Expect UncompressedDigest to be set for partial pulls, enforce DiffID match #2613
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Oct 30, 2024
Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Oct 30, 2024
Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Oct 30, 2024
Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
commented
Oct 31, 2024
mtrmac
force-pushed
the
wip-authentic
branch
from
090e94d to
b859a03
Compare
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 18, 2024
Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 18, 2024
Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 18, 2024
Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
force-pushed
the
wip-authentic
branch
3 times, most recently
from
e46c8d0 to
eb0db7b
Compare
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 25, 2024
> go mod edit -replace github.com/containers/image/v5=github.com/mtrmac/image/v5@wip-authentic Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
force-pushed
the
wip-authentic
branch
4 times, most recently
from
95cdcf3 to
57b0637
Compare
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 26, 2024
> go mod edit -replace github.com/containers/image/v5=github.com/mtrmac/image/v5@wip-authentic Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
force-pushed
the
wip-authentic
branch
3 times, most recently
from
137b760 to
4fb4df8
Compare
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 28, 2024
> go mod edit -replace github.com/containers/image/v5=github.com/mtrmac/image/v5@wip-authentic Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Nov 29, 2024
> go mod edit -replace github.com/containers/image/v5=github.com/mtrmac/image/v5@wip-authentic Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
force-pushed
the
wip-authentic
branch
from
4fb4df8 to
7987093
Compare
Collaborator
Author
|
@giuseppe RFC. I still need to address / review some corner cases, but I think the broad outline is settled now, and Podman tests are passing. |
mtrmac
force-pushed
the
wip-authentic
branch
2 times, most recently
from
d7fdde4 to
c1036a6
Compare
mtrmac
force-pushed
the
wip-authentic
branch
from
c1036a6 to
290bc1e
Compare
Collaborator
Author
|
@giuseppe PTAL for an early review. This is mostly untested, but it should be feature-complete and comprehensive. Contrary to the original plan for containers/container-libs#110 , this minimizes the impact on |
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Jan 21, 2025
> go mod edit -replace github.com/containers/image/v5=github.com/mtrmac/image/v5@wip-authentic Signed-off-by: Miloslav Trmač <[email protected]>
Member
|
LGTM |
Member
|
Great work @mtrmac ! |
reused.Digest is not always blobDigest, it might be uncompressedDigest; but we must have a blobDiffIDs entry for reused.Digest. Signed-off-by: Miloslav Trmač <[email protected]>
Signed-off-by: Miloslav Trmač <[email protected]>
Signed-off-by: Miloslav Trmač <[email protected]>
... because we will start enforcing that the DiffID values match. Signed-off-by: Miloslav Trmač <[email protected]>
We will use the trustedLayerIdentityData for other purposes in the caller as well. Should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
Keep the commit queuing logic together, this is more of an implementation detail of commitLayer. Only moves unchanged code, should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
It's fairly isolated from the rest of the function, and if split, it can have unit tests. Those tests are valuable to ensure that layer IDs continue to behave the expected way and maximize layer reuse (although we are not making an API commitment to layer ID values). Should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
Should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
... to simplify some of the repetitive logging code. Should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
untrustedLayerDiffID currently specializes the "not available yet" case; also specialize the "image does not provide this at all" case, which we will need to handle. Should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
Two different locations in the function need the data, and the caller must have it available; so always passing it in simplifies the implementation and removes an impossible error path. This might hypothetically make layer reuse a bit worse, if we happened to learn something for trustedLayerIdentityData from processing other layers of the same image, but reusing the same layer twice within an image should be rare. Signed-off-by: Miloslav Trmač <[email protected]>
…ema1 images Should not change behavior; we call GetTOCDigest in copy.imageCopier.copyLayer before reaching PutBlobPartial, so the new error path should not be reachable. Signed-off-by: Miloslav Trmač <[email protected]>
…ID values If a layer has a TOC, require that it must have a DiffID commitment, or refuse to pull it partially. Layers without a TOC continue to be allowed to use the partial pull code path, and we don't even require config's RootFS.DiffID to be present. Signed-off-by: Miloslav Trmač <[email protected]>
Remove some completely redundant comments to shorten the code, clarify where appropriate. Should not change behavior. Signed-off-by: Miloslav Trmač <[email protected]>
- If a layer has a TOC digest (i.e. could possibly be pulled partially), and c/storage has computed the uncompressed digest, require that the config's RootFS.DiffIDs exists and matches. This fixes the "view ambiguity" of partially-pulled layers. - For _all_ layers, if RootFS.DiffIDs exists and we know the layer's uncompressed digest, also require the RootFS.DiffIDs value to match. This might be a compatibility break, but Docker requires these values anyway. - We happen to allow setting DiffIDs to empty values, if the layer does not have a TOC digest (so there is no risk of "view ambiguity"). Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Jan 21, 2025
This resolves the "signing ambiguity" by requiring that images must have a DiffID entry, and it must match, in partial pulls. Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Jan 22, 2025
This resolves the "signing ambiguity" by requiring that images must have a DiffID entry, and it must match, in partial pulls. Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Jan 22, 2025
This resolves the "signing ambiguity" by requiring that images must have a DiffID entry, and it must match, in partial pulls. Signed-off-by: Miloslav Trmač <[email protected]>
mtrmac
added a commit
to mtrmac/libpod
that referenced
this pull request
Jan 22, 2025
This resolves the "signing ambiguity" by requiring that images must have a DiffID entry, and it must match, in partial pulls. Signed-off-by: Miloslav Trmač <[email protected]>
clrpackages
pushed a commit
to clearlinux-pkgs/podman
that referenced
this pull request
Mar 13, 2025
Ahmed Moalla (2):
add support to `;` for comments in unit files as per systemd documentation
Fix unescaping octal escape sequence in values of Quadlet unit files
Andrew Sayers (1):
Fix podman-restart.service when there are no containers
Arthur Sengileyev (3):
Fix compilation issues in QEMU machine files (Windows platform)
Cover Unix socket in inpect test on Windows platform
Improve platform specific URL handling in `podman compose` for machines
Ashley Cui (1):
Add BuildOrigin field to podman info
Brent Baude (11):
Add man pages to Mac installer
Add newer c/i to support artifacts
podman artifact
error with libkrun on intel-based machines
Remove usused Kind() function
Remove unnecessary error handling
Prevent two podman machines running on darwin
Move detection of libkrun and intel
Add type and annotations to artifact add
Add --no-trunc to artifact ls
Add --noheading to artifact ls
Christoph Reiter (1):
bin/docker: fix broken escaping and variable substitution
Christophe Fergeau (2):
gvproxy: Use 0.8.1 binary
vfkit: Use 0.6.0 binary
Daniel J Walsh (8):
AdditionalSupport for SubPath volume mounts
When generating host volumes for k8s, force to lowercase
Kube volumes can not container _
Document .build for Image .container option
Add --no-hostname option
Switch all calls of assert.Nil to assert.NoError
Replace instances of PodmanExitCleanly in play_kube_test.go
Add podman manifest rm --ignore
Ed Santiago (11):
test f41 VMs
Revert "cirrus: test only on f40/rawhide"
Reapply "CI: test nftables driver on fedora"
kube SIGINT system test: fix race in timeout handling
Yet another bump, f41 with fixed kernel
Revert "Reapply "CI: test nftables driver on fedora""
Buildah treadmill tweaks
system tests: safer install_kube_template()
CI: system tests: parallelize 010
Bump CI VMs
CI: --image-volume test: robustify
Eduardo Santiago (1):
make remotesystem: fail early if serial tests fail
Erik Sjölund (2):
specgenutil: Fix parsing of mount option ptmxmode
docs: Add quadlet debug method systemd-analyze
Evstifeev Roman (1):
docs: mount.md - idmapped mounts only work for root user
Federico Di Pierro (1):
fix(pkg/rootless): avoid memleak during init() contructor.
Florian Apolloner (1):
Set network ID if available during container inspect
Gavin Lam (2):
Add nohosts option to /build and /libpod/build
Add --hosts-file flag to container and pod commands
George Joseph (1):
Pass container hostname to netavark
Giuseppe Scrivano (13):
test: add zstd:chunked system tests
spec: clamp rlimits in a userns
vendor: bump containers/buildah
libpod: pass down NoPivotRoot to Buildah
spec: clamp rlimits without CAP_SYS_RESOURCE
stats: ignore errors from containers without cgroups
systemd: simplify parser and fix infinite loop
test: enable newly added test
specgen: fix comment
namespaces: allow configuring keep-id userns size
util: replace Walk with WalkDir
pkg/api: honor cdi devices from the hostconfig
rootless: fix hang on s390x
Graceson Aufderheide (1):
fix podman machine init --ignition-path
Gunjan Vyas (4):
build: update gvisor-tap-vsock to 0.8.0
gvproxy: Disable port-forwarding on WSL
winmake.ps1: Fix the syntax of the function call Win-SSHProxy
wsl-e2e: Add a test to ensure port 2222 is free with usermode networking
H Dub (2):
docs: Enhance podman build --secret documentation and add examples
Makefile: Add validatepr description for 'make help' output
Jake Correnti (1):
Add `machine init --playbook`
James Hewitt (2):
Add a test for forcing compression and v2s2 format
Switch to fixed common
Jan Rodák (5):
Configure HealthCheck with `podman update`
Fix overwriting of LinuxResources structure in the database
Fix device limitations in podman-remote update on remote systems
Clean up after unexpectedly terminated build
Bump FreeBSD version to 13.4
Jindrich Novy (2):
Package podman-machine on supported architectures only.
Replace ExclusiveArch with ifarch
Kashiwa (1):
refactor: simplify LinuxNS type definition and String method
Leo Liu (2):
Update description for completion
Remove `.exe` suffix if any
Lokesh Mandvekar (9):
[CI:ALL] Bump main to v5.4.0-dev
[skip-ci] Packit: remove epel and re-enable c9s
[skip-ci] Packit/copr: switch to fedora-all
system-tests: switch ls with getfattr for selinux tests
RPM: adjust qemu dependencies
RPM: include empty check to silence rpmlint
RPM: cleanup macro defs
RPM: set buildOrigin in LDFLAG
Update rpm/podman.spec
Mario Loriedo (17):
Exclude symlink from pre-commit end-of-file-fixer
Avoid printing PR text to stdout in system test
Update codespell to v2.3.0
New `system connection add` tests
Switch to non-installing WSL by default
Windows: don't install WSL/HyperV on update
Update windows installer tests
Fix `podman info` with multiple imagestores
Bump WiX toolset version to 5.0.2
Add win installer patch
Avoid rebooting on Windows when upgrading and WSL isn't installed
Avoid rebooting twice when installing WSL
Revert "win-installer test: revert to v5.3.0"
Stop creating a patch for v5.3.1 upgrades on windows
Avoid upgrading from v5.3.1 on Windows
Safer use of `filepath.EvalSymlinks()` on Windows
Force use of iptables on Windows WSL
Matt Heon (16):
Add subpath support to volumes in `--mount` option
Update release notes on main for v5.3.0
Overlay mounts supersede image volumes & volumes-from
Revert "libpod: remove shutdown.Unregister()"
Remove JSON tag from UseImageHosts in ContainerConfig
Bump to v5.4.0-rc1
Bump to v5.4.0-dev
Bump to v5.4.0-rc2
Bump to v5.4.0-dev
Update release notes for v5.4.0-rc3
Bump to v5.4.0-rc3
Bump to v5.4.0-dev
Set Cirrus DEST_BRANCH appropriately to fix CI
In SQLite state, use defaults for empty-string checks
Update release notes for v5.4.0 final
Bump to v5.4.0
Matthew Heon (2):
Mount volumes before copying into a container
Update release notes for v5.4.0-rc2
Maël Azimi (1):
doc: fix words repetitions
Michael Zimmermann (5):
vendor: update containers/common
add support for driver-specific options during container creation
vendor: update containers/common
docs: document bridge mode option
docs: improve documentation for internal networks
Miloslav Trmač (17):
Fix apparent typos in zstd:chunked tests
Sanity-check that the test is really using partial pulls
Clarify the reason for skip_if_remote
Introduce PodmanTestIntegration.PodmanExitCleanly
Use PodmanExitCleanly in attach_test.go
Turn PodmanAsUserBase into PodmanExecBaseWithOptions
Pass all of PodmanExecOptions to various [mM]akeOptions functions
Inline PodmanBase into callers
Restructure use of options
Introduce PodmanTestIntegration.PodmanWithOptions
Eliminate PodmanExtraFiles
Update expected errors when pulling encrypted images
Update c/image after containers/image#2613
Revert "Use the config digest to compare images loaded/pulled using different methods"
Fix image ID query
Eliminate PodmanSystemdScope
Define, and use, PodmanExitCleanlyWithOptions
Misaki Kasumi (1):
quadlet: fix inter-dependency of containers in `Network=`
Nalin Dahyabhai (2):
Fix panic in `manifest annotate --index`
manifest annotate: connect IndexAnnotations
Nicola Sella (1):
Use latest version of VS BuildTools
Odilon Sousa (1):
Add support to ShmSize in Pods with Quadlet
Paul Holzinger (41):
volume ls: fix race that caused it to fail
vendor latest c/{buildah,common,image,storage}
test/system: add regression test for TZDIR local issue
test/buildah-bud: build new inet helper
pkg/machine/e2e: remove dead code
update golangci-lint to v1.62.0
vendor containers projects to tagged versions
test/e2e: remove FIPS test
connection: ignore errors when parsing ssh_config
ssh_config: do not overwrite values from config file
ssh_config: allow IdentityFile file with tilde
only read ssh_config for non machine connections
libpod: addHosts() prevent nil deref
docs: add 5.3 as Reference version
win-installer test: revert to v5.3.0
OWNERS: remove edsantiago
Update VM images
test/e2e: remove outdated SkipOnOSVersion() calls
test/e2e: SkipOnOSVersion() add reason field
shell completion: respect CONTAINERS_REGISTRIES_CONF
test/system: remove system dial-stdio test
test/system: CopyDirectory() do not chown files
test/system: fix "podman play --build private registry" error
vendor latest c/common from main
update golangci/golangci-lint to v1.63.4
New VM Images
pkg/machine/e2e: improve "list machine from all providers"
pkg/machine/e2e: improve podman.exe match
cirrus: bump macos machine test timeout
vendor latest c/{common,image,storage}
do not set the CreateCommand for API users
vendor latest c/{buildah,common,image,storage}
test/buildah-bud: skip two new problematic tests on remote
libpod: remove unused ExecStartAndAttach()
podman exec: correctly support detaching
update gvproxy version
rpm: add attr as dependency for podman-tests
test/e2e: improve write/removeConf()
artifact: only allow single manifest
Makefile: escape BUILD_ORIGIN properly
docs: add v5.4 to API reference
Riccardo Paolo Bestetti (1):
docs: add 'initialized' state to status filters
Robert Günzler (2):
Add kube play support for CDI resource allocation
Document kube-play CDI support
SEIAROTg (1):
Fixes missing binary in systemd.
Sainath Sativar (1):
Log network creation and removal events in Podman
Sergio Lopez (1):
Bump bundled krunkit to 0.1.4
Simon Westersund (1):
Fix slirp4netns typo in podman-network.1.md
Tigran Sogomonian (4):
api: Replace close function in condition body
api: Add error check
api: Error checking before NULL dereference
api: replace inspectID with name
Valentin Rothberg (1):
compose docs: fix typo
Valery Masiutsin (1):
Fixing ~/.ssh/identity handling
Warren Young (1):
Avoid indirect links through quadlet(5)
Ygal Blum (2):
Quadlet - Use = sign when setting the pull arg for build
Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless
jmozmoz (1):
Add hint to restart Podman machine to really accept new certificates
ksw2000 (2):
refact: EventerType and improve consistency
refact: use uptime.minutes instead of uptime.seconds
renovate[bot] (51):
fix(deps): update module golang.org/x/crypto to v0.29.0
fix(deps): update module golang.org/x/tools to v0.27.0
fix(deps): update module golang.org/x/net to v0.31.0
chore(deps): update dependency setuptools to ~=75.4.0
fix(deps): update module github.com/moby/sys/capability to v0.4.0
chore(deps): update dependency setuptools to ~=75.5.0
fix(deps): update module google.golang.org/protobuf to v1.35.2
fix(deps): update module github.com/opencontainers/runc to v1.2.2
fix(deps): update github.com/containers/buildah digest to 52437ef
chore(deps): update dependency setuptools to ~=75.6.0
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0
fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0
fix(deps): update module github.com/stretchr/testify to v1.10.0
fix(deps): update github.com/containers/common digest to ceceb40
fix(deps): update module github.com/onsi/gomega to v1.36.0
chore(deps): update dependency golangci/golangci-lint to v1.62.2
fix(deps): update module github.com/crc-org/vfkit to v0.6.0
fix(deps): update github.com/godbus/dbus/v5 digest to c266b19
fix(deps): update golang.org/x/exp digest to 2d47ceb
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11
fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1
fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563
fix(deps): update module golang.org/x/sys to v0.28.0
fix(deps): update module golang.org/x/crypto to v0.30.0
fix(deps): update module golang.org/x/tools to v0.28.0
fix(deps): update module golang.org/x/net to v0.32.0
fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5
fix(deps): update module github.com/docker/docker to v27.4.0+incompatible
fix(deps): update module github.com/onsi/gomega to v1.36.1
fix(deps): update module github.com/opencontainers/runc to v1.2.3
fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0
fix(deps): update module golang.org/x/crypto to v0.31.0 [security]
fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6
fix(deps): update module github.com/docker/docker to v27.4.1+incompatible
fix(deps): update module golang.org/x/net to v0.33.0 [security]
chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1
fix(deps): update module github.com/moby/term to v0.5.2
fix(deps): update module github.com/onsi/gomega to v1.36.2
fix(deps): update module github.com/opencontainers/runc to v1.2.4
fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12
chore(deps): update dependency setuptools to ~=75.7.0
fix(deps): update module google.golang.org/protobuf to v1.36.2
fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1
fix(deps): update module golang.org/x/net to v0.34.0
fix(deps): update module golang.org/x/tools to v0.29.0
chore(deps): update dependency setuptools to ~=75.8.0
fix(deps): update module google.golang.org/protobuf to v1.36.3
fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2
fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2
chore(deps): update dependency pytest to v8.3.4
tomsweeneyredhat (2):
[v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0
[v5.4] Bump Buildah to v1.39.0
github-actions bot
pushed a commit
to cyber-zoo/meta-virtualization
that referenced
this pull request
Mar 24, 2025
Bumping libpod to version v5.4.1-10-g227df90eb7, which comprises the following commits:
33b4b301fc RPM: Add riscv64 to ExclusiveArch-es
64e2b91ab4 Fix HealthCheck log destination, count, and size defaults
bef77d74d7 Win installer test: hardcode latest GH release ID
88a3bfbde2 Packit: Fix action script for fetching upstream commit
405c55b4a4 Bump to v5.4.2-dev
b79bc8afe7 Bump to v5.4.1
01a55d9d5c update gvproxy version to 0.8.4
0f20d21240 Update Buildah to v1.39.2
bdcede792f Update release notes for v5.4.1
3e6e003173 Fix reporting summed image size for compat endpoint
090dbc4cee podman-import only supports gz and tar
5327df1921 quadlet kube: correctly mark unit as failed
bc37e935ba pkg/domain/infra/abi/play.go: fix two nilness issues
02e8a59774 kube play: don't print start errors twice
cd8582d4f0 libpod: race in WaitForConditionWithInterval()
ab7c54b4cf libpod: race in WaitForExit() with autoremove
180d55165d Don't try to resolve host path if copying to container from stdin.
b716aa17e2 Use svg for pkginstaller banner
bff9da4e3a Create quota before _data dir for volumes
a15623d12f Packit: clarify secondary status in CI
118aa9ef94 Packit/RPM: Display upstream commit SHA in all rpm builds
fea21e9bc0 podman run: fix --pids-limit -1 wrt runc
07d7101429 vendor: update github.com/go-jose/go-jose/v3 to v3.0.4
599a0b71a6 chore(deps): update module github.com/go-jose/go-jose/v4 to v4.0.5 [security]
b8b0639e7c wire up --retry-delay for artifact pull
5671cfe3ab Revert "silence false positve from golangci-lint"
2d18a7cc47 update golangci-lint to v1.64.4
0b31c710ce update golangci-lint to v1.64.2
fc63a340f3 silence false positve from golangci-lint
e50898e1f7 cmd/podman: refactor Context handling
11ef179de2 fix new usetesting lint issue
f5d96a5959 Packit/Copr: Fix `podman version` in rpm
fd5eb1fdf3 Remove persist directory when cleaning up Conmon files
223f827213 Bump to v5.4.1-dev
f9f7d48b24 Bump to v5.4.0
246011458c Update release notes for v5.4.0 final
3d344ffd26 In SQLite state, use defaults for empty-string checks
2612e3c233 Bump FreeBSD version to 13.4
3d917a395c docs: add v5.4 to API reference
13ebc5860c Update rpm/podman.spec
f34d6c76db RPM: set buildOrigin in LDFLAG
6218d42ed6 RPM: cleanup macro defs
18249e10c1 Makefile: escape BUILD_ORIGIN properly
d280feb96c rootless: fix hang on s390x
fa263d2cc9 Set Cirrus DEST_BRANCH appropriately to fix CI
0f01f00f03 Bump to v5.4.0-dev
ad54787bf0 Bump to v5.4.0-rc3
6c78bad0dd Update release notes for v5.4.0-rc3
02eac2979c Add BuildOrigin field to podman info
141eae99b8 artifact: only allow single manifest
d5989990d5 test/e2e: improve write/removeConf()
522f9de9e3 Add --noheading to artifact ls
9e83191c8f Add --no-trunc to artifact ls
4cd76ef27b Add type and annotations to artifact add
bc8124fd62 pkg/api: honor cdi devices from the hostconfig
57b9709b69 util: replace Walk with WalkDir
bc5de3dfc7 fix(pkg/rootless): avoid memleak during init() contructor.
8ee7b117b6 Add `machine init --playbook`
5feb81d9ff RPM: include empty check to silence rpmlint
48459db076 RPM: adjust qemu dependencies
9b67d4c285 Force use of iptables on Windows WSL
cadf081554 rpm: add attr as dependency for podman-tests
d4f5817862 update gvproxy version
fe02e390af [v5.4] Bump Buildah to v1.39.0
9e2e7f2a77 podman exec: correctly support detaching
e24ccdd27b libpod: remove unused ExecStartAndAttach()
25674e05cd [v5.4] Bump c/storage to v1.57.1, c/image v5.34.0, c/common v0.62.0
5f6adf4d80 Move detection of libkrun and intel
599da8c50b Prevent two podman machines running on darwin
03b100563e Remove unnecessary error handling
bba28688f7 Remove usused Kind() function
d475b48766 Bump to v5.4.0-dev
14f6a69dd3 Bump to v5.4.0-rc2
d52277db75 Update release notes for v5.4.0-rc2
fa0e8f0582 Safer use of `filepath.EvalSymlinks()` on Windows
1c111eead7 error with libkrun on intel-based machines
14cd6ff1d2 chore(deps): update dependency pytest to v8.3.4
97323a691a test/buildah-bud: skip two new problematic tests on remote
527a51dcc4 Fix podman-restart.service when there are no containers
3aa09dd521 Avoid upgrading from v5.3.1 on Windows
81eb84fdaa Clean up after unexpectedly terminated build
06c103469d system-tests: switch ls with getfattr for selinux tests
141bd613b8 vendor latest c/{buildah,common,image,storage}
bbf00ec6bf Makefile: Add validatepr description for 'make help' output
0d2431dca2 docs: Enhance podman build --secret documentation and add examples
016f41ab49 docs: mount.md - idmapped mounts only work for root user
4bdb947d72 Define, and use, PodmanExitCleanlyWithOptions
df9e8c3ce6 Eliminate PodmanSystemdScope
7c40e85968 Fix image ID query
11ee6c4f90 Revert "Use the config digest to compare images loaded/pulled using different methods"
6639c20278 Update c/image after containers/image#2613
f20d9bd637 Update expected errors when pulling encrypted images
9363c8c362 Eliminate PodmanExtraFiles
44c5767460 Introduce PodmanTestIntegration.PodmanWithOptions
ce1b4f72a7 Restructure use of options
d509bb0823 Inline PodmanBase into callers
f17590b2bd Pass all of PodmanExecOptions to various [mM]akeOptions functions
f2d552f5db Turn PodmanAsUserBase into PodmanExecBaseWithOptions
51d599bce3 Avoid indirect links through quadlet(5)
5522def65a do not set the CreateCommand for API users
5181becfde Add podman manifest rm --ignore
f911d39457 Bump to v5.4.0-dev
1b3528df8d Bump to v5.4.0-rc1
6c81dc4f42 fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.2
d7553fabc7 podman artifact
b6f1364319 vendor latest c/{common,image,storage}
cfac38a0f2 fix(deps): update module github.com/rootless-containers/rootlesskit/v2 to v2.3.2
6ee51c5e4f cirrus: bump macos machine test timeout
bdc195d641 pkg/machine/e2e: improve podman.exe match
dc3a7e56be pkg/machine/e2e: improve "list machine from all providers"
cfeefb3219 Remove JSON tag from UseImageHosts in ContainerConfig
805e78c2aa Set network ID if available during container inspect
969057bacc Stop creating a patch for v5.3.1 upgrades on windows
34d42514f1 compose docs: fix typo
d4f4cf0988 Document kube-play CDI support
e93f0acbee docs: Add quadlet debug method systemd-analyze
6ad44fe179 Replace instances of PodmanExitCleanly in play_kube_test.go
6ad4742ba8 docs: add 'initialized' state to status filters
ded5a2db82 fix(deps): update module google.golang.org/protobuf to v1.36.3
3fb37c588d Switch all calls of assert.Nil to assert.NoError
6565bde6e8 Add --no-hostname option
68f29df602 Fix unescaping octal escape sequence in values of Quadlet unit files
a91aa36367 Remove `.exe` suffix if any
0d0a78cc6b Add kube play support for CDI resource allocation
75b4a1b2aa add support to `;` for comments in unit files as per systemd documentation
de1aa44cc9 Use PodmanExitCleanly in attach_test.go
0c18beaea7 Introduce PodmanTestIntegration.PodmanExitCleanly
ba24512959 chore(deps): update dependency setuptools to ~=75.8.0
121caa04ca Add newer c/i to support artifacts
fca64e5429 fix(deps): update module golang.org/x/tools to v0.29.0
3be6c501c0 fix(deps): update module golang.org/x/net to v0.34.0
806722b3d6 specgenutil: Fix parsing of mount option ptmxmode
b0b1d19723 namespaces: allow configuring keep-id userns size
6dba0d9586 Update description for completion
0b3ad66a78 Quadlet - make sure the /etc/containers/systemd/users is traversed in rootless
418ea52e06 Document .build for Image .container option
c75e1c41d0 fix(deps): update module github.com/vbauerster/mpb/v8 to v8.9.1
62c81298fd New VM Images
e9fb805522 update golangci/golangci-lint to v1.63.4
4288c81da0 fix(deps): update module google.golang.org/protobuf to v1.36.2
b23349d3bd chore(deps): update dependency setuptools to ~=75.7.0
dd76034660 Fixing ~/.ssh/identity handling
1dbd68f061 vendor latest c/common from main
17a9408c0d fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.12
481c608fd4 fix(deps): update module github.com/opencontainers/runc to v1.2.4
1e0f03b046 specgen: fix comment
7a51916e3b Add hint to restart Podman machine to really accept new certificates
a445ebde9d fix(deps): update module github.com/onsi/gomega to v1.36.2
2aff249156 fix(deps): update module github.com/moby/term to v0.5.2
6fa234a5de Pass container hostname to netavark
53e5e402aa Fix slirp4netns typo in podman-network.1.md
d1a3f96cbf Add support to ShmSize in Pods with Quadlet
de829251fc fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.1
29c29e215f chore(deps): update module golang.org/x/crypto to v0.31.0 [security]
1b1e0446a5 fix(deps): update module golang.org/x/net to v0.33.0 [security]
ecd882f9f7 Kube volumes can not container _
cbd650212a fix(deps): update module github.com/docker/docker to v27.4.1+incompatible
f2f6eb88e9 test/system: fix "podman play --build private registry" error
23d4908c8b test/system: CopyDirectory() do not chown files
8729725684 test/system: remove system dial-stdio test
153a975888 shell completion: respect CONTAINERS_REGISTRIES_CONF
10d65f30b6 fix(deps): update module github.com/cpuguy83/go-md2man/v2 to v2.0.6
8b23e6d408 When generating host volumes for k8s, force to lowercase
ff9d4e72b0 test: enable newly added test
8b90e3f9c0 vfkit: Use 0.6.0 binary
3021dbec7a gvproxy: Use 0.8.1 binary
64e94efb95 systemd: simplify parser and fix infinite loop
5f79cd3aef Revert "win-installer test: revert to v5.3.0"
e3d2463a48 Avoid rebooting twice when installing WSL
2bca5052f1 Avoid rebooting on Windows when upgrading and WSL isn't installed
af607d0de4 Add win installer patch
d582c39dc8 Bump WiX toolset version to 5.0.2
e6d8603136 test/e2e: SkipOnOSVersion() add reason field
e74df8c35a test/e2e: remove outdated SkipOnOSVersion() calls
ae9120a71d Update VM images
f1e77cf172 fix(deps): update module golang.org/x/crypto to v0.31.0 [security]
c11fd6562d fix(deps): update module github.com/crc-org/crc/v2 to v2.45.0
851ef2529f fix(deps): update module github.com/opencontainers/runc to v1.2.3
cf505fe788 quadlet: fix inter-dependency of containers in `Network=`
e4a135a6ac Add man pages to Mac installer
5848dbee68 fix(deps): update module github.com/onsi/gomega to v1.36.1
a70c418b7d fix(deps): update module github.com/docker/docker to v27.4.0+incompatible
2f31a61cce Fix device limitations in podman-remote update on remote systems
2c58af0e6b Use latest version of VS BuildTools
9c14d15f4c bin/docker: fix broken escaping and variable substitution
0a4885610d manifest annotate: connect IndexAnnotations
8f45474809 Fix panic in `manifest annotate --index`
9dbc9b5055 fix(deps): update module github.com/cyphar/filepath-securejoin to v0.3.5
45c979d6b3 fix(deps): update module golang.org/x/net to v0.32.0
2c17ffa54d fix(deps): update module golang.org/x/tools to v0.28.0
a9b52fdedf fix(deps): update module golang.org/x/crypto to v0.30.0
66f9e81c17 fix(deps): update module golang.org/x/sys to v0.28.0
8f1266c717 Fix overwriting of LinuxResources structure in the database
c76932f4c6 api: replace inspectID with name
18a93ec68b fix(deps): update github.com/opencontainers/runtime-tools digest to f7e3563
e7bbcbfbf7 Replace ExclusiveArch with ifarch
c4c3fb23ce fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.1
ededb4c3c4 Improve platform specific URL handling in `podman compose` for machines
0d3a653c30 Fix `podman info` with multiple imagestores
43825122d4 Switch to fixed common
49b52227b4 refact: use uptime.minutes instead of uptime.seconds
dec8f3dca6 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.24.11
db6c2c7cdf fix(deps): update golang.org/x/exp digest to 2d47ceb
f3d250cf27 fix(deps): update github.com/godbus/dbus/v5 digest to c266b19
5bbfed2dc1 Cover Unix socket in inpect test on Windows platform
48ae52c08b Add a test for forcing compression and v2s2 format
9de7e07e56 fix(deps): update module github.com/crc-org/vfkit to v0.6.0
9475ea8fb9 Package podman-machine on supported architectures only.
156fc084a9 Fixes missing binary in systemd.
6673f5c202 stats: ignore errors from containers without cgroups
1fa27ffb62 api: Error checking before NULL dereference
4ef773d69e [skip-ci] Packit/copr: switch to fedora-all
2f1a1fb6f3 make remotesystem: fail early if serial tests fail
4b38294e92 spec: clamp rlimits without CAP_SYS_RESOURCE
6f85808707 Clarify the reason for skip_if_remote
39e08c3ffa Sanity-check that the test is really using partial pulls
5ff496ea2b Fix apparent typos in zstd:chunked tests
7f6a203558 Fix compilation issues in QEMU machine files (Windows platform)
e66b788a51 Mount volumes before copying into a container
44b0c24ca5 Revert "libpod: remove shutdown.Unregister()"
e608874004 docs: improve documentation for internal networks
697c4181d2 docs: document bridge mode option
415d762475 [skip-ci] Packit: remove epel and re-enable c9s
e5ed7847c1 chore(deps): update dependency golangci/golangci-lint to v1.62.2
e16f14a44d vendor: update containers/common
ef565b76f2 OWNERS: remove edsantiago
c2dcfca4ca fix(deps): update module github.com/onsi/gomega to v1.36.0
506fec1fa9 fix(deps): update github.com/containers/common digest to ceceb40
e4e7bc41f3 refact: EventerType and improve consistency
4f7395f93a Add --hosts-file flag to container and pod commands
dc564257a2 Add nohosts option to /build and /libpod/build
936461e3c2 fix(deps): update module github.com/stretchr/testify to v1.10.0
13affe96d6 Quadlet - Use = sign when setting the pull arg for build
916b805f97 win-installer test: revert to v5.3.0
5f907e4850 fix(deps): update module github.com/crc-org/crc/v2 to v2.44.0
34d63459ba fix(deps): update module github.com/onsi/ginkgo/v2 to v2.22.0
3096681ce3 chore(deps): update dependency setuptools to ~=75.6.0
07aaa7832a Update windows installer tests
7162c58ba2 Windows: don't install WSL/HyperV on update
c6549fc25b Switch to non-installing WSL by default
28305685f6 fix(deps): update github.com/containers/buildah digest to 52437ef
a1249425bd Configure HealthCheck with `podman update`
97ed067d1a CI: --image-volume test: robustify
e6e9d2c21c docs: add 5.3 as Reference version
926b31e053 Bump CI VMs
e60e11167e libpod: pass down NoPivotRoot to Buildah
d59794992f vendor: bump containers/buildah
cf2ef12664 fix(deps): update module github.com/opencontainers/runc to v1.2.2
61b57b7d7d Overlay mounts supersede image volumes & volumes-from
d513973237 libpod: addHosts() prevent nil deref
71f1f52894 only read ssh_config for non machine connections
cbb2820a7e ssh_config: allow IdentityFile file with tilde
a7120b50b1 ssh_config: do not overwrite values from config file
8a5ec2c505 connection: ignore errors when parsing ssh_config
7b41e28b95 Bump bundled krunkit to 0.1.4
2e22ab3bcd fix(deps): update module google.golang.org/protobuf to v1.35.2
315e7412e8 add support for driver-specific options during container creation
6809bf1d90 doc: fix words repetitions
d2d2e4a605 Update release notes on main for v5.3.0
590fcafc2b chore(deps): update dependency setuptools to ~=75.5.0
1c77ee6fc5 CI: system tests: parallelize 010
34a15ae300 fix podman machine init --ignition-path
3e47e0bc8c vendor: update containers/common
0a69aefa41 spec: clamp rlimits in a userns
8a192c8403 Add subpath support to volumes in `--mount` option
da6404ba16 refactor: simplify LinuxNS type definition and String method
0a1363d8eb test/e2e: remove FIPS test
42e8322532 vendor containers projects to tagged versions
fa335f99e0 fix(deps): update module github.com/moby/sys/capability to v0.4.0
ca7703643b chore(deps): update dependency setuptools to ~=75.4.0
969417711d system tests: safer install_kube_template()
33398ebc1e Buildah treadmill tweaks
9eca92d625 update golangci-lint to v1.62.0
8d8b98b64d fix(deps): update module golang.org/x/net to v0.31.0
e1a6c53909 fix(deps): update module golang.org/x/tools to v0.27.0
e39ddde709 Revert "Reapply "CI: test nftables driver on fedora""
b5c9fe948c Yet another bump, f41 with fixed kernel
30a82cad7a test: add zstd:chunked system tests
40534d352e pkg/machine/e2e: remove dead code
e1fe4b4b95 fix(deps): update module golang.org/x/crypto to v0.29.0
fbbfd07463 kube SIGINT system test: fix race in timeout handling
b20960b860 New `system connection add` tests
62c9627d7a Update codespell to v2.3.0
cbf1d7fcae Avoid printing PR text to stdout in system test
d49497ce6c Exclude symlink from pre-commit end-of-file-fixer
9f5bbecb95 api: Add error check
1b74ab5a85 [CI:ALL] Bump main to v5.4.0-dev
22152a2f9c test/buildah-bud: build new inet helper
fb3a0e93a8 test/system: add regression test for TZDIR local issue
f6af35c695 vendor latest c/{buildah,common,image,storage}
0e66a793bc Reapply "CI: test nftables driver on fedora"
d770069062 Revert "cirrus: test only on f40/rawhide"
ba5ce49c10 test f41 VMs
6346a11b09 AdditionalSupport for SubPath volume mounts
4e8d2dd726 wsl-e2e: Add a test to ensure port 2222 is free with usermode networking
6cf3cb1bfc winmake.ps1: Fix the syntax of the function call Win-SSHProxy
9a0c0b2eef volume ls: fix race that caused it to fail
9cb80d1856 gvproxy: Disable port-forwarding on WSL
52caa0fbb9 build: update gvisor-tap-vsock to 0.8.0
c23d9c6f23 Log network creation and removal events in Podman
c05987ddd3 api: Replace close function in condition body
Signed-off-by: Bruce Ashfield <[email protected]>
37 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Requires containers/storage#2155
RootFS.DiffIDs, or refuse to pull it partially.RootFS.DiffIDsto be present.RootFS.DiffIDsexists and matches. This fixes the “view ambiguity” of partially-pulled layers.RootFS.DiffIDsexists and we know the layer’s uncompressed digest, also require theRootFS.DiffIDvalue to match. This might be a compatibility break, but Docker requires these values anyway.DiffIDsto empty values, if the layer does not have a TOC digest (so there is no risk of “view ambiguity”).See individual commit messages for details.