From 15e67a3407921fbfc83807c7388be49d517f7704 Mon Sep 17 00:00:00 2001 From: Mario Loriedo Date: Wed, 26 Nov 2025 11:49:47 +0100 Subject: [PATCH 1/4] Use $BINDIR as the default helper binary directory on Windows The default helper binary directory on Windows was hardcoded. However the new user-scope installer deploys the binaries on a distinct directory. As a consequence `podman machine start` fails because gvproxy/winssh-proxy cannot be found. This problem affects Hyper-V, not WSL. To fix the problem we are using $BINDIR that is used by the function FindHelperBinaries to look in the directory where podman is located. Fixes https://github.com/containers/podman/issues/27603 Signed-off-by: Mario Loriedo --- common/pkg/config/config_windows.go | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/common/pkg/config/config_windows.go b/common/pkg/config/config_windows.go index bbaac5ad5c..9caf89dc42 100644 --- a/common/pkg/config/config_windows.go +++ b/common/pkg/config/config_windows.go @@ -31,5 +31,7 @@ func overrideContainersConfigPath() (string, error) { } var defaultHelperBinariesDir = []string{ - "C:\\Program Files\\RedHat\\Podman", + // FindHelperBinaries(), as a convention, interprets $BINDIR as the + // directory where the current process binary (i.e. podman) is located. + "$BINDIR", } From b134ef03a769ed1764d524e45d0e81a3cca8c2df Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 21 Nov 2025 18:13:15 +0100 Subject: [PATCH 2/4] common: clarify containers.conf doc for env When using http proxy vars in the engine section they can still get leaked because http_proxy defaults to true. Fixes: https://issues.redhat.com/browse/RHEL-127541 Signed-off-by: Paul Holzinger (cherry picked from commit d205608c8509f768ac9e55d2e3bb4b814fbb1e5f) Signed-off-by: Paul Holzinger --- common/docs/containers.conf.5.md | 11 +++++++---- common/pkg/config/containers.conf | 18 +++++++++++------- common/pkg/config/containers.conf-freebsd | 18 +++++++++++------- 3 files changed, 29 insertions(+), 18 deletions(-) diff --git a/common/docs/containers.conf.5.md b/common/docs/containers.conf.5.md index a7f233709c..f5c247f01f 100644 --- a/common/docs/containers.conf.5.md +++ b/common/docs/containers.conf.5.md @@ -298,9 +298,9 @@ Logging driver for the container. Currently available options are k8s-file, jour **log_path**="" -Default path for container logs to be stored in. When empty, logs will be stored +Default path for container logs to be stored in. When empty, logs will be stored in the container's default storage and removed when the container is removed. -A subdirectory named with the container ID will be created under the specified +A subdirectory named with the container ID will be created under the specified path, and the log file will have the default name `ctr.log` within that directory. This option can be overridden by the `--log-opt` flag. @@ -621,10 +621,13 @@ Disabling this can save memory. **env**=[] -Environment variables to be used when running the container engine (e.g., Podman, Buildah). For example "http_proxy=internal.proxy.company.com". -Note these environment variables will not be used within the container. Set the env section under [containers] table, +Environment variables to be used when running the container engine (e.g., Podman, Buildah). For example "MYVAR=value". +These environment variables will not be used within the container. Set the env section under the [containers] table, if you want to set environment variables for the container. +Note when using this to set http proxy variables then they might get leaked into the container depending on +if `http_proxy` (under the [containers] table) is set to to true (default) or false. + **events_logfile_path**="" Define where event logs will be stored, when events_logger is "file". diff --git a/common/pkg/config/containers.conf b/common/pkg/config/containers.conf index 2e392d048e..1c9fe54c37 100644 --- a/common/pkg/config/containers.conf +++ b/common/pkg/config/containers.conf @@ -216,12 +216,12 @@ default_sysctls = [ # #log_driver = "k8s-file" -# Default path for container logs to be stored in. When empty, logs will be stored +# Default path for container logs to be stored in. When empty, logs will be stored # in the container's default storage and removed when the container is removed. -# A subdirectory named with the container ID will be created under the specified +# A subdirectory named with the container ID will be created under the specified # path, and the log file will have the default name `ctr.log` within that directory. # This option can be overridden by the `--log-opt` flag. -# +# #log_path = "" # Maximum size allowed for the container log file. Negative numbers indicate @@ -542,10 +542,14 @@ default_sysctls = [ # #enable_port_reservation = true -# Environment variables to be used when running the container engine (e.g., Podman, Buildah). -# For example "http_proxy=internal.proxy.company.com". -# Note these environment variables will not be used within the container. -# Set the env section under [containers] table, if you want to set environment variables for the container. +# Environment variables to be used when running the container engine (e.g., +# Podman, Buildah). For example "MYVAR=value". These environment variables +# will not be used within the container. Set the env section under the +# [containers] table, if you want to set environment variables for the +# container. +# Note when using this to set http proxy variables then they might get +# leaked into the container depending on if `http_proxy` (under the +# [containers] table) is set to to true (default) or false. # #env = [] diff --git a/common/pkg/config/containers.conf-freebsd b/common/pkg/config/containers.conf-freebsd index bd999c339c..6a8163066e 100644 --- a/common/pkg/config/containers.conf-freebsd +++ b/common/pkg/config/containers.conf-freebsd @@ -169,12 +169,12 @@ default_sysctls = [ # #log_driver = "k8s-file" -# Default path for container logs to be stored in. When empty, logs will be stored +# Default path for container logs to be stored in. When empty, logs will be stored # in the container's default storage and removed when the container is removed. -# A subdirectory named with the container ID will be created under the specified +# A subdirectory named with the container ID will be created under the specified # path, and the log file will have the default name `ctr.log` within that directory. # This option can be overridden by the `--log-opt` flag. -# +# #log_path = "" # Maximum size allowed for the container log file. Negative numbers indicate @@ -393,10 +393,14 @@ default_sysctls = [ # #enable_port_reservation = true -# Environment variables to be used when running the container engine (e.g., Podman, Buildah). -# For example "http_proxy=internal.proxy.company.com". -# Note these environment variables will not be used within the container. -# Set the env section under [containers] table, if you want to set environment variables for the container. +# Environment variables to be used when running the container engine (e.g., +# Podman, Buildah). For example "MYVAR=value". These environment variables +# will not be used within the container. Set the env section under the +# [containers] table, if you want to set environment variables for the +# container. +# Note when using this to set http proxy variables then they might get +# leaked into the container depending on if `http_proxy` (under the +# [containers] table) is set to to true (default) or false. # #env = [] From 0799dfdfcbb09a08f4dac35365f8b25acd10caf0 Mon Sep 17 00:00:00 2001 From: tomsweeneyredhat Date: Fri, 5 Dec 2025 15:19:54 -0500 Subject: [PATCH 3/4] Bump common to v0.66.1 Bump common to v0.66.1 in preparation for Podman v5.7 Signed-off-by: tomsweeneyredhat --- common/version/version.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/common/version/version.go b/common/version/version.go index ad62f22ac3..69b597ef70 100644 --- a/common/version/version.go +++ b/common/version/version.go @@ -1,4 +1,4 @@ package version // Version is the version of the build. -const Version = "0.66.0" +const Version = "0.66.1" From f25011560dcd9795be6016fcde2b0e393f8b73ec Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Mon, 8 Dec 2025 18:57:52 +0100 Subject: [PATCH 4/4] validate: refactor git-validate Do not define GIT_CHECK_EXCLUDE in two places and just define it once and make the action use the Makefile. In addtion we don't want to lint the full set of commits, this seems to cause side effects with merge commits as it lints commits that may no actual be in the PR and thus it can fail. Using "github.event.pull_request.base.sha" is the right base commit we care about and makes the validation work. Thanks to Miloslav for finding that value. Signed-off-by: Paul Holzinger --- .github/workflows/validate.yml | 8 +++----- Makefile | 5 ++++- 2 files changed, 7 insertions(+), 6 deletions(-) diff --git a/.github/workflows/validate.yml b/.github/workflows/validate.yml index d86c524c70..dba09a4248 100644 --- a/.github/workflows/validate.yml +++ b/.github/workflows/validate.yml @@ -71,7 +71,8 @@ jobs: if: github.event_name == 'pull_request' runs-on: ubuntu-24.04 env: - GIT_CHECK_EXCLUDE: "./vendor" + # Base commit sha that we use the lint the commit from + EPOCH_TEST_COMMIT: "${{ github.event.pull_request.base.sha }}" steps: - uses: actions/checkout@v6 with: @@ -85,10 +86,7 @@ jobs: # See comment on lint task cache-dependency-path: "**/go.sum" - name: run git-validation - - # We validate all commits as we only fetched the number of commits in the PR above, - # by default git-validation has some special github action handling but that seems broken. - run: make .install.gitvalidation && git-validation -no-github + run: make .install.gitvalidation && make git-validation go-vendor: runs-on: ubuntu-24.04 diff --git a/Makefile b/Makefile index 0a4eff7dcd..16ce5d0eb6 100644 --- a/Makefile +++ b/Makefile @@ -41,7 +41,10 @@ install.tools: .install.gitvalidation .install.golangci-lint .install.md2man .PHONY: git-validation git-validation: .install.gitvalidation - GIT_CHECK_EXCLUDE="./vendor" git-validation -q -run DCO,short-subject,dangling-whitespace -range "$(EPOCH_TEST_COMMIT)..HEAD" +ifndef EPOCH_TEST_COMMIT + $(error EPOCH_TEST_COMMIT is empty) +endif + GIT_CHECK_EXCLUDE="./vendor" git-validation $(if $(CI),,-q) -run DCO,short-subject,dangling-whitespace -range "$(EPOCH_TEST_COMMIT)..HEAD" .PHONY: lint lint: .install.golangci-lint