Changelog: https://github.com/containers/podman/releases
I also updated containers.conf - it has gotten quite a many new
options. I added crun to depends, every other distribution
seems to ship it with podman, and after all it is a default
OCI Container Runtime for podman anyway and has a super low
footprint, so shouldn't be a problem for anyone running
containers, after all you need some storage for that anyway.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Bugfixes
- Fixed a bug involving non-English locales of Windows where machine installs using user-mode networking were rejected due to erroneous version detection (#20209).
- Fixed a regression in --env-file handling (#19565).
- Fixed a bug where podman inspect would fail when stat'ing a device failed.
API
- The network list compat API endpoint is now much faster (#20035).
Openwrt updates: added patch to allow building with musl-1.2.4
Patch source is from gentoo c4c349f11a/app-containers/podman/files/podman-4.5.0-fix-build-with-musl-1.2.4.patch
Issue was discussed by @jefferyto at mattn/go-sqlite3#1177
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
podman still seems to use catatonit with
rootless containers. It seems that it is
possible to use alternatives, such as tini,
but maybe go the same way they went on mainstream.
This PR just adds catatonit to depends.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
patch refreshed.
Changelog:
- Fixed a performance issue when calculating diff sizes in overlay. The podman system df command should see a significant performance improvement.
- Fixed a bug where containers in a pod would use the pod restart policy over the set container restart policy.
- Fixed a bug in the Compat Build endpoint where the pull query parameter did not parse 0/1 as a boolean.
- Updated the containers/storage library to v1.48.1
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
musl 1.2.4 deprecated legacy "LFS64" ("large file support") interfaces so
just having _GNU_SOURCE defined is not enough anymore.
Manually pass -D_LARGEFILE64_SOURCE to allow to keep using LFS64 definitions.
Signed-off-by: Tianling Shen <cnsztl@immortalwrt.org>
- added btrfs-tools as a build depency
- switch from cni networking to recommended new standard, netavark.
- drop iptables config option (netavark handles that now)
- patch refreshed
List of changes: https://github.com/containers/podman/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
See commit 5c545bdb "treewide: replace PKG_USE_MIPS16:=0 with
PKG_BUILD_FLAGS:=no-mips16" on the main repository.
Signed-off-by: Andre Heider <a.heider@gmail.com>
Security:
- This release fixes CVE-2023-0778, which allowed a malicious user to potentially replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file system.
Bugfixes:
- Fixed a bug where containers started via the podman-kube systemd template would always use the "passthrough" log driver (#17482).
- Fixed a bug where pulls would unexpectedly encounter an EOF error. Now, Podman automatically transparently resumes aborted pull connections.
- Fixed a race condition in Podman's signal proxy.
Misc:
- Updated the containers/image library to v5.24.1.
Patch also refreshed
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
patch refreshed.
Changes
- Added the podman-systemd.unit man page, which can also be displayed using man quadlet (#17349).
- Documented journald identifiers used in the journald backend for the podman events command.
Bugfixes
- Fixed a bug where the default handling of pids-limit was incorrect.
- Fixed a bug where parallel calls to make docs crashed (#17322).
- Fixed a regression in the podman kube play command where existing resources got mistakenly removed.
Full list of changes: [Release notes](https://github.com/containers/podman/blob/main/RELEASE_NOTES.md)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
- add missing runtime depency catatonit
- removed SELinux variant, add config option for it instead, I do not believe we need variant of EVERY SELinux support capable software
- add config option for iptables firewall setup in default cni network config, otherwise skip iptables part (part of nftables transition, use cni-plugins-nft for nftables fw support or better; forget about cni fw completely, instead use openwrt's own as that way your rules for containers do not disappear on firewall restart)
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
- Patch had became obsolete, it's contents were merged to upstream. Patch removed.
- Version updated, long list of changes is available at https://github.com/containers/podman/releases
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
list of changes: https://github.com/containers/podman/releases
Added patch for compiling with musl. Patch can be removed on next
release as it is already merged to podman git but not on this release.
Patch moves definition in source so definition is available before it
is being used.
Patch source: https://github.com/containers/podman/pull/12564
Patch re-created with quilt.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
A lot of changes since 3.3.1.
Full (long) lists of release notes between
versions are available at
https://github.com/containers/podman/releases
containers.conf updated
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Earlier versions of podman did not make use of TMPDIR when running "podman
run ...". Podman's default, /var/tmp, presents a problem to rootless
use since OpenWrt's /var/tmp does not permit writes by non-root users.
Podman 3.3.1 makes full use of TMPDIR.
This is part of an attempt to get rootless podman to work on OpenWrt.
See https://github.com/openwrt/packages/issues/15096.
See also the upstream issue at
https://github.com/containers/podman/issues/10698.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Running podman as users other than root seems to require that those
users can read /usr/share/containers/seccomp.json. This change sets the
permissions on that file to match those used on Fedora.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
Running podman as users other than root seems to require that those
users can read the configuration files in /etc/containers. This change
sets the permissions of /etc/containers and its contents to match those
used on Fedora.
Signed-off-by: W. Michael Petullo <mike@flyn.org>
- Add support for AppArmor
- Gracefully stop containers and pods on shutdown
I found out that If you change location of containers to persistent storage instead of tmpfs, starting them will fail unless they have been stopped. If this is the case that reboot has occurred before pods and containers have been stopped, they cannot be started, they have to be removed and re-created. Change in initscript tries to avoid that. Even if containers are running at tmpfs, this won't hurt. Still, if something happens and system hangs/reboots/etc, script won't save you from that. It's just a attempt to make things better.
I also enabled AppArmor support for future possibilities.
Signed-off-by: Oskari Rauta <oskari.rauta@gmail.com>
Ship podman with defaults more coherent with user expectations and
more likely to work out-of-the-box.
Signed-off-by: Daniel Golle <daniel@makrotopia.org>
Oskari Rauta