From cdefaa36b00eadc74eb116cecb4b1a4dc67a31f593e29fb78c331e58b65ca129 Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Wed, 8 Feb 2023 09:52:35 +0000 Subject: [PATCH 1/6] Accepting request 1063041 from home:dancermak:branches:devel:microos New upstream release 4.4.0 OBS-URL: https://build.opensuse.org/request/show/1063041 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=14 --- ...issing-hostPort-to-containerPort-is-.patch | 93 --- ...y-for-picking-the-storage-driver-con.patch | 264 -------- ...e-graphdriver-to-vfs-if-the-priority.patch | 44 -- _service | 2 +- _servicedata | 2 +- podman-4.3.1.tar.xz | 3 - podman-4.4.0.tar.xz | 3 + podman.changes | 604 ++++++++++++++++++ podman.spec | 54 +- 9 files changed, 620 insertions(+), 449 deletions(-) delete mode 100644 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch delete mode 100644 0002-Make-the-priority-for-picking-the-storage-driver-con.patch delete mode 100644 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch delete mode 100644 podman-4.3.1.tar.xz create mode 100644 podman-4.4.0.tar.xz diff --git a/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch b/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch deleted file mode 100644 index 404f197..0000000 --- a/0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch +++ /dev/null @@ -1,93 +0,0 @@ -From 07151aaec3312b3235847106cfd76608c2d823e5 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Wed, 7 Dec 2022 17:28:39 +0100 -Subject: [PATCH] Revert "Default missing hostPort to containerPort is defined - in kube.yaml" - -This reverts commit f5fc0960e5eddf64a7d8fbf8fbfd3652b4ee5db3. ---- - pkg/specgen/generate/kube/kube.go | 3 --- - test/e2e/play_kube_test.go | 6 ++++++ - test/system/700-play.bats | 24 ------------------------ - 3 files changed, 6 insertions(+), 27 deletions(-) - -diff --git a/pkg/specgen/generate/kube/kube.go b/pkg/specgen/generate/kube/kube.go -index 5186a2f72..b707c52a2 100644 ---- a/pkg/specgen/generate/kube/kube.go -+++ b/pkg/specgen/generate/kube/kube.go -@@ -918,9 +918,6 @@ func getPodPorts(containers []v1.Container) []types.PortMapping { - if p.HostPort != 0 && p.ContainerPort == 0 { - p.ContainerPort = p.HostPort - } -- if p.HostPort == 0 && p.ContainerPort != 0 { -- p.HostPort = p.ContainerPort -- } - if p.Protocol == "" { - p.Protocol = "tcp" - } -diff --git a/test/e2e/play_kube_test.go b/test/e2e/play_kube_test.go -index 97823e232..6fe299b38 100644 ---- a/test/e2e/play_kube_test.go -+++ b/test/e2e/play_kube_test.go -@@ -133,6 +133,8 @@ spec: - containers: - - name: podnameEqualsContainerNameYaml - image: quay.io/libpod/alpine:latest -+ ports: -+ - containerPort: 80 - ` - - var podWithoutAName = ` -@@ -237,6 +239,8 @@ spec: - - "1.5" - name: alpine - image: quay.io/libpod/alpine:latest -+ ports: -+ - containerPort: 80 - livenessProbe: - exec: - command: -@@ -270,6 +274,8 @@ spec: - - "1.5" - name: alpine - image: quay.io/libpod/alpine:latest -+ ports: -+ - containerPort: 80 - livenessProbe: - exec: - command: -diff --git a/test/system/700-play.bats b/test/system/700-play.bats -index 5f3eb1ef2..3ff1e1ed6 100644 ---- a/test/system/700-play.bats -+++ b/test/system/700-play.bats -@@ -392,27 +392,3 @@ status: {} - run_podman rm -a -f - run_podman rm -f -t0 myyaml - } -- --@test "podman kube play - hostport" { -- HOST_PORT=$(random_free_port) -- echo " --apiVersion: v1 --kind: Pod --metadata: -- labels: -- app: test -- name: test_pod --spec: -- containers: -- - name: server -- image: $IMAGE -- ports: -- - name: hostp -- containerPort: $HOST_PORT --" > $PODMAN_TMPDIR/testpod.yaml -- -- run_podman kube play $PODMAN_TMPDIR/testpod.yaml -- run_podman pod inspect test_pod --format "{{.InfraConfig.PortBindings}}" -- assert "$output" = "map[$HOST_PORT/tcp:[{ $HOST_PORT}]]" -- run_podman kube down $PODMAN_TMPDIR/testpod.yaml --} --- -2.38.1 - diff --git a/0002-Make-the-priority-for-picking-the-storage-driver-con.patch b/0002-Make-the-priority-for-picking-the-storage-driver-con.patch deleted file mode 100644 index e2e3e79..0000000 --- a/0002-Make-the-priority-for-picking-the-storage-driver-con.patch +++ /dev/null @@ -1,264 +0,0 @@ -From 575166520c8f7e9c46b63bc2b47721512613614b Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Tue, 3 Jan 2023 16:34:25 +0100 -Subject: [PATCH 1/2] Make the priority for picking the storage driver - configurable -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This fixes https://github.com/containers/storage/issues/1457 - -Co-authored-by: Valentin Rothberg -Signed-off-by: Dan Čermák ---- - .../containers/storage/drivers/driver.go | 18 +++- - vendor/github.com/containers/storage/store.go | 89 ++++++++++--------- - .../containers/storage/types/options.go | 14 ++- - 3 files changed, 71 insertions(+), 50 deletions(-) - -diff --git a/vendor/github.com/containers/storage/drivers/driver.go b/vendor/github.com/containers/storage/drivers/driver.go -index 7d96ebe54..68d1956b8 100644 ---- a/vendor/github.com/containers/storage/drivers/driver.go -+++ b/vendor/github.com/containers/storage/drivers/driver.go -@@ -312,6 +312,7 @@ func getBuiltinDriver(name, home string, options Options) (Driver, error) { - type Options struct { - Root string - RunRoot string -+ DriverPriority []string - DriverOptions []string - UIDMaps []idtools.IDMap - GIDMaps []idtools.IDMap -@@ -327,9 +328,18 @@ func New(name string, config Options) (Driver, error) { - - // Guess for prior driver - driversMap := scanPriorDrivers(config.Root) -- for _, name := range priority { -- if name == "vfs" { -- // don't use vfs even if there is state present. -+ -+ // use the supplied priority list unless it is empty -+ prioList := config.DriverPriority -+ if len(prioList) == 0 { -+ prioList = priority -+ } -+ -+ for _, name := range prioList { -+ if name == "vfs" && len(config.DriverPriority) == 0 { -+ // don't use vfs even if there is state present and vfs -+ // has not been explicitly added to the override driver -+ // priority list - continue - } - if _, prior := driversMap[name]; prior { -@@ -362,7 +372,7 @@ func New(name string, config Options) (Driver, error) { - } - - // Check for priority drivers first -- for _, name := range priority { -+ for _, name := range prioList { - driver, err := getBuiltinDriver(name, config.Root, config) - if err != nil { - if isDriverNotSupported(err) { -diff --git a/vendor/github.com/containers/storage/store.go b/vendor/github.com/containers/storage/store.go -index fb1faaa13..7dc8df948 100644 ---- a/vendor/github.com/containers/storage/store.go -+++ b/vendor/github.com/containers/storage/store.go -@@ -606,29 +606,30 @@ type ContainerOptions struct { - } - - type store struct { -- lastLoaded time.Time -- runRoot string -- graphLock Locker -- usernsLock Locker -- graphRoot string -- graphDriverName string -- graphOptions []string -- pullOptions map[string]string -- uidMap []idtools.IDMap -- gidMap []idtools.IDMap -- autoUsernsUser string -- additionalUIDs *idSet // Set by getAvailableIDs() -- additionalGIDs *idSet // Set by getAvailableIDs() -- autoNsMinSize uint32 -- autoNsMaxSize uint32 -- graphDriver drivers.Driver -- layerStore LayerStore -- roLayerStores []ROLayerStore -- imageStore ImageStore -- roImageStores []ROImageStore -- containerStore ContainerStore -- digestLockRoot string -- disableVolatile bool -+ lastLoaded time.Time -+ runRoot string -+ graphLock Locker -+ usernsLock Locker -+ graphRoot string -+ graphDriverName string -+ graphOptions []string -+ graphDriverPriority []string -+ pullOptions map[string]string -+ uidMap []idtools.IDMap -+ gidMap []idtools.IDMap -+ autoUsernsUser string -+ additionalUIDs *idSet // Set by getAvailableIDs() -+ additionalGIDs *idSet // Set by getAvailableIDs() -+ autoNsMinSize uint32 -+ autoNsMaxSize uint32 -+ graphDriver drivers.Driver -+ layerStore LayerStore -+ roLayerStores []ROLayerStore -+ imageStore ImageStore -+ roImageStores []ROImageStore -+ containerStore ContainerStore -+ digestLockRoot string -+ disableVolatile bool - } - - // GetStore attempts to find an already-created Store object matching the -@@ -724,21 +725,22 @@ func GetStore(options types.StoreOptions) (Store, error) { - autoNsMaxSize = AutoUserNsMaxSize - } - s := &store{ -- runRoot: options.RunRoot, -- graphLock: graphLock, -- graphRoot: options.GraphRoot, -- graphDriverName: options.GraphDriverName, -- graphOptions: options.GraphDriverOptions, -- uidMap: copyIDMap(options.UIDMap), -- gidMap: copyIDMap(options.GIDMap), -- autoUsernsUser: options.RootAutoNsUser, -- autoNsMinSize: autoNsMinSize, -- autoNsMaxSize: autoNsMaxSize, -- additionalUIDs: nil, -- additionalGIDs: nil, -- usernsLock: usernsLock, -- disableVolatile: options.DisableVolatile, -- pullOptions: options.PullOptions, -+ runRoot: options.RunRoot, -+ graphLock: graphLock, -+ graphRoot: options.GraphRoot, -+ graphDriverName: options.GraphDriverName, -+ graphDriverPriority: options.GraphDriverPriority, -+ graphOptions: options.GraphDriverOptions, -+ uidMap: copyIDMap(options.UIDMap), -+ gidMap: copyIDMap(options.GIDMap), -+ autoUsernsUser: options.RootAutoNsUser, -+ autoNsMinSize: autoNsMinSize, -+ autoNsMaxSize: autoNsMaxSize, -+ additionalUIDs: nil, -+ additionalGIDs: nil, -+ usernsLock: usernsLock, -+ disableVolatile: options.DisableVolatile, -+ pullOptions: options.PullOptions, - } - if err := s.load(); err != nil { - return nil, err -@@ -868,11 +870,12 @@ func (s *store) getGraphDriver() (drivers.Driver, error) { - return s.graphDriver, nil - } - config := drivers.Options{ -- Root: s.graphRoot, -- RunRoot: s.runRoot, -- DriverOptions: s.graphOptions, -- UIDMaps: s.uidMap, -- GIDMaps: s.gidMap, -+ Root: s.graphRoot, -+ RunRoot: s.runRoot, -+ DriverOptions: s.graphOptions, -+ DriverPriority: s.graphDriverPriority, -+ UIDMaps: s.uidMap, -+ GIDMaps: s.gidMap, - } - driver, err := drivers.New(s.graphDriverName, config) - if err != nil { -diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go -index 4c873b45f..4fbe512a9 100644 ---- a/vendor/github.com/containers/storage/types/options.go -+++ b/vendor/github.com/containers/storage/types/options.go -@@ -19,6 +19,7 @@ import ( - type TomlConfig struct { - Storage struct { - Driver string `toml:"driver,omitempty"` -+ DriverPriority []string `toml:"driver_priority,omitempty"` - RunRoot string `toml:"runroot,omitempty"` - GraphRoot string `toml:"graphroot,omitempty"` - RootlessStoragePath string `toml:"rootless_storage_path,omitempty"` -@@ -189,10 +190,16 @@ type StoreOptions struct { - // RootlessStoragePath is the storage path for rootless users - // default $HOME/.local/share/containers/storage - RootlessStoragePath string `toml:"rootless_storage_path"` -- // GraphDriverName is the underlying storage driver that we'll be -- // using. It only needs to be specified the first time a Store is -- // initialized for a given RunRoot and GraphRoot. -+ // If the driver is not specified, the best suited driver will be picked -+ // either from GraphDriverPriority, if specified, or from the platform -+ // dependent priority list (in that order). - GraphDriverName string `json:"driver,omitempty"` -+ // GraphDriverPriority is a list of storage drivers that will be tried -+ // to initialize the Store for a given RunRoot and GraphRoot unless a -+ // GraphDriverName is set. -+ // This list can be used to define a custom order in which the drivers -+ // will be tried. -+ GraphDriverPriority []string `json:"driver-priority,omitempty"` - // GraphDriverOptions are driver-specific options. - GraphDriverOptions []string `json:"driver-options,omitempty"` - // UIDMap and GIDMap are used for setting up a container's root filesystem -@@ -357,6 +364,7 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) erro - if storeOptions.GraphDriverName == "" { - logrus.Errorf("The storage 'driver' option must be set in %s to guarantee proper operation", configFile) - } -+ storeOptions.GraphDriverPriority = config.Storage.DriverPriority - if config.Storage.RunRoot != "" { - storeOptions.RunRoot = config.Storage.RunRoot - } --- -2.39.0 - - -From de3c3805b23abf90ce1300cf78686411abc57644 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Fri, 6 Jan 2023 08:22:57 +0100 -Subject: [PATCH 2/2] Only warn about 'driver' not being set if the priority - list is unset -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Currently we would display an error when the user does not specify a `driver` in -their config file. This has been present for historical reasons mostly to -prevent users from accidentally getting the vfs -driver (https://github.com/containers/storage/pull/1460#issuecomment-1370866271). Now -that most systems support the overlay driver natively, we can reduce this to a -warning and only warn about it if the driver_priority list is unset. If it is -provided, then clearly the user or the distribution wanted for c/storage to pick -a driver itself and the warning would be only confusing to users. - -Signed-off-by: Dan Čermák ---- - vendor/github.com/containers/storage/types/options.go | 6 +++--- - 1 file changed, 3 insertions(+), 3 deletions(-) - -diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go -index 4fbe512a9..e87f458cc 100644 ---- a/vendor/github.com/containers/storage/types/options.go -+++ b/vendor/github.com/containers/storage/types/options.go -@@ -361,10 +361,10 @@ func ReloadConfigurationFile(configFile string, storeOptions *StoreOptions) erro - logrus.Warnf("Switching default driver from overlay2 to the equivalent overlay driver") - storeOptions.GraphDriverName = overlayDriver - } -- if storeOptions.GraphDriverName == "" { -- logrus.Errorf("The storage 'driver' option must be set in %s to guarantee proper operation", configFile) -- } - storeOptions.GraphDriverPriority = config.Storage.DriverPriority -+ if storeOptions.GraphDriverName == "" && len(storeOptions.GraphDriverPriority) == 0 { -+ logrus.Warnf("The storage 'driver' option should be set in %s. A driver was picked automatically.", configFile) -+ } - if config.Storage.RunRoot != "" { - storeOptions.RunRoot = config.Storage.RunRoot - } --- -2.39.0 - diff --git a/0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch b/0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch deleted file mode 100644 index efb01bb..0000000 --- a/0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch +++ /dev/null @@ -1,44 +0,0 @@ -From 3f6a1954ff440959adcc44cc58372ed13ae2dbb3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= -Date: Fri, 13 Jan 2023 14:39:54 +0100 -Subject: [PATCH] Only override the graphdriver to vfs if the priority is unset -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This is an amend to https://github.com/containers/storage/pull/1460 - -That PR was not addressing the case when the system wide config had the -driver_priority option configured and the user had no config file of their -own. Then `getRootlessStorageOpts` would be called and it would override the -graph driver to "vfs". - -With this commit we only override the graph driver if driver priority is -empty. Otherwise we propagate the driver priority into the storage options, so -that the driver autodetection works as expected. - -Signed-off-by: Dan Čermák ---- - vendor/github.com/containers/storage/types/options.go | 6 +++++- - 1 file changed, 5 insertions(+), 1 deletion(-) - -diff --git a/vendor/github.com/containers/storage/types/options.go b/vendor/github.com/containers/storage/types/options.go -index e87f458cc..eb7142ff2 100644 ---- a/vendor/github.com/containers/storage/types/options.go -+++ b/vendor/github.com/containers/storage/types/options.go -@@ -274,7 +274,11 @@ func getRootlessStorageOpts(rootlessUID int, systemOpts StoreOptions) (StoreOpti - } - } - if opts.GraphDriverName == "" { -- opts.GraphDriverName = "vfs" -+ if len(systemOpts.GraphDriverPriority) == 0 { -+ opts.GraphDriverName = "vfs" -+ } else { -+ opts.GraphDriverPriority = systemOpts.GraphDriverPriority -+ } - } - - if os.Getenv("STORAGE_OPTS") != "" { --- -2.39.0 - diff --git a/_service b/_service index 198b2ca..28ef3ef 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/containers/podman.git git - v4.3.1 + v4.4.0 @PARENT_TAG@ enable v(.*) diff --git a/_servicedata b/_servicedata index c03bcd9..644a522 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/containers/podman.git - 814b7b003cc630bf6ab188274706c383f9fb9915 \ No newline at end of file + 3443f453e28169a88848f90a7ce3137fc4a4bebf \ No newline at end of file diff --git a/podman-4.3.1.tar.xz b/podman-4.3.1.tar.xz deleted file mode 100644 index 2795355..0000000 --- a/podman-4.3.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:7d3ba29fb78a56d63c8fc3f27560dcdbb2391c62c0b3b4600ebce66dd449fa86 -size 7652828 diff --git a/podman-4.4.0.tar.xz b/podman-4.4.0.tar.xz new file mode 100644 index 0000000..811d96d --- /dev/null +++ b/podman-4.4.0.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:37c47b435beef7d47dd3cfa471146a056ac97673bfb1096e6b77ac1e329fe978 +size 8693484 diff --git a/podman.changes b/podman.changes index 0eace8a..21e1fa6 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,607 @@ +------------------------------------------------------------------- +Thu Feb 02 12:57:45 UTC 2023 - dcermak@suse.com + +- Remove patches (merged upstream or resolved otherwise): + * 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch + * 0002-Make-the-priority-for-picking-the-storage-driver-con.patch + * 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch + +- remove long obsolete update scriptlets + +- Update to version 4.4.0: + * Bump to v4.4.0 + * Final release notes for v4.4.0 + * Emergency fix for RHEL8 gating tests + * Do not mount /dev/tty into rootless containers + * Fixes port collision issue on use of --publish-all + * Fix usage of absolute windows paths with --image-path + * fix #17244: use /etc/timezone where `timedatectl` is missing on Linux + * podman-events: document verbose create events + * Making gvproxy.exe optional for building Windows installer + * Add gvproxy to Windows packages + * Match VT device paths to be blocked from mounting exactly + * Clean up more language for inclusiveness + * Set runAsNonRoot=true in gen kube + * quadlet: Add device support for .volume files + * fix: running check error when podman is default in wsl + * fix: don't output "ago" when container is currently up and running + * journald: podman logs only show logs for current user + * journald: podman events only show events for current user + * Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) + * DB: make loading container states optional + * ps: do not sync container + * Allow --device-cgroup-rule to be passed in by docker API + * [v4.4] Bump to Buildah v1.29.0 + * Bump to v4.4.0-dev + * Bump to v4.4.0-RC3 + * Create release notes for v4.4.0 + * Cirrus: Update operating branch + * fix APIv2 python attach test flake + * ps: query health check in batch mode + * make example volume import, not import volume + * Correct output when inspecting containers created with --ipc + * Vendor containers/(storage, image, common, buildah) + * Get correct username in pod when using --userns=keep-id + * ps: get network data in batch mode + * build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 + * add hack/perf for comparing two container engines + * systems: retrofit dns options test to honor other search domains + * ps: do not create copy of container config + * libpod: set search domain independently of nameservers + * libpod,netavark: correctly populate /etc/resolv.conf with custom dns server + * podman: relay custom DNS servers to network stack + * (fix) mount_program is in storage.options.overlay + * Change example target to default in doc + * network create: do not allow `default` as name + * kube-play: add support for HostPID in podSpec + * build(deps): bump github.com/docker/docker + * Let's see if #14653 is fixed or not + * Add support for podman build --group-add + * vendor in latests containers/(storage, common, build, image) + * unskip network update test + * do not install swagger by default + * pasta: skip "Local forwarder, IPv4" test + * add testbindings Makefile target + * update CI images to include pasta + * [CI:DOCS] Add CNI deprecation notices to documentation + * Cirrus: preserve podman-server logs + * waitPidStop: reduce sleep time to 10ms + * StopContainer: return if cleanup process changed state + * StopSignal: add a comment + * StopContainer: small refactor + * waitPidStop: simplify code + * e2e tests: reenable long-skipped build test + * Add openssh-clients to podmanimage + * Reworks Windows smoke test to tunnel through interactive session. + * fix bud-multiple-platform-with-base-as-default-arg flake + * Remove ReservedAnnotations from kube generate specification + * e2e: update test/README.md + * e2e: use isRootless() instead of rootless.IsRootless() + * Cleanup documentation on --userns=auto + * Bump to v4.4.0-dev + * Bump to v4.4.0-rc2 + * Vendor in latest c/common + * sig-proxy system test: bump timeout + * build(deps): bump github.com/containernetworking/plugins + * rootless: rename auth-scripts to preexec-hooks + * Docs: version-check updates + * commit: use libimage code to parse changes + * [CI:DOCS] Remove experimental mac tutorial + * man: Document the interaction between --systemd and --privileged + * Make rootless privileged containers share the same tty devices as rootfull ones + * container kill: handle stopped/exited container + * Vendor in latest containers/(image,ocicrypt) + * add a comment to container removal + * Vendor in latest containers/storage + * Cirrus: Run machine tests on PR merge + * fix flake in kube system test + * kube play: complete container spec + * E2E Tests: Use inspect instead of actual data to avoid UDP flake + * Use containers/storage/pkg/regexp in place of regexp + * Vendor in latest containers/storage + * Cirrus: Support using updated/latest NV/AV in PRs + * Limit replica count to 1 when deploying from kubernetes YAML + * Set StoppedByUser earlier in the process of stopping + * podman-play system test: refactor + * Bump to v4.4.0-dev + * Bump to v4.4.0-RC1 + * network: add support for podman network update and --network-dns-server + * service container: less verbose error logs + * Quadlet Kube - add support for PublishPort key + * e2e: fix systemd_activate_test + * Compile regex on demand not in init + * [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. + * E2E Test: Play Kube set deadline to connection to avoid hangs + * Only prevent VTs to be mounted inside privileged systemd containers + * e2e: fix play_kube_test + * Updated error message for supported VolumeSource types + * Introduce pkg retry logic in win installer task + * logformatter: include base SHA, with history link + * Network tests: ping redhat.com, not podman.io + * cobra: move engine shutdown to Execute + * Updated options for QEMU on Windows hosts + * Update Mac installer to use gvproxy v0.5.0 + * podman: podman rm -f doesn't leave processes + * oci: check for valid PID before kill(pid, 0) + * linux: add /sys/fs/cgroup if /sys is a bind mount + * Quadlet: Add support for ConfigMap key in Kube section + * remove service container _after_ pods + * Kube Play - allow setting and overriding published host ports + * oci: terminate all container processes on cleanup + * Update win-sshproxy to 0.5.0 gvisor tag + * Vendor in latest containers/common + * Fix a potential defer logic error around locking + * logformatter: nicer formatting for bats failures + * logformatter: refactor verbose line-print + * e2e tests: stop using UBI images + * k8s-file: podman logs --until --follow exit after time + * journald: podman logs --until --follow exit after time + * journald: seek to time when --since is used + * podman logs: journald fix --since and --follow + * Preprocess files in UTF-8 mode + * Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools + * Vendor in latest containers/(common, image, storage) + * Switch to C based msi hooks for win installer + * hack/bats: improve usage message + * hack/bats: add --remote option + * hack/bats: fix root/rootless logic + * Describe copy volume options + * Support sig-proxy for podman-remote attach and start + * libpod: fix race condition rm'ing stopping containers + * e2e: fix run_volume_test + * Add support for Windows ARM64 + * Add shared --compress to man pages + * Add container error message to ContainerState + * Man page checker: require canonical name in SEE ALSO + * system df: improve json output code + * kube play: fix the error logic with --quiet + * System tests: quadlet network test + * Fix: List container with volume filter + * adding -dryrun flag + * Quadlet Container: Add support for EnvironmentFile and EnvironmentHost + * Kube Play: use passthrough as the default log-driver if service-container is set + * System tests: add missing cleanup + * System tests: fix unquoted question marks + * Build and use a newer systemd image + * Quadlet Network - Fix the name of the required network service + * System Test Quadlet - Volume dependency test did not test the dependency + * fix `podman system connection - tcp` flake + * vendor: bump c/storage to a747b27 + * Fix instructions about setting storage driver on command-line + * Test README - point users to hack/bats + * System test: quadlet kube basic test + * Fixed `podman update --pids-limit` + * podman-remote,bindings: trim context path correctly when its emptydir + * Quadlet Doc: Add section for .kube files + * e2e: fix containers_conf_test + * Allow '/' to prefix container names to match Docker + * Remove references to qcow2 + * Fix typos in man page regarding transient storage mode. + * make: Use PYTHON var for .install.pre-commit + * Add containers.conf read-only flag support + * Explain that relabeling/chowning of volumes can take along time + * events: support "die" filter + * infra/abi: refactor ContainerRm + * When in transient store mode, use rundir for bundlepath + * quadlet: Support Type=oneshot container files + * hacks/bats: keep QUADLET env var in test env + * New system tests for conflicting options + * Vendor in latest containers/(buildah, image, common) + * Output Size and Reclaimable in human form for json output + * podman service: close duplicated /dev/null fd + * ginkgo tests: apply ginkgolinter fixes + * Add support for hostPath and configMap subpath usage + * export: use io.Writer instead of file + * rootless: always create userns with euid != 0 + * rootless: inhibit copy mapping for euid != 0 + * pkg/domain/infra/abi: introduce `type containerWrapper` + * vendor: bump to buildah ca578b290144 and use new cache API + * quadlet: Handle booleans that have defaults better + * quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault + * Add podman-clean-transient.service service + * Stop recording annotations set to false + * Unify --noheading and -n to be consistent on all commands + * pkg/domain/infra/abi: add `getContainers` + * Update vendor of containters/(common, image) + * specfile: Drop user-add depedency from quadlet subpackage. + * quadlet: Default BINDIR to /usr/bin if tag not specified + * Quadlet: add network support + * Add comment for jsonMarshal command + * Always allow pushing from containers-storage + * libpod: move NetNS into state db instead of extra bucket + * Add initial system tests for quadlets + * quadlet: Add --user option + * libpod: remove CNI word were no longer applicable + * libpod: fix header length in http attach with logs + * podman-kube@ template: use `podman kube` + * build(deps): bump github.com/docker/docker + * wait: add --ignore option + * qudlet: Respect $PODMAN env var for podman binary + * e2e: Add assert-key-is-regex check to quadlet e2e testsuite + * e2e: Add some assert to quadlet test to make sure testcases are sane + * remove unmapped ports from inspect port bindings + * update podman-network-create for clarity + * Vendor in latest containers/common with default capabilities + * pkg/rootless: Change error text ... + * rootless: add cli validator + * rootless: define LIBEXECPODMAN + * doc: fix documentation for idmapped mounts + * bump golangci-lint to v1.50.1 + * build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 + * [CI:DOCS] podman-mount: s/umount/unmount/ + * create/pull --help: list pull policies + * Network Create: Add --ignore flag to support idempotent script + * Make qemu security model none + * libpod: use OCI idmappings for mounts + * stop reporting errors removing containers that don't exist + * test: added test from wait endpoint with to long label + * quadlet: Default VolatileTmp to off + * build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 + * docs/options/ipc: fix list syntax + * Docs: Add dedicated DOWNLOAD doc w/ links to bins + * Make a consistently-named windows installer + * checkpoint restore: fix --ignore-static-ip/mac + * add support for subpath in play kube for named volumes + * build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 + * golangci-lint: remove three deprecated linters + * parse-localbenchmarks: separate standard deviation + * build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 + * podman play kube support container startup probe + * Add podman buildx version support + * Cirrus: Collect benchmarks on machine instances + * Cirrus: Remove escape codes from log files + * [CI:DOCS] Clarify secret target behavior + * Fix typo on network docs + * podman-remote build add --volume support + * remote: allow --http-proxy for remote clients + * Cleanup kube play workloads if error happens + * health check: ignore dependencies of transient systemd units/timers + * fix: event read from syslog + * Fixes secret (un)marshaling for kube play. + * Remove 'you' from man pages + * build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools + * [CI:DOCS] test/README.md: run tests with podman-remote + * e2e: keeps the http_proxy value + * Makefile: Add podman-mac-helper to darwin client zip + * test/e2e: enable "podman run with ipam none driver" for nv + * [skip-ci] GHA/Cirrus-cron: Fix execution order + * kube sdnotify: run proxies for the lifespan of the service + * Update containers common package + * podman manpage: Use man-page links instead of file names + * e2e: fix e2e tests in proxy environment + * Fix test + * disable healthchecks automatically on non systemd systems + * Quadlet Kube: Add support for userns flag + * [CI:DOCS] Add warning about --opts,o with mount's -o + * Add podman system prune --external + * Add some tests for transient store + * runtime: In transient_store mode, move bolt_state.db to rundir + * runtime: Handle the transient store options + * libpod: Move the creation of TmpDir to an earlier time + * network create: support "-o parent=XXX" for ipvlan + * compat API: allow MacAddress on container config + * Quadlet Kube: Add support for relative path for YAML file + * notify k8s system test: move sending message into exec + * runtime: do not chown idmapped volumes + * quadlet: Drop ExecStartPre=rm %t/%N.cid + * Quadlet Kube: Set SyslogIdentifier if was not set + * Add a FreeBSD cross build to the cirrus alt build task + * Add completion for --init-ctr + * Fix handling of readonly containers when defined in kube.yaml + * Build cross-compilation fixes + * libpod: Track healthcheck API changes in healthcheck_unsupported.go + * quadlet: Use same default capability set as podman run + * quadlet: Drop --pull=never + * quadlet: Change default of ReadOnly to no + * quadlet: Change RunInit default to no + * quadlet: Change NoNewPrivileges default to false + * test: podman run with checkpoint image + * Enable 'podman run' for checkpoint images + * test: Add tests for checkpoint images + * CI setup: simplify environment passthrough code + * Init containers should not be restarted + * Update c/storage after https://github.com/containers/storage/pull/1436 + * Set the latest release explicitly + * add friendly comment + * fix an overriding logic and load config problem + * Update the issue templates + * Update vendor of containers/(image, buildah) + * [CI:DOCS] Skip windows-smoke when not useful + * [CI:DOCS] Remove broken gate-container docs + * OWNERS: add Jason T. Greene + * hack/podmansnoop: print arguments + * Improve atomicity of VM state persistence on Windows + * [CI:BUILD] copr: enable podman-restart.service on rpm installation + * macos: pkg: Use -arm64 suffix instead of -aarch64 + * linux: Add -linux suffix to podman-remote-static binaries + * linux: Build amd64 and arm64 podman-remote-static binaries + * container create: add inspect data to event + * Allow manual override of install location + * Run codespell on code + * Add missing parameters for checkpoint/restore endpoint + * Add support for startup healthchecks + * Add information on metrics to the `network create` docs + * Introduce podman machine os commands + * Document that ignoreRootFS depends on export/import + * Document ignoreVolumes in checkpoint/restore endpoint + * Remove leaveRunning from swagger restore endpoint + * libpod: Add checks to avoid nil pointer dereference if network setup fails + * Address golangci-lint issues + * Bump golang version to 1.18 + * Documenting Hyper-V QEMU acceleration settings + * Kube Play: fix the handling of the optional field of SecretVolumeSource + * Update Vendor of containers/(common, image, buildah) + * Fix swapped NetInput/-Output stats + * libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory + * chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template + * test/tools: rebuild when files are changed + * ginkgo tests: apply ginkgolinter fixes + * ginkgo: restructure install work flow + * Fix manpage emphasis + * specgen: support CDI devices from containers.conf + * vendor: update containers/common + * pkg/trust: Take the default policy path from c/common/pkg/config + * Add validate-in-container target + * Adding encryption decryption feature + * container restart: clean up healthcheck state + * Add support for podman-remote manifest annotate + * Quadlet: Add support for .kube files + * Update vendor of containers/(buildah, common, storage, image) + * specgen: honor user namespace value + * [CI:DOCS] Migrate OSX Cross to M1 + * quadlet: Rework uid/gid remapping + * GHA: Fix cirrus re-run workflow for other repos. + * ssh system test: skip until it becomes a test + * shell completion: fix hard coded network drivers + * libpod: Report network setup errors properly on FreeBSD + * E2E Tests: change the registry for the search test to avoid authentication + * pkginstaller: install podman-mac-helper by default + * Fix language. Mostly spelling a -> an + * podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. + * [CI:DOCS] Fix spelling and typos + * Modify man page of "--pids-limit" option to correct a default value. + * Update docs/source/markdown/podman-remote.1.md + * Update pkg/bindings/connection.go + * Add more documentation on UID/GID Mappings with --userns=keep-id + * support podman-remote to connect tcpURL with proxy + * Removing the RawInput from the API output + * fix port issues for CONTAINER_HOST + * CI: Package versions: run in the 'main' step + * build(deps): bump github.com/rootless-containers/rootlesskit + * pkg/domain: Make checkExecPreserveFDs platform-specific + * e2e tests: fix restart race + * Fix podman --noout to suppress all output + * remove pod if creation has failed + * pkg/rootless: Implement rootless.IsFdInherited on FreeBSD + * Fix more podman-logs flakes + * healthcheck system tests: try to fix flake + * libpod: treat ESRCH from /proc/PID/cgroup as ENOENT + * GHA: Configure workflows for reuse + * compat,build: handle docker's preconfigured cacheTo,cacheFrom + * docs: deprecate pasta network name + * utils: Enable cgroup utils for FreeBSD + * pkg/specgen: Disable kube play tests on FreeBSD + * libpod/lock: Fix build and tests for SHM locks on FreeBSD + * podman cp: fix copying with "." suffix + * pkginstaller: bump Qemu to version 7.1.0 + * specgen,wasm: switch to crun-wasm wherever applicable + * vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 + * libpod: Make unit test for statToPercent Linux only + * Update vendor of containers/storage + * fix connection usage with containers.conf + * Add --quiet and --no-info flags to podman machine start + * Add hidden podman manifest inspect -v option + * Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 + * Add podman volume create -d short option for driver + * Vendor in latest containers/(common,image,storage) + * Add podman system events alias to podman events + * Fix search_test to return correct version of alpine + * Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools + * GHA: Fix undefined secret env. var. + * Release notes for 4.3.1 + * GHA: Fix make_email-body script reference + * Add release keys to README + * GHA: Fix typo setting output parameter + * GHA: Fix typo. + * New tool, docs/version-check + * Formalize our compare-against-docker mechanism + * Add restart-sec for container service files + * test/tools: bump module to go 1.17 + * contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor + * Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0 + * Bump golang.org/x/term from 0.1.0 to 0.2.0 + * Bump golang.org/x/sys from 0.1.0 to 0.2.0 + * Bump github.com/container-orchestrated-devices/container-device-interface + * build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools + * libpod: Add FreeBSD support in packageVersion + * Allow podman manigest push --purge|-p as alias for --rm + * [CI:DOCS] Add performance tutorial + * [CI:DOCS] Fix build targets in build_osx.md. + * fix --format {{json .}} output to match docker + * remote: fix manifest add --annotation + * Skip test if `--events-backend` is necessary with podman-remote + * kube play: update the handling of PersistentVolumeClaim + * system tests: fix a system test in proxy environment + * Use single unqualified search registry on Windows + * test/system: Add, use tcp_port_probe() to check for listeners rather than binds + * test/system: Add tests for pasta(1) connectivity + * test/system: Move network-related helpers to helpers.network.bash + * test/system: Use procfs to find bound ports, with optional address and protocol + * test/system: Use port_is_free() from wait_for_port() + * libpod: Add pasta networking mode + * More log-flake work + * Fix test flakes caused by improper podman-logs + * fix incorrect systemd booted check + * Cirrus: Add tests for GHA scripts + * GHA: Update scripts to pass shellcheck + * Cirrus: Shellcheck github-action scripts + * Cirrus: shellcheck support for github-action scripts + * GHA: Fix cirrus-cron scripts + * Makefile: don't install to tmpfiles.d on FreeBSD + * Make sure we can build and read each line of docker py's api client + * Docker compat build api - make sure only one line appears per flush + * Run codespell on code + * Update vendor of containers/(image, storage, common) + * Allow namespace path network option for pods. + * Cirrus: Never skip running Windows Cross task + * GHA: Auto. re-run failed cirrus-cron builds once + * GHA: Migrate inline script to file + * GHA: Simplify script reference + * test/e2e: do not use apk in builds + * remove container/pod id file along with container/pod + * Cirrus: Synchronize windows image + * Add --insecure,--tls-verify,--verbose flags to podman manifest inspect + * runtime: add check for valid pod systemd cgroup + * CI: set and verify DESIRED_NETWORK (netavark, cni) + * [CI:DOCS] troubleshooting: document keep-id options + * Man pages: refactor common options: --security-opt + * Cirrus: Guarantee CNI testing w/o nv/av present + * Cirrus: temp. disable all Ubuntu testing + * Cirrus: Update to F37beta + * buildah bud tests: better handling of remote + * quadlet: Warn in generator if using short names + * Add Windows Smoke Testing + * Add podman kube apply command + * docs: offer advice on installing test dependencies + * Fix documentation on read-only-tmpfs + * version bump to 4.4.0-dev + * deps: bump go-criu to v6 + * Makefile: Add cross build targets for freebsd + * pkg/machine: Make this build on FreeBSD/arm64 + * pkg/rctl: Remove unused cgo dependency + * man pages: assorted underscore fixes + * Upgrade GitHub actions packages from v2 to v3 + * vendor github.com/godbus/dbus/v5@4b691ce + * [CI:DOCS] fix --tmpdir typos + * Do not report that /usr/share/containers/storage.conf has been edited. + * Eval symlinks on XDG_RUNTIME_DIR + * hack/podmansnoop + * rootless: support keep-id with one mapping + * rootless: add argument to GetConfiguredMappings + * Update vendor containers/(common,storage,buildah,image) + * Fix deadlock between 'podman ps' and 'container inspect' commands + * Add information about where the libpod/boltdb database lives + * Consolidate the dependencies for the IsTerminal() API + * Ensure that StartAndAttach locks while sending signals + * ginkgo testing: fix podman usernamespace join + * Test runners: nuke podman from $PATH before tests + * volumes: Fix idmap not working for volumes + * FIXME: Temporary workaround for ubi8 CI breakage + * System tests: teardown: clean up volumes + * update api versions on docs.podman.io + * system tests: runlabel: use podman-under-test + * system tests: podman network create: use random port + * sig-proxy test: bump timeout + * play kube: Allow the user to import the contents of a tar file into a volume + * Clarify the docs on DropCapability + * quadlet tests: Disable kmsg logging while testing + * quadlet: Support multiple Network= + * quadlet: Add support for Network=... + * Fix manpage for podman run --network option + * quadlet: Add support for AddDevice= + * quadlet: Add support for setting seccomp profile + * quadlet: Allow multiple elements on each Add/DropCaps line + * quadlet: Embed the correct binary name in the generated comment + * quadlet: Drop the SocketActivated key + * quadlet: Switch log-driver to passthrough + * quadlet: Change ReadOnly to default to enabled + * quadlet tests: Run the tests even for (exected) failed tests + * quadlet tests: Fix handling of stderr checks + * Remove unused script file + * notifyproxy: fix container watcher + * container/pod id file: truncate instead of throwing an error + * quadlet: Use the new podman create volume --ignore + * Add podman volume create --ignore + * logcollector: include aardvark-dns + * build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 + * build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 + * docs: generate systemd: point to kube template + * docs: kube play: mention restart policy + * Fixes: 15858 (podman system reset --force destroy machine) + * fix search flake + * use cached containers.conf + * adding regex support to the ancestor ps filter function + * Fix `system df` issues with `-f` and `-v` + * markdown-preprocess: cross-reference where opts are used + * Default qemu flags for Windows amd64 + * build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 + * Update main to reflect v4.3.0 release + * build(deps): bump github.com/docker/docker + * move quadlet packages into pkg/systemd + * system df: fix image-size calculations + * Add man page for quadlet + * Fix small typo + * testimage: add iproute2 & socat, for pasta networking + * Set up minikube for k8s testing + * Makefile: don't install systemd generator binaries on FreeBSD + * [CI:BUILD] copr: podman rpm should depend on containers-common-extra + * Podman image: Set default_sysctls to empty for rootless containers + * Don't use github.com/docker/distribution + * libpod: Add support for 'podman top' on FreeBSD + * libpod: Factor out jail name construction from stats_freebsd.go + * pkg/util: Add pid information descriptors for FreeBSD + * Initial quadlet version integrated in golang + * bump golangci-lint to v1.49.0 + * Update vendor containers/(common,image,storage) + * Allow volume mount dups, iff source and dest dirs + * rootless: fix return value handling + * Change to correct break statements + * vendor containers/psgo@v1.8.0 + * Clarify that MacOSX docs are client specific + * libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit + * Add swagger install + allow version updates in CI + * Cirrus: Fix windows clone race + * build(deps): bump github.com/docker/docker + * kill: wait for the container + * generate systemd: set --stop-timeout for stopping containers + * hack/tree_status.sh: print diff at the end + * Fix markdown header typo + * markdown-preprocess: add generic include mechanism + * markdown-preprocess: almost complete OO rewrite + * Update tests for changed error messages + * Update c/image after https://github.com/containers/image/pull/1299 + * Man pages: refactor common options (misc) + * Man pages: Refactor common options: --detach-keys + * vendor containers/storage@main + * Man pages: refactor common options: --attach + * build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 + * KillContainer: improve error message + * docs: add missing options + * Man pages: refactor common options: --annotation (manifest) + * build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 + * system tests: health-on-failure: fix broken logic + * build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 + * build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 + * ContainerEngine.SetupRootless(): Avoid calling container.Config() + * Container filters: Avoid use of ctr.Config() + * Avoid unnecessary calls to Container.Spec() + * Add and use Container.LinuxResource() helper + * play kube: notifyproxy: listen before starting the pod + * play kube: add support for configmap binaryData + * Add and use libpod/Container.Terminal() helper + * Revert "Add checkpoint image tests" + * Revert "cmd/podman: add support for checkpoint images" + * healthcheck: fix --on-failure=stop + * Man pages: Add mention of behavior due to XDG_CONFIG_HOME + * build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 + * Avoid unnecessary timeout of 250msec when waiting on container shutdown + * health checks: make on-failure action retry aware + * libpod: Remove 100msec delay during shutdown + * libpod: Add support for 'podman pod' on FreeBSD + * libpod: Factor out cgroup validation from (*Runtime).NewPod + * libpod: Move runtime_pod_linux.go to runtime_pod_common.go + * specgen/generate: Avoid a nil dereference in MakePod + * libpod: Factor out cgroups handling from (*Pod).refresh + * Adds a link to OSX docs in CONTRIBUTING.md + * Man pages: refactor common options: --os-version + * Create full path to a directory when DirectoryOrCreate is used with play kube + * Return error in podman system service if URI scheme is not unix/tcp + * Man pages: refactor common options: --time + * man pages: document some --format options: images + * Clean up when stopping pods + * Update vendor of containers/buildah v1.28.0 + * Proof of concept: nightly dependency treadmill + ------------------------------------------------------------------- Tue Jan 17 10:42:42 UTC 2023 - Danish Prakash diff --git a/podman.spec b/podman.spec index 7515262..6f28d00 100644 --- a/podman.spec +++ b/podman.spec @@ -1,7 +1,7 @@ # # spec file for package podman # -# Copyright (c) 2022 SUSE LLC +# Copyright (c) SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -18,7 +18,7 @@ %{!?_user_tmpfilesdir: %global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d} %define project github.com/containers/podman Name: podman -Version: 4.3.1 +Version: 4.4.0 Release: 0 Summary: Daemon-less container engine for managing containers, pods and images License: Apache-2.0 @@ -27,10 +27,6 @@ URL: https://%{project} Source0: %{name}-%{version}.tar.xz Source1: podman.conf Source2: README.SUSE.SLES -# hotfix for https://github.com/containers/podman/issues/16765 -Patch0: 0001-Revert-Default-missing-hostPort-to-containerPort-is-.patch -Patch1: 0002-Make-the-priority-for-picking-the-storage-driver-con.patch -Patch2: 0003-Only-override-the-graphdriver-to-vfs-if-the-priority.patch BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel @@ -46,7 +42,7 @@ BuildRequires: libbtrfs-devel BuildRequires: libcontainers-common BuildRequires: libgpgme-devel BuildRequires: libseccomp-devel -BuildRequires: golang(API) = 1.17 +BuildRequires: golang(API) = 1.18 BuildRequires: pkgconfig(libselinux) BuildRequires: pkgconfig(libsystemd) Recommends: apparmor-abstractions @@ -161,6 +157,7 @@ install -D -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE # Rootless port %dir %{_libexecdir}/podman %{_libexecdir}/podman/rootlessport +%{_libexecdir}/podman/quadlet # Completion %{_datadir}/bash-completion/completions/podman %{_datadir}/zsh/site-functions/_podman @@ -173,14 +170,16 @@ install -D -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE %{_unitdir}/podman-kube@.service %{_unitdir}/podman-restart.service %{_unitdir}/podman-auto-update.timer +%{_unitdir}/podman-clean-transient.service %{_userunitdir}/podman.service %{_userunitdir}/podman.socket %{_userunitdir}/podman-auto-update.service %{_userunitdir}/podman-kube@.service %{_userunitdir}/podman-restart.service %{_userunitdir}/podman-auto-update.timer +%{_systemdusergeneratordir}/podman-user-generator +%{_systemdgeneratordir}/podman-system-generator %ghost /run/podman -%ghost %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-libpodconf %license LICENSE %files remote @@ -207,50 +206,19 @@ install -D -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE %tmpfiles_create %{_tmpfilesdir}/podman-docker.conf %pre -%service_add_pre podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer -# move away any old rpmsave config file to avoid having it re-activated again in -# %%posttrans -test -f /etc/containers/libpod.conf.rpmsave && mv -v /etc/containers/libpod.conf.rpmsave /etc/containers/libpod.conf.rpmsave.old ||: +%service_add_pre podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service %post -%service_add_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer +%service_add_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service %tmpfiles_create %{_tmpfilesdir}/podman.conf %systemd_user_post podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer %preun -%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer +%service_del_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service %systemd_user_preun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer %postun -%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer +%service_del_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer podman-clean-transient.service %systemd_user_postun podman.service podman.socket podman-auto-update.service podman-restart.service podman-auto-update.timer -%posttrans -# if libpod.conf.rpmsave was created, set an update -# message informing about the libpod.conf -> containers.conf change -if test -f /etc/containers/libpod.conf.rpmsave ; then - cat >> %{_localstatedir}/adm/update-messages/%{name}-%{version}-%{release}-libpodconf << EOF -WARNING: Podman configuration file changes - -With version 2.0 Podman changed to a slightly different configuration file format. -Also the name of default configuration file has been changed. The new format is -documented in the containers.conf(5) man-page and changes should usually be -straight-forward. - -The new default configuration is located in /usr/share/containers/containers.conf. -In order to override setting from that file you can create -/etc/containers/containers.conf with your changed settings. -EOF -fi - -%triggerun cni-config -- %{name}-cni-config < 1.6.0 -# The name of the network bridge changed from cni0 to podman-cni0 with -# podman 1.6. We need to rename the existing bridge to the new name to -# to avoid network issues after upgrade -if ip link show dev cni0 > /dev/null 2>&1; then - ip link set dev cni0 down - ip link set dev cni0 name cni-podman0 - ip link set dev cni-podman0 up -fi - %changelog From c8fc9789bc3a9cc3dc3aad6843ef28f1aa90fb212b72f42c469336ddfc8daff7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Thu, 9 Feb 2023 12:39:18 +0000 Subject: [PATCH 2/6] Accepting request 1064004 from home:favogt:branches:devel:microos - Update to version 4.4.1: * Bump to v4.4.1 * Update release notes for Podman 4.4.1 * kube play: do not teardown unconditionally on error * Resolve symlink path for qemu directory if possible * events: document journald identifiers * Quadlet: exit 0 when there are no files to process * Cleanup podman-systemd.unit file * Install podman-systemd.unit man page, make quadlet discoverable * Add missing return after errors * oci: bind mount /sys with --userns=(auto|pod:) * docs: specify order preference for FROM * Cirrus: Fix & remove GraphQL API tests * test: adapt test to work on cgroupv1 * make hack/markdown-preprocess parallel-safe * Fix default handling of pids-limit * system tests: fix volume exec/noexec test * Bump to v4.4.1-dev OBS-URL: https://build.opensuse.org/request/show/1064004 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=15 --- _service | 2 +- _servicedata | 2 +- podman-4.4.0.tar.xz | 3 --- podman-4.4.1.tar.xz | 3 +++ podman.changes | 22 ++++++++++++++++++++++ podman.spec | 4 +++- 6 files changed, 30 insertions(+), 6 deletions(-) delete mode 100644 podman-4.4.0.tar.xz create mode 100644 podman-4.4.1.tar.xz diff --git a/_service b/_service index 28ef3ef..eda7b10 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/containers/podman.git git - v4.4.0 + v4.4.1 @PARENT_TAG@ enable v(.*) diff --git a/_servicedata b/_servicedata index 644a522..3ca1ef4 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/containers/podman.git - 3443f453e28169a88848f90a7ce3137fc4a4bebf \ No newline at end of file + 34e8f3933242f2e566bbbbf343cf69b7d506c1cf \ No newline at end of file diff --git a/podman-4.4.0.tar.xz b/podman-4.4.0.tar.xz deleted file mode 100644 index 811d96d..0000000 --- a/podman-4.4.0.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:37c47b435beef7d47dd3cfa471146a056ac97673bfb1096e6b77ac1e329fe978 -size 8693484 diff --git a/podman-4.4.1.tar.xz b/podman-4.4.1.tar.xz new file mode 100644 index 0000000..f109eb3 --- /dev/null +++ b/podman-4.4.1.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:6d2b7526ade665f20d13bb1aae3364e2828c829034bdbfdea38c5a4f7ea37882 +size 8801176 diff --git a/podman.changes b/podman.changes index 21e1fa6..ce00df5 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Thu Feb 09 12:15:40 UTC 2023 - fvogt@suse.com + +- Update to version 4.4.1: + * Bump to v4.4.1 + * Update release notes for Podman 4.4.1 + * kube play: do not teardown unconditionally on error + * Resolve symlink path for qemu directory if possible + * events: document journald identifiers + * Quadlet: exit 0 when there are no files to process + * Cleanup podman-systemd.unit file + * Install podman-systemd.unit man page, make quadlet discoverable + * Add missing return after errors + * oci: bind mount /sys with --userns=(auto|pod:) + * docs: specify order preference for FROM + * Cirrus: Fix & remove GraphQL API tests + * test: adapt test to work on cgroupv1 + * make hack/markdown-preprocess parallel-safe + * Fix default handling of pids-limit + * system tests: fix volume exec/noexec test + * Bump to v4.4.1-dev + ------------------------------------------------------------------- Thu Feb 02 12:57:45 UTC 2023 - dcermak@suse.com diff --git a/podman.spec b/podman.spec index 6f28d00..dbc7fec 100644 --- a/podman.spec +++ b/podman.spec @@ -18,7 +18,7 @@ %{!?_user_tmpfilesdir: %global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d} %define project github.com/containers/podman Name: podman -Version: 4.4.0 +Version: 4.4.1 Release: 0 Summary: Daemon-less container engine for managing containers, pods and images License: Apache-2.0 @@ -149,6 +149,8 @@ install -D -m 0644 %{SOURCE2} %{buildroot}%{_docdir}/%{name}/README.SUSE %{_bindir}/podman # Manpages %{_mandir}/man1/podman*.1* +%{_mandir}/man5/podman*.5* +%{_mandir}/man5/quadlet*.5* %exclude %{_mandir}/man1/podman-remote*.1* # Configs %dir %{_prefix}/lib/modules-load.d From 0044a48b01afc6ded8800dc81a5f257ae21ff8c31f06ef419b3089f0b11547bb Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Mon, 20 Feb 2023 16:50:31 +0000 Subject: [PATCH 3/6] Accepting request 1066390 from home:dancermak:branches:devel:microos Add patch to fix bsc#1208364 aka CVE-2023-0778 OBS-URL: https://build.opensuse.org/request/show/1066390 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=16 --- podman.changes | 8 ++ podman.spec | 1 + ...t-to-source-before-exporting-content.patch | 102 ++++++++++++++++++ 3 files changed, 111 insertions(+) create mode 100644 volume-container-chroot-to-source-before-exporting-content.patch diff --git a/podman.changes b/podman.changes index ce00df5..020a299 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Fri Feb 17 13:39:16 UTC 2023 - Dan Čermák + +- Add patch to fix bsc#1208364 aka CVE-2023-0778 + + Added patch: + * volume-container-chroot-to-source-before-exporting-content.patch + ------------------------------------------------------------------- Thu Feb 09 12:15:40 UTC 2023 - fvogt@suse.com diff --git a/podman.spec b/podman.spec index dbc7fec..d603b58 100644 --- a/podman.spec +++ b/podman.spec @@ -27,6 +27,7 @@ URL: https://%{project} Source0: %{name}-%{version}.tar.xz Source1: podman.conf Source2: README.SUSE.SLES +Patch: https://github.com/containers/podman/pull/17532.patch#/volume-container-chroot-to-source-before-exporting-content.patch BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel diff --git a/volume-container-chroot-to-source-before-exporting-content.patch b/volume-container-chroot-to-source-before-exporting-content.patch new file mode 100644 index 0000000..564aeea --- /dev/null +++ b/volume-container-chroot-to-source-before-exporting-content.patch @@ -0,0 +1,102 @@ +From 805e94b034ceb59e10a57413c1493b7e8b7e33a0 Mon Sep 17 00:00:00 2001 +From: Aditya R +Date: Fri, 10 Feb 2023 15:16:27 +0530 +Subject: [PATCH] volume,container: chroot to source before exporting content + +* Utils must support higher level API to create Tar with chrooted into + directory +* Volume export: use TarwithChroot instead of Tar so we can make sure no + symlink can be exported by tar if it exists outside of the source +directory. +* container export: use chroot and Tar instead of Tar so we can make sure no + symlink can be exported by tar if it exists outside of the mointPoint. + +[NO NEW TESTS NEEDED] +[NO TESTS NEEDED] +Race needs combination of external/in-container mechanism which is hard to repro in CI. + +Closes: BZ:#2168256 +CVE: https://access.redhat.com/security/cve/CVE-2023-0778 + +Signed-off-by: Aditya R + + + +Signed-off-by: Matt Heon +--- + libpod/container_internal.go | 4 ++-- + utils/utils.go | 25 ++++++++++++++++++++++++- + 2 files changed, 26 insertions(+), 3 deletions(-) + +diff --git a/libpod/container_internal.go b/libpod/container_internal.go +index c37d6be2b1b..ee6a7b6cc2c 100644 +--- a/libpod/container_internal.go ++++ b/libpod/container_internal.go +@@ -34,7 +34,7 @@ import ( + "github.com/containers/podman/v4/pkg/systemd/notifyproxy" + "github.com/containers/podman/v4/pkg/util" + "github.com/containers/storage" +- "github.com/containers/storage/pkg/archive" ++ "github.com/containers/storage/pkg/chrootarchive" + "github.com/containers/storage/pkg/idtools" + "github.com/containers/storage/pkg/lockfile" + "github.com/containers/storage/pkg/mount" +@@ -763,7 +763,7 @@ func (c *Container) export(out io.Writer) error { + }() + } + +- input, err := archive.Tar(mountPoint, archive.Uncompressed) ++ input, err := chrootarchive.Tar(mountPoint, nil, mountPoint) + if err != nil { + return fmt.Errorf("reading container directory %q: %w", c.ID(), err) + } +diff --git a/utils/utils.go b/utils/utils.go +index f9f96f2835e..81b77e544a3 100644 +--- a/utils/utils.go ++++ b/utils/utils.go +@@ -13,6 +13,7 @@ import ( + + "github.com/containers/common/pkg/cgroups" + "github.com/containers/storage/pkg/archive" ++ "github.com/containers/storage/pkg/chrootarchive" + "github.com/godbus/dbus/v5" + "github.com/sirupsen/logrus" + ) +@@ -63,7 +64,7 @@ func CreateTarFromSrc(source string, dest string) error { + return fmt.Errorf("could not create tarball file '%s': %w", dest, err) + } + defer file.Close() +- return TarToFilesystem(source, file) ++ return TarChrootToFilesystem(source, file) + } + + // TarToFilesystem creates a tarball from source and writes to an os.file +@@ -87,6 +88,28 @@ func Tar(source string) (io.ReadCloser, error) { + return archive.Tar(source, archive.Uncompressed) + } + ++// TarChrootToFilesystem creates a tarball from source and writes to an os.file ++// provided while chrooted to the source. ++func TarChrootToFilesystem(source string, tarball *os.File) error { ++ tb, err := TarWithChroot(source) ++ if err != nil { ++ return err ++ } ++ _, err = io.Copy(tarball, tb) ++ if err != nil { ++ return err ++ } ++ logrus.Debugf("wrote tarball file %s", tarball.Name()) ++ return nil ++} ++ ++// TarWithChroot creates a tarball from source and returns a readcloser of it ++// while chrooted to the source. ++func TarWithChroot(source string) (io.ReadCloser, error) { ++ logrus.Debugf("creating tarball of %s", source) ++ return chrootarchive.Tar(source, nil, source) ++} ++ + // RemoveScientificNotationFromFloat returns a float without any + // scientific notation if the number has any. + // golang does not handle conversion of float64s that have scientific From 1b2b3d5a2a97525fb0e95c5374b935edab931c9d4c4c3260931657b8527295be Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Tue, 21 Feb 2023 09:02:41 +0000 Subject: [PATCH 4/6] Accepting request 1066931 from home:danishprakash:branches:devel:microos - podman.spec: set PREFIX at build stage (boo#1208510) OBS-URL: https://build.opensuse.org/request/show/1066931 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=17 --- podman.changes | 5 +++++ podman.spec | 4 ++-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/podman.changes b/podman.changes index 020a299..8bf4c08 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Tue Feb 21 07:40:30 UTC 2023 - Danish Prakash + +- podman.spec: set PREFIX at build stage (boo#1208510) + ------------------------------------------------------------------- Fri Feb 17 13:39:16 UTC 2023 - Dan Čermák diff --git a/podman.spec b/podman.spec index d603b58..29c2863 100644 --- a/podman.spec +++ b/podman.spec @@ -113,7 +113,7 @@ pages and %{name}. %build # Build podman -BUILDFLAGS="-buildmode=pie" %make_build +BUILDFLAGS="-buildmode=pie" PREFIX=%{_prefix} %make_build # Build manpages %make_build docs @@ -123,7 +123,7 @@ BUILDFLAGS="-buildmode=pie" %make_build # Updates must be tested manually. %install -%make_install PREFIX=/usr LIBEXECDIR=%{_libexecdir} install.completions install.docker +%make_install PREFIX=%{_prefix} LIBEXECDIR=%{_libexecdir} install.completions install.docker # remove the user tmpfile on SLE/Leap as it cannot handle them %if 0%{?suse_version} == 1500 From 37e0b5e3efd07e07f4e35b4ba708266cad73f896666892819815dff30dd677e5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dan=20=C4=8Cerm=C3=A1k?= Date: Fri, 24 Feb 2023 10:50:50 +0000 Subject: [PATCH 5/6] Accepting request 1067581 from home:danishprakash:branches:devel:microos - Update to version 4.4.2: OBS-URL: https://build.opensuse.org/request/show/1067581 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=18 --- _service | 2 +- _servicedata | 2 +- podman-4.4.1.tar.xz | 3 - podman-4.4.2.tar.xz | 3 + podman.changes | 22 ++++ podman.spec | 8 +- ...t-to-source-before-exporting-content.patch | 102 ------------------ 7 files changed, 33 insertions(+), 109 deletions(-) delete mode 100644 podman-4.4.1.tar.xz create mode 100644 podman-4.4.2.tar.xz delete mode 100644 volume-container-chroot-to-source-before-exporting-content.patch diff --git a/_service b/_service index eda7b10..207723b 100644 --- a/_service +++ b/_service @@ -2,7 +2,7 @@ https://github.com/containers/podman.git git - v4.4.1 + v4.4.2 @PARENT_TAG@ enable v(.*) diff --git a/_servicedata b/_servicedata index 3ca1ef4..de87e65 100644 --- a/_servicedata +++ b/_servicedata @@ -1,4 +1,4 @@ https://github.com/containers/podman.git - 34e8f3933242f2e566bbbbf343cf69b7d506c1cf \ No newline at end of file + 74afe26887f814d1c39925a1624851ef3590e79c \ No newline at end of file diff --git a/podman-4.4.1.tar.xz b/podman-4.4.1.tar.xz deleted file mode 100644 index f109eb3..0000000 --- a/podman-4.4.1.tar.xz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:6d2b7526ade665f20d13bb1aae3364e2828c829034bdbfdea38c5a4f7ea37882 -size 8801176 diff --git a/podman-4.4.2.tar.xz b/podman-4.4.2.tar.xz new file mode 100644 index 0000000..61c5420 --- /dev/null +++ b/podman-4.4.2.tar.xz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:11ffd53834db864d08a9757514a9cc28f696cb37a0da3b0036c90707c19591d9 +size 8808284 diff --git a/podman.changes b/podman.changes index 8bf4c08..3400504 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,25 @@ +------------------------------------------------------------------- +Fri Feb 24 02:29:18 UTC 2023 - Danish Prakash + +- Update to version 4.4.2: + * Bump to v4.4.2 + * Release notes for v4.4.2 + * Revert "CI: Temporarily disable all AWS EC2-based tasks" + * kube play: only enforce passthrough in Quadlet + * Emergency fix for man pages: check for broken includes + * CI: Temporarily disable all AWS EC2-based tasks + * quadlet system tests: add useful defaults, logging + * volume,container: chroot to source before exporting content + * install sigproxy before start/attach + * Update to c/image 5.24.1 + * events + container inspect test: RHEL fixes + * Bump to v4.4.2-dev + +- Remove patches (merged upstream): + * volume-container-chroot-to-source-before-exporting-content.patch +- podman.spec: add `crun` requirement for quadlet + (https://github.com/containers/podman/pull/17601) + ------------------------------------------------------------------- Tue Feb 21 07:40:30 UTC 2023 - Danish Prakash diff --git a/podman.spec b/podman.spec index 29c2863..e9eff78 100644 --- a/podman.spec +++ b/podman.spec @@ -18,7 +18,7 @@ %{!?_user_tmpfilesdir: %global _user_tmpfilesdir %{_datadir}/user-tmpfiles.d} %define project github.com/containers/podman Name: podman -Version: 4.4.1 +Version: 4.4.2 Release: 0 Summary: Daemon-less container engine for managing containers, pods and images License: Apache-2.0 @@ -27,7 +27,6 @@ URL: https://%{project} Source0: %{name}-%{version}.tar.xz Source1: podman.conf Source2: README.SUSE.SLES -Patch: https://github.com/containers/podman/pull/17532.patch#/volume-container-chroot-to-source-before-exporting-content.patch BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel @@ -52,6 +51,11 @@ Requires: catatonit >= 0.1.7 Requires: cni Requires: cni-plugins Requires: conmon >= 2.0.24 +# FIXME: quadlet has a hard dependency on crun +# until https://github.com/containers/podman/pull/17601 is merged +# which removes the hard dependency and at which point, we should +# remove this and let users decide which runtime to use. +Requires: crun Requires: fuse-overlayfs Requires: iptables Requires: libcontainers-common >= 20210626 diff --git a/volume-container-chroot-to-source-before-exporting-content.patch b/volume-container-chroot-to-source-before-exporting-content.patch deleted file mode 100644 index 564aeea..0000000 --- a/volume-container-chroot-to-source-before-exporting-content.patch +++ /dev/null @@ -1,102 +0,0 @@ -From 805e94b034ceb59e10a57413c1493b7e8b7e33a0 Mon Sep 17 00:00:00 2001 -From: Aditya R -Date: Fri, 10 Feb 2023 15:16:27 +0530 -Subject: [PATCH] volume,container: chroot to source before exporting content - -* Utils must support higher level API to create Tar with chrooted into - directory -* Volume export: use TarwithChroot instead of Tar so we can make sure no - symlink can be exported by tar if it exists outside of the source -directory. -* container export: use chroot and Tar instead of Tar so we can make sure no - symlink can be exported by tar if it exists outside of the mointPoint. - -[NO NEW TESTS NEEDED] -[NO TESTS NEEDED] -Race needs combination of external/in-container mechanism which is hard to repro in CI. - -Closes: BZ:#2168256 -CVE: https://access.redhat.com/security/cve/CVE-2023-0778 - -Signed-off-by: Aditya R - - - -Signed-off-by: Matt Heon ---- - libpod/container_internal.go | 4 ++-- - utils/utils.go | 25 ++++++++++++++++++++++++- - 2 files changed, 26 insertions(+), 3 deletions(-) - -diff --git a/libpod/container_internal.go b/libpod/container_internal.go -index c37d6be2b1b..ee6a7b6cc2c 100644 ---- a/libpod/container_internal.go -+++ b/libpod/container_internal.go -@@ -34,7 +34,7 @@ import ( - "github.com/containers/podman/v4/pkg/systemd/notifyproxy" - "github.com/containers/podman/v4/pkg/util" - "github.com/containers/storage" -- "github.com/containers/storage/pkg/archive" -+ "github.com/containers/storage/pkg/chrootarchive" - "github.com/containers/storage/pkg/idtools" - "github.com/containers/storage/pkg/lockfile" - "github.com/containers/storage/pkg/mount" -@@ -763,7 +763,7 @@ func (c *Container) export(out io.Writer) error { - }() - } - -- input, err := archive.Tar(mountPoint, archive.Uncompressed) -+ input, err := chrootarchive.Tar(mountPoint, nil, mountPoint) - if err != nil { - return fmt.Errorf("reading container directory %q: %w", c.ID(), err) - } -diff --git a/utils/utils.go b/utils/utils.go -index f9f96f2835e..81b77e544a3 100644 ---- a/utils/utils.go -+++ b/utils/utils.go -@@ -13,6 +13,7 @@ import ( - - "github.com/containers/common/pkg/cgroups" - "github.com/containers/storage/pkg/archive" -+ "github.com/containers/storage/pkg/chrootarchive" - "github.com/godbus/dbus/v5" - "github.com/sirupsen/logrus" - ) -@@ -63,7 +64,7 @@ func CreateTarFromSrc(source string, dest string) error { - return fmt.Errorf("could not create tarball file '%s': %w", dest, err) - } - defer file.Close() -- return TarToFilesystem(source, file) -+ return TarChrootToFilesystem(source, file) - } - - // TarToFilesystem creates a tarball from source and writes to an os.file -@@ -87,6 +88,28 @@ func Tar(source string) (io.ReadCloser, error) { - return archive.Tar(source, archive.Uncompressed) - } - -+// TarChrootToFilesystem creates a tarball from source and writes to an os.file -+// provided while chrooted to the source. -+func TarChrootToFilesystem(source string, tarball *os.File) error { -+ tb, err := TarWithChroot(source) -+ if err != nil { -+ return err -+ } -+ _, err = io.Copy(tarball, tb) -+ if err != nil { -+ return err -+ } -+ logrus.Debugf("wrote tarball file %s", tarball.Name()) -+ return nil -+} -+ -+// TarWithChroot creates a tarball from source and returns a readcloser of it -+// while chrooted to the source. -+func TarWithChroot(source string) (io.ReadCloser, error) { -+ logrus.Debugf("creating tarball of %s", source) -+ return chrootarchive.Tar(source, nil, source) -+} -+ - // RemoveScientificNotationFromFloat returns a float without any - // scientific notation if the number has any. - // golang does not handle conversion of float64s that have scientific From 6d6bcc24a175b63fab25ec17a54c667fd5c92d423a264668d0e70f99dd9e547c Mon Sep 17 00:00:00 2001 From: Richard Brown Date: Wed, 1 Mar 2023 12:12:52 +0000 Subject: [PATCH 6/6] Accepting request 1068009 from home:dancermak:branches:devel:microos Add patch to let quadlet use the default runtime OBS-URL: https://build.opensuse.org/request/show/1068009 OBS-URL: https://build.opensuse.org/package/show/devel:microos/podman?expand=0&rev=19 --- Quadlet-use-the-default-runtime.patch | 60 +++++++++++++++++++++++++++ podman.changes | 8 ++++ podman.spec | 8 +--- 3 files changed, 70 insertions(+), 6 deletions(-) create mode 100644 Quadlet-use-the-default-runtime.patch diff --git a/Quadlet-use-the-default-runtime.patch b/Quadlet-use-the-default-runtime.patch new file mode 100644 index 0000000..3abf28d --- /dev/null +++ b/Quadlet-use-the-default-runtime.patch @@ -0,0 +1,60 @@ +From df0fe4fcc7d54a1a8801f74bfac430f9986f0722 Mon Sep 17 00:00:00 2001 +From: Ygal Blum +Date: Wed, 22 Feb 2023 09:36:20 +0200 +Subject: [PATCH] Quadlet - use the default runtime +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Do not set the runtime when processing a .container file +Let Podman choose the runtime based on its configuration + +Signed-off-by: Ygal Blum +Signed-off-by: Dan Čermák +(cherry picked from commit 0d75854c52e646f4c83a7a4389d8c4aebbb7ee5c) +--- + pkg/systemd/quadlet/quadlet.go | 6 ++---- + test/e2e/quadlet/basepodman.container | 2 +- + test/e2e/quadlet/basic.container | 1 - + 3 files changed, 3 insertions(+), 6 deletions(-) + +diff --git a/pkg/systemd/quadlet/quadlet.go b/pkg/systemd/quadlet/quadlet.go +index 8724eb0e156..091fcb76d46 100644 +--- a/pkg/systemd/quadlet/quadlet.go ++++ b/pkg/systemd/quadlet/quadlet.go +@@ -295,11 +295,9 @@ func ConvertContainer(container *parser.UnitFile, isUser bool) (*parser.UnitFile + "--log-driver", "passthrough", + ) + +- // We use crun as the runtime and delegated groups to it ++ // We delegate groups to the runtime + service.Add(ServiceGroup, "Delegate", "yes") +- podman.add( +- "--runtime", "/usr/bin/crun", +- "--cgroups=split") ++ podman.add("--cgroups=split") + + timezone, ok := container.Lookup(ContainerGroup, KeyTimezone) + if ok && len(timezone) > 0 { +diff --git a/test/e2e/quadlet/basepodman.container b/test/e2e/quadlet/basepodman.container +index 91e12ceb9ca..1e2c34141ab 100644 +--- a/test/e2e/quadlet/basepodman.container ++++ b/test/e2e/quadlet/basepodman.container +@@ -1,4 +1,4 @@ +-## assert-podman-final-args run --name=systemd-%N --cidfile=%t/%N.cid --replace --rm --log-driver passthrough --runtime /usr/bin/crun --cgroups=split --sdnotify=conmon -d localhost/imagename ++## assert-podman-final-args run --name=systemd-%N --cidfile=%t/%N.cid --replace --rm --log-driver passthrough --cgroups=split --sdnotify=conmon -d localhost/imagename + + [Container] + Image=localhost/imagename +diff --git a/test/e2e/quadlet/basic.container b/test/e2e/quadlet/basic.container +index 794ded61e34..af2c325d593 100644 +--- a/test/e2e/quadlet/basic.container ++++ b/test/e2e/quadlet/basic.container +@@ -5,7 +5,6 @@ + ## assert-podman-args "--replace" + ## assert-podman-args "-d" + ## assert-podman-args "--log-driver" "passthrough" +-## assert-podman-args "--runtime" "/usr/bin/crun" + ## assert-podman-args "--cgroups=split" + ## assert-podman-args "--sdnotify=conmon" + ## assert-key-is "Unit" "RequiresMountsFor" "%t/containers" diff --git a/podman.changes b/podman.changes index 3400504..7d0c892 100644 --- a/podman.changes +++ b/podman.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Mon Feb 27 13:54:33 UTC 2023 - Dan Čermák + +- Add patch to let quadlet use the default runtime + Added patch: + * Quadlet-use-the-default-runtime.patch + => Remove dependency on crun + ------------------------------------------------------------------- Fri Feb 24 02:29:18 UTC 2023 - Danish Prakash diff --git a/podman.spec b/podman.spec index e9eff78..c08d7e0 100644 --- a/podman.spec +++ b/podman.spec @@ -1,7 +1,7 @@ # # spec file for package podman # -# Copyright (c) SUSE LLC +# Copyright (c) 2023 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -27,6 +27,7 @@ URL: https://%{project} Source0: %{name}-%{version}.tar.xz Source1: podman.conf Source2: README.SUSE.SLES +Patch0: https://github.com/containers/podman/pull/17641.patch#./Quadlet-use-the-default-runtime.patch BuildRequires: bash-completion BuildRequires: cni BuildRequires: device-mapper-devel @@ -51,11 +52,6 @@ Requires: catatonit >= 0.1.7 Requires: cni Requires: cni-plugins Requires: conmon >= 2.0.24 -# FIXME: quadlet has a hard dependency on crun -# until https://github.com/containers/podman/pull/17601 is merged -# which removes the hard dependency and at which point, we should -# remove this and let users decide which runtime to use. -Requires: crun Requires: fuse-overlayfs Requires: iptables Requires: libcontainers-common >= 20210626