Path to this page:
Subject: CVS commit: pkgsrc/sysutils/podman
From: Leonardo Taccari
Date: 2021-12-18 19:11:48
Message id: 20211218181148.AF5EDFAEC@cvs.NetBSD.org
Log Message:
podman: Update to 3.4.4
Changes:
[Bugfixes, misc and API changes were omitted due taking too much space and
probably not so interesting]
3.4.4
=====
3.4.4 is a bugfixes release.
3.4.3
=====
Security
* This release addresses CVE-2021-4024, where the podman machine command
opened the gvproxy API (used to forward ports to podman machine VMs) to the
public internet on port 7777.
* This release addresses CVE-2021-41190, where incomplete specification of
behavior regarding image manifests could lead to inconsistent decoding on
different clients.
Features
--------
* The --secret type=mount option to podman create and podman run supports a
new option, target=, which specifies where in the container the secret will
be mounted (#12287).
Several misc, bugfixes and API changes.
3.4.2
=====
3.4.2 is a bugfixes release.
3.4.1
=====
3.4.1 is a misc and bugfixes release.
3.4.0
=====
Features
--------
* Pods now support init containers! Init containers are containers which run
before the rest of the pod starts. There are two types of init containers:
"always", which always run before the pod is started, and \
"once", which
only run the first time the pod starts and are subsequently removed. They
can be added using the podman create command's --init-ctr option.
* Support for init containers has also been added to podman play kube and
podman generate kube - init containers contained in Kubernetes YAML will be
created as Podman init containers, and YAML generated by Podman will
include any init containers created.
* The podman play kube command now supports building images. If the --build
option is given and a directory with the name of the specified image exists
in the current working directory and contains a valid Containerfile or
Dockerfile, the image will be built and used for the container.
* The podman play kube command now supports a new option, --down, which
removes any pods and containers created by the given Kubernetes YAML.
* The podman generate kube command now generates annotations for SELinux
mount options on volume (:z and :Z) that are respected by the podman play
kube command.
* A new command has been added, podman pod logs, to return logs for all
containers in a pod at the same time.
* Two new commands have been added, podman volume export (to export a volume
to a tar file) and podman volume import) (to populate a volume from a given
tar file).
* The podman auto-update command now supports simple rollbacks. If a
container fails to start after an automatic update, it will be rolled back
to the previous image and restarted again.
* Pods now share their user namespace by default, and the podman pod create
command now supports the --userns option. This allows rootless pods to be
created with the --userns=keep-id option.
* The podman pod ps command now supports a new filter with its --filter
option, until, which returns pods created before a given timestamp.
* The podman image scp command has been added. This command allows images to
be transferred between different hosts.
* The podman stats command supports a new option, --interval, to specify the
amount of time before the information is refreshed.
* The podman inspect command now includes ports exposed (but not published)
by containers (e.g. ports from --expose when --publish-all is not
specified).
* The podman inspect command now has a new boolean value, Checkpointed, which
indicates that a container was stopped as a result of a podman container
checkpoint operation.
* Volumes created by podman volume create now support setting quotas when run
atop XFS. The size and inode options allow the maximum size and maximum
number of inodes consumed by a volume to be limited.
* The podman info command now outputs information on what log drivers,
network drivers, and volume plugins are available for use (#11265).
* The podman info command now outputs the current log driver in use, and the
variant and codename of the distribution in use.
* The parameters of the VM created by podman machine init (amount of disk
space, memory, CPUs) can now be set in containers.conf.
* The podman machine ls command now shows additional information (CPUs,
memory, disk size) about VMs managed by podman machine.
* The podman ps command now includes healthcheck status in container state
for containers that have healthchecks (#11527).
Changes
-------
* The podman build command has a new alias, podman buildx, to improve
compatibility with Docker. We have already added support for many docker
buildx flags to podman build and aim to continue to do so.
* Cases where Podman is run without a user session or a writable temporary
files directory will now produce better error messages.
* The default log driver has been changed from file to journald. The file
driver did not properly support log rotation, so this should lead to a
better experience. If journald is not available on the system, Podman will
automatically revert to the file.
* Podman no longer depends on ip for removing networks (#11403).
* The deprecated --macvlan flag to podman network create now warns when it is
used. It will be removed entirely in the Podman 4.0 release.
* The podman machine start command now prints a message when the VM is
successfully started.
* The podman stats command can now be used on containers that are paused.
* The podman unshare command will now return the exit code of the command
that was run in the user namespace (assuming the command was successfully
run).
* Successful healthchecks will no longer add a healthy line to the system log
to reduce log spam.
* As a temporary workaround for a lack of shortname prompts in the Podman
remote client, VMs created by podman machine now default to only using the
docker.io registry.
Several misc, bugfixes and API changes.
Files: