This is the final release candidate for Podman v5.4.0. Preliminary release notes follow:
Features
- A preview of Podman's support for OCI artifacts has been added through the `podman artifact` suite of commands, including `add`, `inspect`, `ls`, `pull`, `push`, and `rm`. This support is very early and not fully complete, and the command line interface for these tools has not been finalized. We welcome feedback on the new artifact experience through our issue tracker!
- The `podman update` command now supports a wide variety of options related to healthchecks (including `--health-cmd` to define a new healthcheck and `--no-healthcheck` to disable an existing healthcheck), allowing healthchecks to be added to, removed from, and otherwise updated on existing containers. You can find full details on the 15 added options in the manpage.
- The `--mount type=volume` option for the `podman run`, `podman create`, and `podman volume create` commands now supports a new option, `subpath=`, to make only a subset of the volume visible in the container ([20661](https://github.com/containers/podman/issues/20661)).
- The `--userns=keep-id` option for the `podman run`, `podman create`, and `podman pod create` commands now supports a new option, `--userns=keep-id:size=`, to configure the size of the user namespace ([24387](https://github.com/containers/podman/issues/24837)).
- The `podman kube play` command now supports Container Device Interface (CDI) devices ([17833](https://github.com/containers/podman/issues/17833)).
- The `podman machine init` command now supports a new option, `--playbook`, to run an Ansible playbook in the created VM on first boot for initial configuration.
- Quadlet `.pod` files now support a new field, `ShmSize`, to specify the size of the pod's shared SHM ([22915](https://github.com/containers/podman/issues/22915)).
- The `podman run`, `podman create`, and `podman pod create` commands now support a new option, `--hosts-file`, to define the base file used for `/etc/hosts` in the container.
- The `podman run`, `podman create`, and `podman pod create` commands now support a new option, `--no-hostname`, which disables the creation of `/etc/hostname` in the container ([25002](https://github.com/containers/podman/issues/25002)).
- The `podman network create` command now supports a new option for `bridge` networks, `--opt mode=unmanaged`, which allows Podman to use an existing network bridge on the system without changes.
- The `--network` option to `podman run`, `podman create`, and `podman pod create` now accepts a new option for `bridge` networks, `host_interface_name`, which specifies a name for the network interface created outside the container.
- The `podman manifest rm` command now supports a new option, `--ignore`, to not error when removing manifests that do not exist.
- The `podman system prune` command now supports a new option, `--build`, to remove build containers leftover from prematurely terminated builds.
- The `podman events` command now generates events for the creation and removal of networks ([24032](https://github.com/containers/podman/issues/24032)).
Breaking Changes
- Due to a lack of availability of hardware to test on, the Podman maintainers are no longer capable of providing full support for Podman on Intel Macs. Binaries and machine images will still be produced, and pull requests related to MacOS on Intel systems will still be merged, but bugs will be fixed on a best effort basis only. We welcome any potential new maintainers who would be able to assist in restoring full support.
- Quadlet previously incorrectly allowed `:` as a character to define comments. This was a mistake; developer intent and documentation was that `` and `;` were to be used as comment characters instead, matching systemd. This has been corrected, and semicolons now define comments instead of colons.
Changes
- Podman now passes container hostnames to Netavark, which will use them for any DHCP requests for the container.
- Partial pulls of `zstd:chunked` images now only happen for images that have a `RootFS.DiffID` entry in the image's OCI config JSON, and require the layer contents to match. This resolves issues with image ID ambiguity when partial pulls were enabled.
- Packagers can now set the `BUILD_ORIGIN` environment variable when building podman from the `Makefile`. This provides information on who built the Podman binary, and is displayed in `podman version` and `podman info`. This will help upstream bug reports, allowing maintainers to trace how and where the binary was built and installed from.
Bugfixes
- Fixed a bug where `podman machine` VMs on WSL could fail to start when using usermode networking could fail to start due to a port conflict ([20327](https://github.com/containers/podman/issues/20327)).
- Fixed a bug where overlay mounts could not be made at paths where the image specifies a volume ([24555](https://github.com/containers/podman/issues/24555)).
- Fixed a bug where the `podman build` command did not honor the `no_pivot_root` setting from `containers.conf` ([24546](https://github.com/containers/podman/issues/24546)).
- Fixed a bug where volumes would have the wrong permissions if `podman cp` was used to copy into a fresh volume in a container that had never been started.
- Fixed a bug where using `podman cp` to copy into a named volume requiring a mount (image volumes, volumes backed by a volume plugin, or other volumes with options) would fail when the container being copied into was stopped.
- Fixed a bug where rlimits would be set incorrectly when Podman was run as root but without `CAP_SYS_RESOURCE` ([24692](https://github.com/containers/podman/issues/24692)).
- Fixed a bug where the `podman stats --all` command would fail if a container started with `--cgroups=none` was present ([24632](https://github.com/containers/podman/issues/24632)).
- Fixed a bug where the `podman info` command would only return details on one image store even if additional image stores were configured in `storage.conf`.
- Fixed a bug where the `podman update` command could reset resource limits that were not being modified to default ([24610](https://github.com/containers/podman/issues/24610)).
- Fixed a bug where the remote Podman client's `podman update` command could not update resource limits on devices mounted into the container ([24734](https://github.com/containers/podman/issues/24734)).
- Fixed a bug where the `podman manifest annotate` command could panic when the `--index` option was used ([24750](https://github.com/containers/podman/issues/24750)).
- Fixed a bug where a Quadlet container reusing another container's network could cause errors if the second container was not already running.
- Fixed a bug where Quadlet files containing lines with a trailing backslash could cause an infinite loop during parsing ([24810](https://github.com/containers/podman/issues/24810)).
- Fixed a bug where Quadlet would, when run as a non-root user, not generate for files in subfolders of `/etc/containers/systemd/users/` ([24783](https://github.com/containers/podman/issues/24783)).
- Fixed a bug where values in Quadlet files containing octal escape sequences were incorrectly unescaped.
- Fixed a bug where `podman generate kube` could generate persistent volumes with mixed-case names or names containing an underscore, which are not supported by Kubernetes ([16542](https://github.com/containers/podman/issues/16542)).
- Fixed a bug where the `ptmxmode` option to `--mount type=devpts` did not function.
- Fixed a bug where shell completion on Windows would include `.exe` in the executable name, breaking completion on some shells.
- Fixed a bug where the output of `podman inspect` on containers did not include the ID of the network the container was joined to, improving Docker compatibility ([24910](https://github.com/containers/podman/issues/24910)).
- Fixed a bug where containers created with the remote API incorrectly included a create command ([25026](https://github.com/containers/podman/issues/25026)).
- Fixed a bug where it was possible to specify the `libkrun` backend for VMs on Intel Macs (`libkrun` only supports Arm systems).
- Fixed a bug where `libkrun` and `applehv` VMs from `podman machine` could be started at the same time on Macs ([25112](https://github.com/containers/podman/issues/25112)).
- Fixed a bug where `podman exec` commands could not detach from the exec session using the detach keys ([24895](https://github.com/containers/podman/issues/24895)).
API
- The Compat and Libpod Build APIs for Images now support a new query parameter, `nohosts`, which (when set to true) does not create `/etc/hosts` in the image when building.
- Fixed a bug where the Compat Create API for Containers did not honor CDI devices, preventing (among other things) the use of GPUs with `docker compose` ([19338](https://github.com/containers/podman/issues/19338)).
Misc
- The Docker alias script has been fixed to better handle variable substitution.
- Fixed a bug where `podman-restart.service` functioned incorrectly when no containers were present.
- Updated Buildah to v1.39.0
- Updated the containers/common library to v0.62.0
- Updated the containers/storage library to v1.57.1
- Updated the containers/image library to v5.34.0