Use new IP/CIDR types from Containerization. #957
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
jglogan
force-pushed
the
ip-typesafety
branch
from
1b16809 to
42f95bd
Compare
jglogan
commented
Dec 16, 2025
| self.hostname = hostname | ||
| self.address = address | ||
| self.gateway = gateway | ||
| self.ipv4Address = ipv4Address |
Contributor
Author
There was a problem hiding this comment.
I don't think we need to worry about backward compatibility for Codable here since we're not storing these fields anywhere yet.
jglogan
force-pushed
the
ip-typesafety
branch
from
42f95bd to
5711964
Compare
- Part of work for apple#460. - Bump CZ to 0.17.0.
jglogan
force-pushed
the
ip-typesafety
branch
from
5711964 to
07a79a6
Compare
ajemory
approved these changes
Dec 16, 2025
ajemory
left a comment
ajemory
left a comment
There was a problem hiding this comment.
Left a few nitpicky comments, but nothing blocking. Looks good!
| if !interfaces.isEmpty { | ||
| let primaryIfaceAddr = interfaces[0].address | ||
| let ip = primaryIfaceAddr.split(separator: "/") | ||
| let primaryIfaceAddr = interfaces[0].ipv4Address |
There was a problem hiding this comment.
Nitpick: I don't love the reference to interfaces[0]. Could make a struct to store interfaces[], but not much return on the effort -- definitely not blocking for this PR
| } | ||
| } | ||
| let overlap = existingCidrs.first { $0.overlaps(cidr: subnet) } | ||
| let overlap = existingCidrs.first { |
There was a problem hiding this comment.
Wouldn't mind seeing this split into a separate function like it was previously, just to keep things clean -- not blocking
Contributor
Author
There was a problem hiding this comment.
Unfortunately the overlaps(cidr:) test got removed from the core CIDR types.
I'll extract this into an extension here when we add the IPv6 support.
katiewasnothere
approved these changes
Dec 17, 2025
jglogan
pushed a commit
that referenced
this pull request
Dec 18, 2025
- Fixes issue #923 - I fixed a race condition in `ConnectHandler.swift` where an asynchronous network connection could complete after the handler had already been removed from the pipeline. - This prevents the EXC_BREAKPOINT crash in container-runtime-linux that occurred when kinc (Kubernetes in Container) created rapid connections. - The actual fix was inadvertently applied in #957, so this PR contains only the test code.
3 tasks
Mcrich23
added a commit
to Mcrich23/container
that referenced
this pull request
Jan 20, 2026
commit 69445b9 Author: jwhur <57657645+JaewonHur@users.noreply.github.com> Date: Mon Jan 19 13:09:34 2026 -0800 Throw error when starting a container with invalid virtiofs source (apple#1051) Run = Create + Start 1) Mount source points to a valid directory - Run and Create + Start both correctly create the container with mount. 2) Mount source points to a file - Run fails bootstrapping the container, thus container not created. - Create creates the container, but Start fails bootstrapping, removing the container. (Thus, both are the same.) 3) Mount source deleted or replaced to file after container created - Start throw errors but do not delete the container. commit 08f48d9 Author: Danny Canter <danny_canter@apple.com> Date: Fri Jan 16 21:48:58 2026 -0800 ContainerSvc: Handle unexpected sandbox svc exits (apple#1065) Closes apple#1050 If the sandbox svc exits out of band of the usual stop (or regular exit) case the container svc's state is not properly updated for the container. This was due to the cleanup steps involving trying to send the shutdown rpc which cannot succeed as the sandbox svc does not exist to service it. To handle this, let's treat shutdown not returning successfully as non-fatal (as this is mostly best effort), log an error and continue the state cleanup. commit b928e3f Author: Amir Alperin <me@remotecpp.dev> Date: Sat Jan 17 07:43:48 2026 +0200 fix: performance warning should not output ANSI codes if stderr redirected (apple#1059) commit 744e7f7 Author: J Logan <john_logan@apple.com> Date: Fri Jan 16 16:26:13 2026 -0800 Update for containerization 0.21.0. (apple#1056) - Update image load and build to handle rejected paths during tar extraction. For the image load command there is now a `--force` function that fails extractions with rejected paths when false, and just warns about the rejected paths when true. - Update `container stats` for statistics API properties now all being optional. ## Type of Change - [x] Bug fix - [ ] New feature - [ ] Breaking change - [x] Documentation update ## Motivation and Context See above ## Testing - [x] Tested locally - [x] Added/updated tests - [x] Added/updated docs commit b1577d8 Author: J Logan <john_logan@apple.com> Date: Fri Jan 16 15:50:47 2026 -0800 Adds opt-in pre-commit hook for format and header checks. (apple#1062) - Closes apple#639. - Adds swift format configuration that removes lint checks so we can use `swift lint` to perform format-only tests. - Adds `check` target that invokes format and header checks. - Adds pre-commit script that runs `make check`. - Adds `pre-commit` target that installs the check script as a pre-commit hook. ## Type of Change - [ ] Bug fix - [x] New feature - [ ] Breaking change - [x] Documentation update ## Motivation and Context Avoids wasting time and commit rewrites. ## Testing - [x] Tested locally - [ ] Added/updated tests - [x] Added/updated docs commit 3cf2c6a Author: J Logan <john_logan@apple.com> Date: Fri Jan 16 13:41:32 2026 -0800 Fix unstable integration tests. (apple#1060) - TestCLIRunCommand now run so many tests concurrently that the API server gets swamped and tests randomly time out. - The parallelism options on `swift test` only work for XCTest, not swift-testing. - Work around this while retaining some parallelism (good for stress testing) by breaking the tests into two suites. commit 8897fcc Author: Manu Schiller <56154253+manuschillerdev@users.noreply.github.com> Date: Wed Jan 14 04:39:08 2026 +0100 fix: use pax instead of tar for pkg payload extraction (apple#1038) - It is common to have `gnu-tar` alongside other GNU tools installed and aliased for compatibility reasons. However, this breaks the current make build. - Use BSD-only binaries (no GNU equivalents that are commonly aliased), making the Makefile more portable. commit dbec1db Author: Ronit Sabhaya <ronitsabhaya75@gmail.com> Date: Mon Jan 12 20:34:25 2026 -0600 Add support for aarch64 architecture alias (apple#1040) - Adds `aarch64` as an alias for `arm64` in the `Arch` enum. This addresses the maintainer's request to support this common architecture name, ensuring consistency with `x86_64` normalization and preventing failures for users expecting `aarch64` support. commit 837aa5e Author: jwhur <57657645+JaewonHur@users.noreply.github.com> Date: Mon Jan 12 14:36:10 2026 -0800 Fix the FS error when using Virtualization (apple#1041) - Fixes apple#614. - Use VZ cached mode instead of auto. Signed-off-by: jwhur <jaewon_hur@apple.com> commit e465b10 Author: 박성근 <117553364+ParkSeongGeun@users.noreply.github.com> Date: Tue Jan 13 03:30:51 2026 +0900 Fix relative path resolution in entrypoint (apple#987) - Fixes apple#962. - Adds test to exercise apple/containerization#473. - Updates containerization to 0.20.1. Signed-off-by: ParkSeongGeun <phd0801@naver.com> commit aa77928 Author: Ronit Sabhaya <ronitsabhaya75@gmail.com> Date: Mon Jan 12 12:04:46 2026 -0600 Fix: Support x86_64 architecture alias to prevent silent pull failure… (apple#1036) - Adds architecture name normalization to accept `x86_64` and `x86-64` as aliases for `amd64`. commit dc4682b Author: Amir Alperin <me@remotecpp.dev> Date: Fri Jan 9 21:10:53 2026 +0200 fix: extract hostname from FQDN (apple#1011) (apple#1017) - Set the container hostname to the first DNS label derived from the container id, strip everything after the first dot. - Fixes apple#1011. commit 4af1cc0 Author: Ronit Sabhaya <ronitsabhaya75@gmail.com> Date: Thu Jan 8 21:27:43 2026 -0600 fix: improve error message when binding to privileged ports (fixes apple#978) (apple#1031) - The container fails to start with a generic "permission denied" error when attempting to publish privileged ports (ports below 1024) without root privileges. This provides a confusing user experience as the error doesn't explain why permission was denied. commit 21facf0 Author: J Logan <john_logan@apple.com> Date: Thu Jan 8 17:02:22 2026 -0800 Add instructions for using locally built init filesystem. (apple#1032) - Closes apple#1030. commit b671690 Author: Danny Canter <danny_canter@apple.com> Date: Wed Jan 7 21:01:10 2026 -0800 ProgressBar: Various fixes (apple#1025) There's a couple things I don't think are intuitive about this. 1. Because of the internal task, render() can still be called even after finish() completes. Ideally async defers are supported and we could just await the final render completing after cancelling the task and setting .finished, but alas. To fix this we can just lock across the methods for now. 2. We always clear the screen in the destructor, even if we don't use the progress bar. I don't think we should honestly do anything in the destructor. Feels a programmer error not to defer { bar.finish() } or call it somewhere. 3. Our spaces based line clearing. Use the ansi escape sequence for clearing line; I think our calculations were slightly off and it would leave trailing output ( "s]" ) in some cases. 4. Shrinking the window until the output is smaller than the terminal window (and vice versa) is wonky on various term emulators. Truthfully, this is just a hard problem, but we can truncate our output and still provide some useful info. This fixes some single line output (cat /etc/hostname etc.) getting cleared in our atexit handler, as well as the need for the usleep. commit 98410fd Author: J Logan <john_logan@apple.com> Date: Wed Jan 7 18:23:31 2026 -0800 Adds IPv6 port forwarding. (apple#1029) - Closes apple#1006. commit 9d06475 Author: Saehej Kang <saehej.kang@gmail.com> Date: Wed Jan 7 16:53:33 2026 -0800 [container]: add startedDate field (apple#1018) - Closes apple#302. - Closes apple#336 (obsoletes this PR). commit db8932a Author: J Logan <john_logan@apple.com> Date: Wed Jan 7 15:35:35 2026 -0800 Resolve IPv6 address queries for container names. (apple#1016) - Closes apple#1005. - Adapt everything to use MACAddress type from containerization 0.20.0. - Allocate MAC addresses for every container so that we have deterministic IPv6 link local addresses. - Add AAAA handling to ContainerDNSHandler. - NOTE: Only works on Tahoe. On Sequoia, we don't have a good way to set or determine the IPv6 network prefix when networks are created, so we can't infer the IPv6 link local addresses for AAAA responses and we instead return `NODATA`. commit 5d6c750 Author: Danny Canter <danny_canter@apple.com> Date: Wed Jan 7 14:48:58 2026 -0800 CLI: Add read-only flag to run/create (apple#999) Closes apple#990 Sets the rootfs for a container to read-only. commit aac2457 Author: Danny Canter <danny_canter@apple.com> Date: Wed Jan 7 13:46:26 2026 -0800 Tests: Fix relative path mount tests (apple#1028) The tests are run in parallel on CI, and were split into three tests. They change the cwd, so it's kind of a gamble whether some of them pass. This just moves all the logic into one test mostly. commit 9cd5397 Author: J Logan <john_logan@apple.com> Date: Wed Jan 7 10:35:19 2026 -0800 Update to containerization 0.20.0. (apple#1027) - Use MACAddress for Attachment and CZ interfaces. - Move data validation closer to API surface. commit 356c8d2 Author: J Logan <john_logan@apple.com> Date: Tue Jan 6 08:27:14 2026 -0800 Reorganize client libraries. (apple#1020) - Closes apple#461. - Extract core types into ContainerResources target. - Extract ContainerNetworkServiceClient from ContainerNetworkService. - Relocate sandbox client from ContainerClient to ContainerSandboxServiceClient. - Relocate ContainerClient to ContainerAPIServiceClient. - Common structure from services and clients under Source/Services. Updated project hierarchy: ``` Sources/CAuditToken - audit token access wrapper Sources/CLI - CLI executable Sources/ContainerBuild - builder Sources/ContainerCommands - CLI command implementations Sources/ContainerLog - logging helpers Sources/ContainerPersistence - persistent data and system property helpers Sources/ContainerPlugin - plugin system Sources/ContainerResource - resource (container, image, volume, network) types Sources/ContainerVersion - version helpers Sources/ContainerXPC - XPC helpers Sources/CVersion - injected project version Sources/DNSServer - container DNS resolver Sources/Helpers - service executables Sources/Services/*/Client - service clients Sources/Services/*/Server - service implementations Sources/SocketForwarder - port forwarding Sources/TerminalProgress - progress bar ``` ## Type of Change - [ ] Bug fix - [ ] New feature - [x] Breaking change - [ ] Documentation update ## Motivation and Context The ContainerClient library was a bit of a grab bag. This refactor applies a more sensible project and library structure for resource data types, services, and clients. ## Testing - [x] Tested locally - [x] Added/updated tests - [ ] Added/updated docs commit 8c439cd Author: Danny Canter <danny_canter@apple.com> Date: Mon Jan 5 13:50:57 2026 -0800 makefile: Add cli target (apple#1022) Often times I'll be making a change that only touches the cli and I don't feel like sitting through the potential song and dance of the other components building/installing. commit d6f052d Author: Kathryn Baldauf <k_baldauf@apple.com> Date: Mon Jan 5 13:09:34 2026 -0800 Update license header on all files to include the current year (apple#1024) ## Motivation and Context Now that we're in 2026, we need to update the license headers on all the files. Unfortunately, Hawkeye doesn't have an attribute for the current year to help us avoid this in the future. Instead, I had to work around this by doing the following: 1. Update licenserc.toml with: ``` [properties] ... (other properties) currentYear = "2026" ``` 2. Update scripts/license-header.txt with ``` Copyright ©{{ " " }}{%- set created = attrs.git_file_created_year or attrs.disk_file_created_year -%}{%- set modified = props["currentYear"] -%}{%- if created != modified -%} {{created}}-{{modified}}{%- else -%}{{created}}{%- endif -%}{{ " " }}{{ props["copyrightOwner"] }}. ``` Then I removed these two changes before committing. After this PR is merged, all files will have recently had git updates, so the existing code for setting the modified year should work as intended. Signed-off-by: Kathryn Baldauf <k_baldauf@apple.com> commit 20dc0bc Author: Danny Canter <danny_canter@apple.com> Date: Sun Jan 4 11:11:09 2026 -0800 Parser: Support relative paths for --volume (apple#1013) commit 028e7e1 Author: Danny Canter <danny_canter@apple.com> Date: Sun Jan 4 10:52:46 2026 -0800 Deps: Bump Containerization to 0.19.0 (apple#1015) Has read-only rootfs support. commit 020949e Author: Danny Canter <danny_canter@apple.com> Date: Sun Jan 4 10:51:20 2026 -0800 CLI: Small fixups for implicit envvars (apple#1014) We should only inherit from the host if there's no =. Additionally document the flag a little more to show that we can inherit from the host. commit df368b7 Author: Amir Alperin <alperin.amir@gmail.com> Date: Sun Jan 4 20:49:22 2026 +0200 Fix port validation to allow same port for different protocols (apple#992) (apple#1000) - Fixes: apple#992 - Port validation previously rejected valid configurations when the same port number was used for different protocols (TCP and UDP). For example: `-p 1024:1024/udp -p 1024:1024/tcp` Although this is a valid and common use case, the validation logic treated it as a conflict. To fix this, I updated the validation key to include the protocol name. The validation now checks for overlapping port numbers only within the same protocol, rather than across all protocols. This change enables binding the same port number for both TCP and UDP, aligning the validation behavior with real-world networking requirements. ## Testing - [x] Tested locally - [x] Added/updated tests - [ ] Added/updated docs commit cf64614 Author: J Logan <john_logan@apple.com> Date: Fri Jan 2 14:10:48 2026 -0800 Update OSS header in Package.swift. (apple#1010) commit 375ce16 Author: J Logan <john_logan@apple.com> Date: Fri Jan 2 12:09:12 2026 -0800 Fix OSS header dates that break CI checks. (apple#1009) commit 580d853 Author: c <claudeaceae@icloud.com> Date: Fri Jan 2 00:19:57 2026 -0500 Use full path for uninstall script in upgrade instructions (apple#983) - Makes the upgrade section consistent with the uninstall section by using the full path to the uninstall script. commit 4cadc40 Author: c <claudeaceae@icloud.com> Date: Thu Jan 1 22:53:56 2026 -0500 Clarify uninstall script location in README (apple#982) - Clarifies where the `uninstall-container.sh` script is located after installation - Updates example commands to use the full path commit 4e78e30 Author: c <claudeaceae@icloud.com> Date: Thu Jan 1 20:57:47 2026 -0500 Fix grammar in tutorial.md (apple#985) ## Summary - Fixes a grammar error in the tutorial's publish section ## Details Line 287 of `docs/tutorial.md` had "you need push images" which should be "you need to push images". This is a simple grammar fix to improve readability. ## Test plan - [x] Verified the sentence now reads correctly commit 22dfd6e Author: Danny Canter <danny_canter@apple.com> Date: Thu Jan 1 17:57:00 2026 -0800 CLI: Fix stop not signalling waiters (apple#972) commit 4958cf2 Author: c <claudeaceae@icloud.com> Date: Thu Jan 1 20:51:10 2026 -0500 Fix bash completion source path in documentation (apple#981) - Corrects the source path for bash completion script when not using bash-completion package. commit 25ac79a Author: c <claudeaceae@icloud.com> Date: Thu Jan 1 20:50:19 2026 -0500 Fix MAC address option typo in how-to documentation (apple#980) - Corrects the MAC address example command in the how-to guide to use the correct `--network` flag syntax instead of the incorrect `--mac-address` flag. commit edadf15 Author: Raj <realrajaryan@gmail.com> Date: Thu Jan 1 15:10:39 2026 +0530 Fix container auto-delete on rapid stop/start (apple#841) Fixes apple#833. Currently, when stopping and immediately restarting a container, it would fail with the error: `“container expected to be in created state, got: shuttingDown”` and then be automatically deleted. The `SandboxService` process waits five seconds before exiting after shutdown. During this interval, a rapid restart could reconnect to the still-terminating process in the `shuttingDown` state, triggering a state validation error. This fix forcefully terminates the `SandboxService` process with `SIGKILL` upon container exit, instead of waiting five seconds. The bootstrap now defensively checks for and cleans up any stale services before registering new ones, preventing reconnections to processes in the `shuttingDown` state. commit 5064b0f Author: J Logan <john_logan@apple.com> Date: Mon Dec 22 10:16:14 2025 -0800 Adds network IPv6 configuration. (apple#975) - Part of work for apple#460. - Enable set/get of IPv6 network prefix in ReservedVmnetNetwork. - Show IPv6 prefix in `network list` full output. - Option for setting IPv6 prefix when creating a network. - System property for default IPv6 prefix. ## Type of Change - [ ] Bug fix - [x] New feature - [ ] Breaking change - [x] Documentation update ## Motivation and Context See apple#460. ## Testing - [x] Tested locally - [ ] Added/updated tests - [x] Added/updated docs commit 9c239aa Author: Volodymyr Bortniak <25820601+Bortnyak@users.noreply.github.com> Date: Sat Dec 20 00:36:02 2025 +0100 Add support for reading env from named pipes (apple#974) This is a fix for [issue#956](apple#956) `FileManager.default.contents(atPath:)` returns `nil` for named pipes (FIFOs) and process substitutions like `/dev/fd/XX` because: 1. It expects regular files with a known size 2. Named pipes are stream-based and block until data arrives ## Solution Use `FileHandle(forReadingFrom:)` instead, which: - Properly handles blocking I/O - Works with named pipes, process substitutions, and regular files (mentioned in the [doc](https://developer.apple.com/documentation/foundation/filehandle)) Co-authored-by: Bortniak Volodymyr <Bortnyak@users.noreply.github.com> commit 3c3a83c Author: Danny Canter <danny_canter@apple.com> Date: Thu Dec 18 16:28:44 2025 -0800 Turn on oops=panic kernel cmdline (apple#971) commit b1b9980 Author: Michael Gathara <mikegtrm@gmail.com> Date: Wed Dec 17 20:58:50 2025 -0600 Fix: Kubes Cluster in Container Crashing Container (IS#923) (apple#930) - Fixes issue apple#923 - I fixed a race condition in `ConnectHandler.swift` where an asynchronous network connection could complete after the handler had already been removed from the pipeline. - This prevents the EXC_BREAKPOINT crash in container-runtime-linux that occurred when kinc (Kubernetes in Container) created rapid connections. - The actual fix was inadvertently applied in apple#957, so this PR contains only the test code. commit 9f4efe0 Author: Saehej Kang <saehej.kang@gmail.com> Date: Wed Dec 17 00:30:33 2025 -0800 [networks]: add prune command (apple#914) - Closes apple#893 commit 4f88725 Author: J Logan <john_logan@apple.com> Date: Tue Dec 16 16:34:13 2025 -0800 Use new IP/CIDR types from Containerization. (apple#957) - Part of work for apple#460. - With CZ release 0.17.0, the IP and CIDR address types changed from String to IPv4Address and CIDRv4, respectively. This PR applies the corresponding adaptations to container. commit 8e16bb2 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Tue Dec 16 20:14:45 2025 +0000 Upgrade GitHub Actions to latest versions (apple#959) - Upgrade GitHub Actions to their latest versions for improved features, bug fixes, and security updates. Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com> commit 0c7dca4 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Tue Dec 16 19:23:31 2025 +0000 Add Dependabot for GitHub Actions updates (apple#960) ## Summary Add Dependabot configuration to automatically keep GitHub Actions up to date. ## Changes Adds `.github/dependabot.yml` configured to: - Check for GitHub Actions updates weekly - Group all action updates together for easier review - Use `ci` prefix for commit messages ## Why As discussed in apple#958, this helps: - Keep actions up to date with security patches automatically - Handle Node runtime deprecations proactively (e.g., Node 20 → Node 24) - Reduce manual maintenance burden ## Reference Based on the pattern used in [swift-nio](https://github.com/apple/swift-nio/blob/main/.github/dependabot.yml). commit 637c8f1 Author: Salman Chishti <salmanmkc@GitHub.com> Date: Tue Dec 16 18:15:42 2025 +0000 Upgrade GitHub Actions for Node 24 compatibility (apple#958) ## Summary Upgrade GitHub Actions to their latest versions to ensure compatibility with Node 24, as Node 20 will reach end-of-life in April 2026. ## Changes | Action | Old Version(s) | New Version | SHA | |--------|---------------|-------------|-----| | `actions/checkout` | v4 | v6 | `8e8c483` | | `actions/download-artifact` | v4 | v7 | `37930b1` | | `actions/upload-artifact` | v4 | v6 | `b7c566a` | | `actions/labeler` | v5 | v6 | `634933e` | | `actions/configure-pages` | v5 | v5 | `983d773` | | `actions/upload-pages-artifact` | v3 | v3 | `56afc60` | | `softprops/action-gh-release` | v2 | v2 | `a06a81a` | ## Context Per [GitHub's announcement](https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/), Node 20 is being deprecated and runners will begin using Node 24 by default starting March 4th, 2026. ### Why this matters - **Node 20 EOL**: April 2026 - **Node 24 default**: March 4th, 2026 - **Action**: Update to latest action versions that support Node 24 ### Security All actions are now **pinned to commit SHAs** instead of mutable version tags. This provides: - Protection against tag hijacking attacks - Immutable, reproducible builds - Version comments for readability ### Automated Updates A follow-up PR (apple#960) adds Dependabot configuration to automatically keep these actions updated with new SHA-pinned versions. ### Testing These changes only affect CI/CD workflow configurations and should not impact application functionality. The workflows should be tested by running them on a branch before merging. Signed-off-by: Salman Muin Kayser Chishti <13schishti@gmail.com> commit c22f128 Author: karen heckel <karen.heckel@utexas.edu> Date: Mon Dec 15 21:16:55 2025 -0800 Feat: customize console output with env variable (apple#952) Fixes apple#915 Added a new feature to support the passing of buildkit colors for customizing console output. commit 9b7cfd8 Author: Saehej Kang <saehej.kang@gmail.com> Date: Mon Dec 15 17:52:00 2025 -0800 [images]: refactor prune command (apple#941) - Updates to `image prune` for consistency with how other `prune` commands are done. Added missing test cases as well for the command - Relates to the discussion from apple#914 commit 7d30720 Author: Danny Canter <danny_canter@apple.com> Date: Thu Dec 11 05:36:15 2025 -0800 CLI: Fix -it not being able to pipe stdout (apple#951) Fixes apple#949 Typically if one fd is a tty, it's common for all 3 of stdio to be the same, but that is not always the case. In our case we were using our Terminal type from Containerization to comb through err/out/in and give us a type backed by one of the 3 if -t was supplied. It happens that stderr is the first we check, so our Terminal() is backed by fd 2. This change modifies things so that we always initialize our Terminal if asked for with fd 0, and out/err are backed by their corresponding correct fd number. ## Type of Change - [x] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Testing - [x] Tested locally - [ ] Added/updated tests - [ ] Added/updated docs commit a2901e0 Author: wangxiaolei <fatelei@gmail.com> Date: Wed Dec 10 10:04:40 2025 +0800 feat: implement version sub command (apple#911) - closes apple#383 - implement version sub command, give more info --------- Co-authored-by: fatelei <fatelei@fateleis-MacBook-Pro.local> commit 0cde1ef Author: Danny Canter <danny_canter@apple.com> Date: Tue Dec 9 13:24:45 2025 -0800 Deps: Bump Containerization to 0.16.2 (apple#947) Closes apple#928 Has a cgroup fix when stopping certain containers commit 3896055 Author: Dmitry Kovba <dkovba@apple.com> Date: Tue Dec 9 12:32:28 2025 -0800 Lowercase error messages (apple#945) ## Type of Change - [x] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context For consistency, all error messages are lowercased. ## Testing - [ ] Tested locally - [ ] Added/updated tests - [ ] Added/updated docs --------- Co-authored-by: J Logan <sgtbakerrahulnet@yahoo.com> commit 0733a81 Author: Saehej Kang <saehej.kang@gmail.com> Date: Tue Dec 9 10:54:37 2025 -0800 [volumes]: refactor prune command (apple#940) - Refactor the `volume prune` command to follow a client-side approach. The `volumeDiskUsage` is calculated in the service file, so it made sense to leave that there. - Relates to the discussion from apple#914 commit 42528e6 Author: Kathryn Baldauf <k_baldauf@apple.com> Date: Tue Dec 9 10:42:27 2025 -0800 Update CONTRIBUTORS to MAINTAINERS and point at containerization (apple#942) ## Type of Change - [x] Documentation update ## Motivation and Context See apple/containerization#435 for more information on this change. commit a64bd77 Author: J Logan <john_logan@apple.com> Date: Tue Dec 9 14:35:34 2025 -0300 Fix broken image integration tests. (apple#944) - Fixes apple#943. - Use images other than alpine:3.20 for image concurrency test so as not to interfere with tests using that image. - Rename test files to match suite names. commit ab92f39 Author: TTtie <me@tttie.cz> Date: Mon Dec 8 18:17:10 2025 +0100 fix(TerminalProgress): make the progress bar respect locale-specific decimal separator (apple#936) - The `ProgressBar#adjustFormattedSize` function currently expects a decimal dot when adding the additional ".0" to the size. This, however, breaks when a region with a non-dot decimal separator is used. commit 420be74 Author: J Logan <john_logan@apple.com> Date: Mon Dec 8 03:00:02 2025 -0300 Data integrity: bump to cz 0.16.1, adjust sync mode. (apple#939) - 0.16.1 changes an ext4 superblock setting that might have been causing problems. - apple#877 fixed an issue where the cache and sync settings for block filesystems weren't being passed down to the VZ virtual machine configuration. The default sync value getting passed down is `full`, which reduces I/O performance. Relax this to use `fsync` for now. ## Type of Change - [*] Bug fix - [ ] New feature - [ ] Breaking change - [ ] Documentation update ## Motivation and Context May address problems reported in apple#877. ## Testing - [x] Tested locally - [ ] Added/updated tests - [ ] Added/updated docs commit f7bcb68 Author: Santosh Bhavani <santosh.bhavani@live.com> Date: Sun Dec 7 10:56:50 2025 -0800 Add --max-concurrent-downloads flag for parallel layer downloads (apple#716) Adds `--max-concurrent-downloads` flag to `container image pull` for configurable concurrent layer downloads. Fixes apple#715 Depends on apple/containerization#311 **Usage**: ```bash container image pull nginx:latest --max-concurrent-downloads 6 ``` **Changes**: - Add CLI flag (default: 3) - Thread parameter through XPC stack - Update to use forked containerization with configurable concurrency **Performance**: ~1.2-1.3x faster pulls for multi-layer images with higher concurrency **Tests**: Included standalone tests verify concurrency behavior and parameter flow --------- Co-authored-by: Claude <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Type of Change
Motivation and Context
With CZ release 0.17.0, the IP and CIDR address types changed from String to IPv4Address and CIDRv4, respectively. This PR applies the corresponding adaptations to container.
Testing