Merge branch 'containers:main' into main

RELEASE_PROCESS.md

@@ -158,6 +158,8 @@ spelled with complete minutiae.
    1. Edit `version/rawversion/version.go` and bump the `Version` value to the new
       release version.  If there were API changes, also bump `APIVersion` value.
       Make sure to also bump the version in the swagger.yaml `pkg/api/server/docs.go`
+      For major and minor versions also add the new branch name to
+      `docs/source/Reference.rst` to show the new swagger version on docs.podman.io.
    1. Commit this and sign the commit (`git commit -a -s -S`). The commit message
       should be `Bump to vX.Y.Z` (using the actual version numbers).
    1. Push this single change to your GitHub fork, and make a new PR,

cmd/podman/farm/remove.go

@@ -67,7 +67,7 @@ func rm(cmd *cobra.Command, args []string) error {
 	deletedFarms := []string{}
 	for _, k := range args {
 		if _, ok := cfg.Farms.List[k]; !ok {
-			logrus.Warnf("farm %q doesn't exists; nothing to remove", k)
+			logrus.Warnf("farm %q doesn't exist; nothing to remove", k)
 			continue
 		}
 		delete(cfg.Farms.List, k)

cmd/podman/kube/play.go

@@ -46,7 +46,7 @@ var (
 	playOptions        = playKubeOptionsWrapper{}
 	playDescription    = `Reads in a structured file of Kubernetes YAML.
 
-  Creates pods or volumes based on the Kubernetes kind described in the YAML. Supported kinds are Pods, Deployments and PersistentVolumeClaims.`
+  Creates pods or volumes based on the Kubernetes kind described in the YAML. Supported kinds are Pods, Deployments, DaemonSets and PersistentVolumeClaims.`
 
 	playCmd = &cobra.Command{
 		Use:               "play [options] KUBEFILE|-",

cmd/podman/main.go

@@ -4,6 +4,7 @@ import (
 	"fmt"
 	"os"
 	"path/filepath"
+	"strconv"
 	"strings"
 
 	_ "github.com/containers/podman/v4/cmd/podman/completion"
@@ -43,9 +44,7 @@ func main() {
 		(len(os.Args[0]) > 0 && filepath.Base(os.Args[0][1:]) == registry.PodmanSh) {
 		shell := strings.TrimPrefix(os.Args[0], "-")
 
-		// The wait timeout will soon be made configurable via the
-		// upcoming `podmansh_timeout` option in containers.conf
-		args := []string{shell, "exec", "-i", "--wait", "30"}
+		args := []string{shell, "exec", "-i", "--wait", strconv.FormatUint(uint64(registry.PodmanConfig().ContainersConfDefaultsRO.Engine.PodmanshTimeout), 10)}
 		if term.IsTerminal(0) || term.IsTerminal(1) || term.IsTerminal(2) {
 			args = append(args, "-t")
 		}

contrib/cirrus/setup_environment.sh

@@ -364,8 +364,9 @@ case "$TEST_FLAVOR" in
         pip install --requirement $GOSRC/test/apiv2/python/requirements.txt
         ;&  # continue with next item
     compose)
-        make install.tools
-        dnf install -y podman-docker*
+        showrun make install.tools
+        showrun dnf remove -y gvisor-tap-vsock
+        showrun dnf install -y podman-docker*
         ;&  # continue with next item
     int)
         make .install.ginkgo

docs/kubernetes_support.md

@@ -33,7 +33,7 @@ Note: **N/A** means that the option cannot be supported in a single-node Podman
 | topologySpreadConstraints\.labelSelector            | N/A     |
 | topologySpreadConstraints\.minDomains               | N/A     |
 | restartPolicy                                       | ✅      |
-| terminationGracePeriod                              | no      |
+| terminationGracePeriodSeconds                       | ✅      |
 | activeDeadlineSeconds                               | no      |
 | readinessGates\.conditionType                       | no      |
 | hostname                                            | ✅      |
@@ -173,3 +173,15 @@ Note: **N/A** means that the option cannot be supported in a single-node Podman
 | revisionHistoryLimit                    | no                                                    |
 | progressDeadlineSeconds                 | no                                                    |
 | paused                                  | no                                                    |
+
+## DaemonSet Fields
+
+| Field                                   | Support                                               |
+|-----------------------------------------|-------------------------------------------------------|
+| selector                                | ✅                                                    |
+| template                                | ✅                                                    |
+| minReadySeconds                         | no                                                    |
+| strategy\.type                          | no                                                    |
+| strategy\.rollingUpdate\.maxSurge       | no                                                    |
+| strategy\.rollingUpdate\.maxUnavailable | no                                                    |
+| revisionHistoryLimit                    | no                                                    |

docs/source/Reference.rst

@@ -7,6 +7,8 @@ Show the API documentation for version:
 
 * `latest (main branch) <_static/api.html>`_
 
+* `version 4.6 <_static/api.html?version=v4.6>`_
+
 * `version 4.5 <_static/api.html?version=v4.5>`_
 
 * `version 4.4 <_static/api.html?version=v4.4>`_

docs/source/markdown/podman-init.1.md.in

@@ -13,7 +13,7 @@ Initialize one or more containers.
 You may use container IDs or names as input.
 Initializing a container performs all tasks necessary for starting the container (mounting filesystems, creating an OCI spec, initializing the container network) but does not start the container.
 If a container is not initialized, the `podman start` and `podman run` commands initialize it automatically prior to starting it.
-This command is intended to be used for inspecting or modifying the container's filesystem or OCI spec prior to starting it.
+This command is intended to be used for inspecting a container's filesystem or OCI spec prior to starting it.
 This can be used to inspect the container before it runs, or debug why a container is failing to run.
 
 ## OPTIONS

docs/source/markdown/podman-kube-generate.1.md

@@ -30,6 +30,8 @@ Note that the generated Kubernetes YAML file can be used to re-run the deploymen
 
 Note that if the pod being generated was created with the **--infra-name** flag set, then the generated kube yaml will have the **io.podman.annotations.infra.name** set where the value is the name of the infra container set by the user.
 
+Also note that both Deployment and DaemonSet can only have `restartPolicy` set to `Always`.
+
 ## OPTIONS
 
 #### **--filename**, **-f**=*filename*
@@ -54,9 +56,9 @@ Note: this can only be set with the option `--type=deployment`.
 
 Generate a Kubernetes service object in addition to the Pods. Used to generate a Service specification for the corresponding Pod output. In particular, if the object has portmap bindings, the service specification includes a NodePort declaration to expose the service. A random port is assigned by Podman in the specification.
 
-#### **--type**, **-t**=*pod | deployment*
+#### **--type**, **-t**=*pod* | *deployment* | *daemonset*
 
-The Kubernetes kind to generate in the YAML file. Currently, the only supported Kubernetes specifications are `Pod` and `Deployment`. By default, the `Pod` specification is generated.
+The Kubernetes kind to generate in the YAML file. Currently, the only supported Kubernetes specifications are `Pod`, `Deployment` and `DaemonSet`. By default, the `Pod` specification is generated.
 
 ## EXAMPLES
 

docs/source/markdown/podman-kube-play.1.md.in

@@ -23,6 +23,7 @@ Currently, the supported Kubernetes kinds are:
 - PersistentVolumeClaim
 - ConfigMap
 - Secret
+- DaemonSet
 
 `Kubernetes Pods or Deployments`
 

docs/source/markdown/podman-systemd.unit.5.md

@@ -125,7 +125,7 @@ Valid options for `[Container]` are listed below:
 |--------------------------------|------------------------------------------------------|
 | AddCapability=CAP              | --cap-add CAP                                        |
 | AddDevice=/dev/foo             | --device /dev/foo                                    |
-| Annotation="YXZ"               | --annotation "XYZ"                                   |
+| Annotation="XYZ"               | --annotation "XYZ"                                   |
 | AutoUpdate=registry            | --label "io.containers.autoupdate=registry"          |
 | ContainerName=name             | --name name                                          |
 | DNS=192.168.55.1               | --dns=192.168.55.1                                   |
@@ -144,16 +144,16 @@ Valid options for `[Container]` are listed below:
 | HealthRetries=5                | --health-retries=5                                   |
 | HealthStartPeriod=1m           | --health-start-period=period=1m                      |
 | HealthStartupCmd="command"     | --health-startup-cmd="command"                       |
-| HealthStartupInterval=1m       | --health-startup-interval=2m                         |
+| HealthStartupInterval=1m       | --health-startup-interval=1m                         |
 | HealthStartupRetries=8         | --health-startup-retries=8                           |
 | HealthStartupSuccess=2         | --health-startup-success=2                           |
 | HealthStartupTimeout=1m33s     | --health-startup-timeout=1m33s                       |
 | HealthTimeout=20s              | --health-timeout=20s                                 |
 | HostName=new-host-name         | --hostname="new-host-name"                           |
 | Image=ubi8                     | Image specification - ubi8                           |
-| IP=192.5.0.1                   | --ip 192.5.0.0                                       |
-| IP6=fd46:db93:aa76:ac37::10    | --ip6 2001:db8::1                                    |
-| Label="YXZ"                    | --label "XYZ"                                        |
+| IP=192.5.0.1                   | --ip 192.5.0.1                                       |
+| IP6=2001:db8::1                | --ip6 2001:db8::1                                    |
+| Label="XYZ"                    | --label "XYZ"                                        |
 | LogDriver=journald             | --log-driver journald                                |
 | Mount=type=...                 | --mount type=...                                     |
 | Network=host                   | --net host                                           |
@@ -733,7 +733,7 @@ Valid options for `[Network]` are listed below:
 | IPAMDriver=dhcp               | --ipam-driver dhcp                   |
 | IPRange=192.168.55.128/25     | --ip-range 192.168.55.128/25         |
 | IPv6=true                     | --ipv6                               |
-| Label="YXZ"                   | --label "XYZ"                        |
+| Label="XYZ"                   | --label "XYZ"                        |
 | NetworkName=foo               | podman network create foo            |
 | Options=isolate               | --opt isolate                        |
 | PodmanArgs=--dns=192.168.55.1 | --dns=192.168.55.1                   |

docs/source/markdown/podmansh.1.md

@@ -20,6 +20,8 @@ Systemd will automatically create the container when the user session is started
 
 Administrators can use volumes to expose specific host data from the host system to the user, without the user being exposed to other parts of the system.
 
+Timeout for podmansh can be set using the `podmansh_timeout` option in containers.conf.
+
 ## Setup
 Create user login session using useradd while running as root.
 
@@ -126,7 +128,7 @@ _EOF
 ```
 
 ## SEE ALSO
-**[podman(1)](podman.1.md)**, **[podman-exec(1)](podman-exec.1.md)**, **quadlet(5)**
+**[containers.conf(5)](containers.conf.5.md)**, **[podman(1)](podman.1.md)**, **[podman-exec(1)](podman-exec.1.md)**, **quadlet(5)**
 
 ## HISTORY
 May 2023, Originally compiled by Dan Walsh <[email protected]>

go.mod

@@ -9,17 +9,17 @@ require (
 	github.com/buger/goterm v1.0.4
 	github.com/checkpoint-restore/checkpointctl v0.1.0
 	github.com/checkpoint-restore/go-criu/v6 v6.3.0
-	github.com/container-orchestrated-devices/container-device-interface v0.6.0
+	github.com/container-orchestrated-devices/container-device-interface v0.6.1
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.3.0
 	github.com/containers/buildah v1.31.1-0.20230722114901-5ece066f82c6
-	github.com/containers/common v0.55.1-0.20230830075933-12405381ff45
+	github.com/containers/common v0.55.1-0.20230912125309-7fa3c55bd517
 	github.com/containers/conmon v2.0.20+incompatible
-	github.com/containers/image/v5 v5.26.1-0.20230807184415-3fb422379cfa
+	github.com/containers/image/v5 v5.27.1-0.20230911141411-81c35e010bab
 	github.com/containers/libhvee v0.4.1-0.20230905135638-56fb23533417
 	github.com/containers/ocicrypt v1.1.8
 	github.com/containers/psgo v1.8.0
-	github.com/containers/storage v1.49.1-0.20230823084450-6902c2df7cca
+	github.com/containers/storage v1.50.0
 	github.com/coreos/go-systemd/v22 v22.5.0
 	github.com/coreos/stream-metadata-go v0.4.3
 	github.com/crc-org/vfkit v0.1.1
@@ -59,7 +59,7 @@ require (
 	github.com/stretchr/testify v1.8.4
 	github.com/syndtr/gocapability v0.0.0-20200815063812-42c35b437635
 	github.com/ulikunitz/xz v0.5.11
-	github.com/vbauerster/mpb/v8 v8.6.0
+	github.com/vbauerster/mpb/v8 v8.6.1
 	github.com/vishvananda/netlink v1.2.1-beta.2
 	go.etcd.io/bbolt v1.3.7
 	golang.org/x/exp v0.0.0-20230817173708-d852ddb80c63
@@ -78,14 +78,14 @@ require (
 require (
 	dario.cat/mergo v1.0.0 // indirect
 	github.com/Azure/go-ansiterm v0.0.0-20230124172434-306776ec8161 // indirect
-	github.com/Microsoft/hcsshim v0.10.0 // indirect
+	github.com/Microsoft/hcsshim v0.11.0 // indirect
 	github.com/VividCortex/ewma v1.2.0 // indirect
 	github.com/acarl005/stripansi v0.0.0-20180116102854-5a71ef0e047d // indirect
 	github.com/asaskevich/govalidator v0.0.0-20230301143203-a9d515a09cc2 // indirect
 	github.com/bytedance/sonic v1.9.1 // indirect
 	github.com/chenzhuoyu/base64x v0.0.0-20221115062448-fe3a3abad311 // indirect
 	github.com/chzyer/readline v1.5.1 // indirect
-	github.com/containerd/cgroups/v3 v3.0.2 // indirect
+	github.com/containerd/cgroups v1.1.0 // indirect
 	github.com/containerd/containerd v1.7.5 // indirect
 	github.com/containerd/stargz-snapshotter/estargz v0.14.3 // indirect
 	github.com/containers/libtrust v0.0.0-20230121012942-c1716e8a8d01 // indirect
@@ -125,7 +125,7 @@ require (
 	github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
 	github.com/golang/protobuf v1.5.3 // indirect
 	github.com/google/go-cmp v0.5.9 // indirect
-	github.com/google/go-containerregistry v0.15.2 // indirect
+	github.com/google/go-containerregistry v0.16.1 // indirect
 	github.com/google/go-intervals v0.0.2 // indirect
 	github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
 	github.com/hashicorp/errwrap v1.1.0 // indirect
@@ -163,13 +163,14 @@ require (
 	github.com/proglottis/gpgme v0.1.3 // indirect
 	github.com/rivo/uniseg v0.4.4 // indirect
 	github.com/seccomp/libseccomp-golang v0.10.0 // indirect
+	github.com/secure-systems-lab/go-securesystemslib v0.7.0 // indirect
 	github.com/segmentio/ksuid v1.0.4 // indirect
 	github.com/sigstore/fulcio v1.4.0 // indirect
 	github.com/sigstore/rekor v1.2.2 // indirect
-	github.com/sigstore/sigstore v1.7.1 // indirect
+	github.com/sigstore/sigstore v1.7.3 // indirect
 	github.com/skratchdot/open-golang v0.0.0-20200116055534-eef842397966 // indirect
 	github.com/stefanberger/go-pkcs11uri v0.0.0-20201008174630-78d3cae3a980 // indirect
-	github.com/sylabs/sif/v2 v2.11.5 // indirect
+	github.com/sylabs/sif/v2 v2.13.0 // indirect
 	github.com/tchap/go-patricia/v2 v2.3.1 // indirect
 	github.com/theupdateframework/go-tuf v0.5.2 // indirect
 	github.com/titanous/rocacheck v0.0.0-20171023193734-afe73141d399 // indirect
@@ -186,7 +187,7 @@ require (
 	golang.org/x/arch v0.3.0 // indirect
 	golang.org/x/crypto v0.13.0 // indirect
 	golang.org/x/mod v0.12.0 // indirect
-	golang.org/x/oauth2 v0.11.0 // indirect
+	golang.org/x/oauth2 v0.12.0 // indirect
 	golang.org/x/tools v0.12.1-0.20230815132531-74c255bcf846 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto/googleapis/rpc v0.0.0-20230711160842-782d3b101e98 // indirect