Skip to content

v5.5.0-RC2

Pre-release
Pre-release
Compare
Choose a tag to compare
@mheon mheon released this 01 May 12:39
· 131 commits to main since this release
v5.5.0-rc2
This tag was signed with the committer’s verified signature. The key has expired.
mheon Matt Heon
GPG key ID: 5A0F5FA1CEF5C874
Expired
Verified
Learn about vigilant mode.
3c4cf52
This commit was signed with the committer’s verified signature. The key has expired.
mheon Matt Heon
GPG key ID: 5A0F5FA1CEF5C874
Expired
Verified
Learn about vigilant mode.

This is the second release candidate of Podman v5.5.0. Preliminary release notes follow:

Features

  • A new command has been added, podman machine cp, to copy files into a running podman machine VM.
  • A new command has been added, podman artifact extract, to copy some or all of the contents of an OCI artifact to a location on disk.
  • The --mount option to podman create, podman run, and podman pod create now supports a new mount type, --mount type=artifact, to mount OCI artifacts into containers.
  • The podman artifact add command now features two new options, --append (to add new files to an existing artifact) and --file-type (to specify the MIME type of the file added to the artifact) (#25884).
  • The podman artifact rm command now features a new option, --all, to remove all artifacts in the local store.
  • The --filter option to podman pause, podman ps, podman restart, podman rm, podman start, podman stop, and podman unpause now accepts a new filter, command, which filters on the first element (argv[0]) of the command run in the container.
  • The podman exec command now supports a new option, --cidfile, to specify the ID of the container to exec into via a file (#21256).
  • The podman kube generate and podman kube play commands now supports a new annotation, io.podman.annotation.pids-limit/$containername, preserving the PID limit for containers across kube generate and kube play (#24418).
  • Quadlet .container units now support three new keys, Memory= (set maximum memory for the created container), ReloadCmd (execute a command via systemd ExecReload), and ReloadSignal (kill the container with the given signal via systemd ExecReload) (#22036).
  • Quadlet .container, .image, and .build units now support two new keys, Retry (number of times to retry pulling image on failure) and RetryDelay (delay between retries) (#25109).
  • Quadlet .pod units now support a new key, HostName=, to set the pod's hostname (#25639).
  • Quadlet files now support a new option, UpheldBy, in the Install section, corresponding to the systemd Upholds option.
  • The names of Quadlet units specified as systemd dependencies are now automatically translated - e.g. Wants=my.container is now valid.
  • Podman now generates events for the creation and removal of secrets (#24030).
  • A new global option has been added to Podman, --cdi-spec-dir, to specify additional search paths for CDI specs to the CDI loader (#18292 and #25691).
  • The podman build command now supports a new option, --inherit-labels (defaults to true), which controls whether labels are inherited from the base image or base stages.
  • The podman update command now supports two new options, --env and --unsetenv, to alter the environment variables of existing containers (#24875).

Breaking Changes

  • Due to changes in Docker API types, two small breaking changes have been made in the Go bindings for the REST API. The containers.Commit() function now returns a new struct (types.IDResponse) with identical contents, and the containers.ExecCreate function's handlers.ExecCreateConfig parameter now contains a different embedded struct, potentially requiring changes to how it is assigned to.

Changes

  • Podman now requires at least Go 1.23 to build.
  • Healthchecks have been refactored to avoid writing to the database as much as possible, greatly improving performance on systems with many simultaneous healthchecks running.
  • Healthchecks now have a new status, stopped, which is reported if the container the healthcheck was run on stopped before the check could be completed (#25276).
  • Containers in pods are now stopped in order based on their dependencies, with the infra container being stopped last, preventing application containers from losing networking before they are stopped due to the infra container stopping prematurely.
  • Due to challenges with handling automatic installation, the Windows installer no longer installs WSLv2 or Hyper-V.
  • Quadlet will now print warnings when skipping lines to help identify malformed Quadlet files (#25339).
  • Creating podman machine VMs with a host mount over the VM's /tmp directory is no longer allowed (#18230).
  • The podman logs command now allows options to be specified after the container name (e.g. podman logs $containername --follow) (#25653).
  • Podman, by default, no longer uses a pause image for pod infra and service containers. Instead, a root filesystem containing only the catatonit binary will be used (#23292).
  • The podman system reset command no longer removes the user's podman.sock API socket.
  • When using Netavark v1.15 and higher, containers in non-default networks will no longer have the default search domain dns.podman added. Queries resolving such names will still work.
  • Stopping a Quadlet .network unit will now delete the network (if no containers are actively using it) (#23678).
  • For security hardening, the /proc/interrupts and /sys/devices/system/cpu/$CPU/thermal_throttle paths are now masked by default in containers (#25634).

Bugfixes

  • Fixed a bug where healthchecks would still run while a container was paused (#24590).
  • Fixed a bug where the remote Podman client on Windows could not mount named volumes with a single-character name into containers (#25218).
  • Fixed a bug where mounting an image could panic when run without CAP_SYS_ADMIN (#25241).
  • Fixed a bug where Podman would not report errors when setting up healthchecks (#25034).
  • Fixed a bug where the podman exec command would not add the additional groups of the user the exec session was run as unless the user was explicitly added with the --user option (#25610).
  • Fixed a bug where errors during the podman network connect and podman network disconnect commands could create errors in the database which would cause podman inspect on the container to fail.
  • Fixed a bug where the podman kube generate command did not correctly generate YAML for volume mounts using a subpath.
  • Fixed a bug where the podman system df command could show a negative reclaimable size.
  • Fixed a bug where accessing a rootful podman machine VM that was not podman-machine-default (the default VM) with the podman machine ssh command would put the user into the rootless shell (#25332).
  • Fixed a bug where the podman machine init would report nonsensical memory values in error messages when trying to create a machine with more memory than the system.
  • Fixed a bug where the remote Podman client's podman start --attach command would incorrectly print an error when run on a container created with the --rm option (#25965).
  • Fixed a bug where the remote Podman client's podman pull command could hang and leak memory if the server was unexpectedly stopped or encountered an error during a pull.
  • Fixed a bug where the remote Podman client's podman cp command would, on Windows, often fail to copy files into the container due to improper handling of Windows paths (#14862).
  • Fixed a bug where the podman container clone command did not correctly copy healthcheck settings to the new container (#21630).
  • Fixed a bug where the podman kube play command would fail to start empty pods (#25786).
  • Fixed a bug where the podman volume ls command did not output headers when no volumes were present (#25911).
  • Fixed a bug where healthcheck configuration provided by a container's image could not be overridden unless the --health-cmd option was specified when creating the container (#20212).
  • Fixed a bug where the --user option to podman create and podman run could not be used with users added to the container by the --hostuser option (#25805).
  • Fixed a bug where the podman system reset command on FreeBSD would incorrectly print an error.
  • Fixed a bug where stopping the podman machine start command with SIGINT could result in machine state being incorrectly set to "Starting" (#24416).

API

  • Fixed a bug where the Compat Create API for Containers ignored ulimits specified in the request when Podman was run rootless (#25881).

Misc

  • Erroneous errors from the ExecStartAndAttach() function in the Go bindings for the REST API have been silenced, where the function would incorrectly report errors when stdin was consumed after the exec session was stopped (#25344).
  • Updated Buildah to v1.40.0
  • Updated the containers/common library to v0.63.0
  • Updated the containers/image library to v5.35.0
  • Updated the containers/storage library to v1.58.0
Assets 12
Loading