS] introduce --replace flag for play kube
4201
* [CI:DOCS] Include manifest example usage
4202
* Change podman.1 man page to show corret log-level default
4203
* Bump github.com/opencontainers/selinux from 1.8.5 to 1.9.1
4204
* Fixes #11668
4205
* libpod: fix race when closing STDIN
4206
* Ensure `podman ps --sync` functions
4207
* Allow `podman stop` to be run on Stopping containers
4208
* Bump github.com/containers/image/v5 from 5.16.0 to 5.16.1
4209
* Bump github.com/docker/docker
4210
* It really should be no **NEW** tests needed
4211
* README.md: Point to Podman's channels
4212
* Add podman-plugins to upstream image
4213
* CNI networks: reload networks if needed
4214
* bump c/common to latest and c/storage to 1.37.0
4215
* Add --time out for podman * rm -f commands
4216
* Cirrus: Fix defunct package metadata breaking cache
4217
* Pod Events Logging Fix
4218
* [NO TESTS NEEDED] Ignore removed containers
4219
* Pod Volumes From Support
4220
* Add note about empty fields and null values for API responses
4221
* Bump github.com/containers/buildah from 1.23.0 to 1.23.1
4222
* Add podman play kube --no-hosts options
4223
* Gating tests: fix permissions error
4224
* pkg/specgen: cache image in generator
4225
* cirrus: gitlab: download packages
4226
* Add guard for BuildOptions.CommonBuildOpts
4227
* System tests: tighten 'is' operator
4228
* Update README and release notes for v3.4.0
4229
* sdnotify test: accept MAINPID anywhere
4230
* machine: silently cleanup dangling sockets before rm if possible
4231
* Add expose type map[uint16]string to description
4232
* [NO TESTS NEEDED] Fix typo in storage.conf file exists message
4233
* Support selinux options with bind mounts play/gen
4234
* kube: fix conversion from milliCPU to period/quota
4235
* Bump github.com/mattn/go-isatty from 0.0.12 to 0.0.14
4236
* test: use new helper
4237
* test: skip test on rootless cgroupsv1
4238
* machine: Info on successfully stopping qemu machine
4239
* Allow a value of -1 to set unlimited pids limit
4240
* Vendor in latest containers/storage
4241
* Storage can remove ErrNotAContainer as well
4242
* libpod: container create: init variable: do not deep copy spec
4243
* libpod: add GetConfigNoCopy()
4244
* libpod: add execSessionNoCopy
4245
* libpod: do not call (*container).Spec()
4246
* Pod Device-Read-BPS support
4247
* Remind user to check connection or use podman machine
4248
* Ensure pod ID bucket is properly updated on rename
4249
* Fix contributor make targets on Ubuntu and Debian
4250
* Implement PR template to assist review & release
4251
* libpod: do not call (*container).Config()
4252
* [NO TESTS NEEDED] Add port configuration to first regular container
4253
* [CI:DOCS] cmd/podman: no dot for short descriptions
4254
* move network alias validation to container create
4255
* set --cni-config-dir for exit command
4256
* always add short container id as net alias
4257
* image prune: support removing external containers
4258
* System tests: speed up. They've gotten too slow.
4259
* Add dockerfile.5 as man link to containerfile man page
4260
* Set MSI to be 64-bit only.
4261
* fix podman network prune integration test flakes
4262
* Cirrus: Add gitlab podman runner test
4263
* CNI: network remove do not error for ENOENT
4264
* remote build: EvalSymlinks() the context directory
4265
* stop: Do nothing if container was never created in runtime
4266
* logging: new mode -l passthrough
4267
* Allow machine options to be set from containers.conf
4268
* Vendor in containers/common v0.46.0
4269
* podman machine: do not join userns
4270
* Disable docker and alias to podman in FCOS ignition
4271
* added healthcheck to ps command
4272
* Fix english on prune prompt
4273
* Document missing /images/search query parameters
4274
* rootful: do not set XDG_RUNTIME_DIR for cni plugins
4275
* Revert "rootful: unset XDG_RUNTIME_DIR"
4276
* Add completion for machine list format
4277
* Set context dir for play kube build
4278
* Makefile: use -ldflags/-gccgoflags depending on the go implemenatiton
4279
* Update docs for --platform in podman-build.1
4280
* shell completion: do not show images without tag
4281
* podman inspect add State.Health field for docker compat
4282
* podman save: enforce signature removal
4283
* Add JSON version of the machine list
4284
* Add support for :U flag with --mount option
4285
* [CI:DOCS] Add link to running ctrimage on enablesysadm
4286
* Ignore mount errors except ErrContainerUnknown when cleaningup container
4287
* standardize logrus messages to upper case
4288
* podman generate kube should not include images command
4289
* Fix machine image
4290
* sync container state before reading the healthcheck
4291
* Also show the (initial) disk size
4292
* Show cpus and memory in machine list
4293
* Eighty-six eighty-eighty
4294
* net types: remove omitempty from required fields
4295
* podman save: add `--uncompressed`
4296
* Bump CNI to v1.0.1
4297
* vendor c/psgo@v1.7.1
4298
* [CI:DOCS] Add network alias note in man pages
4299
* Add a backoff and retries to retrieving exited event
4300
* Cross-build release-archives w/ arch in filename
4301
* Fix Error, empty output for info: 'VERSION'
4302
* Generate kube should'd add podman default environment vars
4303
* volume: Add support for overlay on named volumes
4304
* Pod Device Support
4305
* Support --format tables in ps output
4306
* Remove references to kube being development
4307
* Add support for retrieving system service --timeout
4308
* Add podman image/container inspect man pages
4309
* [CI:DOCS] Add link to skopeo delete in podman rmi
4310
* vendor c/common@main
4311
* remote untag: support digests
4312
* Created MapOptions for PodCreate
4313
* Bump k8s.io/api from 0.22.1 to 0.22.2
4314
* compat API: /images/json prefix image id with sha256
4315
* podman machine: use gvproxy for host.containers.internal
4316
* utils: return error message from StartTransientUnit
4317
* utils: raise warning only on cgroupv2
4318
* Add podman machine init --now option
4319
* System tests: cleanup, and remove obsolete skips
4320
* Add username flag for machine ssh
4321
* Remove unused code from libpod
4322
* [CI:DOCS] markdown cleanup
4323
* Fix up build the docs site
4324
* Use a new markdown converter for sphinx
4325
* runtime: move pause process to scope
4326
* system: move MovePauseProcessToScope to utils
4327
* system: always move pause process when running on systemd
4328
* system: avoid reading pause pid file
4329
* Only add 127.0.0.1 entry to /etc/hosts with --net=none
4330
* Add no-trunc support to podman-events
4331
* CNI: add ipvlan driver
4332
* CNI: network create support macvlan modes
4333
* Do not allow network modes to be used as network names
4334
* fix inverted condition
4335
* Fix /auth compat endpoint
4336
* Add Drivers method to the Network Interface
4337
* CI: load ipv6 kernel modules for rootless tests
4338
* Drop OCICNI dependency
4339
* Wire network interface into libpod
4340
* cni network configs set ipv6 enables correctly
4341
* default network: do not validate the used subnets
4342
* network create: validate the input subnet
4343
* Set default storage from containers.conf for temporary images
4344
* container runlabel remove image tag from name
4345
* build.bats: fix copy tests after containers/buildah#3486
4346
* build: mirror --authfile to filesystem if pointing to FD instead of file
4347
* Fix example in podman machine init man page
4348
* vendor: Bump github.com/containers/buildah from 1.22.3 to 1.23.0
4349
* api: handle nil pointer dereference in rest endpoints
4350
* build: take advantage of --platform lists
4351
* Document `all` query parameter for /libpod/images/prune
4352
* Show variant and codename of the distribution
4353
* Use new aarch64 fcos repos
4354
* Enhance bindings for IDE hints
4355
* Pod Volumes Support
4356
* test: enable --cgroup-parent test
4357
* libpod: honor --cgroups=split also with pods
4358
* tests: enable --cgroups=disabled test for rootless
4359
* tests: simplify --cgroups=disabled test
4360
* libpod: rootful close binded ports
4361
* Search gvproxy with config.FindHelperBinary()
4362
* rootfs: Add support for rootfs-overlay and bump to buildah v1.22.1-0.202108
4363
* fix restart always with rootlessport
4364
* Cirrus: NM/CNI workaround + Remove prior-Ubuntu
4365
* If container exits with 125 podman should exit with 125
4366
* Bump github.com/json-iterator/go from 1.1.11 to 1.1.12
4367
* bump c/common to v0.44.0
4368
* remove rootlessport socket to prevent EADDRINUSE
4369
* Add deprecated fields for 1.22+ clients that still expect them
4370
* Use default username for podman machine ssh
4371
4372
-------------------------------------------------------------------
4373
Thu Dec 9 10:49:22 UTC 2021 - Dan Čermák <dcermak@suse.com>
4374
4375
- Add: Provides: podman:/usr/bin/podman-remote subpackage for a clearer upgrade
4376
path from podman < 3.1.2
4377
4378
-------------------------------------------------------------------
4379
Wed Dec 08 21:22:26 UTC 2021 - michael@stroeder.com
4380
4381
- Update to version 3.4.4:
4382
* Bugfixes
4383
- Fixed a bug where the podman exec command would, under some circumstances,
4384
print a warning message about failing to move conmon to the appropriate cgroup (#12535).
4385
- Fixed a bug where named volumes created as part of container creation
4386
(e.g. podman run --volume avolume:/a/mountpoint or similar) would be
4387
mounted with incorrect permissions (#12523).
4388
- Fixed a bug where the podman-remote create and podman-remote run commands
4389
did not properly handle the --entrypoint="" option (to clear the container's entrypoint) (#12521).
4390
4391
-------------------------------------------------------------------
4392
Tue Dec 07 17:54:32 UTC 2021 - michael@stroeder.com
4393
4394
- Update to version 3.4.3:
4395
* Security
4396
- This release addresses CVE-2021-4024 / bsc#1193166, where the podman machine command opened the gvproxy API (used to forward ports to podman machine VMs) to the public internet on port 7777.
4397
- This release addresses CVE-2021-41190 / bsc#1193273, where incomplete specification of behavior regarding image manifests could lead to inconsistent decoding on different clients.
4398
* Features
4399
- The --secret type=mount option to podman create and podman run supports a new option, target=, which specifies where in the container the secret will be mounted (#12287).
4400
* Bugfixes
4401
- Fixed a bug where rootless Podman would occasionally print warning messages about failing to move the pause process to a new cgroup (#12065).
4402
- Fixed a bug where the podman run and podman create commands would, when pulling images, still require TLS even with registries set to Insecure via config file (#11933).
4403
- Fixed a bug where the podman generate systemd command generated units that depended on multi-user.target, which has been removed from some distributions (#12438).
4404
- Fixed a bug where Podman could not run containers with images that had /etc/ as a symlink (#12189).
4405
- Fixed a bug where the podman logs -f command would, when using the journald logs backend, exit immediately if the container had previously been restarted (#12263).
4406
- Fixed a bug where, in containers on VMs created by podman machine, the host.containers.internal name pointed to the VM, not the host system (#11642).
4407
- Fixed a bug where containers and pods created by the podman play kube command in VMs managed by podman machine would not automatically forward ports from the host machine (#12248).
4408
- Fixed a bug where podman machine init would fail on OS X when GNU Coreutils was installed (#12329).
4409
- Fixed a bug where podman machine start would exit before SSH on the started VM was accepting connections (#11532).
4410
- Fixed a bug where the podman run command with signal proxying (--sig-proxy) enabled could print an error if it attempted to send a signal to a container that had just exited (#8086).
4411
- Fixed a bug where the podman stats command would not return correct information for containers running Systemd as PID1 (#12400).
4412
- Fixed a bug where the podman image save command would fail on OS X when writing the image to STDOUT (#12402).
4413
- Fixed a bug where the podman ps command did not properly handle PS arguments which contained whitespace (#12452).
4414
- Fixed a bug where the podman-remote wait command could fail to detect that the container exited and return an error under some circumstances (#12457).
4415
- Fixed a bug where the Windows MSI installer for podman-remote would break the PATH environment variable by adding an extra " (#11416).
4416
* API
4417
- Updated the containers/image library to v5.17.0
4418
- The Libpod Play Kube endpoint now also accepts ConfigMap YAML as part of its payload, and will use provided any ConfigMap to configure provided pods and services.
4419
- Fixed a bug where the Compat Create endpoint for Containers would not always create the container's working directory if it did not exist (#11842).
4420
- Fixed a bug where the Compat Create endpoint for Containers returned an incorrect error message with 404 errors when the requested image was not found (#12315).
4421
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle the HostConfig.Mounts field (#12419).
4422
- Fixed a bug where the Compat Archive endpoint for Containers did not properly report errors when the operation failed (#12420).
4423
- Fixed a bug where the Compat Build endpoint for Images ignored the layers query parameter (for caching intermediate layers from the build) (#12378).
4424
- Fixed a bug where the Compat Build endpoint for Images did not report errors in a manner compatible with Docker (#12392).
4425
- Fixed a bug where the Compat Build endpoint for Images would fail to build if the context directory was a symlink (#12409).
4426
- Fixed a bug where the Compat List endpoint for Images included manifest lists (and not just images) in returned results (#12453).
4427
* Misc
4428
- Podman now builds by default with cgo enabled on OS X, resolving some issues with SSH (#10737).
4429
4430
-------------------------------------------------------------------
4431
Sat Nov 13 11:21:06 UTC 2021 - michael@stroeder.com
4432
4433
- Update to version 3.4.2:
4434
* Fixed a bug where podman tag could not tag manifest lists (#12046).
4435
* Fixed a bug where built-in volumes specified by images would not be
4436
created correctly under some circumstances.
4437
* Fixed a bug where, when using Podman Machine on OS X, containers in pods
4438
did not have working port forwarding from the host (#12207).
4439
* Fixed a bug where the podman network reload command command on containers
4440
using the slirp4netns network mode and the rootlessport port forwarding
4441
driver would make an unnecessary attempt to restart rootlessport
4442
on containers that did not forward ports.
4443
* Fixed a bug where the podman generate kube command would generate YAML
4444
including some unnecessary (set to default) fields (e.g. empty SELinux and
4445
DNS configuration blocks, and the privileged flag when set to false) (#11995).
4446
* Fixed a bug where the podman pod rm command could, if interrupted at the right moment,
4447
leave a reference to an already-removed infra container behind (#12034).
4448
* Fixed a bug where the podman pod rm command would not remove pods with
4449
more than one container if all containers save for the infra container
4450
were stopped unless --force was specified (#11713).
4451
* Fixed a bug where the --memory flag to podman run and podman create did
4452
not accept a limit of 0 (which should specify unlimited memory) (#12002).
4453
* Fixed a bug where the remote Podman client's podman build command could
4454
attempt to build a Dockerfile in the working directory of the podman
4455
system service instance instead of the Dockerfile specified by the user (#12054).
4456
* Fixed a bug where the podman logs --tail command could function improperly
4457
(printing more output than requested) when the journald log driver was used.
4458
* Fixed a bug where containers run using the slirp4netns network mode with
4459
IPv6 enabled would not have IPv6 connectivity until several seconds after they started (#11062).
4460
* Fixed a bug where some Podman commands could cause an extra dbus-daemon
4461
process to be created (#9727).
4462
* Fixed a bug where rootless Podman would sometimes print warnings
4463
about a failure to move the pause process into a given CGroup (#12065).
4464
* Fixed a bug where the checkpointed field in podman inspect on a container
4465
was not set to false after a container was restored.
4466
* Fixed a bug where the podman system service command would print
4467
overly-verbose logs about request IDs (#12181).
4468
* Fixed a bug where Podman could, when creating a new container without a name
4469
explicitly specified by the user, sometimes use an auto-generated name already
4470
in use by another container if multiple containers were being created in parallel (#11735).
4471
4472
-------------------------------------------------------------------
4473
Wed Oct 20 14:55:38 UTC 2021 - michael@stroeder.com
4474
4475
- Update to version 3.4.1:
4476
* Bugfixes
4477
- Fixed a bug where podman machine init could, under some circumstances,
4478
create invalid machine configurations which could not be started (#11824).
4479
- Fixed a bug where the podman machine list command would not properly
4480
populate some output fields.
4481
- Fixed a bug where podman machine rm could leave dangling sockets from
4482
the removed machine (#11393).
4483
- Fixed a bug where podman run --pids-limit=-1 was not supported (it now
4484
sets the PID limit in the container to unlimited) (#11782).
4485
- Fixed a bug where podman run and podman attach could throw errors about
4486
a closed network connection when STDIN was closed by the client (#11856).
4487
- Fixed a bug where the podman stop command could fail when run on a
4488
container that had another podman stop command run on it previously.
4489
- Fixed a bug where the --sync flag to podman ps was nonfunctional.
4490
- Fixed a bug where the Windows and OS X remote clients' podman stats
4491
command would fail (#11909).
4492
- Fixed a bug where the podman play kube command did not properly handle
4493
environment variables whose values contained an = (#11891).
4494
- Fixed a bug where the podman generate kube command could generate
4495
invalid annotations when run on containers with volumes that use SELinux
4496
relabelling (:z or :Z) (#11929).
4497
- Fixed a bug where the podman generate kube command would generate YAML
4498
including some unnecessary (set to default) fields (e.g. user and group,
4499
entrypoint, default protocol for forwarded ports) (#11914, #11915, and #11965).
4500
- Fixed a bug where the podman generate kube command could, under some
4501
circumstances, generate YAML including an invalid targetPort field for
4502
forwarded ports (#11930).
4503
- Fixed a bug where rootless Podman's podman info command could, under
4504
some circumstances, not read available CGroup controllers (#11931).
4505
- Fixed a bug where podman container checkpoint --export would fail to
4506
checkpoint any container created with --log-driver=none (#11974).
4507
* API
4508
- Fixed a bug where the Compat Create endpoint for Containers could panic
4509
when no options were passed to a bind mount of tmpfs (#11961).
4510
4511
-------------------------------------------------------------------
4512
Fri Oct 01 08:45:30 UTC 2021 - michael@stroeder.com
4513
4514
- Update to version 3.4.0:
4515
* Features
4516
- Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the podman create command's --init-ctr option.
4517
- Support for init containers has also been added to podman play kube and podman generate kube - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
4518
- The podman play kube command now supports building images. If the --build option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
4519
- The podman play kube command now supports a new option, --teardown, which removes any pods and containers created by the given Kubernetes YAML.
4520
- The podman generate kube command now generates annotations for SELinux mount options on volume (:z and :Z) that are respected by the podman play kube command.
4521
- A new command has been added, podman pod logs, to return logs for all containers in a pod at the same time.
4522
- Two new commands have been added, podman volume export (to export a volume to a tar file) and podman volume import) (to populate a volume from a given tar file).
4523
- The podman auto-update command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
4524
- Pods now share their user namespace by default, and the podman pod create command now supports the --userns option. This allows rootless pods to be created with the --userns=keep-id option.
4525
- The podman pod ps command now supports a new filter with its --filter option, until, which returns pods created before a given timestamp.
4526
- The podman image scp command has been added. This command allows images to be transferred between different hosts.
4527
- The podman stats command supports a new option, --interval, to specify the amount of time before the information is refreshed.
4528
- The podman inspect command now includes ports exposed (but not published) by containers (e.g. ports from --expose when --publish-all is not specified).
4529
- The podman inspect command now has a new boolean value, Checkpointed, which indicates that a container was stopped as a result of a podman container checkpoint operation.
4530
- Volumes created by podman volume create now support setting quotas when run atop XFS. The size and inode options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
4531
- The podman info command now outputs information on what log drivers, network drivers, and volume plugins are available for use (#11265).
4532
- The podman info command now outputs the current log driver in use, and the variant and codename of the distribution in use.
4533
- The parameters of the VM created by podman machine init (amount of disk space, memory, CPUs) can now be set in containers.conf.
4534
- The podman machine ls command now shows additional information (CPUs, memory, disk size) about VMs managed by podman machine.
4535
- The podman ps command now includes healthcheck status in container state for containers that have healthchecks (#11527).
4536
* Changes
4537
- The podman build command has a new alias, podman buildx, to improve compatibility with Docker. We have already added support for many docker buildx flags to podman build and aim to continue to do so.
4538
- Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
4539
- The default log driver has been changed from file to journald. The file driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the file.
4540
- Podman no longer depends on ip for removing networks (#11403).
4541
- The deprecated --macvlan flag to podman network create now warns when it is used. It will be removed entirely in the Podman 4.0 release.
4542
- The podman machine start command now prints a message when the VM is successfully started.
4543
- The podman stats command can now be used on containers that are paused.
4544
- The podman unshare command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
4545
- Successful healthchecks will no longer add a healthy line to the system log to reduce log spam.
4546
- As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by podman machine now default to only using the docker.io registry.
4547
* Bugfixes
4548
- Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in containers.conf) would cause them to be parsed incorrectly.
4549
- Fixed a bug where the Windows remote client improperly validated volume paths (#10900).
4550
- Fixed a bug where the first line of logs from a container run with the journald log driver could be skipped.
4551
- Fixed a bug where images created by podman commit did not include ports exposed by the container.
4552
- Fixed a bug where the podman auto-update command would ignore the io.containers.autoupdate.authfile label when pulling images (#11171).
4553
- Fixed a bug where the --workdir option to podman create and podman run could not be set to a directory where a volume was mounted (#11352).
4554
- Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers (#10443).
4555
- Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
4556
- Fixed a bug where rootless containers could fail to start the rootlessport port-forwarding service when XDG_RUNTIME_DIR was set to a long path.
4557
- Fixed a bug where arguments to the --systemd option to podman create and podman run were case-sensitive (#11387).
4558
- Fixed a bug where the podman manifest rm command would also remove images referenced by the manifest, not just the manifest itself (#11344).
4559
- Fixed a bug where the Podman remote client on OS X would not function properly if the TMPDIR environment variable was not set (#11418).
4560
- Fixed a bug where the /etc/hosts file was not guaranteed to contain an entry for localhost (this is still not guaranteed if --net=host is used; such containers will exactly match the host's /etc/hosts) (#11411).
4561
- Fixed a bug where the podman machine start command could print warnings about unsupported CPU features (#11421).
4562
- Fixed a bug where the podman info command could segfault when accessing cgroup information.
4563
- Fixed a bug where the podman logs -f command could hang when a container exited (#11461).
4564
- Fixed a bug where the podman generate systemd command could not be used on containers that specified a restart policy (#11438).
4565
- Fixed a bug where the remote Podman client's podman build command would fail to build containers if the UID and GID on the client were higher than 65536 (#11474).
4566
- Fixed a bug where the remote Podman client's podman build command would fail to build containers if the context directory was a symlink (#11732).
4567
- Fixed a bug where the --network flag to podman play kube was not properly parsed when a non-bridge network configuration was specified.
4568
- Fixed a bug where the podman inspect command could error when the container being inspected was removed as it was being inspected (#11392).
4569
- Fixed a bug where the podman play kube command ignored the default pod infra image specified in containers.conf.
4570
- Fixed a bug where the --format option to podman inspect was nonfunctional under some circumstances (#8785).
4571
- Fixed a bug where the remote Podman client's podman run and podman exec commands could skip a byte of output every 8192 bytes (#11496).
4572
- Fixed a bug where the podman stats command would print nonsensical results if the container restarted while it was running (#11469).
4573
- Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client (#11444).
4574
- Fixed a bug where the podman run command could return 0 when the application in the container exited with 125 (#11540).
4575
- Fixed a bug where containers with --restart=always set using the rootlessport port-forwarding service could not be restarted automatically.
4576
- Fixed a bug where the --cgroups=split option to podman create and podman run was silently discarded if the container was part of a pod.
4577
- Fixed a bug where the podman container runlabel command could fail if the image name given included a tag.
4578
- Fixed a bug where Podman could add an extra 127.0.0.1 entry to /etc/hosts under some circumstances (#11596).
4579
- Fixed a bug where the remote Podman client's podman untag command did not properly handle tags including a digest (#11557).
4580
- Fixed a bug where the --format option to podman ps did not properly support the table argument for tabular output.
4581
- Fixed a bug where the --filter option to podman ps did not properly handle filtering by healthcheck status (#11687).
4582
- Fixed a bug where the podman run and podman start --attach commands could race when retrieving the exit code of a container that had already been removed resulting in an error (e.g. by an external podman rm -f) (#11633).
4583
- Fixed a bug where the podman generate kube command would add default environment variables to generated YAML.
4584
- Fixed a bug where the podman generate kube command would add the default CMD from the image to generated YAML (#11672).
4585
- Fixed a bug where the podman rm --storage command could fail to remove containers under some circumstances (#11207).
4586
- Fixed a bug where the podman machine ssh command could fail when run on Linux (#11731).
4587
- Fixed a bug where the podman stop command would error when used on a container that was already stopped (#11740).
4588
- Fixed a bug where renaming a container in a pod using the podman rename command, then removing the pod using podman pod rm, could cause Podman to believe the new name of the container was permanently in use, despite the container being removed (#11750).
4589
* API
4590
- The Libpod Pull endpoint for Images now has a new query parameter, quiet, which (when set to true) suppresses image pull progress reports (#10612).
4591
- The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
4592
- The Compat List and Inspect endpoints for Images now prefix image IDs with sha256: for improved Docker compatibility (#11623).
4593
- The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields (#11225).
4594
- The Compat Create endpoint for Containers now supports volume options provided by the Mounts field (#10831).
4595
- The Compat List endpoint for Secrets now supports a new query parameter, filter, which allows returned results to be filtered.
4596
- The Compat Auth endpoint now returns the correct response code (500 instead of 400) when logging into a registry fails.
4597
- The Version endpoint now includes information about the OCI runtime and Conmon in use (#11227).
4598
- Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images (#11235).
4599
- Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
4600
- Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses (#10053).
4601
* Misc
4602
- Updated Buildah to v1.23.0
4603
- Updated the containers/storage library to v1.36.0
4604
- Updated the containers/image library to v5.16.0
4605
- Updated the containers/common library to v0.44.0
4606
4607
-------------------------------------------------------------------
4608
Thu Sep 2 22:37:06 UTC 2021 - Michael Ströder <michael@stroeder.com>
4609
4610
- require runc >= 1.0.1
4611
4612
-------------------------------------------------------------------
4613
Tue Aug 31 05:57:57 UTC 2021 - michael@stroeder.com
4614
4615
- Update to version 3.3.1:
4616
* Bugfixes
4617
- Fixed a bug where unit files created by podman generate systemd could
4618
not cleanup shut down containers when stopped by systemctl stop (#11304).
4619
- Fixed a bug where podman machine commands would not properly locate
4620
the gvproxy binary in some circumstances.
4621
- Fixed a bug where containers created as part of a pod using the
4622
--pod-id-file option would not join the pod's network namespace (#11303).
4623
- Fixed a bug where Podman, when using the systemd cgroups driver,
4624
could sometimes leak dbus sessions.
4625
- Fixed a bug where the until filter to podman logs and podman events
4626
was improperly handled, requiring input to be negated (#11158).
4627
- Fixed a bug where rootless containers using CNI networking run on
4628
systems using systemd-resolved for DNS would fail to start if resolved
4629
symlinked /etc/resolv.conf to an absolute path (#11358).
4630
* API
4631
- A large number of potential file descriptor leaks from improperly closing
4632
client connections have been fixed.
4633
4634
-------------------------------------------------------------------
4635
Mon Aug 23 10:36:00 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
4636
4637
- Revert crun change due to crun having exclusive arch targets
4638
that would drop podman support in PPC and IBM Z
4639
4640
-------------------------------------------------------------------
4641
Fri Aug 20 20:58:22 UTC 2021 - michael@stroeder.com
4642
4643
- Update to version 3.3.0:
4644
* Fix network aliases with network id
4645
* machine: compute sha256 as we read the image file
4646
* machine: check for file exists instead of listing directory
4647
* pkg/bindings/images.nTar(): slashify hdr.Name values
4648
* Volumes: Only remove from DB if plugin removal succeeds
4649
* For compatibility, ignore Content-Type
4650
* [v3.3] Bump c/image 5.15.2, buildah v1.22.3
4651
* Implement SD-NOTIFY proxy in conmon
4652
* Fix rootless cni dns without systemd stub resolver
4653
* fix rootlessport flake
4654
* Skip stats test in CGv1 container environments
4655
* Fix AVC denials in tests of volume mounts
4656
* Restore buildah-bud test requiring new images
4657
* Revert ".cirrus.yml: use fresh images for all VMs"
4658
* Fix device tests using ls test files
4659
* Enhance priv. dev. check
4660
* Workaround host availability of /dev/kvm
4661
* Skip cgroup-parent test due to frequent flakes
4662
* Cirrus: Fix not uploading logformatter html
4663
4664
-------------------------------------------------------------------
4665
Fri Aug 13 11:26:44 UTC 2021 - Alexandre Vicenzi <alexandre.vicenzi@suse.com>
4666
4667
- Switch to crun (bsc#1188914)
4668
4669
-------------------------------------------------------------------
4670
Sat Jul 17 16:37:58 UTC 2021 - michael@stroeder.com
4671
4672
- Update to version 3.2.3:
4673
* Bump to v3.2.3
4674
* Update release notes for v3.2.3
4675
* vendor containers/common@v0.38.16
4676
* vendor containers/buildah@v1.21.3
4677
* Fix race conditions in rootless cni setup
4678
* CNI-in-slirp4netns: fix bind-mount for /run/systemd/resolve/stub-resolv.conf
4679
* Make rootless-cni setup more robust
4680
* Support uid,gid,mode options for secrets
4681
* vendor containers/common@v0.38.15
4682
* [CI:DOCS] podman search: clarify that results depend on implementation
4683
* vendor containers/common@v0.38.14
4684
* vendor containers/common@v0.38.13
4685
* [3.2] vendor containers/common@v0.38.12
4686
* Bump README to v3.2.2
4687
* Bump to v3.2.3-dev
4688
4689
-------------------------------------------------------------------
4690
Sun Jun 27 09:33:30 UTC 2021 - idesmi@protonmail.com
4691
4692
- Update to version 3.2.2:
4693
* Bump to v3.2.2
4694
* fix systemcontext to use correct TMPDIR
4695
* Scrub podman commands to use report package
4696
* Fix volumes with uid and gid options
4697
* Vendor in c/common v0.38.11
4698
* Initial release notes for v3.2.2
4699
* Fix restoring of privileged containers
4700
* Fix handling of podman-remote build --device
4701
* Add support for podman remote build -f - .
4702
* Fix panic condition in cgroups.getAvailableControllers
4703
* Fix permissions on initially created named volumes
4704
* Fix building static podman-remote
4705
* add correct slirp ip to /etc/hosts
4706
* disable tty-size exec checks in system tests
4707
* Fix resize race with podman exec -it
4708
* Fix documentation of the --format option of podman push
4709
* Fix systemd-resolved detection.
4710
* Health Check is not handled in the compat LibpodToContainerJSON
4711
* Do not use inotify for OCICNI
4712
* getContainerNetworkInfo: lock netNsCtr before sync
4713
* [NO TESTS NEEDED] Create /etc/mtab with the correct ownership
4714
* Create the /etc/mtab file if does not exists
4715
* [v3.2] cp: do not allow dir->file copying
4716
* create: support images with invalid platform
4717
* vendor containers/common@v0.38.10
4718
* logs: k8s-file: restore poll sleep
4719
* logs: k8s-file: fix spurious error logs
4720
* utils: move message from warning to debug
4721
* Bump to v3.2.2-dev
4722
4723
-------------------------------------------------------------------
4724
Mon Jun 14 18:07:50 UTC 2021 - idesmi@protonmail.com
4725
4726
- Update to version 3.2.1:
4727
* Bump to v3.2.1
4728
* Updated release notes for v3.2.1
4729
* Fix network connect race with docker-compose
4730
* Revert "Ensure minimum API version is set correctly in tests"
4731
* Fall back to string for dockerfile parameter
4732
* remote events: fix --stream=false
4733
* [CI:DOCS] fix incorrect network remove api doc
4734
* remote: always send resize before the container starts
4735
* remote events: support labels
4736
* remote pull: cancel pull when connection is closed
4737
* Fix network prune api docs
4738
* Improve systemd-resolved detection
4739
* logs: k8s-file: fix race
4740
* Fix image prune --filter cmd behavior
4741
* Several shell completion fixes
4742
* podman-remote build should handle -f option properly
4743
* System tests: deal with crun 0.20.1
4744
* Fix build tags for pkg/machine...
4745
* Fix pre-checkpointing
4746
* container: ignore named hierarchies
4747
* [v3.2] vendor containers/common@v0.38.9
4748
* rootless: fix fast join userns path
4749
* [v3.2] vendor containers/common@v0.38.7
4750
* [v3.2] vendor containers/common@v0.38.6
4751
* Correct qemu options for Intel macs
4752
* Ensure minimum API version is set correctly in tests
4753
* Bump to v3.2.1-dev
4754
4755
-------------------------------------------------------------------
4756
Tue Jun 08 09:47:00 UTC 2021 - idesmi@protonmail.com
4757
4758
- Update to version 3.2.0:
4759
* Bump to v3.2.0
4760
* Fix network create macvlan with subnet option
4761
* Final release notes updates for v3.2.0
4762
* add ipv6 nameservers only when the container has ipv6 enabled
4763
* Use request context instead of background
4764
* [v.3.2] events: support disjunctive filters
4765
* System tests: add :Z to volume mounts
4766
* generate systemd: make mounts portable
4767
* vendor containers/storage@v1.31.3
4768
* vendor containers/common@v0.38.5
4769
* Bump to v3.2.0-dev
4770
* Bump to v3.2.0-RC3
4771
* Update release notes for v3.2.0-RC3
4772
* Fix race on podman start --all
4773
* Fix race condition in running ls container in a pod
4774
* docs: --cert-dir: point to containers-certs.d(5)
4775
* Handle hard links in different directories
4776
* Improve OCI Runtime error
4777
* Handle hard links in remote builds
4778
* Podman info add support for status of cgroup controllers
4779
* Drop container does not exist on removal to debugf
4780
* Downgrade API service routing table logging
4781
* add libimage events
4782
* docs: generate systemd: XDG_RUNTIME_DIR
4783
* Fix problem copying files when container is in host pid namespace
4784
* Bump to v3.2.0-dev
4785
* Bump to v3.2.0-RC2
4786
* update c/common
4787
* Update Cirrus DEST_BRANCH to v3.2
4788
* Updated vendors of c/image, c/storage, Buildah
4789
* Initial release notes for v3.2.0-RC2
4790
* Add script for identifying commits in release branches
4791
* Add host.containers.internal entry into container's etc/hosts
4792
* image prune: remove unused images only with `--all`
4793
* podman network reload add rootless support
4794
* Use more recent `stale` release...
4795
* network tutorial: update with rootless cni changes
4796
* [CI:DOCS] Update first line in intro page
4797
* Use updated VM images + updated automation tooling
4798
* auto-update service: prune images
4799
* make vendor
4800
* fix system upgrade tests
4801
* Print "extracting" only on compressed file
4802
* podman image tree: restore previous behavior
4803
* fix network restart always test
4804
* fix incorrect log driver in podman container image
4805
* Add support for cli network prune --filter flag
4806
* Move filter parsing to common utils
4807
* Bump github.com/containers/storage from 1.30.2 to 1.30.3
4808
* Update nix pin with `make nixpkgs`
4809
* [CI:DOCS] hack/bats - new helper for running system tests
4810
* fix restart always with slirp4netns
4811
* Bump github.com/opencontainers/runc from 1.0.0-rc93 to 1.0.0-rc94
4812
* Bump github.com/coreos/go-systemd/v22 from 22.3.1 to 22.3.2
4813
* Add host.serviceIsRemote to podman info results
4814
* Add client disconnect to build handler loop
4815
* Remove obsolete skips
4816
* Fix podman-remote build --rm=false ...
4817
* fix: improved "containers/{name}/wait" endpoint
4818
* Bump github.com/containers/storage from 1.30.1 to 1.30.2
4819
* Add envars to the generated systemd unit
4820
* fix: use UTC Time Stamps in response JSON
4821
* fix container startup for empty pidfile
4822
* Kube like pods should share ipc,net,uts by default
4823
* fix: compat API "images/get" for multiple images
4824
* Revert escaped double dash man page flag syntax
4825
* Report Download complete in Compatibility mode
4826
* Add documentation on short-names
4827
* Bump github.com/docker/docker
4828
* Adds support to preserve auto update labels in generate and play kube
4829
* [CI:DOCS] Stop conversion of `--` into en dash
4830
* Revert Patch to relabel if selinux not enabled
4831
* fix per review request
4832
* Add support for environment variable secrets
4833
* fix pre review request
4834
* Fix infinite loop in isPathOnVolume
4835
* Add containers.conf information for changing defaults
4836
* CI: run rootless tests under ubuntu
4837
* Fix wrong macvlan PNG in networking doc.
4838
* Add restart-policy to container filters & --filter to podman start
4839
* Fixes docker-compose cannot set static ip when use ipam
4840
* channel: simplify implementation
4841
* build: improve regex for iidfile
4842
* Bump github.com/onsi/gomega from 1.11.0 to 1.12.0
4843
* cgroup: fix rootless --cgroup-parent with pods
4844
* fix: docker APIv2 `images/get`
4845
* codespell cleanup
4846
* Minor podmanimage docs updates.
4847
* Fix handling of runlabel IMAGE and NAME
4848
* Bump to v3.2.0-dev
4849
* Bump to v3.2.0-rc1
4850
* rootless: improve automatic range split
4851
* podman: set volatile storage flag for --rm containers
4852
* Bump github.com/onsi/ginkgo from 1.16.1 to 1.16.2
4853
* Bump github.com/containers/image/v5 from 5.11.1 to 5.12.0
4854
* migrate Podman to containers/common/libimage
4855
* Add filepath glob support to --security-opt unmask
4856
* Force log_driver to k8s-file for containers in containers
4857
* add --mac-address to podman play kube
4858
* compat api: Networks must be empty instead of null
4859
* System tests: honor $OCI_RUNTIME (for CI)
4860
* is this a bug?
4861
* system test image: add arm64v8 image
4862
* Fix troubleshooting documentation on handling sublemental groups.
4863
* Add --all to podman start
4864
* Fix variable reference typo. in multi-arch image action
4865
* cgroup: always honor --cgroup-parent with cgroupfs
4866
* Bump github.com/uber/jaeger-client-go
4867
* Don't require tests for github-actions & metadata
4868
* Detect if in podman machine virtual vm
4869
* Fix multi-arch image workflow typo
4870
* [CI:DOCS] Add titles to remote docs (windows)
4871
* Remove unused VolumeList* structs
4872
* Cirrus: Update F34beta -> F34
4873
* Update container image docs + fix unstable execution
4874
* Bump github.com/containers/storage from 1.30.0 to 1.30.1
4875
* TODO complete
4876
* Docker returns 'die' status rather then 'died' status
4877
* Check if another VM is running on machine start
4878
* [CI:DOCS] Improve titles of command HTML pages
4879
* system tests: networking: fix another race condition
4880
* Use seccomp_profile as default profile if defined in containers.conf
4881
* Bump github.com/json-iterator/go from 1.1.10 to 1.1.11
4882
* Vendored
4883
* Autoupdate local label functional
4884
* System tests: fix two race conditions
4885
* Add more documentation on conmon
4886
* Allow docker volume create API to pass without name
4887
* Cirrus: Update Ubuntu images to 21.04
4888
* Skip blkio-weight test when no kernel BFQ support
4889
* rootless: Tell the user what was led to the error, not just what it is
4890
* Add troubleshooting advice about the --userns option.
4891
* Fix images prune filter until
4892
* Fix logic for pushing stable multi-arch images
4893
* Fixes generate kube incorrect when bind-mounting "/" and "/root"
4894
* libpod/image: unit tests: don't use system's registries.conf.d
4895
* runtime: create userns when CAP_SYS_ADMIN is not present
4896
* rootless: attempt to copy current mappings first
4897
* [CI:DOCS] Restore missing content to manpages
4898
* [CI:DOCS] Fix Markdown layout bugs
4899
* Fix podman ps --filter ancestor to match exact ImageName/ImageID
4900
* Add machine-enabled to containers.conf for machine
4901
* Several multi-arch image build/push fixes
4902
* Add podman run --timeout option
4903
* Parse slirp4netns net options with compat api
4904
* Fix rootlesskit port forwarder with custom slirp cidr
4905
* Fix removal race condition in ListContainers
4906
* Add github-action workflow to build/push multi-arch
4907
* rootless: if root is not sub?id raise a debug message
4908
* Bump github.com/containers/common from 0.36.0 to 0.37.0
4909
* Add go template shell completion for --format
4910
* Add --group-add keep-groups: suplimentary groups into container
4911
* Fixes from make codespell
4912
* Typo fix to usage text of --compress option
4913
* corrupt-image test: fix an oops
4914
* Add --noheading flag to all list commands
4915
* Bump github.com/containers/storage from 1.29.0 to 1.30.0
4916
* Bump github.com/containers/image/v5 from 5.11.0 to 5.11.1
4917
* [CI:DOCS] Fix Markdown table layout bugs
4918
* podman-remote should show podman.sock info
4919
* rmi: don't break when the image is missing a manifest
4920
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
4921
* Add support for CDI device configuration
4922
* [CI:DOCS] Add missing dash to verbose option
4923
* Bump github.com/uber/jaeger-client-go
4924
* Remove an advanced layer diff function
4925
* Ensure mount destination is clean, no trailing slash
4926
* add it for inspect pidfile
4927
* [CI:DOCS] Fix introduction page typo
4928
* support pidfile on container restore
4929
* fix start it
4930
* skip pidfile test on remote
4931
* improve document
4932
* set pidfile default value int containerconfig
4933
* add pidfile in inspection
4934
* add pidfile it for container start
4935
* skip pidfile it on remote
4936
* Modify according to comments
4937
* WIP: drop test requirement
4938
* runtime: bump required conmon version
4939
* runtime: return findConmon to libpod
4940
* oci: drop ExecContainerCleanup
4941
* oci: use `--full-path` option for conmon
4942
* use AttachSocketPath when removing conmon files
4943
* hide conmon-pidfile flag on remote mode
4944
* Fix possible panic in libpod/image/prune.go
4945
* add --ip to podman play kube
4946
* add flag autocomplete
4947
* add ut
4948
* add flag "--pidfile" for podman create/run
4949
* Add network bindings tests: remove and list
4950
* Fix build with GO111MODULE=off
4951
* system tests: build --pull-never: deal with flakes
4952
* compose test: diagnose flakes v3
4953
* podman play kube apply correct log driver
4954
* Fixes podman-remote save to directories does not work
4955
* Bump github.com/rootless-containers/rootlesskit from 0.14.1 to 0.14.2
4956
* Update documentation of podman-run to reflect volume "U" option
4957
* Fix flake on failed podman-remote build : try 2
4958
* compose test: ongoing efforts to diagnose flakes
4959
* Test that we don't error out on advertised --log-level values
4960
* At trace log level, print error text using %+v instead of %v
4961
* pkg/errorhandling.JoinErrors: don't throw away context for lone errors
4962
* Recognize --log-level=trace
4963
* Fix flake on failed podman-remote build
4964
* System tests: fix racy podman-inspect
4965
* Fixes invalid expression in save command
4966
* Bump github.com/containers/common from 0.35.4 to 0.36.0
4967
* Update nix pin with `make nixpkgs`
4968
* compose test: try to get useful data from flakes
4969
* Remove in-memory state implementation
4970
* Fix message about runtime to show only the actual runtime
4971
* System tests: setup: better cleanup of stray images
4972
* Bump github.com/containers/ocicrypt from 1.1.0 to 1.1.1
4973
* Reflect current state of prune implementation in docs
4974
* Do not delete container twice
4975
* [CI:DOCS] Correct status code for /pods/create
4976
* vendor in containers/storage v1.29.0
4977
* cgroup: do not set cgroup parent when rootless and cgroupfs
4978
* Overhaul Makefile binary and release worflows
4979
* Reorganize Makefile with sections and guide
4980
* Simplify Makefile help target
4981
* Don't shell to obtain current directory
4982
* Remove unnecessary/not-needed release.txt target
4983
* Fix incorrect version number output
4984
* Exclude .gitignore from test req.
4985
* Fix handling of $NAME and $IMAGE in runlabel
4986
* Update podman image Dockerfile to support Podman in container
4987
* Bump github.com/containers/image/v5 from 5.10.5 to 5.11.0
4988
* Fix slashes in socket URLs
4989
* Add network prune filters support to bindings
4990
* Add support for play/generate kube volumes
4991
* Update manifest API endpoints
4992
* Fix panic when not giving a machine name for ssh
4993
* cgroups: force 64 bits to ParseUint
4994
* Bump k8s.io/api from 0.20.5 to 0.21.0
4995
* [CI:DOCS] Fix formatting of podman-build man page
4996
* buildah-bud tests: simplify
4997
* Add missing return
4998
* Bump github.com/onsi/ginkgo from 1.16.0 to 1.16.1
4999
* speed up CI handling of images
5000
* Volumes prune endpoint should use only prune filters
5001
* Cirrus: Use Fedora 34beta images
5002
* Bump go.sum + Makefile for golang 1.16
5003
* Exempt Makefile changes from test requirements
5004
* Adjust libpod API Container Wait documentation to the code
5005
* [CI:DOCS] Update swagger definition of inspect manifest
5006
* use updated ubuntu images
5007
* podman unshare: add --rootless-cni to join the ns
5008
* Update swagger-check
5009
* swagger: remove name wildcards
5010
* Update buildah-bud diffs
5011
* Handle podman-remote --arch, --platform, --os
5012
* buildah-bud tests: handle go pseudoversions, plus...
5013
* Fix flaking rootless compose test
5014
* rootless cni add /usr/sbin to PATH if not present
5015
* System tests: special case for RHEL: require runc
5016
* Add --requires flag to podman run/create
5017
* [CI:DOCS] swagger-check: compare operations
5018
* [CI:DOCS] Polish swagger OpertionIDs
5019
* [NO TESTS NEEDED] Update nix pin with `make nixpkgs`
5020
* Ensure that `--userns=keep-id` sets user in config
5021
* [CI:DOCS] Set all operation id to be compatibile
5022
* Move operationIds to swagger:operation line
5023
* swagger: add operationIds that match with docker
5024
* Cirrus: Make use of shared get_ci_vm container
5025
* Don't relabel volumes if running in a privileged container
5026
* Allow users to override default storage opts with --storage-opt
5027
* Add support for podman --context default
5028
* Verify existence of auth file if specified
5029
* fix machine naming conventions
5030
* Initial network bindings tests
5031
* Update release notes to indicate CVE fix
5032
* Move socket activation check into init() and set global condition.
5033
* Bump github.com/onsi/ginkgo from 1.15.2 to 1.16.0
5034
* Http api tests for network prune with until filter
5035
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
5036
* Fix typos --uidmapping and --gidmapping
5037
* Add transport and destination info to manifest doc
5038
* Bump github.com/rootless-containers/rootlesskit from 0.14.0 to 0.14.1
5039
* Add default template functions
5040
* Fix missing podman-remote build options
5041
* Bump github.com/coreos/go-systemd/v22 from 22.3.0 to 22.3.1
5042
* Add ssh connection to root user
5043
* Add rootless docker-compose test to the CI
5044
* Use the slrip4netns dns in the rootless cni ns
5045
* Cleanup the rootless cni namespace
5046
* Add new docker-compose test for two networks
5047
* Make the docker-compose test work rootless
5048
* Remove unused rootless-cni-infra container files
5049
* Only use rootless RLK when the container has ports
5050
* Fix dnsname test
5051
* Enable rootless network connect/disconnect
5052
* Move slirp4netns functions into an extra file
5053
* Fix pod infra container cni network setup
5054
* Add rootless support for cni and --uidmap
5055
* rootless cni without infra container
5056
* Recreate until container prune tests for bindings
5057
* Remove --execute from podman machine ssh
5058
* Fixed podman-remote --network flag
5059
* Makefile: introduce install.docker-full
5060
* Makefile: ensure install.docker creates BINDIR
5061
* Fix unmount doc reference in image.rst
5062
* Should send the OCI runtime path not just the name to buildah
5063
* podman machine shell completion
5064
* Fix handling of remove --log-rusage param
5065
* Fix bindings prune containers flaky test
5066
* [CI:DOCS] Add local html build info to docs/README.md
5067
* Add podman machine list
5068
* Trim white space from /top endpoint results
5069
* Remove semantic version suffices from API calls
5070
* podman machine init --ignition-path
5071
* Document --volume from podman-remote run/create client
5072
* Update main branch to reflect the release of v3.1.0
5073
* Silence podman network reload errors with iptables-nft
5074
* Containers prune endpoint should use only prune filters
5075
* resolve proper aarch64 image names
5076
* APIv2 basic test: relax APIVersion check
5077
* Add machine support for qemu-system-aarch64
5078
* podman machine init user input
5079
* manpage xref: helpful diagnostic for unescaped dash-dash
5080
* Bump to v3.2.0-dev
5081
* swagger: update system version response body
5082
* buildah-bud tests: reenable pull-never test
5083
* [NO TESTS NEEDED] Shrink the size of podman-remote
5084
* Add powershell completions
5085
* [NO TESTS NEEDED] Drop Warning to Info, if cgroups not mounted
5086
* Fix long option format on docs.podman.io
5087
* system tests: friendier messages for 2-arg is()
5088
* service: use LISTEN_FDS
5089
* man pages: correct seccomp-policy label
5090
* rootless: use is_fd_inherited
5091
* podman generate systemd --new do not duplicate params
5092
* play kube: add support for env vars defined from secrets
5093
* play kube: support optional/mandatory env var from config map
5094
* play kube: prepare supporting other env source than config maps
5095
* Add machine support for more Linux distros
5096
* [NO TESTS NEEDED] Use same function podman-remote rmi as podman
5097
* Podman machine enhancements
5098
* Add problematic volume name to kube play error messages
5099
* Fix podman build --pull-never
5100
* [NO TESTS NEEDED] Fix for kernel without CONFIG_USER_NS
5101
* [NO TESTS NEEDED] Turn on podman-remote build --isolation
5102
* Fix list pods filter handling in libpod api
5103
* Remove resize race condition
5104
* [NO TESTS NEEDED] Vendor in containers/buildah v1.20.0
5105
* Use TMPDIR when commiting images
5106
* Add RequiresMountsFor= to systemd generate
5107
* Bump github.com/vbauerster/mpb/v6 from 6.0.2 to 6.0.3
5108
* Fix swapped dimensions from terminal.GetSize
5109
* Rename podman machine create to init and clean up
5110
* Correct json field name
5111
* system tests: new interactive tests
5112
* Improvements for machine
5113
* libpod/image: unit tests: use a `registries.conf` for aliases
5114
* libpod/image: unit tests: defer cleanup
5115
* libpod/image: unit tests: use `require.NoError`
5116
* Add --execute flag to podman machine ssh
5117
* introduce podman machine
5118
* Podman machine CLI and interface stub
5119
* Support multi doc yaml for generate/play kube
5120
* Fix filters in image http compat/libpod api endpoints
5121
* Bump github.com/containers/common from 0.35.3 to 0.35.4
5122
* Bump github.com/containers/storage from 1.28.0 to 1.28.1
5123
* Check if stdin is a term in --interactive --tty mode
5124
* [NO TESTS NEEDED] Remove /tmp/containers-users-* files on reboot
5125
* [NO TESTS NEEDED] Fix rootless volume plugins
5126
* Ensure manually-created volumes have correct ownership
5127
* Bump github.com/rootless-containers/rootlesskit
5128
* Unification of until filter across list/prune endpoints
5129
* Unification of label filter across list/prune endpoints
5130
* fixup
5131
* fix: build endpoint for compat API
5132
* [CI:DOCS] Add note to mappings for user/group userns in build
5133
* Bump k8s.io/api from 0.20.1 to 0.20.5
5134
* Validate passed in timezone from tz option
5135
* WIP: run buildah bud tests using podman
5136
* Fix containers list/prune http api filter behaviour
5137
* Generate Kubernetes PersistentVolumeClaims from named volumes
5138
5139
-------------------------------------------------------------------
5140
Fri Apr 23 10:29:10 UTC 2021 - Fabian Vogt <fvogt@suse.com>
5141
5142
- Update to version 3.1.2:
5143
* Bump to v3.1.2
5144
* Update release notes for v3.1.2
5145
* Ensure mount destination is clean, no trailing slash
5146
* Fixes podman-remote save to directories does not work
5147
* [CI:DOCS] Add missing dash to verbose option
5148
* [CI:DOCS] Fix Markdown table layout bugs
5149
* [CI:DOCS] Rewrite --uidmap doc in podman-create.1.md and podman-run.1.md
5150
* rmi: don't break when the image is missing a manifest
5151
* Bump containers/image to v5.11.1
5152
* Bump github.com/coreos/go-systemd from 22.2.0 to 22.3.1
5153
* Fix lint
5154
* Bump to v3.1.2-dev
5155
- Split podman-remote into a subpackage
5156
- Add missing scriptlets for systemd units
5157
- Escape macros in comments
5158
- Drop some obsolete workarounds, including %{go_nostrip}
5159
5160
-------------------------------------------------------------------
5161
Mon Apr 19 09:29:17 UTC 2021 - alexandre.vicenzi@suse.com
5162
5163
- Update to version 3.1.1:
5164
* Bump to v3.1.1
5165
* Update release notes for v3.1.1
5166
* podman play kube apply correct log driver
5167
* Fix build with GO111MODULE=off
5168
* [CI:DOCS] Set all operation id to be compatibile
5169
* Move operationIds to swagger:operation line
5170
* swagger: add operationIds that match with docker
5171
* Fix missing podman-remote build options
5172
* [NO TESTS NEEDED] Shrink the size of podman-remote
5173
* Move socket activation check into init() and set global condition.
5174
* rootless: use is_fd_inherited
5175
* Recreate until container prune tests for bindings
5176
* System tests: special case for RHEL: require runc
5177
* Document --volume from podman-remote run/create client
5178
* Containers prune endpoint should use only prune filters
5179
* Trim white space from /top endpoint results
5180
* Fix unmount doc reference in image.rst
5181
* Fix handling of remove --log-rusage param
5182
* Makefile: introduce install.docker-full
5183
* Makefile: ensure install.docker creates BINDIR
5184
* Should send the OCI runtime path not just the name to buildah
5185
* Fixed podman-remote --network flag
5186
* podman-run.1.md, podman-create.1.md : Adjust Markdown layout for --userns
5187
* Fix typos --uidmapping and --gidmapping
5188
* Add default template functions
5189
* Don't relabel volumes if running in a privileged container
5190
* Allow users to override default storage opts with --storage-opt
5191
* Add transport and destination info to manifest doc
5192
* Verify existence of auth file if specified
5193
* Ensure that `--userns=keep-id` sets user in config
5194
* [CI:DOCS] Update swagger definition of inspect manifest
5195
* Volumes prune endpoint should use only prune filters
5196
* Adjust libpod API Container Wait documentation to the code
5197
* Add missing return
5198
* [CI:DOCS] Fix formatting of podman-build man page
5199
* cgroups: force 64 bits to ParseUint
5200
* Fix slashes in socket URLs
5201
* [CI:DOCS] Correct status code for /pods/create
5202
* cgroup: do not set cgroup parent when rootless and cgroupfs
5203
* Reflect current state of prune implementation in docs
5204
* Do not delete container twice
5205
* Test that we don't error out on advertised --log-level values
5206
* At trace log level, print error text using %+v instead of %v
5207
* pkg/errorhandling.JoinErrors: don't throw away context for lone errors
5208
* Recognize --log-level=trace
5209
* Fix message about runtime to show only the actual runtime
5210
* Fix handling of $NAME and $IMAGE in runlabel
5211
* Fix flake on failed podman-remote build : try 2
5212
* Fix flake on failed podman-remote build
5213
* Update documentation of podman-run to reflect volume "U" option
5214
* Fixes invalid expression in save command
5215
* Fix possible panic in libpod/image/prune.go
5216
* Update all containers/ project vendors
5217
* Fix tests
5218
* Bump to v3.1.1-dev
5219
5220
-------------------------------------------------------------------
5221
Fri Apr 09 16:55:51 UTC 2021 - alexandre.vicenzi@suse.com
5222
5223
- Update to version 3.1.0: (bsc#1181961, CVE-2021-20206)
5224
* Bump to v3.1.0
5225
* Fix test failure
5226
* Update release notes for v3.1.0 final release
5227
* [NO TESTS NEEDED] Turn on podman-remote build --isolation
5228
* Fix long option format on docs.podman.io
5229
* Fix containers list/prune http api filter behaviour
5230
* [CI:DOCS] Add note to mappings for user/group userns in build
5231
* Validate passed in timezone from tz option
5232
* Generate Kubernetes PersistentVolumeClaims from named volumes
5233
* libpod/image: unit tests: use a `registries.conf` for aliases
5234
- Require systemd 241 or newer due to podman dependency go-systemd v22,
5235
otherwise build will fail with unknown C name errors
5236
5237
-------------------------------------------------------------------
5238
Mon Mar 29 16:29:46 UTC 2021 - Frederic Crozat <fcrozat@suse.com>
5239
5240
- Create docker subpackage to allow replacing docker with
5241
corresponding aliases to podman.
5242
5243
-------------------------------------------------------------------
5244
Wed Feb 24 13:46:35 UTC 2021 - Richard Brown <rbrown@suse.com>
5245
5246
- Drop obsolete varlink.patch
5247
5248
-------------------------------------------------------------------
5249
Wed Feb 24 12:44:58 UTC 2021 - Duncan Mac-Vicar <dmacvicar@suse.com>
5250
5251
- Update to v3.0.1
5252
* Changes
5253
- Several frequently-occurring WARN level log messages have been downgraded to INFO or DEBUG to not clutter terminal output.
5254
Bugfixes
5255
- Fixed a bug where the Created field of podman ps --format=json was formatted as a string instead of an Unix timestamp (integer) (#9315).
5256
- Fixed a bug where failing lookups of individual layers during the podman images command would cause the whole command to fail without printing output.
5257
- Fixed a bug where --cgroups=split did not function properly on cgroups v1 systems.
5258
- Fixed a bug where mounting a volume over an directory in the container that existed, but was empty, could fail (#9393).
5259
- Fixed a bug where mounting a volume over a directory in the container that existed could copy the entirety of the container's rootfs, instead of just the directory mounted over, into the volume (#9415).
5260
- Fixed a bug where Podman would treat the --entrypoint=[""] option to podman run and podman create as a literal empty string in the entrypoint, when instead it should have been ignored (#9377).
5261
- Fixed a bug where Podman would set the HOME environment variable to "" when the container ran as a user without an assigned home directory (#9378).
5262
- Fixed a bug where specifying a pod infra image that had no tags (by using its ID) would cause podman pod create to panic (#9374).
5263
- Fixed a bug where the --runtime option was not properly handled by the podman build command (#9365).
5264
- Fixed a bug where Podman would incorrectly print an error message related to the remote API when the remote API was not in use and starting Podman failed.
5265
- Fixed a bug where Podman would change ownership of a container's working directory, even if it already existed (#9387).
5266
- Fixed a bug where the podman generate systemd --new command would incorrectly escape %t when generating the path for the PID file (#9373).
5267
- Fixed a bug where Podman could, when run inside a Podman container with the host's containers/storage directory mounted into the container, erroneously detect a reboot and reset container state if the temporary directory was not also mounted in (#9191).
5268
- Fixed a bug where some options of the podman build command (including but not limited to --jobs) were nonfunctional (#9247).
5269
* API
5270
- Fixed a breaking change to the Libpod Wait API for Containers where the Conditions parameter changed type in Podman v3.0 (#9351).
5271
- Fixed a bug where the Compat Create endpoint for Containers did not properly handle forwarded ports that did not specify a host port.
5272
- Fixed a bug where the Libpod Wait endpoint for Containers could write duplicate headers after an error occurred.
5273
- Fixed a bug where the Compat Create endpoint for Images would not pull images that already had a matching tag present locally, even if a more recent version was available at the registry (#9232).
5274
- The Compat Create endpoint for Images has had its compatibility with Docker improved, allowing its use with the docker-java library.
5275
* Misc
5276
- Updated Buildah to v1.19.4
5277
- Updated the containers/storage library to v1.24.6
5278
- Changes from v3.0.0
5279
* Features
5280
- Podman now features initial support for Docker Compose.
5281
- Added the podman rename command, which allows containers to be renamed after they are created (#1925).
5282
- The Podman remote client now supports the podman copy command.
5283
- A new command, podman network reload, has been added. This command will re-configure the network of all running containers, and can be used to recreate firewall rules lost when the system firewall was reloaded (e.g. via firewall-cmd --reload).
5284
- Podman networks now have IDs. They can be seen in podman network ls and can be used when removing and inspecting networks. Existing networks receive IDs automatically.
5285
- Podman networks now also support labels. They can be added via the --label option to network create, and podman network ls can filter labels based on them.
5286
- The podman network create command now supports setting bridge MTU and VLAN through the --opt option (#8454).
5287
- The podman container checkpoint and podman container restore commands can now checkpoint and restore containers that include volumes.
5288
- The podman container checkpoint command now supports the --with-previous and --pre-checkpoint options, and the podman container restore command now support the --import-previous option. These add support for two-step checkpointing with lowered dump times.
5289
- The podman push command can now push manifest lists. Podman will first attempt to push as an image, then fall back to pushing as a manifest list if that fails.
5290
- The podman generate kube command can now be run on multiple containers at once, and will generate a single pod containing all of them.
5291
- The podman generate kube and podman play kube commands now support Kubernetes DNS configuration, and will preserve custom DNS configuration when exporting or importing YAML (#9132).
5292
- The podman generate kube command now properly supports generating YAML for containers and pods creating using host networking (--net=host) (#9077).
5293
- The podman kill command now supports a --cidfile option to kill containers given a file containing the container's ID (#8443).
5294
- The podman pod create command now supports the --net=none option (#9165).
5295
- The podman volume create command can now specify volume UID and GID as options with the UID and GID fields passed to the the --opt option.
5296
- Initial support has been added for Docker Volume Plugins. Podman can now define available plugins in containers.conf and use them to create volumes with podman volume create --driver.
5297
- The podman run and podman create commands now support a new option, --platform, to specify the platform of the image to be used when creating the container.
5298
- The --security-opt option to podman run and podman create now supports the systempaths=unconfined option to unrestrict access to all paths in the container, as well as mask and unmask options to allow more granular restriction of container paths.
5299
- The podman stats --format command now supports a new format specified, MemUsageBytes, which prints the raw bytes of memory consumed by a container without human-readable formatting #8945.
5300
- The podman ps command can now filter containers based on what pod they are joined to via the pod filter (#8512).
5301
- The podman pod ps command can now filter pods based on what networks they are joined to via the network filter.
5302
The podman pod ps command can now print information on what networks a pod is joined to via the .Networks specifier to the --format option.
5303
- The podman system prune command now supports filtering what containers, pods, images, and volumes will be pruned.
5304
- The podman volume prune commands now supports filtering what volumes will be pruned.
5305
- The podman system prune command now includes information on space reclaimed (#8658).
5306
- The podman info command will now properly print information about packages in use on Gentoo and Arch systems.
5307
- The containers.conf file now contains an option for disabling creation of a new kernel keyring on container creation (#8384).
5308
- The podman image sign command can now sign multi-arch images by producing a signature for each image in a given manifest list.
5309
- The podman image sign command, when run as rootless, now supports per-user registry configuration files in $HOME/.config/containers/registries.d.
5310
- Configuration options for slirp4netns can now be set system-wide via the NetworkCmdOptions configuration option in containers.conf.
5311
- The MTU of slirp4netns can now be configured via the mtu= network command option (e.g. podman run --net slirp4netns:mtu=9000).
5312
* Security
5313
- A fix for CVE-2021-20199 / bsc#1181640 is included. Podman between v1.8.0 and v2.2.1 used 127.0.0.1 as the source address for all traffic forwarded into rootless containers by a forwarded port; this has been changed to address the issue.
5314
* Changes
5315
- Shortname aliasing support has now been turned on by default. All Podman commands that must pull an image will, if a TTY is available, prompt the user about what image to pull.
5316
- The podman load command no longer accepts a NAME[:TAG] argument. The presence of this argument broke CLI compatibility with Docker by making docker load commands unusable with Podman (#7387).
5317
- The Go bindings for the HTTP API have been rewritten with a focus on limiting dependency footprint and improving extensibility. Read more here.
5318
- The legacy Varlink API has been completely removed from Podman.
5319
- The default log level for Podman has been changed from Error to Warn.
5320
- The podman network create command can now create macvlan networks using the --driver macvlan option for Docker compatibility. The existing --macvlan flag has been deprecated and will be removed in Podman 4.0 some time next year.
5321
- The podman inspect command has had the LogPath and LogTag fields moved into the LogConfig structure (from the root of the Inspect structure). The maximum size of the log file is also included.
5322
- The podman generate systemd command no longer generates unit files using the deprecated KillMode=none option (#8615).
5323
- The podman stop command now releases the container lock while waiting for it to stop - as such, commands like podman ps will no longer block until podman stop completes (#8501).
5324
- Networks created with podman network create --internal no longer use the dnsname plugin. This configuration never functioned as expected.
5325
- Error messages for the remote Podman client have been improved when it cannot connect to a Podman service.
5326
- Error messages for podman run when an invalid SELinux is specified have been improved.
5327
- Rootless Podman features improved support for containers with a single user mapped into the rootless user namespace.
5328
- Pod infra containers now respect default sysctls specified in containers.conf allowing for advanced configuration of the namespaces they will share.
5329
- SSH public key handling for remote Podman has been improved.
5330
* Bugfixes
5331
- Fixed a bug where the podman history --no-trunc command would truncate the Created By field (#9120).
5332
- Fixed a bug where root containers that did not explicitly specify a CNI network to join did not generate an entry for the network in use in the Networks field of the output of podman inspect (#6618).
5333
- Fixed a bug where, under some circumstances, container working directories specified by the image (via the WORKDIR instruction) but not present in the image, would not be created (#9040).
5334
- Fixed a bug where the podman generate systemd command would generate invalid unit files if the container was creating using a command line that included doubled braces ({{ and }}), e.g. --log-opt-tag={{.Name}} (#9034).
5335
- Fixed a bug where the podman generate systemd --new command could generate unit files including invalid Podman commands if the container was created using merged short options (e.g. podman run -dt) (#8847).
5336
- Fixed a bug where the podman generate systemd --new command could generate unit files that did not handle Podman commands including some special characters (e.g. $) (#9176
5337
- Fixed a bug where rootless containers joining CNI networks could not set a static IP address (#7842).
5338
- Fixed a bug where rootless containers joining CNI networks could not set network aliases (#8567).
5339
- Fixed a bug where the remote client could, under some circumstances, not include the Containerfile when sending build context to the server (#8374).
5340
- Fixed a bug where rootless Podman did not mount /sys as a new sysfs in some circumstances where it was acceptable.
5341
- Fixed a bug where rootless containers that both joined a user namespace and a CNI networks would cause a segfault. These options are incompatible and now return an error.
5342
- Fixed a bug where the podman play kube command did not properly handle CMD and ARGS from images (#8803).
5343
- Fixed a bug where the podman play kube command did not properly handle environment variables from images (#8608).
5344
- Fixed a bug where the podman play kube command did not properly print errors that occurred when starting containers.
5345
- Fixed a bug where the podman play kube command errored when hostNetwork was used (#8790).
5346
- Fixed a bug where the podman play kube command would always pull images when the :latest tag was specified, even if the image was available locally (#7838).
5347
- Fixed a bug where the podman play kube command did not properly handle SELinux configuration, rending YAML with custom SELinux configuration unusable (#8710).
5348
- Fixed a bug where the podman generate kube command incorrectly populated the args and command fields of generated YAML (#9211).
5349
- Fixed a bug where containers in a pod would create a duplicate entry in the pod's shared /etc/hosts file every time the container restarted (#8921).
5350
- Fixed a bug where the podman search --list-tags command did not support the --format option (#8740).
5351
- Fixed a bug where the http_proxy option in containers.conf was not being respected, and instead was set unconditionally to true (#8843).
5352
- Fixed a bug where rootless Podman could, on systems with a recent Conmon and users with a long username, fail to attach to containers (#8798).
5353
- Fixed a bug where the podman images command would break and fail to display any images if an empty manifest list was present in storage (#8931).
5354
- Fixed a bug where locale environment variables were not properly passed on to Conmon.
5355
- Fixed a bug where Podman would not build on the MIPS architecture (#8782).
5356
- Fixed a bug where rootless Podman could fail to properly configure user namespaces for rootless containers when the user specified a --uidmap option that included a mapping beginning with UID 0.
5357
- Fixed a bug where the podman logs command using the k8s-file backend did not properly handle partial log lines with a length of 1 (#8879).
5358
- Fixed a bug where the podman logs command with the --follow option did not properly handle log rotation (#8733).
5359
- Fixed a bug where user-specified HOSTNAME environment variables were overwritten by Podman (#8886).
5360
- Fixed a bug where Podman would applied default sysctls from containers.conf in too many situations (e.g. applying network sysctls when the container shared its network with a pod).
5361
- Fixed a bug where Podman did not properly handle cases where a secondary image store was in use and an image was present in both the secondary and primary stores (#8176).
5362
- Fixed a bug where systemd-managed rootless Podman containers where the user in the container was not root could fail as the container's PID file was not accessible to systemd on the host (#8506).
5363
- Fixed a bug where the --privileged option to podman run and podman create would, under some circumstances, not disable Seccomp (#8849).
5364
- Fixed a bug where the podman exec command did not properly add capabilities when the container or exec session were run with --privileged.
5365
- Fixed a bug where rootless Podman would use the --enable-sandbox option to slirp4netns unconditionally, even when pivot_root was disabled, rendering slirp4netns unusable when pivot_root was disabled (#8846).
5366
- Fixed a bug where podman build --logfile did not actually write the build's log to the logfile.
5367
- Fixed a bug where the podman system service command did not close STDIN, and could display user-interactive prompts (#8700).
5368
- Fixed a bug where the podman system reset command could, under some circumstances, remove all the contents of the XDG_RUNTIME_DIR directory (#8680).
5369
- Fixed a bug where the podman network create command created CNI configurations that did not include a default gateway (#8748).
5370
- Fixed a bug where the podman.service systemd unit provided by default used the wrong service type, and would cause systemd to not correctly register the service as started (#8751).
5371
- Fixed a bug where, if the TMPDIR environment variable was set for the container engine in containers.conf, it was being ignored.
5372
- Fixed a bug where the podman events command did not properly handle future times given to the --until option (#8694).
5373
- Fixed a bug where the podman logs command wrote container STDERR logs to STDOUT instead of STDERR (#8683).
5374
- Fixed a bug where containers created from an image with multiple tags would report that they were created from the wrong tag (#8547).
5375
- Fixed a bug where container capabilities were not set properly when the --cap-add=all and --user options to podman create and podman run were combined.
5376
- Fixed a bug where the --layers option to podman build was nonfunctional (#8643).
5377
- Fixed a bug where the podman system prune command did not act recursively, and thus would leave images, containers, pods, and volumes present that would be removed by a subsequent call to podman system prune (#7990).
5378
- Fixed a bug where the --publish option to podman run and podman create did not properly handle ports specified as a range of ports with no host port specified (#8650).
5379
- Fixed a bug where --format did not support JSON output for individual fields (#8444).
5380
- Fixed a bug where the podman stats command would fail when run on root containers using the slirp4netns network mode (#7883).
5381
- Fixed a bug where the Podman remote client would ask for a password even if the server's SSH daemon did not support password authentication (#8498).
5382
- Fixed a bug where the podman stats command would fail if the system did not support one or more of the cgroup controllers Podman supports (#8588).
5383
- Fixed a bug where the --mount option to podman create and podman run did not ignore the consistency mount option.
5384
- Fixed a bug where failures during the resizing of a container's TTY would print the wrong error.
5385
- Fixed a bug where the podman network disconnect command could cause the podman inspect command to fail for a container until it was restarted (#9234).
5386
- Fixed a bug where containers created from a read-only rootfs (using the --rootfs option to podman create and podman run) would fail (#9230).
5387
- Fixed a bug where specifying Go templates to the --format option to multiple Podman commands did not support the join function (#8773).
5388
- Fixed a bug where the podman rmi command could, when run in parallel on multiple images, return layer not known errors (#6510).
5389
- Fixed a bug where the podman inspect command on containers displayed unlimited ulimits incorrectly (#9303).
5390
- Fixed a bug where Podman would fail to start when a volume was mounted over a directory in a container that contained symlinks that terminated outside the directory and its subdirectories (#6003).
5391
5392
API
5393
5394
- Libpod API version has been bumped to v3.0.0.
5395
- All Libpod Pod APIs have been modified to properly report errors with individual containers. Cases where the operation as a whole succeeded but individual containers failed now report an HTTP 409 error (#8865).
5396
- The Compat API for Containers now supports the Rename and Copy APIs.
5397
- Fixed a bug where the Compat Prune APIs (for volumes, containers, and images) did not return the amount of space reclaimed in their responses.
5398
- Fixed a bug where the Compat and Libpod Exec APIs for Containers would drop errors that occurred prior to the exec session successfully starting (e.g. a "no such file" error if an invalid executable was passed) (#8281)
5399
- Fixed a bug where the Volumes field in the Compat Create API for Containers was being ignored (#8649).
5400
- Fixed a bug where the NetworkMode field in the Compat Create API for Containers was not handling some values, e.g. container:, correctly.
5401
- Fixed a bug where the Compat Create API for Containers did not set container name properly.
5402
- Fixed a bug where containers created using the Compat Create API unconditionally used Kubernetes file logging (the default specified in containers.conf is now used).
5403
- Fixed a bug where the Compat Inspect API for Containers could include container states not recognized by Docker.
5404
- Fixed a bug where Podman did not properly clean up after calls to the Events API when the journald backend was in use, resulting in a leak of file descriptors (#8864).
5405
- Fixed a bug where the Libpod Pull endpoint for Images could fail with an index out of range error under certain circumstances (#8870).
5406
- Fixed a bug where the Libpod Exists endpoint for Images could panic.
5407
- Fixed a bug where the Compat List API for Containers did not support all filters (#8860).
5408
- Fixed a bug where the Compat List API for Containers did not properly populate the Status field.
5409
- Fixed a bug where the Compat and Libpod Resize APIs for Containers ignored the height and width parameters (#7102).
5410
- Fixed a bug where the Compat Search API for Images returned an incorrectly-formatted JSON response (#8758).
5411
- Fixed a bug where the Compat Load API for Images did not properly clean up temporary files.
5412
- Fixed a bug where the Compat Create API for Networks could panic when an empty IPAM configuration was specified.
5413
- Fixed a bug where the Compat Inspect and List APIs for Networks did not include Scope.
5414
- Fixed a bug where the Compat Wait endpoint for Containers did not support the same wait conditions that Docker did.
5415
* Misc
5416
- Updated Buildah to v1.19.2
5417
- Updated the containers/storage library to v1.24.5
5418
- Updated the containers/image library to v5.10.2
5419
- Updated the containers/common library to v0.33.4
5420
5421
-------------------------------------------------------------------
5422
Tue Jan 5 18:14:52 UTC 2021 - Michael Ströder <michael@stroeder.com>
5423
5424
- Update to v2.2.1
5425
* Changes
5426
- Due to a conflict with a previously-removed field, we were forced to
5427
modify the way image volumes (mounting images into containers using
5428
--mount type=image) were handled in the database.
5429
As a result, containers created in Podman 2.2.0 with image volume
5430
will not have them in v2.2.1, and these containers will need to be re-created.
5431
* Bugfixes
5432
- Fixed a bug where rootless Podman would, on systems without the
5433
XDG_RUNTIME_DIR environment variable defined, use an incorrect path
5434
for the PID file of the Podman pause process, causing Podman to fail
5435
to start (#8539).
5436
- Fixed a bug where containers created using Podman v1.7 and earlier were
5437
unusable in Podman due to JSON decode errors (#8613).
5438
- Fixed a bug where Podman could retrieve invalid cgroup paths, instead
5439
of erroring, for containers that were not running.
5440
- Fixed a bug where the podman system reset command would print a warning
5441
about a duplicate shutdown handler being registered.
5442
- Fixed a bug where rootless Podman would attempt to mount sysfs in
5443
circumstances where it was not allowed; some OCI runtimes (notably
5444
crun) would fall back to alternatives and not fail, but others
5445
(notably runc) would fail to run containers.
5446
- Fixed a bug where the podman run and podman create commands would fail
5447
to create containers from untagged images (#8558).
5448
- Fixed a bug where remote Podman would prompt for a password even when
5449
the server did not support password authentication (#8498).
5450
- Fixed a bug where the podman exec command did not move the Conmon
5451
process for the exec session into the correct cgroup.
5452
- Fixed a bug where shell completion for the ancestor option to
5453
podman ps --filter did not work correctly.
5454
- Fixed a bug where detached containers would not properly clean themselves
5455
up (or remove themselves if --rm was set) if the Podman command that
5456
created them was invoked with --log-level=debug.
5457
* API
5458
- Fixed a bug where the Compat Create endpoint for Containers did not
5459
properly handle the Binds and Mounts parameters in HostConfig.
5460
- Fixed a bug where the Compat Create endpoint for Containers
5461
ignored the Name query parameter.
5462
- Fixed a bug where the Compat Create endpoint for Containers did not
5463
properly handle the "default" value for NetworkMode (this value is
5464
used extensively by docker-compose) (#8544).
5465
- Fixed a bug where the Compat Build endpoint for Images would sometimes
5466
incorrectly use the target query parameter as the image's tag.
5467
* Misc
5468
- Podman v2.2.0 vendored a non-released, custom version of the
5469
github.com/spf13/cobra package; this has been reverted to the latest
5470
upstream release to aid in packaging.
5471
- Updated the containers/image library to v5.9.0
5472
5473
-------------------------------------------------------------------
5474
Wed Dec 2 13:24:06 UTC 2020 - Richard Brown <rbrown@suse.com>
5475
5476
- Update to v2.2.0
5477
* Features
5478
- Experimental support for shortname aliasing has been added. This is not enabled by default, but can be turned on by setting the environment variable CONTAINERS_SHORT_NAME_ALIASING to on. Documentation is available here and here.
5479
- Initial support has been added for the podman network connect and podman network disconnect commands, which allow existing containers to modify what networks they are connected to. At present, these commands can only be used on running containers that did not specify --network=none when they were created.
5480
- The podman run command now supports the --network-alias option to set network aliases (additional names the container can be accessed at from other containers via DNS if the dnsname CNI plugin is in use). Aliases can also be added and removed using the new podman network connect and podman network disconnect commands. Please note that this requires a new release (v1.1.0) of the dnsname plugin, and will only work on newly-created CNI networks.
5481
- The podman generate kube command now features support for exporting container's memory and CPU limits (#7855).
5482
- The podman play kube command now features support for setting CPU and Memory limits for containers (#7742).
5483
- The podman play kube command now supports persistent volumes claims using Podman named volumes.
5484
- The podman play kube command now supports Kubernetes configmaps via the --configmap option (#7567).
5485
- The podman play kube command now supports a --log-driver option to set the log driver for created containers.
5486
- The podman play kube command now supports a --start option, enabled by default, to start the pod after creating it. This allows for podman play kube to be more easily used in systemd unitfiles.
5487
- The podman network create command now supports the --ipv6 option to enable dual-stack IPv6 networking for created networks (#7302).
5488
- The podman inspect command can now inspect pods, networks, and volumes, in addition to containers and images (#6757).
5489
- The --mount option for podman run and podman create now supports a new type, image, to mount the contents of an image into the container at a given location.
5490
- The Bash and ZSH completions have been completely reworked and have received significant enhancements! Additionally, support for Fish completions and completions for the podman-remote executable have been added.
5491
- The --log-opt option for podman create and podman run now supports the max-size option to set the maximum size for a container's logs (#7434).
5492
- The --network option to the podman pod create command now allows pods to be configured to use slirp4netns networking, even when run as root (#6097).
5493
- The podman pod stop, podman pod pause, podman pod unpause, and podman pod kill commands now work on multiple containers in parallel and should be significantly faster.
5494
- The podman search command now supports a --list-tags option to list all available tags for a single image in a single repository.
5495
- The podman search command can now output JSON using the --format=json option.
5496
- The podman diff and podman mount commands now work with all containers in the storage library, including those not created by Podman. This allows them to be used with Buildah and CRI-O containers.
5497
- The podman container exists command now features a --external option to check if a container exists not just in Podman, but also in the storage library. This will allow Podman to identify Buildah and CRI-O containers.
5498
- The --tls-verify and --authfile options have been enabled for use with remote Podman.
5499
- The /etc/hosts file now includes the container's name and hostname (both pointing to localhost) when the container is run with --net=none (#8095).
5500
- The podman events command now supports filtering events based on the labels of the container they occurred on using the --filter label=key=value option.
5501
- The podman volume ls command now supports filtering volumes based on their labels using the --filter label=key=value option.
5502
- The --volume and --mount options to podman run and podman create now support two new mount propagation options, unbindable and runbindable.
5503
- The name and id filters for podman pod ps now match based on a regular expression, instead of requiring an exact match.
5504
- The podman pod ps command now supports a new filter status, that matches pods in a certain state.
5505
* Changes
5506
- The podman network rm --force command will now also remove pods that are using the network (#7791).
5507
- The podman volume rm, podman network rm, and podman pod rm commands now return exit code 1 if the object specified for removal does not exist, and exit code 2 if the object is in use and the --force option was not given.
5508
- If /dev/fuse is passed into Podman containers as a device, Podman will open it before starting the container to ensure that the kernel module is loaded on the host and the device is usable in the container.
5509
- Global Podman options that were not supported with remote operation have been removed from podman-remote (e.g. --cgroup-manager, --storage-driver).
5510
- Many errors have been changed to remove repetition and be more clear as to what has gone wrong.
5511
- The --storage option to podman rm is now enabled by default, with slightly changed semantics. If the given container does not exist in Podman but does exist in the storage library, it will be removed even without the --storage option. If the container exists in Podman it will be removed normally. The --storage option for podman rm is now deprecated and will be removed in a future release.
5512
- The --storage option to podman ps has been renamed to --external. An alias has been added so the old form of the option will continue to work.
5513
- Podman now delays the SIGTERM and SIGINT signals during container creation to ensure that Podman is not stopped midway through creating a container resulting in potential resource leakage (#7941).
5514
- The podman save command now strips signatures from images it is exporting, as the formats we export to do not support signatures (#7659).
5515
- A new Degraded state has been added to pods. Pods that have some, but not all, of their containers running are now considered to be Degraded instead of Running.
5516
- Podman will now print a warning when conflicting network options related to port forwarding (e.g. --publish and --net=host) are specified when creating a container.
5517
- The --restart on-failure and --rm options for containers no longer conflict. When both are specified, the container will be restarted if it exits with a non-zero error code, and removed if it exits cleanly (#7906).
5518
- Remote Podman will no longer use settings from the client's containers.conf; defaults will instead be provided by the server's containers.conf (#7657).
5519
- The podman network rm command now has a new alias, podman network remove (#8402).
5520
* Bugfixes
5521
- Fixed a bug where podman load on the remote client did not error when attempting to load a directory, which is not yet supported for remote use.
5522
- Fixed a bug where rootless Podman could hang when the newuidmap binary was not installed (#7776).
5523
- Fixed a bug where the --pull option to podman run, podman create, and podman build did not match Docker's behavior.
5524
- Fixed a bug where sysctl settings from the containers.conf configuration file were applied, even if the container did not join the namespace associated with a sysctl.
5525
- Fixed a bug where Podman would not return the text of errors encounted when trying to run a healthcheck for a container.
5526
- Fixed a bug where Podman was accidentally setting the containers environment variable in addition to the expected container environment variable.
5527
- Fixed a bug where rootless Podman using CNI networking did not properly clean up DNS entries for removed containers (#7789).
5528
- Fixed a bug where the podman untag --all command was not supported with remote Podman.
5529
- Fixed a bug where the podman system service command could time out even if active attach connections were present (#7826).
5530
- Fixed a bug where the podman system service command would sometimes never time out despite no active connections being present.
5531
- Fixed a bug where Podman's handling of capabilities, specifically inheritable, did not match Docker's.
5532
- Fixed a bug where podman run would fail if the image specified was a manifest list and had already been pulled (#7798).
5533
- Fixed a bug where Podman did not take search registries into account when looking up images locally (#6381).
5534
- Fixed a bug where the podman manifest inspect command would fail for images that had already been pulled (#7726).
5535
- Fixed a bug where rootless Podman would not add supplemental GIDs to containers when when a user, but not a group, was set via the --user option to podman create and podman run and sufficient GIDs were available to add the groups (#7782).
5536
- Fixed a bug where remote Podman commands did not properly handle cases where the user gave a name that could also be a short ID for a pod or container (#7837).
5537
- Fixed a bug where podman image prune could leave images ready to be pruned after podman image prune was run (#7872).
5538
- Fixed a bug where the podman logs command with the journald log driver would not read all available logs (#7476).
5539
- Fixed a bug where the --rm and --restart options to podman create and podman run did not conflict when a restart policy that is not on-failure was chosen (#7878).
5540
- Fixed a bug where the --format "table {{ .Field }}" option to numerous Podman commands ceased to function on Podman v2.0 and up.
5541
- Fixed a bug where pods did not properly share an SELinux label between their containers, resulting in containers being unable to see the processes of other containers when the pod shared a PID namespace (#7886).
5542
- Fixed a bug where the --namespace option to podman ps did not work with the remote client (#7903).
5543
- Fixed a bug where rootless Podman incorrectly calculated the number of UIDs available in the container if multiple different ranges of UIDs were specified.
5544
- Fixed a bug where the /etc/hosts file would not be correctly populated for containers in a user namespace (#7490).
5545
- Fixed a bug where the podman network create and podman network remove commands could race when run in parallel, with unpredictable results (#7807).
5546
- Fixed a bug where the -p option to podman run, podman create, and podman pod create would, when given only a single number (e.g. -p 80), assign the same port for both host and container, instead of generating a random host port (#7947).
5547
- Fixed a bug where Podman containers did not properly store the cgroup manager they were created with, causing them to stop functioning after the cgroup manager was changed in containers.conf or with the --cgroup-manager option (#7830).
5548
- Fixed a bug where the podman inspect command did not include information on the CNI networks a container was connected to if it was not running.
5549
- Fixed a bug where the podman attach command would not print a newline after detaching from the container (#7751).
5550
- Fixed a bug where the HOME environment variable was not set properly in containers when the --userns=keep-id option was set (#8004).
5551
- Fixed a bug where the podman container restore command could panic when the container in question was in a pod (#8026).
5552
- Fixed a bug where the output of the podman image trust show --raw command was not properly formatted.
5553
- Fixed a bug where the podman runlabel command could panic if a label to run was not given (#8038).
5554
- Fixed a bug where the podman run and podman start --attach commands would exit with an error when the user detached manually using the detach keys on remote Podman (#7979).
5555
- Fixed a bug where rootless CNI networking did not use the dnsname CNI plugin if it was not available on the host, despite it always being available in the container used for rootless networking (#8040).
5556
- Fixed a bug where Podman did not properly handle cases where an OCI runtime is specified by its full path, and could revert to using another OCI runtime with the same binary path that existed in the system $PATH on subsequent invocations.
5557
- Fixed a bug where the --net=host option to podman create and podman run would cause the /etc/hosts file to be incorrectly populated (#8054).
5558
- Fixed a bug where the podman inspect command did not include container network information when the container shared its network namespace (IE, joined a pod or another container's network namespace via --net=container:...) (#8073).
5559
- Fixed a bug where the podman ps command did not include information on all ports a container was publishing.
5560
- Fixed a bug where the podman build command incorrectly forwarded STDIN into build containers from RUN instructions.
5561
- Fixed a bug where the podman wait command's --interval option did not work when units were not specified for the duration (#8088).
5562
- Fixed a bug where the --detach-keys and --detach options could be passed to podman create despite having no effect (and not making sense in that context).
5563
- Fixed a bug where Podman could not start containers if running on a system without a /etc/resolv.conf file (which occurs on some WSL2 images) (#8089).
5564
- Fixed a bug where the --extract option to podman cp was nonfunctional.
5565
- Fixed a bug where the --cidfile option to podman run would, when the container was not run with --detach, only create the file after the container exited (#8091).
5566
- Fixed a bug where the podman images and podman images -a commands could panic and not list any images when certain improperly-formatted images were present in storage (#8148).
5567
- Fixed a bug where the podman events command could, when the journald events backend was in use, become nonfunctional when a badly-formatted event or a log message that container certain string was present in the journal (#8125).
5568
- Fixed a bug where remote Podman would, when using SSH transport, not authenticate to the server using hostkeys when connecting on a port other than 22 (#8139).
5569
- Fixed a bug where the podman attach command would not exit when containers stopped (#8154).
5570
- Fixed a bug where Podman did not properly clean paths before verifying them, resulting in Podman refusing to start if the root or temporary directories were specified with extra trailing / characters (#8160).
5571
- Fixed a bug where remote Podman did not support hashed hostnames in the known_hosts file on the host for establishing connections (#8159).
5572
- Fixed a bug where the podman image exists command would return non-zero (false) when multiple potential matches for the given name existed.
5573
- Fixed a bug where the podman manifest inspect command on images that are not manifest lists would error instead of inspecting the image (#8023).
5574
- Fixed a bug where the podman system service command would fail if the directory the Unix socket was to be created inside did not exist (#8184).
5575
- Fixed a bug where pods that shared the IPC namespace (which is done by default) did not share a /dev/shm filesystem between all containers in the pod (#8181).
5576
- Fixed a bug where filters passed to podman volume list were not inclusive (#6765).
5577
- Fixed a bug where the podman volume create command would fail when the volume's data directory already existed (as might occur when a volume was not completely removed) (#8253).
5578
- Fixed a bug where the podman run and podman create commands would deadlock when trying to create a container that mounted the same named volume at multiple locations (e.g. podman run -v testvol:/test1 -v testvol:/test2) (#8221).
5579
- Fixed a bug where the parsing of the --net option to podman build was incorrect (#8322).
5580
- Fixed a bug where the podman build command would print the ID of the built image twice when using remote Podman (#8332).
5581
- Fixed a bug where the podman stats command did not show memory limits for containers (#8265).
5582
- Fixed a bug where the podman pod inspect command printed the static MAC address of the pod in a non-human-readable format (#8386).
5583
- Fixed a bug where the --tls-verify option of the podman play kube command had its logic inverted (false would enforce the use of TLS, true would disable it).
5584
- Fixed a bug where the podman network rm command would error when trying to remove macvlan networks and rootless CNI networks (#8491).
5585
- Fixed a bug where Podman was not setting sane defaults for missing XDG_ environment variables.
5586
- Fixed a bug where remote Podman would check if volume paths to be mounted in the container existed on the host, not the server (#8473).
5587
- Fixed a bug where the podman manifest create and podman manifest add commands on local images would drop any images in the manifest not pulled by the host.
5588
- Fixed a bug where networks made by podman network create did not include the tuning plugin, and as such did not support setting custom MAC addresses (#8385).
5589
- Fixed a bug where container healthchecks did not use $PATH when searching for the Podman executable to run the healthcheck.
5590
- Fixed a bug where the --ip-range option to podman network create did not properly handle non-classful subnets when calculating the last usable IP for DHCP assignment (#8448).
5591
- Fixed a bug where the podman container ps alias for podman ps was missing (#8445).
5592
* API
5593
- The Compat Create endpoint for Container has received a major refactor to share more code with the Libpod Create endpoint, and should be significantly more stable.
5594
- A Compat endpoint for exporting multiple images at once, GET /images/get, has been added (#7950).
5595
- The Compat Network Connect and Network Disconnect endpoints have been added.
5596
- Endpoints that deal with image registries now support a X-Registry-Config header to specify registry authentication configuration.
5597
- The Compat Create endpoint for images now properly supports specifying images by digest.
5598
- The Libpod Build endpoint for images now supports an httpproxy query parameter which, if set to true, will forward the server's HTTP proxy settings into the build container for RUN instructions.
5599
- The Libpod Untag endpoint for images will now remove all tags for the given image if no repository and tag are specified for removal.
5600
- Fixed a bug where the Ping endpoint misspelled a header name (Libpod-Buildha-Version instead of Libpod-Buildah-Version).
5601
- Fixed a bug where the Ping endpoint sent an extra newline at the end of its response where Docker did not.
5602
- Fixed a bug where the Compat Logs endpoint for containers did not send a newline character after each log line.
5603
- Fixed a bug where the Compat Logs endpoint for containers would mangle line endings to change newline characters to add a preceding carriage return (#7942).
5604
- Fixed a bug where the Compat Inspect endpoint for Containers did not properly list the container's stop signal (#7917).
5605
- Fixed a bug where the Compat Inspect endpoint for Containers formatted the container's create time incorrectly (#7860).
5606
- Fixed a bug where the Compat Inspect endpoint for Containers did not include the container's Path, Args, and Restart Count.
5607
- Fixed a bug where the Compat Inspect endpoint for Containers prefixed added and dropped capabilities with CAP_ (Docker does not do so).
5608
- Fixed a bug where the Compat Info endpoint for the Engine did not include configured registries.
5609
- Fixed a bug where the server could panic if a client closed a connection midway through an image pull (#7896).
5610
- Fixed a bug where the Compat Create endpoint for volumes returned an error when a volume with the same name already existed, instead of succeeding with a 201 code (#7740).
5611
- Fixed a bug where a client disconnecting from the Libpod or Compat events endpoints could result in the server using 100% CPU (#7946).
5612
- Fixed a bug where the "no such image" error message sent by the Compat Inspect endpoint for Images returned a 404 status code with an error that was improperly formatted for Docker compatibility.
5613
- Fixed a bug where the Compat Create endpoint for networks did not properly set a default for the driver parameter if it was not provided by the client.
5614
- Fixed a bug where the Compat Inspect endpoint for images did not populate the RootFS field of the response.
5615
- Fixed a bug where the Compat Inspect endpoint for images would omit the ParentId field if the image had no parent, and the Created field if the image did not have a creation time.
5616
- Fixed a bug where the Compat Remove endpoint for Networks did not support the Force query parameter.
5617
5618
-------------------------------------------------------------------
5619
Mon Oct 26 14:08:32 UTC 2020 - Adrian Schröter <adrian@suse.de>
5620
5621
- add dependency to timezone package or podman fails to build a
5622
container (bsc#1178122)
5623
5624
-------------------------------------------------------------------
5625
Wed Sep 30 14:07:34 UTC 2020 - rhafer@suse.com
5626
- Added patch varlink.patch to disable needless varlink code
5627
generation. This would cause compile failures in OBS.
5628
(https://github.com/containers/podman/pull/7854)
5629
- Cleanup %build section a bit and no longer build in GOPATH.
5630
This shouldn't be needed anymore.
5631
- Path BUILDFLAGS via enviroment variable to allow it being
5632
appended to the corresponding Makefile variable instead of
5633
completely overriding it.
5634
- Install new auto-update system units
5635
- Update to v2.1.1 (bsc#1178392):
5636
* Changes
5637
- The `podman info` command now includes the cgroup manager
5638
Podman is using.
5639
* API
5640
- The REST API now includes a Server header in all responses.
5641
- Fixed a bug where the Libpod and Compat Attach endpoints
5642
could terminate early, before sending all output from the
5643
container.
5644
- Fixed a bug where the Compat Create endpoint for containers
5645
did not properly handle the Interactive parameter.
5646
- Fixed a bug where the Compat Kill endpoint for containers
5647
could continue to run after a fatal error.
5648
- Fixed a bug where the Limit parameter of the Compat List
5649
endpoint for Containers did not properly handle a limit of 0
5650
(returning nothing, instead of all containers) [#7722].
5651
- The Libpod Stats endpoint for containers is being deprecated
5652
and will be replaced by a similar endpoint with additional
5653
features in a future release.
5654
- Changes in v2.1.0
5655
* Features
5656
- A new command, `podman image mount`, has been added. This
5657
allows for an image to be mounted, read-only, to inspect its
5658
contents without creating a container from it [#1433].
5659
- The `podman save` and `podman load` commands can now create
5660
and load archives containing multiple images [#2669].
5661
- Rootless Podman now supports all `podman network` commands,
5662
and rootless containers can now be joined to networks.
5663
- The performance of `podman build` on `ADD` and `COPY`
5664
instructions has been greatly improved, especially when a
5665
`.dockerignore` is present.
5666
- The `podman run` and `podman create` commands now support a
5667
new mode for the `--cgroups` option, `--cgroups=split`.
5668
Podman will create two cgroups under the cgroup it was
5669
launched in, one for the container and one for Conmon. This
5670
mode is useful for running Podman in a systemd unit, as it
5671
ensures that all processes are retained in systemd's cgroup
5672
hierarchy [#6400].
5673
- The `podman run` and `podman create` commands can now specify
5674
options to slirp4netns by using the `--network` option as
5675
follows: `--net slirp4netns:opt1,opt2`. This allows for,
5676
among other things, switching the port forwarder used by
5677
slirp4netns away from rootlessport.
5678
- The `podman ps` command now features a new option,
5679
`--storage`, to show containers from Buildah, CRI-O and other
5680
applications.
5681
- The `podman run` and `podman create` commands now feature a
5682
`--sdnotify` option to control the behavior of systemd's
5683
sdnotify with containers, enabling improved support for
5684
Podman in `Type=notify` units.
5685
- The `podman run` command now features a `--preserve-fds`
5686
opton to pass file descriptors from the host into the
5687
container [#6458].
5688
- The `podman run` and `podman create` commands can now create
5689
overlay volume mounts, by adding the `:O` option to a bind
5690
mount (e.g. `-v /test:/test:O`). Overlay volume mounts will
5691
mount a directory into a container from the host and allow
5692
changes to it, but not write those changes back to the
5693
directory on the host.
5694
- The `podman play kube` command now supports the Socket
5695
HostPath type [#7112].
5696
- The `podman play kube` command now supports read-only mounts.
5697
- The `podman play kube` command now supports setting labels on
5698
pods from Kubernetes metadata labels.
5699
- The `podman play kube` command now supports setting container
5700
restart policy [#7656].
5701
- The `podman play kube` command now properly handles
5702
`HostAlias` entries.
5703
- The `podman generate kube` command now adds entries to
5704
`/etc/hosts` from `--host-add` generated YAML as `HostAlias`
5705
entries.
5706
- The `podman play kube` and `podman generate kube` commands
5707
now properly support `shareProcessNamespace` to share the PID
5708
namespace in pods.
5709
- The `podman volume ls` command now supports the `dangling`
5710
filter to identify volumes that are dangling (not attached to
5711
any container).
5712
- The `podman run` and `podman create` commands now feature a
5713
`--umask` option to set the umask of the created container.
5714
- The `podman create` and `podman run` commands now feature a
5715
`--tz` option to set the timezone within the container [#5128].
5716
- Environment variables for Podman can now be added in the
5717
`containers.conf` configuration file.
5718
- The `--mount` option of `podman run` and `podman create` now
5719
supports a new mount type, `type=devpts`, to add a `devpts`
5720
mount to the container. This is useful for containers that
5721
want to mount `/dev/` from the host into the container, but
5722
still create a terminal.
5723
- The `--security-opt` flag to `podman run` and `podman create`
5724
now supports a new option, `proc-opts`, to specify options
5725
for the container's `/proc` filesystem.
5726
- Podman with the `crun` OCI runtime now supports a new option
5727
to `podman run` and `podman create`, `--cgroup-conf`, which
5728
allows for advanced configuration of cgroups on cgroups v2
5729
systems.
5730
- The `podman create` and `podman run` commands now support a
5731
`--override-variant` option, to override the architecture
5732
variant of the image that will be pulled and ran.
5733
- A new global option has been added to Podman,
5734
`--runtime-flags`, which allows for setting flags to use when
5735
the OCI runtime is called.
5736
- The `podman manifest add` command now supports the
5737
`--cert-dir`, `--auth-file`, `--creds`, and `--tls-verify`
5738
options.
5739
* Security
5740
- This release resolves CVE-2020-14370, in which environment
5741
variables could be leaked between containers created using
5742
the Varlink API.
5743
* Changes
5744
- Podman will now retry pulling an image 3 times if a pull
5745
fails due to network errors.
5746
- The `podman exec` command would previously print error
5747
messages (e.g. `exec session exited with non-zero exit code
5748
-1`) when the command run exited with a non-0 exit code. It
5749
no longer does this. The `podman exec` command will still
5750
exit with the same exit code as the command run in the
5751
container did.
5752
- Error messages when creating a container or pod with a name
5753
that is already in use have been improved.
5754
- For read-only containers running systemd init, Podman creates
5755
a tmpfs filesystem at `/run`. This was previously limited to
5756
65k in size and mounted `noexec`, but is now unlimited size
5757
and mounted `exec`.
5758
- The `podman system reset` command no longer removes
5759
configuration files for rootless Podman.
5760
* API
5761
- The Libpod API version has been bumped to v2.0.0 due to a
5762
breaking change in the Image List API.
5763
- Docker-compatible Volume Endpoints (Create, Inspect, List,
5764
Remove, Prune) are now available!
5765
- Added an endpoint for generating systemd unit files for
5766
containers.
5767
- The `last` parameter to the Libpod container list endpoint
5768
now has an alias, `limit` [#6413].
5769
- The Libpod image list API new returns timestamps in Unix
5770
format, as integer, as opposed to as strings
5771
- The Compat Inspect endpoint for containers now includes port
5772
information in NetworkSettings.
5773
- The Compat List endpoint for images now features limited
5774
support for the (deprecated) `filter` query parameter [#6797].
5775
- Fixed a bug where the Compat Create endpoint for containers
5776
was not correctly handling bind mounts.
5777
- Fixed a bug where the Compat Create endpoint for containers
5778
would not return a 404 when the requested image was not
5779
present.
5780
- Fixed a bug where the Compat Create endpoint for containers
5781
did not properly handle Entrypoint and Command from images.
5782
- Fixed a bug where name history information was not properly
5783
added in the Libpod Image List endpoint.
5784
- Fixed a bug where the Libpod image search endpoint improperly
5785
populated the Description field of responses.
5786
- Added a `noTrunc` option to the Libpod image search endpoint.
5787
- Fixed a bug where the Pod List API would return null, instead
5788
of an empty array, when no pods were present [#7392].
5789
- Fixed a bug where endpoints that hijacked would do perform
5790
the hijack too early, before being ready to send and receive
5791
data [#7195].
5792
- Fixed a bug where Pod endpoints that can operate on multiple
5793
containers at once (e.g. Kill, Pause, Unpause, Stop) would
5794
not forward errors from individual containers that failed.
5795
- The Compat List endpoint for networks now supports filtering
5796
results [#7462].
5797
- Fixed a bug where the Top endpoint for pods would return both
5798
a 500 and 404 when run on a non-existant pod.
5799
- Fixed a bug where Pull endpoints did not stream progress back
5800
to the client.
5801
- The Version endpoints (Libpod and Compat) now provide version
5802
in a format compatible with Docker.
5803
- All non-hijacking responses to API requests should not
5804
include headers with the version of the server.
5805
- Fixed a bug where Libpod and Compat Events endpoints did not
5806
send response headers until the first event occurred [#7263].
5807
- Fixed a bug where the Build endpoints (Compat and Libpod) did
5808
not stream progress to the client.
5809
- Fixed a bug where the Stats endpoints (Compat and Libpod) did
5810
not properly handle clients disconnecting.
5811
- Fixed a bug where the Ignore parameter to the Libpod Stop
5812
endpoint was not performing properly.
5813
- Fixed a bug where the Compat Logs endpoint for containers did
5814
not stream its output in the correct format [#7196].
5815
5816
-------------------------------------------------------------------
5817
Tue Sep 8 13:41:21 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
5818
5819
- Cleanup %install section to use "make install"
5820
- install missing systemd units for the new Rest API (bsc#1175957)
5821
and a few man-pages that where missing before
5822
- Drop varlink API related bits (in favor of the new API)
5823
- fix install location for zsh completions
5824
5825
-------------------------------------------------------------------
5826
Wed Sep 2 00:06:42 UTC 2020 - Michael Ströder <michael@stroeder.com>
5827
5828
- Update to v2.0.6
5829
* Fixed a bug where running systemd in a container on a cgroups v1 system would fail.
5830
* Fixed a bug where /etc/passwd could be re-created every time a container
5831
is restarted if the container's /etc/passwd did not contain an entry
5832
for the user the container was started as.
5833
* Fixed a bug where containers without an /etc/passwd file specifying
5834
a non-root user would not start.
5835
* Fixed a bug where the --remote flag would sometimes not make
5836
remote connections and would instead attempt to run Podman locally.
5837
5838
-------------------------------------------------------------------
5839
Tue Aug 25 07:01:13 UTC 2020 - Michael Ströder <michael@stroeder.com>
5840
5841
- Update to v2.0.5 (bsc#1175821)
5842
* Features
5843
- Rootless Podman will now add an entry to /etc/passwd for the user who ran Podman if run with --userns=keep-id.
5844
- The podman system connection command has been reworked to support multiple connections, and reenabled for use!
5845
- Podman now has a new global flag, --connection, to specify a connection to a remote Podman API instance.
5846
* Changes
5847
- Podman's automatic systemd integration (activated by the --systemd=true flag, set by default) will now activate for containers using /usr/local/sbin/init as their command, instead of just /usr/sbin/init and /sbin/init (and any path ending in systemd).
5848
- Seccomp profiles specified by the --security-opt seccomp=... flag to podman create and podman run will now be honored even if the container was created using --privileged.
5849
* Bugfixes
5850
- Fixed a bug where the podman play kube would not honor the hostIP field for port forwarding (#5964).
5851
- Fixed a bug where the podman generate systemd command would panic on an invalid restart policy being specified (#7271).
5852
- Fixed a bug where the podman images command could take a very long time (several minutes) to complete when a large number of images were present.
5853
- Fixed a bug where the podman logs command with the --tail flag would not work properly when a large amount of output would be printed ((#7230)[https://github.com//issues/7230]).
5854
- Fixed a bug where the podman exec command with remote Podman would not return a non-zero exit code when the exec session failed to start (e.g. invoking a non-existent command) (#6893).
5855
- Fixed a bug where the podman load command with remote Podman would did not honor user-specified tags (#7124).
5856
- Fixed a bug where the podman system service command, when run as a non-root user by Systemd, did not properly handle the Podman pause process and would not restart properly as a result (#7180).
5857
- Fixed a bug where the --publish flag to podman create, podman run, and podman pod create did not properly handle a host IP of 0.0.0.0 (attempting to bind to literal 0.0.0.0, instead of all IPs on the system) (#7104).
5858
- Fixed a bug where the podman start --attach command would not print the container's exit code when the command exited due to the container exiting.
5859
- Fixed a bug where the podman rm command with remote Podman would not remove volumes, even if the --volumes flag was specified (#7128).
5860
- Fixed a bug where the podman run command with remote Podman and the --rm flag could exit before the container was fully removed.
5861
- Fixed a bug where the --pod new:... flag to podman run and podman create would create a pod that did not share any namespaces.
5862
- Fixed a bug where the --preserve-fds flag to podman run and podman exec could close the wrong file descriptors while trying to close user-provided descriptors after passing them into the container.
5863
- Fixed a bug where default environment variables ($PATH and $TERM) were not set in containers when not provided by the image.
5864
- Fixed a bug where pod infra containers were not properly unmounted after exiting.
5865
- Fixed a bug where networks created with podman network create with an IPv6 subnet did not properly set an IPv6 default route.
5866
- Fixed a bug where the podman save command would not work properly when its output was piped to another command (#7017).
5867
- Fixed a bug where containers using a systemd init on a cgroups v1 system could leak mounts under /sys/fs/cgroup/systemd to the host.
5868
- Fixed a bug where podman build would not generate an event on completion (#7022).
5869
- Fixed a bug where the podman history command with remote Podman printed incorrect creation times for layers (#7122).
5870
- Fixed a bug where Podman would not create working directories specified by the container image if they did not exist.
5871
- Fixed a bug where Podman did not clear CMD from the container image if the user overrode ENTRYPOINT (#7115).
5872
- Fixed a bug where error parsing image names were not fully reported (part of the error message containing the exact issue was dropped).
5873
- Fixed a bug where the podman images command with remote Podman did not support printing image tags in Go templates supplied to the --format flag (#7123).
5874
- Fixed a bug where the podman rmi --force command would not attempt to unmount containers it was removing, which could cause a failure to remove the image.
5875
- Fixed a bug where the podman generate systemd --new command could incorrectly quote arguments to Podman that contained whitespace, leading to nonfunctional unit files (#7285).
5876
- Fixed a bug where the podman version command did not properly include build time and Git commit.
5877
- Fixed a bug where running systemd in a Podman container on a system that did not use the systemd cgroup manager would fail (#6734).
5878
- Fixed a bug where capabilities from --cap-add were not properly added when a container was started as a non-root user via --user.
5879
- Fixed a bug where Pod infra containers were not properly cleaned up when they stopped, causing networking issues (#7103).
5880
* API
5881
- Fixed a bug where the libpod and compat Build endpoints did not accept the application/tar content type (instead only accepting application/x-tar) (#7185).
5882
- Fixed a bug where the libpod Exists endpoint would attempt to write a second header in some error conditions (#7197).
5883
- Fixed a bug where compat and libpod Network Inspect and Network Remove endpoints would return a 500 instead of 404 when the requested network was not found.
5884
- Added a versioned _ping endpoint (e.g. http://localhost/v1.40/_ping).
5885
- Fixed a bug where containers started through a systemd-managed instance of the REST API would be shut down when podman system service shut down due to its idle timeout (#7294).
5886
- Added stronger parameter verification for the libpod Network Create endpoint to ensure subnet mask is a valid value.
5887
- The Pod URL parameter to the Libpod Container List endpoint has been deprecated; the information previously gated by the Pod boolean will now be included in the response unconditionally.
5888
* Misc
5889
- Updated Buildah to v1.15.1
5890
- Updated containers/image library to v5.5.2
5891
5892
-------------------------------------------------------------------
5893
Tue Aug 18 15:11:31 UTC 2020 - Richard Brown <rbrown@suse.com>
5894
5895
- Correct invalid use of %{_libexecdir} to ensure files should be in /usr/lib
5896
5897
-------------------------------------------------------------------
5898
Wed Aug 12 09:35:29 UTC 2020 - Thorsten Kukuk <kukuk@suse.com>
5899
5900
- Change hard requires for AppArmor to Recommends. They are not
5901
needed for runtime or with SELinux but already installed if
5902
AppArmor is used [jsc#SMO-15]
5903
5904
-------------------------------------------------------------------
5905
Tue Aug 4 13:52:05 UTC 2020 - Richard Brown <rbrown@suse.com>
5906
5907
- Add BuildRequires for pkg-config(libselinux) to build with
5908
SELinux support [jsc#SMO-15]
5909
5910
-------------------------------------------------------------------
5911
Mon Aug 3 06:47:04 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
5912
5913
- Update to v2.0.4
5914
* Fixed a bug where the output of podman image search did not
5915
populate the Description field as it was mistakenly assigned to
5916
the ID field.
5917
* Fixed a bug where podman build - and podman build on an HTTP
5918
target would fail.
5919
* Fixed a bug where rootless Podman would improperly chown the
5920
copied-up contents of anonymous volumes (#7130).
5921
* Fixed a bug where Podman would sometimes HTML-escape special
5922
characters in its CLI output.
5923
* Fixed a bug where the podman start --attach --interactive
5924
command would print the container ID of the container attached
5925
to when exiting (#7068).
5926
* Fixed a bug where podman run --ipc=host --pid=host would only
5927
set --pid=host and not --ipc=host (#7100).
5928
* Fixed a bug where the --publish argument to podman run, podman
5929
create and podman pod create would not allow binding the same
5930
container port to more than one host port (#7062).
5931
* Fixed a bug where incorrect arguments to podman images --format
5932
could cause Podman to segfault.
5933
* Fixed a bug where podman rmi --force on an image ID with more
5934
than one name and at least one container using the image would
5935
not completely remove containers using the image (#7153).
5936
* Fixed a bug where memory usage in bytes and memory use
5937
percentage were swapped in the output of podman stats
5938
--format=json.
5939
* Fixed a bug where the libpod and compat events endpoints would
5940
fail if no filters were specified (#7078).
5941
* Fixed a bug where the CgroupVersion field in responses from the
5942
compat Info endpoint was prefixed by "v" (instead of just being
5943
"1" or "2", as is documented).
5944
5945
-------------------------------------------------------------------
5946
Fri Jul 31 13:07:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
5947
5948
- Remove obsolete libpod.conf from Package sources
5949
5950
-------------------------------------------------------------------
5951
Tue Jul 28 13:16:55 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
5952
5953
- libpod got renamed to podman on GitHub. Point _service file to
5954
the new name.
5955
- Remove obsolete old Requires on libcontainers-image and -storage
5956
all of that is inside libcontainers-common
5957
- Require a new enough libcontainers-common version to have the
5958
default containers.conf installed.
5959
- Remove deprecated libpod.conf and create an update notice pointing
5960
to containers.conf for user that made changes to libpod.conf
5961
5962
-------------------------------------------------------------------
5963
Tue Jul 28 09:13:49 UTC 2020 - Fabian Vogt <fvogt@suse.com>
5964
5965
- Suggest katacontainers instead of recommending it. It's not
5966
enabled by default, so it's just bloat
5967
5968
-------------------------------------------------------------------
5969
Fri Jul 24 12:19:32 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
5970
5971
- Update to v2.0.3
5972
* Fix handling of entrypoint
5973
* log API: add context to allow for cancelling
5974
* fix API: Create container with an invalid configuration
5975
* Remove all instances of named return "err" from Libpod
5976
* Fix: Correct connection counters for hijacked connections
5977
* Fix: Hijacking v2 endpoints to follow rfc 7230 semantics
5978
* Remove hijacked connections from active connections list
5979
* version/info: format: allow more json variants
5980
* Correctly print STDOUT on non-terminal remote exec
5981
* Fix container and pod create commands for remote create
5982
* Mask out /sys/dev to prevent information leak from the host
5983
* Ensure sig-proxy default is propagated in start
5984
* Add SystemdMode to inspect for containers
5985
* When determining systemd mode, use full command
5986
* Fix lint
5987
* Populate remaining unused fields in `pod inspect`
5988
* Include infra container information in `pod inspect`
5989
* play-kube: add suport for "IfNotPresent" pull type
5990
* docs: user namespace can't be shared in pods
5991
* Fix "Error: unrecognized protocol \"TCP\" in port mapping"
5992
* Error on rootless mac and ip addresses
5993
* Fix & add notes regarding problematic language in codebase
5994
* abi: set default umask and rlimits
5995
* Used reference package with errors for parsing tag
5996
* fix: system df error when an image has no name
5997
* Fix Generate API title/description
5998
* Add noop function disable-content-trust
5999
* fix play kube doesn't override dockerfile ENTRYPOINT
6000
* Support default profile for apparmor
6001
* Bump github.com/containers/common to v0.14.6
6002
* events endpoint: backwards compat to old type
6003
* events endpoint: fix panic and race condition
6004
* Switch references from libpod.conf to containers.conf
6005
* podman.service: set type to simple
6006
* podman.service: set doc to podman-system-service
6007
* podman.service: use default registries.conf
6008
* podman.service: use default killmode
6009
* podman.service: remove stop timeout
6010
* systemd: symlink user->system
6011
* vendor golang.org/x/text@v0.3.3
6012
* Fix a bug where --pids-limit was parsed incorrectly
6013
* search: allow wildcards
6014
* [CI:DOCS]Do not copy policy.json into gating image
6015
* Fix systemd pid 1 test
6016
* Cirrus: Rotate keys post repo. rename
6017
- The libpod.conf(5) man page got removed and all references are
6018
now pointing towards containers.conf(5), which will be part
6019
of the libcontainers-common package.
6020
6021
-------------------------------------------------------------------
6022
Wed Jul 8 07:12:58 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6023
6024
- Update to podman v2.0.2
6025
* fix race condition in `libpod.GetEvents(...)`
6026
* Fix bug where `podman mount` didn't error as rootless
6027
* remove podman system connection
6028
* Fix imports to ensure v2 is used with libpod
6029
* Update release notes for v2.0.2
6030
* specgen: fix order for setting rlimits
6031
* Ensure umask is set appropriately for 'system service'
6032
* generate systemd: improve pod-flags filter
6033
* Fix a bug with APIv2 compat network remove to log an ErrNetworkNotFound instead of nil
6034
* Fixes --remote flag issues
6035
* Pids-limit should only be set if the user set it
6036
* Set console mode for windows
6037
* Allow empty host port in --publish flag
6038
* Add a note on the APIs supported by `system service`
6039
* fix: Don't override entrypoint if it's `nil`
6040
* Set TMPDIR to /var/tmp by default if not set
6041
* test: add tests for --user and volumes
6042
* container: move volume chown after spec generation
6043
* libpod: volume copyup honors namespace mappings
6044
* Fix `system service` panic from early hangup in events
6045
* stop podman service in e2e tests
6046
* Print errors from individual containers in pods
6047
* auto-update: clarify systemd-unit requirements
6048
* podman ps truncate the command
6049
* move go module to v2
6050
* Vendor containers/common v0.14.4
6051
* Bump to imagebuilder v1.1.6 on v2 branch
6052
* Account for non-default port number in image name
6053
- Changes since v2.0.1
6054
* Update release notes with further v2.0.1 changes
6055
* Fix inspect to display multiple label: changes
6056
* Set syslog for exit commands on log-level=debug
6057
* Friendly amendment for pr 6751
6058
* podman run/create: support all transports
6059
* systemd generate: allow manual restart of container units in pods
6060
* Revert sending --remote flag to containers
6061
* Print port mappings in `ps` for ctrs sharing network
6062
* vendor github.com/containers/common@v0.14.3
6063
* Update release notes for v2.0.1
6064
* utils: drop default mapping when running uid!=0
6065
* Set stop signal to 15 when not explicitly set
6066
* podman untag: error if tag doesn't exist
6067
* Reformat inspect network settings
6068
* APIv2: Return `StatusCreated` from volume creation
6069
* APIv2:fix: Remove `/json` from compat network EPs
6070
* Fix ssh-agent support
6071
* libpod: specify mappings to the storage
6072
* APIv2:doc: Fix swagger doc to refer to volumes
6073
* Add podman network to bash command completions
6074
* Fix typo in manpage for `podman auto update`.
6075
* Add JSON output field for ps
6076
* V2 podman system connection
6077
* image load: no args required
6078
* Re-add PODMAN_USERNS environment variable
6079
* Fix conflicts between privileged and other flags
6080
* Bump required go version to 1.13
6081
* Add explicit command to alpine container in test case.
6082
* Use POLL_DURATION for timer
6083
* Stop following logs using timers
6084
* "pod" was being truncated to "po" in the names of the generated systemd unit files.
6085
* rootless_linux: improve error message
6086
* Fix podman build handling of --http-proxy flag
6087
* correct the absolute path of `rm` executable
6088
* Makefile: allow customizable GO_BUILD
6089
* Cirrus: Change DEST_BRANCH to v2.0
6090
6091
-------------------------------------------------------------------
6092
Mon Jun 22 14:55:23 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6093
6094
- Update to podman v2.0.0
6095
* The `podman generate systemd` command now supports the `--new`
6096
flag when used with pods, allowing portable services for pods
6097
to be created.
6098
* The `podman play kube` command now supports running Kubernetes
6099
Deployment YAML.
6100
* The `podman exec` command now supports the `--detach` flag to
6101
run commands in the container in the background.
6102
* The `-p` flag to `podman run` and `podman create` now supports
6103
forwarding ports to IPv6 addresses.
6104
* The `podman run`, `podman create` and `podman pod create`
6105
command now support a `--replace` flag to remove and replace any
6106
existing container (or, for `pod create`, pod) with the same name
6107
* The `--restart-policy` flag to `podman run` and `podman create`
6108
now supports the `unless-stopped` restart policy.
6109
* The `--log-driver` flag to `podman run` and `podman create`
6110
now supports the `none` driver, which does not log the
6111
container's output.
6112
* The `--mount` flag to `podman run` and `podman create` now
6113
accepts `readonly` option as an alias to `ro`.
6114
* The `podman generate systemd` command now supports the `--container-prefix`,
6115
`--pod-prefix`, and `--separator` arguments to control the
6116
name of generated unit files.
6117
* The `podman network ls` command now supports the `--filter`
6118
flag to filter results.
6119
* The `podman auto-update` command now supports specifying an
6120
authfile to use when pulling new images on a per-container
6121
basis using the `io.containers.autoupdate.authfile` label.
6122
* Fixed a bug where the `podman exec` command would log to journald
6123
when run in containers loggined to journald
6124
([#6555](https://github.com/containers/libpod/issues/6555)).
6125
* Fixed a bug where the `podman auto-update` command would not
6126
preserve the OS and architecture of the original image when
6127
pulling a replacement
6128
([#6613](https://github.com/containers/libpod/issues/6613)).
6129
* Fixed a bug where the `podman cp` command could create an extra
6130
`merged` directory when copying into an existing directory
6131
([#6596](https://github.com/containers/libpod/issues/6596)).
6132
* Fixed a bug where the `podman pod stats` command would crash
6133
on pods run with `--network=host`
6134
([#5652](https://github.com/containers/libpod/issues/5652)).
6135
* Fixed a bug where containers logs written to journald did not
6136
include the name of the container.
6137
* Fixed a bug where the `podman network inspect` and
6138
`podman network rm` commands did not properly handle non-default
6139
CNI configuration paths ([#6212](https://github.com/containers/libpod/issues/6212)).
6140
* Fixed a bug where Podman did not properly remove containers
6141
when using the Kata containers OCI runtime.
6142
* Fixed a bug where `podman inspect` would sometimes incorrectly
6143
report the network mode of containers started with `--net=none`.
6144
* Podman is now better able to deal with cases where `conmon`
6145
is killed before the container it is monitoring.
6146
- Requires go 1.13 now
6147
6148
-------------------------------------------------------------------
6149
Mon May 25 11:32:32 UTC 2020 - Paolo Stivanin <info@paolostivanin.com>
6150
6151
- Update to podman v1.9.3:
6152
* Fixed a bug where, on FIPS enabled hosts, FIPS mode secrets
6153
were not properly mounted into containers
6154
* Fixed a bug where builds run over Varlink would hang
6155
* Fixed a bug where podman save would fail when the target
6156
image was specified by digest
6157
* Fixed a bug where rootless containers with ports forwarded to them
6158
could panic and dump core due to a concurrency issue (#6018)
6159
* Fixed a bug where rootless Podman could race when opening the
6160
rootless user namespace, resulting in commands failing to run
6161
* Fixed a bug where HTTP proxy environment variables forwarded into
6162
the container by the --http-proxy flag could not be overridden by --env or --env-file
6163
* Fixed a bug where rootless Podman was setting resource limits on cgroups
6164
v2 systems that were not using systemd-managed cgroups
6165
(and thus did not support resource limits), resulting in containers failing to start
6166
6167
6168
-------------------------------------------------------------------
6169
Wed Apr 29 06:34:51 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
6170
6171
- Update podman to v1.9.1:
6172
* Bugfixes
6173
- Fixed a bug where healthchecks could become nonfunctional if
6174
container log paths were manually set with --log-path and
6175
multiple container logs were placed in the same directory
6176
- Fixed a bug where rootless Podman could, when using an older
6177
libpod.conf, print numerous warning messages about an invalid
6178
CGroup manager config
6179
- Fixed a bug where rootless Podman would sometimes fail to
6180
close the rootless user namespace when joining it
6181
* Misc
6182
- Updated containers/common to v0.8.2
6183
6184
-------------------------------------------------------------------
6185
Thu Apr 16 06:33:21 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
6186
6187
- Switched to simple `make binaries` for building podman
6188
- Update podman to v1.9.0:
6189
* Features
6190
- Experimental support has been added for podman run
6191
--userns=auto, which automatically allocates a unique UID and
6192
GID range for the new container's user namespace
6193
- The podman play kube command now has a --network flag to
6194
place the created pod in one or more CNI networks
6195
- The podman commit command now supports an --iidfile flag to
6196
write the ID of the committed image to a file
6197
- Initial support for the new containers.conf configuration
6198
file has been added. containers.conf allows for much more
6199
detailed configuration of some Podman functionality
6200
* Changes
6201
- There has been a major cleanup of the podman info command
6202
resulting in breaking changes. Many fields have been renamed
6203
to better suit usage with APIv2
6204
- All uses of the --timeout flag have been switched to prefer
6205
the alternative --time. The --timeout flag will continue to
6206
work, but man pages and --help will use the --time flag
6207
instead
6208
* Bugfixes
6209
- Fixed a bug where some volume mounts from the host would
6210
sometimes not properly determine the flags they should use
6211
when mounting
6212
- Fixed a bug where Podman was not propagating $PATH to Conmon
6213
and the OCI runtime, causing issues for some OCI runtimes
6214
that required it
6215
- Fixed a bug where rootless Podman would print error messages
6216
about missing support for systemd cgroups when run in a
6217
container with no cgroup support
6218
- Fixed a bug where podman play kube would not properly handle
6219
container-only port mappings (#5610)
6220
- Fixed a bug where the podman container prune command was not
6221
pruning containers in the created and configured states
6222
- Fixed a bug where Podman was not properly removing CNI IP
6223
address allocations after a reboot (#5433)
6224
- Fixed a bug where Podman was not properly applying the
6225
default Seccomp profile when --security-opt was not given at
6226
the command line
6227
* HTTP API
6228
- Many Libpod API endpoints have been added, including Changes,
6229
Checkpoint, Init, and Restore
6230
- Resolved issues where the podman system service command would
6231
time out and exit while there were still active connections
6232
- Stability overall has greatly improved as we prepare the API
6233
for a beta release soon with Podman 2.0
6234
* Misc
6235
- The default infra image for pods has been upgraded to
6236
k8s.gcr.io/pause:3.2 (from 3.1) to address a bug in the
6237
architecture metadata for non-AMD64 images
6238
- The slirp4netns networking utility in rootless Podman now
6239
uses Seccomp filtering where available for improved security
6240
- Updated Buildah to v1.14.8
6241
- Updated containers/storage to v1.18.2
6242
- Updated containers/image to v5.4.3
6243
- Updated containers/common to v0.8.1
6244
6245
-------------------------------------------------------------------
6246
Fri Apr 3 14:30:02 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6247
6248
- Add "systemd" BUILDFLAGS to build with support for journald
6249
logging (bsc#1162432)
6250
6251
-------------------------------------------------------------------
6252
Fri Mar 27 12:40:44 UTC 2020 - Richard Brown <rbrown@suse.com>
6253
6254
- Use infra_image pause:3.2
6255
6256
-------------------------------------------------------------------
6257
Fri Mar 27 09:52:26 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6258
6259
- Fix dependency on slirp4netns. We need at least 0.4.0 now
6260
(bsc#1167850)
6261
6262
-------------------------------------------------------------------
6263
Fri Mar 20 07:56:22 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
6264
6265
- Update podman to v1.8.2:
6266
* Features
6267
- Initial support for automatically updating containers managed
6268
via Systemd unit files has been merged. This allows
6269
containers to automatically upgrade if a newer version of
6270
their image becomes available
6271
* Bugfixes
6272
- Fixed a bug where unit files generated by podman generate
6273
systemd --new would not force containers to detach, causing
6274
the unit to time out when trying to start
6275
- Fixed a bug where podman system reset could delete important
6276
system directories if run as rootless on installations
6277
created by older Podman (#4831)
6278
- Fixed a bug where image built by podman build would not
6279
properly set the OS and Architecture they were built with
6280
(#5503)
6281
- Fixed a bug where attached podman run with --sig-proxy
6282
enabled (the default), when built with Go 1.14, would
6283
repeatedly send signal 23 to the process in the container and
6284
could generate errors when the container stopped (#5483)
6285
- Fixed a bug where rootless podman run commands could hang
6286
when forwarding ports
6287
- Fixed a bug where rootless Podman would not work when /proc
6288
was mounted with the hidepid option set
6289
- Fixed a bug where the podman system service command would use
6290
large amounts of CPU when --timeout was set to 0 (#5531)
6291
* HTTP API
6292
- Initial support for Libpod endpoints related to creating and
6293
operating on image manifest lists has been added
6294
- The Libpod Healthcheck and Events API endpoints are now
6295
supported
6296
- The Swagger endpoint can now handle cases where no Swagger
6297
documentation has been generated
6298
* Misc
6299
- Updated Buildah to v1.14.3
6300
- Updated containers/storage to v1.16.5
6301
- Several performance improvements have been made to creating
6302
containers, which should somewhat improve the performance of
6303
podman create and podman run
6304
6305
-------------------------------------------------------------------
6306
Thu Mar 12 07:36:52 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
6307
6308
- Update podman to v1.8.1:
6309
* Features
6310
- Many networking-related flags have been added to podman pod
6311
create to enable customization of pod networks, including
6312
--add-host, --dns, --dns-opt, --dns-search, --ip,
6313
--mac-address, --network, and --no-hosts
6314
- The podman ps --format=json command now includes the ID of
6315
the image containers were created with
6316
- The podman run and podman create commands now feature an
6317
--rmi flag to remove the image the container was using after
6318
it exits (if no other containers are using said image)
6319
([#4628](https://github.com/containers/libpod/issues/4628))
6320
- The podman create and podman run commands now support the
6321
--device-cgroup-rule flag (#4876)
6322
- While the HTTP API remains in alpha, many fixes and additions
6323
have landed. These are documented in a separate subsection
6324
below
6325
- The podman create and podman run commands now feature a
6326
--no-healthcheck flag to disable healthchecks for a container
6327
(#5299)
6328
- Containers now recognize the io.containers.capabilities
6329
label, which specifies a list of capabilities required by the
6330
image to run. These capabilities will be used as long as they
6331
are more restrictive than the default capabilities used
6332
- YAML produced by the podman generate kube command now
6333
includes SELinux configuration passed into the container via
6334
--security-opt label=... (#4950)
6335
* Bugfixes
6336
- Fixed CVE-2020-1726, a security issue where volumes manually
6337
populated before first being mounted into a container could
6338
have those contents overwritten on first being mounted into a
6339
container
6340
- Fixed a bug where Podman containers with user namespaces in
6341
CNI networks with the DNS plugin enabled would not have the
6342
DNS plugin's nameserver added to their resolv.conf
6343
([#5256](https://github.com/containers/libpod/issues/5256))
6344
- Fixed a bug where trailing / characters in image volume
6345
definitions could cause them to not be overridden by a
6346
user-specified mount at the same location
6347
([#5219](https://github.com/containers/libpod/issues/5219))
6348
- Fixed a bug where the label option in libpod.conf, used to
6349
disable SELinux by default, was not being respected (#5087)
6350
- Fixed a bug where the podman login and podman logout commands
6351
required the registry to log into be specified (#5146)
6352
- Fixed a bug where detached rootless Podman containers could
6353
not forward ports (#5167)
6354
- Fixed a bug where rootless Podman could fail to run if the
6355
pause process had died
6356
- Fixed a bug where Podman ignored labels that were specified
6357
with only a key and no value (#3854)
6358
- Fixed a bug where Podman would fail to create named volumes
6359
when the backing filesystem did not support SELinux labelling
6360
(#5200)
6361
- Fixed a bug where --detach-keys="" would not disable
6362
detaching from a container (#5166)
6363
- Fixed a bug where the podman ps command was too aggressive
6364
when filtering containers and would force --all on in too
6365
many situations
6366
- Fixed a bug where the podman play kube command was ignoring
6367
image configuration, including volumes, working directory,
6368
labels, and stop signal (#5174)
6369
- Fixed a bug where the Created and CreatedTime fields in
6370
podman images --format=json were misnamed, which also broke
6371
Go template output for those fields
6372
([#5110](https://github.com/containers/libpod/issues/5110))
6373
- Fixed a bug where rootless Podman containers with ports
6374
forwarded could hang when started (#5182)
6375
- Fixed a bug where podman pull could fail to parse registry
6376
names including port numbers
6377
- Fixed a bug where Podman would incorrectly attempt to
6378
validate image OS and architecture when starting containers
6379
- Fixed a bug where Bash completion for podman build -f would
6380
not list available files that could be built (#3878)
6381
- Fixed a bug where podman commit --change would perform
6382
incorrect validation, resulting in valid changes being
6383
rejected (#5148)
6384
- Fixed a bug where podman logs --tail could take large amounts
6385
of memory when the log file for a container was large (#5131)
6386
- Fixed a bug where Podman would sometimes incorrectly generate
6387
firewall rules on systems using firewalld
6388
- Fixed a bug where the podman inspect command would not
6389
display network information for containers properly if a
6390
container joined multiple CNI networks
6391
([#4907](https://github.com/containers/libpod/issues/4907))
6392
- Fixed a bug where the --uts flag to podman create and podman
6393
run would only allow specifying containers by full ID (#5289)
6394
- Fixed a bug where rootless Podman could segfault when passed
6395
a large number of file descriptors
6396
- Fixed a bug where the podman port command was incorrectly
6397
interpreting additional arguments as container names, instead
6398
of port numbers
6399
- Fixed a bug where units created by podman generate systemd
6400
did not depend on network targets, and so could start before
6401
the system network was ready (#4130)
6402
- Fixed a bug where exec sessions in containers which did not
6403
specify a user would not inherit supplemental groups added to
6404
the container via --group-add
6405
- Fixed a bug where Podman would not respect the $TMPDIR
6406
environment variable for placing large temporary files during
6407
some operations (e.g. podman pull)
6408
([#5411](https://github.com/containers/libpod/issues/5411))
6409
* HTTP API
6410
- Initial support for secure connections to servers via SSH
6411
tunneling has been added
6412
- Initial support for the libpod create and logs endpoints for
6413
containers has been added
6414
- Added a /swagger/ endpoint to serve API documentation
6415
- The json endpoint for containers has received many fixes
6416
- Filtering images and containers has been greatly improved,
6417
with many bugs fixed and documentation improved
6418
- Image creation endpoints (commit, pull, etc) have seen many
6419
fixes
6420
- Server timeout has been fixed so that long operations will no
6421
longer trigger the timeout and shut the server down
6422
- The stats endpoint for containers has seen major fixes and
6423
now provides accurate output
6424
- Handling the HTTP 304 status code has been fixed for all
6425
endpoints
6426
- Many fixes have been made to API documentation to ensure it
6427
matches the code
6428
* Misc
6429
- Updated vendored Buildah to v1.14.2
6430
- Updated vendored containers/storage to v1.16.2
6431
- The Created field to podman images --format=json has been
6432
renamed to CreatedSince as part of the fix for (#5110). Go
6433
templates using the old name shou ld still work
6434
- The CreatedTime field to podman images --format=json has been
6435
renamed to CreatedAt as part of the fix for (#5110). Go
6436
templates using the old name should still work
6437
- The before filter to podman images has been renamed to since
6438
for Docker compatibility. Using before will still work, but
6439
documentation has been changed to use the new since filter
6440
- Using the --password flag to podman login now warns that
6441
passwords are being passed in plaintext
6442
- Some common cases where Podman would deadlock have been fixed
6443
to warn the user that podman system renumber must be run to
6444
resolve the deadlock
6445
6446
-------------------------------------------------------------------
6447
Thu Mar 5 16:26:16 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6448
6449
- Added SLE specific README.SUSE about current support status
6450
(jsc#SLE-9112, jsc#CAASP-60)
6451
6452
-------------------------------------------------------------------
6453
Thu Mar 5 15:40:12 UTC 2020 - Richard Brown <rbrown@suse.com>
6454
6455
- Configure br_netfilter for podman automatically (boo#1165738)
6456
6457
-------------------------------------------------------------------
6458
Thu Feb 20 15:57:54 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6459
6460
- The name of the cni-bridge in the default config changed from
6461
"cni0" to "podman-cni0" with podman-1.6.0. Add a %trigger to
6462
rename the bridge in the system to the new default if it exists.
6463
The trigger is only excuted when updating podman-cni-config
6464
from something older than 1.6.0. This is mainly needed for SLE
6465
where we're updating from 1.4.4 to 1.8.0 (bsc#1160460).
6466
6467
-------------------------------------------------------------------
6468
Fri Feb 7 14:18:16 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
6469
6470
- Remove: 0001-clarify-container-prune-force.patch because it's now
6471
included in the release
6472
- Update podman to v1.8.0 (bsc#1160460):
6473
* Features
6474
- The podman system service command has been added, providing a
6475
preview of Podman's new Docker-compatible API. This API is
6476
still very new, and not yet ready for production use, but is
6477
available for early testing
6478
- Rootless Podman now uses Rootlesskit for port forwarding,
6479
which should greatly improve performance and capabilities
6480
- The podman untag command has been added to remove tags from
6481
images without deleting them
6482
- The podman inspect command on images now displays previous
6483
names they used
6484
- The podman generate systemd command now supports a --new
6485
option to generate service files that create and run new
6486
containers instead of managing existing containers
6487
- Support for --log-opt tag= to set logging tags has been added
6488
to the journald log driver
6489
- Added support for using Seccomp profiles embedded in images
6490
for podman run and podman create via the new --seccomp-policy
6491
CLI flag
6492
- The podman play kube command now honors pull policy
6493
* Bugfixes
6494
- Fixed a bug where the podman cp command would not copy the
6495
contents of directories when paths ending in /. were given
6496
- Fixed a bug where the podman play kube command did not
6497
properly locate Seccomp profiles specified relative to
6498
localhost
6499
- Fixed a bug where the podman info command for remote Podman
6500
did not show registry information
6501
- Fixed a bug where the podman exec command did not support
6502
having input piped into it
6503
- Fixed a bug where the podman cp command with rootless Podman
6504
on CGroups v2 systems did not properly determine if the
6505
container could be paused while copying
6506
- Fixed a bug where the podman container prune --force command
6507
could possible remove running containers if they were started
6508
while the command was running
6509
- Fixed a bug where Podman, when run as root, would not
6510
properly configure slirp4netns networking when requested
6511
- Fixed a bug where podman run --userns=keep-id did not work
6512
when the user had a UID over 65535
6513
- Fixed a bug where rootless podman run and podman create with
6514
the --userns=keep-id option could change permissions on
6515
/run/user/$UID and break KDE
6516
- Fixed a bug where rootless Podman could not be run in a
6517
systemd service on systems using CGroups v2
6518
- Fixed a bug where podman inspect would show CPUShares as 0,
6519
instead of the default (1024), when it was not explicitly set
6520
- Fixed a bug where podman-remote push would segfault
6521
- Fixed a bug where image healthchecks were not shown in the
6522
output of podman inspect
6523
- Fixed a bug where named volumes created with containers from
6524
pre-1.6.3 releases of Podman would be autoremoved with their
6525
containers if the --rm flag was given, even if they were
6526
given names
6527
- Fixed a bug where podman history was not computing image
6528
sizes correctly
6529
- Fixed a bug where Podman would not error on invalid values to
6530
the --sort flag to podman images
6531
- Fixed a bug where providing a name for the image made by
6532
podman commit was mandatory, not optional as it should be
6533
- Fixed a bug where the remote Podman client would append an
6534
extra " to %PATH
6535
- Fixed a bug where the podman build command would sometimes
6536
ignore the -f option and build the wrong Containerfile
6537
- Fixed a bug where the podman ps --filter command would only
6538
filter running containers, instead of all containers, if
6539
--all was not passed
6540
- Fixed a bug where the podman load command on compressed
6541
images would leave an extra copy on disk
6542
- Fixed a bug where the podman restart command would not
6543
properly clean up the network, causing it to function
6544
differently from podman stop; podman start
6545
- Fixed a bug where setting the --memory-swap flag to podman
6546
create and podman run to -1 (to indicate unlimited) was not
6547
supported
6548
* Misc
6549
- Initial work on version 2 of the Podman remote API has been
6550
merged, but is still in an alpha state and not ready for use.
6551
Read more here
6552
- Many formatting corrections have been made to the manpages
6553
- The changes to address (#5009) may cause anonymous volumes
6554
created by Podman versions 1.6.3 to 1.7.0 to not be removed
6555
when their container is removed
6556
- Updated vendored Buildah to v1.13.1
6557
- Updated vendored containers/storage to v1.15.8
6558
- Updated vendored containers/image to v5.2.0
6559
6560
-------------------------------------------------------------------
6561
Fri Jan 24 14:04:36 UTC 2020 - Sascha Grunert <sgrunert@suse.com>
6562
6563
- Add apparmor-abstractions as required runtime dependency to
6564
have `tunables/global` available.
6565
6566
-------------------------------------------------------------------
6567
Mon Jan 13 11:13:59 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6568
6569
- Add: 0001-clarify-container-prune-force.patch to fix the --force
6570
flag for the "container prune" command.
6571
(https://github.com/containers/libpod/issues/4844)
6572
6573
-------------------------------------------------------------------
6574
Wed Jan 8 09:23:01 UTC 2020 - Ralf Haferkamp <rhafer@suse.com>
6575
6576
- Update podman to v1.7.0
6577
* Features
6578
- Added support for setting a static MAC address for containers
6579
- Added support for creating macvlan networks with podman
6580
network create, allowing Podman containers to be attached
6581
directly to networks the host is connected to
6582
- The podman image prune and podman container prune commands
6583
now support the --filter flag to filter what will be pruned,
6584
and now prompts for confirmation when run without --force
6585
(#4410 and #4411)
6586
- Podman now creates CGroup namespaces by default on systems
6587
using CGroups v2 (#4363)
6588
- Added the podman system reset command to remove all Podman
6589
files and perform a factory reset of the Podman installation
6590
- Added the --history flag to podman images to display previous
6591
names used by images (#4566)
6592
- Added the --ignore flag to podman rm and podman stop to not
6593
error when requested containers no longer exist
6594
- Added the --cidfile flag to podman rm and podman stop to read
6595
the IDs of containers to be removed or stopped from a file
6596
- The podman play kube command now honors Seccomp annotations
6597
(#3111)
6598
- The podman play kube command now honors RunAsUser,
6599
RunAsGroup, and selinuxOptions
6600
- The output format of the podman version command has been
6601
changed to better match docker version when using the
6602
--format flag
6603
- Rootless Podman will no longer initialize containers/storage
6604
twice, removing a potential deadlock preventing Podman
6605
commands from running while an image was being pulled (#4591)
6606
- Added tmpcopyup and notmpcopyup options to the --tmpfs and
6607
--mount type=tmpfs flags to podman create and podman run to
6608
control whether the content of directories are copied into
6609
tmpfs filesystems mounted over them
6610
- Added support for disabling detaching from containers by
6611
setting empty detach keys via --detach-keys=""
6612
- The podman build command now supports the --pull and
6613
--pull-never flags to control when images are pulled during a
6614
build
6615
- The podman ps -p command now shows the name of the pod as
6616
well as its ID (#4703)
6617
- The podman inspect command on containers will now display the
6618
command used to create the container
6619
- The podman info command now displays information on registry
6620
mirrors (#4553)
6621
* Bugfixes
6622
- Fixed a bug where Podman would use an incorrect runtime
6623
directory as root, causing state to be deleted after root
6624
logged out and making Podman in systemd services not function
6625
properly
6626
- Fixed a bug where the --change flag to podman import and
6627
podman commit was not being parsed properly in many cases
6628
- Fixed a bug where detach keys specified in libpod.conf were
6629
not used by the podman attach and podman exec commands, which
6630
always used the global default ctrl-p,ctrl-q key combination
6631
(#4556)
6632
- Fixed a bug where rootless Podman was not able to run podman
6633
pod stats even on CGroups v2 enabled systems (#4634)
6634
- Fixed a bug where rootless Podman would fail on kernels
6635
without the renameat2 syscall (#4570)
6636
- Fixed a bug where containers with chained network namespace
6637
dependencies (IE, container A using --net container=B and
6638
container B using --net container=C) would not properly mount
6639
/etc/hosts and /etc/resolv.conf into the container (#4626)
6640
- Fixed a bug where podman run with the --rm flag and without
6641
-d could, when run in the background, throw a 'container does
6642
not exist' error when attempting to remove the container
6643
after it exited
6644
- Fixed a bug where named volume locks were not properly
6645
reacquired after a reboot, potentially leading to deadlocks
6646
when trying to start containers using the volume (#4605 and
6647
#4621)
6648
- Fixed a bug where Podman could not completely remove
6649
containers if sent SIGKILL during removal, leaving the
6650
container name unusable without the podman rm --storage
6651
command to complete removal (#3906)
6652
- Fixed a bug where checkpointing containers started with --rm
6653
was allowed when --export was not specified (the container,
6654
and checkpoint, would be removed after checkpointing was
6655
complete by --rm) (#3774)
6656
- Fixed a bug where the podman pod prune command would fail if
6657
containers were present in the pods and the --force flag was
6658
not passed (#4346)
6659
- Fixed a bug where containers could not set a static IP or
6660
static MAC address if they joined a non-default CNI network
6661
(#4500)
6662
- Fixed a bug where podman system renumber would always throw
6663
an error if a container was mounted when it was run
6664
- Fixed a bug where podman container restore would fail with
6665
containers using a user namespace
6666
- Fixed a bug where rootless Podman would attempt to use the
6667
journald events backend even on systems without systemd
6668
installed
6669
- Fixed a bug where podman history would sometimes not properly
6670
identify the IDs of layers in an image (#3359)
6671
- Fixed a bug where containers could not be restarted when
6672
Conmon v2.0.3 or later was used
6673
- Fixed a bug where Podman did not check image OS and
6674
Architecture against the host when starting a container
6675
- Fixed a bug where containers in pods did not function
6676
properly with the Kata OCI runtime (#4353)
6677
- Fixed a bug where `podman info --format '{{ json . }}' would
6678
not produce JSON output (#4391)
6679
- Fixed a bug where Podman would not verify if files passed to
6680
--authfile existed (#4328)
6681
- Fixed a bug where podman images --digest would not always
6682
print digests when they were available
6683
- Fixed a bug where rootless podman run could hang due to a
6684
race with reading and writing events
6685
- Fixed a bug where rootless Podman would print warning-level
6686
logs despite not be instructed to do so (#4456)
6687
- Fixed a bug where podman pull would attempt to fetch from
6688
remote registries when pulling an unqualified image using the
6689
docker-daemon transport (#4434)
6690
- Fixed a bug where podman cp would not work if STDIN was a
6691
pipe
6692
- Fixed a bug where podman exec could stop accepting input if
6693
anything was typed between the command being run and the exec
6694
session starting (#4397)
6695
- Fixed a bug where podman logs --tail 0 would print all lines
6696
of a container's logs, instead of no lines (#4396)
6697
- Fixed a bug where the timeout for slirp4netns was incorrectly
6698
set, resulting in an extremely long timeout (#4344)
6699
- Fixed a bug where the podman stats command would print CPU
6700
utilizations figures incorrectly (#4409)
6701
- Fixed a bug where the podman inspect --size command would not
6702
print the size of the container's read/write layer if the
6703
size was 0 (#4744)
6704
- Fixed a bug where the podman kill command was not properly
6705
validating signals before use (#4746)
6706
- Fixed a bug where the --quiet and --format flags to podman ps
6707
could not be used at the same time
6708
- Fixed a bug where the podman stop command was not stopping
6709
exec sessions when a container was created without a PID
6710
namespace (--pid=host)
6711
- Fixed a bug where the podman pod rm --force command was not
6712
removing anonymous volumes for containers that were removed
6713
- Fixed a bug where the podman checkpoint command would not
6714
export all changes to the root filesystem of the container if
6715
performed more than once on the same container (#4606)
6716
- Fixed a bug where containers started with --rm would not be
6717
automatically removed on being stopped if an exec session was
6718
running inside the container (#4666)
6719
* Misc
6720
- The fixes to runtime directory path as root can cause strange
6721
behavior if an upgrade is performed while containers are
6722
running
6723
- Updated vendored Buildah to v1.12.0
6724
- Updated vendored containers/storage library to v1.15.4
6725
- Updated vendored containers/image library to v5.1.0
6726
- Kata Containers runtimes (kata-runtime, kata-qemu, and
6727
kata-fc) are now present in the default libpod.conf, but will
6728
not be available unless Kata containers is installed on the
6729
system
6730
- Podman previously did not allow the creation of containers
6731
with a memory limit lower than 4MB. This restriction has been
6732
removed, as the crun runtime can create containers with
6733
significantly less memory
6734
- Remove no longer needed workaround for *.5.md man page sources
6735
6736
-------------------------------------------------------------------
6737
Thu Dec 12 14:30:34 UTC 2019 - Richard Brown <rbrown@suse.com>
6738
6739
- Update podman to v1.6.4
6740
- Remove winsz FIFO on container restart to allow use with Conmon 2.03 and higher
6741
- Ensure volumes reacquire locks on system restart, preventing deadlocks when starting containers
6742
- Suppress spurious log messages when running rootless Podman
6743
- Update vendored containers/storage to v1.13.6
6744
- Fix a deadlock related to writing events
6745
- Do not use the journald event logger when it is not available
6746
- Remove obsolete patch container-start-fix.patch
6747
6748
-------------------------------------------------------------------
6749
Thu Oct 31 13:05:29 UTC 2019 - Richard Brown <rbrown@suse.com>
6750
6751
- Add container-start-fix.patch to correct output of container-start to show container_name, not _id.
6752
6753
-------------------------------------------------------------------
6754
Mon Oct 21 07:21:29 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
6755
6756
- Update podman to v1.6.2
6757
* Features
6758
- Added a --runtime flag to podman system migrate to allow the
6759
OCI runtime for all containers to be reset, to ease transition
6760
to the crun runtime on CGroups V2 systems until runc gains full
6761
support
6762
- The podman rm command can now remove containers in broken
6763
states which previously could not be removed
6764
- The podman info command, when run without root, now shows
6765
information on UID and GID mappings in the rootless user
6766
namespace
6767
- Added podman build --squash-all flag, which squashes all layers
6768
(including those of the base image) into one layer
6769
- The --systemd flag to podman run and podman create now accepts
6770
a string argument and allows a new value, always, which forces
6771
systemd support without checking if the the container
6772
entrypoint is systemd
6773
* Bugfixes
6774
- Fixed a bug where the podman top command did not work on
6775
systems using CGroups V2 (#4192)
6776
- Fixed a bug where rootless Podman could double-close a file,
6777
leading to a panic
6778
- Fixed a bug where rootless Podman could fail to retrieve some
6779
containers while refreshing the state
6780
- Fixed a bug where podman start --attach --sig-proxy=false would
6781
still proxy signals into the container
6782
- Fixed a bug where Podman would unconditionally use a
6783
non-default path for authentication credentials (auth.json),
6784
breaking podman login integration with skopeo and other tools
6785
using the containers/image library
6786
- Fixed a bug where podman ps --format=json and podman images
6787
--format=json would display null when no results were returned,
6788
instead of valid JSON
6789
- Fixed a bug where podman build --squash was incorrectly
6790
squashing all layers into one, instead of only new layers
6791
- Fixed a bug where rootless Podman would allow volumes with
6792
options to be mounted (mounting volumes requires root),
6793
creating an inconsistent state where volumes reported as
6794
mounted but were not (#4248)
6795
- Fixed a bug where volumes which failed to unmount could not be
6796
removed (#4247)
6797
- Fixed a bug where Podman incorrectly handled some errors
6798
relating to unmounted or missing containers in
6799
containers/storage
6800
- Fixed a bug where podman stats was broken on systems running
6801
CGroups V2 when run rootless (#4268)
6802
- Fixed a bug where the podman start command would print the
6803
short container ID, instead of the full ID
6804
- Fixed a bug where containers created with an OCI runtime that
6805
is no longer available (uninstalled or removed from the config
6806
file) would not appear in podman ps and could not be removed
6807
via podman rm
6808
- Fixed a bug where containers restored via podman container
6809
restore --import would retain the CGroup path of the original
6810
container, even if their container ID changed; thus, multiple
6811
containers created from the same checkpoint would all share the
6812
same CGroup
6813
* Misc
6814
- The default PID limit for containers is now set to 4096. It can
6815
be adjusted back to the old default (unlimited) by passing
6816
--pids-limit 0 to podman create and podman run
6817
- The podman start --attach command now automatically attaches
6818
STDIN if the container was created with -i
6819
- The podman network create command now validates network names
6820
using the same regular expression as container and pod names
6821
- The --systemd flag to podman run and podman create will now
6822
only enable systemd mode when the binary being run inside the
6823
container is /sbin/init, /usr/sbin/init, or ends in systemd
6824
(previously detected any path ending in init or systemd)
6825
- Updated vendored Buildah to 1.11.3
6826
- Updated vendored containers/storage to 1.13.5
6827
- Updated vendored containers/image to 4.0.1
6828
6829
-------------------------------------------------------------------
6830
Fri Oct 4 06:57:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
6831
6832
- Update podman to v1.6.1
6833
* Features
6834
- The podman network create, podman network rm, podman network
6835
inspect, and podman network ls commands have been added to
6836
manage CNI networks used by Podman
6837
- The podman volume create command can now create and mount
6838
volumes with options, allowing volumes backed by NFS, tmpfs,
6839
and many other filesystems
6840
- Podman can now run containers without CGroups for better
6841
integration with systemd by using the --cgroups=disabled flag
6842
with podman create and podman run. This is presently only
6843
supported with the crun OCI runtime
6844
- The podman volume rm and podman volume inspect commands can now
6845
refer to volumes by an unambiguous partial name, in addition to
6846
full name (e.g. podman volume rm myvol to remove a volume named
6847
myvolume) (#3891)
6848
- The podman run and podman create commands now support the
6849
--pull flag to allow forced re-pulling of images (#3734)
6850
- Mounting volumes into a container using --volume, --mount, and
6851
--tmpfs now allows the suid, dev, and exec mount options (the
6852
inverse of nosuid, nodev, noexec) (#3819)
6853
- Mounting volumes into a container using --mount now allows the
6854
relabel=Z and relabel=z options to relabel mounts.
6855
- The podman push command now supports the --digestfile option to
6856
save a file containing the pushed digest
6857
- Pods can now have their hostname set via podman pod create
6858
--hostname or providing Pod YAML with a hostname set to podman
6859
play kube (#3732)
6860
- The podman image sign command now supports the --cert-dir flag
6861
- The podman run and podman create commands now support the
6862
--security-opt label=filetype:$LABEL flag to set the SELinux
6863
label for container files
6864
- The remote Podman client now supports healthchecks
6865
* Bugfixes
6866
- Fixed a bug where remote podman pull would panic if a Varlink
6867
connection was not available (#4013)
6868
- Fixed a bug where podman exec would not properly set terminal
6869
size when creating a new exec session (#3903)
6870
- Fixed a bug where podman exec would not clean up socket
6871
symlinks on the host (#3962)
6872
- Fixed a bug where Podman could not run systemd in containers
6873
that created a CGroup namespace
6874
- Fixed a bug where podman prune -a would attempt to prune images
6875
used by Buildah and CRI-O, causing errors (#3983)
6876
- Fixed a bug where improper permissions on the ~/.config
6877
directory could cause rootless Podman to use an incorrect
6878
directory for storing some files
6879
- Fixed a bug where the bash completions for podman import threw
6880
errors
6881
- Fixed a bug where Podman volumes created with podman volume
6882
create would not copy the contents of their mountpoint the
6883
first time they were mounted into a container (#3945)
6884
- Fixed a bug where rootless Podman could not run podman exec
6885
when the container was not run inside a CGroup owned by the
6886
user (#3937)
6887
- Fixed a bug where podman play kube would panic when given Pod
6888
YAML without a securityContext (#3956)
6889
- Fixed a bug where Podman would place files incorrectly when
6890
storage.conf configuration items were set to the empty string
6891
(#3952)
6892
- Fixed a bug where podman build did not correctly inherit
6893
Podman's CGroup configuration, causing crashed on CGroups V2
6894
systems (#3938)
6895
- Fixed a bug where podman cp would improperly copy files on the
6896
host when copying a symlink in the container that included a
6897
glob operator (#3829)
6898
- Fixed a bug where remote podman run --rm would exit before the
6899
container was completely removed, allowing race conditions when
6900
removing container resources (#3870)
6901
- Fixed a bug where rootless Podman would not properly handle
6902
changes to /etc/subuid and /etc/subgid after a container was
6903
launched
6904
- Fixed a bug where rootless Podman could not include some
6905
devices in a container using the --device flag (#3905)
6906
- Fixed a bug where the commit Varlink API would segfault if
6907
provided incorrect arguments (#3897)
6908
- Fixed a bug where temporary files were not properly cleaned up
6909
after a build using remote Podman (#3869)
6910
- Fixed a bug where podman remote cp crashed instead of reporting
6911
it was not yet supported (#3861)
6912
- Fixed a bug where podman exec would run as the wrong user when
6913
execing into a container was started from an image with
6914
Dockerfile USER (or a user specified via podman run --user)
6915
(#3838)
6916
- Fixed a bug where images pulled using the oci: transport would
6917
be improperly named
6918
- Fixed a bug where podman varlink would hang when managed by
6919
systemd due to SD_NOTIFY support conflicting with Varlink
6920
(#3572)
6921
- Fixed a bug where mounts to the same destination would
6922
sometimes not trigger a conflict, causing a race as to which
6923
was actually mounted
6924
- Fixed a bug where podman exec --preserve-fds caused Podman to
6925
hang (#4020)
6926
- Fixed a bug where removing an unmounted container that was
6927
unmounted might sometimes not properly clean up the container
6928
(#4033)
6929
- Fixed a bug where the Varlink server would freeze when run in a
6930
systemd unit file (#4005)
6931
- Fixed a bug where Podman would not properly set the $HOME
6932
environment variable when the OCI runtime did not set it
6933
- Fixed a bug where rootless Podman would incorrectly print
6934
warning messages when an OCI runtime was not found (#4012)
6935
- Fixed a bug where named volumes would conflict with, instead of
6936
overriding, tmpfs filesystems added by the --read-only-tmpfs
6937
flag to podman create and podman run
6938
- Fixed a bug where podman cp would incorrectly make the target
6939
directory when copying to a symlink which pointed to a
6940
nonexistent directory (#3894)
6941
- Fixed a bug where remote Podman would incorrectly read STDIN
6942
when the -i flag was not set (#4095)
6943
- Fixed a bug where podman play kube would create an empty pod
6944
when given an unsupported YAML type (#4093)
6945
- Fixed a bug where podman import --change improperly parsed CMD
6946
(#4000)
6947
- Fixed a bug where rootless Podman on systems using CGroups V2
6948
would not function with the cgroupfs CGroups manager
6949
- Fixed a bug where rootless Podman could not correctly identify
6950
the DBus session address, causing containers to fail to start
6951
(#4162)
6952
- Fixed a bug where rootless Podman with slirp4netns networking
6953
would fail to start containers due to mount leaks
6954
* Misc
6955
- Significant changes were made to Podman volumes in this
6956
release. If you have pre-existing volumes, it is strongly
6957
recommended to run podman system renumber after upgrading.
6958
- Version 0.8.1 or greater of the CNI Plugins is now required for
6959
Podman
6960
- Version 2.0.1 or greater of Conmon is strongly recommended
6961
- Updated vendored Buildah to v1.11.2
6962
- Updated vendored containers/storage library to v1.13.4
6963
- Improved error messages when trying to create a pod with no
6964
name via podman play kube
6965
- Improved error messages when trying to run podman pause or
6966
podman stats on a rootless container on a system without
6967
CGroups V2 enabled
6968
- TMPDIR has been set to /var/tmp by default to better handle
6969
large temporary files
6970
- podman wait has been optimized to detect stopped containers
6971
more rapidly
6972
- Podman containers now include a ContainerManager annotation
6973
indicating they were created by libpod
6974
- The podman info command now includes information about
6975
slirp4netns and fuse-overlayfs if they are available
6976
- Podman no longer sets a default size of 65kb for tmpfs
6977
filesystems
6978
- The default Podman CNI network has been renamed in an attempt
6979
to prevent conflicts with CRI-O when both are run on the same
6980
system. This should only take effect on system restart
6981
- The output of podman volume inspect has been more closely
6982
matched to docker volume inspect
6983
- Removed CVE-2019-10214.patch as it was merged upstream
6984
6985
-------------------------------------------------------------------
6986
Thu Sep 5 15:26:01 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
6987
6988
- Add katacontainers as a recommended package, and include it as an
6989
additional OCI runtime in the configuration.
6990
6991
-------------------------------------------------------------------
6992
Mon Sep 2 12:02:44 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
6993
6994
- Add patch for CVE-2019-10214. bsc#1144065
6995
+ CVE-2019-10214.patch
6996
6997
-------------------------------------------------------------------
6998
Tue Aug 27 08:04:20 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
6999
7000
- Update podman to v1.5.1
7001
* Features
7002
- The hostname of pods is now set to the pod's name
7003
* Bugfixes
7004
- Fixed a bug where podman run and podman create did not honor the --authfile
7005
option (#3730)
7006
- Fixed a bug where containers restored with podman container restore
7007
--import would incorrectly duplicate the Conmon PID file of the original container
7008
- Fixed a bug where podman build ignored the default OCI runtime configured
7009
in libpod.conf
7010
- Fixed a bug where podman run --rm (or force-removing any running container
7011
with podman rm --force) were not retrieving the correct exit code (#3795)
7012
- Fixed a bug where Podman would exit with an error if any configured hooks
7013
directory was not present
7014
- Fixed a bug where podman inspect and podman commit would not use the
7015
correct CMD for containers run with podman play kube
7016
- Fixed a bug created pods when using rootless Podman and CGroups V2 (#3801)
7017
- Fixed a bug where the podman events command with the --since or --until
7018
options could take a very long time to complete
7019
* Misc
7020
- Rootless Podman will now inherit OCI runtime configuration from the root
7021
configuration (#3781)
7022
- Podman now properly sets a user agent while contacting registries (#3788)
7023
7024
- Add zsh completion for podman commands
7025
7026
-------------------------------------------------------------------
7027
Wed Aug 14 08:26:22 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7028
7029
- Update podman to v1.5.0
7030
* Features
7031
- Podman containers can now join the user namespaces of other
7032
containers with --userns=container:$ID, or a user namespace at
7033
an arbitary path with --userns=ns:$PATH
7034
- Rootless Podman can experimentally squash all UIDs and GIDs in
7035
an image to a single UID and GID (which does not require use of
7036
the newuidmap and newgidmap executables) by passing
7037
--storage-opt ignore_chown_errors
7038
- The podman generate kube command now produces YAML for any bind
7039
mounts the container has created (#2303)
7040
- The podman container restore command now features a new flag,
7041
--ignore-static-ip, that can be used with --import to import a
7042
single container with a static IP multiple times on the same
7043
host
7044
- Added the ability for podman events to output JSON by
7045
specifying --format=json
7046
- If the OCI runtime or conmon binary cannot be found at the
7047
paths specified in libpod.conf, Podman will now also search for
7048
them in the calling user's path
7049
- Added the ability to use podman import with URLs (#3609)
7050
- The podman ps command now supports filtering names using
7051
regular expressions (#3394)
7052
- Rootless Podman containers with --privileged set will now mount
7053
in all host devices that the user can access
7054
- The podman create and podman run commands now support the
7055
--env-host flag to forward all environment variables from the
7056
host into the container
7057
- Rootless Podman now supports healthchecks (#3523)
7058
- The format of the HostConfig portion of the output of podman
7059
inspect on containers has been improved and synced with Docker
7060
- Podman containers now support CGroup namespaces, and can create
7061
them by passing --cgroupns=private to podman run or podman
7062
create
7063
- The podman create and podman run commands now support the
7064
--ulimit=host flag, which uses any ulimits currently set on the
7065
host for the container
7066
- The podman rm and podman rmi commands now use different exit
7067
codes to indicate 'no such container' and 'container is
7068
running' errors
7069
- Support for CGroups V2 through the crun OCI runtime has been
7070
greatly improved, allowing resource limits to be set for
7071
rootless containers when the CGroups V2 hierarchy is in use
7072
* Bugfixes
7073
- Fixed a bug where a race condition could cause podman restart
7074
to fail to start containers with ports
7075
- Fixed a bug where containers restored from a checkpoint would
7076
not properly report the time they were started at
7077
- Fixed a bug where podman search would return at most 25
7078
results, even when the maximum number of results was set higher
7079
- Fixed a bug where podman play kube would not honor capabilities
7080
set in imported YAML (#3689)
7081
- Fixed a bug where podman run --env, when passed a single key
7082
(to use the value from the host), would set the environment
7083
variable in the container even if it was not set on the host
7084
(#3648)
7085
- Fixed a bug where podman commit --changes would not properly
7086
set environment variables
7087
- Fixed a bug where Podman could segfault while working with
7088
images with no history
7089
- Fixed a bug where podman volume rm could remove arbitrary
7090
volumes if given an ambiguous name (#3635)
7091
- Fixed a bug where podman exec invocations leaked memory by not
7092
cleaning up files in tmpfs
7093
- Fixed a bug where the --dns and --net=container flags to podman
7094
run and podman create were not mutually exclusive (#3553)
7095
- Fixed a bug where rootless Podman would be unable to run
7096
containers when less than 5 UIDs were available
7097
- Fixed a bug where containers in pods could not be removed
7098
without removing the entire pod (#3556)
7099
- Fixed a bug where Podman would not properly clean up all CGroup
7100
controllers for created cgroups when using the cgroupfs CGroup
7101
driver
7102
- Fixed a bug where Podman containers did not properly clean up
7103
files in tmpfs, resulting in a memory leak as containers
7104
stopped
7105
- Fixed a bug where healthchecks from images would not use
7106
default settings for interval, retries, timeout, and start
7107
period when they were not provided by the image (#3525)
7108
- Fixed a bug where healthchecks using the HEALTHCHECK CMD format
7109
where not properly supported (#3507)
7110
- Fixed a bug where volume mounts using relative source paths
7111
would not be properly resolved (#3504)
7112
- Fixed a bug where podman run did not use authorization
7113
credentials when a custom path was specified (#3524)
7114
- Fixed a bug where containers checkpointed with podman container
7115
checkpoint did not properly set their finished time
7116
- Fixed a bug where running podman inspect on any container not
7117
created with podman run or podman create (for example, pod
7118
infra containers) would result in a segfault (#3500)
7119
- Fixed a bug where healthcheck flags for podman create and
7120
podman run were incorrectly named (#3455)
7121
- Fixed a bug where Podman commands would fail to find targets if
7122
a partial ID was specified that was ambiguous between a
7123
container and pod (#3487)
7124
- Fixed a bug where restored containers would not have the
7125
correct SELinux label
7126
- Fixed a bug where Varlink endpoints were not working properly
7127
if more was not correctly specified
7128
- Fixed a bug where the Varlink PullImage endpoint would crash if
7129
an error occurred (#3715)
7130
- Fixed a bug where the --mount flag to podman create and podman
7131
run did not allow boolean arguments for its ro and rw options
7132
(#2980)
7133
- Fixed a bug where pods did not properly share the UTS
7134
namespace, resulting in incorrect behavior from some utilities
7135
which rely on hostname (#3547)
7136
- Fixed a bug where Podman would unconditionally append
7137
ENTRYPOINT to CMD during podman commit (and when reporting CMD
7138
in podman inspect) (#3708)
7139
- Fixed a bug where podman events with the journald events
7140
backend would incorrectly print 6 previous events when only new
7141
events were requested (#3616)
7142
- Fixed a bug where podman port would exit prematurely when a
7143
port number was specified (#3747)
7144
- Fixed a bug where passing . as an argument to the --dns-search
7145
flag to podman create and podman run was not properly clearing
7146
DNS search domains in the container
7147
* Misc
7148
- Updated vendored Buildah to v1.10.1
7149
- Updated vendored containers/image to v3.0.2
7150
- Updated vendored containers/storage to v1.13.1
7151
- Podman now requires conmon v2.0.0 or higher
7152
- The podman info command now displays the events logger being in
7153
use
7154
- The podman inspect command on containers now includes the ID of
7155
the pod a container has joined and the PID of the container's
7156
conmon process
7157
- The -v short flag for podman --version has been re-added
7158
- Error messages from podman pull should be significantly clearer
7159
- The podman exec command is now available in the remote client
7160
- The podman-v1.5.0.tar.gz file attached is podman packaged for
7161
MacOS. It can be installed using Homebrew.
7162
- Use new conmon package as direct dependency
7163
- Remove internal conmon package
7164
- Update libpod.conf to support latest path discovery feature for
7165
`runc` and `conmon` binaries.
7166
- Re-enable 32bit build
7167
7168
--------------------------------------------------------------------
7169
Tue Jul 30 07:46:16 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7170
7171
- Remove fuse-overlayfs because it's (currently) an unsatisfied dependency on
7172
SLE (bsc#1143386)
7173
7174
-------------------------------------------------------------------
7175
Thu Jul 25 09:20:47 UTC 2019 - Richard Brown <rbrown@suse.com>
7176
7177
- Update libpod.conf to use correct infra_command
7178
7179
-------------------------------------------------------------------
7180
Thu Jul 18 10:12:43 UTC 2019 - Richard Brown <rbrown@suse.com>
7181
7182
- Update libpod.conf to use better versioned pause container
7183
7184
-------------------------------------------------------------------
7185
Wed Jul 17 14:53:38 UTC 2019 - Richard Brown <rbrown@suse.com>
7186
7187
- Update libpod.conf to use official kubic pause container
7188
7189
-------------------------------------------------------------------
7190
Wed Jul 10 13:55:09 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
7191
7192
- Update libpod.conf to match latest features set:
7193
detach_keys, lock_type, runtime_supports_json
7194
7195
-------------------------------------------------------------------
7196
Mon Jul 8 10:46:43 UTC 2019 - Marco Vedovati <mvedovati@suse.com>
7197
7198
- Add podman-remote varlink client
7199
- Update podman to v1.4.4
7200
* Features
7201
- Podman now has greatly improved support for containers using multiple OCI
7202
runtimes. Containers now remember if they were created with a different
7203
runtime using --runtime and will always use that runtime
7204
- The cached and delegated options for volume mounts are now allowed for
7205
Docker compatability (#3340)
7206
- The podman diff command now supports the --latest flag
7207
* Bugfixes
7208
- Fixed a bug where rootless Podman would attempt to use the entire root
7209
configuration if no rootless configuration was present for the user,
7210
breaking rootless Podman for new installations
7211
- Fixed a bug where rootless Podman's pause process would block SIGTERM,
7212
preventing graceful system shutdown and hanging until the system's init
7213
send SIGKILL
7214
- Fixed a bug where running Podman as root with sudo -E would not work after
7215
running rootless Podman at least once
7216
- Fixed a bug where options for tmpfs volumes added with the --tmpfs flag
7217
were being ignored
7218
- Fixed a bug where images with no layers could not properly be displayed
7219
and removed by Podman
7220
- Fixed a bug where locks were not properly freed on failure to create a
7221
container or pod
7222
- Fixed a bug where podman cp on a single file would create a directory at
7223
the target and place the file in it (#3384)
7224
- Fixed a bug where podman inspect --format '{{.Mounts}}' would print a
7225
hexadecimal address instead of a container's mounts
7226
- Fixed a bug where rootless Podman would not add an entry to container's
7227
/etc/hosts files for their own hostname (#3405)
7228
- Fixed a bug where podman ps --sync would segfault (#3411)
7229
- Fixed a bug where podman generate kube would produce an invalid ports
7230
configuration (#3408)
7231
* Misc
7232
- Updated containers/storage to v1.12.13
7233
- Podman now performs much better on systems with heavy I/O load
7234
- The --cgroup-manager flag to podman now shows the correct default setting
7235
in help if the default was overridden by libpod.conf
7236
- For backwards compatability, setting --log-driver=json-file in podman run
7237
is now supported as an alias for --log-driver=k8s-file. This is considered
7238
deprecated, and json-file will be moved to a new implementation in the
7239
future ([#3363](https://github.com/containers/libpo\
7240
d/issues/3363))
7241
- Podman's default libpod.conf file now allows the crun OCI runtime to be
7242
used if it is installed
7243
7244
-------------------------------------------------------------------
7245
Wed Jun 26 11:24:32 UTC 2019 - Robert Frohl <rfrohl@suse.com>
7246
7247
- Update podman to v1.4.2
7248
- Fixed a bug where Podman could not run containers using an older version of
7249
Systemd as init
7250
- Updated vendored Buildah to v1.9.0 to resolve a critical bug with
7251
Dockerfile RUN instructions
7252
- The error message for running podman kill on containers that are not
7253
running has been improved
7254
- Podman remote client can now log to a file if syslog is not available
7255
- The podman exec command now sets its error code differently based on
7256
whether the container does not exist, and the command in the container does
7257
not exist
7258
- The podman inspect command on containers now outputs Mounts JSON that matches
7259
that of docker inspect, only including user-specified volumes and
7260
differentiating bind mounts and named volumes
7261
- The podman inspect command now reports the path to a container's OCI spec
7262
with the OCIConfigPath key (only included when the container is initialized
7263
or running)
7264
- The podman run --mount command now supports the bind-nonrecursive option for
7265
bind mounts
7266
- Fixed a bug where podman play kube would fail to create containers due to an
7267
unspecified log driver
7268
- Fixed a bug where Podman would fail to build with musl libc
7269
- Fixed a bug where rootless Podman using slirp4netns networking in an
7270
environment with no nameservers on the host other than localhost would
7271
result in nonfunctional networking
7272
- Fixed a bug where podman import would not properly set environment
7273
variables, discarding their values and retaining only keys
7274
- Fixed a bug where Podman would fail to run when built with Apparmor support
7275
but run on systems without the Apparmor kernel module loaded
7276
- Remote Podman will now default the username it uses to log in to remote
7277
systems to the username of the current user
7278
- Podman now uses JSON logging with OCI runtimes that support it, allowing for
7279
better error reporting
7280
- Updated vendored containers/image to v2.0
7281
- Update conmon to v0.3.0
7282
- Support OOM Monitor under cgroup V2
7283
- Add config binary and make target for configuring conmon with a go library
7284
for importing values
7285
7286
-------------------------------------------------------------------
7287
Mon Jun 24 09:36:12 UTC 2019 - Robert Frohl <rfrohl@suse.com>
7288
7289
- update dependency for slirp4netns to 0.3.0 or newer
7290
7291
-------------------------------------------------------------------
7292
Tue Jun 11 06:43:28 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7293
7294
- Update podman to v1.4.0:
7295
- The podman checkpoint and podman restore commands can now be
7296
used to migrate containers between Podman installations on
7297
different systems
7298
- The podman cp command now supports a pause flag to pause
7299
containers while copying into them
7300
- The remote client now supports a configuration file for
7301
pre-configuring connections to remote Podman installations
7302
- Fixed CVE-2019-10152 - The podman cp command improperly
7303
dereferenced symlinks in host context
7304
- Fixed a bug where podman commit could improperly set
7305
environment variables that contained = characters
7306
- Fixed a bug where rootless Podman would sometimes fail to start
7307
containers with forwarded ports
7308
- Fixed a bug where podman version on the remote client could
7309
segfault
7310
- Fixed a bug where podman container runlabel would use
7311
/proc/self/exe instead of the path of the Podman command when
7312
printing the command being executed
7313
- Fixed a bug where filtering images by label did not work
7314
- Fixed a bug where specifying a bing mount or tmpfs mount over
7315
an image volume would cause a container to be unable to start
7316
- Fixed a bug where podman generate kube did not work with
7317
containers with named volumes
7318
- Fixed a bug where rootless Podman would receive permission
7319
denied errors accessing conmon.pid
7320
- Fixed a bug where podman cp with a folder specified as target
7321
would replace the folder, as opposed to copying into it
7322
- Fixed a bug where rootless Podman commands could double-unlock
7323
a lock, causing a crash
7324
- Fixed a bug where Podman incorrectly set tmpcopyup on /dev/
7325
mounts, causing errors when using the Kata containers runtime
7326
- Fixed a bug where podman exec would fail on older kernels
7327
- The podman commit command is now usable with the Podman remote
7328
client
7329
- The --signature-policy flag (used with several image-related
7330
commands) has been deprecated
7331
- The podman unshare command now defines two environment
7332
variables in the spawned shell: CONTAINERS_RUNROOT and
7333
CONTAINERS_GRAPHROOT, pointing to temporary and permanent
7334
storage for rootless containers
7335
- Updated vendored containers/storage and containers/image
7336
libraries with numerous bugfixes
7337
- Updated vendored Buildah to v1.8.3
7338
- Podman now requires Conmon v0.2.0
7339
- The podman cp command is now aliased as podman container cp
7340
- Rootless Podman will now default init_path using root Podman's
7341
configuration files (/etc/containers/libpod.conf and
7342
/usr/share/containers/libpod.conf) if not overridden in the
7343
rootless configuration
7344
7345
-------------------------------------------------------------------
7346
Fri Jun 7 11:48:27 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7347
7348
- Add fuse-overlayfs dependency to support overlay based rootless image
7349
manipulations
7350
7351
-------------------------------------------------------------------
7352
Wed May 29 14:16:08 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7353
7354
- Update podman to v1.3.2:
7355
- Fixed a bug where podman would fail to run if a volume was
7356
mounted over an image volume
7357
7358
-------------------------------------------------------------------
7359
Wed May 22 07:04:24 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7360
7361
- Update podman to v1.3.1:
7362
- The podman cp command can now read input redirected to STDIN, and output to
7363
STDOUT instead of a file, using - instead of an argument.
7364
- The Podman remote client now displays version information from both the
7365
client and server in podman version
7366
- The podman unshare command has been added, allowing easy entry into the
7367
user namespace set up by rootless Podman (allowing the removal of files
7368
created by rootless Podman, among other things)
7369
- Fixed a bug where Podman containers with the --rm flag were removing
7370
created volumes when they were automatically removed
7371
- Fixed a bug where container and pod locks were incorrectly marked as
7372
released after a system reboot, causing errors on container and pod removal
7373
- Fixed a bug where Podman pods could not be removed if any container in the
7374
pod encountered an error during removal
7375
- Fixed a bug where Podman pods run with the cgroupfs CGroup driver would
7376
encounter a race condition during removal, potentially failing to remove
7377
the pod CGroup
7378
- Fixed a bug where the podman container checkpoint and podman container
7379
restore commands were not visible in the remote client
7380
- Fixed a bug where podman remote ps --ns would not print the container's
7381
namespaces
7382
- Fixed a bug where removing stopped containers with healthchecks could cause
7383
an error
7384
- Fixed a bug where the default libpod.conf file was causing parsing errors
7385
- Fixed a bug where pod locks were not being freed when pods were removed,
7386
potentially leading to lock exhaustion
7387
- Fixed a bug where 'podman run' with SD_NOTIFY set could, on short-running
7388
containers, create an inconsistent state rendering the container unusable
7389
- The remote Podman client now uses the Varlink bridge to establish remote
7390
connections by default
7391
- Update conmon to 0.2.0 and switched to containers/conmon upstream project
7392
7393
-------------------------------------------------------------------
7394
Fri May 17 12:08:37 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7395
7396
- Update `systemd-devel` to actually be `pkgconfig(libsystemd)` to allow OBS to
7397
shortcut through systemd-mini-devel
7398
7399
-------------------------------------------------------------------
7400
Thu May 16 15:04:52 UTC 2019 - Sascha Grunert <sgrunert@suse.com>
7401
7402
- Update podman to v1.3.0
7403
* Podman now supports container restart policies! The --restart-policy flag
7404
on podman create and podman run allows containers to be restarted after
7405
they exit. Please note that Podman cannot restart containers after a system
7406
reboot - for that, see our next feature
7407
* Podman podman generate systemd command was added to generate systemd unit
7408
files for managing Podman containers
7409
* The podman runlabel command now allows a $GLOBAL_OPTS variable, which will
7410
be populated by global options passed to the podman runlabel command,
7411
allowing custom storage configurations to be passed into containers run
7412
with runlabel
7413
* The podman play kube command now allows File and FileOrCreate volumes
7414
* The podman pod prune command was added to prune unused pods
7415
* Added the podman system migrate command to migrate containers using older
7416
configurations to allow their use by newer Libpod versions
7417
* Podman containers now forward proxy-related environment variables from the
7418
host into the container with the --http-proxy flag (enabled by default)
7419
* Read-only Podman containers can now create tmpfs filesystems on /tmp,
7420
/var/tmp, and /run with the --read-only-tmpfs flag (enabled by default)
7421
* The podman init command was added, performing all container pre-start tasks
7422
without starting the container to allow pre-run debugging
7423
- Update conmon to cri-o v1.14.1
7424
- Update libpod.conf to match latest feature set
7425
7426
-------------------------------------------------------------------
7427
Mon Apr 1 14:05:35 UTC 2019 - Richard Brown <rbrown@suse.com>
7428
7429
- Update to podman 1.2.0
7430
* Podman now supports image healthchecks! The podman healthcheck run command was added to manually run healthchecks, and the status of a running healthcheck can be viewed via podman inspect
7431
* The podman events command was added to show a stream of significant events
7432
* The podman ps command now supports a --watch flag that will refresh its output on a given interval
7433
* The podman image tree command was added to show a tree representation of an image's layers
7434
* The podman logs command can now display logs for multiple containers at the same time
7435
* The podman exec command can now pass file descriptors to the process being executed in the container via the --preserve-fds option
7436
* The podman images command can now filter images by reference
7437
* The podman system df command was added to show disk usage by Podman
7438
* The --add-host option can now be used by containers sharing a network namespace
7439
* The podman cp command now has an --extract option to extract the contents of a Tar archive and copy them into the container, instead of copying the archive itself
7440
* Podman now allows manually specifying the path of the slirp4netns binary for rootless networking via the --network-cmd-path flag
7441
* Rootless Podman can now be used with a single UID and GID, without requiring a full 65536 UIDs/GIDs to be allocated in /etc/subuid and /etc/subgid
7442
* The podman runlabel command now supports the --replace option to replace containers using the name requested
7443
* Infrastructure containers for Podman pods will now attempt to use the image's CMD and ENTRYPOINT instead of a fixed command
7444
* The podman play kube command now supports the HostPath and VolumeMounts YAML fields
7445
* Added support to disable creation of resolv.conf or /etc/hosts in containers by specifying --dns=none and --no-hosts, respectively, to podman run and podman create
7446
* The podman version command now supports the {{ json . }} template (which outputs JSON)
7447
* Podman can now forward ports using the SCTP protocol
7448
- Update conmon to cri-o 1.14.0
7449
- Stop building for i586 (not supported by upstream, does not build)
7450
7451
-------------------------------------------------------------------
7452
Fri Mar 22 21:02:05 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
7453
7454
- Change default libpod.conf configuration file: use the runtimes
7455
section to allow users to specify different OCI runtimes. This
7456
allows user to choose which runtime to use on a per container
7457
basis.
7458
7459
-------------------------------------------------------------------
7460
Tue Mar 19 13:15:38 UTC 2019 - Guillaume GARDET <guillaume.gardet@opensuse.org>
7461
7462
- Add 'apparmor-parser' to list of requires (boo#1123387)
7463
7464
-------------------------------------------------------------------
7465
Sat Mar 16 08:33:38 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
7466
7467
- Scriptlets contain sh-compatible code, so drop -p /bin/bash.
7468
7469
-------------------------------------------------------------------
7470
Fri Mar 8 09:47:25 UTC 2019 - Richard Brown <rbrown@suse.com>
7471
7472
- podman-cni-config: remove artificial conflicts with kubelet
7473
7474
-------------------------------------------------------------------
7475
Thu Mar 7 15:22:22 UTC 2019 - Richard Brown <rbrown@suse.com>
7476
7477
- Disable build with PIE on ppc64le to avoid boo#1098017
7478
7479
-------------------------------------------------------------------
7480
Wed Mar 6 14:07:01 UTC 2019 - Richard Brown <rbrown@suse.com>
7481
7482
- Update to v1.1.2
7483
* Fixed a bug where the podman image list, podman image rm, and podman container list had broken global storage options
7484
* Fixed a bug where the --label option to podman create and podman run was missing the -l alias
7485
* Fixed a bug where running Podman with the --config flag would not set an appropriate default value for tmp_dir
7486
* Fixed a bug where the podman logs command with the --timestamps flag produced unreadable output
7487
* Fixed a bug where the podman cp command would automatically extract .tar files copied into the container
7488
* The podman container stop command is now usable with the Podman remote client
7489
7490
-------------------------------------------------------------------
7491
Mon Mar 4 11:27:03 UTC 2019 - Flavio Castelli <fcastelli@suse.com>
7492
7493
- Update to v1.1.1
7494
* Update release notes for v1.1.1
7495
* Pull image for runlabel if not local
7496
* Fix SystemExec completion race
7497
* Fix link inconsistencies in man pages
7498
* Verify that used OCI runtime supports checkpoint
7499
* Should be defaulting to pull not pull-always
7500
* podman-commands script: refactor
7501
* Move Alias lines to descriptions of commands
7502
* Fix usage messages for podman image list, rm
7503
* Fix -s to --storage-driver in baseline test
7504
* No podman container ps command exists
7505
* Allow Exec API user to override streams
7506
* fix up a number of misplace commands
7507
* rootless, new[ug]idmap: on failure add output
7508
* [ci skip] Critical note about merge bot
7509
* podman port fix output
7510
* Fix ignored --time argument to podman restart
7511
* secrets: fix fips-mode with user namespaces
7512
* Fix four errors tagged by Cobra macro debugging
7513
* Clean up man pages to match commands
7514
* Add debugging for errors to Cobra compatibility macros
7515
* Command-line input validation: reject unused args
7516
* Fix ignored --stop-timeout flag to 'podman create'
7517
* fixup! Incorporate review feedback
7518
* fixup! missed some more:
7519
* fixup! Correction to 'checkpoint'
7520
* Followup to #2456: update examples, add trust
7521
* podman create: disable interspersed opts
7522
* fix up a number of misplace commands
7523
* Add a task to Cirrus gating to build w/o Varlink
7524
* Skip checkpoint/restore tests on Fedora for now
7525
* Fix build for non-Varlink-tagged Podman
7526
* Remove restore as podman subcommand
7527
* Better usage synopses for subcommands
7528
* Bump gitvalidation epoch
7529
* Bump to v1.2.0-dev
7530
* Centralize setting default volume path
7531
* Ensure volume path is set appropriately by default
7532
* Move all storage configuration defaults into libpod
7533
* rename pod when we have a name collision with a container
7534
* podman remote-client readme
7535
- Update package to ship varlink required files
7536
7537
-------------------------------------------------------------------
7538
Wed Feb 27 09:01:41 UTC 2019 - Richard Brown <rbrown@suse.com>
7539
7540
- Update to v1.1.0
7541
* Added --latest and --all flags to podman mount and podman umount
7542
* Rootless Podman can now forward ports into containers (using the same -p and -P flags as root Podman)
7543
* Rootless Podman will now pull some configuration options (for example, OCI runtime path) from the default root libpod.conf if they are not explicitly set in the user's own libpod.conf
7544
* Added an alias -f for the --format flag of the podman info and podman version commands
7545
* Added an alias -s for the --size flag of the podman inspect command
7546
* Added the podman system info and podman system prune commands
7547
* Added the podman cp command to copy files between containers and the host
7548
* Added the --password-stdin flag to podman login
7549
* Added the --all-tags flag to podman pull
7550
* The --rm and --detach flags can now be used together with podman run
7551
* The podman start and podman run commands for containers in pods will now start dependency containers if they are stopped
7552
* Added the podman system renumber command to handle lock changes
7553
* The --net=host and --dns flags for podman run and podman create no longer conflict
7554
* Podman now handles mounting the shared /etc/resolv.conf from network namespaces created by ip netns add when they are passed in via podman run --net=ns:
7555
* Various bugfixes - full changelog https://github.com/containers/libpod/releases/tag/v1.1.0
7556
- Removed obsolete patch containers-libpod-pull-2225.diff
7557
7558
-------------------------------------------------------------------
7559
Tue Feb 26 17:17:32 UTC 2019 - Richard Brown <rbrown@suse.com>
7560
7561
- Update to conmon from cri-o v1.13.1
7562
* oci: read conmon process status
7563
7564
-------------------------------------------------------------------
7565
Tue Feb 19 15:35:30 UTC 2019 - Richard Brown <rbrown@suse.com>
7566
7567
- Upgrade to v1.0.1
7568
* rootless: join both userns and mount namespace with --pod
7569
* rootless: create the userns immediately when creating a new pod
7570
* Preserve exited state across reboot
7571
* podman image prune -- implement all flag
7572
* Add varlink support for prune
7573
* Make --quiet work in podman create/run
7574
* rootless: fix --pid=host without --privileged
7575
* podman-inspect: don't ignore errors
7576
7577
-------------------------------------------------------------------
7578
Wed Jan 30 22:57:51 UTC 2019 - Duncan Mac-Vicar <dmacvicar@suse.de>
7579
7580
- Fix rootless mode with AppArmor
7581
https://github.com/containers/libpod/pull/2225
7582
Add patch containers-libpod-pull-2225.diff
7583
7584
-------------------------------------------------------------------
7585
Mon Jan 28 10:32:38 UTC 2019 - Richard Brown <rbrown@suse.com>
7586
7587
- Stop using conmon from random git commits, use cri-o releases
7588
- Update to conmon from cri-o v1.13.0
7589
* Solve gh#containers/libpod#527
7590
- Tidy up .gitignore files from podman-1.0.0.tar.xz
7591
7592
-------------------------------------------------------------------
7593
Thu Jan 17 11:44:58 UTC 2019 - Jordi Massaguer <jmassaguerpla@suse.com>
7594
7595
- Update requirement to go1.11 to stay in sync with CaaSP4 and use the same
7596
version as k8s and cri-o to prevent "weird" issues because of the go version
7597
(we had problems mixing go1.5 and go1.6 in the past)
7598
7599
-------------------------------------------------------------------
7600
Wed Jan 16 09:42:52 UTC 2019 - Richard Brown <rbrown@suse.com>
7601
7602
- Update libpod.conf to better align with upstream defaults [boo#1122024]
7603
- Require catatonit for new --init flag
7604
7605
-------------------------------------------------------------------
7606
Sun Jan 13 15:39:42 UTC 2019 - Richard Brown <rbrown@suse.com>
7607
7608
- Upgrade to v1.0.0
7609
* The podman exec command now includes a --workdir option to set working directory for the executed command
7610
* The podman create and podman run commands now support the --init flag to use a minimal init process in the container
7611
* Added the podman image sign command to GPG sign images
7612
* The podman run --device flag now accepts directories, and will added any device nodes in the directory to the container
7613
* Added the podman play kube command to create pods and containers from Kubernetes pod YAML
7614
* Rootless containers now unconditionally use postrun cleanup processes, ensuring resources are freed when the container stops
7615
* Pulling images has been parallelized, allowing individual layers to be pulled in parallel
7616
7617
-------------------------------------------------------------------
7618
Tue Jan 8 11:20:42 UTC 2019 - Richard Brown <rbrown@suse.com>
7619
7620
- Update to v0.12.1.2
7621
* Rootless Podman now creates the storage.conf, libpod.conf, and mounts.conf configuration files automatically in ~/.config/containers/ for ease of reconfiguration
7622
* The podman pod create command can expose ports in the pod's network namespace, allowing public services to be created in pods
7623
* The podman container checkpoint command can now keep containers running after they are checkpointed with the --leave-running flag
7624
* The podman container checkpoint and podman container restore commands now support the --tcp-established flag to checkpoint and restore containers with active TCP connections
7625
* The podman version command now has a --format flag to produce machine-readable output
7626
* Added the podman container exists, podman pod exists, and podman image exists commands to easily check for a container/pod/image, respectively, by name or ID
7627
* The podman ps --pod flag now has a short alias, -p
7628
* The podman rmi and podman rm commands now have a --prune flag to prune unused images and containers, respectively
7629
* The podman ps command now has a --sync flag to force a sync of Podman's state against the OCI runtime, resolving some state desync errors
7630
* Added the podman volume set of commands for creating and managing local-only named volumes
7631
* Added the podman generate kube command to generate Kubernetes Pod and Service YAML for Podman containers and pods
7632
* The podman pod stop flag now accepts a --timeout flag to set the timeout for stopping containers in the pod
7633
7634
-------------------------------------------------------------------
7635
Tue Dec 18 09:40:40 UTC 2018 - Marco Vedovati <mvedovati@suse.com>
7636
7637
- Update package summary and description
7638
7639
-------------------------------------------------------------------
7640
Fri Dec 7 07:42:47 UTC 2018 - Adrian Schröter <adrian@suse.de>
7641
7642
- add dependency to iptables, build fails otherwise
7643
7644
-------------------------------------------------------------------
7645
Fri Nov 16 08:22:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7646
7647
- Changelog for v0.11.1.1 (2018-11-15)
7648
* Increase pidWaitTimeout to 60s
7649
* rootless: call IsRootless just once
7650
* Add space between num & unit in images output
7651
* Better document rootless containers
7652
* info: add rootless field
7653
* Do not hide errors when creating container with UserNSRoot
7654
* correct assignment of networkStatus
7655
* rootless: default to fuse-overlayfs when available
7656
7657
-------------------------------------------------------------------
7658
Tue Nov 13 07:17:16 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7659
7660
- Require golang >= 1.10.
7661
7662
-------------------------------------------------------------------
7663
Fri Nov 9 07:46:46 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7664
7665
- Changelog for v0.11.1 (2018-11-08)
7666
* update seccomp.json
7667
* Touch up --log* options and daemons in man pages
7668
* Don't fail if /etc/passwd or /etc/group does not exists
7669
* Properly set Running state when starting containers
7670
* If a container ceases to exist in runc, set exit status
7671
* rootless: mount /sys/fs/cgroup/systemd from the host
7672
* rootless: don't bind mount /sys/fs/cgroup/systemd in systemd mode
7673
* Add hostname to /etc/hosts
7674
* Remove conmon cgroup before pod cgroup for cgroupfs
7675
* Make kill, pause, and unpause parallel.
7676
* Fix long image name handling
7677
* Make restart parallel and add --all
7678
* rootless: do not add an additional /run to runroot
7679
* rootless: avoid hang on failed slirp4netns
7680
* Fix setting of version information
7681
* runtime: do not allow runroot longer than 50 characters
7682
* attach: fix attach when cuid is too long
7683
* truncate command output in ps by default
7684
* make various changes to ps output
7685
* Use two spaces to pad PS fields
7686
* fix bug in rm -fa parallel deletes
7687
* Ensure test container in running state
7688
* Add tests for selinux labels
7689
* Add --max-workers and heuristics for parallel operations
7690
* Increase security and performance when looking up groups
7691
* run prepare in parallel
7692
* runlabel: run any command
7693
* Explain the device format in man pages
7694
* Add --all and --latest to checkpoint/restore
7695
* Use more reliable check for rootless for firewall init
7696
* Make podman ps fast
7697
* Support auth file environment variable in podman build
7698
* fix environment variable parsing
7699
* Use the CRIU version check in checkpoint/restore
7700
* Handle http/https in registry given to login/out
7701
* correct stats err with non-running containers
7702
* Make rm faster
7703
* Fix man page to show info on storage
7704
7705
- Changelog for v0.10.1.3 (2018-10-17)
7706
* Vendor in new new buildah/ci
7707
* Fix podman in podman
7708
7709
- Changelog for v0.10.1.2 (2018-10-17)
7710
* Fix CGroup paths used for systemd CGroup mount
7711
7712
-------------------------------------------------------------------
7713
Tue Oct 30 06:57:08 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7714
7715
- Require slirp4netns to enable networking for unprivileged network namespaces
7716
aka networking for rootless podman.
7717
7718
-------------------------------------------------------------------
7719
Wed Oct 17 06:07:29 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7720
7721
- Changelog for v0.10.1.1 (2018-10-16)
7722
* Mount proper cgroup for systemd to manage inside of the container.
7723
* volume: resolve symlinks in paths
7724
* volume: write the correct ID of the container in error messages
7725
* Support auth file environment variable & add change to man pages
7726
* Generate a passwd file for users not in container
7727
7728
-------------------------------------------------------------------
7729
Fri Oct 12 06:43:30 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7730
7731
- Changelog for v0.10.1 (2018-10-11)
7732
* Sort all command flags
7733
* rootless: detect when user namespaces are not enabled
7734
* Log an otherwise ignored error from joining a net ns
7735
* Update manpages for --ip flag
7736
* Add --ip flag and plumbing into libpod
7737
* Document --net as an alias of --network in podman run & create
7738
* rootless: report more error messages from the startup phase
7739
* rootless: fix an hang on older versions of setresuid/setresgid
7740
* fix runlabel functions based on QA feedback
7741
* Stop containers in parallel fashion
7742
* runlabel: execute /proc/self/exe and avoid recursion
7743
* Ensure resolv.conf has the right label and path
7744
* completions: add checkpoint/restore completions
7745
* Add support to checkpoint/restore containers
7746
* selinux: drop superflous relabel
7747
* rootless: always set XDG_RUNTIME_DIR
7748
* Address review comments and fix ps output
7749
* Disable SELinux labeling if --privileged
7750
* Implement pod varlink bindings
7751
* Add --all flag to podman kill
7752
* Add container runlabel command
7753
* run complex image names with short names
7754
7755
-------------------------------------------------------------------
7756
Mon Oct 1 05:51:48 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7757
7758
- Update conmon to 4cd5a7c60349be0678d9f1b0657683324c1a2726 and fetch
7759
it from its new home https://github.com/kubernetes-sigs/cri-o.
7760
7761
- Changelog for v0.9.3.1 (2018-09-25)
7762
* Disable problematic SELinux code causing runc issues
7763
7764
- Changelog for v0.9.3 (2018-09-21)
7765
* Add --mount option for `create` & `run` command
7766
* Don't mount /dev/shm if the user told you --ipc=none
7767
* rootless: error out if there are not enough UIDs/GIDs available
7768
* Add new field to libpod to indicate whether or not to use labelling
7769
* Bind Mounts should be mounted read-only when in read-only mode
7770
* report when rootless
7771
* Don't crash if an image has no names
7772
7773
- Changelog for v0.9.2 (2018-09-14)
7774
* Don't mount /dev/* if user mounted /dev
7775
* rootless: do not raise an error if the entrypoint is specified
7776
* Add a way to disable port reservation
7777
* Do not set rlimits if we are rootless
7778
* Add --interval flag to podman wait
7779
* Add `podman rm --volumes` flag
7780
* Explicitly set default CNI network name in libpod.conf
7781
7782
- Changelog for v0.9.1.1 (2018-09-10)
7783
* Replace existing iptables handler with firewall code
7784
* Vendor CNI plugins firewall code
7785
* Fix displaying size on size calculation error
7786
7787
- Changelog for v0.9.1 (2018-09-07)
7788
* Fix pod sharing for utsmode
7789
* Respect user-added mounts over default spec mounts
7790
* use layer cache when building images
7791
* Start pod infra container when pod is created
7792
* Fix up libpod.conf man pages and referencese to it.
7793
* We should fail Podman with ExitCode 125 by default
7794
* Add CRI logs parsing to podman logs
7795
* rmi remove all not error when no images are present
7796
* rootless, create: support --pod
7797
* rootless, run: support --pod
7798
7799
-------------------------------------------------------------------
7800
Mon Sep 3 06:04:26 UTC 2018 - Valentin Rothberg <vrothberg@suse.com>
7801
7802
- Changelog for v0.8.5 (2018-08-31)
7803
* Add proper support for systemd inside of podman
7804
* We are mistakenly seeing repos as registries.
7805
* Up time between checks for podman wait
7806
* Turn on test debugging
7807
* Add support for remote commands
7808
* fixup A few language changes and subuid(5)
7809
* Make the documentation of user namespace options in podman-run clearer
7810
* catch command-not-found errors
7811
* don't print help message for usage errors
7812
* docs: consistent format for example
7813
* docs: consistent headings
7814
* docs: make HISTORY consistent
7815
* docs: fix headers
7816
* varlink: fix --timeout usage
7817
* run/create: reserve `-h` flag for hostname
7818
* podman,varlink: inform user about --timeout 0
7819
* rootless: show an error when stats is used
7820
* rootless: show an error when pause/unpause are used
7821
* rootless: unexport GetUserNSForPid
7822
* rootless, exec: use the new function to join the userns
7823
* rootless: fix top
7824
* rootless: add new function to join existing namespace
7825
* Do not set max open files by default if we are rootless
7826
* Set default max open files in spec
7827
* Resolve /etc/resolv.conf before reading
7828
* document `--rm` semantics
7829
* rootless, search: do not create a new userns
7830
* rootless, login, logout: do not create a new userns
7831
* rootless, kill: do not create a new userns
7832
* rootless, stop: do not create a new userns
7833
* Fix manpage to note how multiple filters are combined
7834
* Fix handling of multiple filters in podman ps
7835
* Fix Mount Propagation
7836
* docs: add containers-mounts.conf(5)
7837
* docs: use "containers-" prefix for registries and storage
7838
* rootless: fix --pid=host
7839
* rootless: fix --ipc=host
7840
* spec: bind mount /sys only when userNS are enabled
7841
* rootless, tests: add test for --uts=host
7842
* rootless: don't use kill --all
7843
* rootless: exec handle processes that create an user namespace
7844
* rootless: fix exec
7845
7846
-------------------------------------------------------------------
7847
Mon Aug 27 06:05:18 UTC 2018 - vrothberg@suse.com
7848
7849
- Changelog for v0.8.4 (2018-08-24)
7850
* Swap from FFJSON to easyjson
7851
* rootless: allow to override policy.json by the user
7852
* add completion for --pod in run and create
7853
* Fixed formatting and lowered verbosity of pod ps
7854
* Do not try to enable AppArmor in rootless mode
7855
* Reveal information about container capabilities
7856
* Fixing network ns segfault
7857
* Change pause container to infra container
7858
* Added option to share kernel namespaces in libpod and podman
7859
* Add podman pod top
7860
* Include pod stats and top in commands/completions
7861
* Fix syntax description of --ulimit command
7862
* Properly translate users into runc format for exec
7863
* rootless: fix --net host --privileged
7864
* Fixed segfault in stats where container had netNS none or from container
7865
* Enable pod stats with short ID and name
7866
* Touch up cert-dir in man pages
7867
* Support Attach subcommand in pypodman
7868
7869
-------------------------------------------------------------------
7870
Mon Aug 20 06:40:02 UTC 2018 - vrothberg@suse.com
7871
7872
- Changelog for v0.8.3 (2018-08-17)
7873
* Switch from github.com/projectatomic to github.com/containers
7874
* Mention that systemd is the default cgroup manager
7875
* Fix handling of socket connection refusal.
7876
* podman: fix --uts=host
7877
* podman pod stats
7878
* Added reason to PodContainerError
7879
* Add Pod API to varlink.
7880
* Revert "spec: bind mount /sys only for rootless containers"
7881
* Document STORAGE_DRIVER and STORAGE_OPTS environment variable
7882
* Create pod CGroups when using the systemd cgroup driver
7883
* Switch systemd default CGroup parent to machine.slice
7884
* spec: bind mount /sys only for rootless containers
7885
* Add create and pull commands
7886
* rootless: not require userns for help/version
7887
* pkg/apparmor: use a pipe instead of a tmp file
7888
* podman in rootless mode will only work with cgroupfs at this point.
7889
* when searching, survive errors for multiple registries
7890
7891
-------------------------------------------------------------------
7892
Mon Aug 13 06:32:40 UTC 2018 - vrothberg@suse.com
7893
7894
- Changelog for v0.8.2.1 (2018-08-11)
7895
* Ensure pod inspect is locked and validity-checked
7896
* Swap default CGroup manager to systemd
7897
7898
- Changelog for v0.8.2 (2018-08-10)
7899
* We need to sort mounts so that one mount does not over mount another.
7900
* search name should include registry
7901
* removeContainer: fix deadlock
7902
* Add FFJSON to build container
7903
* Add FFJSON generation to makefile
7904
* Fixed a bug setting dependencies on the wrong container
7905
* Always connect to the stdout and stderr of stream
7906
* apparmor: respect "unconfined" setting
7907
* oci.go: syslog: fix debug formatting
7908
* add podman pod inspect
7909
* Fix CGroupFS cgroup manager cgroup creation for pods
7910
* Pass newly-added --log-level flag to Conmon
7911
* Cleanup man pages
7912
* Improve ps handling of container start/stop time
7913
* rootless: fix user lookup if USER= is not set
7914
* Add dpkg support for returning oci/conmon versions
7915
* Have info print conmon/oci runtime information
7916
* Better pull error for fully-qualified images
7917
* Add Runc and Conmon versions to Podman Version
7918
7919
-------------------------------------------------------------------
7920
Thu Aug 9 10:20:19 UTC 2018 - vrothberg@suse.com
7921
7922
- Add a dedicated conmon for podman as the requirements on the specific
7923
version started to differ from the ones of CRI-O. This change implies
7924
dropping the requirement on the cri-o package.
7925
7926
- Add libpod.conf as a new source to allow tweaking the search paths
7927
for openSUSE. This change makes execution slightly faster.
7928
7929
-------------------------------------------------------------------
7930
Mon Aug 6 06:27:09 UTC 2018 - vrothberg@suse.com
7931
7932
- Changelog for v0.8.1 (2018-08-03)
7933
* Added ps --pod option
7934
* clarify pull error message
7935
* Man page fixes found by https://pagure.io/ManualPageScan
7936
* rootless: do not segfault if the parent already died
7937
* Document the properties of DefaultTransport a bit better.
7938
* Add --force to podman umount to force the unmounting of the rootfs
7939
* network: add support for rootless network with slirp4netns
7940
* Add documentations on how to setup /etc/subuid and /etc/subgid
7941
* podman rmi shouldn't delete named referenced images
7942
7943
-------------------------------------------------------------------
7944
Mon Jul 30 05:45:52 UTC 2018 - vrothberg@suse.com
7945
7946
- Changelog for v0.7.4 (2018-07-27)
7947
* Add pod pause/unpause
7948
* Fix up docker compatibility messages
7949
* Fix handling of Linux network namespaces
7950
* Cleanup descriptions and help information
7951
* Add pod kill
7952
* Added pod restart
7953
* podman: allow to specify the IPC namespace to join
7954
* podman: allow to specify the UTS namespace to join
7955
* podman: allow to specify the PID namespace to join
7956
* podman: allow to specify the userns to join
7957
* spec: allow container:NAME network mode
7958
* Add libpod namespace to config
7959
* Add missing runtime.go lines to set namespace
7960
* Set namespace for new pods/containers based on runtime
7961
* Add --namespace flag to Podman
7962
* Update documentation for the State interface
7963
* Ensure pods are part of the set namespace when added
7964
* Enforce namespace checks on container add
7965
* Add container and pod namespaces to configs
7966
* AppArmor: runtime check if it's enabled on the host
7967
* Add format descriptors infor to podman top
7968
* docs/podman-top: fix typo and whitespace
7969
7970
-------------------------------------------------------------------
7971
Mon Jul 23 06:18:32 UTC 2018 - vrothberg@suse.com
7972
7973
- Changelog for v0.7.3 (2018-07-20)
7974
* Podman load/tag/save prepend localhost when no repository is present
7975
* Pod ps now uses pod.Status()
7976
* Added pod start and stop
7977
* rootless: support a per-user mounts.conf
7978
* secrets: parse only one mounts configuration file
7979
* rootless: allow a per-user registries.conf file
7980
* rootless: allow a per-user storage.conf file
7981
* rootless, docs: document the libpod.conf file used in rootless mode
7982
* podman-top: use containers/psgo
7983
* oci: keep exposed ports busy and leak the fd into conmon
7984
* Fix ps filter with key=value labels
7985
* rootless: require subids to be present
7986
7987
-------------------------------------------------------------------
7988
Mon Jul 16 05:37:36 UTC 2018 - vrothberg@suse.com
7989
7990
- Changelog for v0.7.2 (2018-07-13)
7991
* Only print container size JSON if --size was requested
7992
* Don't print rootfs and rw sizes if they're empty
7993
* Major fixes to podman ps --format=json output
7994
* Ignore running containers in ps exit-code filters
7995
* rootless: correctly propagate the exit status from the container
7996
* rootless: unshare mount namespace
7997
* Need to wait for container to exit before completing run/start completes
7998
* If proxy fails then then signal should be sent to the main process
7999
* fix pull image that includes a sha
8000
* Added full podman pod ps, with tests and man page
8001
* Podman pod create/rm commands with man page and tests.
8002
* Added created time to pod state
8003
* Support multiple networks
8004
* podman rmi should only untag image if parent of another
8005
* build: enable ostree in containers/storage when available
8006
* podman/libpod: add default AppArmor profile
8007
* rootless: propagate errors from GetRootlessRuntimeDir()
8008
* rootless: resolve the user home directory
8009
* rootless: fix when argv[0] is not an absolute path
8010
* urfave/cli: fix regression in short-opts parsing
8011
* Add --volumes-from flag to podman run and create
8012
* Mask /proc/keys to protect information leak about keys on host
8013
* Podman stats with no containers listed is the same as podman stats --all
8014
8015
- install missing podman (1) manpage
8016
8017
- podman-rpmlintrc: ignore missing-call-to-setgroups-before-setuid wari
8018
8019
- install bash completion at /usr/share/bash-completion/completions
8020
8021
- buildmode=pie: build position independent code
8022
8023
-------------------------------------------------------------------
8024
Mon Jul 9 05:47:32 UTC 2018 - vrothberg@suse.com
8025
8026
- Changelog for v0.7.1 (2018-07-06)
8027
* Block use of /proc/acpi from inside containers
8028
* Remove per-container CGroup parents
8029
* rootless: add /run/user/$UID to the lookup paths
8030
* rootless: add function to retrieve the original UID
8031
* rootless: always set XDG_RUNTIME_DIR
8032
* rootless: set XDG_RUNTIME_DIR also for state and exec
8033
* urfave/cli: fix parsing of short opts
8034
* docs: Follow man-pages(7) suggestions for SYNOPSIS
8035
* Allow multiple mounts
8036
8037
- re-enable varlink support (build conditional)
8038
8039
-------------------------------------------------------------------
8040
Mon Jul 2 05:53:26 UTC 2018 - vrothberg@suse.com
8041
8042
- Changelog for v0.6.5 (2018-06-29)
8043
* Fix built-in volume issue with podman run/create
8044
* Add `podman container cleanup` to CLI
8045
* Allow multiple containers and all for umount
8046
* Returning joining namespace error should not be fatal
8047
* Test to verify overlay quotas work, show container overhead on quota
8048
* Remove the --registry flag from podman search
8049
* utils: fix endless write of resize event
8050
* Start prints UUID or container name that user inputs on success
8051
* Fix podman hangs when detecting startup error in container attached mode
8052
* podman-build --help: update description
8053
* docs: add documentation for rootless containers
8054
* Add --authfile to podman search
8055
* Add podman-image and podman-container man page links
8056
* make varlink optional for podman
8057
8058
-------------------------------------------------------------------
8059
Mon Jun 25 05:58:20 UTC 2018 - vrothberg@suse.com
8060
8061
- Changelog for v0.6.4 (2018-06-22)
8062
* Point podman-refresh at the right manpage
8063
* Add bash completions for podman refresh
8064
* Add manpages for podman refresh
8065
* Add podman refresh command
8066
* Add information about the configuration files to the install docs
8067
* Add unittests and fix bugs
8068
* Podman history now prints out intermediate image IDs
8069
* Add cap-add and cap-drop to build man page
8070
* Fix image volumes access and mount problems on restart
8071
* Add carriage return to log message when using --tty flag
8072
* Added --sort to ps
8073
* Fix podman build -q
8074
* Add extra debug so we can tell apart postdelete hooks
8075
* TLS verify is skipped per registry.
8076
* Add --all,-a flag to podman images
8077
* top: make output tabular
8078
* Add more network info ipv4/ipv6 and be more compatible with docker
8079
* Do not run iptablesDNS workaround on IPv6 addresses
8080
* Added --tls-verify functionality to podman search, with tests
8081
8082
-------------------------------------------------------------------
8083
Mon Jun 18 05:46:23 UTC 2018 - vrothberg@suse.com
8084
8085
- Changelog for v0.6.3 (2018-06-15)
8086
* podman: use a different store for the rootless case
8087
* podman: do not use Chown in rootless mode
8088
* network: do not attempt to create a network in rootless mode
8089
* oci: do not set resources in rootless mode
8090
* oci: do not use hooks in rootless mode
8091
* oci: do not set the cgroup path in Rootless mode
8092
* spec: change mount options for /dev/pts in rootless mode
8093
* container: do not add shm in rootless mode
8094
* podman: provide a default UID mapping when non root
8095
* podman: accept option --rootfs to use exploded images
8096
* When setting a memory limit, also set a swap limit
8097
* Fix cleaning up network namespaces on detached ctrs
8098
* Implement --latest for ps
8099
* Added --sort flag to podman image
8100
* add podman container and image command
8101
* rmi: remove image if all tags are specified
8102
8103
-------------------------------------------------------------------
8104
Mon Jun 11 06:22:30 UTC 2018 - vrothberg@suse.com
8105
8106
- Changelog for v0.6.2 (2018-06-08)
8107
* Vendor in latest buildah code
8108
* Update epoch to fix validation problems
8109
* Touch up whitespace issue in build man
8110
* Add disable-content flag info to man page for build
8111
* podman-run: clean up some formatting issues
8112
* Remove SELinux transition rule after conmon is started.
8113
* Add --all flag even though it is a noop so scripts will work
8114
* podman-varlink: log timeouts
8115
* bash completion: remove shebang
8116
* Vendor in latest containers/storage
8117
8118
-------------------------------------------------------------------
8119
Fri Jun 8 14:26:33 UTC 2018 - dcassany@suse.com
8120
8121
- Make use of %license macro
8122
8123
-------------------------------------------------------------------
8124
Tue Jun 5 13:36:00 UTC 2018 - vrothberg@suse.com
8125
8126
- Changelog for v0.6.1 (2018-06-01)
8127
* Fix lable handling
8128
* runtime: add /usr/libexec/podman/conmon to the conmon paths
8129
* varlink build
8130
* Add OnBuild support for podman build
8131
* return all inspect info for varlink containerinspect
8132
* hooks/exec: Allow successful reaps for 0s post-kill timeouts
8133
* fix panic with podman pull
8134
* Remove --net flag and make it an alias for --network
8135
* Clear all caps, except the bounding set, when --user is specified.
8136
Fix: bsc#1097970 CVE-2018-10856
8137
* do not allow port related args to be used with --network=container:
8138
* sort containers and images by create time
8139
* Cleanup man pages
8140
8141
-------------------------------------------------------------------
8142
Tue May 29 12:35:47 UTC 2018 - parlt@suse.com
8143
8144
- Changelog for v0.5.4 (2018-05-25):
8145
* Make references to the Process part of Spec conditional
8146
* save and load should support multi-tag for docker-archive
8147
* Implement python podman create and start
8148
* Set Entrypoint from image only if not already set
8149
* Update podman build to match buildah bud functionality
8150
* Fix handling of command in images
8151
* Add support for Zulu timestamp parsing
8152
* Clarify using podman build with a URL, Git repo, or archive.
8153
* podman create, start, getattachsocket
8154
* oci-hooks.5: Discuss directory precedence and monitoring
8155
* Tighten the security on the podman varlink socket
8156
8157
-------------------------------------------------------------------
8158
Tue May 22 10:16:03 UTC 2018 - parlt@suse.com
8159
8160
- Changelog for v0.5.3 (2018-05-18):
8161
* troubleshooting: Add console syntax highlighting
8162
* Refresh pods when refreshing podman state
8163
* Add per-pod CGroups
8164
* Add pod state
8165
* hooks: Fix monitoring of multiple directories
8166
* Add Troubleshooting guide
8167
* Add python3 package to podman
8168
* libpod: fix panic when using -t and the process fails to start
8169
* Allow push/save without image reference
8170
* Fix podman inspect bash completions
8171
* Support pulling Dockerfile from http
8172
* add more bash completions
8173
* implement varlink commit
8174
* fix segfault for podman push
8175
* Add the Podman Logo
8176
* hooks: Add package support for extension stages
8177
8178
-------------------------------------------------------------------
8179
Mon May 14 08:33:11 UTC 2018 - vrothberg@suse.com
8180
8181
- Changelog for v0.5.2 (2018-05-11):
8182
* Fix varlink remove image force
8183
* Do not error trying to remove cgroups that don't exist
8184
* Remove parent cgroup we create with cgroupfs
8185
* Place Conmon and Container in separate CGroups
8186
* Add --cgroup-manager flag to Podman binary
8187
* Major fixes to systemd cgroup handling
8188
* Add validation for CGroup parents. Pass CGroups path into runc
8189
* varlink info
8190
* Dont eat the pull error message for varlink
8191
* podman push should honor registries.conf
8192
* alphabetize the varlink methods, types, and errors in the docs
8193
* Add missing newline to podman port
8194
* Fix calculation of RunningFor in ps json output
8195
* Should not error out if container no longer exists in oci
8196
* Make invalid state nonfatal when cleaning up in run
8197
* podman, userNS: configure an intermediate mount namespace
8198
* networking, userNS: configure the network namespace after create
8199
* Begin wiring in USERNS Support into podman
8200
8201
-------------------------------------------------------------------
8202
Mon May 7 05:42:24 UTC 2018 - vrothberg@suse.com
8203
8204
- Remove runtime dependency on buildah, which isn't required anymore as
8205
libpod vendors in buildah's code directly.
8206
8207
- Changelog for v0.5.1 (2018-05-04):
8208
* Fix pulling from secure registry
8209
* Optionally init() during container restart
8210
* bashcompletion enhancements
8211
* Add directory for systemd socket and service if not present
8212
* varlink containers
8213
* Make podman commit to localhost rather then docker.io
8214
* Do not print unnecessary Buildah details during commit
8215
* Fix podman logout --all flag
8216
* podman should assign a host port to -p when omitted
8217
* libpod.conf: Podman's conmon path on openSUSE
8218
* correct varlink command in service file
8219
* Make ':' a restricted character for file names
8220
8221
-------------------------------------------------------------------
8222
Mon Apr 30 06:53:09 UTC 2018 - vrothberg@suse.com
8223
8224
- Update podman to v0.4.4:
8225
* Use buildah commit and bud in podman
8226
* Remove systemd-cat support
8227
* Add --default-mounts-file hidden flag
8228
* Add isolation note to build man page
8229
* Strip transport from image name when looking for local image
8230
* Do not eat error messages from pullImage
8231
* Modify --user flag for podman create and run
8232
* add libpod.conf man page
8233
8234
-------------------------------------------------------------------
8235
Mon Apr 23 08:37:57 UTC 2018 - parlt@suse.com
8236
8237
- Update podman to v0.4.3:
8238
* podman push without destination image
8239
* Add make .git target
8240
* Fix tests for podman run --attach
8241
* Vendor in latest containers/image and contaners/storage
8242
* It is OK to start an already running container (with no attach)
8243
* Allow podman start to attach to a running container
8244
* regression: tls verify should be set on registries.conf if insecure
8245
* ip validation game too strong
8246
* reverse host field order (ip goes first) - fix host string split to permit IPv6
8247
* Allow podman to exit exit codes of removed containers
8248
* validate dns-search values prior to creation
8249
* Add WaitContainerReady for wait for docker registry ready
8250
* podman pull should always try to pull
8251
* Allow the use of -i/-a on any container
8252
* Fix secrets patch
8253
8254
-------------------------------------------------------------------
8255
Tue Apr 17 06:44:19 UTC 2018 - vrothberg@suse.com
8256
8257
- Require golang >= 1.9.
8258
8259
-------------------------------------------------------------------
8260
Tue Apr 17 06:19:33 UTC 2018 - vrothberg@suse.com
8261
8262
- Update podman to v0.4.2:
8263
* Allowing attaching stdin to non-interactive containers
8264
* Fix terminal attach
8265
* Fix locking interaction in batched Exec() on container
8266
* Force host UID/GID mapping when creating containers
8267
* Do not lock all containers during pod kill
8268
* Do not lock all containers during pod start
8269
* Make pod stop lock one container at a time
8270
* Containers transitioning to stop should not break stats
8271
* Add -i to exec for compatibility reasons
8272
* Unescape characters in inspect JSON format output
8273
* Use buildah commit for podman commit
8274
8275
-------------------------------------------------------------------
8276
Mon Apr 9 07:48:52 UTC 2018 - parlt@suse.com
8277
8278
- Update podman to v0.4.1:
8279
* Remove image via storage if a buildah container is associated
8280
* Add hooks support to podman
8281
* Run images with no names
8282
* Prevent a potential race when stopping containers
8283
* Only allocate tty when -t
8284
* Add conmon-pidfile flag to bash completions/manpages
8285
* --entrypoint= should delete existing entrypoint
8286
* Do not require Init() before Start()
8287
* Ensure dependencies are running before initializing containers
8288
* Add container dependencies to Inspect output
8289
* Vendor in latest containers/image
8290
* Change errorf to warnf in warning removing ctr storage
8291
8292
-------------------------------------------------------------------
8293
Thu Apr 5 06:40:07 UTC 2018 - asarai@suse.com
8294
8295
- Split out podman's basic CNI configuration to podman-cni-config, to avoid
8296
breaking Kubernetes clusters due to misconfigured networking. On openSUSE we
8297
still install this configuration so things "just work" there.
8298
8299
-------------------------------------------------------------------
8300
Tue Apr 3 05:41:54 UTC 2018 - vrothberg@suse.com
8301
8302
- Update podman to v0.3.5:
8303
* Allow sha256: prefix for input
8304
* Add secrets patch to podman
8305
* Only start containers that are not running in pod start
8306
* Check for duplicate names when generating new container and pod names.
8307
* podman: new option --conmon-pidfile=
8308
* Remove dependency on kubernetes
8309
* Vendor in lots of kubernetes stuff to shrink image size
8310
* cmd/podman/run.go: Error nicely when no image found
8311
* Update containers/storage to pick up overlay driver fix
8312
* First tag, untag THEN reload the image
8313
8314
-------------------------------------------------------------------
8315
Mon Mar 26 05:57:07 UTC 2018 - vrothberg@suse.com
8316
8317
- Update podman to v0.3.4:
8318
* Make container env variable conditional
8319
* Small manpage reword
8320
* Document .containerenv in manpages. Move it to /run.
8321
* Add .containerenv file
8322
* Removing tagged images change in behavior
8323
* Image library stage 4 - create and commit
8324
* Add 'podman restart' asciinema
8325
8326
-------------------------------------------------------------------
8327
Mon Mar 19 09:47:24 UTC 2018 - vrothberg@suse.com
8328
8329
- Remove old (redundant) source archive.
8330
8331
-------------------------------------------------------------------
8332
Sat Mar 17 10:36:53 UTC 2018 - vrothberg@suse.com
8333
8334
- Do not compile commit hash into binary. `podman version` will not print
8335
the commit number as we are now following official releases.
8336
8337
- Change tar naming from commit to version to facilitate updates via the
8338
_service file.
8339
8340
- Update podman to v0.3.3. This update includes several fixes and a new
8341
configuration file, libpod.conf. By default, this config will be
8342
installed to /usr/share/containers and /etc/containers, whereas podman
8343
will always use the latter if present. The config in
8344
/usr/share/containers can be used to check for new config options and
8345
will be replaced with each package update. The libpod.conf config can
8346
be used to tweak some run-time paths of conmon, runc, etc., which is a
8347
more flexible approach than hard-coding those paths in podman.
8348
8349
Changelog:
8350
* Update containers/image
8351
* Add restart to main podman manpage
8352
* Add podman restart to podman bash completions and commands
8353
* Make manpage more clear
8354
* Add 'podman restart' command
8355
* Remove ability to specify mount label when mounting
8356
* Add signal proxying to podman run, start, and attach
8357
* We should not allow a user to mount a container with a different label
8358
* We should not have a default workdir
8359
* Add additional debug logging
8360
* Implement container restarting
8361
* sleep does not catch SIGTERM
8362
* Include tmpfs in inspect
8363
* Add run and search to commands page
8364
* Add new default location for conmon
8365
* podman-images: return correct image list
8366
* Remove crio.conf references from manpages
8367
* Fix a potential race around container removal in ps
8368
* podman ps command string too long
8369
* Podman load can pull in compressed files
8370
* Fix Conmon error to display Conmon paths
8371
* Add support to load runtime configuration from config file
8372
* Add default libpod config file
8373
* Change conmon and runtime paths to arrays
8374
* Update containers/storage to fix locking bug
8375
8376
-------------------------------------------------------------------
8377
Thu Mar 15 15:24:23 UTC 2018 - vrothberg@suse.com
8378
8379
- Add requirement on cni-plugins to avoid potential issues in the
8380
future.
8381
feature#crio
8382
8383
-------------------------------------------------------------------
8384
Tue Mar 6 11:00:09 UTC 2018 - vrothberg@suse.com
8385
8386
- Add run-time requirement on buildah to support `podman build`.
8387
feature#crio
8388
8389
-------------------------------------------------------------------
8390
Tue Mar 6 08:01:37 UTC 2018 - vrothberg@suse.com
8391
8392
- Fix typo when setting the git commit at compile time.
8393
8394
-------------------------------------------------------------------
8395
Sat Mar 3 14:20:06 UTC 2018 - vrothberg@suse.com
8396
8397
- Update podman to v0.3.1:
8398
* allow DNS resolution in containers
8399
* Adjust podman logs error message for clarity
8400
* Instead of erroring on exit file not being found, warn
8401
* podman logs -f: does not detect container stop or rm
8402
* Fix issue with podman logs on fresh containers
8403
* Replace usage of runc with runtime
8404
* Handle removing containers with active exec sessions
8405
* Ensure that Cleanup() will not run on active containers
8406
* Add tracking for exec session IDs
8407
* Add tracking for container exec sessions to DB
8408
* Small fixes to container Exec
8409
* docs/podman-info.1.md update man page
8410
* Update containers/storage
8411
* podman info add registries
8412
* podman stats add networking
8413
* CNIPluginDir: check "/usr/lib/cni"
8414
* remove build alias
8415
* Restrict top output to container's pids only
8416
* ps displays incorrect exit code
8417
* podman load dont panic when no repotags
8418
* Do not override user mounts
8419
* Tagging an image alias by shortname
8420
* Add support for --no-new-privs
8421
* podman ps json output use batched ops
8422
* CreateContainerStorage by image id
8423
* Implement --image-volumes for create and run
8424
* Add ability to start containers in a pod
8425
* Add kill and stop for pods
8426
* Add pod status command
8427
* Add tests and cleanup
8428
* Implement podman run option --cgroup-parent
8429
* Inspect output should be in array form
8430
* Add --time alias to manpages
8431
* Alias --time to --timeout for 'podman stop'
8432
* Resolve contention between copr and fedora repos
8433
* Ensure we don't repeatedly poll disk for exit codes
8434
* Change uptime format in `podman info` to human-readable
8435
8436
-------------------------------------------------------------------
8437
Thu Feb 22 10:25:14 UTC 2018 - vrothberg@suse.com
8438
8439
- Replace macro by the entire URL in the spec file.
8440
8441
-------------------------------------------------------------------
8442
Tue Feb 20 14:29:54 UTC 2018 - vrothberg@suse.com
8443
8444
- Add podman-rpmlintrc to ignore "explicit-lib-dependency" warnings. Those are
8445
intentional as we must include the libcontainers-* packages.
8446
+ podman-rpmlintrc
8447
8448
- Update to podman v0.2.1 (change to semantic version scheme):
8449
* Run podman inside a podman container
8450
* Add FFJSON encoding/decoding for our container structs
8451
* images --all developer note
8452
* Add podman version
8453
* Touch up tutorial location and install reqs
8454
* No registries warning
8455
* Return imageid from podman pull
8456
* Squash logged errors from failed SQL rollbacks
8457
* Privileged containers should inherit host devices
8458
* Disable default Seccomp profile with privileged containers
8459
* Make libpod build on 32-bit systems
8460
* Add buckets for all containers and all pods
8461
* Containers in a pod can only join namespaces in that pod
8462
* Change json to match docker inspect
8463
* Honor ENTRYPOINT in image
8464
* Fix libpod to use given CGroup parent instead of a hardcoded one
8465
* podman logs: fix tailing
8466
* Allow removing pods with running containers if --force is given
8467
* Match podman inspect output to docker inspect
8468
* Touchup podman kill manpage
8469
* Change stop signal default to SIGTERM
8470
* Add podman search command
8471
* sysfs should be mounted rw for privileged
8472
* Need to add LISTEN_PID environment variable to conmon command
8473
* Add authfile, cert-dir and creds params to build
8474
8475
-------------------------------------------------------------------
8476
Fri Feb 9 15:55:16 UTC 2018 - vrothberg@suse.com
8477
8478
- Add requirement on libcontainers-common, which now provides the
8479
/etc/containers/policy.json config.
8480
- Use golang-packaging macros.
8481
- Set version to +git%{rev_list} scheme as there's no official release yet.
8482
- Spec file cleanups via spec-cleaner.
8483
- Add requirement on libcontainers-{common,image,storage}, which provide
8484
configuration files, manpages and debugging tools useful and required by
8485
podman.
8486
8487
-------------------------------------------------------------------
8488
Wed Feb 7 08:51:16 UTC 2018 - vrothberg@suse.com
8489
8490
- Fix typo to provide the correct package.
8491
- Replace tabs with spaces.
8492
8493
-------------------------------------------------------------------
8494
Mon Feb 5 06:40:05 UTC 2018 - vrothberg@suse.com
8495
8496
- Fix libostree-devel %if condition for TW, Leap 15+ and SLES 15+.
8497
8498
-------------------------------------------------------------------
8499
Thu Feb 1 12:38:03 UTC 2018 - vrothberg@suse.com
8500
8501
- Use `%fdupes %buildroot/%_prefix` since `fdupes %buildroot` is not allowed
8502
because you cannot make hardlinks between certain partitions.
8503
8504
-------------------------------------------------------------------
8505
Tue Jan 30 15:33:21 UTC 2018 - vrothberg@suse.com
8506
8507
- Add podman package: podman is a simple client only tool to help with
8508
debugging issues when daemons such as CRI runtime and the kubelet are not
8509
responding or failing.
8510