podman: 4.9.3 -> 5.0.1

[the-sun-will-rise-tomorrow]

Description of changes

• https://github.com/containers/podman/releases/tag/v5.0.0
• https://github.com/containers/podman/releases/tag/v5.0.1

Depends on #265409

Things done

• Built on platform(s)
  • x86_64-linux
  • aarch64-linux
  • x86_64-darwin
  • aarch64-darwin
• For non-Linux: Is sandboxing enabled in nix.conf? (See Nix manual)
  • sandbox = relaxed
  • sandbox = true
• Tested, as applicable:
  • NixOS test(s) (look inside nixos/tests)
  • and/or package tests
  • or, for functions and "core" functionality, tests in lib/tests or pkgs/test
  • made sure NixOS tests are linked to the relevant packages
• Tested compilation of all packages that depend on this change using nix-shell -p nixpkgs-review --run "nixpkgs-review rev HEAD". Note: all changes have to be committed, also see nixpkgs-review usage
• Tested basic functionality of all binary files (usually in ./result/bin/)
• 24.05 Release Notes (or backporting 23.05 and 23.11 Release notes)
  • (Package updates) Added a release notes entry if the change is major or breaking
  • (Module updates) Added a release notes entry if the change is significant
  • (Module addition) Added a release notes entry if adding a new NixOS module
• Fits CONTRIBUTING.md.

---

Add a 👍 reaction to pull requests you find important.

[bachp]

@WxNzEMof #265409 is merged. Not sure if it needs to be update tough

[the-sun-will-rise-tomorrow]

Updated!

[SuperSandro2000]

rootless continues to work on WSL

[SuperSandro2000]

I think we should try to limit this to what is useful. I thin kcrun is in almost every case better than runc, so we can drop that.

see https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/building_running_and_managing_containers/selecting-a-container-runtime_building-running-and-managing-containers#con_the-crun-container-runtime_selecting-a-container-runtime

[the-sun-will-rise-tomorrow]

Why would we want to limit this - to reduce the number of dependencies?

But, if runc is obsolete, why would upstream still continue supporting it?

Since upstream continues supporting it, wouldn't that imply that it is valuable to have it as an option?

Also, if we don't want to support runc, shouldn't we delete it from nixpkgs?

[SuperSandro2000]

Why would we want to limit this - to reduce the number of dependencies?

Yeah, we increased the dependencies with this update a lot.

But, if runc is obsolete, why would upstream still continue supporting it?

Maybe there are certain usecases when it is useful which are not relevant to nixpkgs?

[the-sun-will-rise-tomorrow]

Would it make sense to make these dependencies (runc, gvisor, youki) optional?

[SuperSandro2000]

Yeah, I think so. I think we could right now overwrite them with null, but that is a bit dirty.

[the-sun-will-rise-tomorrow]

#310182 does this. I left runc in by default on Linux, because nixpkgs actually has a test that podman works with that runtime. But, it can now be disabled.

[natsukium]

This PR broke darwin support.

error: Package ‘conmon-2.1.10’ in /nix/store/wmcbdvplkli110vmdn1ci96n8zmzh7yn-source/pkgs/applications/virtualization/conmon/default.nix:45 is not available on the requested hostPlatform:
         hostPlatform.config = "aarch64-apple-darwin"

[mlyxshi]

gvisor doesn't support aarch64-linux now

error: Package ‘gvisor-20240401.0’ in /nix/store/v4pcs3nzx54m5bmxd39win0rgl2d2hbx-source/pkgs/by-name/gv/gvisor/package.nix:46 is not available on the requested hostPlatform:
         hostPlatform.config = "aarch64-unknown-linux-gnu"
         package.meta.platforms = [
           "x86_64-linux"
         ]

[the-sun-will-rise-tomorrow]

@natsukium Sorry about that, if you're willing to try making a patch, I think this just needs the Linux-only dependencies to be made optional (e.g. with // optionalAttrs) in substituteAll.