Bump github.com/containers/podman/v4 from 4.1.1 to 4.2.0

[dependabot[bot]]

Bumps github.com/containers/podman/v4 from 4.1.1 to 4.2.0.

Release notes

Sourced from github.com/containers/podman/v4's releases.

v4.2.0

Podman Desktop

As part of our work to better integrate Podman into MacOS and Windows, we have also been working on a new project, Podman Desktop, which provides a GUI to help developers interact with Podman. Podman Desktop is still in its early days, but already provides capabilities to list your images, interact with containers (access logs, get a terminal), connect to registries (pull private images, push your images) and configure podman settings (proxies).

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• Pods now have include an exit policy (configurable via the --exit-policy option to podman pod create), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops, and is used by default for pods from podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
• Added the ability to create sigstore signatures in podman push and podman manifest push.
• Added an option to read image signing passphrase from a file.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.

... (truncated)

Changelog

Sourced from github.com/containers/podman/v4's changelog.

4.2.0

Features

• Podman now supports the Gitlab Runner (using the Docker executor), allowing its use in Gitlab CI/CD pipelines.
• A new command has been added, podman pod clone, to create a copy of an existing pod. It supports several options, including --start to start the new pod, --destroy to remove the original pod, and --name to change the name of the new pod (#12843).
• A new command has been added, podman volume reload, to sync changes in state between Podman's database and any configured volume plugins (#14207).
• A new command has been added, podman machine info, which displays information about the host and the versions of various machine components.
• Pods created by podman play kube can now be managed by systemd unit files. This can be done via a new systemd service, podman-kube@.service - e.g. systemctl --user start podman-play-kube@$(systemd-escape my.yaml).service will run the Kubernetes pod or deployment contained in my.yaml under systemd.
• The podman play kube command now honors the RunAsUser, RunAsGroup, and SupplementalGroups setting from the Kubernetes pod's security context.
• The podman play kube command now supports volumes with the BlockDevice and CharDevice types (#13951).
• The podman play kube command now features a new flag, --userns, to set the user namespace of created pods. Two values are allowed at present: host and auto (#7504).
• The podman play kube command now supports setting the type of created init containers via the io.podman.annotations.init.container.type annotation.
• The podman pod create command now supports an exit policy (configurable via the --exit-policy option), which determines what will happen to the pod's infra container when the entire pod stops. The default, continue, acts as Podman currently does, while a new option, stop, stops the infra container after the last container in the pod stops. The latter is used for pods created via podman play kube (#13464).
• The podman pod create command now allows the pod's name to be specified as an argument, instead of using the --name option - for example, podman pod create mypod instead of the prior podman pod create --name mypod. Please note that the --name option is not deprecated and will continue to work.
• The podman pod create command's --share option now supports adding namespaces to the set by prefacing them with + (as opposed to specifying all namespaces that should be shared) (#13422).
• The podman pod create command has a new option, --shm-size, to specify the size of the /dev/shm mount that will be shared if the pod shares its UTS namespace (#14609).
• The podman pod create command has a new option, --uts, to configure the UTS namespace that will be shared by containers in the pod.
• The podman pod create command now supports setting pod-level resource limits via the --cpus, --cpuset-cpus, and --memory options. These will set a limit for all containers in the pod, while individual containers within the pod are allowed to set further limits. Look forward to more options for resource limits in our next release!
• The podman create and podman run commands now include the -c short option for the --cpu-shares option.
• The podman create and podman run commands can now create containers from a manifest list (and not an image) as long as the --platform option is specified (#14773).
• The podman build command now supports a new option, --cpp-flag, to specify options for the C preprocessor when using Containerfile.in files that require preprocessing.
• The podman build command now supports a new option, --build-context, allowing the user to specify an additional build context.
• The podman machine inspect command now prints the location of the VM's Podman API socket on the host (#14231).
• The podman machine init command on Windows now fetches an image with packages pre-installed (#14698).
• Unused, cached Podman machine VM images are now cleaned up automatically. Note that because Podman now caches in a different directory, this will not clean up old images pulled before this change (#14697).
• The default for the --image-volume option to podman run and podman create can now have its default set through the image_volume_mode setting in containers.conf (#14230).
• Overlay volumes now support two new options, workdir and upperdir, to allow multiple overlay volumes from different containers to reuse the same workdir or upperdir (#14427).
• The podman volume create command now supports two new options, copy and nocopy, to control whether contents from the overmounted folder in a container will be copied into the newly-created named volume (copy-up).
• Volumes created using a volume plugin can now specify a timeout for all operations that contact the volume plugin (replacing the standard 5 second timeout) via the --opt o=timeout= option to podman volume create (BZ 2080458).
• The podman volume ls command's --filter name= option now supports regular expression matching for volume names (#14583).
• When used with a podman machine VM, volumes now support specification of the 9p security model using the security_model option to podman create -v and podman run -v.
• The remote Podman client's podman push command now supports the --remove-signatures option (#14558).
• The remote Podman client now supports the podman image scp command.
• The podman image scp command now supports tagging the transferred image with a new name.
• The podman network ls command supports a new filter, --filter dangling=, to list networks not presently used by any containers (#14595).
• The --condition option to podman wait can now be specified multiple times to wait on any one of multiple conditions.
• The podman events command now includes the -f short option for the --filter option.
• The podman pull command now includes the -a short option for the --all-tags option.
• The podman stop command now includes a new flag, --filter, to filter which containers will be stopped (e.g. podman stop --all --filter label=COM.MY.APP).
• The Podman global option --url now has two aliases: -H and --host.
• The podman network create command now supports a new option with the default bridge driver, --opt isolate=, which isolates the network by blocking any traffic from it to any other network with the isolate option enabled. This option is enabled by default for networks created using the Docker-compatible API.
• Added the ability to create sigstore signatures in podman push and podman manifest push.
• Added an option to read image signing passphrase from a file.

Changes

• Paused containers can now be killed with the podman kill command.
• The podman system prune command now removes unused networks.
• The --userns=keep-id and --userns=nomap options to the podman run and podman create commands are no longer allowed (instead of simply being ignored) with root Podman.
• If the /run directory for a container is part of a volume, Podman will not create the /run/.containerenv file (#14577).
• The podman machine stop command on macOS now waits for the machine to be completely stopped to exit (#14148).
• All podman machine commands now only support being run as rootless, given that VMs only functioned when run rootless.

... (truncated)

Commits

• 7fe5a41 Bump to v4.2.0
• 754e320 Final release notes for v4.2.0
• 4900394 Document behavior of --timestamp when only FROM is used
• b619c7a check memory test based on range
• a3778b0 specgen: use sandbox id instead of name for annotation
• fa1085e cmd: refuse --userns if a mapping is specified
• 91a1f30 e2e: Add rootless mount cleanup test
• 297c722 [CI:COPR] podman.spec.rpkg: add python3 dependency for el8
• a6ea332 start filter flag changes
• a19c5a2 Cirrus: Run Cross builds in [CI:DOCS] mode
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/containers/fetchit/network/alerts).

[cooktheryan]

we will need to hold this until RHEL 8 gets podman v4.2