SLFO-pool/podman
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Sync from SUSE:SLFO:Main podman revision 8f2da9d7c2405c2833c1f4c175c03db7

Browse Source
This commit is contained in:
Adrian Schröter 2025-02-20 10:00:33 +01:00
parent 3525dfdcd5
commit e253b7c873
12 changed files with 2852 additions and 18239 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

162
0001-pkg-subscriptions-use-securejoin-for-the-container-p.patch
View File

@ -1,162 +0,0 @@
From 76fc90dd1b33fc4e0f70277430f56d1d0ecd5e45 Mon Sep 17 00:00:00 2001
From: Danish Prakash <contact@danishpraka.sh>
Date: Mon, 7 Oct 2024 14:03:25 +0530
Subject: [PATCH 1/4] pkg/subscriptions: use securejoin for the container path
If we join a path from the container image we must always use securejoin
to prevent us from following a symlink onto the host.
Fixes CVE-2024-9341
Bugs: bsc#1231230
Signed-off-by: Paul Holzinger <pholzing@redhat.com>
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
go.mod | 4 ++--
go.sum | 8 ++++----
.../containers/common/pkg/subscriptions/subscriptions.go | 6 +++++-
vendor/github.com/containers/common/version/version.go | 2 +-
.../containers/image/v5/docker/docker_image.go | 9 +++++++++
vendor/github.com/containers/image/v5/version/version.go | 2 +-
vendor/modules.txt | 4 ++--
7 files changed, 24 insertions(+), 11 deletions(-)
diff --git a/go.mod b/go.mod
index 6f0d7d1f5db6..88dd9876472f 100644
--- a/go.mod
+++ b/go.mod
@@ -11,10 +11,10 @@ require (
github.com/checkpoint-restore/go-criu/v7 v7.0.0
github.com/containernetworking/plugins v1.4.0
github.com/containers/buildah v1.35.4
- github.com/containers/common v0.58.3
+ github.com/containers/common v0.58.5
github.com/containers/conmon v2.0.20+incompatible
github.com/containers/gvisor-tap-vsock v0.7.3
- github.com/containers/image/v5 v5.30.1
+ github.com/containers/image/v5 v5.30.2
github.com/containers/libhvee v0.7.0
github.com/containers/ocicrypt v1.1.10
github.com/containers/psgo v1.9.0
diff --git a/go.sum b/go.sum
index b1033efba2f0..1d6b7d02370c 100644
--- a/go.sum
+++ b/go.sum
@@ -76,14 +76,14 @@ github.com/containernetworking/plugins v1.4.0 h1:+w22VPYgk7nQHw7KT92lsRmuToHvb7w
github.com/containernetworking/plugins v1.4.0/go.mod h1:UYhcOyjefnrQvKvmmyEKsUA+M9Nfn7tqULPpH0Pkcj0=
github.com/containers/buildah v1.35.4 h1:M/M5RJW07ZIDsngmJDb6bnWxZA2RRFulp0MW7EwPATg=
github.com/containers/buildah v1.35.4/go.mod h1:gh6xe/VXW7TTIDWCRtAvx0/YaNuEJWYabDKrHKj17So=
-github.com/containers/common v0.58.3 h1:Iy/CdYjluEK926QT+ejonz7YvoRHazeW7BAiLIkmUQ4=
-github.com/containers/common v0.58.3/go.mod h1:p4V1SNk+WOISgp01m+axuqCUxaDP3WSZPPzvnJnS/cQ=
+github.com/containers/common v0.58.5 h1:5GOyHhNPVeFEUFIxUmc0asO2X8NuErLpyrrpdDJq3v0=
+github.com/containers/common v0.58.5/go.mod h1:mlwmIzH9AOIxXpuKPmMd1N+zzoelRBddXKReRlHDSTU=
github.com/containers/conmon v2.0.20+incompatible h1:YbCVSFSCqFjjVwHTPINGdMX1F6JXHGTUje2ZYobNrkg=
github.com/containers/conmon v2.0.20+incompatible/go.mod h1:hgwZ2mtuDrppv78a/cOBNiCm6O0UMWGx1mu7P00nu5I=
github.com/containers/gvisor-tap-vsock v0.7.3 h1:yORnf15sP+sLFhxLNLgmB5/lOhldn9dRMHx/tmYtSOQ=
github.com/containers/gvisor-tap-vsock v0.7.3/go.mod h1:NI1fLMtKXQZoDrrOeqryGz7x7j/XSFWRmQILva7Fu9c=
-github.com/containers/image/v5 v5.30.1 h1:AKrQMgOKI1oKx5FW5eoU2xoNyzACajHGx1O3qxobvFM=
-github.com/containers/image/v5 v5.30.1/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
+github.com/containers/image/v5 v5.30.2 h1:1nsuEAkWtlaGaV938n5Z9eyV4Jolx4eRyOl9pLUSPC4=
+github.com/containers/image/v5 v5.30.2/go.mod h1:gSD8MVOyqBspc0ynLsuiMR9qmt8UQ4jpVImjmK0uXfk=
github.com/containers/libhvee v0.7.0 h1:TDfidZOduYk0ZW0tigzqpJOl+CeynvHxIZCuH/ak7YM=
github.com/containers/libhvee v0.7.0/go.mod h1:fRKB3AyIqHMvq6xaeYhTpckM2cdoq0oecolyoiuLP7M=
github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 h1:Qzk5C6cYglewc+UyGf6lc8Mj2UaPTHy/iF2De0/77CA=
diff --git a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
index 6845914aa285..04cf6deaa8b4 100644
--- a/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
+++ b/vendor/github.com/containers/common/pkg/subscriptions/subscriptions.go
@@ -10,6 +10,7 @@ import (
"github.com/containers/common/pkg/umask"
"github.com/containers/storage/pkg/idtools"
+ securejoin "github.com/cyphar/filepath-securejoin"
rspec "github.com/opencontainers/runtime-spec/specs-go"
"github.com/opencontainers/selinux/go-selinux/label"
"github.com/sirupsen/logrus"
@@ -345,7 +346,10 @@ func addFIPSModeSubscription(mounts *[]rspec.Mount, containerRunDir, mountPoint,
srcBackendDir := "/usr/share/crypto-policies/back-ends/FIPS"
destDir := "/etc/crypto-policies/back-ends"
- srcOnHost := filepath.Join(mountPoint, srcBackendDir)
+ srcOnHost, err := securejoin.SecureJoin(mountPoint, srcBackendDir)
+ if err != nil {
+ return fmt.Errorf("resolve %s in the container: %w", srcBackendDir, err)
+ }
if _, err := os.Stat(srcOnHost); err != nil {
if errors.Is(err, os.ErrNotExist) {
return nil
diff --git a/vendor/github.com/containers/common/version/version.go b/vendor/github.com/containers/common/version/version.go
index ddf29b94b366..1b8f07ff5659 100644
--- a/vendor/github.com/containers/common/version/version.go
+++ b/vendor/github.com/containers/common/version/version.go
@@ -1,4 +1,4 @@
package version
// Version is the version of the build.
-const Version = "0.58.3"
+const Version = "0.58.5"
diff --git a/vendor/github.com/containers/image/v5/docker/docker_image.go b/vendor/github.com/containers/image/v5/docker/docker_image.go
index 4c80bb2b5251..9741afc3f099 100644
--- a/vendor/github.com/containers/image/v5/docker/docker_image.go
+++ b/vendor/github.com/containers/image/v5/docker/docker_image.go
@@ -14,6 +14,7 @@ import (
"github.com/containers/image/v5/manifest"
"github.com/containers/image/v5/types"
"github.com/opencontainers/go-digest"
+ "github.com/sirupsen/logrus"
)
// Image is a Docker-specific implementation of types.ImageCloser with a few extra methods
@@ -90,6 +91,14 @@ func GetRepositoryTags(ctx context.Context, sys *types.SystemContext, ref types.
}
for _, tag := range tagsHolder.Tags {
if _, err := reference.WithTag(dr.ref, tag); err != nil { // Ensure the tag does not contain unexpected values
+ // Per https://github.com/containers/skopeo/issues/2346 , unknown versions of JFrog Artifactory,
+ // contrary to the tag format specified in
+ // https://github.com/opencontainers/distribution-spec/blob/8a871c8234977df058f1a14e299fe0a673853da2/spec.md?plain=1#L160 ,
+ // include digests in the list.
+ if _, err := digest.Parse(tag); err == nil {
+ logrus.Debugf("Ignoring invalid tag %q matching a digest format", tag)
+ continue
+ }
return nil, fmt.Errorf("registry returned invalid tag %q: %w", tag, err)
}
tags = append(tags, tag)
diff --git a/vendor/github.com/containers/image/v5/version/version.go b/vendor/github.com/containers/image/v5/version/version.go
index 2be0541584da..fa31c9408f6a 100644
--- a/vendor/github.com/containers/image/v5/version/version.go
+++ b/vendor/github.com/containers/image/v5/version/version.go
@@ -8,7 +8,7 @@ const (
// VersionMinor is for functionality in a backwards-compatible manner
VersionMinor = 30
// VersionPatch is for backwards-compatible bug fixes
- VersionPatch = 1
+ VersionPatch = 2
// VersionDev indicates development branch. Releases will be empty string.
VersionDev = ""
diff --git a/vendor/modules.txt b/vendor/modules.txt
index ec7960bc9951..c4aad8b23ab0 100644
--- a/vendor/modules.txt
+++ b/vendor/modules.txt
@@ -171,7 +171,7 @@ github.com/containers/buildah/pkg/sshagent
github.com/containers/buildah/pkg/util
github.com/containers/buildah/pkg/volumes
github.com/containers/buildah/util
-# github.com/containers/common v0.58.3
+# github.com/containers/common v0.58.5
## explicit; go 1.20
github.com/containers/common/internal
github.com/containers/common/internal/attributedstring
@@ -243,7 +243,7 @@ github.com/containers/conmon/runner/config
# github.com/containers/gvisor-tap-vsock v0.7.3
## explicit; go 1.20
github.com/containers/gvisor-tap-vsock/pkg/types
-# github.com/containers/image/v5 v5.30.1
+# github.com/containers/image/v5 v5.30.2
## explicit; go 1.19
github.com/containers/image/v5/copy
github.com/containers/image/v5/directory
--
2.46.0

2193
0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch Normal file
View File

File diff suppressed because it is too large Load Diff

49
0002-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
View File

@ -1,49 +0,0 @@
From 5cc8b46f5e1df5a85ed7b037d6a31219bf58374c Mon Sep 17 00:00:00 2001
From: Danish Prakash <contact@danishpraka.sh>
Date: Wed, 16 Oct 2024 18:48:21 +0530
Subject: [PATCH 2/4] CVE-2024-9407: validate "bind-propagation" flag settings
CVE-2024-9407: validate that the value for the "bind-propagation" flag
when handling "bind" and "cache" mounts in `buildah run` or in RUN
instructions is one of the values that we would accept without the
"bind-propagation=" prefix.
Signed-off-by: Nalin Dahyabhai <nalin@redhat.com>
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
.../containers/buildah/internal/volumes/volumes.go | 12 ++++++++++++
1 file changed, 12 insertions(+)
diff --git a/vendor/github.com/containers/buildah/internal/volumes/volumes.go b/vendor/github.com/containers/buildah/internal/volumes/volumes.go
index 515f846f3499..da6b768fdc21 100644
--- a/vendor/github.com/containers/buildah/internal/volumes/volumes.go
+++ b/vendor/github.com/containers/buildah/internal/volumes/volumes.go
@@ -105,6 +105,12 @@ func GetBindMount(ctx *types.SystemContext, args []string, contextDir string, st
if !hasArgValue {
return newMount, "", fmt.Errorf("%v: %w", argName, errBadOptionArg)
}
+ switch argValue {
+ default:
+ return newMount, "", fmt.Errorf("%v: %q: %w", argName, argValue, errBadMntOption)
+ case "shared", "rshared", "private", "rprivate", "slave", "rslave":
+ // this should be the relevant parts of the same list of options we accepted above
+ }
newMount.Options = append(newMount.Options, argValue)
case "src", "source":
if !hasArgValue {
@@ -277,6 +283,12 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
if !hasArgValue {
return newMount, nil, fmt.Errorf("%v: %w", argName, errBadOptionArg)
}
+ switch argValue {
+ default:
+ return newMount, nil, fmt.Errorf("%v: %q: %w", argName, argValue, errBadMntOption)
+ case "shared", "rshared", "private", "rprivate", "slave", "rslave":
+ // this should be the relevant parts of the same list of options we accepted above
+ }
newMount.Options = append(newMount.Options, argValue)
case "id":
if !hasArgValue {
--
2.46.0

68
0003-Properly-validate-cache-IDs-and-sources.patch
View File

@ -1,68 +0,0 @@
From daca228525b387598a36d7de15a816ee8146b98d Mon Sep 17 00:00:00 2001
From: Danish Prakash <contact@danishpraka.sh>
Date: Tue, 15 Oct 2024 22:39:03 +0530
Subject: [PATCH 3/4] Properly validate cache IDs and sources
The `--mount type=cache` argument to the `RUN` instruction in
Dockerfiles was using `filepath.Join` on user input, allowing
crafted paths to be used to gain access to paths on the host,
when the command should normally be limited only to Buildah;s own
cache and context directories. Switch to `filepath.SecureJoin` to
resolve the issue.
Fixes CVE-2024-9675
Signed-off-by: Matt Heon <mheon@redhat.com>
Signed-off-by: Danish Prakash <contact@danishpraka.sh>
---
.../buildah/internal/volumes/volumes.go | 19 ++++++++++++++-----
1 file changed, 14 insertions(+), 5 deletions(-)
diff --git a/vendor/github.com/containers/buildah/internal/volumes/volumes.go b/vendor/github.com/containers/buildah/internal/volumes/volumes.go
index da6b768fdc21..610e9fcf11b2 100644
--- a/vendor/github.com/containers/buildah/internal/volumes/volumes.go
+++ b/vendor/github.com/containers/buildah/internal/volumes/volumes.go
@@ -23,6 +23,7 @@ import (
"github.com/containers/storage/pkg/idtools"
"github.com/containers/storage/pkg/lockfile"
"github.com/containers/storage/pkg/unshare"
+ digest "github.com/opencontainers/go-digest"
specs "github.com/opencontainers/runtime-spec/specs-go"
selinux "github.com/opencontainers/selinux/go-selinux"
)
@@ -374,7 +375,11 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
return newMount, nil, fmt.Errorf("no stage found with name %s", fromStage)
}
// path should be /contextDir/specified path
- newMount.Source = filepath.Join(mountPoint, filepath.Clean(string(filepath.Separator)+newMount.Source))
+ evaluated, err := copier.Eval(mountPoint, string(filepath.Separator)+newMount.Source, copier.EvalOptions{})
+ if err != nil {
+ return newMount, nil, err
+ }
+ newMount.Source = evaluated
} else {
// we need to create cache on host if no image is being used
@@ -391,11 +396,15 @@ func GetCacheMount(args []string, store storage.Store, imageMountLabel string, a
}
if id != "" {
- newMount.Source = filepath.Join(cacheParent, filepath.Clean(id))
- buildahLockFilesDir = filepath.Join(BuildahCacheLockfileDir, filepath.Clean(id))
+ // Don't let the user control where we place the directory.
+ dirID := digest.FromString(id).Encoded()[:16]
+ newMount.Source = filepath.Join(cacheParent, dirID)
+ buildahLockFilesDir = filepath.Join(BuildahCacheLockfileDir, dirID)
} else {
- newMount.Source = filepath.Join(cacheParent, filepath.Clean(newMount.Destination))
- buildahLockFilesDir = filepath.Join(BuildahCacheLockfileDir, filepath.Clean(newMount.Destination))
+ // Don't let the user control where we place the directory.
+ dirID := digest.FromString(newMount.Destination).Encoded()[:16]
+ newMount.Source = filepath.Join(cacheParent, dirID)
+ buildahLockFilesDir = filepath.Join(BuildahCacheLockfileDir, dirID)
}
idPair := idtools.IDPair{
UID: uid,
--
2.46.0

17944
0004-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
View File

File diff suppressed because it is too large Load Diff

2
_service
View File

@ -2,7 +2,7 @@
<service name="obs_scm" mode="manual">
<param name="url">https://github.com/containers/podman.git</param>
<param name="scm">git</param>
<param name="revision">v5.0.3</param>
<param name="revision">v5.2.5</param>
<param name="versionformat">@PARENT_TAG@</param>
<param name="changesgenerate">enable</param>
<param name="versionrewrite-pattern">v(.*)</param>

2
_servicedata
View File

@ -1,4 +1,4 @@
<servicedata>
<service name="tar_scm">
<param name="url">https://github.com/containers/podman.git</param>
<param name="changesrevision">d08315df35cb6e95f65bf3935f529295c6e54742</param></service></servicedata>
<param name="changesrevision">10c5aa720d59480bc7edad347c1f5d5b75d4424f</param></service></servicedata>

BIN
podman-5.0.3.obscpio (Stored with Git LFS)
View File

Binary file not shown.

BIN
podman-5.2.5.obscpio (Stored with Git LFS) Normal file
View File

Binary file not shown.

645
podman.changes
View File

@ -1,3 +1,648 @@
-------------------------------------------------------------------
Mon Feb 17 09:03:19 UTC 2025 - danish.prakash@suse.com
- Add patch for CVE-2024-11218 (bsc#1236270):
* 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
- Removed patches (merged upstream):
* 0001-pkg-subscriptions-use-securejoin-for-the-container-p.patch
* 0002-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
* 0003-Properly-validate-cache-IDs-and-sources.patch
* 0004-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
- Add missing podman-clean-transient unit
- Update to version 5.2.5:
* Bump to v5.2.5 (bsc#1236507)
* Update release notes for 5.2.5
* Bump c/storage to v1.55.1 and Buildah to v1.37.5
* RPM: remove dup Provides
* Packit: constrain koji and bodhi jobs to fedora package to avoid dupes
* Bump to v5.2.5-dev
* Bump to v5.2.4
* Update release notes for v5.2.4
* Validate the bind-propagation option to `--mount`
* Bump Buildah to v1.37.4
* vendor: update c/common to v0.60.4
* Bump to v5.2.4-dev
* Bump to v5.2.3
* Update release notes for v5.2.3
* [v5.2] Bump Buildah to v1.37.3
* pkg/specgen: allow pasta when running inside userns
* libpod: convert owner IDs only with :idmap
* docs: update read the docs changes
* allow exposed sctp ports
* libpod: setupNetNS() correctly mount netns
* vendor: update c/common to v0.60.3
* [skip-ci] Packit: split out ELN jobs and reuse fedora downstream targets
* [skip-ci] Packit: Enable sidetags for bodhi updates
* build: Update gvisor-tap-vsock to 0.7.5
* CI: podman-machine: do not use cache registry
* [CI:DOCS] Add v5.2.2 lib updates to RELEASE_NOTES.md
* Bump to v5.2.3-dev
* Bump to v5.2.2
* Update RELEASE_NOTES for v5.2.2
* [v5.2] Bump Buildah to v1.37.2, c/common v0.60.2, c/image v5.32.2
* [v5.2] golangci-lint: make darwin linting happy
* [v5.2] golangci-lint: make windows linting happy
* [v5.2] test/e2e: remove kernel version check
* [v5.2] golangci-lint: remove most skip dirs
* [v5.2] set !remote build tags where needed
* [v5.2] update golangci-lint to 1.60.1
* Packit: update targets for propose-downstream
* Create volume path before state initialization
* Update Cirrus DEST_BRANCH
* Bump to v5.2.2-dev
* Bump to v5.2.1
* Update release notes for v5.2.1
* [v5.2] Add zstd:chunked test fix
* [v5.2] Bump Buildah to v1.37.1, c/common v0.60.1, c/image v5.32.1
* libpod: reset state error on init
* libpod: do not save expected stop errors in ctr state
* libpod: fix broken saveContainerError()
* Bump to v5.2.1-dev
* Bump to v5.2.0
* Never skip checkout step in release workflow
* Bump to v5.2.0-dev
* Bump to v5.2.0-rc3
* Update release notes for v5.2.0-rc3
* Tweak versions in register_images.go
* fix network cleanup flake in play kube
* WIP: Fixes for vendoring Buildah
* Add --compat-volumes option to build and farm build
* Bump Buildah, c/storage, c/image, c/common
* libpod: bind ports before network setup
* pkg/api: do not leak config pointers into specgen
* build: Update gvisor-tap-vsock to 0.7.4
* test/system: fix borken pasta interface name checks
* test/system: fix bridge host.containers.internal test
* CI: system tests: instrument to allow failure analysis
* Use uploaded .zip for Windows action
* RPM: podman-iptables.conf only on Fedora
* Bump to v5.2.0-dev
* Bump to v5.2.0-rc2
* Update release notes for v5.2.0-rc2
* test/e2e: fix ncat tests
* libpod: add hidden env to set sqlite timeout
* Add support for StopSignal in quadlet .container files
* podman pod stats: fix race when ctr process exits
* Update module github.com/vbauerster/mpb/v8 to v8.7.4
* libpod: correctly capture healthcheck output
* Bump bundled krunkit to 0.1.2
* podman stats: fix race when ctr process exists
* nc -p considered harmful
* podman pod stats: fix pod rm race
* podman ps: fix racy pod name query
* system connection remove: use Args function to validate
* pkg/machine/compression: skip decompress bar for empty file
* nc -p considered harmful
* podman system df: fix fix ErrNoSuchCtr/Volume race
* podman auto-update: fix ErrNoSuchCtr race
* Fix name for builder in farm connection
* 700-play.bats: use unique pod/container/image/volume names
* safename: consistent within same test, and, dashes
* 700-kube.bats: refactor $PODMAN_TMPDIR/test.yaml
* 700-play.bats: eliminate $testYaml
* 700-play.bats: refactor clumsy yamlfile creation
* 700-play.bats: move _write_test_yaml up near top
* chore(deps): update dependency setuptools to v71
* Expand drop-in search paths * top-level (pod.d) * truncated (unit-.container.d)
* Remove references and checks for --gpus
* Do not crash on invalid filters
* fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.2.0
* Bump to v5.2.0-dev
* Bump to v5.2.0-rc1
* Keep the volume-driver flag deprecated
* Vendor in latest containers(common, storage,image, buildah)
* System tests: safe container/image/volume/etc names
* Implement disable default mounts via command line
* test: drop unmount for overlay
* test: gracefully terminate server
* libpod: shutdown Stop waits for handlers completion
* libpod: cleanup store at shutdown
* Add NetworkAlias= support to quadlet
* cmd: call shutdown handler stop function
* fix race conditions in start/attach logic
* swagger: exlude new docker network types
* vendor: bump c/storage
* update to docker 27
* contrib: use a distinct --pull-option= for each flag
* Update warning message when using external compose provider
* Update module github.com/cyphar/filepath-securejoin to v0.3.0
* Ignore result of EvalSymlinks on ENOENT
* test/upgrade: fix tests when netavark uses nftables
* test/system: fix network reload test with nftables
* test/e2e: rework some --expose tests
* test: remove publish tests from e2e
* CI: test nftables driver on fedora
* CI: use local registry, part 3 of 3: for developers
* CI: use local registry, part 2 of 3: fix tests
* CI: use local registry, part 1 of 3: setup
* CI: test composefs on rawhide
* chore(deps): update module google.golang.org/grpc to v1.64.1 [security]
* chore(deps): update dependency setuptools to ~=70.3.0
* Improve container filenname ambiguity.
* containers/attach: Note bug around goroutine leak
* Drop minikube CI test
* add libkrun test docs
* fix(deps): update module tags.cncf.io/container-device-interface to v0.8.0
* cirrus: check for header files in source code check
* pkg/machine/e2e: run debug command only for macos
* create runtime's worker queue before queuing any job
* test/system: fix pasta host.containers.internal test
* Visual Studio BuildTools as a MinGW alternative
* SetupRootless(): only reexec when needed
* pkg/rootless: simplify reexec for container code
* cirrus: add missing test/tools to danger files
* fix(deps): update module golang.org/x/tools to v0.23.0
* Windows Installer: switch to wix5
* fix(deps): update module golang.org/x/net to v0.27.0
* pkg/machine/e2e: print tests timings at the end
* pkg/machine/e2e: run debug commands after init
* pkg/machine/e2e: improve timeout handling
* libpod: first delete container then cidfile
* fix(deps): update module golang.org/x/term to v0.22.0
* System test fixes
* cirrus.yml: automatic skips based on source
* fix(deps): update module github.com/containers/ocicrypt to v1.2.0
* podman events: fix error race
* chore(deps): update dependency setuptools to ~=70.2.0
* fix(deps): update module github.com/gorilla/schema to v1.4.1 [security]
* Update CI VM images
* pkg/machine/e2e: fix broken cleanup
* pkg/machine/e2e: use tmp file for connections
* test/system: fix podman --image-volume to allow tmpfs storage
* CI: mount tmpfs for container storage
* docs: --network remove missing leading sentence
* specgen: parse devices even with privileged set
* vendor: update c/storage
* Remove the unused machine volume-driver
* feat(quadlet): log option handling
* Error when machine memory exceeds system memory
* machine: Always use --log-file with gvproxy
* CI: Build-Each-Commit test: run only on PRs
* Small fixes for testing libkrun
* Podman machine resets all providers
* Clearly indicate names w/ URLencoded duplicates
* [skip-ci] Packit: split rhel and centos-stream jobs
* apple virtiofs: fix racy mount setup
* cirrus: fix broken macos artifacts URL
* libpod/container_top_linux.c: fix missing header
* refactor(build): improve err when file specified by -f does not exist
* Minor: Remove unhelpful comment
* Update module github.com/openshift/imagebuilder to v1.2.11
* Minor: Rename the OSX Cross task
* [skip-ci] Remove conditionals from changelog
* podman top: join the container userns
* Run linting in parallel with building
* Fix missing Makefile target dependency
* build API: accept platform comma separated
* [skip-ci] RPM: create podman-machine subpackage
* ExitWithError() - more upgrades from Exit()
* test/e2e: remove podman system service tests
* cirrus: reduce int tests timeout
* cirrus: remove redundant skip logic
* pkg/machine/apple: machine stop timeout
* CI: logformatter: link to correct PR base
* Update module github.com/crc-org/crc/v2 to v2.38.0
* ExitWithError(): continued
* test/system: Add test steps for journald log check in quadlet
* restore: fix missing network setup
* podman run use pod userns even with --pod-id-file
* macos-installer: bundle krunkit
* remote API: fix pod top error reporting
* libpod API: return proper error status code for pod start
* fix #22233
* added check for `registry.IsRemote()`. and correct error message.
* fix #20686
* pkg/machine/e2e: Remove unnecessary copy of machine image.
* libpod: intermediate mount if UID not mapped into the userns
* libpod: avoid chowning the rundir to root in the userns
* libpod: do not chmod bind mounts
* libpod: unlock the thread if possible
* CI Cleanup: Remove cgroups v1 support
* ExitWithError() - more upgrades from Exit()
* remote: fix incorrect CONTAINER_CONNECTION parsing
* container: pass KillSignal and StopTimeout to the systemd scope
* libpod: fix comment
* e2e: test container restore in pod by name
* docs: Adds all PushImage supported paramters to openapi docs.
* systests: kube: bump up a timeout
* cirrus.yml: add CI:ALL mode to force all tests
* cirrus.yml: implement skips based on source changes
* CI VMs: bump
* restore: fix container restore into pod
* sqlite_state: Fix RewriteVolumeConfig
* chore(deps): update dependency setuptools to ~=70.1.0
* Quadlet - use specifier for unescaped values for templated container name
* cirrus: check for system test leaks in nightly
* test/system: check for leaks in teardown suite
* test/system: speed up basic_{setup,teardown}()
* test/system: fix up many tests that do not cleanup
* test/system: fix podman --authfile=nonexistent-path
* Update module github.com/containernetworking/plugins to v1.5.1
* Update module github.com/checkpoint-restore/checkpointctl to v1.2.1
* Update module github.com/spf13/cobra to v1.8.1
* Update module github.com/gorilla/schema to v1.4.0
* pkg/machine/wsl: force terminate wsl instance
* pkg/machine/wsl: wrap command errors
* [CI:DOCS] Quadlet - add note about relative path resolution
* CI: do not install python packages at runtime
* Release workflow: Include candidate descriptor
* Minor: Fix indentation in GHA release workflow
* GHA: Send release notification mail
* GHA: Validate release version number
* Remove references to --pull=true and --pull=false
* ExitWithError, continued
* podman: add new hidden flag --pull-option
* [CI:DOCS] Fix typos in podman-build
* infra: mark storageSet when imagestore is changed
* [CI:DOCS] Add jnovy as reviewer and approver
* fix(deps): update module google.golang.org/protobuf to v1.34.2
* refactor(machine,wsl): improve operations of Windows API
* --squash --layers=false should be allowed
* fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.2.0
* update golangci-lint to v1.59.1
* Rename master to main in CONTRIBUTING.md
* podman 5, pasta and inter-container networking
* libpod: do not resuse networking on start
* machine/linux: Switch to virtiofs by default
* machine/linux: Support virtiofs mounts (retain 9p default)
* machine/linux: Use memory-backend-memfd by default
* ExitWithError() - continued
* Enable libkrun provider to open a debug console
* Add new targets on Windows makefile (winmake.ps1)
* fix(deps): update module github.com/docker/docker to v26.1.4+incompatible
* fix(deps): update module github.com/crc-org/crc/v2 to v2.37.1
* fix(deps): update module golang.org/x/tools to v0.22.0
* fix(deps): update module golang.org/x/net to v0.26.0
* libpod: fix 'podman kube generate' on FreeBSD
* fix(deps): update module golang.org/x/sys to v0.21.0
* libpod: do not leak systemd hc startup unit timer
* vendor latest c/common
* pkg/rootless: set _CONTAINERS_USERNS_CONFIGURED correctly
* run bats -T, to profile timing hogs
* test/system: speed up podman ps --external
* test/system: speed up podman network connect/disconnect
* test/system: speed up podman network reload
* test/system: speed up quadlet - pod simple
* test/system: speed up podman parallel build should not race
* test/system: speed up podman cp dir from host to container
* test/system: speed up podman build - workdir, cmd, env, label
* test/system: speed up podman --log-level recognizes log levels
* test/system: remove obsolete debug in net connect/disconnect test
* test/system: speed up quadlet - basic
* test/system: speed up user namespace preserved root ownership
* System tests: add `podman system check` tests
* Add `podman system check` for checking storage consistency
* fix(deps): update module github.com/crc-org/crc/v2 to v2.37.0
* fix(libpod): add newline character to the end of container's hostname file
* fix(deps): update module github.com/openshift/imagebuilder to v1.2.10
* fix(deps): update github.com/containers/image/v5 digest to aa93504
* Fix 5.1 release note re: runlabel
* test/e2e: use local skopeo not image
* fix(deps): update golang.org/x/exp digest to fd00a4e
* [CI:DOCS] Add contrib/podmanimage/stable path back in repo
* chore(deps): update dependency requests to ~=2.32.3
* fix(deps): update github.com/containers/image/v5 digest to 2343e81
* libpod: do not move podman with --cgroups=disabled
* Update release notes on Main to v5.1.0
* test: look at the file base name
* tests: simplify expected output
* Sigh, new VMs again
* Fail earlier when no containers exist in stats
* Add Hyper-V option in windows installer
* libpod: cleanup default cache on system reset
* vendor: update c/image
* test/system: speed up kube generate tmpfs on /tmp
* test/system: speed up podman kube play tests
* test/system: speed up podman shell completion test
* test/system: simplify test signal handling in containers
* test/system: speed up podman container rm ...
* test/system: speed up podman ps - basic tests
* test/system: speed up read-only from containers.conf
* test/system: speed up podman logs - multi ...
* test/system: speed up podman run --name
* Debian: switch to crun
* test/system: speed up podman generate systemd - envar
* test/system: speed up podman-kube@.service template
* test/system: speed up kube play healthcheck initialDelaySeconds
* test/system: speed up exit-code propagation test
* test/system: speed up "podman run --timeout"
* test/system: fix slow kube play --wait with siginterrupt
* undo auto-formatting
* test/system: speed up podman events tests
* Quadlet: Add support for .build files
* test/system: speed up "podman auto-update using systemd"
* test/system: remove podman wait test
* tests: disable tests affected by a race condition
* update golangci-lint to v1.59.0
* kubernetes_support.md: Mark volumeMounts.subPath as supported
* working name of pod on start and stop
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.19.0
* Bump Buildah to v1.36.0
* fix(deps): update module github.com/burntsushi/toml to v1.4.0
* fix typo in Tutorials.rst
* Mac PM test: Require pre-installed rosetta
* test/e2e: fix new error message
* Add configuration for podmansh
* Update containers/common to latest main
* Only stop chowning volumes once they're not empty
* podman: fix --sdnotify=healthy with --rm
* libpod: wait another interval for healthcheck
* quadlet: Add a network requirement on .image units
* test, pasta: Ignore deprecated addresses in tests
* [CI:DOCS] performance: update network docs
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.18.0
* CI: disable minikube task
* [CI:DOCS] Fix windows action trigger
* chore(deps): update dependency setuptools to v70
* Check AppleHypervisor before accessing it
* fix(deps): update module github.com/containernetworking/plugins to v1.5.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.2
* add podman-clean-transient.service service to rootless
* [CI:DOCS] Update podman network docs
* fix incorrect host.containers.internal entry for rootless bridge mode
* vendor latest c/common main
* Add Rosetta support for Apple Silicon mac
* bump main to 5.2.0-dev
* Use a defined constant instead of a hard-coded magic value
* cirrus: use faster VM's for integration tests
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to 01a1a0c
* [CI:DOCS] Fix Mac pkg link
* test: remove test_podman* scripts
* test/system: fix documentation
* Return StatusNotFound when multiple volumes matching occurs
* container_api: do not wait for healtchecks if stopped
* libpod: wait for healthy on main thread
* `podman events`: check for an error after we finish reading events
* remote API: restore v4 payload in container inspect
* Fix updating connection when SSH port conflict happens
* rootless: fix reexec to use /proc/self/exe
* ExitWithError() - enforce required exit status & stderr
* ExitWithError() - a few that I missed
* [skip-ci] Packit: use only one value for `packages` key for `trigger: commit` copr builds
* Revert "Temporarily disable rootless debian e2e testing"
* CI tests: enforce TMPDIR on tmpfs
* use new CI images with tmpfs /tmp
* run e2e test on tmpfs
* Update module github.com/crc-org/crc/v2 to v2.36.0
* Address CVE-2024-3727
* [CI:DOCS] Use checkout@v4 in GH Actions
* ExitWithError() - rmi_test
* ExitWithError() - more r files
* ExitWithError() - s files
* ExitWithError() - more run_xxx tests
* Fix podman-remote support for `podman farm build`
* [CI:DOCS] Trigger windows installer action properly
* Revert "container stop: kill conmon"
* Ensure that containers do not get stuck in stopping
* [CI:DOCS] Improvements to make validatepr
* ExitWithError() - rest of the p files
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.58.1
* Graceful shutdown during podman kube down
* Remove duplicate call
* test/system: fix broken "podman volume globs" test
* Quadlet/Container: Add GroupAdd option
* Don't panic if a runtime was configured without paths
* update c/{buildah,common,image,storage} to latest main
* update golangci-lint to 1.58
* machine: Add LibKrun provider detection
* ExitWithError() - continue tightening
* fix(deps): update module google.golang.org/protobuf to v1.34.1
* test: improve test for powercap presence
* fix(deps): update module github.com/onsi/ginkgo/v2 to v2.17.3
* fix(deps): update module go.etcd.io/bbolt to v1.3.10
* fix(deps): update module golang.org/x/tools to v0.21.0
* [skip-ci] RPM: `bats` required only on Fedora
* fix(deps): update module golang.org/x/exp to v0.0.0-20240506185415-9bf2ced13842
* gpdate and remove parameter settings in `.golangci.yml`
* ExitWithError() - play_kube_test.go
* Temporarily disable rootless debian e2e testing
* fix(deps): update module golang.org/x/crypto to v0.23.0
* CI Docs: Clarify passthrough_envars() comments
* Skip machine tests if they don't need to be run
* Update CI VMs to F40, F39, D13
* ExitWithError() - v files
* Update module golang.org/x/term to v0.20.0
* machine: Add provider detection API
* util: specify a not empty pause dir for root too
* Add missing option 'healthy' to output of `podman run --help`
* [CI:DOCS] Add info on the quay.io images to the README.md
* Add a random suffix to healthcheck unit names
* test/e2e: remove toolbox image
* Also substitute $HOME in runlabel with user's homedir
* Update module github.com/cyphar/filepath-securejoin to v0.2.5
* Change tmpDir for macOS
* ExitWithError() - pod_xxx tests
* ExitWithError() -- run_test.go
* Update module golang.org/x/exp to v0.0.0-20240416160154-fe59bbe5cc7f
* Update module github.com/shirou/gopsutil/v3 to v3.24.4
* Update module github.com/docker/docker to v26.1.1+incompatible
* GHA: Attempt fix exceeded a secondary rate limit
* vendor ginkgo 2.17.2 into test/tools
* Fix machine volumes with long path and paths with dashes
* Update module google.golang.org/protobuf to v1.34.0
* Update module github.com/crc-org/crc/v2 to v2.35.0
* Update module github.com/onsi/gomega to v1.33.1
* test/e2e: podman unshare image mount fix tmpdir leak
* test/e2e: do not leak /tmp/private_file
* test/e2e: "persistentVolumeClaim with source" do not leak file
* e2e tests: use /var/tmp, not $TMPDIR, as workdirs
* Update dependency pytest to v8.1.2
* Remove unncessary lines at the end of specfile summary
* Clean machine pull cache
* Add krun support to podman machine
* Use custom image for make validatepr
* test/e2e: force systemd cgroup manager
* e2e and bindings tests: fix $PATH setup
* Makefile: remove useless HACK variable in e2e test
* test/e2e: fix volumes and suid/dev/exec options
* test/e2e: volumes and suid/dev/exec options works remote
* test/e2e: fix limits test
* Update module github.com/rootless-containers/rootlesskit/v2 to v2.1.0
* Correct option name `ip` -> `ip6`
* Add the ability to automount images as volumes via play
* Add support for image volume subpaths
* Bump Buildah to latest main
* Update Makefile to Go 1.22 for in-container
* ExitWithError() - yet more low-hanging fruit
* ExitWithError() - more low-hanging fruit
* ExitWithError() - low-hanging fruit
* chore: fix function names in comment
* Remove redundant Prerequisite before build section
* Remove PKG_CONFIG_PATH
* Add installation instructions for openSUSE
* Replace golang.org/x/exp/slices with slices from std
* Update to go 1.21
* fix(deps): update module github.com/docker/docker to v26.1.0+incompatible
* [CI:DOCS] Fix artifact action
* [skip-ci] Packit/rpm: remove el8 jobs and spec conditionals
* e2e tests: stop littering
* [CI:DOCS] format podman-pull example as code
* [CI:DOCS] Build & upload release artifacts with GitHub Actions
* libpod: getHealthCheckLog() remove unessesary check
* add containers.conf healthcheck_events support
* vendor latest c/common
* libpod: make healthcheck events more efficient
* libpod: wrap store setup error message
* [skip-ci] Packit: enable CentOS 10 Stream build jobs
* pkg/systemd: use fileutils.(Le|E)xists
* pkg/bindings: use fileutils.(Le|E)xists
* pkg/util: use fileutils.(Le|E)xists
* pkg/trust: use fileutils.(Le|E)xists
* pkg/specgen: use fileutils.(Le|E)xists
* pkg/rootless: use fileutils.(Le|E)xists
* pkg/machine: use fileutils.(Le|E)xists
* pkg/domain: use fileutils.(Le|E)xists
* pkg/api: use fileutils.(Le|E)xists
* libpod: use fileutils.(Le|E)xists
* cmd: use fileutils.(Le|E)xists
* vendor: update containers/{buildah,common,image,storage}
* fix(deps): update module github.com/docker/docker to v26.0.2+incompatible [security]
* fix podman-pod-restart.1.md typo
* [skip-ci] Packit: switch to EPEL instead of centos-stream+epel-next
* fix(deps): update module github.com/onsi/gomega to v1.33.0
* Add more annnotation information to podman kupe play man page
* test/compose: remove compose v1 code
* CI: remove compose v1 tests
* fix: close resource file
* [CI:DOCS] Fix windows installer action
* fix(deps): update module tags.cncf.io/container-device-interface to v0.7.2
* add `list` as an alias to list networks
* Add support for updating restart policy
* Add Compat API for Update
* Make `podman update` changes persistent
* Emergency fix (well, skip) for failing bud tests
* fix swagger doc for manifest create
* [CI:DOCS] options/network: fix markdown lists
* Makefile: do not hardcode `GOOS` in `podman-remote-static` target
* chore(deps): update module golang.org/x/crypto to v0.17.0 [security]
* chore(deps): update dependency setuptools to ~=69.5.0
* Fix some comments
* swagger fix infinitive recursion on some types
* install swagger from source
* Revert "Swap out javascript engine"
* podman exec CID without command should exit 125
* (minor) prefetch systemd image before use
* Update go-swagger version
* Swap out javascript engine
* fix(deps): update module github.com/docker/docker to v26.0.1+incompatible
* Add os, arch, and ismanifest to libpod image list
* [CI:DOCS]Initial PR validation
* fix(deps): update github.com/containers/gvisor-tap-vsock digest to d744d71
* vendor ginkgo 2.17.1 into test/tools
* fix "concurrent map writes" in network ls compat endpoint
* chore(deps): update dependency pytest to v8
* e2e: redefine ExitWithError() to require exit code
* docs: fix missleading run/create --expose description
* podman ps: show exposed ports under PORTS as well
* rootless: drop function ReadMappingsProc
* fix(deps): update module github.com/vbauerster/mpb/v8 to v8.7.3
* New CI VMs, to give us pasta 2024-04-05
* Add big warning to GHA workflow
* GHA: Fix intermittent workflow error
* fix(deps): update module golang.org/x/tools to v0.20.0
* e2e tests: remove requirement for fuse-overlayfs
* docs: update Quadlet volume Options desc
* fix(deps): update module golang.org/x/sync to v0.7.0
* Fix relabeling failures with Z/z volumes on Mac
* fix(deps): update module golang.org/x/net to v0.24.0
* Makefile: fix annoying errors in docs generation
* chore: fix function names in comment
* Bump tags.cncf.io/container-device-interface to v0.7.1
* fix(deps): update module golang.org/x/crypto to v0.22.0
* Detect unhandled reboots and require user intervention
* podman --runroot: remove 50 char length restriction
* update github.com/rootless-containers/rootlesskit to v2
* Update module github.com/gorilla/schema to v1.3.0
* Update dependency requests-mock to ~=1.12.1
* Update module github.com/crc-org/crc/v2 to v2.34.1
* rm --force work for more than one arg
* [CI:DOCS] Update kube docs
* fix(deps): update module github.com/shirou/gopsutil/v3 to v3.24.3
* [CI:DOCS] Add GitHub action to update version on Podman.io
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.2
* Windows: clean up temporary perl install
* pkg/util: FindDeviceNodes() ignore ENOENT errors
* [CI:DOCS] build deps: make-validate needs docs
* test/system: add rootless-netns test for setup errors
* vendor latest c/common main
* container: do not chown to dest target with U
* [CI:DOCS] golangci-lint: update deprecated flags
* systests: conditionalize slirp4netns tests
* CI: systests: instrument flaky tests
* s3fs docs
* test: do not skip tests under rootless
* Add note about host networking to Kube PublishPort option
* Inject additional build tags from the environment
* libpod: use original IDs if idmap is provided
* Switch back to checking out the same branch the action script runs in
* docs/podman-login: Give an example of writing the persistent path
* CI: Bump VMs to 2024-03-28
* [skip-ci] Update dawidd6/action-send-mail action to v3.12.0
* fix(deps): update module github.com/openshift/imagebuilder to v1.2.7
* Fix reference to deprecated types.Info
* Use logformatter for podman_machine_windows_task
* applehv: Print vfkit logs in --log-level debug
* [CI:DOCS]Add Mario to reviewers list
* [CI:DOCS] Document CI-maintenance job addition
* Add golang 1.21 update warning
* Add rootless network command to `podman info`
* libpod: don't warn about cgroupsv1 on FreeBSD
* hyperv: error if not admin
* Properly parse stderr when updating container status
* [skip-ci] Packit: specify fedora-latest in propose-downstream
* Use built-in ssh impl for all non-pty operations
* Add support for annotations
* hyperv: fix machine rm -r
* [skip-ci] Packit: Enable CentOS Stream 10 update job
* 5.0 release note fix typo in cgroupv1 env var
* fix remote build isolation on client side
* chore: remove repetitive words
* Dont save remote context in temp file but stream and extract
* fix remote build isolation when server runs as root
* util: use private propagation with bind
* util: add some tests for ProcessOptions
* util: refactor ProcessOptions into an internal function
* util: rename files to snake case
* Add LoongArch support for libpod
* fix(deps): update github.com/containers/common digest to bc5f97c
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.1
* fix(deps): update module github.com/docker/docker to v25.0.5+incompatible [security]
* fix(deps): update module github.com/onsi/gomega to v1.32.0
* [CI:DOCS] Update dependency golangci/golangci-lint to v1.57.0
* Update module github.com/cpuguy83/go-md2man/v2 to v2.0.4
* Fix type-o
* Use correct extension in suite
* minikube: instrument tests, to allow debugging failures
* libpod: restart always reconfigure the netns
* use new c/common pasta2 setup logic to fix dns
* utils: drop conversion float->string->float
* utils: do not generate duplicate range
* logformatter: handle Windows logs
* utils: add test for the new function
* utils: move rootless code to a new function
* CVE-2024-1753 fix for main
* xref-helpmsgs-manpages: cross-check Commands.rst
* test/system: Add support for multipath routes in pasta networking tests
* [skip-ci] rpm: use macro supported vendoring
* Adjust to the standard location of gvforwarder used in new images
* Makefile: add target `podman-remote-static`
* Switch to 5.x WSL machine os stream using new automation
* Cleanup build scratch dir if remote end disconnects while passing the context
* bump main to 5.1.0-dev
* Use faster gzip for compression for 3x speedup for sending large contexts to remote
* pkg/machine: make checkExclusiveActiveVM race free
* pkg/machine/wsl: remove unused CheckExclusiveActiveVM()
* pkg/machine: CheckExclusiveActiveVM should also check for starting
* pkg/machine: refresh config after we hold lock
* Update dependency setuptools to ~=69.2.0
* [skip-ci] rpm: update containers-common dep on f40+
* fix invalid HTTP header values when hijacking a connection
* Add doc to build podman on windows without MSYS
* Removing CRI-O related annotations
* fix(deps): update module github.com/containers/ocicrypt to v1.1.10
* Pass the restart policy to the individual containers
* kube play: always pull when both imagePullPolicy and tag are missing
-------------------------------------------------------------------
Tue Oct 22 08:24:37 UTC 2024 - Danish Prakash <danish.prakash@suse.com>

6
podman.obsinfo
View File

@ -1,4 +1,4 @@
name: podman
version: 5.0.3
mtime: 1715355434
commit: d08315df35cb6e95f65bf3935f529295c6e54742
version: 5.2.5
mtime: 1729263108
commit: 10c5aa720d59480bc7edad347c1f5d5b75d4424f

14
podman.spec
View File

@ -22,7 +22,7 @@
%bcond_without apparmor
Name: podman
Version: 5.0.3
Version: 5.2.5
Release: 0
Summary: Daemon-less container engine for managing containers, pods and images
License: Apache-2.0
@ -30,10 +30,7 @@ Group: System/Management
URL: https://%{project}
Source0: %{name}-%{version}.tar.gz
Source1: podman.conf
Patch0: 0001-pkg-subscriptions-use-securejoin-for-the-container-p.patch
Patch1: 0002-CVE-2024-9407-validate-bind-propagation-flag-setting.patch
Patch2: 0003-Properly-validate-cache-IDs-and-sources.patch
Patch3: 0004-Use-securejoin.SecureJoin-when-forming-userns-paths.patch
Patch0: 0001-vendor-bump-buildah-to-1.37.6-CVE-2024-11218.patch
BuildRequires: bash-completion
BuildRequires: device-mapper-devel
BuildRequires: fdupes
@ -224,6 +221,7 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%{_userunitdir}/podman-kube@.service
%{_userunitdir}/podman-restart.service
%{_userunitdir}/podman-auto-update.timer
%{_userunitdir}/podman-clean-transient.service
%{_systemdusergeneratordir}/podman-user-generator
%{_systemdgeneratordir}/podman-system-generator
%ghost /run/podman
@ -261,14 +259,14 @@ install -m 0644 -t %{buildroot}%{_prefix}/lib/modules-load.d/ %{SOURCE1}
%post
%service_add_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%tmpfiles_create %{_tmpfilesdir}/podman.conf
%systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
%systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%preun
%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
%systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%postun
%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer
%systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service
%changelog