Replace Locker.Modified with a more correct change tracking #1436

mtrmac · 2022-11-21T22:12:42Z

This, primarily,

modifies pkg/lockfile to expose a struct instead of an interface, so that we can keep adding methods without formally breaking API all the time
adds a new “last writer” state tracking API, where the state is tracked in the data consumer (one per consumer), instead of in the lock file object (one per process). This is necessary for basic correctness, and fixes lockfile.Modified() is designed incorrectly #1420 (for callers that update).
- This is also a tiny bit more efficient, because we don’t need to use an extra mutex to protect the per-process “last writer” data
uses the explicitly managed state to:
- improve reliability: we now record “last known state” only after successfully reloading from disk; so it’s not possible for a caller to use old data just because we failed to reload. (OTOH that broken state will now result in permanent downtime until the cause is fixed.)
- improve performance: we no longer reload state on first access after creating the store and loading (fixes the reproducer of Consecutive call to Store.Diff() never returns #1433)
modifies the layer reload code not to reload all layers if just the mounts file is modified

See individual commit messages for more changes, and more details.

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac · 2022-11-21T23:20:30Z

The commit description is now updated.

Downstream tests:

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

[NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

[NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac · 2022-11-22T20:38:18Z

The downstream tests have passed, this is ready for review.

rhatdan · 2022-11-22T20:55:33Z

layers.go

 		return r.load(lockedForWriting)
+	} else if r.lockfile.IsReadWrite() {


No need for else here.

Thanks, updated.

rhatdan · 2022-11-22T20:58:35Z

One minor NIT but LGTM
@nalind @vrothberg @giuseppe @saschagrunert @flouthoc PTAL

rhatdan · 2022-11-28T18:42:58Z

@alexlarsson PTAL

rhatdan · 2022-11-28T18:43:20Z

@nalind @vrothberg @giuseppe @saschagrunert @flouthoc PTAL

This actually relaxes some of the rules, contrary to previous documentation, but some of those relaxed rules were already assumed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

- Don't exit after saving only one of the locations - Only touch the lock once if saving both of the locations Signed-off-by: Miloslav Trmač <mitr@redhat.com>

... so that we don't need to update 4 separate copies. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Add lockfile.GetLockFile and lockfile.GetROLockFile (with upper-case F, as opposed to existing methods with lower-case f) which return a *LockFile struct, instead of the Locker interface. This follows the general Go design heuristic: "return structs, accept interfaces"; more importantly, it allows us to add more methods to the lock object without breaking the Go API by extending a pre-existing interface. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

This will allow us to benefit from new features. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

lockfile.LastWrite allows callers to explicitly track state across *LockFile.{GetLastWrite,ModifiedSince, RecordWrite}. *LockFile.{Modified,Touch} are now implemented in terms of these APIs. NOTE: This changes behavior, Touch() now updates the built-in state only on success. Either way there can be suprious modification reports. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

They are a shared state across all users of the *LockFile in the process, and therefore incorrect to use for any single consumer for change tracking. Direct users to user the new GetLastWrite, ModifiedSince, and RecordWrite, instead, and convert all c/storage users. In addition to just being correct, the new API is also more efficient: - We now initialize stores with GetLastWrite before loading state; so, we don't trigger an immediate reload on the _second_ use of a store, due to the problematic semantics of .Modified(). - Unlike Modified() and Touch(), the new APi can be safely used without locking *LockFile.stateMutex, for a tiny speedup. The conversion is, for now, trivial, just immediately updating the lastWrite value after the ModifiedSince call. That will get better. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

If the mounts file is changed, don't reload all of the layers as well. This is more efficient, and it will allow us to better track/update r.lastWrite and r.mountsLastWrite in the future. Exiting code calling reloadMountsIfChanged() indicates that this must already be safe. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Only update recorded LastWrite values _after_ we succesfully reload container/image/layer stores; so, if the reload fails, the functions will keep failing instead of using obsolete (and possibly partially loaded and completely invalid) data. Also, further improve mount change tracking, so that if layerStore.load() loads it, we don't reload it afterwards. This does not change the store.graphLock users; they will need to be cleaned up more comprehensively, and separately, in the future. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

vrothberg

LGTM

... and update to remove the now-deprecated Locker interface. [NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>

... and update to remove the now-deprecated Locker interface. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Update c/storage after containers/storage#1436

We adjust FILES to pickup new systemd utilities, but otherwise the recipe is unchanged. Bumping libpod to version v4.4.1-6-g73f52c051, which comprises the following commits: 84521f52d Update to c/image 5.24.1 8e5eb9a79 events + container inspect test: RHEL fixes 65c412383 Bump to v4.4.2-dev 34e8f3933 Bump to v4.4.1 7431f3d00 Update release notes for Podman 4.4.1 68a58c9a1 kube play: do not teardown unconditionally on error a1cc3733b Resolve symlink path for qemu directory if possible c3d781de0 events: document journald identifiers 52ae4a2c4 Quadlet: exit 0 when there are no files to process 1ee04fcc7 Cleanup podman-systemd.unit file f3ea36100 Install podman-systemd.unit man page, make quadlet discoverable 2b7ea6442 Add missing return after errors 1d76a166c oci: bind mount /sys with --userns=(auto|pod:) 20d31a0a6 docs: specify order preference for FROM 590186e0d Cirrus: Fix & remove GraphQL API tests 7407ccdc3 test: adapt test to work on cgroupv1 c2971a66a make hack/markdown-preprocess parallel-safe 322802e40 Fix default handling of pids-limit 6ce1a11b7 system tests: fix volume exec/noexec test e2a40dfa2 Bump to v4.4.1-dev 3443f453e Bump to v4.4.0 f42972714 Final release notes for v4.4.0 c927ad03b Emergency fix for RHEL8 gating tests ef4e7b8c7 Do not mount /dev/tty into rootless containers bbaa54258 Fixes port collision issue on use of --publish-all c3566cda4 Fix usage of absolute windows paths with --image-path 9eb960707 fix #17244: use /etc/timezone where `timedatectl` is missing on Linux 5c94568e9 podman-events: document verbose create events 45b00b648 Making gvproxy.exe optional for building Windows installer 63f964c08 Add gvproxy to Windows packages 579c5dc80 Match VT device paths to be blocked from mounting exactly 605079dc8 Clean up more language for inclusiveness f4bf448d8 Set runAsNonRoot=true in gen kube 45b9e17d7 quadlet: Add device support for .volume files 92bae973c fix: running check error when podman is default in wsl edb7779cd fix: don't output "ago" when container is currently up and running 6870dae23 journald: podman logs only show logs for current user cd4590908 journald: podman events only show events for current user 097ca6056 Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) 916ea3e5d DB: make loading container states optional de84be54e ps: do not sync container 3a65466ba Allow --device-cgroup-rule to be passed in by docker API 36875c265 [v4.4] Bump to Buildah v1.29.0 8ff381f45 Bump to v4.4.0-dev dc3dfce94 Bump to v4.4.0-RC3 425da01d4 Create release notes for v4.4.0 300904a84 Cirrus: Update operating branch 9904fbed3 fix APIv2 python attach test flake 9d1c153cf ps: query health check in batch mode fda62b2d8 make example volume import, not import volume 623ad2a63 Correct output when inspecting containers created with --ipc 2db468204 Vendor containers/(storage, image, common, buildah) c4aae9b47 Get correct username in pod when using --userns=keep-id 6f519c9bd ps: get network data in batch mode 795708f8b build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 4ed46c984 add hack/perf for comparing two container engines b7ab889a7 systems: retrofit dns options test to honor other search domains 5925fe1a5 ps: do not create copy of container config e2c44c3d4 libpod: set search domain independently of nameservers 06241077c libpod,netavark: correctly populate /etc/resolv.conf with custom dns server 366e1686a podman: relay custom DNS servers to network stack 2b650e37c (fix) mount_program is in storage.options.overlay b29313811 Change example target to default in doc 86699954b network create: do not allow `default` as name 3ae84fe0a kube-play: add support for HostPID in podSpec d0794ab9e build(deps): bump github.com/docker/docker ca91cf416 Let's see if #14653 is fixed or not 8f7886515 Add support for podman build --group-add f65d79f4c vendor in latests containers/(storage, common, build, image) 7be8ff564 unskip network update test b5bfc2654 do not install swagger by default 2ad938ec6 pasta: skip "Local forwarder, IPv4" test 3db8ef37d add testbindings Makefile target 5ad72a234 update CI images to include pasta f07aa2add [CI:DOCS] Add CNI deprecation notices to documentation 07d297ca3 Cirrus: preserve podman-server logs 4faa139b7 waitPidStop: reduce sleep time to 10ms fd42c1dcb StopContainer: return if cleanup process changed state e0f671007 StopSignal: add a comment ac47d0719 StopContainer: small refactor e8b35a8c2 waitPidStop: simplify code 51836aa47 e2e tests: reenable long-skipped build test 36510f60d Add openssh-clients to podmanimage 0bd51f6c8 Reworks Windows smoke test to tunnel through interactive session. b5a6f3f91 fix bud-multiple-platform-with-base-as-default-arg flake ef3f09879 Remove ReservedAnnotations from kube generate specification 6d3858b21 e2e: update test/README.md 17b5bd758 e2e: use isRootless() instead of rootless.IsRootless() bfc5f07d9 Cleanup documentation on --userns=auto 120d16b61 Bump to v4.4.0-dev 24cc02a64 Bump to v4.4.0-rc2 ddf8e4989 Vendor in latest c/common dc2bd0857 sig-proxy system test: bump timeout 193b2a836 build(deps): bump github.com/containernetworking/plugins a581d2a04 rootless: rename auth-scripts to preexec-hooks bdf100179 Docs: version-check updates 79865c290 commit: use libimage code to parse changes bdc323cbf [CI:DOCS] Remove experimental mac tutorial 8db2b4b73 man: Document the interaction between --systemd and --privileged 70057c8b4 Make rootless privileged containers share the same tty devices as rootfull ones 067442b57 container kill: handle stopped/exited container a218960bc Vendor in latest containers/(image,ocicrypt) 6f919af78 add a comment to container removal 5ac5aaa72 Vendor in latest containers/storage daf747f16 Cirrus: Run machine tests on PR merge 4bb69abd5 fix flake in kube system test 9a206fdc9 kube play: complete container spec a02a10f3f E2E Tests: Use inspect instead of actual data to avoid UDP flake c2b36beb4 Use containers/storage/pkg/regexp in place of regexp c433982d1 Vendor in latest containers/storage 11835d5d0 Cirrus: Support using updated/latest NV/AV in PRs d9bf3f129 Limit replica count to 1 when deploying from kubernetes YAML 1ab833fb7 Set StoppedByUser earlier in the process of stopping 6ab883448 podman-play system test: refactor 470b68077 Bump to v4.4.0-dev d8774a93c Bump to v4.4.0-RC1 882cd17f8 network: add support for podman network update and --network-dns-server d2fb6cf05 service container: less verbose error logs b10a906b5 Quadlet Kube - add support for PublishPort key ad12d61c6 e2e: fix systemd_activate_test 758f20e20 Compile regex on demand not in init 3e2b9a28d [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. 5b1bdf949 E2E Test: Play Kube set deadline to connection to avoid hangs f4c81b0aa Only prevent VTs to be mounted inside privileged systemd containers a5ce3b3cd e2e: fix play_kube_test 81a3f7cb8 Updated error message for supported VolumeSource types 2bf94b764 Introduce pkg retry logic in win installer task db0323639 logformatter: include base SHA, with history link 37ade6be1 Network tests: ping redhat.com, not podman.io 2d8225cd4 cobra: move engine shutdown to Execute 35d2f61ec Updated options for QEMU on Windows hosts 28f13a74b Update Mac installer to use gvproxy v0.5.0 4cf06fe7e podman: podman rm -f doesn't leave processes 494db3e16 oci: check for valid PID before kill(pid, 0) cf364703f linux: add /sys/fs/cgroup if /sys is a bind mount 1bd3d32c5 Quadlet: Add support for ConfigMap key in Kube section 4a7a45f97 remove service container _after_ pods 07cc49efd Kube Play - allow setting and overriding published host ports 9fe86ec7f oci: terminate all container processes on cleanup 6dd1d48fd Update win-sshproxy to 0.5.0 gvisor tag e332b6246 Vendor in latest containers/common 92cdad031 Fix a potential defer logic error around locking a7f53932a logformatter: nicer formatting for bats failures ee3380e6b logformatter: refactor verbose line-print e82045f73 e2e tests: stop using UBI images 6038200fe k8s-file: podman logs --until --follow exit after time 767947ab8 journald: podman logs --until --follow exit after time c674b3dd8 journald: seek to time when --since is used 5f032256d podman logs: journald fix --since and --follow 7826e1ced Preprocess files in UTF-8 mode 4587e7fdb Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools eea78ec7b Vendor in latest containers/(common, image, storage) 54afda22b Switch to C based msi hooks for win installer 710eeb340 hack/bats: improve usage message d7ac11005 hack/bats: add --remote option 1a2e54ce6 hack/bats: fix root/rootless logic d0c89e90b Describe copy volume options bfdffb5b6 Support sig-proxy for podman-remote attach and start 6886e80b4 libpod: fix race condition rm'ing stopping containers fb73121c4 e2e: fix run_volume_test 86965f758 Add support for Windows ARM64 f9e8e8cfd Add shared --compress to man pages df02cb51e Add container error message to ContainerState d92bfd244 Man page checker: require canonical name in SEE ALSO 2a16e0484 system df: improve json output code 03c7f47aa kube play: fix the error logic with --quiet 9f0a37cd4 System tests: quadlet network test e47964417 Fix: List container with volume filter cd3492304 adding -dryrun flag 347d5372e Quadlet Container: Add support for EnvironmentFile and EnvironmentHost 68fbebfac Kube Play: use passthrough as the default log-driver if service-container is set 635c00840 System tests: add missing cleanup 8e77f4c99 System tests: fix unquoted question marks 16b595c32 Build and use a newer systemd image a061d793d Quadlet Network - Fix the name of the required network service 3ebb822e2 System Test Quadlet - Volume dependency test did not test the dependency a741299ef fix `podman system connection - tcp` flake 1d3fd5383 vendor: bump c/storage to a747b27 598b93722 Fix instructions about setting storage driver on command-line 18b21b89c Test README - point users to hack/bats 2000c4c80 System test: quadlet kube basic test 479052afa Fixed `podman update --pids-limit` 553df8748 podman-remote,bindings: trim context path correctly when its emptydir 9f5f092f1 Quadlet Doc: Add section for .kube files 200f86ede e2e: fix containers_conf_test 0c94f6185 Allow '/' to prefix container names to match Docker 0c6805880 Remove references to qcow2 1635db474 Fix typos in man page regarding transient storage mode. 85ceb7fb5 make: Use PYTHON var for .install.pre-commit 338b28393 Add containers.conf read-only flag support d27ebf2ee Explain that relabeling/chowning of volumes can take along time 45b180c1f events: support "die" filter 1e84e1a8d infra/abi: refactor ContainerRm 3808067ff When in transient store mode, use rundir for bundlepath 0179aa245 quadlet: Support Type=oneshot container files 236f0cc50 hacks/bats: keep QUADLET env var in test env 97f9d625a New system tests for conflicting options bfec23c36 Vendor in latest containers/(buildah, image, common) 24b1e81c5 Output Size and Reclaimable in human form for json output 4724fa307 podman service: close duplicated /dev/null fd 8e05caef6 ginkgo tests: apply ginkgolinter fixes 3e48d74c8 Add support for hostPath and configMap subpath usage 3ac5d1009 export: use io.Writer instead of file 1bac16096 rootless: always create userns with euid != 0 90719d38f rootless: inhibit copy mapping for euid != 0 02555d166 pkg/domain/infra/abi: introduce `type containerWrapper` 987c8e3a7 vendor: bump to buildah ca578b290144 and use new cache API 0cf36684c quadlet: Handle booleans that have defaults better dd428af89 quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault ddeb9592c Add podman-clean-transient.service service 80de85081 Stop recording annotations set to false 9187df5b2 Unify --noheading and -n to be consistent on all commands 2bbeba70b pkg/domain/infra/abi: add `getContainers` ae706e61b Update vendor of containters/(common, image) 24ab178fb specfile: Drop user-add depedency from quadlet subpackage. e9243f904 quadlet: Default BINDIR to /usr/bin if tag not specified d974a79e2 Quadlet: add network support 070b69205 Add comment for jsonMarshal command d1496afb5 Always allow pushing from containers-storage 0bc3d3579 libpod: move NetNS into state db instead of extra bucket 80878f20b Add initial system tests for quadlets 20b10574d quadlet: Add --user option 4fa65ad0d libpod: remove CNI word were no longer applicable 1424f0958 libpod: fix header length in http attach with logs 12d058400 podman-kube@ template: use `podman kube` 3868d2d82 build(deps): bump github.com/docker/docker f4d0496b5 wait: add --ignore option 461726a3f qudlet: Respect $PODMAN env var for podman binary a4a647c0b e2e: Add assert-key-is-regex check to quadlet e2e testsuite 84f3ad356 e2e: Add some assert to quadlet test to make sure testcases are sane 97f63da67 remove unmapped ports from inspect port bindings fa4b34618 update podman-network-create for clarity 3718ac8e9 Vendor in latest containers/common with default capabilities f0a8c0bd9 pkg/rootless: Change error text ... 290019c48 rootless: add cli validator 71f96c2e6 rootless: define LIBEXECPODMAN 14ee8faff doc: fix documentation for idmapped mounts dcbf7b448 bump golangci-lint to v1.50.1 b1bb84637 build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 89939dea9 [CI:DOCS] podman-mount: s/umount/unmount/ 46b7d8d1e create/pull --help: list pull policies bddd3f5b5 Network Create: Add --ignore flag to support idempotent script 866426a93 Make qemu security model none fdcc2257d libpod: use OCI idmappings for mounts 4a5581ce0 stop reporting errors removing containers that don't exist 80405a2a5 test: added test from wait endpoint with to long label fd92a6807 quadlet: Default VolatileTmp to off b4d90b2eb build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 f155a4e78 docs/options/ipc: fix list syntax b3c7c1872 Docs: Add dedicated DOWNLOAD doc w/ links to bins f825481a4 Make a consistently-named windows installer 45a40bf58 checkpoint restore: fix --ignore-static-ip/mac 95cc7e052 add support for subpath in play kube for named volumes 364ed81b4 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 59118b42b golangci-lint: remove three deprecated linters 08741496d parse-localbenchmarks: separate standard deviation bf66b6ac7 build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 7bd1dbb75 podman play kube support container startup probe 43e307b84 Add podman buildx version support 7c6873b23 Cirrus: Collect benchmarks on machine instances b361a42e6 Cirrus: Remove escape codes from log files 59ce7cf1c [CI:DOCS] Clarify secret target behavior fe3d3256e Fix typo on network docs 9f6cf50d5 podman-remote build add --volume support 2dde30b93 remote: allow --http-proxy for remote clients 2f29639bd Cleanup kube play workloads if error happens 1ed982753 health check: ignore dependencies of transient systemd units/timers 04ea8eade fix: event read from syslog db4d01871 Fixes secret (un)marshaling for kube play. 7665bbc12 Remove 'you' from man pages 1bfaf5194 build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools 97c56eef6 [CI:DOCS] test/README.md: run tests with podman-remote 8b87665f2 e2e: keeps the http_proxy value 9b702460e Makefile: Add podman-mac-helper to darwin client zip c7b936a41 test/e2e: enable "podman run with ipam none driver" for nv 45f8b1ca9 [skip-ci] GHA/Cirrus-cron: Fix execution order 4fa307f14 kube sdnotify: run proxies for the lifespan of the service 7d16c2b69 Update containers common package 75f421571 podman manpage: Use man-page links instead of file names 86f4bd4f5 e2e: fix e2e tests in proxy environment 4134a3723 Fix test 28774f18c disable healthchecks automatically on non systemd systems 1ea00ebda Quadlet Kube: Add support for userns flag 07a386835 [CI:DOCS] Add warning about --opts,o with mount's -o 93d2ec148 Add podman system prune --external f1dbfda80 Add some tests for transient store e74b3f24e runtime: In transient_store mode, move bolt_state.db to rundir 25d9af8f4 runtime: Handle the transient store options 56115d5e5 libpod: Move the creation of TmpDir to an earlier time c9961e18c network create: support "-o parent=XXX" for ipvlan 2f5025a2d compat API: allow MacAddress on container config a55413c80 Quadlet Kube: Add support for relative path for YAML file 8c3af7186 notify k8s system test: move sending message into exec a651cdfbc runtime: do not chown idmapped volumes f3c5b0f9d quadlet: Drop ExecStartPre=rm %t/%N.cid d61618ad4 Quadlet Kube: Set SyslogIdentifier if was not set eaab4b99a Add a FreeBSD cross build to the cirrus alt build task 39b6ccb38 Add completion for --init-ctr af86b4f62 Fix handling of readonly containers when defined in kube.yaml 98a1b551f Build cross-compilation fixes 6ed8dc17c libpod: Track healthcheck API changes in healthcheck_unsupported.go 16cf34dc3 quadlet: Use same default capability set as podman run b34ab8b5f quadlet: Drop --pull=never 098ad52ec quadlet: Change default of ReadOnly to no 1c3fddfaf quadlet: Change RunInit default to no d19ea6a60 quadlet: Change NoNewPrivileges default to false a93a390b8 test: podman run with checkpoint image f4401567c Enable 'podman run' for checkpoint images 3a362462c test: Add tests for checkpoint images bdd5f8245 CI setup: simplify environment passthrough code 10e020c65 Init containers should not be restarted c83efd0f0 Update c/storage after containers/storage#1436 486790f61 Set the latest release explicitly d19e1526d add friendly comment 1d84f0adb fix an overriding logic and load config problem 2b6cf1d07 Update the issue templates 2862ecf28 Update vendor of containers/(image, buildah) 1c1a8d33f [CI:DOCS] Skip windows-smoke when not useful 190bab553 [CI:DOCS] Remove broken gate-container docs bb10095ec OWNERS: add Jason T. Greene 68d41c68d hack/podmansnoop: print arguments 009f5ec67 Improve atomicity of VM state persistence on Windows 052174891 [CI:BUILD] copr: enable podman-restart.service on rpm installation 54ef7f98d macos: pkg: Use -arm64 suffix instead of -aarch64 fe548dd0b linux: Add -linux suffix to podman-remote-static binaries d22395007 linux: Build amd64 and arm64 podman-remote-static binaries 71f92d263 container create: add inspect data to event d2ac99d65 Allow manual override of install location f17479c71 Run codespell on code cb96eac45 Add missing parameters for checkpoint/restore endpoint d16129330 Add support for startup healthchecks 2df0d9da9 Add information on metrics to the `network create` docs 96c208efb Introduce podman machine os commands 32d80378e Document that ignoreRootFS depends on export/import 1d031bf3b Document ignoreVolumes in checkpoint/restore endpoint 279a4ac77 Remove leaveRunning from swagger restore endpoint 07940764c libpod: Add checks to avoid nil pointer dereference if network setup fails dce7b3a5b Address golangci-lint issues 3eeb50d48 Bump golang version to 1.18 fbbef79c8 Documenting Hyper-V QEMU acceleration settings 9a6b70155 Kube Play: fix the handling of the optional field of SecretVolumeSource 35b46a420 Update Vendor of containers/(common, image, buildah) 75f6a1d59 Fix swapped NetInput/-Output stats f06869168 libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory fad50a9f2 chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template 64a450c51 test/tools: rebuild when files are changed 2ddf1c5cb ginkgo tests: apply ginkgolinter fixes c7827957a ginkgo: restructure install work flow ce7d4bbc7 Fix manpage emphasis 5d26628df specgen: support CDI devices from containers.conf 7eb11e7bb vendor: update containers/common 6502b1faa pkg/trust: Take the default policy path from c/common/pkg/config ba522e8f3 Add validate-in-container target 3bb9ed4f0 Adding encryption decryption feature e2fa94e8a container restart: clean up healthcheck state a4ba5f449 Add support for podman-remote manifest annotate 3084ed468 Quadlet: Add support for .kube files fb429dbe3 Update vendor of containers/(buildah, common, storage, image) a891199b9 specgen: honor user namespace value a575111ad [CI:DOCS] Migrate OSX Cross to M1 285d6c9ba quadlet: Rework uid/gid remapping f5a43eea2 GHA: Fix cirrus re-run workflow for other repos. 50d72bc63 ssh system test: skip until it becomes a test e7eed5aa9 shell completion: fix hard coded network drivers 504fcbbf9 libpod: Report network setup errors properly on FreeBSD dd4d212b0 E2E Tests: change the registry for the search test to avoid authentication 1498f924b pkginstaller: install podman-mac-helper by default a1b32866c Fix language. Mostly spelling a -> an caa2dfe01 podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. 72966a32c [CI:DOCS] Fix spelling and typos ae8a5a892 Modify man page of "--pids-limit" option to correct a default value. f950b1511 Update docs/source/markdown/podman-remote.1.md a9094a78a Update pkg/bindings/connection.go b6850e772 Add more documentation on UID/GID Mappings with --userns=keep-id 0d270ae38 support podman-remote to connect tcpURL with proxy 607cd39e1 Removing the RawInput from the API output 14ef6a91b fix port issues for CONTAINER_HOST 34020b353 CI: Package versions: run in the 'main' step db34c913b build(deps): bump github.com/rootless-containers/rootlesskit 4c1294ccb pkg/domain: Make checkExecPreserveFDs platform-specific 58869dcc3 e2e tests: fix restart race 7c1ad8a58 Fix podman --noout to suppress all output 9610d4c7b remove pod if creation has failed f36b3bc81 pkg/rootless: Implement rootless.IsFdInherited on FreeBSD 21f6902ec Fix more podman-logs flakes 1a839a96d healthcheck system tests: try to fix flake 36f8dfaa0 libpod: treat ESRCH from /proc/PID/cgroup as ENOENT 021a23b34 GHA: Configure workflows for reuse c7073b5fc compat,build: handle docker's preconfigured cacheTo,cacheFrom dceaa7603 docs: deprecate pasta network name a9852aa8f utils: Enable cgroup utils for FreeBSD e5f7fbcbe pkg/specgen: Disable kube play tests on FreeBSD 978c52850 libpod/lock: Fix build and tests for SHM locks on FreeBSD 3371c9d25 podman cp: fix copying with "." suffix f0dba82bb pkginstaller: bump Qemu to version 7.1.0 f6da2b060 specgen,wasm: switch to crun-wasm wherever applicable 2b4068a03 vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 1c79b01f6 libpod: Make unit test for statToPercent Linux only 95bb6efff Update vendor of containers/storage 69d737ef1 fix connection usage with containers.conf dd98e3cc6 Add --quiet and --no-info flags to podman machine start 00b2bc9b6 Add hidden podman manifest inspect -v option 05c48402b Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 836ca6c00 Add podman volume create -d short option for driver 5df00c6f7 Vendor in latest containers/(common,image,storage) bc77c034f Add podman system events alias to podman events ae9a2d26d Fix search_test to return correct version of alpine 75fdbea63 Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools 329b053cf GHA: Fix undefined secret env. var. d60c27c9d Release notes for 4.3.1 a13a59a70 GHA: Fix make_email-body script reference f049fef85 Add release keys to README dca407d46 GHA: Fix typo setting output parameter fcfb7d292 GHA: Fix typo. db439dd23 New tool, docs/version-check c0a9c6ebc Formalize our compare-against-docker mechanism a2c43d434 Add restart-sec for container service files 4513fde80 test/tools: bump module to go 1.17 440807210 contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor 9f9bf6fb4 Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0 a1323d31d Bump golang.org/x/term from 0.1.0 to 0.2.0 8b8ce8d53 Bump golang.org/x/sys from 0.1.0 to 0.2.0 fa2b4aeef Bump github.com/container-orchestrated-devices/container-device-interface 69ed903b2 build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools d95684676 libpod: Add FreeBSD support in packageVersion d9aceadea Allow podman manigest push --purge|-p as alias for --rm b5ee4de8c [CI:DOCS] Add performance tutorial cfa651f80 [CI:DOCS] Fix build targets in build_osx.md. 3e08f8535 fix --format {{json .}} output to match docker f807b6784 remote: fix manifest add --annotation 314cba259 Skip test if `--events-backend` is necessary with podman-remote 1c8196a9a kube play: update the handling of PersistentVolumeClaim 616fca9ff system tests: fix a system test in proxy environment 85ae935af Use single unqualified search registry on Windows cb8c9af5d test/system: Add, use tcp_port_probe() to check for listeners rather than binds 348c3f283 test/system: Add tests for pasta(1) connectivity b3cf83684 test/system: Move network-related helpers to helpers.network.bash ea4f168b3 test/system: Use procfs to find bound ports, with optional address and protocol 7e3d04fbc test/system: Use port_is_free() from wait_for_port() aa47e05ae libpod: Add pasta networking mode 6dd508b8e More log-flake work 3ebcfdbbc Fix test flakes caused by improper podman-logs 919678d2f fix incorrect systemd booted check 0334d8d61 Cirrus: Add tests for GHA scripts 66d857cdd GHA: Update scripts to pass shellcheck d17b7d852 Cirrus: Shellcheck github-action scripts 2ee40287e Cirrus: shellcheck support for github-action scripts 462ce32e6 GHA: Fix cirrus-cron scripts d5031946a Makefile: don't install to tmpfiles.d on FreeBSD 85f4d3717 Make sure we can build and read each line of docker py's api client cdb00332d Docker compat build api - make sure only one line appears per flush efbad590d Run codespell on code 571833d56 Update vendor of containers/(image, storage, common) 049a5d82f Allow namespace path network option for pods. f3195c930 Cirrus: Never skip running Windows Cross task 35523d560 GHA: Auto. re-run failed cirrus-cron builds once 3a85d537b GHA: Migrate inline script to file 980d5b362 GHA: Simplify script reference 417490128 test/e2e: do not use apk in builds 3fee351c3 remove container/pod id file along with container/pod 442df2967 Cirrus: Synchronize windows image 274d0f495 Add --insecure,--tls-verify,--verbose flags to podman manifest inspect cac4919bf runtime: add check for valid pod systemd cgroup d7e70c748 CI: set and verify DESIRED_NETWORK (netavark, cni) 6ec2bcb68 [CI:DOCS] troubleshooting: document keep-id options f95ff4f46 Man pages: refactor common options: --security-opt 853072455 Cirrus: Guarantee CNI testing w/o nv/av present fd9de876f Cirrus: temp. disable all Ubuntu testing ecd1927b4 Cirrus: Update to F37beta 56fae7dd0 buildah bud tests: better handling of remote 7ec743fe7 quadlet: Warn in generator if using short names 884350d99 Add Windows Smoke Testing f6c74324b Add podman kube apply command d1f3dd9e5 docs: offer advice on installing test dependencies 8e55abafd Fix documentation on read-only-tmpfs b8acdb34c version bump to 4.4.0-dev b8e03ab44 deps: bump go-criu to v6 fc65d72c3 Makefile: Add cross build targets for freebsd e23444fbc pkg/machine: Make this build on FreeBSD/arm64 3279342ff pkg/rctl: Remove unused cgo dependency d76bf4cb5 man pages: assorted underscore fixes bb78ba19e Upgrade GitHub actions packages from v2 to v3 0d505f20f vendor github.com/godbus/dbus/v5@4b691ce b20ef9c34 [CI:DOCS] fix --tmpdir typos 9003cdbf6 Do not report that /usr/share/containers/storage.conf has been edited. 71f0c9f33 Eval symlinks on XDG_RUNTIME_DIR 3ad5827b2 hack/podmansnoop 83313c547 rootless: support keep-id with one mapping 5dad34212 rootless: add argument to GetConfiguredMappings 6fe64591d Update vendor containers/(common,storage,buildah,image) f355900d3 Fix deadlock between 'podman ps' and 'container inspect' commands 59299b519 Add information about where the libpod/boltdb database lives 320ce8c9f Consolidate the dependencies for the IsTerminal() API 871172e6f Ensure that StartAndAttach locks while sending signals d50a55233 ginkgo testing: fix podman usernamespace join f0f12658d Test runners: nuke podman from $PATH before tests 3e6637a3b volumes: Fix idmap not working for volumes 237d41f3f FIXME: Temporary workaround for ubi8 CI breakage 11e4c0403 System tests: teardown: clean up volumes a141c9ac2 update api versions on docs.podman.io fdc9ca076 system tests: runlabel: use podman-under-test 05bdc7294 system tests: podman network create: use random port f0ba2d89e sig-proxy test: bump timeout 0ce234425 play kube: Allow the user to import the contents of a tar file into a volume bac907abf Clarify the docs on DropCapability 33eb45c47 quadlet tests: Disable kmsg logging while testing b07ba2441 quadlet: Support multiple Network= 8716de2ac quadlet: Add support for Network=... 721922fa7 Fix manpage for podman run --network option 6042ca7fd quadlet: Add support for AddDevice= f6f65f49d quadlet: Add support for setting seccomp profile a9f0957c2 quadlet: Allow multiple elements on each Add/DropCaps line af67f15bc quadlet: Embed the correct binary name in the generated comment 2b0d9cd94 quadlet: Drop the SocketActivated key d7e248dcf quadlet: Switch log-driver to passthrough 998f834b0 quadlet: Change ReadOnly to default to enabled 0de98b1b6 quadlet tests: Run the tests even for (exected) failed tests 8d41c7d2e quadlet tests: Fix handling of stderr checks 5c3a22e8c Remove unused script file c4ebe9e2a notifyproxy: fix container watcher 221cfc687 container/pod id file: truncate instead of throwing an error b7f05cef0 quadlet: Use the new podman create volume --ignore 734c435e0 Add podman volume create --ignore 4966f509b logcollector: include aardvark-dns 6a9c7a580 build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 e081d22b0 build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 622638b72 docs: generate systemd: point to kube template c1de4d3ce docs: kube play: mention restart policy 0572e5972 Fixes: 15858 (podman system reset --force destroy machine) 7a9c14d62 fix search flake 4e29ce2ba use cached containers.conf 6c7ae378c adding regex support to the ancestor ps filter function e5032a8de Fix `system df` issues with `-f` and `-v` c9c2f644d markdown-preprocess: cross-reference where opts are used 77f8eaa73 Default qemu flags for Windows amd64 e16800e8b build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 d70ffdaeb Update main to reflect v4.3.0 release b8c24bbb4 build(deps): bump github.com/docker/docker b4374f2bd move quadlet packages into pkg/systemd 34235b272 system df: fix image-size calculations 34ee37b91 Add man page for quadlet 84ed9bd5e Fix small typo 120a77e39 testimage: add iproute2 & socat, for pasta networking 30e66d600 Set up minikube for k8s testing 0a6d8b94c Makefile: don't install systemd generator binaries on FreeBSD cadb64d32 [CI:BUILD] copr: podman rpm should depend on containers-common-extra 02bb7c2cf Podman image: Set default_sysctls to empty for rootless containers 234b2230e Don't use github.com/docker/distribution 9e6b37ec1 libpod: Add support for 'podman top' on FreeBSD 21081355a libpod: Factor out jail name construction from stats_freebsd.go b82b27cc4 pkg/util: Add pid information descriptors for FreeBSD 62bb59d3b Initial quadlet version integrated in golang 44bac51fc bump golangci-lint to v1.49.0 01a3245d7 Update vendor containers/(common,image,storage) 75222add5 Allow volume mount dups, iff source and dest dirs cb2631bf3 rootless: fix return value handling 783b4e914 Change to correct break statements 04c126a3b vendor containers/psgo@v1.8.0 c39b71776 Clarify that MacOSX docs are client specific 51c376c8a libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit bb2b47dc7 Add swagger install + allow version updates in CI 2a622c8af Cirrus: Fix windows clone race 973710c8b build(deps): bump github.com/docker/docker b35fab6f1 kill: wait for the container ba276e117 generate systemd: set --stop-timeout for stopping containers 5113343a5 hack/tree_status.sh: print diff at the end bab816953 Fix markdown header typo bd4ee2d57 markdown-preprocess: add generic include mechanism 9cdea7fb3 markdown-preprocess: almost complete OO rewrite 33858c1cf Update tests for changed error messages 05119a917 Update c/image after containers/image#1299 8c7673857 Man pages: refactor common options (misc) 617a2de3a Man pages: Refactor common options: --detach-keys 69815a7f1 vendor containers/storage@main a584bb4e7 Man pages: refactor common options: --attach 0510dd2f1 build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 1d18dc267 KillContainer: improve error message 5da54e183 docs: add missing options 57ddeffd0 Man pages: refactor common options: --annotation (manifest) b256f5f58 build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 f16e9acc6 system tests: health-on-failure: fix broken logic 7ff8c8f79 build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 00adeda80 build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 d08b4c133 ContainerEngine.SetupRootless(): Avoid calling container.Config() 03c5f9d02 Container filters: Avoid use of ctr.Config() af38c79e3 Avoid unnecessary calls to Container.Spec() 55191ecc2 Add and use Container.LinuxResource() helper 7b84a3a43 play kube: notifyproxy: listen before starting the pod 2bee2216c play kube: add support for configmap binaryData 1038f063e Add and use libpod/Container.Terminal() helper b47b48fd0 Revert "Add checkpoint image tests" f437078d2 Revert "cmd/podman: add support for checkpoint images" 4dd67272e healthcheck: fix --on-failure=stop d4052c1aa Man pages: Add mention of behavior due to XDG_CONFIG_HOME b5950a918 build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 c34b5be99 Avoid unnecessary timeout of 250msec when waiting on container shutdown 02040089a health checks: make on-failure action retry aware 5b71070e4 libpod: Remove 100msec delay during shutdown b4b701139 libpod: Add support for 'podman pod' on FreeBSD 7f8964a78 libpod: Factor out cgroup validation from (*Runtime).NewPod d71160539 libpod: Move runtime_pod_linux.go to runtime_pod_common.go c35a70d21 specgen/generate: Avoid a nil dereference in MakePod e187b9711 libpod: Factor out cgroups handling from (*Pod).refresh 713428df0 Adds a link to OSX docs in CONTRIBUTING.md f8b659d09 Man pages: refactor common options: --os-version 8b189c0a0 Create full path to a directory when DirectoryOrCreate is used with play kube d4f622da7 Return error in podman system service if URI scheme is not unix/tcp 51c357841 Man pages: refactor common options: --time 0e4eeb52e man pages: document some --format options: images e136376d1 Clean up when stopping pods 11e83a095 Update vendor of containers/buildah v1.28.0 1e71d124e Proof of concept: nightly dependency treadmill Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

We drop our backported patch, since it is now part of the upstream project. We also drop {LINKSHARED} from the build, as with the updated buildah and golang version bumps in oe-core, we get the following build error: | # github.com/containers/buildah/cmd/buildah | type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P384Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P384Point]).Add | type:*crypto/elliptic.nistCurve[*crypto/internal/nistec.P384Point]: unreachable sym in relocation: crypto/elliptic.(*nistCurve[*crypto/internal/nistec.P384Point]).Add It is unclear what the linked shared flag was providing in our build, and we are generally ok with statically linked go applications. So we drop the flag until a compelling reason exists to debug the linking failure. Bumping buildah to version v1.29.1-1-g7fa17a842, which comprises the following commits: faf0d4fcb [release-1.29] Bump to Buildah v1.29.1 7d5ff3012 Update to c/image 5.24.1 94b723cb5 Bump to v1.29.0 c9cbc6d7d tests: improve build-with-network-test 5e3f26de2 Bump c/storagev1.45.3, c/imagev5.24.0, c/commonv0.51.0 b70fb1765 build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 fe0256d38 Flake 3710 has been closed. Reenable the test. f9ef51cbb [CI:DOCS] Fix two diversity issues in a tutorial 3ef898e41 build(deps): bump github.com/fsouza/go-dockerclient from 1.9.2 to 1.9.3 0d87e38b6 vendor in latests containers/(storage, common, image) 15bdd2aad fix bud-multiple-platform-with-base-as-default-arg flake ac7458e70 stage_executor: while mounting stages use freshly built stage e1cfcb240 build(deps): bump github.com/fsouza/go-dockerclient from 1.9.0 to 1.9.2 d1c82c29a build(deps): bump github.com/onsi/gomega from 1.24.2 to 1.25.0 4dec25346 vendor in latests containers/(storage, common, image, ocicyrpt) c0f6c6b7a [Itests: change the runtime-flag test for crun 186b30168 [CI:DOCS] README: drop sudo 1950ab687 Fix multi-arch manifest-list build timeouts d106e425a Cirrus: Update VM Images 67ab55bbb bud: Consolidate multiple synthetic LABEL instructions 9fced965e build, secret: allow realtive mountpoints wrt to work dir 938c03556 fixed squash documentation 59da1a7f7 build(deps): bump github.com/containerd/containerd from 1.6.14 to 1.6.15 4952862a2 Correct minor comment 820fafc88 Vendor in latest containers/(common, image, storage) a75b263f7 system tests: remove unhelpful assertions 356668389 buildah: add prune command and expose CleanCacheMount API a5e177586 vendor: bump c/storage to a747b27 60be7f250 Add support for --group-add to buildah from 00d8d94cb build(deps): bump actions/stale from 6 to 7 e33bb8678 Add documentation for buildah build --pull=missing 5828918bc build(deps): bump github.com/containerd/containerd from 1.6.12 to 1.6.14 4aa28f6a7 build(deps): bump github.com/docker/docker 7a4702ae2 parse: default ignorefile must not point to symlink outside context 67c2e4de5 buildah: wrap network setup errors d9578d32c build, mount: allow realtive mountpoints wrt to work dir 57a77073a Update to F37 CI VM Images, re-enable prior-fedora 798a250d4 Update vendor or containers/(image, storage, common) ca96c3678 build(deps): bump golang.org/x/crypto from 0.3.0 to 0.4.0 e0054a03d Update contact information e5cc78c43 build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 46eea3158 Replace io/ioutil calls with os calls 0183471b9 [skip-ci] GHA/Cirrus-cron: Fix execution order 8428bc87b Vendor in containers/common e60c4d7e5 build(deps): bump golang.org/x/sys from 0.2.0 to 0.3.0 ffed85036 remote-cache: support multiple sources and destinations a1698cde6 Update c/storage after containers/storage#1436 025a8df51 util.SortMounts(): make the returned order more stable 5e792e97b version: Bump to 1.29.0-dev 498b45770 [CI:BUILD] Cirrus: Migrate OSX task to M1 94560581d Update vendor of containers/(common, storage, image) e6eb05f75 mount=type=cache: seperate cache parent on host for each user 20dd347b9 Fix installation instructions for Gentoo Linux e162302df build(deps): bump github.com/containerd/containerd from 1.6.9 to 1.6.10 1cfb5eafb GHA: Reuse both cirrus rerun and check workflows 5bd5a4f9d Vendor in latest containers/(common,image,storage) 8e4979e81 build(deps): bump github.com/onsi/gomega from 1.24.0 to 1.24.1 3d755b5eb copier.Put(): clear up os/syscall mode bit confusion 1a18ab341 build(deps): bump golang.org/x/sys from 0.1.0 to 0.2.0 646c28290 Use TypeBind consistently to name bind/nullfs mounts d4c661a77 Add no-new-privileges flag 1f372c08a Update vendor of containers/(common, image, storage) b2054360a imagebuildah:build with --all-platforms must honor args for base images a17238891 codespell code 217b2d524 Expand args and env when using --all-platforms c554e5330 build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.0 ed3707765 GHA: Simplify Cirrus-Cron check slightly 1091222b2 Stop using ubi8 cec864147 remove unnecessary (hence misleading) rmi ffb00243f chroot: fix mounting of ro bind mounts a237085fe executor: honor default ARG value while eval base name 481b3cc95 userns: add arbitrary steps/stage to --userns=auto test dc733f1d2 Don't set allow.mount in the vnet jail on Freebsd e867db39b copier: Preserve file flags when copying archives on FreeBSD bf4420f25 Remove quiet flag, so that it works in podman-remote 8b1a490bd test: fix preserve rootfs with --mount for podman-remote b24449990 test: fix prune logic for cache-from after adding content summary 4290ab5af vendor in latest containers/(storage, common, image) 1d0dd78c3 Fix RUN --mount=type=bind,from=<stage> not preserving rootfs of stage 7aa34b86f Define and use a safe, reliable test image 87e379d5b Fix word missing in Container Tools Guide 57f370d9d Makefile: Use $(MAKE) to start sub-makes in install.tools 3223610ff imagebuildah: pull cache from remote repo after adding content summary f9693d0a5 Makefile: Fix install on FreeBSD 835668715 Ensure the cache volume locks are unlocked on all paths 0d7414703 Vendor in latest containers/(common,storage) 60382209e Simplify the interface of GetCacheMount and getCacheMount 8f955f801 Fix cache locks with multiple mounts bdd62ef87 Remove calls to Lockfile.Locked() cfa10d16c Maintain cache mount locks as lock objects instead of paths ffb2f27a8 test: cleaning cache must not clean lockfiles 6838cbc81 run: honor lockfiles for multiple --mount instruction f2e0af5c4 mount,cache: lockfiles must not be part of users cache content 6fa774ddc Update vendor containers/(common,image,storage) bdb549478 [CI:BUILD] copr: buildah rpm should depend on containers-common-extra eb9f3648b pr-should-include-tests: allow specfile, golangci da214d6d4 build(deps): bump dawidd6/action-send-mail from 3.7.0 to 3.7.1 5baed90cd build(deps): bump github.com/docker/docker 82431441a build(deps): bump github.com/fsouza/go-dockerclient from 1.8.3 to 1.9.0 9226bd312 Update vendor containers/(common,image,storage) 26a29674a build(deps): bump actions/upload-artifact from 2 to 3 cadd801fc build(deps): bump actions/checkout from 2 to 3 8ec69a9ad build(deps): bump actions/stale from 1 to 6 356ab96d7 build(deps): bump dawidd6/action-send-mail from 2.2.2 to 3.7.0 27032ea0f build(deps): bump tim-actions/get-pr-commits from 1.1.0 to 1.2.0 5038a0dae sshagent: LockOSThread before setting SocketLabel 4f272ee49 Update tests for error message changes 788fddb1d Update c/image after containers/image#1299 f232da006 Fix ident for dependabot gha block acc230dc3 build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 dc81652ff Fix man pages to match latest cobra settings 7260a4b0d build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 fba8daf13 build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 df8f0fa88 test: retrofit 'bud with undefined build arg directory' 9d43eb95e imagebuildah: warnOnUnsetBuildArgs while processing stages from executor 1a2af6864 Update contrib/buildahimage/Containerfile e1c7a5df1 Cirrus CI add flavor parameter b5c86a8e0 Correction - `FLAVOR` not `FLAVOUR` f5fc96e79 Changed build argument from `RELEASE` to `FLAVOUR` 36afa3530 Combine buildahimage Containerfiles 472c46f98 bud.bats refactoring: $TEST_SCRATCH_DIR, part 2 of 2 ca65736da bud.bats refactoring: $TEST_SCRATCH_DIR, part 1 of 2 2adbe2a58 System test cleanup: document, clarify, fix bf0a6e073 test: removing unneeded/expensive COPY 94ea37767 test: warning behaviour for unset/set TARGETOS,TARGETARCH,TARGETPLATFORM eae3415b1 Bump to v1.28.1-dev Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>

Aditya R (13): vendor: bump c/common to v0.50.2-0.20221111184705-791b83e1cdf1 specgen,wasm: switch to crun-wasm wherever applicable compat,build: handle docker's preconfigured cacheTo,cacheFrom vendor: bump to buildah ca578b290144 and use new cache API podman-remote,bindings: trim context path correctly when its emptydir vendor: bump c/storage to a747b27 network: add support for podman network update and --network-dns-server podman: relay custom DNS servers to network stack libpod,netavark: correctly populate /etc/resolv.conf with custom dns server libpod: set search domain independently of nameservers systems: retrofit dns options test to honor other search domains docs: specify order preference for FROM volume,container: chroot to source before exporting content Alexander Larsson (53): libpod: Remove 100msec delay during shutdown Avoid unnecessary timeout of 250msec when waiting on container shutdown Add and use libpod/Container.Terminal() helper Add and use Container.LinuxResource() helper Avoid unnecessary calls to Container.Spec() Container filters: Avoid use of ctr.Config() ContainerEngine.SetupRootless(): Avoid calling container.Config() Initial quadlet version integrated in golang Add man page for quadlet Add podman volume create --ignore quadlet: Use the new podman create volume --ignore quadlet tests: Fix handling of stderr checks quadlet tests: Run the tests even for (exected) failed tests quadlet: Change ReadOnly to default to enabled quadlet: Switch log-driver to passthrough quadlet: Drop the SocketActivated key quadlet: Embed the correct binary name in the generated comment quadlet: Allow multiple elements on each Add/DropCaps line quadlet: Add support for setting seccomp profile quadlet: Add support for AddDevice= Fix manpage for podman run --network option quadlet: Add support for Network=... quadlet: Support multiple Network= quadlet tests: Disable kmsg logging while testing Clarify the docs on DropCapability quadlet: Warn in generator if using short names quadlet: Rework uid/gid remapping quadlet: Change NoNewPrivileges default to false quadlet: Change RunInit default to no quadlet: Change default of ReadOnly to no quadlet: Drop --pull=never quadlet: Use same default capability set as podman run quadlet: Drop ExecStartPre=rm %t/%N.cid libpod: Move the creation of TmpDir to an earlier time runtime: Handle the transient store options runtime: In transient_store mode, move bolt_state.db to rundir Add some tests for transient store Add podman system prune --external podman manpage: Use man-page links instead of file names quadlet: Default VolatileTmp to off e2e: Add some assert to quadlet test to make sure testcases are sane e2e: Add assert-key-is-regex check to quadlet e2e testsuite qudlet: Respect $PODMAN env var for podman binary quadlet: Add --user option Add initial system tests for quadlets quadlet: Default BINDIR to /usr/bin if tag not specified specfile: Drop user-add depedency from quadlet subpackage. Add podman-clean-transient.service service quadlet: Rename parser.LookupBoolean to LookupBooleanWithDefault quadlet: Handle booleans that have defaults better hacks/bats: keep QUADLET env var in test env quadlet: Support Type=oneshot container files When in transient store mode, use rundir for bundlepath Andrei Natanael Cosma (1): Fixes secret (un)marshaling for kube play. Andrew Block (1): Updated error message for supported VolumeSource types Anjan Nath (3): pkginstaller: bump Qemu to version 7.1.0 pkginstaller: install podman-mac-helper by default pkginstaller: bump Qemu to version 7.2.0 Arthur Sengileyev (6): Default qemu flags for Windows amd64 Documenting Hyper-V QEMU acceleration settings Build cross-compilation fixes Updated options for QEMU on Windows hosts Add gvproxy to Windows packages Making gvproxy.exe optional for building Windows installer Ashley Cui (29): Release notes for 4.3.1 Add --quiet and --no-info flags to podman machine start Fix podman --noout to suppress all output [CI:DOCS] Migrate OSX Cross to M1 Introduce podman machine os commands Makefile: Add podman-mac-helper to darwin client zip [CI:DOCS] Clarify secret target behavior Support sig-proxy for podman-remote attach and start Bump to v4.4.0-RC1 Bump to v4.4.0-dev Vendor in latest c/common Bump to v4.4.0-rc2 Bump to v4.4.0-dev Vendor containers/(storage, image, common, buildah) Cirrus: Update operating branch Create release notes for v4.4.0 Bump to v4.4.0-RC3 Bump to v4.4.0-dev Final release notes for v4.4.0 Bump to v4.4.0 Bump to v4.4.1-dev Update release notes for Podman 4.4.1 Bump to v4.4.1 Bump to v4.4.2-dev Release notes for v4.4.2 Bump to v4.4.2 Bump to v4.4.3-dev Release notes for v4.4.3 Bump to v4.4.3 Austin Vazquez (1): Upgrade GitHub actions packages from v2 to v3 Ben Boeckel (1): docs/options/ipc: fix list syntax Björn Mosler (3): Allow namespace path network option for pods. [CI:DOCS] Fix build targets in build_osx.md. podman machine: Propagate SSL_CERT_FILE and SSL_CERT_DIR to systemd environment. Boaz Shuster (1): Return error in podman system service if URI scheme is not unix/tcp Brent Baude (3): Remove references to qcow2 [CI:DOCS] Remove experimental mac tutorial [CI:DOCS] Add CNI deprecation notices to documentation Charlie Doern (4): fix connection usage with containers.conf fix port issues for CONTAINER_HOST add support for subpath in play kube for named volumes Add support for hostPath and configMap subpath usage Chris Evich (35): Cirrus: Fix windows clone race Add swagger install + allow version updates in CI Cirrus: Update to F37beta Cirrus: temp. disable all Ubuntu testing Cirrus: Guarantee CNI testing w/o nv/av present Cirrus: Synchronize windows image GHA: Simplify script reference GHA: Migrate inline script to file GHA: Auto. re-run failed cirrus-cron builds once Cirrus: Never skip running Windows Cross task GHA: Fix cirrus-cron scripts Cirrus: shellcheck support for github-action scripts Cirrus: Shellcheck github-action scripts GHA: Update scripts to pass shellcheck Cirrus: Add tests for GHA scripts GHA: Fix typo. GHA: Fix typo setting output parameter GHA: Fix make_email-body script reference GHA: Fix undefined secret env. var. GHA: Configure workflows for reuse GHA: Fix cirrus re-run workflow for other repos. [CI:DOCS] Remove broken gate-container docs [CI:DOCS] Skip windows-smoke when not useful [CI:DOCS] Add warning about --opts,o with mount's -o [skip-ci] GHA/Cirrus-cron: Fix execution order Cirrus: Remove escape codes from log files Cirrus: Collect benchmarks on machine instances Make a consistently-named windows installer Docs: Add dedicated DOWNLOAD doc w/ links to bins Cirrus: Support using updated/latest NV/AV in PRs Cirrus: Run machine tests on PR merge Docs: version-check updates Cirrus: Fix & remove GraphQL API tests CI: Temporarily disable all AWS EC2-based tasks Revert "CI: Temporarily disable all AWS EC2-based tasks" Christophe Fergeau (3): linux: Build amd64 and arm64 podman-remote-static binaries linux: Add -linux suffix to podman-remote-static binaries macos: pkg: Use -arm64 suffix instead of -aarch64 Dan Čermák (1): Limit replica count to 1 when deploying from kubernetes YAML Daniel J Walsh (61): Update vendor of containers/buildah v1.28.0 Revert "cmd/podman: add support for checkpoint images" Revert "Add checkpoint image tests" Allow volume mount dups, iff source and dest dirs Update vendor containers/(common,image,storage) Don't use github.com/docker/distribution Add information about where the libpod/boltdb database lives Update vendor containers/(common,storage,buildah,image) Eval symlinks on XDG_RUNTIME_DIR Do not report that /usr/share/containers/storage.conf has been edited. Fix documentation on read-only-tmpfs Add --insecure,--tls-verify,--verbose flags to podman manifest inspect Update vendor of containers/(image, storage, common) Run codespell on code Allow podman manigest push --purge|-p as alias for --rm Fix search_test to return correct version of alpine Add podman system events alias to podman events Vendor in latest containers/(common,image,storage) Add podman volume create -d short option for driver Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 Add hidden podman manifest inspect -v option Add more documentation on UID/GID Mappings with --userns=keep-id Update pkg/bindings/connection.go Update docs/source/markdown/podman-remote.1.md Update vendor of containers/(buildah, common, storage, image) Update Vendor of containers/(common, image, buildah) Run codespell on code Update vendor of containers/(image, buildah) Init containers should not be restarted Fix handling of readonly containers when defined in kube.yaml Add completion for --init-ctr Remove 'you' from man pages Add podman buildx version support stop reporting errors removing containers that don't exist Vendor in latest containers/common with default capabilities Update vendor of containters/(common, image) Unify --noheading and -n to be consistent on all commands Stop recording annotations set to false Output Size and Reclaimable in human form for json output Vendor in latest containers/(buildah, image, common) Explain that relabeling/chowning of volumes can take along time Add containers.conf read-only flag support Allow '/' to prefix container names to match Docker Add shared --compress to man pages Describe copy volume options Vendor in latest containers/(common, image, storage) Vendor in latest containers/common Compile regex on demand not in init Vendor in latest containers/storage Use containers/storage/pkg/regexp in place of regexp Vendor in latest containers/storage Vendor in latest containers/(image,ocicrypt) Cleanup documentation on --userns=auto Remove ReservedAnnotations from kube generate specification vendor in latests containers/(storage, common, build, image) Add support for podman build --group-add Get correct username in pod when using --userns=keep-id Correct output when inspecting containers created with --ipc Allow --device-cgroup-rule to be passed in by docker API Install podman-systemd.unit man page, make quadlet discoverable Cleanup podman-systemd.unit file Daniel Lublin (1): fix: don't output "ago" when container is currently up and running Debarshi Ray (1): Consolidate the dependencies for the IsTerminal() API Doug Rabson (31): libpod: Factor out cgroups handling from (*Pod).refresh specgen/generate: Avoid a nil dereference in MakePod libpod: Move runtime_pod_linux.go to runtime_pod_common.go libpod: Factor out cgroup validation from (*Runtime).NewPod libpod: Add support for 'podman pod' on FreeBSD libpod: Factor out the call to PidFdOpen from (*Container).WaitForExit pkg/util: Add pid information descriptors for FreeBSD libpod: Factor out jail name construction from stats_freebsd.go libpod: Add support for 'podman top' on FreeBSD Makefile: don't install systemd generator binaries on FreeBSD vendor github.com/godbus/dbus/v5@4b691ce pkg/rctl: Remove unused cgo dependency pkg/machine: Make this build on FreeBSD/arm64 Makefile: Add cross build targets for freebsd version bump to 4.4.0-dev Makefile: don't install to tmpfiles.d on FreeBSD libpod: Add FreeBSD support in packageVersion Update vendor of containers/storage libpod: Make unit test for statToPercent Linux only libpod/lock: Fix build and tests for SHM locks on FreeBSD pkg/specgen: Disable kube play tests on FreeBSD utils: Enable cgroup utils for FreeBSD pkg/rootless: Implement rootless.IsFdInherited on FreeBSD pkg/domain: Make checkExecPreserveFDs platform-specific libpod: Report network setup errors properly on FreeBSD pkg/trust: Take the default policy path from c/common/pkg/config libpod: Use O_CLOEXEC for descriptors returned by (*Container).openDirectory libpod: Add checks to avoid nil pointer dereference if network setup fails libpod: Track healthcheck API changes in healthcheck_unsupported.go Add a FreeBSD cross build to the cirrus alt build task pkg/rootless: Change error text ... Ed Santiago (59): Proof of concept: nightly dependency treadmill man pages: document some --format options: images Man pages: refactor common options: --time Man pages: refactor common options: --os-version system tests: health-on-failure: fix broken logic Man pages: refactor common options: --annotation (manifest) Man pages: refactor common options: --attach Man pages: Refactor common options: --detach-keys Man pages: refactor common options (misc) markdown-preprocess: almost complete OO rewrite markdown-preprocess: add generic include mechanism testimage: add iproute2 & socat, for pasta networking markdown-preprocess: cross-reference where opts are used logcollector: include aardvark-dns system tests: podman network create: use random port system tests: runlabel: use podman-under-test System tests: teardown: clean up volumes FIXME: Temporary workaround for ubi8 CI breakage Test runners: nuke podman from $PATH before tests man pages: assorted underscore fixes docs: offer advice on installing test dependencies buildah bud tests: better handling of remote Man pages: refactor common options: --security-opt CI: set and verify DESIRED_NETWORK (netavark, cni) Fix test flakes caused by improper podman-logs More log-flake work Formalize our compare-against-docker mechanism New tool, docs/version-check healthcheck system tests: try to fix flake Fix more podman-logs flakes e2e tests: fix restart race CI: Package versions: run in the 'main' step ssh system test: skip until it becomes a test CI setup: simplify environment passthrough code parse-localbenchmarks: separate standard deviation golangci-lint: remove three deprecated linters New system tests for conflicting options Build and use a newer systemd image System tests: fix unquoted question marks System tests: add missing cleanup Man page checker: require canonical name in SEE ALSO hack/bats: fix root/rootless logic hack/bats: add --remote option hack/bats: improve usage message e2e tests: stop using UBI images logformatter: refactor verbose line-print logformatter: nicer formatting for bats failures Network tests: ping redhat.com, not podman.io logformatter: include base SHA, with history link podman-play system test: refactor sig-proxy system test: bump timeout e2e tests: reenable long-skipped build test Cirrus: preserve podman-server logs Let's see if #14653 is fixed or not Emergency fix for RHEL8 gating tests make hack/markdown-preprocess parallel-safe events + container inspect test: RHEL fixes quadlet system tests: add useful defaults, logging Emergency fix for man pages: check for broken includes Erik Schnetter (1): Preprocess files in UTF-8 mode Erik Sjölund (7): rootless: fix return value handling [CI:DOCS] fix --tmpdir typos [CI:DOCS] troubleshooting: document keep-id options [CI:DOCS] Add performance tutorial [CI:DOCS] Fix spelling and typos Fix language. Mostly spelling a -> an Add missing return after errors Evan Lezar (3): Add validate-in-container target Bump golang version to 1.18 Address golangci-lint issues Fabian Holler (1): Match VT device paths to be blocked from mounting exactly Giuseppe Scrivano (22): rootless: add argument to GetConfiguredMappings rootless: support keep-id with one mapping runtime: add check for valid pod systemd cgroup libpod: treat ESRCH from /proc/PID/cgroup as ENOENT specgen: honor user namespace value vendor: update containers/common specgen: support CDI devices from containers.conf runtime: do not chown idmapped volumes libpod: use OCI idmappings for mounts doc: fix documentation for idmapped mounts rootless: define LIBEXECPODMAN rootless: add cli validator rootless: inhibit copy mapping for euid != 0 rootless: always create userns with euid != 0 libpod: fix race condition rm'ing stopping containers oci: terminate all container processes on cleanup linux: add /sys/fs/cgroup if /sys is a bind mount oci: check for valid PID before kill(pid, 0) podman: podman rm -f doesn't leave processes rootless: rename auth-scripts to preexec-hooks test: adapt test to work on cgroupv1 oci: bind mount /sys with --userns=(auto|pod:) Hironori Shiina (1): Skip test if `--events-backend` is necessary with podman-remote Ingo Becker (3): Fix manpage emphasis Fix swapped NetInput/-Output stats quadlet: Add device support for .volume files Jake Correnti (3): Fix `system df` issues with `-f` and `-v` Fixed `podman update --pids-limit` Add container error message to ContainerState Jake Torrance (2): Docker compat build api - make sure only one line appears per flush Make sure we can build and read each line of docker py's api client Jakob Ahrer (2): play kube: add support for configmap binaryData remove unmapped ports from inspect port bindings Jakob Tigerström (1): Change to correct break statements James Pace (1): Fix typos in man page regarding transient storage mode. Jason T. Greene (13): Add Windows Smoke Testing Use single unqualified search registry on Windows Allow manual override of install location Improve atomicity of VM state persistence on Windows Add support for Windows ARM64 Switch to C based msi hooks for win installer Update win-sshproxy to 0.5.0 gvisor tag Update Mac installer to use gvproxy v0.5.0 Introduce pkg retry logic in win installer task Reworks Windows smoke test to tunnel through interactive session. Fix usage of absolute windows paths with --image-path Fix default handling of pids-limit Fix package restore Jelle van der Waa (4): Remove leaveRunning from swagger restore endpoint Document ignoreVolumes in checkpoint/restore endpoint Document that ignoreRootFS depends on export/import Add missing parameters for checkpoint/restore endpoint Jesse Lang (2): Fix markdown header typo Clarify that MacOSX docs are client specific Joakim Nohlgård (1): Podman image: Set default_sysctls to empty for rootless containers Johan Van de Wauw (1): Fix small typo Jordan Christiansen (1): podman machine: Adjust Chrony makestep config Kirk Bater (1): Adds a link to OSX docs in CONTRIBUTING.md Klaus Frank (1): (fix) mount_program is in storage.options.overlay Kristian Klausen (1): volumes: Fix idmap not working for volumes Leonardo Rossetti (2): adding regex support to the ancestor ps filter function adding -dryrun flag Liang Chu-Xuan (1): Add comment for jsonMarshal command Lokesh Mandvekar (3): [CI:BUILD] copr: podman rpm should depend on containers-common-extra [CI:BUILD] copr: enable podman-restart.service on rpm installation bump golang.org/x/net to v0.8.0 Luís Henrique Faria (2): Fix typo on network docs update podman-network-create for clarity Martin Jackson (1): Change example target to default in doc Martin Roukala (né Peres) (4): Only prevent VTs to be mounted inside privileged systemd containers Make rootless privileged containers share the same tty devices as rootfull ones man: Document the interaction between --systemd and --privileged Do not mount /dev/tty into rootless containers Matej Vasek (2): fix: event read from syslog test: added test from wait endpoint with to long label Matthew Heon (8): Clean up when stopping pods Update main to reflect v4.3.0 release Ensure that StartAndAttach locks while sending signals Add release keys to README Add information on metrics to the `network create` docs Add support for startup healthchecks Fix a potential defer logic error around locking Set StoppedByUser earlier in the process of stopping Michael Vorburger ⛑️ (1): chore: Fix MD for Troubleshooting Guide link in GitHub Issue Template Mike Perry (1): Fixes: 15858 (podman system reset --force destroy machine) Mikhail Khachayants (2): Create full path to a directory when DirectoryOrCreate is used with play kube Fix deadlock between 'podman ps' and 'container inspect' commands Miloslav Trmač (5): Update c/image after containers/image#1299 Update tests for changed error messages Update c/storage after containers/storage#1436 Add (podman {image,manifest} push --sign-by-sigstore=param-file.yaml) Update to c/image 5.24.1 Mohan Boddu (2): Update the issue templates Set the latest release explicitly Nalin Dahyabhai (1): Always allow pushing from containers-storage Naoaki Ueda (1): Man pages: Add mention of behavior due to XDG_CONFIG_HOME Nathan Henrie (1): Resolve symlink path for qemu directory if possible Patrick Reader (1): Fix instructions about setting storage driver on command-line Paul Holzinger (48): docs: add missing options update api versions on docs.podman.io ginkgo testing: fix podman usernamespace join test/e2e: do not use apk in builds fix incorrect systemd booted check fix --format {{json .}} output to match docker docs: deprecate pasta network name shell completion: fix hard coded network drivers ginkgo: restructure install work flow ginkgo tests: apply ginkgolinter fixes test/tools: rebuild when files are changed compat API: allow MacAddress on container config network create: support "-o parent=XXX" for ipvlan disable healthchecks automatically on non systemd systems test/e2e: enable "podman run with ipam none driver" for nv remote: allow --http-proxy for remote clients podman-remote build add --volume support checkpoint restore: fix --ignore-static-ip/mac libpod: fix header length in http attach with logs libpod: remove CNI word were no longer applicable libpod: move NetNS into state db instead of extra bucket export: use io.Writer instead of file ginkgo tests: apply ginkgolinter fixes podman service: close duplicated /dev/null fd system df: improve json output code podman logs: journald fix --since and --follow journald: seek to time when --since is used journald: podman logs --until --follow exit after time k8s-file: podman logs --until --follow exit after time commit: use libimage code to parse changes update CI images to include pasta add testbindings Makefile target pasta: skip "Local forwarder, IPv4" test do not install swagger by default unskip network update test network create: do not allow `default` as name fix APIv2 python attach test flake journald: podman events only show events for current user journald: podman logs only show logs for current user podman-mac-helper: exit 1 on error system service --log-level=trace: support hijack fix "podman logs --since --follow" flake compat API: network create return 409 for duplicate netavark: only use aardvark ip as nameserver journald: remove initializeJournal() podman logs: read journald with passthrough journald logs: simplify entry parsing podman logs passthrough driver support --cgroups=split Piotr Resztak (1): vendor containers/psgo@v1.8.0 Prajwal S N (1): deps: bump go-criu to v6 Radostin Stoyanov (3): test: Add tests for checkpoint images Enable 'podman run' for checkpoint images test: podman run with checkpoint image Romain Geissler (1): [docker compat] Don't overwrite the NetworkMode if containers.conf overrides netns. SamirPS (1): Fix: List container with volume filter Sorin Sbarnea (1): Make qemu security model none Stefano Brivio (6): libpod: Add pasta networking mode test/system: Use port_is_free() from wait_for_port() test/system: Use procfs to find bound ports, with optional address and protocol test/system: Move network-related helpers to helpers.network.bash test/system: Add tests for pasta(1) connectivity test/system: Add, use tcp_port_probe() to check for listeners rather than binds Stéphane Bidoul (1): Add openssh-clients to podmanimage Toshiki Sonoda (13): system tests: fix a system test in proxy environment remote: fix manifest add --annotation Removing the RawInput from the API output Add support for podman-remote manifest annotate e2e: fix e2e tests in proxy environment e2e: keeps the http_proxy value e2e: fix containers_conf_test e2e: fix run_volume_test e2e: fix play_kube_test e2e: fix systemd_activate_test e2e: use isRootless() instead of rootless.IsRootless() e2e: update test/README.md system tests: fix volume exec/noexec test Trevor Benson (1): make example volume import, not import volume Tsubasa Watanabe (1): Modify man page of "--pids-limit" option to correct a default value. Urvashi Mohnani (4): Set up minikube for k8s testing Add podman kube apply command Cleanup kube play workloads if error happens Set runAsNonRoot=true in gen kube Vadym-Valdis Yudaiev (1): make: Use PYTHON var for .install.pre-commit Valentin Rothberg (71): health checks: make on-failure action retry aware healthcheck: fix --on-failure=stop play kube: notifyproxy: listen before starting the pod KillContainer: improve error message vendor containers/storage@main hack/tree_status.sh: print diff at the end generate systemd: set --stop-timeout for stopping containers kill: wait for the container bump golangci-lint to v1.49.0 system df: fix image-size calculations move quadlet packages into pkg/systemd use cached containers.conf fix search flake docs: kube play: mention restart policy docs: generate systemd: point to kube template container/pod id file: truncate instead of throwing an error notifyproxy: fix container watcher sig-proxy test: bump timeout hack/podmansnoop remove container/pod id file along with container/pod contrib/cirrus/check_go_changes.sh: ignore test/tools/vendor test/tools: bump module to go 1.17 podman cp: fix copying with "." suffix remove pod if creation has failed container restart: clean up healthcheck state container create: add inspect data to event hack/podmansnoop: print arguments OWNERS: add Jason T. Greene notify k8s system test: move sending message into exec kube sdnotify: run proxies for the lifespan of the service [CI:DOCS] test/README.md: run tests with podman-remote health check: ignore dependencies of transient systemd units/timers create/pull --help: list pull policies [CI:DOCS] podman-mount: s/umount/unmount/ bump golangci-lint to v1.50.1 wait: add --ignore option podman-kube@ template: use `podman kube` pkg/domain/infra/abi: add `getContainers` pkg/domain/infra/abi: introduce `type containerWrapper` infra/abi: refactor ContainerRm events: support "die" filter fix `podman system connection - tcp` flake kube play: fix the error logic with --quiet remove service container _after_ pods cobra: move engine shutdown to Execute service container: less verbose error logs kube play: complete container spec fix flake in kube system test add a comment to container removal container kill: handle stopped/exited container fix bud-multiple-platform-with-base-as-default-arg flake waitPidStop: simplify code StopContainer: small refactor StopSignal: add a comment StopContainer: return if cleanup process changed state waitPidStop: reduce sleep time to 10ms ps: do not create copy of container config add hack/perf for comparing two container engines ps: get network data in batch mode ps: query health check in batch mode ps: do not sync container DB: make loading container states optional podman-events: document verbose create events Quadlet: exit 0 when there are no files to process events: document journald identifiers kube play: do not teardown unconditionally on error install sigproxy before start/attach kube play: only enforce passthrough in Quadlet [v4.4] fix --health-on-failure=restart in transient unit vendor github.com/containers/common@v0.51.1 compat: /auth: parse server address correctly Veronika Fuxova (1): Add restart-sec for container service files Ygal Blum (25): play kube: Allow the user to import the contents of a tar file into a volume kube play: update the handling of PersistentVolumeClaim E2E Tests: change the registry for the search test to avoid authentication Quadlet: Add support for .kube files Kube Play: fix the handling of the optional field of SecretVolumeSource Quadlet Kube: Set SyslogIdentifier if was not set Quadlet Kube: Add support for relative path for YAML file Quadlet Kube: Add support for userns flag Update containers common package Network Create: Add --ignore flag to support idempotent script Quadlet: add network support Quadlet Doc: Add section for .kube files System test: quadlet kube basic test Test README - point users to hack/bats System Test Quadlet - Volume dependency test did not test the dependency Quadlet Network - Fix the name of the required network service Kube Play: use passthrough as the default log-driver if service-container is set Quadlet Container: Add support for EnvironmentFile and EnvironmentHost System tests: quadlet network test Kube Play - allow setting and overriding published host ports Quadlet: Add support for ConfigMap key in Kube section E2E Test: Play Kube set deadline to connection to avoid hangs Quadlet Kube - add support for PublishPort key E2E Tests: Use inspect instead of actual data to avoid UDP flake Quadlet - use the default runtime danishprakash (1): kube-play: add support for HostPID in podSpec dependabot[bot] (27): build(deps): bump github.com/containers/ocicrypt from 1.1.5 to 1.1.6 build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 build(deps): bump golang.org/x/text from 0.3.7 to 0.3.8 build(deps): bump github.com/spf13/cobra from 1.5.0 to 1.6.0 build(deps): bump github.com/fsnotify/fsnotify from 1.5.4 to 1.6.0 build(deps): bump github.com/docker/docker build(deps): bump github.com/docker/docker build(deps): bump golang.org/x/text from 0.3.8 to 0.4.0 build(deps): bump github.com/BurntSushi/toml from 1.2.0 to 1.2.1 build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 build(deps): bump golang.org/x/tools from 0.1.12 to 0.2.0 in /test/tools Bump github.com/container-orchestrated-devices/container-device-interface Bump golang.org/x/sys from 0.1.0 to 0.2.0 Bump golang.org/x/term from 0.1.0 to 0.2.0 Bump github.com/coreos/go-systemd/v22 from 22.4.0 to 22.5.0 Bump golang.org/x/tools from 0.1.12 to 0.3.0 in /test/tools build(deps): bump github.com/rootless-containers/rootlesskit build(deps): bump golang.org/x/tools from 0.3.0 to 0.4.0 in /test/tools build(deps): bump golang.org/x/term from 0.2.0 to 0.3.0 build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 build(deps): bump github.com/ulikunitz/xz from 0.5.10 to 0.5.11 build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.24.2 build(deps): bump github.com/docker/docker Bump golang.org/x/tools from 0.4.0 to 0.5.0 in /test/tools build(deps): bump github.com/containernetworking/plugins build(deps): bump github.com/docker/docker build(deps): bump github.com/onsi/gomega from 1.25.0 to 1.26.0 gupttaru (1): Adding encryption decryption feature karta0807913 (4): fix an overriding logic and load config problem add friendly comment Fix test podman play kube support container startup probe nabbisen (1): fix #17244: use /etc/timezone where `timedatectl` is missing on Linux shblue21 (1): fix: running check error when podman is default in wsl shuai.yang (1): support podman-remote to connect tcpURL with proxy telday (1): Fixes port collision issue on use of --publish-all tomsweeneyredhat (2): [v4.4] Bump to Buildah v1.29.0 Clean up more language for inclusiveness yaozhenxiu (1): Remove unused script file

mtrmac force-pushed the lockfile-modified branch from cc9ef9a to 82f21a9 Compare November 21, 2022 22:20

mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

63eda71

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/libpod that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

7eb2e46

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac force-pushed the lockfile-modified branch from 82f21a9 to 60b455d Compare November 21, 2022 22:56

mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

d8e6c98

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/libpod that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

5857ec2

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac linked an issue Nov 21, 2022 that may be closed by this pull request

lockfile.Modified() is designed incorrectly #1420

Closed

mtrmac added a commit to mtrmac/libpod that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

d1d1db3

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

e42f8ef

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

f5b67df

[NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/libpod that referenced this pull request Nov 21, 2022

DO NOT MERGE: Testing containers/storage#1436

7425816

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/buildah that referenced this pull request Nov 22, 2022

DO NOT MERGE: Testing containers/storage#1436

7c07a2f

[NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/libpod that referenced this pull request Nov 22, 2022

DO NOT MERGE: Testing containers/storage#1436

509afd7

Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac mentioned this pull request Nov 22, 2022

Document and improve store locking #1438

Merged

mtrmac marked this pull request as ready for review November 22, 2022 20:38

rhatdan approved these changes Nov 22, 2022

View reviewed changes

rhatdan reviewed Nov 22, 2022

View reviewed changes

mtrmac mentioned this pull request Nov 22, 2022

In-process exclusion of readers and writers #1346

Merged

mtrmac force-pushed the lockfile-modified branch from 60b455d to 07b3e71 Compare November 22, 2022 21:18

mtrmac added 6 commits November 29, 2022 18:12

Document the locking rules for fields of *LockFile

41d128a

This actually relaxes some of the rules, contrary to previous documentation, but some of those relaxed rules were already assumed. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Fix layerStore.saveLayers

d24b8c5

- Don't exit after saving only one of the locations - Only touch the lock once if saving both of the locations Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Factor out layerStore.reloadMountsIfChanged

f1c6fb0

... so that we don't need to update 4 separate copies. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

Convert all c/storage users of Locker to *lockfile.LockFile

b74fdf4

This will allow us to benefit from new features. Should not change behavior. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added 3 commits November 29, 2022 18:12

mtrmac force-pushed the lockfile-modified branch from 14e0a9b to 55d11a0 Compare November 29, 2022 17:13

vrothberg reviewed Dec 1, 2022

View reviewed changes

vrothberg merged commit c5a80ad into containers:main Dec 1, 2022

mtrmac deleted the lockfile-modified branch December 1, 2022 14:29

mtrmac added a commit to mtrmac/buildah that referenced this pull request Dec 1, 2022

Update c/storage after containers/storage#1436

a1698cd

... and update to remove the now-deprecated Locker interface. [NO NEW TESTS NEEDED] Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/libpod that referenced this pull request Dec 1, 2022

Update c/storage after containers/storage#1436

8eced32

... and update to remove the now-deprecated Locker interface. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

mtrmac added a commit to mtrmac/libpod that referenced this pull request Dec 1, 2022

Update c/storage after containers/storage#1436

c83efd0

... and update to remove the now-deprecated Locker interface. Signed-off-by: Miloslav Trmač <mitr@redhat.com>

openshift-merge-robot added a commit to containers/buildah that referenced this pull request Dec 3, 2022

Merge pull request #4430 from mtrmac/modified-test

a27bd0b

Update c/storage after containers/storage#1436

openshift-merge-robot added a commit to containers/podman that referenced this pull request Dec 5, 2022

Merge pull request #16581 from mtrmac/modified-test

c942f77

Update c/storage after containers/storage#1436

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Replace Locker.Modified with a more correct change tracking #1436

Replace Locker.Modified with a more correct change tracking #1436

mtrmac commented Nov 21, 2022 •

edited

mtrmac commented Nov 21, 2022

mtrmac commented Nov 22, 2022

rhatdan Nov 22, 2022

mtrmac Nov 22, 2022

rhatdan commented Nov 22, 2022

rhatdan commented Nov 28, 2022

rhatdan commented Nov 28, 2022

vrothberg left a comment

		return r.load(lockedForWriting)
		} else if r.lockfile.IsReadWrite() {

Replace Locker.Modified with a more correct change tracking #1436

Replace Locker.Modified with a more correct change tracking #1436

Conversation

mtrmac commented Nov 21, 2022 • edited

mtrmac commented Nov 21, 2022

mtrmac commented Nov 22, 2022

rhatdan Nov 22, 2022

Choose a reason for hiding this comment

mtrmac Nov 22, 2022

Choose a reason for hiding this comment

rhatdan commented Nov 22, 2022

rhatdan commented Nov 28, 2022

rhatdan commented Nov 28, 2022

vrothberg left a comment

Choose a reason for hiding this comment

mtrmac commented Nov 21, 2022 •

edited