Merge pull request #11598 from mheon/34_backportsreleasenotes

Backports and release notes for v3.4.0-RC1

.cirrus.yml

@@ -6,7 +6,7 @@ env:
     #### Global variables used for all tasks
     ####
     # Name of the ultimate destination branch for this CI run, PR or post-merge.
-    DEST_BRANCH: "main"
+    DEST_BRANCH: "v3.4"
     # Overrides default location (/tmp/cirrus) for repo clone
     GOPATH: &gopath "/var/tmp/go"
     GOBIN: "${GOPATH}/bin"
@@ -27,20 +27,17 @@ env:
     FEDORA_NAME: "fedora-34"
     PRIOR_FEDORA_NAME: "fedora-33"
     UBUNTU_NAME: "ubuntu-2104"
-    PRIOR_UBUNTU_NAME: "ubuntu-2010"
 
     # Google-cloud VM Images
-    IMAGE_SUFFIX: "c6737534580424704"
+    IMAGE_SUFFIX: "c6431352024203264"
     FEDORA_CACHE_IMAGE_NAME: "fedora-${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CACHE_IMAGE_NAME: "prior-fedora-${IMAGE_SUFFIX}"
     UBUNTU_CACHE_IMAGE_NAME: "ubuntu-${IMAGE_SUFFIX}"
-    PRIOR_UBUNTU_CACHE_IMAGE_NAME: "prior-ubuntu-${IMAGE_SUFFIX}"
 
     # Container FQIN's
     FEDORA_CONTAINER_FQIN: "quay.io/libpod/fedora_podman:${IMAGE_SUFFIX}"
     PRIOR_FEDORA_CONTAINER_FQIN: "quay.io/libpod/prior-fedora_podman:${IMAGE_SUFFIX}"
     UBUNTU_CONTAINER_FQIN: "quay.io/libpod/ubuntu_podman:${IMAGE_SUFFIX}"
-    PRIOR_UBUNTU_CONTAINER_FQIN: "quay.io/libpod/prior-ubuntu_podman:${IMAGE_SUFFIX}"
 
     ####
     #### Control variables that determine what to run and how to run it.
@@ -161,11 +158,6 @@ build_task:
               VM_IMAGE_NAME: ${UBUNTU_CACHE_IMAGE_NAME}
               CTR_FQIN: ${UBUNTU_CONTAINER_FQIN}
               _BUILD_CACHE_HANDLE: ${UBUNTU_NAME}-build-${CIRRUS_BUILD_ID}
-        - env: &priorubuntu_envvars
-              DISTRO_NV: ${PRIOR_UBUNTU_NAME}
-              VM_IMAGE_NAME: ${PRIOR_UBUNTU_CACHE_IMAGE_NAME}
-              CTR_FQIN: ${PRIOR_UBUNTU_CONTAINER_FQIN}
-              _BUILD_CACHE_HANDLE: ${PRIOR_UBUNTU_NAME}-build-${CIRRUS_BUILD_ID}
     env:
         TEST_FLAVOR: build
     # Ref: https://cirrus-ci.org/guide/writing-tasks/#cache-instruction
@@ -408,7 +400,6 @@ unit_test_task:
         - env: *stdenvars
         - env: *priorfedora_envvars
         - env: *ubuntu_envvars
-        - env: *priorubuntu_envvars
         # Special-case: Rootless on latest Fedora (standard) VM
         - name: "Rootless unit on $DISTRO_NV"
           env:
@@ -687,7 +678,6 @@ meta_task:
             ${FEDORA_CACHE_IMAGE_NAME}
             ${PRIOR_FEDORA_CACHE_IMAGE_NAME}
             ${UBUNTU_CACHE_IMAGE_NAME}
-            ${PRIOR_UBUNTU_CACHE_IMAGE_NAME}
         BUILDID: "${CIRRUS_BUILD_ID}"
         REPOREF: "${CIRRUS_REPO_NAME}"
         GCPJSON: ENCRYPTED[3a198350077849c8df14b723c0f4c9fece9ebe6408d35982e7adf2105a33f8e0e166ed3ed614875a0887e1af2b8775f4]

RELEASE_NOTES.md

@@ -1,5 +1,84 @@
 # Release Notes
 
+## 3.4.0
+### Features
+- Pods now support init containers! Init containers are containers which run before the rest of the pod starts. There are two types of init containers: "always", which always run before the pod is started, and "once", which only run the first time the pod starts and are subsequently removed. They can be added using the `podman create` command's `--init-ctr` option.
+- Support for init containers has also been added to `podman play kube` and `podman generate kube` - init containers contained in Kubernetes YAML will be created as Podman init containers, and YAML generated by Podman will include any init containers created.
+- The `podman play kube` command now supports building images. If the `--build` option is given and a directory with the name of the specified image exists in the current working directory and contains a valid Containerfile or Dockerfile, the image will be built and used for the container.
+- The `podman play kube` command now supports a new option, `--teardown`, which removes any pods and containers created by the given Kubernetes YAML.
+- A new command has been added, `podman pod logs`, to return logs for all containers in a pod at the same time.
+- Two new commands have been added, `podman volume export` (to export a volume to a tar file) and `podman volume import`) (to populate a volume from a given tar file).
+- The `podman auto-update` command now supports simple rollbacks. If a container fails to start after an automatic update, it will be rolled back to the previous image and restarted again.
+- Pods now share their user namespace by default, and the `podman pod create` command now supports the `--userns` option. This allows rootless pods to be created with the `--userns=keep-id` option.
+- The `podman pod ps` command now supports a new filter with its `--filter` option, `until`, which returns pods created before a given timestamp.
+- The `podman image scp` command has been added. This command allows images to be transferred between different hosts.
+- The `podman stats` command supports a new option, `--interval`, to specify the amount of time before the information is refreshed.
+- The `podman inspect` command now includes ports exposed (but not published) by containers (e.g. ports from `--expose` when `--publish-all` is not specified).
+- The `podman inspect` command now has a new boolean value, `Checkpointed`, which indicates that a container was stopped as a result of a `podman container checkpoint` operation.
+- Volumes created by `podman volume create` now support setting quotas when run atop XFS. The `size` and `inode` options allow the maximum size and maximum number of inodes consumed by a volume to be limited.
+- The `podman info` command now outputs information on what log drivers, network drivers, and volume plugins are available for use ([#11265](https://github.com/containers/podman/issues/11265)).
+- The `podman info` command now outputs the current log driver in use, and the variant and codename of the distribution in use.
+
+### Changes
+- The `podman build` command has a new alias, `podman buildx`, to improve compatibility with Docker. We have already added support for many `docker buildx` flags to `podman build` and aim to continue to do so.
+- Podman commands run as root now ignore `XDG_RUNTIME_DIR` when determining where to place temporary files, which should resolve a number of issues including [#10745](https://github.com/containers/podman/issues/10745) and [#10806](https://github.com/containers/podman/issues/10806).
+- Cases where Podman is run without a user session or a writable temporary files directory will now produce better error messages.
+- The default log driver has been changed from `file` to `journald`. The `file` driver did not properly support log rotation, so this should lead to a better experience. If journald is not available on the system, Podman will automatically revert to the `file`.
+- Podman no longer depends on `ip` for removing networks ([#11403](https://github.com/containers/podman/issues/11403)).
+- The deprecated `--macvlan` flag to `podman network create` now warns when it is used. It will be removed entirely in the Podman 4.0 release.
+- The `podman machine start` command now prints a message when the VM is successfully started.
+- The `podman stats` command can now be used on containers that are paused.
+- The `podman unshare` command will now return the exit code of the command that was run in the user namespace (assuming the command was successfully run).
+- Successful healthchecks will no longer add a `healthy` line to the system log to reduce log spam.
+- As a temporary workaround for a lack of shortname prompts in the Podman remote client, VMs created by `podman machine` now default to only using the `docker.io` registry.
+
+### Bugfixes
+- Fixed a bug where whitespace in the definition of sysctls (particularly default sysctls specified in `containers.conf`) would cause them to be parsed incorrectly.
+- Fixed a bug where the Windows remote client improperly validated volume paths ([#10900](https://github.com/containers/podman/issues/10900)).
+- Fixed a bug where the first line of logs from a container run with the `journald` log driver could be skipped.
+- Fixed a bug where images created by `podman commit` did not include ports exposed by the container.
+- Fixed a bug where the `podman auto-update` command would ignore the `io.containers.autoupdate.authfile` label when pulling images ([#11171](https://github.com/containers/podman/issues/11171)).
+- Fixed a bug where the `--workdir` option to `podman create` and `podman run` could not be set to a directory where a volume was mounted ([#11352](https://github.com/containers/podman/issues/11352)).
+- Fixed a bug where systemd socket-activation did not properly work with systemd-managed Podman containers ([#10443](https://github.com/containers/podman/issues/10443)).
+- Fixed a bug where environment variable secrets added to a container were not available to exec sessions launched in the container.
+- Fixed a bug where rootless containers could fail to start the `rootlessport` port-forwarding service when `XDG_RUNTIME_DIR` was set to a long path.
+- Fixed a bug where arguments to the `--systemd` option to `podman create` and `podman run` were case-sensitive ([#11387](https://github.com/containers/podman/issues/11387)).
+- Fixed a bug where the `podman manifest rm` command would also remove images referenced by the manifest, not just the manifest itself ([#11344](https://github.com/containers/podman/issues/11344)).
+- Fixed a bug where the Podman remote client on OS X would not function properly if the `TMPDIR` environment variable was not set ([#11418](https://github.com/containers/podman/issues/11418)).
+- Fixed a bug where the `/etc/hosts` file was not guaranteed to contain an entry for `localhost` (this is still not guaranteed if `--net=host` is used; such containers will exactly match the host's `/etc/hosts`) ([#11411](https://github.com/containers/podman/issues/11411)).
+- Fixed a bug where the `podman machine start` command could print warnings about unsupported CPU features ([#11421](https://github.com/containers/podman/issues/11421)).
+- Fixed a bug where the `podman info` command could segfault when accessing cgroup information.
+- Fixed a bug where the `podman logs -f` command could hang when a container exited ([#11461](https://github.com/containers/podman/issues/11461)).
+- Fixed a bug where the `podman generate systemd` command could not be used on containers that specified a restart policy ([#11438](https://github.com/containers/podman/issues/11438)).
+- Fixed a bug where the remote Podman client's `podman build` command would fail to build containers if the UID and GID on the client were higher than 65536 ([#11474](https://github.com/containers/podman/issues/11474)).
+- Fixed a bug where the `--network` flag to `podman play kube` was not properly parsed when a non-bridge network configuration was specified.
+- Fixed a bug where the `podman inspect` command could error when the container being inspected was removed as it was being inspected ([#11392](https://github.com/containers/podman/issues/11392)).
+- Fixed a bug where the `podman play kube` command ignored the default pod infra image specified in `containers.conf`.
+- Fixed a bug where the `--format` option to `podman inspect` was nonfunctional under some circumstances ([#8785](https://github.com/containers/podman/issues/8785)).
+- Fixed a bug where the remote Podman client's `podman run` and `podman exec` commands could skip a byte of output every 8192 bytes ([#11496](https://github.com/containers/podman/issues/11496)).
+- Fixed a bug where the `podman stats` command would print nonsensical results if the container restarted while it was running ([#11469](https://github.com/containers/podman/issues/11469)).
+- Fixed a bug where the remote Podman client would error when STDOUT was redirected on a Windows client ([#11444](https://github.com/containers/podman/issues/11444)).
+- Fixed a bug where the `podman run` command could return 0 when the application in the container exited with 125 ([#11540](https://github.com/containers/podman/issues/11540)).
+- Fixed a bug where containers with `--restart=always` set using the rootlessport port-forwarding service could not be restarted automatically.
+- Fixed a bug where the `--cgroups=split` option to `podman create` and `podman run` was silently discarded if the container was part of a pod.
+
+### API
+- The Libpod Pull endpoint for Images now has a new query parameter, `quiet`, which (when set to true) suppresses image pull progress reports ([#10612](https://github.com/containers/podman/issues/10612)).
+- The Compat Events endpoint now includes several deprecated fields from the Docker v1.21 API for improved compatibility with older clients.
+- The Compat Create endpoint for Containers now properly sets defaults for healthcheck-related fields ([#11225](https://github.com/containers/podman/issues/11225)).
+- The Compat Create endpoint for Containers now supports volume options provided by the `Mounts` field ([#10831](https://github.com/containers/podman/issues/10831)).
+- The Compat List endpoint for Secrets now supports a new query parameter, `filter`, which allows returned results to be filtered.
+- The Version endpoint now includes information about the OCI runtime and Conmon in use ([#11227](https://github.com/containers/podman/issues/11227)).
+- Fixed a bug where the X-Registry-Config header was not properly handled, leading to errors when pulling images ([#11235](https://github.com/containers/podman/issues/11235)).
+- Fixed a bug where invalid query parameters could cause a null pointer dereference when creating error messages.
+- Logging of API requests and responses at trace level has been greatly improved, including the addition of an X-Reference-Id header to correlate requests and responses ([#10053](https://github.com/containers/podman/issues/10053)).
+
+### Misc
+- Updated Buildah to v1.23.0
+- Updated the containers/storage library to v1.36.0
+- Updated the containers/image library to v5.16.0
+- Updated the containers/common library to v0.44.0
+
 ## 3.3.1
 ### Bugfixes
 - Fixed a bug where unit files created by `podman generate systemd` could not cleanup shut down containers when stopped by `systemctl stop` ([#11304](https://github.com/containers/podman/issues/11304)).

cmd/podman/common/create.go

@@ -90,6 +90,22 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 		)
 		_ = cmd.RegisterFlagCompletionFunc(cgroupsFlagName, AutocompleteCgroupMode)
 
+		cpusFlagName := "cpus"
+		createFlags.Float64Var(
+			&cf.CPUS,
+			cpusFlagName, 0,
+			"Number of CPUs. The default is 0.000 which means no limit",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(cpusFlagName, completion.AutocompleteNone)
+
+		cpusetCpusFlagName := "cpuset-cpus"
+		createFlags.StringVar(
+			&cf.CPUSetCPUs,
+			cpusetCpusFlagName, "",
+			"CPUs in which to allow execution (0-3, 0,1)",
+		)
+		_ = cmd.RegisterFlagCompletionFunc(cpusetCpusFlagName, completion.AutocompleteNone)
+
 		cpuPeriodFlagName := "cpu-period"
 		createFlags.Uint64Var(
 			&cf.CPUPeriod,
@@ -784,22 +800,6 @@ func DefineCreateFlags(cmd *cobra.Command, cf *entities.ContainerCreateOptions,
 	)
 	_ = cmd.RegisterFlagCompletionFunc(conmonPidfileFlagName, completion.AutocompleteDefault)
 
-	cpusFlagName := "cpus"
-	createFlags.Float64Var(
-		&cf.CPUS,
-		cpusFlagName, 0,
-		"Number of CPUs. The default is 0.000 which means no limit",
-	)
-	_ = cmd.RegisterFlagCompletionFunc(cpusFlagName, completion.AutocompleteNone)
-
-	cpusetCpusFlagName := "cpuset-cpus"
-	createFlags.StringVar(
-		&cf.CPUSetCPUs,
-		cpusetCpusFlagName, "",
-		"CPUs in which to allow execution (0-3, 0,1)",
-	)
-	_ = cmd.RegisterFlagCompletionFunc(cpusetCpusFlagName, completion.AutocompleteNone)
-
 	entrypointFlagName := ""
 	if !isInfra {
 		entrypointFlagName = "entrypoint"

cmd/podman/images/build.go

@@ -11,6 +11,7 @@ import (
 	buildahDefine "github.com/containers/buildah/define"
 	buildahCLI "github.com/containers/buildah/pkg/cli"
 	"github.com/containers/buildah/pkg/parse"
+	buildahUtil "github.com/containers/buildah/pkg/util"
 	"github.com/containers/common/pkg/auth"
 	"github.com/containers/common/pkg/completion"
 	"github.com/containers/common/pkg/config"
@@ -359,6 +360,12 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		}
 	}
 
+	cleanTmpFile := false
+	flags.Authfile, cleanTmpFile = buildahUtil.MirrorToTempFileIfPathIsDescriptor(flags.Authfile)
+	if cleanTmpFile {
+		defer os.Remove(flags.Authfile)
+	}
+
 	args := make(map[string]string)
 	if c.Flag("build-arg").Changed {
 		for _, arg := range flags.BuildArg {
@@ -476,7 +483,7 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		runtimeFlags = append(runtimeFlags, "--systemd-cgroup")
 	}
 
-	imageOS, arch, err := parse.PlatformFromOptions(c)
+	platforms, err := parse.PlatformsFromOptions(c)
 	if err != nil {
 		return nil, err
 	}
@@ -490,7 +497,6 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		AddCapabilities:         flags.CapAdd,
 		AdditionalTags:          tags,
 		Annotations:             flags.Annotation,
-		Architecture:            arch,
 		Args:                    args,
 		BlobDirectory:           flags.BlobCache,
 		CNIConfigDir:            flags.CNIConfigDir,
@@ -516,11 +522,11 @@ func buildFlagsWrapperToOptions(c *cobra.Command, contextDir string, flags *buil
 		MaxPullPushRetries:      3,
 		NamespaceOptions:        nsValues,
 		NoCache:                 flags.NoCache,
-		OS:                      imageOS,
 		OciDecryptConfig:        decConfig,
 		Out:                     stdout,
 		Output:                  output,
 		OutputFormat:            format,
+		Platforms:               platforms,
 		PullPolicy:              pullPolicy,
 		PullPushRetryDelay:      2 * time.Second,
 		Quiet:                   flags.Quiet,

cmd/podman/machine/ssh.go

@@ -3,6 +3,9 @@
 package machine
 
 import (
+	"net/url"
+
+	"github.com/containers/common/pkg/config"
 	"github.com/containers/podman/v3/cmd/podman/registry"
 	"github.com/containers/podman/v3/pkg/machine"
 	"github.com/containers/podman/v3/pkg/machine/qemu"
@@ -44,6 +47,14 @@ func ssh(cmd *cobra.Command, args []string) error {
 
 	// Set the VM to default
 	vmName := defaultMachineName
+
+	// If we're not given a VM name, use the remote username from the connection config
+	if len(args) == 0 {
+		sshOpts.Username, err = remoteConnectionUsername()
+		if err != nil {
+			return err
+		}
+	}
 	// If len is greater than 0, it means we may have been
 	// provided the VM name.  If so, we check.  The VM name,
 	// if provided, must be in args[0].
@@ -57,16 +68,25 @@ func ssh(cmd *cobra.Command, args []string) error {
 			if validVM {
 				vmName = args[0]
 			} else {
+				sshOpts.Username, err = remoteConnectionUsername()
+				if err != nil {
+					return err
+				}
 				sshOpts.Args = append(sshOpts.Args, args[0])
 			}
 		}
 	}
+
 	// If len is greater than 1, it means we might have been
 	// given a vmname and args or just args
 	if len(args) > 1 {
 		if validVM {
 			sshOpts.Args = args[1:]
 		} else {
+			sshOpts.Username, err = remoteConnectionUsername()
+			if err != nil {
+				return err
+			}
 			sshOpts.Args = args
 		}
 	}
@@ -80,3 +100,20 @@ func ssh(cmd *cobra.Command, args []string) error {
 	}
 	return vm.SSH(vmName, sshOpts)
 }
+
+func remoteConnectionUsername() (string, error) {
+	cfg, err := config.ReadCustomConfig()
+	if err != nil {
+		return "", err
+	}
+	dest, _, err := cfg.ActiveDestination()
+	if err != nil {
+		return "", err
+	}
+	uri, err := url.Parse(dest)
+	if err != nil {
+		return "", err
+	}
+	username := uri.User.String()
+	return username, nil
+}

cmd/podman/registry/registry.go

@@ -23,12 +23,10 @@ type CliCommand struct {
 	Parent  *cobra.Command
 }
 
-const ExecErrorCodeGeneric = 125
-
 var (
 	cliCtx          context.Context
 	containerEngine entities.ContainerEngine
-	exitCode        = ExecErrorCodeGeneric
+	exitCode        = 0
 	imageEngine     entities.ImageEngine
 
 	// Commands holds the cobra.Commands to present to the user, including