27781 Commits

Author SHA1 Message Date
Jan Rodák
d8380c9c80 Merge pull request #29136 from cyqsimon/mount-relabel-docs
docs: improve docs on relabelling options of `--mount`
2026-07-09 10:12:35 +02:00
Miloslav Trmač
9db0119d00 Merge pull request #28787 from simek-m/docker-api-144-deprecations
compat: Implement deprecations from Docker API v1.44
2026-07-08 18:43:53 +02:00
Marek Simek
463b0b9829 api: Deprecate fields Container and ContainerConfig from GET /images/{name}/json
The Docker API deprecates Container and ContainerConfig fields in
the GET /images/{name}/json response are deprecated and
they will no longer be included in API v1.45.

Fixes: https://redhat.atlassian.net/browse/RUN-3323

Signed-off-by: Marek Simek <msimek@redhat.com>
2026-07-08 17:31:02 +02:00
Marek Simek
612c7b71b4 api: Deprecate response fields from GET /containers/{id}/json
The Docker API 1.44 deprecates the fields HairpinMode, LinkLocalIPv6Address,
LinkLocalIPv6PrefixLen, SecondaryIPAddresses, SecondaryIPv6Addresses available in
NetworkSettings when calling GET /containers/{id}/json and will be removed in a future release.
You should instead look for the default network in NetworkSettings.Networks.

The fields are removed in 1.52. Version gate SecondaryIPAddresses, SecondaryIPv6Addresses
in the handler and update test. HairpinMode, LinkLocalIPv6Address, LinkLocalIPv6PrefixLen
are not returned by the compat endpoint as the response is serialized
to the moby/moby/api structure missing these fields.

Fixes: https://redhat.atlassian.net/browse/RUN-3323

Signed-off-by: Marek Simek <msimek@redhat.com>
2026-07-08 17:31:02 +02:00
Marek Simek
f4925bae8c api: Deprecate is-automated filter and field in GET /images/search endpoint
The Docker API in version 1.44 deprecates the is_automated field for
the GET /images/search endpoint. The is_automated field has been deprecated
by Docker Hub's search API. Consequently, searching for is-automated=true
will yield no results.

The Docker API in version 1.44 deprecates the is_automated field
in the GET /images/search response and will always be set to false in the
future because Docker Hub is deprecating the is_automated field in its search API.

Return struct moby/api for the compat endpoint that matches the Docker
API response format and deprecates is_automated.

Update test_v2_0_0_image.py::ImageTestCase::test_search_compat
to verify returned format and fix subtests not being asserted (remove mp).

Fixes: https://redhat.atlassian.net/browse/RUN-3323

Signed-off-by: Marek Simek <msimek@redhat.com>
2026-07-08 17:31:02 +02:00
Danish Prakash
490486e727 Merge pull request #28953 from ROKUMATE/test-pkg-namespaces
pkg/namespaces: add tests for UsernsMode and NetworkMode
2026-07-08 20:56:14 +05:30
Jan Rodák
142a61eaae Merge pull request #29140 from cfergeau/vfkit064
macos: Use latest vfkit release in installer
2026-07-08 12:57:48 +02:00
Paul Holzinger
90e786b7f9 Merge pull request #29142 from l0rd/fix-init-when-hyperv-is-missing
Fix lookup of HyperV VMs with matching name
2026-07-08 12:35:04 +02:00
Paul Holzinger
1a55785511 Merge pull request #29141 from podman-container-tools/renovate/github.com-crc-org-vfkit-0.x
Update module github.com/crc-org/vfkit to v0.6.4
2026-07-08 12:18:29 +02:00
Mario Loriedo
bec840d716 Fix lookup of HyperV VMs with matching name
Fixes https://github.com/podman-container-tools/podman/issues/29138

Signed-off-by: Mario Loriedo <mario.loriedo@gmail.com>
2026-07-07 23:40:18 +02:00
Miloslav Trmač
696772b3dc Merge pull request #29049 from Honny1/enable-pesto-tests
Fix pesto port forwarding and enable pasta forwarder tests
2026-07-07 21:06:29 +02:00
renovate[bot]
ed8110c6dd Update module github.com/crc-org/vfkit to v0.6.4
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-07-07 16:47:50 +00:00
Christophe Fergeau
073ad746b0 macos: Use latest vfkit release in installer
Signed-off-by: Christophe Fergeau <cfergeau@redhat.com>
2026-07-07 18:34:04 +02:00
Jan Rodák
c3d7201764 Mark pasta forwarder tests as non-parallel
Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-07-07 17:56:14 +02:00
Jan Rodák
7ab215c0be Vendor container-libs with PestoSocketPath interface method
- go.podman.io/storage@main
- go.podman.io/image/v5@main
- go.podman.io/common@main

Fixes: https://github.com/containers/podman/issues/29032

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-07-07 17:56:03 +02:00
cyqsimon
bd753bfe2e docs: improve docs on relabelling options of --mount
Resolves #29124.

Signed-off-by: cyqsimon <28627918+cyqsimon@users.noreply.github.com>
2026-07-07 22:50:16 +08:00
Jan Rodák
e4271bea59 Enable pasta forwarder tests after passt SELinux fix
Fixes: https://github.com/podman-container-tools/podman/issues/28776

Signed-off-by: Jan Rodák <hony.com@seznam.cz>
2026-07-07 13:40:44 +02:00
Jan Rodák
f466791b6f Merge pull request #29089 from podman-container-tools/renovate/google.golang.org-grpc-1.x
Update module google.golang.org/grpc to v1.82.0
2026-07-07 13:27:44 +02:00
Jan Rodák
c67f9abe9b Merge pull request #29096 from podman-container-tools/renovate/github.com-shirou-gopsutil-v4-4.x
Update module github.com/shirou/gopsutil/v4 to v4.26.6
2026-07-07 13:24:08 +02:00
Jan Rodák
e793bad242 Merge pull request #29110 from larrasket/manifest-create-replace-hint
Only suggest --replace for commands that have the flag
2026-07-07 13:07:55 +02:00
Jan Rodák
a54e5923e6 Merge pull request #29121 from podman-container-tools/renovate/setuptools-83.x
Update dependency setuptools to v83
2026-07-07 13:04:18 +02:00
Danish Prakash
4f04d9e7c5 Merge pull request #29129 from jiwahn/fix-mount-idmaps-docs
docs: clarify idmap mount option syntax
2026-07-07 16:02:46 +05:30
Mario Loriedo
c69bf80690 Merge pull request #29132 from Luap99/govet
golangci-lint: enable more govet checks
2026-07-07 11:14:43 +02:00
Danish Prakash
451b71f6b2 Merge pull request #29114 from Luap99/network-doc
docs: fix network create
2026-07-06 21:20:01 +05:30
Paul Holzinger
c76b68dac5 golangci-lint: enable more govet checks
There are more useful checks such as nilness that are not enabled by
default. However fieldalignment and shadow produce a lot of warnings
that are not real issues, i.e. we shadow "err" as variable all the time,
so they get disabled.

see https://golangci-lint.run/docs/linters/configuration/#govet

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-07-06 15:53:50 +02:00
Jiwoo Ahn
b768c1c2b5 docs: clarify idmap mount option syntax
Fixes: #24249

Signed-off-by: Jiwoo Ahn <ikwydls1314@gmail.com>
2026-07-05 23:39:18 +09:00
renovate[bot]
1e8f069cda Update dependency setuptools to v83
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-07-04 16:42:12 +00:00
Paul Holzinger
4b5c1b67bf docs: update network create --route description
The netavark mention is not needed as we only support it now. Then
update it for the new route type syntax which was not documented in
commit daaf8b62ba.

Also add an example and a note that containers with CAP_NET_ADMIN can
alter routes still.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-07-03 16:57:21 +02:00
Lokesh Mandvekar
d5213284f4 Merge pull request #29111 from slp/update-krunkit-1.3.2
Bump bundled krunkit from 1.3.1 to 1.3.2
2026-07-03 10:42:40 -04:00
Paul Holzinger
adb2307e18 docs: fix network create no_default_route doc
With netavark v2 we require true not 1.

This was correctly changed in commit bb02e49080 but then reverted in
commit 7612af4c0e again as it did not properly rebase and solve the
conflicts.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-07-03 16:15:52 +02:00
Sergio Lopez
f68612b052 Bump bundled krunkit from 1.3.1 to 1.3.2
Bump bundled krunkit to 1.3.2, which comes with libkrun 1.19.4.

This version of libkrun includes a fix in virtio-fs on macOS for
libkrun/libkrun#769 that potentially impacts podman users.

Signed-off-by: Sergio Lopez <slp@redhat.com>
2026-07-03 13:26:47 +02:00
Paul Holzinger
0ead98d2d4 Merge pull request #29092 from ROKUMATE/feat-playkube-container-name
pkg/domain: include container name in kube play start errors
2026-07-03 13:25:18 +02:00
ROKUMATE
8748e6c9ac pkg/domain: include container name in kube play start errors
Fixes: #27196
Signed-off-by: ROKUMATE <rohitkumawat0110@gmail.com>
2026-07-03 15:07:41 +05:30
Paul Holzinger
dd9bb5d512 Merge pull request #29107 from podman-container-tools/renovate/dorny-paths-filter-4.x
Update dorny/paths-filter action to v4.0.2
2026-07-03 10:38:46 +02:00
renovate[bot]
258a2cb12c Update dorny/paths-filter action to v4.0.2
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-07-02 23:10:08 +00:00
Salih Muhammed
20eae39b13 Only suggest --replace for commands that have the flag
formatError appended "or use --replace to instruct Podman to do so" to
every error wrapping storage.ErrDuplicateName, even for commands like
"podman manifest create" that have no --replace flag, telling users to
use a flag that does not exist.

Resolve the invoked command via ExecuteContextC and only add the hint
when that command actually defines a --replace flag.

Fixes: #24537
Signed-off-by: Salih Muhammed <root@lr0.org>
2026-07-03 01:35:16 +03:00
Ashley Cui
3c2f6f4278 Merge pull request #29106 from danishprakash/validatepr-worktree
Makefile: allow `make validatepr` to be run from git worktrees
2026-07-02 13:58:34 -04:00
Paul Holzinger
a9a332116d Merge pull request #29104 from podman-container-tools/renovate/go-golang.org-x-net-vulnerability
Update module golang.org/x/net to v0.55.0 [SECURITY]
2026-07-02 19:20:50 +02:00
Danish Prakash
ceea48155a Makefile: fix make validatepr run from git worktrees
When running `make validatepr` from a git worktree, $(CURDIR)/.git is a file
pointing to the parent git dir outside the bind mount. Mount that dir at its
own path so git inside the container can resolve and not throw ownership errors.

Signed-off-by: Danish Prakash <contact@danishpraka.sh>
2026-07-02 20:58:47 +05:30
Paul Holzinger
d9a2250d3c Merge pull request #29086 from Luap99/machine-upgrade
fix podman machine os upgrade distro check
2026-07-02 17:18:00 +02:00
Brent Baude
9ac9834a50 Merge pull request #29100 from afbjorklund/machine-cache
Restore caching of the default machine image
2026-07-02 10:05:27 -05:00
Brent Baude
4d5435f47e Merge pull request #29103 from Luap99/wsl-config-mount
machine/wsl: fix config mount logic
2026-07-02 10:05:04 -05:00
Jan Rodák
e852389e55 Merge pull request #29071 from Luap99/scannererr
fix missing error checks for bufio.Scanner
2026-07-02 14:55:12 +02:00
renovate[bot]
9ccc0490a7 Update module golang.org/x/net to v0.55.0 [SECURITY]
Signed-off-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
2026-07-02 12:39:14 +00:00
Jan Rodák
60d4acc173 Merge pull request #29073 from podman-container-tools/renovate/golangci-golangci-lint-action-9.x
Update golangci/golangci-lint-action action to v9.3.0
2026-07-02 14:37:40 +02:00
Paul Holzinger
114bb1efa7 machine/wsl: fix config mount logic
The current systemd service to mount /etc/containers is not working
right. The Before=podman.socket causes a ordering conflict which causes
the socket to be disabled and thus all podman remote connections fail.

The problem is the unit is wanted by the default.target while the socket
is wanted by sockets.target which can be before the default.target is
triggered. That means that the Before= line cannot be fulfilled and
sometimes systemd thus seems to not start the socket. It is unclear to
me why this is racy as it is sometimes also works.

This was reported by Vladimir Lazar from the PD team, our CI did not
caught this as we use rootless machines by default and the problem only
happens for the rootful socket so we do not see connection failures.
To fix this add at least one rootful socket check.

We do however have a different CI flake that was also caused by the
incorrect mount dependencies. The mount could happen after sshd or other
programs run. So to fix this we must hook the podman-mnt-config.service
into the local-fs.target which runs much earlier and is used for all the
mounts.

Fixes: #29003

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
2026-07-02 14:01:43 +02:00
Giuseppe Scrivano
6c5efd31e3 Merge pull request #29011 from simonbrauner/issue-29004
Write quadlet units to temporary files and rename
2026-07-02 09:34:30 +02:00
Matt Heon
4a06ac20dd Merge pull request #29101 from slp/update-krunkit-1.3.1
Bump bundled krunkit from 1.2.1 to 1.3.1
2026-07-01 17:30:16 -04:00
Sergio Lopez
06bfb55eb1 Bump bundled krunkit from 1.2.1 to 1.3.1
Bump bundled krunkit to 1.3.1, which comes with libkrun 1.19.3.

This version of krunkit makes HTTP parsing on the rest-uri more
robust to ensure it only acts on the right request.

It also enables a new permission semantics mode in libkrun that's
closer to the user expectations on macOS.

Fixes: #21402
Fixes: #29084

Signed-off-by: Sergio Lopez <slp@redhat.com>
2026-07-01 19:05:12 +02:00
Anders F Björklund
d4a1efbe9b Restore caching of the default machine image
It was removed, with the hardcoded image reference.

So cache was always off, even for the default image.

Fixes: #29090

Signed-off-by: Anders F Björklund <anders.f.bjorklund@gmail.com>
2026-07-01 18:09:21 +02:00