[meta-virtualization][PATCH] podman: update to v5.0.0

[meta-virtualization][PATCH] podman: update to v5.0.0

[patrick.wicki]

From: Patrick Wicki <patrick.wicki@siemens.com>

An important change is the deprecation of the CNI network backend. So
far the backend was configurable and CNI was still the default in the
layer through 'VIRTUAL-RUNTIME_container_networking'. It's apparently
still possible to use it by setting the 'cni' build tag. I attempted
this, but despite CNI being installed and podman built with 'cni' in
BUILDTAGS, I still got:

root@qemux86-64:~# podman version
Error: could not find "netavark" in one of {[/usr/local/libexec/podman /usr/local/lib/podman /usr/libexec/podman /usr/lib/podman] {<nil>}}.  To resolve this error, set the helper_binaries_dir key in the `[engine]` section of containers.conf to the directory containing your helper binaries.
root@qemux86-64:~#

But it seems like the CNI backend is hanging by a thread anyway and is
likely going to disappear entirely once netavark is supported on
FreeBSD. So I think at this point it makes sense to remove the choice
and just use netavark.

Version bump comprises the following commits:

    f32338dfc bump version to v5.0.1-dev
    e71ec6f1d New release: v5.0.0
    6b93d9e11 Update RELEASE_NOTES.md with CVE-2024-1753
    eb2b16d6d [v5.0] Bump Buildah to v1.35.1
    43b9ea8b9 Adjust to the standard location of gvforwarder used in new images
    4a84f39b3 Switch to 5.x WSL machine os stream using new automation
    a03de4c14 rpm: use macro supported vendoring
    069439820 Bump to v5.0.0-dev
    f8888a13b Bump to v5.0.0-RC7
    2e387df07 Add release notes for v5.0.0-rc7
    d36ce9c2b fix invalid HTTP header values when hijacking a connection
    8891d592b Use faster gzip for compression for 3x speedup for sending large contexts to remote
    59512272b pkg/machine: make checkExclusiveActiveVM race free
    51eee609c pkg/machine/wsl: remove unused CheckExclusiveActiveVM()
    412648207 pkg/machine: CheckExclusiveActiveVM should also check for starting
    1ca93f3fb pkg/machine: refresh config after we hold lock
    71320df8e rpm: update containers-common dep on f40+
    e58cb97de Change API socket to be machine name isolated
    dbf38779b Makefile: drop tests-included from validate target
    0fdd83173 Add release notes for v5.0.0
    d7bc7b7b4 do not require policy.json
    82597144b Machine decompress.go refactoring follow-up
    abaa179aa Add target win-gvproxy in winmake.ps1
    4c5d26f6f Add final machine endpoint
    068ddfd19 update API doc version to 5.0.0
    f2af295e4 Bump to 5.0.0-dev
    d26113ca8 Bump to 5.0.0-rc6
    52ed774c2 docs: generate-systemd: add clarification statement
    3d6758a61 docs: quadlet: improve docs on root/rootless dirs
    885dd2add [CI:DOCS] performance: fix URL and kernel version requirement
    e6ac569a1 [CI:DOCS] Remove outdated references
    364813da6 Add note for RHEL 8.5
    e220d1ce6 Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY]
    f91b8e77b Update module github.com/go-jose/go-jose/v3 to v3.0.3 [SECURITY]
    9b21a5b79 Bump to v5.0.0-dev
    bbad09bb0 Bump to v5.0.0-rc5
    432f4fbf9 Fix Mac CI
    d54a37399 Complete policy.json inclusion
    b234bb55e Bump Buildah to v1.35.0
    5d3a19f8d podman compose: enable machine socket connection
    6f4ee16d9 [CI:DOCS] Add farm command to commands list
    25f3a8ce7 podman machine start/stop do not write config unlocked
    75fa38d52 [CI:BUILD] Build universal Podman binary for Mac installer
    7a7591492 podman machine init: do not write config unlocked
    7bfe5e700 Fail on failures to close the file descriptors, and especially the SparseWriter
    5e0b7e54c Avoid reliance on fs.ErrClosed in SparseWriter users
    4c6505be5 Fix the logic for detecting an unexpected close error
    81906081e vendor libhvee-0.7.0
    3c9c5be7d podman machine set: change options only locked
    a65b546c6 Remove copySparseFile
    2ba3a2d56 pkg/machine: fix relative DefaultPolicyJSONPath
    724c5a06b Don't read full VM File before decompressing
    ff81cf7c7 [CI:DOCS] Fix windows installer action
    4d2fc293c machine: make more use of strongunits
    92b67a69a Fix wrong units size return
    79012795a fix(deps): update github.com/containers/libhvee digest to 7cee23c
    d6d260174 [CI:DOCS] Migrate podman container image
    a349f8d10 fix(deps): update module google.golang.org/protobuf to v1.33.0
    39851a0b9 CI: try to fix more flakes
    835cfbc05 [CI:BUILD] rpm: Put the podmansh(1) manual in the podmansh sub-package
    945995be1 e2e: fix potential race in file-locks test
    02403c2e6 Makefile: podman should have correct selinux label
    9ee96a956 properly implement pull-error event status
    155cd463d fix(deps): update module golang.org/x/tools to v0.19.0
    6272abbbb Resurrect auto-port reassignment, but for all providers
    ef7727238 Refactor env dir and port functions into new leaf pkgs
    eabf0acfa fix(deps): update module golang.org/x/net to v0.22.0
    3b72f9178 Revert "Expose as-tested Mac/Windows repository state"
    24516f3ef fix(deps): update module golang.org/x/term to v0.18.0
    e8bf9a323 Update podman-for-windows.md
    8c9222848 fix(deps): update github.com/containers/libhvee digest to 0ff33af
    e09444327 machine init: print output to improve UX
    530782e11 logformatter: fixes for Macintosh
    ebce0e71d test/e2e: check for stderr errors in cleanup()
    ef6d38752 Bump to FreeBSD 13.3 (13.2 vanished)
    bce14b1e6 fix(deps): update module github.com/stretchr/testify to v1.9.0
    185981fa5 Copy past golang/expansion form ks8.io/kubernetes

Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
---
 recipes-containers/podman/podman_git.bb | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
index fc532d6a..8dc836c3 100644
--- a/recipes-containers/podman/podman_git.bb
+++ b/recipes-containers/podman/podman_git.bb
@@ -17,9 +17,9 @@ DEPENDS = " \
     gettext-native \
 "
 
-SRCREV = "460fc4d65f3681c3b0dbd78d6521ddd905578b6d"
+SRCREV = "0bf85ac730600a45d0df5b259c072a7bc0742f4b"
 SRC_URI = " \
-    git://github.com/containers/libpod.git;branch=main;protocol=https \
+    git://github.com/containers/libpod.git;branch=v5.0;protocol=https \
     ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \
     file://run-ptest \
 "
@@ -31,7 +31,7 @@ GO_IMPORT = "import"
 
 S = "${WORKDIR}/git"
 
-PV = "5.0.0-rc4+git"
+PV = "5.0.0+git"
 
 CVE_STATUS[CVE-2022-2989] = "fixed-version: fixed since v4.3.0"
 CVE_STATUS[CVE-2023-0778] = "fixed-version: fixed since v4.5.0"
@@ -147,7 +147,7 @@ VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"
 COMPATIBLE_HOST = "^(?!mips).*"
 
 RDEPENDS:${PN} += "\
-	conmon ${VIRTUAL-RUNTIME_container_runtime} iptables ${VIRTUAL-RUNTIME_container_networking} skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
+	conmon ${VIRTUAL-RUNTIME_container_runtime} iptables netavark skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
 	${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \
 "
 RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
-- 
2.44.0

Re: [meta-virtualization][PATCH] podman: update to v5.0.0

[Bruce Ashfield]

I've actually skipped this update on purpose for now,  I'm going to update
a few packages again once the current master-next is stabilized, and this
was one of them .. but I'm trying to time a dot release, as it will be the
last updates before release.

On Thu, Mar 21, 2024 at 3:54 PM Patrick Wicki <patrick.wicki@subset.ch> wrote:
>
> From: Patrick Wicki <patrick.wicki@siemens.com>
>
> An important change is the deprecation of the CNI network backend. So
> far the backend was configurable and CNI was still the default in the
> layer through 'VIRTUAL-RUNTIME_container_networking'. It's apparently
> still possible to use it by setting the 'cni' build tag. I attempted
> this, but despite CNI being installed and podman built with 'cni' in
> BUILDTAGS, I still got:
>
> root@qemux86-64:~# podman version
> Error: could not find "netavark" in one of {[/usr/local/libexec/podman /usr/local/lib/podman /usr/libexec/podman /usr/lib/podman] {<nil>}}.  To resolve this error, set the helper_binaries_dir key in the `[engine]` section of containers.conf to the directory containing your helper binaries.
> root@qemux86-64:~#
>
> But it seems like the CNI backend is hanging by a thread anyway and is
> likely going to disappear entirely once netavark is supported on
> FreeBSD. So I think at this point it makes sense to remove the choice
> and just use netavark.
>
> Version bump comprises the following commits:
>
>     f32338dfc bump version to v5.0.1-dev
>     e71ec6f1d New release: v5.0.0
>     6b93d9e11 Update RELEASE_NOTES.md with CVE-2024-1753
>     eb2b16d6d [v5.0] Bump Buildah to v1.35.1
>     43b9ea8b9 Adjust to the standard location of gvforwarder used in new images
>     4a84f39b3 Switch to 5.x WSL machine os stream using new automation
>     a03de4c14 rpm: use macro supported vendoring
>     069439820 Bump to v5.0.0-dev
>     f8888a13b Bump to v5.0.0-RC7
>     2e387df07 Add release notes for v5.0.0-rc7
>     d36ce9c2b fix invalid HTTP header values when hijacking a connection
>     8891d592b Use faster gzip for compression for 3x speedup for sending large contexts to remote
>     59512272b pkg/machine: make checkExclusiveActiveVM race free
>     51eee609c pkg/machine/wsl: remove unused CheckExclusiveActiveVM()
>     412648207 pkg/machine: CheckExclusiveActiveVM should also check for starting
>     1ca93f3fb pkg/machine: refresh config after we hold lock
>     71320df8e rpm: update containers-common dep on f40+
>     e58cb97de Change API socket to be machine name isolated
>     dbf38779b Makefile: drop tests-included from validate target
>     0fdd83173 Add release notes for v5.0.0
>     d7bc7b7b4 do not require policy.json
>     82597144b Machine decompress.go refactoring follow-up
>     abaa179aa Add target win-gvproxy in winmake.ps1
>     4c5d26f6f Add final machine endpoint
>     068ddfd19 update API doc version to 5.0.0
>     f2af295e4 Bump to 5.0.0-dev
>     d26113ca8 Bump to 5.0.0-rc6
>     52ed774c2 docs: generate-systemd: add clarification statement
>     3d6758a61 docs: quadlet: improve docs on root/rootless dirs
>     885dd2add [CI:DOCS] performance: fix URL and kernel version requirement
>     e6ac569a1 [CI:DOCS] Remove outdated references
>     364813da6 Add note for RHEL 8.5
>     e220d1ce6 Update module gopkg.in/go-jose/go-jose.v2 to v2.6.3 [SECURITY]
>     f91b8e77b Update module github.com/go-jose/go-jose/v3 to v3.0.3 [SECURITY]
>     9b21a5b79 Bump to v5.0.0-dev
>     bbad09bb0 Bump to v5.0.0-rc5
>     432f4fbf9 Fix Mac CI
>     d54a37399 Complete policy.json inclusion
>     b234bb55e Bump Buildah to v1.35.0
>     5d3a19f8d podman compose: enable machine socket connection
>     6f4ee16d9 [CI:DOCS] Add farm command to commands list
>     25f3a8ce7 podman machine start/stop do not write config unlocked
>     75fa38d52 [CI:BUILD] Build universal Podman binary for Mac installer
>     7a7591492 podman machine init: do not write config unlocked
>     7bfe5e700 Fail on failures to close the file descriptors, and especially the SparseWriter
>     5e0b7e54c Avoid reliance on fs.ErrClosed in SparseWriter users
>     4c6505be5 Fix the logic for detecting an unexpected close error
>     81906081e vendor libhvee-0.7.0
>     3c9c5be7d podman machine set: change options only locked
>     a65b546c6 Remove copySparseFile
>     2ba3a2d56 pkg/machine: fix relative DefaultPolicyJSONPath
>     724c5a06b Don't read full VM File before decompressing
>     ff81cf7c7 [CI:DOCS] Fix windows installer action
>     4d2fc293c machine: make more use of strongunits
>     92b67a69a Fix wrong units size return
>     79012795a fix(deps): update github.com/containers/libhvee digest to 7cee23c
>     d6d260174 [CI:DOCS] Migrate podman container image
>     a349f8d10 fix(deps): update module google.golang.org/protobuf to v1.33.0
>     39851a0b9 CI: try to fix more flakes
>     835cfbc05 [CI:BUILD] rpm: Put the podmansh(1) manual in the podmansh sub-package
>     945995be1 e2e: fix potential race in file-locks test
>     02403c2e6 Makefile: podman should have correct selinux label
>     9ee96a956 properly implement pull-error event status
>     155cd463d fix(deps): update module golang.org/x/tools to v0.19.0
>     6272abbbb Resurrect auto-port reassignment, but for all providers
>     ef7727238 Refactor env dir and port functions into new leaf pkgs
>     eabf0acfa fix(deps): update module golang.org/x/net to v0.22.0
>     3b72f9178 Revert "Expose as-tested Mac/Windows repository state"
>     24516f3ef fix(deps): update module golang.org/x/term to v0.18.0
>     e8bf9a323 Update podman-for-windows.md
>     8c9222848 fix(deps): update github.com/containers/libhvee digest to 0ff33af
>     e09444327 machine init: print output to improve UX
>     530782e11 logformatter: fixes for Macintosh
>     ebce0e71d test/e2e: check for stderr errors in cleanup()
>     ef6d38752 Bump to FreeBSD 13.3 (13.2 vanished)
>     bce14b1e6 fix(deps): update module github.com/stretchr/testify to v1.9.0
>     185981fa5 Copy past golang/expansion form ks8.io/kubernetes
>
> Signed-off-by: Patrick Wicki <patrick.wicki@siemens.com>
> ---
>  recipes-containers/podman/podman_git.bb | 8 ++++----
>  1 file changed, 4 insertions(+), 4 deletions(-)
>
> diff --git a/recipes-containers/podman/podman_git.bb b/recipes-containers/podman/podman_git.bb
> index fc532d6a..8dc836c3 100644
> --- a/recipes-containers/podman/podman_git.bb
> +++ b/recipes-containers/podman/podman_git.bb
> @@ -17,9 +17,9 @@ DEPENDS = " \
>      gettext-native \
>  "
>
> -SRCREV = "460fc4d65f3681c3b0dbd78d6521ddd905578b6d"
> +SRCREV = "0bf85ac730600a45d0df5b259c072a7bc0742f4b"
>  SRC_URI = " \
> -    git://github.com/containers/libpod.git;branch=main;protocol=https \
> +    git://github.com/containers/libpod.git;branch=v5.0;protocol=https \
>      ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'file://50-podman-rootless.conf', '', d)} \
>      file://run-ptest \
>  "
> @@ -31,7 +31,7 @@ GO_IMPORT = "import"
>
>  S = "${WORKDIR}/git"
>
> -PV = "5.0.0-rc4+git"
> +PV = "5.0.0+git"
>
>  CVE_STATUS[CVE-2022-2989] = "fixed-version: fixed since v4.3.0"
>  CVE_STATUS[CVE-2023-0778] = "fixed-version: fixed since v4.5.0"
> @@ -147,7 +147,7 @@ VIRTUAL-RUNTIME_base-utils-nsenter ?= "util-linux-nsenter"
>  COMPATIBLE_HOST = "^(?!mips).*"
>
>  RDEPENDS:${PN} += "\
> -       conmon ${VIRTUAL-RUNTIME_container_runtime} iptables ${VIRTUAL-RUNTIME_container_networking} skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \
> +       conmon ${VIRTUAL-RUNTIME_container_runtime} iptables netavark skopeo ${VIRTUAL-RUNTIME_base-utils-nsenter} \

I realize that looking at the layer, you might think that the variable
is mainly (only)
used by podman, but I know of several other layers that are using the
variable to
coordinate networking between different packages.

So this will indeed stay as a variable, since we will switch all packages at the
same time if it is used, as there's no plans to support mixed cni / other
networking solutions .. we can change the default of course,  but making it
a variable is still important so it can be used for coordination.

Either way, I'll revisit this in a few weeks, once I'm doing that last sweep for
updates before the release.

Thanks for the patch, I've staged it  in my "to-revisit" queue.

Bruce

>         ${@bb.utils.contains('PACKAGECONFIG', 'rootless', 'fuse-overlayfs slirp4netns', '', d)} \
>  "
>  RRECOMMENDS:${PN} += "slirp4netns kernel-module-xt-masquerade kernel-module-xt-comment"
> --
> 2.44.0
>
>
> -=-=-=-=-=-=-=-=-=-=-=-
> Links: You receive all messages sent to this group.
> View/Reply Online (#8651): https://lists.yoctoproject.org/g/meta-virtualization/message/8651
> Mute This Topic: https://lists.yoctoproject.org/mt/105072782/1050810
> Group Owner: meta-virtualization+owner@lists.yoctoproject.org
> Unsubscribe: https://lists.yoctoproject.org/g/meta-virtualization/unsub [bruce.ashfield@gmail.com]
> -=-=-=-=-=-=-=-=-=-=-=-
>


-- 
- Thou shalt not follow the NULL pointer, for chaos and madness await
thee at its end
- "Use the force Harry" - Gandalf, Star Trek II