| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping crun to version 1.26-160-g393509db, which comprises the following commits:
0a3e929f utils: fix memory leak and missing cache in libcrun_initialize_apparmor()
63ce25da container: delete the container on poststart hooks failures
b0847b3e Document error handling
cf27a14b fix(utils): use parent dir fd for bind on long socket paths
aca98960 fix(hooks): log warning when poststop hooks fail
115ac2e6 cgroup: preserve errno on errors in rmdir_all_fd
4db1709f libcrun: check setenv failure
8feac6b9 fix(utils): retry fgetpwent_r() on EINTR
52b7016f pass cgroup2 mount options to the kernel
30426104 tests/podman: exclude --tls-details tests
6e43ff33 tests/podman/run-tests.sh: fix ginkgo args
fa7a5561 tests/podman/run-tests.sh: untangle -skip arg
3a1addc7 fix(python): initialize error variable to NULL in Python bindings
00206a80 channel_fd_pair: fix CPU busy loop when output pipe is blocked
dbd02baa criu: show excerpt from log file on c/r error
34143735 hooks: allow ignoring chdir permission errors for container hooks
11af5b2d crui: simplify criu_check_mem_track error message.
8d0ef603 container: remove dead code in setup_terminal_socketpair
6c5c957e container: fix createRuntime hooks not receiving bundle path
d24d0283 criu: check for criu_check_version error
3ade23f4 plans: install iptables-legacy on CS9
3e41e53b Packit/TMT: re-enable centos-stream-10-x86_64 tests
c46a44a8 restore: fix memory leak
7cec3cb2 build(deps): bump actions/upload-artifact from 6 to 7
4e0e2679 mounts: fix error message argument
be231d3c ci: bump shellcheck to v0.11.0
b36ec403 ci: fix go-md2man installation
35648b9b tests: switch from docker hub to quay for Fedora
5002665f tests/clang-check: install clang-analyzer
bdf9c902 status: drop unnecessary strtoll
11701f43 criu: fix missing umount() in error path
314c2efa utils: refactor set_home_env
aecd620a libcrun: document vfork shared error
04d7a341 cloned_binary: do not close file descriptor twice
3f72f325 ci: simplify codespell job
47c36ca5 linux: do not use errno after success
a278c6d1 linux: drop unnecessary xasprintf result check
3e313388 linux: do not leak error
434d77cb cgroup-systemd: do not use errno after success
335792b1 scheduler: add diagnostic messages for SCHED_DEADLINE
4db170c5 criu: do not ignore errors with ret != -1
036132e2 cgroup: do not clobber errno
1649a4d3 container: do not use bogus errno
2e527065 linux: do not use errno without failure
a0be577a tests/podman: exclude ever failing test case
e38674bc linux: fix copy_from_fd ownership
8fa73419 linux: drop unnecessary code
60d8a60e linux: do not leak error
9a232317 utils: do not use errno after success
d5b20987 container: do not use errno after success
e2c09bfd ci: use git diff --exit-code
f1c6ca6a ci: fix test (check) flake
69d39045 linux: create error from uidgidmap_helper
1492e83c cgroup: fix read_pids_cgroup skipping child cgroups
c5879bab container: make return clearer
a154b398 container: return the error from cgroup_killall
899b9faa seccomp: fix n_plugins calculation
463e277a krun: Rename nitro module to awsnitro
b32f895b container: fix exit code return
a6023b10 container: add missing crun_make_error
52294f84 libcrun: standardize error code after yajl_gen_alloc
59da15f3 container: add missing yajl cleanup
5082e02d container: do not leak error
a83a4cf9 container: improve error handling after libcrun_copy_config_file call
6733e20c linux: use crun_error_wrap
0f367791 container: do not use errno after successful calls
29bb32d8 linux: do not use errno after successful calls
e7ffed11 krun: fix error arguments
34c1e098 krun: avoid redundant crun_error_release() call
dedcdd67 krun: do not release error when *err is uninitialized
671740dd krun: fix error code
1644fb0e container: fix error leak
649d568a krun: fix error return
41a14fe8 krun: Propagate crun log level to libkrun
2bff1297 libcrun: add `krun.` as a potentially unsafe annotation
41941f2c krun: parse annotations for krun.{cpus, ram_mib}
625226de krun: parse annotations for krun.variant
f311dc07 Add handler phase HANDLER_CONFIGURE_BEFORE_USERNS, and move krun setup to it
488f301d linux: check for def->linux
b1a71725 linux: check for [ug]id_mappings before accessing them
df771204 krun: Set exec args when running nitro variant
b78e9868 krun/nitro: Redirect enclave VM output to stdout
bf288342 krun: Remove specific function for nitro config
8e8186b3 hooks: exit immediately if poststart hooks fail
88f55126 AGENTS.md: new file
71077a22 utils: flush gcov data before closing files
3241e671 NEWS: tag 1.26
5bee6a06 utils: handle NULL container passed to libcrun_open_proc_file()
4df0d339 cgroup: rename enter_cgroup_subsystem
6c98db0b tests: add tests for crun custom annotations
29a39ebf tests: add cgroup unit tests for coverage
3ef2a77f tests: add more utils unit tests for coverage
87997df0 tests: add seccomp_notify unit tests for coverage
890fff10 tests: add chroot_realpath unit tests for coverage
440e3b09 tests: add mount_flags.perf unit tests for coverage
869343fb tests: add signals.perf unit tests for coverage
2a3193ab tests: add logger info to checkpoint_restore
72793562 tests: add linux.c integration tests for coverage
1407bb39 tests: add linux.c unit tests for coverage
638266c7 tests: add error handling coverage tests for linux.c
b18734b5 tests: add namespace coverage tests for linux.c
8a26d6ba tests: add comprehensive tests for custom-handler.c
a968a262 tests: add more unit tests for error.c coverage
935eb0c7 tests: improve error logging and add more coverage tests
035f2a07 tests: ignore profiling output in test_simple_delete
b9781954 tests: fix memory-high test to use unified resources
1bbe7e22 tests: add more seccomp tests for coverage
07d6400b tests: add error handling tests for coverage
422f4b87 tests: skip mount-bind-to-rootfs in rootless mode
5cad31a4 tests: improve sd-notify-proxy test error handling
bc91dd35 tests: fix checkpoint/restore tests for stability
f5e6c330 tests: add Linux features tests
58e00a52 tests: add I/O priority tests
ae06b46c tests: add create command tests
1e5f7ec5 tests: add cgroup setup tests
89b124e0 tests: add namespace isolation tests
14dcfea1 tests: add scheduler policy tests
7543b013 tests: add comprehensive OCI lifecycle hook tests
1404ccaa tests: add terminal tests for coverage
5ce5ad6d tests: add comprehensive update command tests
6a3fdc16 tests: add command tests for pause, unpause, kill, list, ps, spec
2959911b tests: skip resources-cpu-weight-systemd when systemd cgroup fails
90d6390c tests: skip bpf-devices-systemd when eBPF installation fails
cfe9a063 tests: fix variable names in test_bpf_devices logger calls
3f73b0f2 tests: add more seccomp tests for coverage
ec0f5cf8 tests: add network device tests for coverage
24f2491c tests: add more BPF device filter tests for coverage
360406d7 tests: add cgroup resources tests for coverage
ba669d8e tests: add cgroup manager env var support
06541b69 tests: add multi-environment coverage script
f9385a6c tests: remove unused Makefile
bab81968 tests: add exit command to init
49e080a1 coverage: add _safe_exit macro to flush gcov data before _exit
26900326 criu: fix error release
2805abde container: fix error release
1b8e2a39 crun.1: add documentation for criu config files
ec7325a3 tests: add tests for criu config set via rpc
17f23ac2 criu: enable setting of RPC config file
de8d3288 krun: do not leak handles on error
0b3c673f build(deps): bump actions/cache from 4 to 5
456dd8e2 build(deps): bump actions/upload-artifact from 5 to 6
d833dac0 libocispec: sync
4798015e build: add tests coverage
b4db5d32 tests: use hide_stderr=True to avoid coverage output interference
bfbb68eb tests: do not call function twice
a1d5168d tests: replace all sys.stderr.write calls with proper logging
11a43732 tests: improve TAP skip reason reporting with specific explanations
0be79fe8 tests: add slow test detection and warnings to TAP output
8e9ef557 tests: enhance TAP error reporting with more diagnostic information
6d4cd432 tests: add writable /tmp tmpfs mount to base test configuration
7ca36e36 tests: remove debug print statements in test_hooks
6607eb2f linux: run createContainer hooks before making root RO
baec9675 libocispec: sync from upstream
c5d5f185 tests: install honggfuzz from sources
d2b00600 linux: handle openat error
b106e250 container: fix error release
156ae065 NEWS: tag 1.25.1
60a9183e build(deps): bump actions/checkout from 5 to 6
332c2188 utils: invalidate proc_fd on open_proc_file
50e9898f utils: use fsopen to open reference to proc
2e86c95a src: move syscall wrappers to new file
c2fa3c6a cgroup-systemd: use open_proc_file to get cgroup path
8e9ae3d4 cgroup: use open_proc_file to get cgroup path
1aeac1e8 linux: use open_proc_file to setup namespaces
0f200e55 linux: use open_proc_file to setup net devices
4be73c6d linux: use open_proc_file to initialize security
30c575e5 utils: use open_proc_file for mark_or_close_fds_ge_than
da40063a linux: use open_proc_file to open current mountns
7172631e linux: use open_proc_file to setup oom score
8822a5e6 linux: use open_proc_file to setup sysctls
b66a8990 linux: use open_proc_file to setup timens_offsets
3f5258a0 linux: use open_proc_file to setup userns mappings
064bbfe4 container: use open_proc_file in resolve_rootfs_path
58856b56 utils: add functions to open files under /proc
d9a0adce NEWS: tag 1.25
d94659a3 podman: disable artifact test
0fc276cc cgroup-systemd: enable all accounting properties to ensure stats are readable
9feec597 libcrun/cgroup: always enable TasksAccounting for systemd
078e2d6d build(deps): bump actions/upload-artifact from 4 to 5
6b12c6a8 Libcrun/container: Fix double allocation of 'err'
b718483c Libcrun/seccomp: fix double allocation of 'err'
65532fc5 build(deps): bump github/codeql-action from 3 to 4
a9187097 Reset the inherited cpu affinity
crun/ocispec: update to
5a0e037 source: fix ByteArrayHandler nested array parsing
03bae1d source: add missing emit_clone() to BasicMapArrayHandler
dbb5155 source: fix invalid else() syntax in byte array generation
692b0b6 source: fix typo in ByteArrayHandler nested array parsing
2acd6dc source: fix mapStringObject clone to copy len and keys
c7ce09d ci: print test-suite.log on test failure
8cff3b9 tests: add test-12 and test-13 for better coverage
16a30ff source: add NULL check to generated clone functions
507cf52 source: fix BasicMapType.emit_clone() to handle NULL maps
2c8d0f8 gitignore: update
a425a84 source: rename doublearray to nested_array
7d7e02c source: add struct-level methods to TypeHandler classes
dc24f9a source: refactor ArrayType using ArraySubtypeHandler classes
fed6acc source: add BooleanPointerType.emit_generate() and emit_json_value()
81ff1fa source: document ObjectType.emit_clone() design decision
d91d34a source: add emit_gen_key_with_check() helper
11b951f source: extract get_compound_children() helper
4ff4117 source: inline c_file_map_str() into make_c_free()
e59b696 source: inline c_file_str() into ArrayType.emit_free()
337925c source: inline trivial wrapper functions
73e8f9e source: inline array functions into ArrayType handler
df11b0a helpers: rename judge_* functions to clearer names
45a1b35 source: skip handler for object type in make_clone()
31824dc source: remove dead code in read_val_generator()
b49928d source: remove dead code in make_c_free()
20de7a4 source: add emit_clone() to MapStringObjectType and BasicMapType
971a65b source: add ArrayType handler for array operations
633c0b5 source: add ObjectType, MapStringObjectType, and BasicMapType handlers
141fa50 source: use TypeHandler in make_c_free() and make_clone()
2fc8679 source: use TypeHandler.emit_parse() in parse_obj_type()
c3686db source: add TypeHandler classes for type-specific C code generation
c174b06 source: remove superfluous else after return
858f199 source: remove dead code in make_clone()
6ae8e2d source: consolidate numeric type conversion with helper function
a23b40c source: apply emit_gen_key() helper to get_obj_arr_obj()
717d035 source: apply YAJL helpers to get_c_epilog_for_array_make_gen()
6dcd043 source: apply YAJL helpers to get_c_json()
a2cc69b source: apply YAJL helpers to get_obj_arr_obj_array()
7f5fcb5 source: apply YAJL helpers to get_map_string_obj()
aa9271c source: add YAJL generation helper functions
3366b93 source: add emit_invalid_type_check() helper for YAJL validation
05ee4de source: add emit_value_error() helper for error wrapping
7a62656 source: add emit_asprintf_error() helper to reduce boilerplate
4d2f6e5 source: add do_read_value() helper to reduce boilerplate
d37383d source: convert parse_obj_type() to multi-line f-strings
39fa66d source: convert make_c_free() to multi-line f-strings
d62a55f source: convert make_c_array_free() to multi-line f-strings
112ab7f source: convert c_file_str() to multi-line f-strings
41596b9 source: convert c_file_map_str() to multi-line f-strings
a2fd73f source: complete get_obj_arr_obj_array() conversion to f-strings
66e333d source: convert get_obj_arr_obj_array() to f-strings (object branch)
47e7dc5 source: convert get_map_string_obj() to multi-line f-strings
ae23175 source: convert parse_obj_type_array() to multi-line f-strings
002af18 source: convert parse_map_string_obj() to multi-line f-strings
e80d362 source: extract check_gen_status() helper pattern
46ce297 source: extract calloc_with_check() helper pattern
cc817ed source: continue null_check_return() pattern extraction
419526a source: extract null_check_return() helper pattern (partial)
064fcbb source: extract free_and_null() helper pattern
7579c03 source: add emit() helper function for code generation
c8a5437 gitignore: update
b355817 runtime-spec: update
819972d image-spec: update
ea4906b Check 'src' before dereferencing
345279c runtime-spec: update from upstream
Bumping runtime-spec to version v1.3.0-11-g6f7b71c, which comprises the following commits:
53abf18 ci: bump golangci-lint to v2.10
90a6479 Fix an error in the docs
4361740 schema: fix definition for array type
04836b1 schema: fix path for uint32 type
c668b01 config-linux: allow empty strings in memory policy nodes field
9d0d4bc version: v1.3.0+dev
9224913 version: release v1.3.0
4df3d11 Mention FreeBSD platform
a257beb Add minimum supported Go version to CI (#1303)
afdbcb8 Add FreeBSD as a platform
75d79ee ci: use oldstable and stable Go versions
9efd9f2 schema/defs-linux.json: fix max for FileMode
09ec668 config-linux,schema: fix FileMode description
Bumping image-spec to version v1.1.1-28-ga4c6ade, which comprises the following commits:
fccd049 Fix: Make the config field optional
b71c0df Add missing backtick
431b3be Update OCI Image Implementations list
02ba6e2 Descriptor size cannot be negative
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
** CRIU 4.2 fails to cross-compile with:
No rule to make target '/usr/include/google/protobuf/descriptor.proto'
Upstream commit 7fbf7b2be removed the build-time symlink for
descriptor.proto and replaced it with a Makefile rule that resolves
the path via pkg-config and passes it to protoc. Both the pkg-config
query and the protoc --proto_path are hardcoded to host paths.
This breaks cross-compilation because pkg-config --variable=includedir
returns the raw host path (/usr/include) without applying
PKG_CONFIG_SYSROOT_DIR. The sysroot prefix is only applied to -I
flags from --cflags, not to raw --variable queries.
Add a patch introducing an overridable PROTOBUF_INCLUDEDIR make
variable and pass the sysroot-prefixed path via EXTRA_OEMAKE. Remove
the old do_compile:prepend symlink workaround which no longer applies.
And then we pickup the following changes:
3c7d4fa01 criu: Version 4.2 (CRIUTIBILITY)
0a7e7d09d log: use sizeof(*hdr) instead of sizeof(hdr)
e689d902b criu/log: properly handle truncated length from vsnprintf
6344e8d71 cr-servce: move kerndat_init after log_init
a525b3c32 test/vdso-proxy: handle merged vma-s
ce680fc6c Revert "plugins/amdgpu: Implement parallel restore"
1d08ff8ca coredump: fix handling of num_pages
cb8e1da3f coredump: use compat_nr_pages as fallback
0fa6ff3d1 test/others: add tests for check() with pycriu
567f70ce1 test/others: add test for check() with libcriu
a1dc88502 test/rpc: update errno check
3c841af2c pycriu: use explicit imports for __init__
f7ccb63bd pycriu: set RPC opts for CHECK
9371c4a78 cr-service: refactor RPC opts parsing for check()
72ca94db4 cr-service: refactor logging setup
5966ffe8a cr-service: refactor images_dir path resolution
60a731ab3 cr-service: drop images_dir from setproctitle
ee4100c09 cr-service: refactor images/workdir setup
71a637923 pycriu: set default value for sk_name
d2c46b92b pycriu: better socket error handling
7aad7317b lib/pycriu: changing the default behavior to use the system binary
3f97cfe87 test/libcriu: check setting of RPC config file
2878faa74 libcriu: enable setting of RPC config file
07ad2473f Use command -v instead of which
afcfcd3bf ci: add which dependency in dnf packages
686018147 ci: add wheel and setuptools in dnf packages
d3dfb663b make: don't install external dependencies
f74e68daf ci: verify call order of action-script hooks
f824dc735 ci: consolidate action-script tests
d5c81f810 pycriu: prevent always appending "Unknown" to error messages
540c631dd pycriu: add missing protobuf dependency
a5ae3c184 pycriu: set licence to LGPLv2.1
697c31abe zdtm: shstk: add SHSTK_ENABLE test build option
6fd71b9ee x86/criu: shstk: restore SHSTK via premap loops
abf4a71d9 x86/criu: shstk: add shstk_vma_restore()
02462c19c restorer: shstk: allocate restorer shadow stack
b18c07d8a restorer: shstk: add shstk_min_mmap_addr()
f29cb750d x86/criu: shstk restorer memory accounting functions
3365c7c02 restorer: shstk: add restorer shadow stack stubs
bb9a7202a test/others/rpc: show logs on error
9d072222e test/others/rpc: parse action-script via config
c03c08d1b cr-service: refactor rpc config parsing
dcce9bd0e zdtm: add a test for --allow-uprobes option
f548d3af4 crtools: remove "consult documentation"
aeec40bf0 docs: add documentation for --allow-uprobes
bab72af9a vma: introduce --allow-uprobes option
74bf40fee crit: add VMA_AREA_UPROBES flag
0ff2e0a66 criu-coredump: add VMA_AREA_UPROBES flag
7bf402f6b vma: introduce VMA_AREA_UPROBES flag
520266d89 zdtm: add sk-unix-restore-fs-share test
790b3cf42 ci: run alpine tests on arm64
77553f07d make: prevent redefinition of 'struct sigcontext'
3379c122e page-xfer: fix incompatible pointer type on armv7
7a4b35a91 contributing: update links to mailing list
76394e93a ci: consolidate aarch64 tests on GitHub runners
0a81dc8bb ci/java: update base image from focal to jammy
b25ff1d33 Remove travis-ci leftovers
25f8be0f6 ci: use package-manager dependency install scripts
67751bc11 docs: add developer overviews for AI assistants
91758a68e zdtm: Remove junit_xml leftovers
2d2168fc9 vdso: relax EI_OSABI check to support linux in ELF header
2e26b36d4 pagemap: print page regions in the format `start - end`
7e0da4d97 pagemap: use unsigned long for page counts
afb2e6c3f pagemap: change PagemapEntry.nr_pages to uint64 to support huge mappings
c7395f4cb files: fork helpers without CLONE_FILES | CLONE_FS
a8c5e1171 lsm: use attr/apparmor/current to get apparmor label
80c280610 compel/mips: Relax ELF magic check to support MIPS libraries
053a22a23 pagemap: prevent integer overflow in pagemap_len
a779417a3 zdtm: stop importing junit_xml
254ba3e8c ci: avoid Docker 28 due to regression
4b7398595 criu/sockets: Restrict SO_PASSCRED and SO_PASSSEC to supported families
fa1b39906 zdtm/static/sock_opts00: use unix socket to test SO_PASSCRED and SO_PASSSEC
2ba343010 test/zdtm/static/maps12: fix pointer-to-int cast
dcee5bd6f make: Disable branch-protection for PIE code on ARM64
98f2bd525 ci/vagrant: install vanilla kernel for Fedora Rawhide test
01265cfc6 test/zdtm/static/maps12: add madv guards test
9c0f725a6 criu/mem: dump: note MADV_GUARD pages as VMA_AREA_GUARD VMAs
59b4d662a criu/pie/restorer: add madvise(MADV_GUARD_INSTALL) restore logic
63c702968 criu/{mem, vdso, cr-restore}: introduce VMA_AREA_GUARD fake VMAs
cc047d595 criu/mem: dump: skip MADV_GUARD pages content dump
5843cbf97 criu/mem: refactor should_dump_page helper
42580fcb1 criu/pagemap-cache: pagescan: look for PAGE_IS_GUARD pages
1873e8f50 cr-dump: warn if MADV_GUARD is supported but isn't shown in pagemap
4fc07a8a4 kerndat: add pagemap_scan_guard_pages feature check logic
2bb77daa9 kerndat: add madvise(MADV_GUARD_INSTALL) feature-detection
fce491113 criu/include/mman: define MADV_GUARD_INSTALL
5f94dd71e CI: Consolidate arm64 tests on GitHub runners
c6c6f6f23 zdtm/socket-tcp-closing: fill socket buffers effectivly
d586b30c6 vagrant: fix tar including archive in itself
2762b21e4 vagrant: update image to fedora 42
0d1e280d0 vagrant: fix 'qemu' install
64276874d restore: flush caches during restore
95d5e2e59 compel: flush caches after parasite injection
22c83e3eb images/Makefile: use msg-gen
066bf7bf3 Keep images/google/protobuf directory
21c3b9c00 images/Makefile: fix using $(Q)
7fbf7b2be images: remove symlink for descriptor.proto
455c67739 zdtm: Add ztatic/mnt_ext_file_bind_auto test
e31828ed8 mount: Fix trailing / when a file is bind-mounted
3dc865bc8 test: add static tests for ICMP socket
a80c54484 sk-inet: Add support for checkpoint/restore of ICMP sockets
677a56891 zdtm/netns_sub_sysctl: skip unsupported sysctls
87bd09a0d net/sysctl: make ipv4/ping_group_range work in user namespaces
45d09ae17 net/sysctl: fix broken ipv4_sysctls_op
4f057a6ae net/sysctl: fix missprint in an error message
4c7d42f67 ipc/sysctl: fix CTL_FLAGS_IPC_EACCES_SKIP by making it a flag
922754dff rpc/log: return first error always
a79b33d0c cpuinfo: show error when image is missing
99ba6db89 crtools: do a few minor cleanups
fcbaac059 crtools: simplify check for cpuinfo subcommands
fbfed312e feat: introduce Nix flake
5f18ca1bb test/zdtm/static: add maps11 test for MAP_DROPPABLE/MADV_WIPEONFORK
dfa0ce180 test/zdtm/static/maps02: add MAP_DROPPABLE testcase
4f9dcfb9c pycriu/images/pb2dict: add MAP_DROPPABLE flag
b90cfc1a8 criu/proc_parse: support MAP_DROPPABLE mappings
6476488a5 test/zdtm/static/maps02: add MADV_WIPEONFORK testcase
af5412a43 criu/proc_parse: support MADV_WIPEONFORK/VM_WIPEONFORK
2b8951a9c image: use `protoc` instead of `protoc-c`
1fdff7c7a zdtm: fix check for criu binary
ae1395de1 zdtm.py: add an option to change pycriu import path
7a5b3d1f4 plugins/amdgpu: Update `README.md` and `criu-amdgpu-plugin.txt`
a61116fd9 plugins/amdgpu: Implement parallel restore
e8ba7c103 plugins/amdgpu: Add parallel restore command
1fd1b670c plugins/amdgpu: Add socket operations
e257d0497 pstree: Add `has_children` function
497109eb4 cr-restore: Move `cr_plugin_init` after `fdstore_init`
427c0dc27 criu: Introduce a new device plugin hook for restore
d57d40a5a sk-inet: add MPTCP definition
fddca67cc seize: fix pause devices for frozen containers
366d73a4c make: remove checks and warnings for bsd strlcat and strlcpy
1eaa870cc kerndat: check that hardware breakpoints work
b458a5c1a sk-inet: add message how to disable MPTCP in Go
5a725266a zdtm: add mnt_ro_root test
6b3826a6f zdtm/lib: add "bind" desc option
88cb552f6 mount: restore root mount flags
b6dca3116 aarch64/crtools: fix define for missing constants
5de61a721 net: nftables: avoid restore failure if the CRIU nft table already exist
b9da95b0b s390: Fix FP reg restore after parasite code runs
74799ae02 aarch64: fix build with missing NT_ARM_PAC_ENABLED_KEYS
680584166 cuda: remove redundant goto label
e7aee3c5c cuda: use pr_perror for libc function errors
5ff52326e restore: use the new kernel interface to restore timers
9a1e97966 compel: fix the stack test
daa548bbf criu: Do not print failed message when there is no late stage hook
34226fd24 ci: try GitHub arm runners
a44aa6d98 criu: Version 4.1.1
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-tools to version v1.26.0-1468-g16d56738, which comprises the following commits:
9ddc149f use latest cri client with the logger used from context
224d6cc1 Bump ncipollo/release-action from 1.20.0 to 1.21.0
f224fbcc add context to critest
4dcca56b image ID consistency test
77d610e3 ci: Skip exec tty test on Windows
94684d12 Bump the gomod group across 1 directory with 9 updates
51802bf0 Bump the gomod group with 4 updates
53a26273 Bump crate-ci/typos from 1.43.5 to 1.44.0
02862375 Bump the gomod group with 7 updates
075032cf Bump actions/upload-artifact from 6.0.0 to 7.0.0
3b76ce8d Bump actions/setup-go from 6.2.0 to 6.3.0
b1649021 feat(critest): Add image manager consistency and idempotency tests
b198f503 first iteration of AGENTS.md
8221586a Update golangci-lint to v2.10.1 and fix lint issues
7a737fe9 Bump github.com/onsi/gomega from 1.39.0 to 1.39.1 in the gomod group
9fe1083e Bump the gomod group with 16 updates
d84c3535 Bump crate-ci/typos from 1.43.4 to 1.43.5
ae771321 bump opentelemetry dependencies to latest
bf5ca193 Bump crate-ci/typos from 1.43.3 to 1.43.4
795d23d0 Bump crate-ci/typos from 1.43.2 to 1.43.3
fa820b42 Bump crate-ci/typos from 1.43.1 to 1.43.2
046d82c8 Bump actions/cache from 5.0.2 to 5.0.3
cdfc7c46 Bump crate-ci/typos from 1.42.3 to 1.43.1
779f2d21 Make ginkgo less verbose
3bcc1025 Bump crate-ci/typos from 1.42.2 to 1.42.3
ef1842c0 Bump crate-ci/typos from 1.42.1 to 1.42.2
cac1dfdf Bump actions/checkout from 6.0.1 to 6.0.2
2c34c5c2 Bump crate-ci/typos from 1.42.0 to 1.42.1
b2a9817a Bump actions/cache from 5.0.1 to 5.0.2
0761c49a switch to GA bits of k8s API
be5cd064 Add warning and documentation for crictl rmi multi-tag behavior
4d23a48c Bump actions/cache from 4.3.0 to 5.0.1
efbfa5a1 Bump actions/upload-artifact from 5.0.0 to 6.0.0
39831ffd Bump crate-ci/typos from 1.40.0 to 1.42.0
e9146feb Bump actions/setup-go from 6.1.0 to 6.2.0
55167ff1 Fix CNI installation grep pattern for containerd 1.7
78e6f2de special handling of containerd 1.7 CNI installation
f77dbe18 Update version
567e16a8 Vendor Kubernetes v1.35.0-rc.1
dd16bb7f buf fix: fix panic when no image in container-config
99f10931 Vendor Kubernetes v1.35.0-rc.0
92d5fee7 Bump actions/checkout from 6.0.0 to 6.0.1
60c0f563 fix:sometimes oom test failed
eb170995 Bump crate-ci/typos from 1.39.2 to 1.40.0
9900d2a6 Update Windows test image and fix CRI-O test cleanup
b78116aa Use `latest` gcb-docker-gcloud for building test images
cc2f14ae Bump actions/setup-go from 6.0.0 to 6.1.0
1d2b74ca Bump actions/checkout from 5.0.1 to 6.0.0
b56079fb Update golangci-lint to v2.6.2 and fix lint issues
f11f7e44 Bump actions/checkout from 5.0.0 to 5.0.1
e8f44b14 Bump crate-ci/typos from 1.39.1 to 1.39.2
3a38712d Bump crate-ci/typos from 1.39.0 to 1.39.1
314e94c5 Disable runc integration tests due to AppArmor issue
e07bd2f2 update selinux to v1.13.0 to address cve
8790d077 Update validation.md documentation
38a46a26 Switch to `macos-latest` runner
3931ed0d Update documentation with missing features and fixes
5f13ca55 Remove unused e2e badge
7feb39fe Bump crate-ci/typos from 1.38.1 to 1.39.0
c477e553 Add buffer pooling for JSON operations
5a86e2e3 Optimize marshalMapInOrder with strings.Builder
243bf09d Modernize golang for 1.25
722f0f55 Bump actions/upload-artifact from 4.6.2 to 5.0.0
12e02c53 bump containerd dependency to 1.7 in go.mod
bddc6ada remove unnecessary build step on Windows
7ef3055b Containerd 1.6 is EOL now
25cdc3c2 Remove link to outdated kubic repository
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping cri-o to version v1.33.0-522-g8273bca37, which comprises the following commits:
5dd7bb4e3 Add libpathrs version to dependencies
2b23b4810 Add libpathrs-devel to github-actions
8d8d342a1 Add libpathrs-devel to Fedora packages for runc build
d51616f2f fix: prevent panic on closed stopTimeoutChan in StopContainer
71e9babcd fix: handle ErrNotAnImage in RemoveImage for concurrent deletion idempotency
1d19f431c [docs] fix dead nixos link in install.md
73957f24e build(deps): bump the gomod group across 1 directory with 7 updates
e43e31772 Fix metric label cardinality mismatches in CRI stats
1e19a7261 Skip OCI artifact fallback on transient network errors
7eb2cc18e Add EnsureNotContainerImage to prevent container images in artifact store
aed9671d7 Return image ID from PullImage instead of repo digest
a42bdf9de tutorials/CRI-O in kind: fix bash syntax error
1e2e17804 Bump golangci-lint to v2.10.1
c355bea81 Add OpenVEX report generation via govulncheck
9ca8e2c1a Bump go dependencies
020b30892 Fix the bug where cri-o doesn't emit any metrics when all is set.
f1c0c7b6a Feature Request: Make TLS minimum version and cipher suites configurable for CRI-O server
ddb1d632a Update setup-go
1294b3151 Temporarily pin conmon to pass CI. See https://github.com/containers/conmon/pull/629#issuecomment-3872984444 for details.
65b9fcc49 Bump development version to v1.36.0
ecacc4558 Mark v1.32 EOL
75877851a Some minor refactorings of `ociartifact`
d1d77faec Refactor `ociartifact`: extract `datastore` package for artifact data handling
39ff6f590 Refactor `ociartifact` to simplify artifact creation using `NewArtifact` and remove redundant `buildArtifact` logic.
ec12a7d5f bump c/common, c/storage
33f0e88da Disable swap setup on GitHub actions
b414a1f93 Update nixpkgs
0f877a3e1 Update .coderabbit.yaml
d56906b6d Create .coderabbit.yaml
eccac32bd Revert "storage: Preserve knownRepoDigests order in ImageStatus"
4eabb00d3 server: update container state prior to NRI StopContainer event.
0f68aa8d0 test: Add regression test for user namespace cgroup delegation
e826ac15c server: Always include UID/GID mappings for user namespace containers
19d319695 server,nri: pass extended container status to NRI.
03e4dffce build(deps): bump github.com/sigstore/fulcio from 1.8.3 to 1.8.5
8df271a03 server,nri: pass any POSIX rlimits to plugins.
23b10b8da server,nri: pass container user (uid, gids) to plugins.
7822ff1f1 checkpoint: clean up checkpoint dir on error
74af549f5 Remove `filepath-securejoin` replace and bump to 0.5.2
922d3edc8 Refactor container mount setup functions and improve SELinux label handling
396cce5f0 Replace cgmgr.CgroupStats to use cgroups.CgroupStats
d9d10ea4c Rename DiskMetrics and FilesystemMetrics to DiskStats, FilesystemStats for consistency with other structs and cadvisor
9da43ec9c Move disk_metrics to the new stats package.
d2d7d1f2c Rename stats to statsserver
5062a6a94 oci: fix lint
73848ccec runtimehandlerhooks: save whether irq balance enable was done
a96dfe16a server: run post stop hooks before updating container status
fa5afc5b3 refactor(memorystore): remove unused Size() method
4009c44e1 refactor: remove AddExecPID, use StartExecCmd
eeab7a961 fix: make exec start atomic with PID registration
a97e4b982 test: skip tests from kata containers
e8d273b08 test: add integration tests for exec during graceful termination
8df026b11 test: add tests for exec during container lifecycle
35f7a3ca6 feat: allow exec to containers during graceful termination
ec1c67a8c artifacts: fix unqualified search tests
610a868fa artifacts: mock libartifact store
6ca8533aa Drop unqualified-search-registries support for artifacts
c33e3e81b test/nri: update linter deprecation annotation.
174d13446 server,nri: pass any linux RDT constraints to plugins.
25f32e0e6 server,nri: pass any linux net devices to plugins.
db7314ca6 server,nri: pass any linux scheduler attributes to plugins.
9536cf92c server,nri: pass any linux I/O priority to plugins.
b23a7d055 go.{mod,sum}: bump NRI deps to v0.11.0, re-vendor.
04f4754fa Update Golang download URL to use go.dev instead of storage.googleapis.com
4e2f7dbed Ensure `InitLabel` only sets process label when unset
29b33f11e Fix the bug where the ContainersStatuses.Image returned by the GetContainerEvents interface is nil
01b2c74d9 Follow up on PR 9634 to clean up redundant code.
68795ff36 Refactor cgroup manager integration: centralize pod and container cgroup manager retrieval logic with `GetPodAndContainerCgroupManagers` and standardize function naming for consistency.
0b1d77bdd Add exec cgroup for exec CPU affinity
a2a04ad55 Refactor cgroup manager logic: centralize `LibctrManager` and `CrunContainerCgroupManager` in `cgmgr` while replacing duplicates.
c979d5fdd Delegate setting shared CPUs in cgroup to container runtime.
cf4aab91f Update release notes to use cosign bundle format
3cead51f9 Replace json-iterator/go with goccy/go-json
9270ed35b Refactor ociartifact handling to use libartifact types and store
db0840561 go.{mod,sum} bump CDI deps to v1.1.0.
8212e1acd build(deps): bump github.com/sigstore/fulcio from 1.7.1 to 1.8.3
23b69a24b build(deps): bump the gomod group with 10 updates
a7b222899 server: use totalTimeout for infra container stop
9d7aa99d0 OCPBUGS-62150: server: ignore /etc/passwd mount
11e4c1806 build(deps): bump the gomod group across 1 directory with 3 updates
1c09e085d Replace v1 annotation references with v2
5a0973db5 Pin Kubernetes to v0.35.0-rc.0
1a7db25c0 Add container pressure metrics to stats collection
c42cf78c6 Remove SignalContainer functionality and related syscalls
97658ce1a build(deps): bump the gomod group with 7 updates
6bb8a380c Allow containers to use both host network and user namespace
e46ab57b1 build(deps): bump golang.org/x/crypto from 0.43.0 to 0.45.0
c2ebfbac1 Migrate annotations to Kubernetes-recommended naming conventions
ddfa9d3eb server: skip processing early if we get a nil adjustment from NRI.
eb21f3b71 build(deps): bump the gomod group with compatibility fixes
e03e84aae Fix incomplete config validation on sandbox restoration
35ce440e8 Make AGENTS.md generic and add git workflow nuance
bbe6d7a4e Rename CLAUDE.md to AGENTS.md
e71f96aed dbusmgr: use system dbus when running as UID 0 regardless of rootless detection
9e0b08c1d Add support for "all" in includedPodMetrics and validate its usage
3b932318f Fix the bug where includedPodMetrics are not respected in ListMetricDescriptors
f830100c3 Add CLAUDE.md project context file
3233b94ea refactor: Reduce cyclomatic complexity in sandbox_run
07b0da920 refactor: Reduce cyclomatic complexity in sandbox_run
3dd90b8ab test: add integration tests for container_create_timeout configuration
52efdb362 test: add tests for ContainerCreateTimeout configurability
2d2024a0f Add documentation for container_create_timeout configuration option
7a2427285 Add context timeout to task.Create in runtime_vm.go
18d52e3e0 Make ContainerCreateTimeout configurable at runtime handler level
09625082c Improve returned error text at CreateContainer failure
f76e3f9ea Migrate to container-libs
f6bc16be2 storage: Preserve knownRepoDigests order in ImageStatus
e200c2625 test: Switch more integration tests to use crun
20e6d1b47 Update golangci-lint to v2.6.2 and modernize configuration
f22167af4 Update sigstore/cosign-installer to v4.0.0
99a55c8f5 Fix CVE-2025-58183: Update tar-split to v0.12.2
f49e8eb7b Disable runc integration tests due to AppArmor issue
9ece818fb metrics: add disk IO stats
822ce9db8 spec metrics: always report container_spec_memory_reservation_limit_bytes
e7af6bd9b metrics: add container_start_time_seconds
f470ad448 spec metrics: always report container_spec_memory_reservation_limit_bytes
cf3eb39b7 metrics: add container_start_time_seconds
2d66de376 feat: extend oci runtime to collect and manage disk metrics
069114806 refactor: Reduce cyclomatic complexity in criocli
6ad526c7a metrics: update process metrics tests and refactor stats_linux.go a bit
7fda065ba Extend Disk Metrics for other filesystems
d9694a420 Extended ContainerStats to include disk metrics
8b8028baa feat: Added Disk Metrics
7a179c8a6 refactor: Reduce cyclomatic complexity in container_create
6cbdc99cc Fix `patch-release` job by adding dependencies.yaml
58a1fc0f3 Tests for threads and sockets
cbea27536 Refactor thread metrics
aebf1d561 metrics: correct container metric metadata
76319d61c build(deps): bump the gomod group across 1 directory with 2 updates
927461f48 fix minor typos in README.md
897f1cdf2 Added container process metrics
a3c41c499 container: take state lock when setting spec
fe0a3281d metrics: add container spec metrics
a748f3453 metrics: add container_last_seen
1fb90ef70 build(deps): bump k8s.io/kubelet from 0.35.0-alpha.1 to 0.35.0-alpha.2
5ecd5931b build(deps): bump k8s.io/cri-client
36475303d build(deps): bump the gomod group with 2 updates
ed3fe40bf Add and apply gopls `modernize` linter
fe4306b72 Pin github.com/cyphar/filepath-securejoin to v0.4.1
9a2f002d0 build(deps): bump github.com/cri-o/crio-credential-provider
c2db50755 Close runtime connection on watchdog call
1e357f4d6 build(deps): bump sigs.k8s.io/release-sdk in the gomod group
93f920160 Remove support for `InsecureRegistries` in favor of `registries.conf`
f10344e7c Mark v1.31 as EOL
2ec914d08 Packit: remove unmaintained branches
c76a5286b lint
b10d151c8 remove typo
a760511c1 move log statement after fn call
6e4965b1d Fix lint CI by re-adding `nolints`
68c73a911 Clean up duplicate SignaturePolicyPath logic in image_pull.go
55c749ff4 build(deps): bump golang.org/x/net in the gomod group
ce5edf28b build(deps): bump the gomod group with 2 updates
93121f41b Re-use public credential provider API
a0c3b7723 build(deps): bump the gomod group across 1 directory with 4 updates
d25f3a5d2 Update log formatting in interceptors to use %+v for better readability of structs
ab0176bde HighPerformanceHooks: Nil pointer check for isContainerRequestWholeCPU
172635f02 HighPerformanceHooks: Add housekeeping CPU support for IRQ loadbalancing
7a780e492 Fix Generator initialization to properly initialize envMap
53b7f6bfb Remove github.com/grpc-ecosystem/go-grpc-middleware dependency
43ed9f965 Remove unused code from Makefile
ff5900e74 Switch to go 1.25
d73c82b4d Actions: cancel parallel runs
0b1d84cbc Update nixpkgs
1080c5ea9 Fix lint
cadcf4753 build(deps): bump the gomod group across 1 directory with 3 updates
85da8e038 Re-add the `--enable-fixed-path` removal for gpgme
719a3e65d Remove temporary auth files if used
bc7f61ad4 Update third party dependencies
7a99e1d67 Consume additional pull auth if available
63212c48b temporarily downgrade crun version until container-selinux fix is released
02cd6750a server: Fix network cleanup failures when NetNS path is empty
16246ad1a Fix `ERROR! Invalid callback for stdout specified: debug` by removing stdout_callback
ad1728396 Use ftpmirror.gnu.org instead of ftp.gnu.org because ftp.gnu.org is sometimes too slow.
78c966c13 HighPerformanceHooks: Defer irqSMPAffinityFile rollback
44af57fe0 Revert "Skip [FeatureGate:InPlacePodVerticalScaling]"
79cd6e3f1 Update development version
14abbfc21 build(deps): bump the gomod group across 1 directory with 9 updates
1f1746236 Update dependencies.yaml if required on release cut
03ec73d26 HighPerformanceHooks: Move IRQ balancing to PostStop hook
06c843730 HighPerformanceHooks: Add mock infra for command and system unit tests
1283afcfe HighPerformanceHooks: Make locks atomic for irq SMP affinity
8aeda9682 Update install.md - Add Dep for Ubuntu 24
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping conmon to version v2.2.1-23-g86e8106, which comprises the following commits:
8bc1877 chore(deps): update dependency containernetworking/plugins to v1.9.1
beb8c36 chore(deps): update dependency containers/automation_images to v20260310
5c023cb chore(deps): update dependency opencontainers/runc to v1.4.1
b074dcd tests: fail if runc start failed
db7c945 ci: drop unneeded step of installing bats
497ce1c Update dependency containers/automation_images to v20251211
329b0dd CI: bump dependencies, build runc/crun from source, skip crio-wipe tests
1090e54 RPM spec: modernize spec file
7aa0abd Add the official conmon logo to README.md
ec54d8f Fix FreeBSD 15.0+ SOCK_SEQPACKET message boundary issue
e311cf2 tests: Normalize json before comparing it.
c8cc2c4 Release v2.2.1
2cf4dcd Fix EAGAIN busy-loop in drain_stdio()
f8cc9d6 Add CRI-O critest
5863a7f Fix test for reverted F-sequence behavior
8563b0a Revert PR #592
894e164 Revert PR #629
3bb1a4e Skip test if RUNTIME_BINARY is not runc
93d4e63 Fix k8s-file log format for terminating F-sequence
de539b3 tests: Ensure necessary dependencies are available
27ef050 Release v2.2.0
40eb39e Fix SIGABRT crash in drop_signal_event
437e65a Add an easy cleanup for tests
dbb54d4 [skip-ci] Update actions/checkout action to v6
d436a96 Check memory.events file exists before adding inotify watch
21ffef0 Fix remaining busybox references in tests
15de5b1 Fix inconsistent error messages when runtime fails
8debcb5 Move attach start message after failure check
b2e434f Switch tests from busybox to UBI10 and add consistent terminal size validation
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping containerd to version v2.2.2-11-g5957d3334, which comprises the following commits:
a83510103 cri: UpdatePodSandbox should return Unimplemented
ee4179e52 fix(oci): apply absolute symlink resolution to /etc/group
fd061b848 test(oci): use fstest and mock fs for better symlink coverage
5d44d2c22 fix(oci): handle absolute symlinks in rootfs user lookup
00c776f07 update to go1.25.8, test go1.26.1
7e6ecf434 Prepare release notes for v2.2.2
a20dead7c set default config_path in plugin init
fbed68b8f Fix TOCTOU race bug in tar extraction
68855cb0b ci: modprobe xt_comment on almalinux
ef7a8beb3 core/mount: add test for getUnprivilegedMountFlags
07b2cc07e core/mount: fix getUnprivilegedMountFlags iterating over indices instead of values
a5f83d8c2 cri: unpack images with per-layer labels for runtime-specific snapshotters
54101116f add integration test for cni result nil
d44c4384e address comment
f1835270b fix issue where cni del is never executed
5dbf1b915 update golangci-lint to v2.9.0 with go1.26 support
8ec695ebe remove windows/arm from cross build
b9c22a6e3 ci: build/test go1.26.0
6c05047b4 apparmor: explicitly set abi/3.0
09b876a81 integration: Fix TestImageLoad() failure on CI
172ba65b6 cri: Fix image volumes with user namespaces
b4240ef87 update to go1.24.13, go1.25.7
94dbfaea7 ci: bump go 1.24.12, 1.25.6
e46a7a286 set fetch-depth for containerd to 0 for version parsing
1d7908273 core/mount/manager: fix bind mount missing rbind option
3d509bcd3 core/mount/manager: add tests for WithTemporary option
cb3ae2119 fix: sanitize error before gRPC return to prevent credential leak in pod events
533a2552e build(deps): bump google.golang.org/grpc from 1.77.0 to 1.78.0
b120237fb build(deps): bump google.golang.org/grpc from 1.76.0 to 1.77.0
a76eb698a cri: emit warning for concurrent CreateContainer
4be4e5156 Fix nil pointer dereference in container spec memory metrics
3d2e188b1 cri: Use the runtimeHandler parameter in PullImage
633057382 cri: move noisy CDI logs to debug level
8a7409e2e Reinstate image decryption
f6bae1f88 Prepare release notes for v2.2.1
c22cf5d49 cri,nri: pass any linux security profile to plugins.
d7532de75 cri,nri: pass any linux RDT constraints to plugins.
ef36e6181 cri,nri: pass any linux net devices to plugins.
d56faf426 cri,nri: pass any linux scheduler attributes to plugins.
e1824d261 cri,nri: pass any linux I/O priority to plugins.
01d5490ae go.{mod,sum}: bump NRI deps to v0.11.0, re-vendor.
58d23ab63 pkg/tracing: HTTPStatusCodeAttributes: remove use of deprecated SemConv const
05ccbb3a7 cri/nri: short-circuit nil adjustment.
c166a577d go.{mod,sum} bump CDI deps to v1.1.0.
8a5fc8641 go.mod: github.com/containernetworking/plugins v1.9.0
73a08aa00 go.mod: remove exclude rules
cee08c8af build(deps): bump github.com/containerd/zfs/v2 from 2.0.0-rc.0 to 2.0.0
55c93d6fb go.mod: golang.org/x/crypto v0.45.0
aedd29bb4 ci: bump Go 1.24.11, 1.25.5
26628f139 ci: bump Go 1.24.10, 1.25.4
8bb0e9be6 ci(release): set GO_VERSION in Dockerfile
ed19c5420 core/runtime/v2: remove uses of otelgrpc.UnaryClientInterceptor
952237d9b ci: update CIFuzz actions to support Ubuntu 24.04
51582ed27 bump containerd/cgroups to v3.1.2
50d0e4fd4 build(deps): bump github.com/containerd/cgroups/v3 from 3.1.0 to 3.1.1
fb5b818a9 runc: Update runc binary to v1.3.4
e3bf2b80b build(deps): bump github.com/opencontainers/selinux
41a69eb0d core/mount: should not call removeLoop when set autoclear
da8e846f9 .github: skip 5 critest cases in window CI pipeline
c707f771a fix: redact all query parameters in CRI error logs
d154e234b Update the ctr pull defaults when using the transfer service
09364216d Fix transfer unpack defaults on darwin
2055d3c62 Update default differs on darwin
9da97686d Use default writable size in erofs snapshotter for non-Linux hosts
eeb0f889a Update default erofs block size on macOS during erofs diff
678f944dd Revert "Implement io.ReaderAt on docker fetch reader"
8b73c2de3 remotes: fix possible panic from WithMediaTypeKeyPrefix
8eaa0b5cb Prepare release notes for v2.2.0
8885b1b7a Make v2.2.0 the latest release
d77d3bc34 Update releases file
491f77350 Update api version to v1.10.0
1ea370e9e Update platforms version to latest
77644a1b0 Update EROFS snapshotter documentation
8c98030c4 runc: Update runc binary to v1.3.3
715d6f8e4 Update Darwin defaults to useable values
69c855bb5 Prepare release notes for api/v1.10.0
f72025d05 Update GHA runners to use latest images for basic binaries build
acbaa8a99 ci: bump Go 1.24.9, 1.25.3
910171e90 Fix directory permissions
a0d0f0ef6 fix goroutine leak of container Attach
0928a980c build(deps): bump lycheeverse/lychee-action from 2.6.1 to 2.7.0
31132cc91 build(deps): bump github/codeql-action from 4.31.0 to 4.31.2
9ae5468e0 build(deps): bump github.com/intel/goresctrl from 0.9.0 to 0.10.0
565151652 Add size check to referrers response
bda01054f fix: ci TestContainerListStatsWithIdSandboxIdFilter failed because multiple id found
7bf5b92e6 Add Readonly setup to EROFS mount loop handler
ebb52e3fb add missing container process metrics.
18be704f7 add container_threads to metric descriptors
7429a7b75 add container_start_time_seconds
6eef0737b add container_ulimits_soft
4b5f23e8a add oom metrics
a68690c8c add container spec metrics
e65874cfb add miscellaneous metrics
ba524db34 snapshot: check parent's kind before commit
e817edf89 CI: update Fedora to 43
2e0e47c47 Deprecate cgroup v1
189de942c Prepare release notes for v2.2.0-rc.0
db3c5b7b7 Update api version to v1.10.0-rc.0
d9d3c8223 Cleanup load shim info
42336c7de Update referrers interface to support more options
9840ad93e docker: fix addQuery with multiple calls
2d40b7fba build(deps): bump golang.org/x/time in the golang-x group
8ef2cfb7e Improve documentation for mount manager
4c7b94fce api/go.mod: golang.org/x/net v0.38.0
f508730d5 cgroups: bump to v3.1.0
842cb99a5 containerd-shim-runc-v2: monitor OOM event after creation
867728517 build(deps): bump github/codeql-action from 4.30.9 to 4.31.0
a741a44cf build(deps): bump actions/download-artifact from 5.0.0 to 6.0.0
94c2d3853 build(deps): bump actions/upload-artifact from 4.6.2 to 5.0.0
c59cc44c0 CI: skip ubuntu-24.04-arm on private repos
04d8ae1d6 Postpone v2.2 deprecation items to v2.3
d939b6af5 Remove rebase validation logic from overlay snapshotter
fbc7848f2 Prepare release notes for api/v1.10.0-rc.0
7b7c5c171 Add rebase capability to erofs
0198b87fc Implement parallel unpack
c9afcc2bc cri: retry stop container if there is connection closed
2042e805b cri/server/podsandbox: disable event subscriber
5b9d871fe Add EROFS mount handler plugin
a418e280a add process metrics
7da6a9c21 add disk and diskIO metrics
2e58d4ccf add network metrics
68beb8191 add memory metrics
63eca8fe9 implement CRI ListMetricDescriptors
1bd3b45ad add cpu metrics
942d7afc6 Implement CRI ListPodSandboxMetrics
24e8734a5 .github: dump kernel message in Vagrant box
8a6e6263f Support arbitary mkfs size (not only in MiB)
3cc411c8b Fix backreference support for mount manager
4f130dbe7 cri: retry stopSandboxContainer if shim connection is closed
679a6d0a7 build(deps): bump github.com/klauspost/compress from 1.18.0 to 1.18.1
0da68e8b4 build(deps): bump github/codeql-action from 4.30.8 to 4.30.9
62845f4a9 Simplify oom event handling for cgroups v2 in shim
0d62c7188 Update loopback test to make initialization more robust
9ae0168c7 Add focus test option to critest
a7d26b35e client: add referrers support to client
9e9620dd6 chore: fix some function names in comment
5386802f8 Default config_path if legacy registry options are not set.
25c3871ba Switch mount manager tests to ext4
55d5d5b50 Add Close method to mount manager
2a8d30117 Set default run platform in ctr
92bc4fadc Update task manager to use mount transformers
2f75989e2 Update erofs to use mount transformers
be9f183f4 Add mount transformers to mount manager
1adaf27c1 Update erofs to compile on Darwin
ee8ae9d56 Update erofs snapshotter to use mount manager
fe02fcc5f docs: update default values for unprivileged port and ICMP settings
ed2e81a78 bugfix:sync parent dir to ensure blob entry is reliably stored
932b65a49 restart:use goroutine to speedup loadShims
5243cdd2d Check expected digest when committing as a sanity check
f2b9ff67f Make dockerPusher more compliant with distribution spec
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v5.8.1-1-g9d66b48e1c, which comprises the following commits:
c6077f6457 Bump to v5.8.1
dfe5dae2d6 Release notes for v5.8.1
cf0019e3ed docs: make the --migrate-db more clear
5dcc24d01d update boltdb migrating warning
13deb46d81 libpod: prefer sqlite in getDBState()
0c473eb570 libpod: fix parallel migration issue
9b810aed3a libpod: return full path in sqliteStatePath()
1e99e31575 migrate to oidc
935088fd14 Bump Podman to v5.8.1-dev
37bfeded1f Disable lint to fix CI
07efc23e05 Bump to v5.8.0
482462af7b Final release notes for v5.8.0
dafa2e722c update github.com/containers/gvisor-tap-vsock to v0.8.8
e3d9a7863f Bump Podman to v5.8.0-dev
cf2514451d Bump to v5.8.0-RC1
b2325c1126 Extent timeout on Build Each Commit
72838c8458 Update release notes for v5.8.0-RC1
05135d35fe fix: remove unnecessary -t flag from podman run commands in documentation
e330a9fd83 Add /usr/libexec/podman/qemu-system-arch
949d406ed1 test/system: skip podman volumes with XFS quotas on fedora
3235579b48 cirrus: ensure NOTIFY_SOCKET is properly unset for all tests
faedb9c911 docs: Update filter options and add podman ps documentation
e70bfff716 docs: Deduplicate --filter descriptions
63ea75a599 Deterministically order pod inspect fields
4e3dd47967 bindings: fix handling of env secrets in remote builds
b17e90703c Add perl to make validatepr
86b6c75cef Fix `unless-stopped` restart policy to match Docker behavior
8e93487dcc docs/podman.1: Fix leftover rootless mention
35c602bfbb fix: improve userns validation when joining pods
371b3ecdc1 docs: further tweaks
36b11b43fd docs: improve note about Quadlet TimeoutStartSec
d6c79580f8 [Fixes: #27571] Fix 'shouldResolveWinPaths' returning 'false' on Windows
243b623629 fix(api/compat): typo in the remove secret handle
8423b3bbd0 Clamp rootless rlimits to host on format
58a15f1500 Add ulimits to `podman update` API
0f5b913a7c podman-systemd.unit.5: document /sbin/nologin accounts
484858710c feat(exec): Add --no-session flag for improved performance
790f21d355 quadlet install: multiple quadlets from single file should share app
ed79cdfd6a quadlet: add support for multiple quadlets in a single file
e8c334f3cb chore: fix the inconsistent method names in the comments
2a0b5c3593 docs: Add references to quadlet
479b363020 test/system: Update test to handle new error message from runc 1.3.3
d45377c6c8 Ignore auth header with empty JSON object
d36b61c211 Fixes: #27444, Fix tiny typos in some artifact docs
f1dcf63a91 Fixes #27421 aritfact push and pull with authfile
60bf36386b Bumping timeout for aarch64 machine
87bb060531 Fix remote client rejecting empty --detach-keys string
49a704eb06 Makefile: Drop dead CONTAINER_RUNTIME
5a8dbd1dfb Fixes #27378 Missing network type in events document
dcf7644cbc Update docs/source/markdown/podman-run.1.md.in
28b04a8604 Escape periods in path
8b8390522b Escape RequiresMountsFor value
d5b72d973a Introduce assert-has-key assertion
62f1e1176e Rename misleading assertion name
eeae782945 docs: expand --mount section with detailed type descriptions (#25888)
9d29245500 Fix tmpfs U/chown documentation
415e3fc4c8 [CI:DOCS]Fix minor typo in buildah test
ee88292812 Add system test
b866c3d49d Fix podman build "newer" pull policy
99136fbc4c test/e2e: fix 'block all syscalls' seccomp for runc
f76be2a94d [play_kube] Add validation to container image field
b4202348ad test: Fix PODMAN_BATS_LEAK_CHECK
cc83ebbb3e Fix docs for Volume User= and Group= options
763b7b3821 test/system: fix log timestamp work around
6c1378be44 extract shared TTY handling code into helper function
b847c344f6 test: Fix --hostuser octal UID test flakiness
10187a23af Fixes #27651 - Fix health inspect/ps for rootfs containers with empty healthcheck
2f348b3c19 test/e2e: Skip privileged container test if NoNewPrivs is set
abc9a6ff29 Don't assume v1.41 is the default docker
d93268f286 Bump Compat API version to supported v1.44
dc97c9af7e libpod: fix Volume.Mount() returning empty path for plugin volumes
8eacbd8464 fix: correct env/envFrom precedence in kube play
5ff402aa80 Fix PowerShell `Write-Error` multi-line argument
7036d09c5e fix: generate correct error message if Wix is not installed
9e965498aa Fix interfering escaping of commas and spaces in no_proxy variable
4ea22f1b29 Write DefaultEnvironment proxy values to /etc/systemd/user.conf.d/default-env.conf
0e4dc26c05 Fix test proxyenv/env_test.go for systems that use proxy variables
eb118bafb4 Fix healthcheck argument with spaces split in Docker API (#27818)
3d02daa261 fix: prevent race condition during database initialization by using INSERT OR IGNORE.
b41f2d3a3a Release notes for v5.8.0-RC1 (initial)
96dd0e1ad1 Fix podman run equivalent for HealthStartPeriod
7477ffa9c6 libpod: simplify unnecessary loops
d941f62082 secrets/create: remove pipe check and allow interactive stdin
e1408e5a35 Fix container export emitting incorrect event type.
0747179589 Add AppArmor key to quadlet .container files
f111cedfce fix(logs): enhance timestamp format to include timezone in logs
dac1e82710 fix(logs): add tests for nanosecond precision in log timestamps
d3bda38309 fix(logs): improve timestamp precision in container logs
06fe9b21c1 Fix missing newlines in stderr error messages
17d7be80c9 test/system: remove apk from build
ac22866156 libpod: fix healthchecks not executing every interval on linux
fcaf1300d7 fix: skip execution of probes when initialDelaySeconds is not elapsed
efff41698b test/buildah-bud: skip failed remote test
37e511d216 [v5.8] Bump Buildah to v1.43.0
b320fbcaff Add migration code for BoltDB to SQLite
4fdb90e02c Deterministically order pod inspect fields
7ae6813dfc [v5.8] artifact: Skip AddLocal optimization on WSL
3918d4ca75 [v5.8] Require absolute path for local API
6465c07d21 [v5.8] Add local artifact add API endpoint
bae88e1e5e Add GET /quadlets/{name}/exists
d6023e431f Add DELETE /libpod/quadlets
f2fcc7f09c Add POST /libpod/quadlets
01e0db2931 Add GET /quadlets/{name}/file
36c405582a Bump Podman to v5.7.2-dev
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The recipe only has file:// SRC_URI entries which unpack directly into
UNPACKDIR, not a ${BP} subdirectory. The new do_qa_unpack QA check in
insane.bbclass warns when S doesn't exist after unpack. Set S explicitly
to satisfy the check.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes the build with recent glibc and picks up the following fixes:
2597434ae Release LXC 6.0.6
d128f134d cmd/lxc-user-nic: prevent OOB read in name_is_in_groupnames
c43aeaaed lxc/network: define netlink uAPI constants for link properties
42b43b31c lxc/network: save/restore physical network interfaces altnames
810f44ba0 lxc/network: optimize netdev_get_mtu
5e68a7a63 meson.build: fix open_how include with glibc-2.43+
540f9e2bc meson.build: fix openat2 include typo, fix with glibc-2.43 +FORTIFY
01b9e35a7 lxc: added support OpenRC init system
885496ccc src/confile: fix values of lxc.cap.keep and lxc.cap.drop
99c3206c7 tests/lxc-attach: ensure no data corruption happens during heavy IO on pts
b964611b3 lxc/{terminal, file_utils}: ensure complete data writes in ptx/peer io handlers
d6ccb9abe github: test io_uring-based event loop
0448c9dd2 build: update Makefile and meson.build
aa4212023 Improve the dbus scope creation error handling
f9e73517e cgfsng: fix reboots when using dbus
2072ea4c7 copy_rdepends: Don't fail on missing source file
c7eac1180 start: Respect lxc.init.groups also in new user namespace
8ed8145d6 start: Remove outdated comment about group dropping
e9921c3d7 build(deps): bump actions/upload-artifact from 5 to 6
97a2e4af5 Added documentation on unprivileged LXC containers
59a30025e added doc for --rbduser
54d323a2d added "--rbduser" option in "lxc-create -B rbd"
a262afb5d Fallback to XDG_RUNTIME_DIR when /run not found
d7068a338 checkonfig: Fixed compatible with toybox/gunzip
4cc343edf Initial changes without testing
bdce7a634 Enumerated all values in array
edc57196f meson: add meson option for running doxygen in build
058be42aa build: Check if P_PIDFD is defined
099089971 Ensure do_lxcapi_unfreeze returns false when getstate errors
f9ff9ea2a build(deps): bump actions/checkout from 5 to 6
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
crun ships a GNUmakefile that aborts with "You must run ./autogen.sh &&
./configure" when make clean is invoked before configure has run. The
autotools_preconfigure prefunc triggers this when rebuilding (e.g. via
multiconfig where sstate hash changes cause reconfiguration).
Set CLEANBROKEN = "1" to skip the make clean in autotools_preconfigure.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Somehow we have two similar registry recipes that were developed
from a different pont of view.
We don't need both.
container-registry-index is the mature, QA-compliant version
that also generates the standalone container-registry.sh helper
script.
container-registry-populate is an older, simpler version that
does only the push, so we drop it here
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping buildah to version v1.43.0-1-gbbc4bd12f, which comprises the following commits:
0158b5b31 [release-1.43] Bump Buildah to v1.43.0
f40d38a2f [release-1.43] fix source test
07b8495c8 [release-1.43] Bump common 0.67.0, image 5.39.1, storage 1.62.0
7178b10ac [release-1.43] Bump dest branch in cirrus to 1.43
acca15722 fix(build): make --tag oci-archive:xxx.tar work with simple images
40b5e371e test: do not untar archive into fs when checking file names
45b48af90 tests: use cached images instead of fedoraproject.org
662aa1598 chroot.bats(chroot with overlay root): ensure we can overlay
3877dc97d Run: don't try to encode SystemContext with json
c0cc97255 [release-1.42] Bump Buildah to v1.42.2
307d1a3a4 [release-1.42] Bump runc to v1.3.4
de21106b6 [release-1.42] Bump Buildah to v1.42.1
f0700c546 [release-1.42] bump runc to v1.3.3 - CVE-2025-52881
22cd531e9 RPM: build with sequoia on F43+
1ba41f035 Bump to Buildah v1.42.0
c23bf6bf1 Bump to storage v1.61.0, image v5.38.0, common v0.66.0
858a514ff fix(deps): update module github.com/openshift/imagebuilder to v1.2.19
a0bc52535 fix(deps): update module github.com/openshift/imagebuilder to v1.2.18
4caee77d1 copier: ignore user.overlay.* xattrs
5a849d176 commit: always return the config digest as the image ID
92b342392 fix(deps): update module golang.org/x/crypto to v0.43.0
114aa3d8c fix(deps): update module golang.org/x/sys to v0.37.0
58f0f862b fix(deps): update module github.com/docker/docker to v28.5.1+incompatible
65929b93a fix(deps): update module github.com/moby/buildkit to v0.25.1
31cb2af46 fix(deps): update module github.com/opencontainers/runc to v1.3.2
8efc91385 fix(deps): update module github.com/docker/docker to v28.5.0+incompatible
ceff05295 fix(deps): update module github.com/moby/buildkit to v0.25.0
b7961ac34 fix(deps): update github.com/containers/luksy digest to 2cf5bc9
a654d3534 Make some test files different from each other
82702b493 Revert "fix(deps): update module github.com/cyphar/filepath-securejoin to v0.5.0"
3748cda03 Also run integration tests with the Sequoia backend
c9c1d764c Allow users to build against podman-sequoia in non-default locations
e3468665b fix(deps): update module github.com/cyphar/filepath-securejoin to v0.5.0
5bb6d9e48 .cirrus.yml: Test Vendoring bump golang
e3f55fec6 vendor: bump go.podman.io/{common,image,storage} to main
6d0c9ed7e fix(deps): update module golang.org/x/crypto to v0.42.0
fbe61f730 fix(deps): update module github.com/docker/docker to v28.4.0+incompatible
881f14f01 fix(deps): update module github.com/moby/buildkit to v0.24.0
bea03a01d fix(deps): update module github.com/spf13/pflag to v1.0.10
dcb6da097 fix(deps): update module github.com/fsouza/go-dockerclient to v1.12.2
477dd3563 fix(deps): update module github.com/opencontainers/runc to v1.3.1
296a8f3eb fix(deps): update module github.com/opencontainers/cgroups to v0.0.5
1c384c959 fix(deps): update module golang.org/x/sync to v0.17.0
9cd4768bd tests/run.bats: "run masks" test: accept "unreadable" masked directories
a18468f70 Run: create parent directories of mount targets with mode 0755
6e4d1ca83 tests/run.bats: "run masks" test: accept "unreadable" masked directories
af18a2ea6 New VM images
42d6b68db Suppress a linter warning
7aedebdcc modernize: JSON doesn't do "omitempty" structs, so stop asking
802b06979 modernize: use maps.Copy() instead of iterating over a map to copy it
16680a4df modernize: use strings.CutPrefix/SplitSeq/FieldsSeq
ebc9b4049 Update expected/minimum version of Go to 1.24
76c18c897 chroot: use $PATH when finding commands
02e42929f [skip-ci] Update actions/stale action to v10
95591dbc8 Update module github.com/ulikunitz/xz to v0.5.15 [SECURITY]
dd4f9fcd6 Update go.sum
7c0c647d6 New VM images
ac8573525 Update module github.com/openshift/imagebuilder to v1
3acceccf6 Update module github.com/spf13/cobra to v1.10.1
a0a9ac638 Switch common, storage and image to monorepo.
c448438ef Update module github.com/stretchr/testify to v1.11.1
57c9d52c6 Update module go.etcd.io/bbolt to v1.4.3
c4cfbcda8 Handle tagged+digested references when processing --all-platforms
fc8d43482 Update module github.com/stretchr/testify to v1.11.0
b436176d4 Add --transient-store global option
fc748f85a Support "--imagestore" global flags
a20e25136 Commit: don't depend on MountImage(), because .imagestore
13db28cdb Adding mohanboddu as community manager to MAINTAINERS.md
69a50588c Rework how we decide what to filter out of layer diffs
bf2cbe164 Note that we have to build `true` first for the sake of its tests
473656b9d copier.Stat(): return owner UID and GID if available
738fa0d3c copier.Get(): ensure that directory entries end in "/"
9461dd61d copier.Get(): strip user and group names from entries
fd498cbf5 imagebuildah.Executor/StageExecutor: check numeric --from= values
fceb8d9ed Losen the dependency on go-connections/tlsconfig
e78c0ad5a fix(deps): update module golang.org/x/crypto to v0.41.0
b49f0e2a5 fix(deps): update module golang.org/x/term to v0.34.0
494fd9dfa fix(deps): update module github.com/docker/go-connections to v0.6.0
4912cf45d fix(deps): update module golang.org/x/sys to v0.35.0
2ae2ec75b copy: assume a destination with basename "." is a directory
e31b04729 generatePathChecksum: ignore ModTime, AccessTime and ChangeTime
3e92772f6 fix(deps): update module github.com/seccomp/libseccomp-golang to v0.11.1
11e32da8d fix(deps): update module github.com/containers/common to v0.64.1
70d0451b8 History should note unset-label, timestamp, and rewrite-timestamp
7cecaa79e pkg/cli.GenBuildOptions(): don't hardwire optional bools
7cf2b7fb7 fix(deps): update module github.com/containers/image/v5 to v5.36.1
fb6ce9d07 imagebuildah.StageExecutor.Execute: commit more "no instructions" cases
0d1d1a4df fix(deps): update module github.com/containers/storage to v1.59.1
87f60f60c Only suppress "noted" items when not squashing
27c40b3db Reap stray processes
b271aecf4 fix(deps): update github.com/containers/luksy digest to 8fccf78
06207266f fix(deps): update module github.com/docker/docker to v28.3.3+incompatible
f949a49ab Restore the default meaning of `--pull` (should be `always`).
ff07ebc3e Test that pulled up parent directories are excluded at commit
7d302c38d Exclude pulled up parent directories at commit-time
95013b363 copier.Ensure(): also return parent directories
8807a0097 copier.MkdirOptions: add ModTimeNew
e729f60d5 fix(deps): update module github.com/containers/common to v0.64.0
cce5f9c32 Bump to Buildah v1.42.0-dev
8b5354ee8 fix(deps): update module github.com/spf13/pflag to v1.0.7
7a986ebcf CI: make runc tests non-blocking
2df30a83c build,add: add support for corporate proxies
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
DAEMON_SHARE_DIR was referenced in the CA certificate copy and idle
watchdog paths but never assigned, causing 'cp: cannot create regular
file /ca.crt: Permission denied' when starting the daemon.
Create the share directory under DAEMON_SOCKET_DIR and register it
as a 9p mount, matching the path expected by daemon_run().
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a host-side OCI image cache at ~/.vxn/images/ for the vdkr/vpdmn
standalone Xen path. Images pulled via skopeo are stored in a
content-addressed layout (refs/ symlinks + store/ OCI dirs) so
subsequent runs hit the cache without network access.
New commands on Xen: pull, images, rmi, tag, inspect, image <subcmd>.
The run path is unchanged — cache integration into hv_prepare_container
is deferred to a follow-up.
Also fix Docker iptables conflict: when docker-moby and vxn-docker-config
coexist on Dom0, Docker's default FORWARD DROP policy blocks DHCP for
Xen DomU vifs on xenbr0. Adding "iptables": false to daemon.json
prevents Docker from modifying iptables since VM-based containers
manage their own network stack.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Add vdkr/vpdmn as Dom0 target packages with Xen auto-detection,
native Docker/Podman config sub-packages, and OCI runtime fixes
for Docker compatibility (JSON logging, root.path, kill --all,
monitor PID lifecycle).
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use setsid -c to establish a controlling terminal for the container
shell, fixing "can't access tty; job control turned off" and enabling
Ctrl-C signal delivery. Run in a subshell so setsid() succeeds without
forking (PID 1 is already a session leader).
Remove [vxn] diagnostic markers from interactive output now that
terminal mode is working. Suppress mount warning on read-only input
disk.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The containerd shim's Create RPC hung indefinitely because go-runc
captures the OCI runtime's stdout via a pipe, and cmd.Wait() blocks
until all holders of the pipe's write end close it. The background
monitor subshell inherited this pipe fd and held it open, preventing
the shim from ever proceeding to ReceiveMaster() or calling Start.
Fix by closing inherited stdout/stderr in the terminal-mode monitor
with exec >/dev/null before entering the domain poll loop. Non-terminal
mode is unaffected because the shim configures IO via FIFO dup2, where
cmd.Wait() only waits for process exit.
Additional changes for terminal mode support:
- vxn-sendtty: set PTY to raw mode (cfmakeraw) before sending fd
- vxn-oci-runtime: wait up to 5s for xenconsoled PTY, capture sendtty
return code, write persistent debug file to /root/vxn-tty-debug,
log every runtime invocation, remove stale debug logging
- vxn-init.sh: add [vxn] diagnostic markers for terminal visibility,
suppress kernel console messages early in interactive mode
- vcontainer-preinit.sh: suppress kernel messages in quiet mode
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
Install vxn-init.sh alongside the existing init scripts in both vdkr
and vpdmn rootfs images. The Xen backend selects it at boot via the
vcontainer.init=/vxn-init.sh kernel command line parameter. Add
file-checksums tracking so rootfs rebuilds when the script changes.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add 'bundle' command to the vcontainer CLI for creating OCI runtime
bundles from container images. Pulls the image via skopeo, extracts
layers into rootfs/, resolves entrypoint/cmd/env from OCI config, and
generates config.json. Supports command override via -- separator.
Only available on the Xen (vxn) backend.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Make preinit and guest init scripts hypervisor-agnostic:
- vcontainer-preinit.sh: add vcontainer.init= cmdline parameter for
init script selection and vcontainer.blk= for block device prefix
(QEMU uses /dev/vda, Xen uses /dev/xvda)
- vdkr-init.sh, vpdmn-init.sh: use NINE_P_TRANSPORT variable for 9p
mount transport (virtio for QEMU, xen for Xen)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
Add vrunner-backend-qemu.sh implementing the hypervisor interface for
QEMU (arch setup, KVM detection, disk/network/9p options, VM lifecycle,
QMP control). Register backend scripts in vcontainer-native and
vcontainer-tarball recipes so they are available in both build-time
and standalone tarball contexts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add shell-based OCI runtime (vxn-oci-runtime) that enables containerd
to manage Xen DomU containers through the standard runc shim. Non-terminal
container output flows back to ctr via the shim's pipe mechanism.
New files:
- vxn-oci-runtime: OCI runtime (create/start/state/kill/delete/features/logs)
- vxn-sendtty.c: SCM_RIGHTS helper for terminal mode PTY passing
- containerd-shim-vxn-v2: PATH trick wrapper for runc shim coexistence
- containerd-config-vxn.toml: CRI config (vxn default, runc fallback)
- vctr: convenience wrapper injecting --runtime io.containerd.vxn.v2
Key design:
- Monitor subprocess uses wait on xl console (not sleep-polling) for
instant reaction when domain dies, then extracts output markers and
writes to stdout (shim pipe -> containerd FIFO -> ctr client)
- cmd_state checks monitor PID liveness (not domain status) to prevent
premature cleanup race that killed monitor before output
- cmd_delete always destroys remnant domains (no --force needed)
- Coexists with runc: /usr/libexec/vxn/shim/runc symlink + PATH trick
Verified: vctr run --rm, vctr run -d, vxn standalone, vxn daemon mode.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Per-container DomU lifecycle:
- run -d: per-container DomU with daemon loop and PTY-based IPC
- ps: show Running vs Exited(code) via ===STATUS=== PTY query
- exec/stop/rm: send commands to per-container DomU
- logs: retrieve entrypoint output from running DomU
- Entrypoint death detection with configurable grace period
- Graceful error messages for ~25 unsupported commands
- Command quoting fix: word-count+cut preserves internal spaces
Memres (persistent DomU for fast container dispatch):
- vxn memres start/stop/status/list for persistent DomU management
- vxn run auto-dispatches to memres via xl block-attach + RUN_CONTAINER
- Guest daemon loop handles ===RUN_CONTAINER===: mount hot-plugged
xvdb, extract OCI rootfs, chroot exec entrypoint, unmount, report
- Falls back to ephemeral mode when memres is occupied (PING timeout)
- Xen-specific memres list shows xl domains and orphan detection
Tested: vxn memres start + vxn run --rm alpine echo hello +
vxn run --rm hello-world both produce correct output.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix several issues preventing non-interactive mode (vxn --no-daemon run)
from showing clean container output:
- Fix console capture: check DAEMON_MODE instead of DAEMON_SOCKET in Xen
backend so ephemeral runs use xl console capture instead of the daemon
socat bridge (DAEMON_SOCKET is always set, DAEMON_MODE is only "start"
for actual daemon launches)
- Fix race condition: add post-loop marker detection after VM exits,
with 2s delay for xl console to flush its buffer
- Add stdbuf -oL to xl console for line-buffered output
- Suppress mke2fs stdout (was only redirecting stderr)
- Suppress kernel console messages during VM lifecycle in non-verbose mode
- Fix grep -P (Perl regex) for BusyBox compatibility in exit code parsing
- Preserve temp directory on failure for debugging
- Fix hardcoded "QEMU" in error messages to "VM"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
vxn runs OCI containers as Xen DomU guests — the VM IS the container.
No Docker/containerd runs inside the guest; the init script directly
mounts the container rootfs and execs the entrypoint via chroot.
Host-side (Dom0):
- vxn.sh: Docker-like CLI wrapper (sets HYPERVISOR=xen)
- vrunner-backend-xen.sh: Xen xl backend for vrunner
- hv_prepare_container(): pulls OCI images via skopeo,
resolves entrypoint from OCI config using jq on host
- xl create for VM lifecycle (PVH on aarch64, PV on x86_64)
- Bridge networking with iptables DNAT for port forwards
- Console capture via xl console for ephemeral mode
Guest-side (DomU):
- vxn-init.sh: mounts container rootfs from input disk,
extracts OCI layers, execs entrypoint via chroot
- Supports containers with or without /bin/sh
- grep/sed fallback for OCI config parsing (no jq needed)
- Daemon mode with command loop on hvc1
- vcontainer-init-common.sh: hypervisor detection, head -n fix
- vcontainer-preinit.sh: init selection via vcontainer.init=
Build system:
- vxn-initramfs-create.inc: assembles boot blobs from vruntime
multiconfig, injects vxn-init.sh into rootfs squashfs
- vxn_1.0.bb: Dom0 package with scripts + blobs
- nostamp on install/package chain (blobs from DEPLOY_DIR
are untracked by sstate)
- vxn.cfg: Xen PV kernel config fragment
Tested: vxn -it --no-daemon run --rm hello-world
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
| |
The recipe sets REQUIRED_DISTRO_FEATURES:class-native but never
inherits features_check, so the requirement was silently ignored.
OE-core now has an unhandled-features-check QA test that catches
this and fails the build.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The anonymous python function prints a banner unconditionally at
parse time, which means it appears when building any recipe (e.g.
xen-image-minimal), not just vcontainer-tarball. Remove the
parse-time banner since the post-build banner in
do_populate_sdk:append() already provides the same information
and only fires when actually building the tarball.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Bumping libpod to version v5.7.1-5-gec1b7c989f, which comprises the following commits:
2b52342af9 Use explicit download-artifact name and path for win-installer release
36c405582a Bump Podman to v5.7.2-dev
f845d14e94 Bump to v5.7.1
6ecc622841 Final release notes update for v5.7.1
d0558385ec kube play: Fix fd leak when handling symlinks
214f5b2fd9 Update release notes for v5.7.1
678d1b4bfd avoid potential nil ptr deref in image rm
ba6e527289 fix: check err returned by newGenericDecompressor
68022802fc pkg/specgen/generate: Fix adding host devices on FreeBSD
a27cc24f80 Replace FindExecutablePeer with FindHelperBinary
dc7509fe38 [v5.7] Bump common to v0.66.1
7ce2e00ab1 libpod: simplify resolveWorkDir()
e576e002e9 libpod: fix workdir MkdirAll() all check
f348d1bd5b [v5.7] Bump Buildah to v1.42.2, runc to v1.3.4
9538a7d976 rootless_linux.c: use shortcut for system commands
0647387bfe SetupRootless handle case where conmon pid are not valid
118ec04065 preallocate paths in SetupRootless
6a9ce66e5c fix noMoveProcess in SetupRootless
973ab34078 use return error handling in SetupRootless
363665a456 pkg/machine: make mount units hook into local-fs
db82b92d0a docs: fix redoc swagger URL
9257ac4822 Bump Podman to v5.7.1-dev
0370128fc8 Bump to v5.7.0
84c31b8fae Create release notes for v5.7.0
b6b8d23abd hack/bats: port it to use the new remote support
129c344b49 test/system: fix broken podman_runtime
708f7a14f3 test/system: fix artifact test cleanup
e737d75b2f test/system: merge artifact tests into single file
58733d714a test/system: rework artifact created test
372e142252 test/system: remove 701-artifact-created.bats
bfddcb3384 test/system: do not run artifact test in parallel
199254f039 test/system: skip flaky restore test on debian
0c99f623aa test/e2e: try to fix clean up after terminated build flake
ec1efdbdac [v5.7] Packit/TMT: remove podman-next repos from release branches
97ad660c0c [v5.7] fix lint issues with github.com/cyphar/filepath-securejoin
e6deadcc34 [v5.7] Bump to runc v1.3.3 - CVE-2025-52881
cbda92e6b3 rotate aws meta_task keys
3d23aa4a6b rotate aws key
da8d069e6a Bump Podman to v5.7.0-dev
85a6e7f8d7 Bump to v5.7.0-rc3
b7d1f77147 Update release notes for v5.7.0-rc3
fb8644d551 Fix cache misses when pulling WSL machine image
c4357e7112 test: organize search tests with BeforeEach/AfterEach patterns
64fbc2557e test: refactor search_test.go to use helper functions and PodmanExitCleanly
d6f660076b test: Replace external registry deps with mock server in search tests
a59eaccbe2 Add tmt integration plan
bfae53709c Bump bundled krunkit from 1.1.0 to 1.1.1
f12c838fb7 Allow RC Windows Installer to be built
d0b45ff1f0 Allow failures on WSL machine tests
e68cecbb60 Bump Podman to v5.7.0-dev
fa892f1df0 Bump to v5.7.0-rc2
e16a54c6bc Add release notes for v5.7.0-rc2
667757583b Bump bundled krunkit from 0.2.2 to 1.1.0
537a0233ae Fix Windows Installer GH release
829864ba74 Add CreatedAt format option to podman artifact ls
7f780d866b Bump Podman to v5.7.0-dev
03f8a02983 Bump to v5.7.0-rc1
9b5751089b Add release notes for v5.7.0-rc1
61291e8c70 quadlet: add `cat` alias for `print`
c72102d1b2 Bump Buidah to v1.42.0 for Podman v5.7
f957852e4a fix: failing tests
8e013c0012 feat(quadlet: kube): support multiple Yaml entries
9ea18b78fa Warn on boltdb use
339a432dd9 fix artifact inspect issues
9bda788edf feat(cmd): podman kube play support multiple arguments
0ea4eaee70 cmd/podman: add replace flag to quadlet install
ca106301f8 fix: typo in uidmap option doc
0b1e9a76a5 RPM: build with sequoia for F43+
1fbf24b65b feat: add `--format` flag to artifact inspect
538229da90 artifact: added CREATED column to artifact ls Fixes: #27314
bb4fa066b3 fix remote command parameters
43ff7a4c13 Add a test for containers.conf runtime options
f87c8b9cba docs: introduce custom version selector in api.html
f6dd05d9c4 add test for container name without Pod name prefix feature
a27fd9bd89 Allow artifact add to override org.opencontainers.image.title annotation
bc571ae542 Vendor in latest go.podman.io/common
74788a3fe1 fileperms: newer Go 1.13+ octal literal format
1800b34b51 Quadlet build - add support for IgnoreFile key
0a20e22384 Add default runtime flags in config
cfd4cc0932 remove libartifact from podman
b394fe1a87 chore: remove repetitive word in cmd/podman/README.md
098d8efecc add option to remove Pod name prefix in resulting container name
9dbc33bb25 Add a new Windows installer supporting user scope
fa5d6cc103 docs: initialize redoc via JS API
858150288f docs: generate Reference version list from json file
56fee79d3c fix: system prune JSON unmarshalling error in remote client
73e42b3c9c [skip-ci] Update actions/setup-node action to v6
b2aefd4cf9 docs: add missing manifest parameter to build API endpoints
1e713c1a5f Add BuildArg example into documentation
34254cd1d0 Add artifact quadlet unit type support
6d63d165ef Fix flaky sysctl completion by handling /proc/sys errors gracefully
b4d81c0338 Run `make validatepr`
c0a09e7f10 Update docs/source/markdown/podman-systemd.unit.5.md
1656c90c6e Iterate through all machine providers in FindMachineByPort
a1e7e9a46d Add local build API for direct filesystem builds on MacOS and Windows (only WSL)
1f1354c2a4 fix(deps): update module golang.org/x/term to v0.36.0
e3c9fa6ddd Update docs for StopTimeOut
6786f59648 SECURITY.md: point to container-libs
a696f8bccb Update documentation to include BuildArg key
196be4b813 Test for multiple key/val arguments
720e263767 Add BuildArg key to quadlets
aaf957edf9 fix(deps): update module golang.org/x/sys to v0.37.0
d1c43e3ae8 Fixed #27120: Pod Quadlet can configure podman pod stop --time
928a50d228 fix(deps): update module golang.org/x/net to v0.45.0
79ecc1d56b Fix --userns=ns:<path> conflicting with runc 1.1.11+
98cb7b75d9 quadlet: standardize Convert function signatures
b765c91580 Add --replace option to podman artifact add command
3e774ee285 test/system: actually wait for container removal
fdb5ac5e8f test/system: run_podman ? needs quoting
09e535fb46 quadlet: remove unused 'name' parameter from ConvertNetwork and ConvertVolume
4bd6aff4b6 fix: #23915 podman build is not parsing sbom command line arguments
3a98b6dc0e test: Wait for killed container to avoid leak
b415b0ad3e Update pkg/api/server/register_artifacts.go
fb3eaf0c87 [DOCS] Add missing stable swagger API links
72ffd00c5a fix(deps): update module github.com/onsi/ginkgo/v2 to v2.26.0
00309d3955 secret ls: align docs, completion, and tests; fix formatting
6405925f79 Add artifact fallback to podman inspect command
a724fce8aa pkg/api: api list quadlets resource
3c3b805ea7 cmd/podman: --ignore errors flag to artifact rm
090304a054 lint: reenable revive unused-parameter check
88bca78c6e stop service instances
004e6ced76 test: remove outdated skip in podman run check personality support test
3b509022cd fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.9
83e65f91a4 Quadlet - Support template dependency
87b4f842de test: fix "run healthcheck" bindings test
ebde5d1563 cmd: add auto completion for network create --interface-name
e667532110 docs: point Go Report Card badge to v5 module path
ef0a7dd486 pkg/api/handlers/compat: use strings.CutPrefix
f198fe6b13 pkg/machine/wsl: use any instead of interface{}
5824197774 pkg/machine/e2e: remove obsoleted comment
8e55b67410 docs: fix Go Report Card badge to reference current repository
b5de5efb3e cmd/podman/system: fix error handling in renumber and migrate commands
571866775d [compat api] Remove ContainerConfig field
c11941eadb [DOCS] Update volume mount docs for subpath support
feb36e4fe6 Implement TLS API Support
a27929aaaf test/e2e: fmt artifact list with virtual size
32c962a177 Add Podman 6 HLD
9bca0d01d2 Add a design document for Conmon v3
4764b0e403 Add creation timestamp to podman artifacts
4652f5c3c6 docs: clarify that --userns=keep-id runs container as host UID
5ae0e0de3d cmd/podman: added virtual size option in artifact ls
63c40feb8c test: Fix test race in 030-run
f0f05e22c6 cmd/podman: completion for --sysctl in create/run
f26483ba7d fix: standardize casing for cgroups in documentation
15fdbe9442 test: remove hack workaround in 'use plugin in containers'
51f4e614e9 test: remove skip_if_remote from podman run - uidmapping has no /sys/kernel mounts
4b9be9c218 chore(deps): update dependency golangci/golangci-lint to v2.5.0
7c9aa72c55 add containerfile doc link
a0238fb19f libpod: Fill out OnlineCPUs in the FreeBSD stats handler
602ba415c6 libpod: Implement getOnlineCPUs() on FreeBSD
39750faab3 test/system: fix test race in exec leak check
b8258a53dd Update github action to use pull_request_target
b24220b0a2 Revert "test/e2e: try debug potential pasta issue"
ab5e400a9a docs: remove remote limitation note for --build-context option
8d06a9e9f7 fix: Correct typo in chrootdirs option
2702156bd7 pkg/bindings: on terminal attach always wait for stdout to be done
7ff07b6e0c pkg/bindings: use HTTP 101 upgrade request for attach
9e2850d0a8 Add --sign-by-sq-fingerprint to push operations
2f005b67f4 Exercise containers_image_sequoia in CI
070d7c3ad3 Revert "Rewrite the Quadlet documentation."
bb422c8372 Revert "Change the syntax to not depend on jinja2."
fd60d63bf4 Revert "Deduplicate more options."
4ae8e386ef Revert "docs: restore podman-systemd.unit.5"
04af9ae3fc fix(emulation): handle fs.ErrNotExist in registeredBinfmtMisc
80f1d48d44 [skip-ci] Update actions/setup-node action to v5
aa8bbbb1ff [skip-ci] Update actions/github-script action to v8
796be1e4bf troubleshooting: document lsetxattr error
e1c1961d48 [skip-ci] Update actions/checkout action to v5
43a294fa94 vendor: update golang.org/x packages
4417e6269c use maps.Clone() over Copy() when possible
637de6022f libpod/oci_conmon_linux.go: fix false postive in linter
9e4fad8d06 pkg/systemd/quadletL silence one lint warning
78e5a521b0 inline some conditionals
8631032556 run modernize -fix ./...
dc5a791f58 use bytes.SplitSeq where possible
b97525a78d use strings.SplitSeq where possible
4e3e9bfb70 update to go 1.24
8537afca66 test/e2e: fix podman run default mask test with crun 1.24
3bb32d846b test/system: skip noswap memory mounts correctly
52fcdcf64c test/system: skip idmapped mount correctly
bd7aada776 cirrus: update to freebsd 14.3
710e216390 cirrus: fix golangci-lint cache leak
a720139dd8 New VM images 2025-09-10
5b10b51788 Add a directory for design documents
936a01e088 Quadlet build - consider File path that starts with a systemd specifier as absolute
d0be0e9659 Makefile: restore HELPER_BINARIES_DIR
2bed9a40bc fix(deps): update module google.golang.org/protobuf to v1.36.9
c70c0ac13e refactor: Modularize binding build functions
c38babff57 Adding github action to generate a badge for first time contributor
8566ef71c0 fix: set header fields before response status code to prevent missing fields
50a3e3cf8a fix(deps): update module github.com/opencontainers/cgroups to v0.0.5
6c4b98c940 test/e2e: add CVE-2025-9566 regression test
cab3c6de6d docs: restore podman-systemd.unit.5
6756eb3412 Deduplicate more options.
fdeaf2905f Update module github.com/onsi/ginkgo/v2 to v2.25.3
163bdf2df8 quadlet: fix runtime error for invalid Mount value
792bbd2046 [skip-ci] Update actions/labeler action to v6
853dd36da3 Update dependency pytest to v8.4.2
43fbde4e66 kube play: don't follow volume symlinks onto the host
4b66e5a27b Add R! to systemd-tmpfiles script for all /tmp dirs
c2506656c4 spf13/pflag: replace deprecated ParseErrorsWhitelist
ca9c8d104e update module github.com/spf13/pflag to v1.0.10
889a5fd0ac [skip-ci] Update actions/stale action to v10
f22506b74f [skip-ci] Update actions/setup-go action to v6
310f196aea fix(deps): update module github.com/docker/docker to v28.4.0+incompatible
faceb67782 test/buildah-bud: enable one skipped test
dbfddb82cb vendor: update go.podman.io/{common,image,storage}
2c6dadd724 Fix a locking bug in that could cause a double-unlock
5c810ea1c8 Makefile: add SOURCES dep to bin/podman.cross.% target
b62f887fbd Makefile: add proper docs for bin/podman.cross.%
3633cd53e8 Revert "Remove bin/podman.cross Make target"
98072bfcea refactor: modularize build REST API with utility functions
2acf5c0119 libpod: Fix the jailName helper
a250fee0ec libpod: Fix "top" support on FreeBSD
5ba23ccad5 compat: Deduplicate the Linux and FreeBSD containers/stats helpers
a341a4ee24 compat: Add a stub container/stats handler for FreeBSD
9de737bf29 Change the syntax to not depend on jinja2.
c12b1b32bc Rewrite the Quadlet documentation.
247a80db45 test/system: remove distro-integration bats tag
ee45782079 test/system: fix podman load - from URL
20fb712872 test/system: do not connect to github server
59df0782f2 Handle SIGPIPE to prevent machine stuck in Starting state
9b8e785e3c fix(deps): update module github.com/spf13/cobra to v1.10.1
c65fd9a2c2 quadlet: add HttpProxy option for Container sections
26aafb21d2 fix(deps): update module github.com/checkpoint-restore/checkpointctl to v1.4.0
46d757501a do not pass [no]copy as bind mounts options to runtime
4e2a04dedc do not pass volume-opt as bind mounts options to runtime
a98154a978 Switch common, storage and image to monorepo.
c8681b6028 chore(deps): update module github.com/ulikunitz/xz to v0.5.15 [security]
0f477eaaa6 fix(deps): update module github.com/spf13/pflag to v1.0.9
573fd0d7eb fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.8
b9812e3d9e Mention zstandard tarball import support
80348a50d0 chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.4.0 [security]
3d4f8153be fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.2
3effff42eb tests: Get rid of netcat on the host and use Bash's /dev/tcp
0ff079d320 tests: Replace ncat for socat
9c3652c188 Add support for criu's tcp-close functionality.
e467439ab8 test/e2e: actually start container in startContainer
3a1ce1fb3d fix(deps): update module github.com/stretchr/testify to v1.11.1
8e59c948df test/buildah-bud: skip new failing test
df80fbcab6 test/e2e: remove image diff test skips
b172cf7475 vendor: update buildah to latest main
e76b08394e vendor: update c/{common, image, storage} to latest main
a5a00c1796 Add a release note for 5.6 Rosetta being disabled-by-default
413eea885b fix(deps): update module github.com/stretchr/testify to v1.11.0
2dd3111098 fix(libpod): truncate long hostnames to correct maximum length
18aa78a7e6 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.1
877e208820 fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.32
c51c6e58a7 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.25.0
4b835f36b9 fix(deps): update module github.com/coreos/go-systemd/v22 to v22.6.0
249fa21e8a Improve documentation wording
5a2098cf61 windows: do not convert unconfined seccomp path
d267f8a3dd ci: log wsl --version output
40cd207437 Update module github.com/kevinburke/ssh_config to v1.4.0
fa5140771f Update module go.etcd.io/bbolt to v1.4.3
4b5ada39e4 Update release notes on main to reflect v5.6 release
514e686b4c podman events: show network create/remove event with journald
9d47477e82 cirrus: fix podman machine windows only_if condition
2c89069fa8 update tests duo to CRUN#1767 to support both values
cfe4d46d89 Optimize image loading for Podman machines
0a9d5ca75d Skip JSON parsing for non-JSON error responses
be0ad4a7aa [docs] Refactor Artifact API documentation
2e7d6135c6 fix(deps): update module github.com/onsi/ginkgo/v2 to v2.24.0
96d9a00adb docs(run,create): note remote clients support only docker transport
10f9c9a7e8 Configurable GINKGOTIMEOUT in `winmake.ps1`
e1d6dfd2c7 Fixes #26369
46ee62ca6a Fixes: #26353
4690bce8a8 2025 3Q Roadmap Update
c33af3c8dd docs: add missing groups and hgroups descriptors to podman-top documentation
fda74ee619 added system-connection-add options example
68ed0c08e6 fix(deps): update module github.com/containers/gvisor-tap-vsock to v0.8.7
700351a813 test/buildah-bud/run-buildah-bud-tests: loosen the branch regexp
21f2128d79 added example for custom socket
599c635f9f chore(deps): update dependency golangci/golangci-lint to v2.4.0
6d54a298c9 chore(deps): update docker.io/library/golang docker tag to v1.25
3ca729a2fb fix: Correct small typo foce -> force
f38e32760d feat: Add artifact remove --all option
b0febf3336 Update ADOPTERS.md
5706d2a61e make machine --user-mode-networking docs more clear
4bb4cf62cb [skip-ci] Update actions/checkout action to v5
512e04946c remove outdated dependencies/analyses scripts
5f5519607b contrib: add script and docs to analyze dependency usage
b6b8d05a52 Small changes suggested by markdown linter.
a0e6396c43 Updated with Type descriptions.
9a2dccf4f4 Add a deprecation notice for users of BoltDB
9b62438ede test/buildah-bud: fix checkout to also handle go.mod replace
8633b5edeb Update module golang.org/x/net to v0.43.0
cc465e7227 Updated with badges for Type and no extra line.
930cd25739 Feat: Add log_path support in containers.conf
e14b8acba8 Update vendor dependencies
1d6fda8eda New: initial ADOPTERS.md file.
7247d84fbe Fix typo
a75f74b1d3 Fixes: #26691
2959d9f7ec fix: drop yearly contributor badge
8ef76a6933 [skip-ci] Update actions/download-artifact action to v5
b5fce87237 Manpages: Added --filter flag examples to all the relevant podman manpages
7c95ceae57 Manpages: podman container runlabel added example with --replace
67ec2037c0 Add support for configuring tls verification with machine init
69f8f26d98 pkg/machine/e2e: remove build context skip
b8bba308b0 fix(deps): update common, image, and storage deps
ca3347cc2b doc(podman-system.unit.5.md): clarify user/group
6c27165054 Packit: do not notify on podman-next failures
1001450d77 chore(deps): update dependency golangci/golangci-lint to v2.3.1
32ec523ef6 Makefile: Clarify different `binaries` targets
f96eccb1ac docs: add examples with resource limits and mounts to podman pod create manpage
b7b7839ad3 compat: remove deprecated VirtualSize
a6fa3de870 fix(deps): update module github.com/shirou/gopsutil/v4 to v4.25.7
4a7974a7a8 [CI:DOCS] Remove Experimental from Artifacts man pages
0530a564a7 Fix: Improve error message for empty device modes in API requests
5ab92a7499 docs(kube play): clarify --annotation flag only affects containers, not pods
23ebb7d94c feat: add Podman artifact support to Go bindings and remote clients
0666b4ffbf events: add support for label filter with key only
610c4c7710 compat: GET /_ping return Builder-Version: 1
1963c6275e compat: remove GET /system/df BuilderSize
b0e7a2ec9b compat: add shared-size par to GET /images/json
e33d92ce9e docs: add LFX Insights badges
b5d18e873f Fix ancestor filter to support Docker-compatible substring matching
924e03ac97 fix(deps): update module github.com/mattn/go-sqlite3 to v1.14.30
88bb9daeab fix(deps): update module github.com/docker/docker to v28.3.3+incompatible [security]
0740b94fcd fix(deps): update module sigs.k8s.io/yaml to v1.6.0
003a4d44a1 docs: add resource limit examples to podman pod clone manpage
81d6d90195 Improve handling of --publish and incompatible NetNS modes
df2862e72c Consolidate the definition and consumption of --sign* CLI options
426e787beb Fix (podman artifact push --creds)
67927715cf Remove unused CLI options
dd8bc6ccb9 Bump main to v5.7.0-dev
7f2908afcf podman: add --creds and --cert-dir to create/run
31fafad0c1 Update module github.com/mattn/go-sqlite3 to v1.14.29
dcd187946d Skip rather than comment bad diff tests
4395ff1f25 Link to blog post
3ef33653ff compat: RepoTags and RepoDigest return [] and not null
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
yocto-check-layer reports an error for any task between do_fetch and
do_build that has network enabled. Two changes fix this:
container-bundle.bbclass: Move do_fetch_containers from a standalone
task into a do_fetch postfunc. When remote containers are configured,
the anonymous function adds extend_recipe_sysroot as a do_fetch
prefunc (so skopeo-native is available) and do_fetch_containers as a
postfunc. Network access during do_fetch is permitted by the QA check.
container-registry-index: Remove do_container_registry_index from the
build dependency chain (drop "before do_build"). Registry push is a
deployment action requiring explicit invocation:
bitbake container-registry-index -c container_registry_index
The default do_build task now prints usage instructions.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
One cli patch is refreshed, otherwise, no build changes required.
Bumping moby to version docker-v29.2.1-34-g8abd12c5bb, which comprises the following commits:
7fef0b66f6 daemon/volume: don't print warnings for non-volume directories
d809806f2f daemon/volume: Drop BindOptions for image mounts
8014653ecc fix(deps): update github.com/moby/policy-helpers digest to 77d5435
eb0a1bc455 integration: run more Buildkit tests on Windows
5fc3ea8426 .github: actually use snapshotter in Windows tests
efc2f55cc1 .github: install buildx in Windows CI
5d963f26fe hack/make.ps1: respect $TEST_INTEGRATION_FAIL_FAST
f889c34627 Dockerfile: upgrade Delve to v1.26.0
8f66e0c150 update to go1.25.7
897575142a gha/bin-image: Fix build not running for tags
af18206630 daemon/command: add support for sd_notify "reload" notifications
0e523625f8 daemon/command: send notifyReady, notifyStopping synchronous
236fc46b5a daemon/command: don't make notifyReady(), notifyStopping() asynchronous
ae7e72b626 gha: update OTEL collector to v0.144.0
f478a9212d go.mod: add back replace rules
899446ca81 fix(deps): update module code.cloudfoundry.org/clock to v1.60.0
a1056edad1 golangci-lint: make exclusions more specific, and combine some
8f45db8414 daemon/pkg/registry: use lazyregexp again
3f9885fa1f hack/validate: golangci-lint: rm deprecated --print-resources-usage flag
7648df07ad fix(deps): update module github.com/coreos/go-systemd/v22 to v22.7.0
3a583a570b c8d/system: Fix race between `df` and `prune`
4ec7c53f1f ci: renovate: replace uses of deprecated matchPaths option
3068dc540f chore(deps): update github/codeql-action action to v4
54501c09fc Bump go-tuf from v2.3.1 to v2.4.1
21dd960a73 d/libnetwork: fix (*Controller).getLBIndex panics
420cdd1737 ci: update docker/github-builder to v1
750a2014a5 vendor: update buildkit v0.27.1
b3babf3419 chore(deps): update docker/buildx-bin docker tag to v0.31.1
e396e5a6ea ci: renovate: tweak settings for golang.org/x/
c622002eb9 ci: renovate: group google.golang.org/genproto packages
2796980dbc vendor: github.com/theupdateframework/go-tuf/v2 v2.3.1
d5ddaeddce vendor: github.com/secure-systems-lab/go-securesystemslib v0.10.0
178106be33 daemon: shouldIgnoreExitEventWithLock: fix minor nits
b0e62bdf59 vendor: github.com/moby/policy-helpers eeebf1a0ab2b
d7218ec6c1 daemon/pkg/plugin/v2: use namespace consts
51664a25d7 libn/d/overlay: calculate SPI like older engines
13422acb53 renovate: ignore docker/github-builder-experimental
1200f5e45c daemon: Fix panic in shutdown after daemon init fails
b7b572a3e0 vendor: github.com/moby/moby/client v0.2.2
655828b656 vendor: github.com/moby/moby/api v1.53.0
4fa326fa85 api: Cut v1.53
f9ed31aa95 Drop replace rules
59abc76746 daemon/pkg/opts: remove unused ParseHost
8afb45b42f loadDaemonCliConfig: explicitly set default host
f6c0f41e6d api/pkg/authconfig: reject multiple JSON documents in Decode
62c1a719b3 api/types: use "omitzero" instead of "omitempty" for "netip" fields
9d839a236c chore(deps): update actions/checkout action to v6
7e8adf4d33 ci: renovate: disable for api and client modules
f187929e87 retrigger github action
86fd73d8bc ci: renovate: fix regex escaping
8ff66aa5dc ci: renovate: add comment about Graylog2/go-gelf dependency
c36b44b21a ci: rename renovate.json to renovate.json5
c75070b9b4 chore(deps): update actions/cache action to v5
ab3be3c68b typo: called to caller
5589d5a1ea fix(deps): update module code.cloudfoundry.org/clock to v1.59.0
2cafa78953 vendor: github.com/cloudflare/cfssl v1.6.5
3b5a0c1e4c vendor: github.com/zmap/zlint/v3 v3.5.0
35aa470f73 vendor: github.com/weppos/publicsuffix-go v0.30.0
d5e23b680c daemon: ignore duplicate task exit events in daemon state
7b38ece108 integration: gofumpt
17de27ffc2 daemon: gofumpt
5bde1565a6 client: gofumpt
f3343bf846 api/types: gofumpt
3380c52740 vendor: github.com/klauspost/compress v1.18.3
0a3af47d89 vendor: golang.org/x/tools v0.41.0
2d5c1cdb02 vendor: golang.org/x/mod v0.32.0
818ec93592 vendor: golang.org/x/net v0.49.0
7a12d1bcea vendor: golang.org/x/crypto v0.47.0
d163d3326b vendor: golang.org/x/term v0.39.0
5b62347a5f vendor: golang.org/x/text v0.33.0
dceb87f58b vendor: golang.org/x/sys v0.40.0
4bc3a76891 daemon/command: slight cleanup of normalizeHosts
20c801f9e1 daemon/pkg/opts: export ParseDaemonHost
7f16c4fee0 vendor: github.com/sigstore/rekor v1.5.0
bb43161e2f vendor: google.golang.org/api v0.260.0
b21163a330 vendor: github.com/googleapis/enterprise-certificate-proxy v0.3.9
644af76187 vendor: github.com/googleapis/gax-go/v2 v2.16.0
a39cf56355 vendor: go.uber.org/zap v1.27.1
ca49081e4e vendor: cloud.google.com/go/auth v0.18.0
c7657f8d73 client: ResponseHook: remove error return
2bc7febeb6 client: implement WithResponseHook option
48bbed596e fix(deps): update module google.golang.org/grpc to v1.78.0
b30e701b73 vendor: update github.com/go-openapi dependencies
fd1679ac13 vendor: github.com/sigstore/sigstore v1.10.4
b92173f68a fix(deps): update aws-sdk-go-v2 monorepo
5819d10989 client: deprecate ContainerListOptions.Latest
d9cead55b2 client: deprecate ContainerListOptions.Since, ContainerListOptions.Before
311bfe9cc9 fix(deps): update module github.com/aws/smithy-go to v1.24.0
36b94c251c chore(deps): update tonistiigi/xx docker tag to v1.9.0
1b665b6af6 chore(deps): update lima-vm/lima-actions action to v1.1.0
edcbbba6d4 chore(deps): update docker/buildx-bin docker tag to v0.31.0
686c611b25 chore(deps): update alpine docker tag to v3.23
59083a9057 fix(deps): update module github.com/miekg/dns to v1.1.72
d204cc202e chore(deps): update docker/compose-bin docker tag to v5.0.2
9c2e4d9295 renovate: Always run go mod tidy
8a7e012563 renovate: Ignore go-gelf
695f158716 pkg/homedir: fix broken links to basedir specs
fba5998d26 vendor: update buildkit v0.27.0
e8f088caf7 daemon: rename vars that shadowed imports
2f6011c05f daemon: daemon.registerMountPoints: use switch statement
26e8376a3c api: fix grammar: user defined / user specified -> user-(defined|specified)
a10af4dc68 gha/labeler: Use "all" group for vendor exclusion
96df8d8a1f Add test case for ContainerList Latest option, use table-test
d8e88a964b gha/labeler: Filter out vendor changes
1a75179857 daemon/volume/mounts: extract validation for extra fields
1f93820d1d vendor: github.com/miekg/dns v1.1.70
62cecee324 chore: Update outdated GitHub Actions versions
90c3f80735 go.mod: add back replace rules
86f122af27 Map nvidia --gpus request to CDI device requests
5961616a77 daemon/server/backend: ContainerListOptions: remove unused Latest field
3abbf46a6b daemon/server/backend: ContainerListOptions: remove unused Before and Since
b0c8ff7d0c daemon: Check system requirements in newDaemonCLI
69d67e07fa vendor: github.com/moby/moby/client v0.2.2-rc.2
46ecbe09a9 vendor: github.com/containerd/stargz-snapshotter v0.18.1
bd660c390b api/docs: sync MountType to versioned swagger specs
721cb50a18 api: add MountType to definitions
2018b9e1f3 Use Debug instead of Debugf for device request logging
1b5b00c98c fix grammar: user defined / user specified -> user-(defined|specified)
c1b3202150 integration/volume: Add test for image mount subpath daemon restart
1b427548b1 vendor: github.com/moby/moby/api v1.53.0-rc.2
6dac897ad4 daemon: Check system requirements before initialization
ef5287fb08 migrate TestContainerAPIPostContainerStop to integration
89a04a8354 vendor: update buildkit to v0.27.0-rc2
26d292b3e4 inspect: add API-version gate for image identity
8890f815ca inspect: add signature identity support
0adfe6c856 inspect: add pull identity to track origin registry repo
3540989c71 inspect: add build identity support
7745b7135f api: add swagger definitions for new Identity type
1d4e04bed1 api: add inspect identity base type to expose trusted image origin
bead7d7dd4 fix: goroutine leak in TestRingLogger
0100e94c49 renovate: Group golang/x packages
732379f8c2 renovate: Add git sign off
e521c369e0 renovate: Move to .github
783d2fd8ce Add renovate.json
0408faabd6 vendor: github.com/moby/buildkit faed462a29ea (v0.27.0-rc2-dev)
2c66ddf907 vendor: github.com/moby/buildkit v0.27.0-rc1
cebb12ddaf update to go1.25.6
2fe5e8e04a vendor: github.com/grpc-ecosystem/grpc-gateway/v2 v2.27.3
4a0f9759f9 vendor: github.com/jmoiron/sqlx v1.4.0
39e6e582c6 vendor: github.com/spdx/tools-golang v0.5.7
eb31710061 vendor: github.com/prometheus/procfs v0.17.0
3684a9cfc4 vendor: github.com/hashicorp/go-sockaddr v1.0.7
5ff9c6a9fd vendor: google.golang.org/genproto/xxx v0.0.0-20251103181224-f26f9409b101
09251e5855 vendor: github.com/googleapis/enterprise-certificate-proxy v0.3.7
184ee84190 vendor: github.com/containerd/nydus-snapshotter v0.15.10
25aec1f32d vendor: github.com/anchore/go-struct-converter v0.1.0
dc46ee9e1c vendor: github.com/Azure/azure-sdk-for-go/sdk/azcore v1.20.0
c7d9ac59c3 vendor: cloud.google.com/go/auth v0.17.0
54c9a0f6c4 vendor: github.com/aws/aws-sdk-go-v2/config v1.31.20
3ebfc369cb vendor: github.com/aws/aws-sdk-go-v2/credentials v1.18.24
2a87c9af9d vendor: github.com/aws/aws-sdk-go-v2 v1.39.6
18ea00a638 vendor: github.com/aws/smithy-go v1.23.2
6ff97c143b vendor: cloud.google.com/go/compute/metadata v0.9.0
8ff4021564 vendor: github.com/sirupsen/logrus v1.9.4
97ea303372 Dockerfile: update golangci-lint to v2.8.0
9ec65542a0 libnetwork: fix graceful service endpoint removal
e709f27c80 ci: use docker github builder to build bin image
9f2faa5cec client: fix TestWithUserAgent
fadd8dc47c daemon/libnetwork: Fix panic in findHNSEp when IP networks are nil
cb88c6ba10 daemon/volumes: More fs friendly image mount layer names
9ebbf652bd client: do not modify user-provided HTTP client
41d19f6644 api/docs: backport assorted fixes and enhancements to older api versions
f2f622ebf4 internal/testutil/daemon: fix minor linting issues
4bcf9665af vendor: cloud.google.com/go/logging v1.13.1
0d27c51913 hack/validate: only search repo-dir for modules
07e2a782c7 libnet/internal/resolvconf: Parse: improve error message
32d34c472c docs: fix type in comment
06704ef904 client: use stop function to deregister context.AfterFunc
d85c1a258a daemon/server/httputils: remove badParameterError
e529aa7d7c integration/container: TestStats: explicitly check zero-value
0fb55db037 docs: clarify healthcheck behavior
dcb0149ee1 daemon: inline copyAttributes utilty
8a01dc2f90 daemon/cluster/executor/container: rename vars that shadowed
5c637b7209 fix: prevent potential panic in Shutdown when EventsService is nil
22345e3369 docs: improve description of image tag API endpoint
1b9f126ede docs: document healthcheck timeout termination behavior
955897fe21 docs: fix base64 encoding description for secrets and configs
917d66d833 docs: update stats API description for cgroups v2 compatibility
1fd2395cd3 docs: fix reversed descriptions of version.Arch and info.Architecture
ae4c17fdb7 migrate TestAPIImageImportBadSrc to integration test
93afda3670 migrate TestAPINetworkInspectWithScope to integration test
c8aaeea285 ci: run golangci-lint for each Go module
e09afad3cb api/types/network: remove use of "reflect" in test
78c6b01902 api: add root doc.go to prevent fallback to github.com/moby/moby
9176746aba vendor: github.com/tetratelabs/wazero v1.11.0
2a9eb66ddc vendor: github.com/moby/go-archive v0.2.0
7239c72eca remove uses of deprecated go-archive consts
1a12717766 vendor: golang.org/x/oauth2 v0.34.0
595d00cb49 vendor: golang.org/x/tools v0.40.0
d9fa84260a vendor: golang.org/x/mod v0.31.0
98ec249d2b vendor: golang.org/x/net v0.48.0
e229e91247 vendor: golang.org/x/crypto v0.45.0
1a4e4dafe9 vendor: golang.org/x/text v0.32.0
e0795ef3ab vendor: golang.org/x/tools v0.39.0
48e96d4353 vendor: golang.org/x/sync v0.19.0
dccdb1b618 vendor: golang.org/x/sys v0.39.0
7ddc5f609a hack: add nri_no_wasm build tag to static builds
1175dd348e daemon/volume/mounts: Fix tests on Windows
6cbabb04b9 gha: Bump actions/download-artifact to v7
fae334b4c0 vendor: google.golang.org/protobuf v1.36.11
beeacde4b2 Remove restriction on anonymous read-only volumes
8452b64f32 Dockerfile: update containerd binary to v2.2.1 (static binaries and CI only)
b293e73bdb vendor: github.com/containerd/containerd/v2 v2.2.1
01440122f2 vendor: github.com/containerd/nri v0.11.0
32d4f64a65 vendor: github.com/opencontainers/runtime-tools v0.9.1-0.20251114084447-edf4cb3d2116
6766ce7be2 vendor: tags.cncf.io/container-device-interface v1.1.0
2c533f9327 vendor: github.com/containerd/cgroup/v3 v3.1.2
4b4223a8d4 vendor: github.com/opencontainers/runtime-spec v1.3.0
9ae239e654 golangci-lint: iface: ignore identical interfaces in client module
7b74376ff1 client: testRoundTripper: remove unused skipConfigureTransport method
34ee29ceaa client: use errors.New (revive)
e254a9f0f1 client: containerDiskUsageFromLegacyAPI: make switch exhaustive
f39912a30e client: fix some missing error checks in tests (ineffassign)
8f3bfa3f34 client: fix missing import aliases (importas)
0fd5cc134b api/types/jsonstream: Message: fix godoc
6c845ded18 api/types/swarm: ResourceRequirements.MemorySwappiness: fix json tag
f005e1cb73 vendor: update buildkit to d1e5d1a8f771 (master / v0.27.0-dev)
8c0e404f6f vendor: go.opentelemetry.io/contrib/* v0.63.0
c88c8a6547 Dockerfile: update RootlessKit to v2.3.6
307bcec726 vendor: github.com/rootless-containers/rootlesskit/v2 v2.3.6
c6d2d697eb docs: remove mention of DOCKER_CLIENTONLY
81c170a696 Makefile: remove DOCKER_BUILD_GOGC
d5c81b1c01 Makefile: remove unused DOCKER_BUILD_PKGS
3a9a041092 Makefile: remove unused DOCKER_BUILD_OPTS
9dd2936e04 validate/module-replace: Also allow changing ref of the api module
05f9988fc8 hack/vendor/dropreplace: Make the auto-ref pick more reliable
354abbcb92 hack/vendor: Allow to specify ref to dropreplace
4b9e56156d Re-add replace rules
1acc9d3739 vendor: github.com/moby/moby/client v0.2.2-rc.1
3cee1aad22 vendor: github.com/moby/moby/api v1.53.0-rc.1
5070ad8dc1 Drop replace rules
614d9b966f daemon/libnetwork/options: GenerateFromModel: remove redundant check
e1fb5ef4a7 api: update to go1.25.5 and remove version from Makefile
265bdc1a06 validate/module-replace: Ignore client diff if it only removes the replace rule
aef5d996ce use mime-type application/jsonl to align with openapi 3.2
26bb1af7e6 daemon/layer_store: Use named return error for defer
72ce2c3f82 doc: fix module definition
c63bf203bf vendor: github.com/moby/buildkit v0.26.3
1f532963ed golangci-lint: remove unused exclusion rule
9cd41375ce Dockerfile: update golangci-lint to v2.7.2
1f498c5ff0 fix linting issues
366044fc20 vendor: github.com/spf13/cobra v1.10.2
c2073cc7e2 vendor: go.etcd.io/etcd/* v3.6.6
0ae3f972ad daemon: Simplify slices.Contains usage
8802be9eca hack: Restore rootlesskit and tini installers
54a6ec374a Update client MaxAPIVersion to 1.53
1e209e788b Continue to backfill empty PortBindings in API 1.53
2cce7ff87f api/docs: move ImageHistoryResponseItem to definitions (API v1.25-v1.52)
b48be08eb5 project: Update branches/tags and patch releases
51d1974500 daemon/cluster/test: Use `t.Context()`
6c5233e109 modernize: Use `strings.CutSuffix`
71fd582aa2 modernize: Use strings.Builder instead of string concatenation
62ed24a87c modernize: Use slices.Contains
bce14ac5bc reflect: Use `TypeFor` instead of `TypeOf`
3df05205f4 modernize: Use range int
e548a31d28 modernize: Use `min` built-in
39c19d9161 modernize: Use fmt.Appendf
cdce8f4f92 modernize: Use maps.Copy instead of for loops
ff33808a79 modernize: Use strings.Cut instead of strings.Index where possible
a25907b485 modernize: Prefer `strings.SplitSeq` instead of `Split`
c9b0a21bb1 modernize: Use `b.Loop` (introduced in Go 1.24)
37fdb6d775 ci: Remove concurrency setting from golangci-lint config
f44b5abf0e api: deprecate /grpc and /session endpoints
a0bd623959 api: remove docs/v1.53.yaml
53c67be034 daemon/c8d: Log correct error extractOCIErrors
98d196b714 NRI: error on unsupported adjustment
ff553c5069 NRI: make config reloadable
3f938c6091 gha: Bump actions/upload-artifact to v6
3fdde529e7 layer: Clean up init layer if initialization fails
7c7a626e5d NRI: include in API Info response
f6b1488468 Bump API to v1.53
29d5098ffd migrate TestAPINetworkInspectWithScope to integration test
d7a6250b91 layer: Clean up RW layer if mount metadata save fails
10c0fc4de8 NRI: add TestNRIContainerCreateAddMount
a30301b28d NRI: allow plugins to add mounts
52f33797f3 vendor: github.com/opencontainers/runtime-tools v0.9.1-0.20251111083745-e5b454202754
70004549fb layer: Fix orphan creation in registerWithDescriptor
413b4afcba vendor: github.com/tetratelabs/wazero v1.10.1
24bac4495e vendor: github.com/containernetworking/plugins v1.9.0
caaa9c9bb5 simplify swagger generation
ec9315cd4f daemon: clean up dead containers on start
849afcc5be daemon: use WithExtraDialOpts for containerd client connection
8dd2c72fb6 gha/vm: Update lima template locators
c74203adbb gha: Fix PR branch validation
0666108ebf api: move scripts to generate and validate swagger to api module
a97b330c6c Makefile: Add simple dev loop
2a191665b8 daemon/container: Container.BackfillEmptyPBs: prevent nil map
43780fe40c daemon: disallow container port 0
695010ba2e daemon: buildCreateEndpointOptions: fix panic with "publish all"
8cf9e64738 NRI: report container state to plugins
dc1fe0be82 NRI: minor cleanups
322dda3908 NRI: add TestNRIContainerCreateEnvVarMod
b67f0c0449 NRI: add ContainerCreate hook, allow env-var adjustments
565f7dce18 integration-cli: TestUserDefinedNetworkAlias: adjust for API versions
93eb7962dc integration-cli: TestUserDefinedNetworkAlias: replace deprecated utils
83f17f77cf integration-cli: adjust some tests for API-specific event-types
35f1250685 integration-cli: use event-consts in some tests
33eb3b8d78 integration-cli: TestEventsFilterType: remove test for "build" events
99066209a2 libnetwork/options: GenerateFromModel: use generics
14c5cd377d libnetwork/options: GenerateFromModel: reduce reflection
d210449d85 Natively support GRPC on the docker socket
fcb23060fc integration-cli: rewrite some tests depending on intermediate images
751a6f9f33 integration-cli: improve TestBuildNoNamedVolume
5152c7c3ef integration-cli: DockerCLIBuildSuite: use more unique names for images
a39e866aa8 integration-cli: rename var that shadowed package-level const
14906f8023 NRI: use the daemon's logger
282868dabf NRI: instantiate and start/stop NRI adaptation
4941b36883 NRI: import containerd's NRI adaptation package
5ab4a14fe8 gha/vm: update Lima to v2.0.2
cc30833181 integration: increase timeout
a230544000 NRI: add daemon.json/command line options
29560eacda go.mod: add back replace rules
773aca9f5d api, client: add separate LICENSE file
bb713e7fa8 Fix spelling error in comments for names-generator.go
3ac4fd1eba project: add End-of-maintenance date for 25.0
e874083bdb Dockerfile: update compose to v5.0.0
da1e638566 Dockerfile: update cli to v29.1.2
b56d077034 fix: Correct typo in error message
9e72c44dae rm -r hack/dockerfile/install
6f9d1ec3fb update to go1.25.5
81d930f527 gha: update to actions/setup-go@v6
7000f92763 gha: update actions/download-artifact@v6
69963d84f8 gha: update actions/upload-artifact@v5
43ed81ed85 gha: update actions/checkout@v6
4b8f9dd251 vendor: github.com/klauspost/compress v1.18.2
a0e5e0525b Improve description of tmpfs mode
7687298e0a hack/validate/module-replace: relax check
a828af4d8d Dockerfile: Update buildx to 0.30.1
f97f234729 Dockerfile: update runc binary to v1.3.4
b9d18a107a integration: cdi: add TestEtcCDI to verify /etc/cdi is used in rootless mode
a55f610e2a cdi: resolve symlinks
e29eaedf65 cdi: skip scanning non-readable dirs
cd4397b4dc cdi: read XDG_CONFIG_HOME/cdi and XDG_RUNTIME_DIR/cdi for rootless
2e3a23c8ec c8d/inspect: Fix image inspect for incomplete images
69c4ea7aad system: df: fix SharedUsage on non-containerd
8c0751aa4d dockerd-rootless-setuptool.sh: fix `nsenter: no namespace specified`
7517464283 PublishAllPorts: don't crash with nil PortBindings
87583c9029 integration: migrate TestAPIImagesSizeCompatibility to integration test
310aa9241a libnet/pm: log when stopping userland proxy
52fae09ec0 libnet/pms/nat: don't bind IPv6 ports if not supported by port driver
955650b33f gha/test-validate: Reuse the dev image
56e8e43339 Revert "libnet: populateNetworkResourcesOS: updateDNS only if !needResolver"
83f00e9f2b Revert "libnet: rebuildDNS: update the hash file"
14a955db2f Revert "libnet: setupDNS: don't overwrite user-modified resolv.conf"
4219768511 vendor: update to client 0.2.1
ea539d267d client - use tagged api module
c74559df60 gha/validate: Actually dont fail fast
ecf4446e46 gha/validate: Don't fail fast
46ca7f19cd validate/module-replace: Fix check
f745fe7f14 vendor: client/0.2.0
a60bea5412 Drop replace rules
04ab3d562c client: don't downgrade when failing to negotiate
189942570a client: enable API-version negotiation by default
e752ec0f8e client: fix typo in comment
bec7ab7f62 client: TestTLSCloseWriter: test with version negotiation enabled
701f2fdade client: improve mocking responses
ef588715b6 client: add mockPingResponse utility
acb5c5a390 client: mockResponse: prevent sharing body reader
45c9f460b8 client: checkResponseErr: don't read body for HEAD requests
77858fab6e client: ensureBody: also ensure the request is preserved
e51a4306e2 client: ensureReaderClosed: small optimizations
89bd3150e1 client: client.ping(): use fresh request for HEAD -> GET
75520d1f5b client: resolveContainerSpecImage, resolvePluginSpecRemote: early returns
366ea9e9af client: ServiceCreate,ServiceUpdate: don't add empty warnings
e94ed33de1 vendor: github.com/mistifyio/go-zfs/v3 v3.1.0
0389d3b13e vendor: github.com/opencontainers/selinux v1.13.1
bda87b7de8 vendor: golang.org/x/crypto v0.45.0
163cc95aea Add TestGatewayErrorOnNetDisconnect
8f2aa3e0f5 Network disconnect: log rather than error on gateway update
e4a1657762 Check containerd client before using on Windows
a3916290da vendor: golang.org/x/mod v0.30.0
10d68d4399 vendor: golang.org/x/net v0.47.0
633acaa5b3 vendor: golang.org/x/crypto v0.44.0
e4900958c3 vendor: golang.org/x/text v0.31.0
bd79eb0da5 vendor: golang.org/x/tools v0.38.0
421bda22d1 vendor: golang.org/x/sync v0.18.0
3054fdd8b2 vendor: golang.org/x/sys v0.38.0
997837376a vendor: github.com/cloudflare/circl v1.6.1
5a5d5b4c5f integration: add Windows network driver and isolation tests
731ae07e65 Endpint.sbLeave: when deleting container, no new gateway
7639e193ff libnet: setupDNS: don't overwrite user-modified resolv.conf
eb18b398d4 libnet: rebuildDNS: update the hash file
937246a868 libnet: populateNetworkResourcesOS: updateDNS only if !needResolver
85b260fba8 PublishAllPorts: create port mappings for exposed ports
a2de9bb334 Unmap more netip.Addr vars created using AddrFromSlice
2effc1bfd4 inspect: unmap IPv6-mapped IPv4 host address
84a251d039 Allow configured address with no configured subnet
7e14b4d931 Update docker-py in test-docker-py
517ae20be8 .github: collect all the OTEL traces
54d269a3b4 vendor: update buildkit to v0.26.2
442f0115cd docs: update contributing guides for clarity and consistency (#49891)
93825e00e8 migrate TestAPIImagesSaveAndLoad to integration test
ed10b98506 Restore missing nwEndpointsMu.Lock
9fbc9d6e6d integration: migrate TestAPIGetEnabledCORS to integration test
774bb532f1 vendor: update buildkit to v0.26.1
e59d1b4563 libnetwork/drivers/overlay: DiscoverNew: move logic to setKeys, updateKeys
f40b45ca1f libnetwork/drivers/overlay: use structured logs in some places
c9f0314f21 libnetwork: controller.handleKeyChange: slight cleanup of logs
de11467756 daemon/containerd: cleanup registry error-handling
de546caa92 daemon/containerd: translateRegistryError: add early return
029770595d integration-cli: remove TestVolumeCLINoArgs
9ab033cc8a client: TestTLSCloseWriter: assorted cleanups / fixes
96b8f9c8ca Daemon.createContainerOSSpecificSettings - remove redundant param
33032b0454 Daemon.setSecurityOptions: remove redundant param
34925e5be9 Remove Daemon.setHostConfig
22c5c78bfb Move Daemon.registerMountPoints out of Daemon.setHostConfig
48709e502f Split OS-specific container config and volume creation
4434236088 Daemon.setHostConfig - don't set default network mode
e757bbb4ea Move call to Daemon.registerLinks out of Daemon.setHostConfig
92b4902b8d Daemon.registerMountPoints: var 'container' -> 'ctr'
5c9f2e0388 rootless: ignore error when enabling IPv6 forwarding
4622dd0ccc client: Client.buildRequest, jsonEncode improve handling of content
20d65620f9 client: Client.buildRequest: don't set content-header if not set
b17eee7aad Update DOCKERCLI_VERSION to v29.0.1
4e2e2cde7e client: simplify logic for manual vs auto API versions
1731e9e729 Don't try to remove cleared docker_gwbridge endpoint
6857132911 client: client.Ping: allow ForceNegotiate with manual override
8f1134b46d integration/image: migrate TestAPIImagesDelete to the new integration test framework
3e4a3cb03e integration: skip TestBuildWithHugeFile
53764de815 client: make WithAPIVersion, WithAPIVersionFromEnv order-independent
a5c7f3f9c8 client: don't negotiate malformed responses
bcc1db1ce5 client: WithAPIVersion, WithAPIVersionFromEnv: validate well-formedness
83ad5c92f7 client: Client.ping() fix duplicate ping
49c8d77639 vendor: github.com/ishidawataru/sctp v0.0.0-20251114114122-1
611c7dce43 client: export fallbackAPIVersion as MinAPIVersion
4535d63c91 daemon: install OpenCensus-to-OTEL trace bridge
0af2962fdd daemon: reduce use of pointer-slices in backend
53ea70ea46 inte/networking: TestDisableIPv6OnInterface: add '-c1' to ping
47bd247d4d inte/networking: test DNS resolution for non swarm-scoped nws
2e41476a5f libnet: create DNS records on sbJoin (if not agent node)
94e83af71a client: TestImageListWithSharedSize: merge with TestImageList
62589a6961 client: TestTLSCloseWriter: cancel context after test
a5dec0a779 client: make sure context is canceled for ContainerWait tests
76a4381d45 client: TestImageListWithSharedSize slight reformat
9af7fbff2a client: TestImageList: use subtests
391247ce96 daemon: Fix image store choice priority for prior graphdriver state
c5d0e3e6fa daemon: Add TestDetermineImageStoreChoice
17a3357e32 vendor: github.com/moby/buildkit v0.26.0
dae3650dcc client: rename/deprecate WithVersion, WithVersionFromEnv
e5db2380f5 client: rename options.go to client_options.go
5cf1fb3954 hack/validate: Check if replace rules are needed
0f597561e8 hack/test/unit: Fix api and client module testing without replace rules
2729703967 client: fix example in README (align with ExampleNew())
b29990916d client: fix unused imports
47e852f061 image: pull/load/save attestation manifest and signatures with image
16b95ba758 go.mod: add back replace rules
b4f9bd1cb3 c8d/builder-next: Don't force unpack
3874ca5984 vendor: update buildkit to v0.26.0-rc2
d558896fae vendor: github.com/secure-systems-lab/go-securesystemslib v0.9.1
bb07fdcd14 vendor: github.com/Azure/azure-sdk-for-go/sdk/azcore v1.18.2
f1d0fe47c9 vendor: github.com/golang-jwt/jwt/v5 v5.3.0
79344e1c9a vendor: github.com/gofrs/flock v0.13.0
d36617d2c1 vendor: github.com/containerd/nydus-snapshotter v0.15.4
1e48c34345 vendor: github.com/containerd/stargz-snapshotter/estargz v0.17.0
c169cc9629 vendor: github.com/google/certificate-transparency-go v1.3.2
940c8d6b71 vendor: cloud.google.com/go v0.121.6
621cee8dbe Dockerfile: update cli to v29.0.0
ce739870fb vendor: github.com/opencontainers/cgroups v0.0.6
7e78088f8f daemon: remove workaround for c8d client connection timeout
f740e0fefa vendor: github.com/containerd/containerd/v2 v2.2.0
1639703e56 vendor: github.com/containernetworking/plugins v1.8.0
e4278c4c54 vendor: github.com/containerd/go-cni v1.1.13
7c798d012a vendor: sigs.k8s.io/yaml v1.6.0
d8f2aa4e3b vendor: github.com/containerd/containerd/api v1.10.0
0a494a7303 vendor: github.com/moby/swarmkit/v2 v2.1.2-0.20251110192100-17b8d222e7dd
a040664176 vendor: github.com/Microsoft/hcsshim v0.14.0-rc.1
e65995d896 vendor: google.golang.org/grpc v1.76.0, google.golang.org/protobuf v1.36.10
65bb1bb21f vendor: go.opentelemetry.io/otel v1.38.0
6b8285f965 libnetwork/discoverapi: use DiscoveryType for enum
7eaf25ee59 vendor: cloud.google.com/go/logging v1.13.0
3f6f3b9ed2 vendor: cloud.google.com/go/compute/metadata v0.8.0
94eb87f4c0 vendor: github.com/klauspost/compress v1.18.1
1621c4e7ad vendor: github.com/prometheus/client_golang v1.23.2
efc3e93b1e vendor: golang.org/x/oauth2 v0.30.0
e773a0cf50 vendor: github.com/vbatts/tar-split v0.12.2
ebcf9bb0c4 vendor: github.com/containerd/cgroups/v3 v3.1.0
7c29edf1b4 hack: remove cpexp package
bb56c4d7e7 daemon: remove some deprecated and unused code
365e588d0f Dockerfile: update containerd binary to v2.2.0 (static binaries and CI only)
c950796596 client: use t.Context in tests
20b831c59a vendor: github.com/moby/moby/client v0.1.0
e0a877b487 vendor: github.com/moby/moby/api v1.52.0
854ccbfcf5 Drop replace rules
15241265dc client, api: update go.mod to go1.24
e8f156110a api/types/plugin: remove deprecated Config.DockerVersion
34fb9de7f3 api/docs: remove links to docs.docker.com from changelog
d192a63467 daemon: Ensure buildkit created container's isolation mode consistent with daemon's config
db71c6a914 api/types/container: make HealthStatus a concrete type
1fd87e9fdf api/types/container: make ContainerState a concrete type
18000fe371 api/types/volume: change ListResponse.Volumes to a non-pointer slice
fe1a505cbf simplify some commit tests, and work around change in CLI behavior
c477a68fb9 TestBuildForceRm: use assert to help debugging failures
b0ab0b4078 TestBridgeIPIsExcludedFromAllocatorPool: don't use deprecated fields
9b7452e903 TestDockerNetworkValidateIP: relax string-matching errors
82a5eec1aa DockerSwarmSuite: relax string-matching errors and output
2e3c523579 TestAttachPausedContainer: relax error-message matching
598618b6f2 TestBuildWithInaccessibleFilesInContext: use sub-tests
7aa036ef2e client: rename CheckpointDelete to CheckpointRemove, and add output struct
e2bdc51508 client: CheckpointCreate: add output struct
da25838fc3 client: CheckpointListResult: rename Checkpoints to Items
fda54735c9 client: move CheckpointAPIClient together with other interfaces
d087d3c057 daemon: close EventsService on shutdown
46090e88e4 daemon/internal/builder-next: Builder.DiskUsage(): use singleflight
fb94e241f5 daemon: disk-usage: fix incorrect key for singleflight
15a048c396 api, client: don't use a pointer-slice for plugins
ed428234bd api: remove / internalize LegacyDiskUsage
71bcd22d6d daemon/server/router/system: simplify constructing response
f5e319c950 daemon/server/router/system: use early return for disk-usage
20870f13c2 daemon: remove intermediate vars when collecting diskUsage
0dcb1fe344 daemon: align build.DiskUsage() with other disk-usages
f1a3387633 daemon/server/backend: align DiskUsage types with api
04de584531 daemon/server/router/system: use shorter names and comments
32319028e5 daemon/server/router/system: slightly rewrite logic for legacy
bd5e6bab1d go.mod: add back replace
34b6fb783d vendor: github.com/moby/moby/client v0.1.0-rc.1
f66f1b451c vendor: github.com/moby/moby/api v1.52.0-rc.1
e8745c2157 Drop replace rules
8db3118ac9 client: remove uses of deprecated NewClientWithOpts
1745075b24 client: DiskUsage: rename fields to match API
dcfcfd33e9 client: cleanup and re-group interfaces
931c347b36 api/types: rename disk usage fields
745c483e42 client: pkg/streamformatter: un-export unused utilities
4c6d0ebc40 Fix disk usage result from legacy response logic
bc3c37098c vendor: github.com/opencontainers/selinux v1.13.0
10f6eeb56d daemon: Refactor image store choice logic
4a3e139e3c daemon/command: NewDaemonRunner: set both stdout and stderr
0678de9c87 cmd/dockerd: main(): remove "onError" func
922cd97491 update to go1.25.4
d6ceff48bf delete redundant/incorrect cmd/dockerd/README.md
d0fbae6e44 gha/vm: Force Lima v1.2.2
0029924181 api/types/system: change legacyDiskUsage to a non-pointer slice
ff019cd853 internal/sliceutil: add Deref utility
e509a7cefe daemon/command: remove `__dummy_command` workaround for completion
6881ae72c7 api/types: use regular slices for disk usage types
c351539358 Dockerfile: test containerd v2.1.5 (linux), v2.0.7 (windows)
37d75fc46c vendor: github.com/containerd/containerd v2.1.5
f76f1fc013 client: Client.ImageSave: close reader on context cancellation
175e4e5048 client: Client.TaskLogs: close reader on context cancellation
d35d8ec81b client: Client.ContainerLogs: close reader on context cancellation
cc9969bfed client: Client.ServiceLogs: close reader on context cancellation
c5aedacb4f client: Client.ContainerExport: close reader on context cancellation
08cd02cab6 client: Client.ImageImport: close reader on context cancellation
849239cedf client: Client.ImageLoad: close reader on context cancellation
be96014740 client: Client.ContainerStats: close reader on context cancellation
d11232bad9 client: add newCancelReadCloser utility
fabdccbe10 api/types: move disk usage structs to per type packages
de9ab07188 client: ExecCreateOptions: change ConsoleSize to a ConsoleSize type
443b548efa client: ExecCreate: rename Tty to TTY
ebc1dfbb64 client: singularize prune methods
52a917d48a gha/bin-image: Fix dco running on non-v tags
39ccd04ca8 api/types/swarm: define type for RegistryAuthSource
39f2dbffa1 vendor: github.com/moby/buildkit v0.25.2
d299e5be83 api/types/swarm: define type for UpdateOrder
b552b8b729 api/types/swarm: define type for FailureAction
47edd80d97 integration-cli: Adjust nofile limits
35f6a78082 Dockerfile: update runc binary to v1.3.3
5ad71c5ddf vendor: github.com/containerd/platforms v1.0.0-rc.2
3a105f4e0c daemon/internal: adjust some build-tags
a69abdd90d api/types/system: add type specific usage fields to `DiskUsage`
2af22d3512 Fix TestHandleMACAddressBC
dc22f2c8bf client: make ImageSaveResult an interface
5c8a9b7b9e client: make TaskLogsResult an interface
7dc9d39ca1 client: make ContainerLogsResult an interface
8d0b09c722 client: make ServiceLogsResult an interface
0257c642c7 client: make ContainerExportResult an interface
5bfc628e97 client: make ImageImportResult an interface
5fc866fbfd client: make ImageLoadResult an interface
1051c7f89e client: Client.ImageLoad: move description of platform parameter
b30eb86b31 go.mod: add back replace rules
668b546d2c docker/save: stable timestamp for blobs/digest dir
31f7f62d6c client/pkg/security: simplify
9b749d7c85 integration-cli: migrate TestAPIStatsContainerNotFound to integration tests
b6dab24a43 dockerd-rootless.sh: restore missing `exit 1`
76b1d304e4 dockerd-rootless.sh: reject DOCKERD_ROOTLESS_ROOTLESSKIT_NET=host
5369540dd2 go.mod: remove "exclude" rules
9b8419f6ed daemon/config: export "min-api-version" through daemon.json
3d772829ba vendor: github.com/moby/moby/client v0.1.0-beta.3
93c273dc11 vendor: github.com/moby/moby/api v1.52.0-beta.4
56bd456694 Drop replace rules
1e56b87f7f hack/vendor: Make dropreplace vendor latest version
73455ce01a client: Remove ImageCreate in favor of ImagePull/ImageImport
fd1593c067 api/container_inspect: Ensure Config is not nil in inspect response
6aea8c2591 Dockerfile: update integration-cli CLI to v25.0.5
4bcd446f03 Deprecate cgroup v1
a087d03e0c client: refactor create network api implementation to wrap options/results
12c9de37e9 api/types: move Version to api/types/system
3d28cb8bbd client: ServerVersionResult: add back legacy fields
ebe464ea45 api/types: remove PushResult type, and move internal
22c037982c API compat: replace nil values when adding fields
19f4c27d81 api/t/network: represent MAC addrs as byte slices
433023a03d Move namesgenerator to internal
d1f70d4f54 client: deprecate NewClientWithOpts in favor of New
137adde33d client: prepare option-structs for multiple platforms
860307c4ea client: refactor ServerVersion to return ServerVersionResult
6c042389a3 client: use sub-tests for ServiceLogs
e8e7f1a500 client: use sub-tests for ContainerLogs
af40d2bfed vendor: cloud.google.com/go/logging v1.12.0
15a1256f21 vendor: genproto v0.0.0-20240903143218-8af14fe29dc1
88cbd467f6 vendor: cloud.google.com/go/compute/metadata v0.7.0
a5c0f152a7 daemon: improve validation for container rename
0eba2989e0 api/types/registry: rename AuthenticateOKBody to AuthResponse
6cf02b5cba client: remove unused import
3c62b06de2 client: fix example, and add runnable example
90e7232c8e Dockerfile: update runc binary to v1.3.2
1cc2ab16ce client/container_copy: Wrap options and result struct
38d703ff6f client/container_update: Wrap options and result
e9f28e2a41 client: refactor NetworkConnect, NetworkDisconnect, NetworkRemove
2d6bf9332b client: un-export NewVersionError, rename to requiresVersion
29ad05b130 client: ContainerWaitResult: use singular for channels
51a0584088 client: ContainerWait: touch-up GoDoc, remove legacy code
bae45f766d api/types/network: define `ConnectRequest` and `DisconnectRequest`
fc97a2ff0d client: Rename ContainerUnPause* to ContainerUnpause*
f8b9396c2c gha/labeler: Fix dependencies
d2e7465293 client: refactor `ContainerRename` to wrap options/result structs
28ed1ef927 client: refactor `ContainerLogs` to wrap result
e46058cbae client: refactor Events, Info, RegistryLogin
749c980d4e client: refactor `ContainerExport` to wrap options/result structs
ec22a1e5b2 client: refactor `ContainerTop` to wrap options and results
c5ddef1122 client: refactor `ContainerList` to wrap result
cf173bc941 client: refactor ContainerWait to use client defined options/results structs
bbaeb9036f client/pkg/jsonmessage: use api message def'ns
848b0452d3 client: VolumesPrune: rename argument for consistency
1985a8979e client: VolumeUpdate: add output struct, and move "version"
faee204c02 client: VolumeRemove: add output struct
1f5c82b9fa client: add option and output structs for various container methods
edbf321ce6 client: remove NegotiateAPIVersion, NegotiateAPIVersionPing
c4aee2a50e client: remove ContainerStatsResult.OSType field
6a2a1dd6cf api/types/container: StatsResponse: add OSType field
8118385ba8 client: ContainerStats: add option, output-structs, remove ContainerStatsOneShot
5df881f3a7 daemon: Daemon.ContainerStats: don't escape HTML in responses
7623979aba daemon: Daemon.ContainerStats: combine some conditions and remove error
95a3880197 daemon: Daemon.ContainerStats: inline getStatJSON closure
f7003ef7de integration-cli: minor cleanups in stats tests
5742b40c87 integration-cli: simplify, improve some stats tests
e690c84bed integration-cli: remove TestAPIStatsNetworkStatsVersioning
155d697010 integration/container: TestStats: use sub-tests
6040a2f686 fix some faulty defers in tests
e410daf8f7 integration-cli: TestContainerAPIStatsWithNetworkDisabled: check result
7439f09cd2 daemon: Daemon.stats: fill-in container ID and Name when collecting
3088c4e192 api/types/container: StatsResponse: cleanup fields and GoDoc
9b795c53a7 client: remove ImageLoadResult.JSON field
ef589ef824 client: fix ImageLoadResult GoDoc
5cf4d68121 daemon: subscribeToContainerStats: return cancel / unsubscribe function
99410827c7 daemon: use errdefs instead of string-matching in some places
4aac139fc0 client/container_exec: Separate structs for Start and Attach
425975313a client: merge ContainerInspectWithRaw with ContainerInspect
58356450fa client: remove redundant closing and draining of response
ddbb503dc7 client: change Raw fields to be json.RawMessage
12123eb592 client: merge ExecInspectResult with ExecInspect
378116a84f client: ImageImportResult: prevent panic on nil reader
0b7b7625c6 client: rename NodeUpdateOptions.Node to NodeUpdateOptions.Spec
875c577711 client: consolidate node options with their methods
832590155c client: ExecCreateResult: define local type with ID field
c6a45784f9 client: VolumeListResult: define local type
687c3d7f42 api/types/jsonstream: define Message type
ae28867804 api/pkg/progress: move to client and daemon/internal
6baf274fa3 api/pkg/streamformatter: move to client and daemon/internal
c246639baa client: rename ImageRemoveResult.Deleted to ImageRemoveResult.Items
fb85d123c1 integration/service: fix tests for updated client
f40e1a7582 api: move types/versions to client/pkg and daemon/internal
c9b3c65f37 vendor: github.com/aws/aws-sdk-go-v2/config@v1.31.15
b3129817a7 vendor: github.com/aws/aws-sdk-go-v2/credentials v1.18.19
1b2015a26f vendor: github.com/aws/aws-sdk-go-v2/service/cloudwatchlogs v1.58.5
7f7588be22 vendor: github.com/aws/aws-sdk-go-v2/feature/ec2/imds v1.18.11
f82fa7a4b2 vendor: github.com/aws/aws-sdk-go-v2 v1.39.4
529076c7b4 vendor: github.com/aws/smith-go v1.23.1
031f30340b vendor: golang.org/x/net v0.46.0
8afa422f0c vendor: golang.org/x/time v0.14.0
8c88244d7f vendor: golang.org/x/text v0.30.0
8d3ae564e0 vendor: golang.org/x/mod v0.29.0
7563a498f0 vendor: golang.org/x/sys v0.37.0
8fb561ca9a client/container_create: Add `Image` outside of Config
3340c86db9 client/container_create: Rename ContainerName to Name
bd31b8b1c7 client_(attach,commit,create,diff): Wrap result and options
47fd987af2 client: simplify test with mock-responses
3a43b5b559 client: refactor ServiceCreate, ServiceUpdate, SwarmUpdate
0fe6be8c38 client: remove roundTripFunc, bytesBufferClose
b9dd7c0d59 client: tidy-up mock-utilities
a315437e1c client: rename transportFunc -> testRoundTripper
0971a3bcb8 Inspect: API v1.51 compatibility
f733b411a1 client: remove unused hasEndpointSpecificMacAddress utility
5a5d39205c client: rename `ServiceListResult.Services` to `ServiceListResult.Items`
94ab385eb5 client/container_exec: Wrap options and result, rename to Exec
ea0d934ff2 Allow requesting networks with a custom prefix size from the default pools
5c67034952 Dockerfile: upgrade Delve to v1.25.2
5b46429122 client: please the linters
c7fe7136d2 client: gofumpt
909e32b27d client: refactor plugin api client functions to define options/results structs
362e9d088f client/distribution_inspect: Wrap options and result
f09ca78b45 api/types: fix godoc
7ceea4148a client/node: Wrap options and output
8dc5d1e64d api/types: move Ping and swarm.Status to client
6819a9fc1e client/image_tag: Wrap options and result
347693a580 client/image_remove&search: Wrap options and result
b3974f07f5 client/image_list: Wrap options and result
a7f409014f client/image_create&import: Wrap options and result
5cc1e5f800 client/build_cancel: Wrap options and result
51ed1a9a37 client/image_build: Rename output to ImageBuildResult
cd08b79c02 client: refactor service api client functions for defined options/result structs
e3c6dc2a91 client: VolumeInspect: add options struct
8f50d38231 client: SwarmInspect: add options struct
95fac07ccc client/secrets: Wrap results and options
ebc92e015a client: PluginInspectWithRaw: refactor and rename to PluginInspect
8cd377bd9c internal/testutil/daemon: remove "Config" utilities
f5b0ce3988 integration/network: TestServiceWithDefaultAddressPoolInit fix log
2c5e0a008a client: rename ConfigListResult.Configs to ConfigListResult.Items
67cbf36ac9 client: remove VolumeInspectWithRaw, merge with VolumeInspect
5a04a9718d client: rename VolumeListResult.List to VolumeListResult.Items
485b95600a client: NetworkList: wrap result
3fbf5a3bd1 client: NetworkInspect: wrap result and remove NetworkInspectWithRaw
612342198c client: refactor swarm api functions to wrap params/responses
343185cf1a libnetwork: move Network.resolveDriver to Controller
68e1a8805b Dockerfile: test against containerd v2.1.4
ee3cab4158 libnetwork/drivers/overlay: pass context for logger
38ef4fd576 client: refactor task responses
2d69edd28a client/image_(inspect,history,load,save): Wrap return values
35acf347eb hack: disable go telemetry in integration tests
9fe856a5f3 integration-cli: move some tests to integration
62a71a8261 test: migrate test api error not found json
33fc45e5c5 libnetwork: EndpointInterface: cleanup marshal/unmarshal
48c2d8c458 libnetwork: support custom DNS servers in Windows overlay driver
a8950e0192 api/types/container: remove deprecated Config.MacAddress
79912d4c7f daemon: Daemon.getInspectData: move migration code to router
91ce33d4b0 daemon/server/router/container: remove uses of deprecated MacAddress
0030ba21e3 client: ContainerCreate: remove handling of legacy MacAddress
e5864a51ac integration/networking: TestWatchtowerCreate: rewrite with request util
8088de791c integration/networking: TestInspectCfgdMAC: rewrite with request util
b4b0b6f10f integration/container: rewrite with request for MacAddress
4b22807a0f gha/labeler: Exclude client and api modules from dependencies label
abf5679049 client/inspect: Better Raw handling
ee22a50b75 client/config: Use Config instead of Spec as field
f4b06e66e1 client/config: Wrap results and options
42ba5466c7 api: rename `volumes.CreateOptions` to `volumes.CreateRequest`
a2fd724453 client: wrap volume create api options with client options
600edfe55c Move container platform migration logic
3a90dd8b8f Adding support for memory swap settings for services
d4e6d4f697 client/volume: refactor volume options and responses
975e46f726 libnetwork/datastore: small cleanups
10faa629fe libnetwork/drivers/macvlan, ipvlan: assorted minor cleanups
a013147c40 libnetwork/drivers/macvlan: parentHasSingleUser: don't create copy of networks
65296cd0e7 libnetwork/drivers/macvlan, ipvlan: un-embed mutexes
a2f4f09f91 libnetwork/drivers/macvlan, ipvlan: remove unused sync.Once
5276dd8e9a libnetwork/drivers/ipvlan: remove ifaceGateway utility
d481c09fa7 libnetwork/drivers/macvlan, ipvlan: make driver.leave a stub
aec6e7f7b6 libnetwork/drivers/macvlan, ipvlan: remove networkTable, endpointTable
bf7277f8fe libnetwork/drivers/macvlan, ipvlan: remove getSubnetforIPv6, getSubnetforIPv4
a294445345 ibnetwork/drivers/macvlan, ipvlan: align and fix potential panic
17425cff08 libnetwork/drivers/macvlan, ipvlan: driver.Join: don't fetch endpoint twice
3906199019 internal/testutil/request: add ReadJSONResponse utility
ee043729a0 integration/container: Make tests runnable on SELinux enabled daemon
5061d0a74d api/types/swarm: remove deprecated ServiceSpec.Networks field
acda47637c ci: update docker-py to main (v7.2.0-dev)
6da63a3ed5 client: VolumePruneOptions: add "All" option
2d1429c62c introduce ImagePushResponse
e1722eb8d8 daemon/command: disable c8d snapshotter when userns remapping enabled
docker-moby/cli: update to v29.2.1
5eb91665d docs: fix typos
d6c6bbf57 docker-bake.hcl: use default GO_VERSION from Dockerfile
2d5d0842c update to go1.25.7
def41fe65 docs: fix typo in dockerd.md for 'replacement'
58413ca11 Dockerfile: update tonistiigi/xx to v1.9.0
df3e9237d opts: MountOpt: extract utility functions and don't set empty values
d781df8b5 opts: MountOpt: extract validation to a separate function
f35fb0f5a cli/command: TestGetDefaultAuthConfig: cleanup test file
fe1af9206 opts: MountOpt: improve validation of boolean values
5de99e672 opts: MountOpt: improve validation for whitespace in values
9620e4178 opts: MountOpt: improve validation for whitespace in options
e888a6e00 opts: remove outdated comment
bcc14559c opts: MountOpt: relax client-side validation of mount target
defbe23de opts: MountOpt: improve error for empty value
77e02a92e opts: MountOpt: add test-coverage for volume options
2c8bf677f opts: MountOpt: remove duplicate test
7ebc2f7c2 opts: MountOpt: rewrite TestMountOptVolumeNoCopy to a table-test
a850b054a opts: MountOpt: rewrite TestMountOptDefaultEnableReadOnly to a table-test
f3efc27a1 opts: MountOpt: combine error tests into a test-table
9c9ec7358 vendor: github.com/moby/moby/client v0.2.2
bab3e81e1 vendor: github.com/moby/moby/api v1.53.0
e34a3422c templates: make "join" work with non-string slices and map values
771660a17 vendor: github.com/go-viper/mapstructure/v2 v2.5.0
08ed2bc6e cli/command/container: make injecting config.json failures a warning
e9ceb2f5a vendor: golang.org/x/net v0.49.0
faf8a0836 vendor: golang.org/x/term v0.39.0
daa4d4e4a vendor: golang.org/x/text v0.33.0
a4aee9bf5 vendor: golang.org/x/sys v0.40.0
ce489e0db vendor: github.com/klauspost/compress v1.18.3
ef0847596 cli/command/container: ignore "not found" error on cidfile.Close
16bbf5d07 cli/command/container: cidFile.Write: include CID in error message
ed566e723 cli/command/container: createContainer: remove intermediate vars
cfb71de7d cli/command/container: createContainer: remove redundant closure
adfb40ceb cli/command/container: remove outdated TODO
ceea57b46 cli/command/container: copyDockerConfigIntoContainer: close TarWriter
effdf1b45 cli/command/container: rename vars to use correct camelCase
ccbe206a8 cli/command/containerd: parseSecurityOpts: remove redundant sprintf
c8841ac1b vendor: moby/api v1.53.0-rc.2, moby/client v0.2.2-rc.2
7e8457115 update to go1.25.6
86bd884ac docs: Fix daemon.json typo
16873675b vendor: github.com/sirupsen/logrus v1.9.4
b21139c30 internal/jsonstream: TestDisplay use streamformatter
d6cdb71e2 cli/command: RetrieveAuthTokenFromImage: remove redundant conditions
b13b774e2 man: reformat docker-run.1.md to prevent linting warnings
816f4556c internal/registryclient: simplify notFoundError
d61519f99 internal/registryclient: allEndpoints: pass through context
fe3157419 improve validation of "--detach-keys" options
6a93e7803 cli/command: add WithAPIClientOptions option
db762956d login: touch-up error for non-TTY
4b0ec0d4e cli/command: DockerCli: store API-client options as field
f9f2d822b cli/command: make TestSetGoDebug more predictable
391acef40 Improve clarity of environment variables description
a6f8391c9 vendor: github.com/docker/docker-credential-helpers v0.9.5
14cffdbfa gha: run unit-tests in go modules mode, to prevent traversing nested modules
0cd2c1858 vendor: golang.org/x/net v0.48.0
647ab775d vendor: golang.org/x/term v0.38.0
a1799eacd vendor: golang.org/x/text v0.32.0
a78533373 vendor: golang.org/x/sync v0.19.0
e2a368fa4 vendor: golang.org/x/sys v0.39.0
ab5d4d4f8 cli/compose/loader: rewrite with reflect.TypeFor
3ce8f1d80 vendor: github.com/moby/go-archive v0.2.0
8205124d5 cli/command/node: nodeContext: remove uses of reflect
40f052c7e cli/command/container: use reflect IsZero
f28565d17 cli/command/service: replace reflect for gotest.tools assertion
e715dd507 cli/command/volume: remove uses of reflect in test
3811f24f4 cli/connhelper: replace reflect for gotest.tools assertion
a89b2e19f cli/command/formatter: rewrite some tests with gotest.tools
90ae5b813 cli/command: replace reflect for gotest.tools assertion
a0e303a0e opts/swarmopts: add missing build-tag
03dfab401 remove uses of deprecated go-archive consts
dd6d0cd80 vendor: tags.cncf.io/container-device-interface v1.1.0
4743d1d89 Makefile/yamldocs: Don't require TTY
485106679 docs/container: Update dead link
226af6814 cli/command/service: fix API version for memory-swap, memory-swappiness
13759330b cli-plugins/manager: remove legacy system-wide cli-plugin path
302498c33 vendor: github.com/moby/moby/client v0.2.2-rc.1
def847be9 vendor: github.com/moby/moby/api v1.53.0-rc.1
2a903c52d Include NRI in info output
d8351dbe6 Vendor moby/[api|client] from moby master
f7ddc8a7d docs: Update --all flag description to clarify it shows dangling images
4d7a8b0fd build(deps): bump actions/upload-artifact from 5 to 6
0f03c31ab image/list: Fix `dangling=false` handling
1e259062f cli/tree: Remove unused `all` field
09a46645a image/tree: Add golden test
0d88411f1 image/tree: Remove --all flag check for untagged images in non-expanded view
b31598389 image/tree: Fix width calculation for untagged images
150a25b9f image/tree: Extract untagged image name to const
67f5e3413 image: Fix dangling image detection with graphdrivers
2e3425fbd cli/command/container: use consistent casing for dockerCLI arg
de098367d cli/command/container: inline parseWindowsDevice
15de6ce8f vendor: github.com/klauspost/compress v1.18.2
5c406f5ee vendor: github.com/morikuni/aec v1.1.0
a6335c422 docker run, create: don't swallow connection errors during validate
49021ad98 vendor: github.com/spf13/cobra v1.10.2, migrate to go.yaml.in/yaml/v3
6f75c0c8e add TODOs for replacing nat.ParsePortSpecs
9c10a9c9a opts/swarmopts: remove use of nat.ParsePortRange
9dfe779ab internal/test: remove unused FakeStore
c81e05eed add shell completion for "docker stack deploy --compose-file"
d54488531 update to go1.25.5
ba683d8df opts/swarmopts: use sub-tests
dd2be022c gha/e2e: Switch to rc and 29 latest
1abfbf298 vendor: github.com/moby/moby/client v0.2.1
e0d30db11 docs: update buildgc example config to use new buildkit v0.17 options
6a0099bc8 cmd/docker-trust: bump golang.org/x/crypto v0.45.0
c90166ffa cmd/docker-trust: update dependencies
ac5e88612 vendor: golang.org/x/net v0.47.0
3ec414638 vendor: golang.org/x/term v0.37.0
616e93a0c vendor: golang.org/x/text v0.31.0
1202f8a64 vendor: golang.org/x/sync v0.18.0
b67055c96 vendor: golang.org/x/sys v0.38.0
475961583 image/tree: Allow image names to overflow instead of truncating
3099d4716 build(deps): bump actions/checkout from 5 to 6
d84396d4e image ls: allow custom format in cli config
6751cd169 docker version: restore top-level BuildTime to RFC3339Nano
3a842587f chore: update link/linktext to dockerd proxy config
dd2c49382 cli/command/system: Fix missing components in version output
207bf52c2 image/tree: Only show untagged images when --all flag is used
be9e6308f image/tree: Respect NO_COLOR env variable
ed281ddf5 image/list: Print legend only if limiting width
aa5d00a3a image/tree: Don't limit name width if non tty
b66b93130 image/tree: Fix untagged images in non-expanded view
bff56f049 cli/command/system: define struct for formatting version
d787e70a1 cli/connhelper/commandcon: remove warn logs
ebc1995f9 vendor: github.com/moby/moby/api v1.52.0, moby/client v0.1.0
ad96811f1 swarm: Add memory swap support (no stack/compose support)
6ba06b5fb Revert "cli/compose: add schema 3.14 (no changes from 3.13 yet)"
e0716b571 Revert "Add memory swap to swarm"
4b450f113 vendor: github.com/moby/moby/api, moby/client master
1d789e409 cli/command/system: add missing "go:build"
b3824015d vendor: github.com/moby/moby/api v1.52.0-rc.1, moby/client v0.1.0-rc.1
d67291026 vendor.mod: remove replace
41088ed7d vendor: go.opentelemetry.io/auto/sdk v1.2.1
712f569f1 vendor: go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.63.0
7736f5e60 vendor: align other otel packages to v1.38.0
d45551dac cli/command: update to semconv v1.37.0, otel v1.38.0
71828f279 Add memory swap to swarm
d0c86d39e cli/compose: add schema 3.14 (no changes from 3.13 yet)
5039eee77 vendor: github.com/moby/moby/api master, moby/client master
cee9ea67f lint: run in go-modules mode
b2aa690b2 scripts/build/binary: remove pkcs11 build tag
c1a53ae7b cmd/docker-trust: remove dependency on cli/internal
06914dd0f make trust-plugin a separate module
c9bb29115 implement `docker trust` as plugin
dd70b43bc chore: update broken link to restrucured docker desktop documentation
f2755b02d update to go1.25.4
880ef756b Fix static build + CGO
0976389e1 vendor: golang.org/x/net v0.46.0, golang.org/x/crypto v0.43.0
c733cb053 vendor: golang.org/x/time v0.14.0
1f77c6f1c vendor: golang.org/x/term v0.36.0
dcce972f4 vendor: golang.org/x/text v0.30.0
b11d143cd vendor: golang.org/x/sync v0.17.0
0c8ce84a6 vendor: golang.org/x/sys v0.37.0
d9f7e4b0c cli/command/service: use enum-consts defined in API
774f1d60a cli/command/service: parse generic resources without protobufs
437ed4c1e Dockerfile: update golangci-lint to v2.6.1
c4a28d0d3 vendor: github.com/go-jose/go-jose/v4 v4.1.3
f8d036512 fix perfsprint (concat-loop) linting
7b624841c update minimum go version to go1.24
82b47c8e5 vendor: github.com/moby/swarmkit/v2 v2.1.1
3a9178813 vendor: github.com/containerd/platforms v1.0.0-rc.2
61d88c951 lint: don't disable modules
9bce085b1 vendor: github.com/mattn/go-runewidth v0.0.19
e0b1ab68f cli/command/container: fix use of generics
e5f46499b image/tree: Fix table header having escape codes when not tty
d5d2ed5ba image/tree: Add test for checking ansi escape output
1a261e3f5 image/tree: Use streams interface
4893a5d5e completion/zsh: Allow multiple volumes of 'volume rm'
700875b66 Plugin may set itself as hidden
ad776d1e1 remove support for client-side docker content trust validation
259df25a9 cli: allManagementSubCommands: improve handling of plugin stubs
aa62a6a97 docs: update link to libnetwork protocol doc
ef16d8230 vendor: github.com/moby/moby/api v1.52.0-beta.4, client v0.1.0-beta.3
6fa590033 image/tree: Remove longest->shortest sort
5836040ec Update golden files
f6feef8fe image/test: Fix `go test` args being used by CLI commands
631f32ee9 images/list: Add print ambiguous warning for tree
c41815f17 image/list: Show collapsed tree by default
5d599e932 e2e: add docker v29-rc
50598d21c skip TestBuildIidFileSquash
cf9e1778d Dockerfile: remove notary
c98d9647d e2e: remove DCT tests
8444c911b vendor: github.com/moby/moby master
7f86de931 docs: deprecated: deprecate cgroup v1
7bdb4df07 cli/command/container: use ImagePull instead of ImageCreate
9e7937746 image/tree: Fix dangling filter condition
8e2943c6c image/tree: Sort image tree by name instead of creation date
8767904ae vendor: github.com/moby/moby/api master, moby/client master
b8b4f54a8 fix typo in TODO comment
65496c555 cli/trust: use local definition for PushResult Aux message
e636a2a06 cli/container_rename: Move to API validation
af255acca vendor: github.com/moby/moby master
053aa376e vendor: github.com/moby/moby/api, moby/moby/client master
83319f09f cli/command/container: use per-stats OSType if present
6ed16a2cc vendor: github.com/moby/moby/api, moby/moby/client master
5007c96b0 cli/command/container: collect(): split windows/unix branches
c467ebafd cli/command/container: calculateCPUPercentWindows minor cleanup
689152a80 cli/command/container: calculateCPUPercentUnix: simplify
e01ce69ff cli/command/container: collect: handle context-cancellation
292001a45 cli/command/container: RunStats: early return for non-streaming
0b1c7bc0f cli/command/container: RunStats: small tweaks on closeChan
d309027d5 cli/command/container: RunStats: gracefully handle io.EOF
15b422b31 cli/command/container: RunStats: handle context-cancellation
832fc66ca cli/command/container: RunStats: simplify stats loop
dad1d367c cli/command/container: move debug logs to call-site
f594a7f09 cli/command/image: remove uses of JSON field
4b498addc cli/command/container: don't depend on result.OSType
4a608069a vendor: github.com/moby/moby/api, moby/moby/client master
153f7f10c telemetry: lock the semconv version of the otel sdk
aef2ef8c7 build(deps): bump actions/upload-artifact from 4 to 5
4afbd6146 implement some ad-hoc mocks for responses
056e31464 vendor: github.com/moby/moby/api, moby/moby/client master
64805c295 image/list: Respect `dangling` filter when not using `--all`
e9a941001 image/list: Hide untagged images without `--all`
4f7c07cfc update local code for updated modules
aeb78091a vendor: github.com/moby/moby/api, moby/moby/client master
563f5fe33 vendor: github.com/moby/moby/api, moby/moby/client master
5ba4c17d7 cli/command/container: Simplify with slices.Contains
d252afa6b cli/command/container: add go1.23 build constraint for range-over-func
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
disable buildvcs to improve reproducibility
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Refer [1], cgo will embeded cgo_ldflags in the intermediary output,
which make content ID will be incfluenced by cgo_ldflags.
'--sysroot=xxx' includes build path, which will make the binary not
reproducible, these recipes can build successfully without --sysroot, so
remove it
[1] https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448
Signed-off-by: Changqing Li <changqing.li@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
| |
On qemuarm, building nerdctl fails with QA error about textrel.
Add '-buildmode=pie' to fix this issue.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fix yocto-check-layer failure:
ERROR: Multiconfig dependency mc::vruntime-x86-64:vpdmn-initramfs-create:do_deploy
depends on nonexistent multiconfig configuration named configuration vruntime-x86-64
Several recipes and classes declared static mcdepends referencing
vruntime-aarch64 and vruntime-x86-64 multiconfigs. When parsed without
BBMULTICONFIG set (e.g. yocto-check-layer), BitBake validates these and
fails because the referenced multiconfigs don't exist.
Move mcdepends into anonymous python functions and only set them when
the target multiconfig exists in BBMULTICONFIG, following the pattern
established in meta/classes-recipe/kernel-fit-image.bbclass.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
This is required for several of the scripts and capabilities
providing local registry support.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add comprehensive test coverage and documentation for the secure
registry infrastructure.
Tests added:
TestRegistryAuthentication - auth modes (none, home, authfile,
credsfile, env, creds, token) for push and import
TestSecureRegistryTLSOnly - TLS-only mode using running registry
TestSecureRegistryWithAuth - isolated TLS+auth instance on port 5001
TestDockerRegistryConfig - static analysis of bbclass/recipe logic
TestContainerCrossInstallSecure - auto IMAGE_INSTALL verification
TestVcontainerSecureRegistry - script pattern verification for
virtio-9p CA transport, daemon _9p=1, shared folder reads
README.md: Document authentication modes (none, home, authfile,
credsfile, env), secure registry setup, PKI generation, target
integration, and CI/CD examples.
conftest.py: Add --secure-registry pytest option and skip_secure
fixture for tests requiring openssl/htpasswd.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Enable vdkr/vcontainer to pull from TLS-secured registries by
transporting the CA certificate via virtio-9p shared folder.
vcontainer-common.sh: Add --secure-registry, --ca-cert, --registry-user,
--registry-password CLI options. Auto-detect bundled CA cert at
registry/ca.crt in the tarball and enable secure mode automatically.
vrunner.sh: Copy CA cert to the virtio-9p shared folder for both
daemon and non-daemon modes. Fix daemon mode missing _9p=1 kernel
cmdline parameter which prevented the init script from mounting the
shared folder.
vdkr-init.sh: Read CA cert from /mnt/share/ca.crt (virtio-9p) instead
of base64-decoding from kernel cmdline (which caused truncation for
large certificates). Install cert to /etc/docker/certs.d/{host}/ca.crt
for Docker TLS verification. Support optional credential passing for
authenticated registries.
vcontainer-tarball.bb: Add script files to SRC_URI for proper file
tracking and rebuild triggers.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Install CA certificates and registry configuration into target images
so they can pull from the secure registry at runtime.
docker-registry-config.bb: When CONTAINER_REGISTRY_SECURE=1, install
the CA cert to /etc/docker/certs.d/{host}/ca.crt instead of adding
insecure-registries to daemon.json. Translates localhost/127.0.0.1 to
10.0.2.2 for QEMU targets where the host registry is accessed via
slirp networking.
container-oci-registry-config.bb: Same secure mode support for
podman/CRI-O with insecure=false in registries.conf.
container-registry-ca.bb: New recipe that installs the CA certificate
to Docker, podman/CRI-O, and system trust store paths on the target.
container-cross-install.bbclass: Auto-add docker-registry-config or
container-oci-registry-config to IMAGE_INSTALL when
CONTAINER_REGISTRY_SECURE=1, based on the configured container engine.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add opt-in secure registry mode with auto-generated TLS certificates
and htpasswd authentication.
New BitBake variables:
CONTAINER_REGISTRY_SECURE - Enable TLS (HTTPS) for local registry
CONTAINER_REGISTRY_AUTH - Enable htpasswd auth (requires SECURE=1)
CONTAINER_REGISTRY_USERNAME/PASSWORD - Credential configuration
CONTAINER_REGISTRY_CERT_DAYS/CA_DAYS - Certificate validity
CONTAINER_REGISTRY_CERT_SAN - Custom SAN entries
The bbclass validates conflicting settings (AUTH without SECURE) and
provides credential helper functions for skopeo push operations.
PKI infrastructure (CA + server cert with SAN) is auto-generated at
bitbake build time via openssl-native. The generated helper script
supports both TLS-only and TLS+auth modes.
The script now supports environment variable overrides for
CONTAINER_REGISTRY_STORAGE, CONTAINER_REGISTRY_URL, and
CONTAINER_REGISTRY_NAMESPACE, uses per-port PID files to allow
multiple instances, and auto-generates config files when running
from an overridden storage path.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
oe-core [1] removed DEBUG_PREFIX_MAP from TARGET_LDFLAGS to avoid passing
prefix-map options via the linker flags. This is fine for most projects
since DEBUG_PREFIX_MAP is also provided via CFLAGS at configure time.
However, lxc enables LTO by default, which causes link-time code generation
to (re)emit debug information during the link step. Without DEBUG_PREFIX_MAP
on the link command line, TMPDIR/WORKDIR paths can leak into DWARF,
triggering the buildpaths QA check and breaking reproducibility.
Append DEBUG_PREFIX_MAP back to TARGET_LDFLAGS for lxc to ensure prefix-map
options are visible during LTO link-time compilation.
[1]
https://git.openembedded.org/openembedded-core/commit/?id=1797741aad02b8bf429fac4b81e30cdda64b5448
Signed-off-by: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, vcontainer recipes had [nostamp] flags that forced all
tasks to rebuild on every bitbake invocation, even when nothing changed.
This was added as a workaround for dependency tracking issues but caused
slow rebuild times.
Changes:
- Make [nostamp] conditional on VCONTAINER_FORCE_BUILD variable
- Default to normal stamp-based caching for faster incremental builds
- file-checksums on do_rootfs still tracks init script changes
- Add VCONTAINER_FORCE_BUILD status to the tarball build banner
To enable the old always-rebuild behavior (for debugging dependency
issues), set in local.conf:
VCONTAINER_FORCE_BUILD = "1"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, building vcontainer-tarball required multiple bitbake
invocations or complex command lines to build both x86_64 and aarch64
blobs. This was a usability issue.
Changes:
- mcdepends now triggers builds for BOTH architectures automatically
- VCONTAINER_ARCHITECTURES defaults to "x86_64 aarch64" (was auto-detect)
- Add informational banner at parse time showing what will be built
- Fix duplicate sanity check messages when multiconfig is active
Usage is now simply:
bitbake vcontainer-tarball
To build only one architecture, set in local.conf:
VCONTAINER_ARCHITECTURES = "x86_64"
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Improve debugging capabilities when Docker daemon fails to start:
- Log dockerd output to /var/log/docker.log instead of /dev/null
- Capture docker info exit code and output for diagnostics
- Show docker info error on every 10th iteration while waiting
- Include last docker info output and docker.log tail on failure
- Extend sleep on failure from 2s to 5s for log review
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Implement reliable idle timeout for vmemres daemon mode using
host-side monitoring with QMP-based shutdown, and container-aware
idle detection via virtio-9p shared file.
Host-side changes (vrunner.sh):
- Add -no-reboot flag to QEMU for clean exit semantics
- Spawn background watchdog when daemon starts
- Watchdog monitors activity file timestamp
- Check interval scales to idle timeout (timeout/5, clamped 10-60s)
- Read container status from shared file (guest writes via virtio-9p)
- Only shutdown if no containers are running
- Send QMP "quit" command for graceful shutdown
- Watchdog auto-exits if QEMU dies (no zombie processes)
- Touch activity file in daemon_send() for user activity tracking
Config changes (vcontainer-common.sh):
- Add idle-timeout to build_runner_args() so it's always passed
Guest-side changes (vcontainer-init-common.sh):
- Add watchdog that writes container status to /mnt/share/.containers_running
- Host reads this file instead of socket commands (avoids output corruption)
- Close inherited virtio-serial fd 3 in watchdog subshell to prevent leaks
- Guest-side shutdown logic preserved but disabled (QMP more reliable)
- Handle Yocto read-only-rootfs volatile directories (/var/volatile)
The shared file approach avoids sending container check commands through
the daemon socket, which previously caused output corruption on the
single-stream virtio-serial channel.
The idle timeout is configurable via: vdkr vconfig idle-timeout <secs>
Default: 1800 seconds (30 minutes)
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update vcontainer-initramfs-create.inc to use the image-based approach:
- Depend on tiny-initramfs-image for cpio.gz (replaces file extraction)
- Depend on rootfs-image for squashfs (unchanged)
- Remove DEPENDS on squashfs-tools-native (no longer extracting files)
Update recipe files to use the consolidated inc:
- vdkr-initramfs-create_1.0.bb
- vpdmn-initramfs-create_1.0.bb
Boot flow remains unchanged:
QEMU boots kernel + tiny initramfs
-> preinit mounts rootfs.img from /dev/vda
-> switch_root into rootfs.img
-> vdkr-init.sh or vpdmn-init.sh runs
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add proper Yocto image recipes for the tiny initramfs used by
vdkr/vpdmn in the switch_root boot flow:
- vcontainer-tiny-initramfs-image.inc: Shared image configuration
- vcontainer-preinit_1.0.bb: Preinit script package (shared)
- vdkr-tiny-initramfs-image.bb: Tiny initramfs for vdkr
- vpdmn-tiny-initramfs-image.bb: Tiny initramfs for vpdmn
The tiny initramfs contains only busybox and a preinit script that:
1. Mounts devtmpfs, proc, sysfs
2. Mounts the squashfs rootfs.img from /dev/vda
3. Creates tmpfs overlay for writes
4. Performs switch_root to the real rootfs
This replaces ad-hoc file extraction with proper image-based builds,
improving reproducibility and maintainability.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
| |
Add expect to the vcontainer SDK toolchain for interactive testing
and automation scripts.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The vruntime distro is used for multiconfig builds of both vdkr
(Docker/runc) and vpdmn (Podman/crun) images. When CONTAINER_PROFILE
or VIRTUAL-RUNTIME_container_runtime is set, containerd and podman
pull their preferred runtime via RDEPENDS, causing package conflicts.
Fix by having vruntime distro NOT participate in CONTAINER_PROFILE:
- Set VIRTUAL-RUNTIME_container_runtime="" to prevent automatic
runtime selection
- Explicitly install runc in vdkr-rootfs-image.bb
- Explicitly install crun in vpdmn-rootfs-image.bb
This allows both images to be built in the same multiconfig without
conflicts, while standard container-host images continue to use
CONTAINER_PROFILE normally.
Also add kernel-modules to vdkr-rootfs-image for overlay filesystem
support.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
| |
When CRUN_AS_RUNC is enabled (default), crun creates a /usr/bin/runc
symlink that conflicts with the runc package's /usr/bin/runc binary.
Add RCONFLICTS to declare this conflict so package managers prevent
both from being installed simultaneously.
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add functions to detect and handle multi-architecture OCI Image Index
format with automatic platform selection during import. Also add
oci-multiarch.bbclass for build-time multi-arch OCI creation.
Runtime support (vcontainer-common.sh):
- is_oci_image_index() - detect multi-arch OCI images
- get_oci_platforms() - list available platforms
- select_platform_manifest() - select manifest for target architecture
- extract_platform_oci() - extract single platform to new OCI dir
- normalize_arch_to_oci/from_oci() - architecture name mapping
- Update vimport to auto-select platform from multi-arch images
Build-time support (oci-multiarch.bbclass):
- Create OCI Image Index from multiconfig builds
- Collect images from vruntime-aarch64, vruntime-x86-64
- Combine blobs and create unified manifest list
Signed-off-by: Bruce Ashfield <bruce.ashfield@gmail.com>
|
