Vendor in latest containers/common

Signed-off-by: Daniel J Walsh <dwalsh@redhat.com>

vendor/github.com/containers/common/pkg/config/config.go

@@ -370,11 +370,6 @@ type EngineConfig struct {
 	// LockType is the type of locking to use.
 	LockType string `toml:"lock_type,omitempty"`
 
-	// MachineEnabled indicates if Podman is running in a podman-machine VM
-	//
-	// This method is soft deprecated, use machine.IsPodmanMachine instead
-	MachineEnabled bool `toml:"machine_enabled,omitempty"`
-
 	// MultiImageArchive - if true, the container engine allows for storing
 	// archives (e.g., of the docker-archive transport) with multiple
 	// images.  By default, Podman creates single-image archives.
@@ -421,6 +416,14 @@ type EngineConfig struct {
 	// Indicates whether the application should be running in Remote mode
 	Remote bool `toml:"remote,omitempty"`
 
+	// Number of times to retry pulling/pushing images in case of failure
+	Retry uint `toml:"retry,omitempty"`
+
+	// Delay between retries in case pulling/pushing image fails
+	// If set, container engines will retry at the set interval,
+	// otherwise they delay 2 seconds and then exponentially back off.
+	RetryDelay string `toml:"retry_delay,omitempty"`
+
 	// RemoteURI is deprecated, see ActiveService
 	// RemoteURI containers connection information used to connect to remote system.
 	RemoteURI string `toml:"remote_uri,omitempty"`
@@ -660,6 +663,8 @@ type MachineConfig struct {
 	Volumes attributedstring.Slice `toml:"volumes,omitempty"`
 	// Provider is the virtualization provider used to run podman-machine VM
 	Provider string `toml:"provider,omitempty"`
+	// Rosetta is the flag to enable Rosetta in the podman-machine VM on Apple Silicon
+	Rosetta bool `toml:"rosetta,omitempty"`
 }
 
 // FarmConfig represents the "farm" TOML config tables

vendor/github.com/containers/common/pkg/config/containers.conf

@@ -435,6 +435,9 @@ default_sysctls = [
 
 # The compression format to use when pushing an image.
 # Valid options are: `gzip`, `zstd` and `zstd:chunked`.
+# This field is ignored when pushing images to the docker-daemon and
+# docker-archive formats. It is also ignored when the manifest format is set
+# to v2s2.
 #
 #compression_format = "gzip"
 
@@ -636,7 +639,8 @@ default_sysctls = [
 #
 #no_pivot_root = false
 
-# Number of locks available for containers and pods.
+# Number of locks available for containers, pods, and volumes. Each container,
+# pod, and volume consumes 1 lock for as long as it exists.
 # If this is changed, a lock renumber must be performed (e.g. with the
 # 'podman system renumber' command).
 #
@@ -655,6 +659,16 @@ default_sysctls = [
 #
 #remote = false
 
+# Number of times to retry pulling/pushing images in case of failure
+#
+#retry = 3
+
+# Delay between retries in case pulling/pushing image fails.
+# If set, container engines will retry at the set interval,
+# otherwise they delay 2 seconds and then exponentially back off.
+#
+#retry_delay = "2s"
+
 # Default OCI runtime
 #
 #runtime = "crun"
@@ -809,16 +823,15 @@ default_sysctls = [
 #
 #disk_size=10
 
-# Default image URI when creating a new VM using `podman machine init`.
-# Options: On Linux/Mac, `testing`, `stable`, `next`. On Windows, the major
-# version of the OS (e.g `36`) for Fedora 36. For all platforms you can
-# alternatively specify a custom download URL to an image. Container engines
-# translate URIs $OS and $ARCH to the native OS and ARCH. URI
-# "https://example.com/$OS/$ARCH/foobar.ami" becomes
+# Default Image used when creating a new VM using `podman machine init`.
+# Can be specified as registry with a bootable OCI artifact, download URL, or a local path.
+# Registry target must be in the form of `docker://registry/repo/image:version`.
+# Container engines translate URIs $OS and $ARCH to the native OS and ARCH.
+# URI "https://example.com/$OS/$ARCH/foobar.ami" would become
 # "https://example.com/linux/amd64/foobar.ami" on a Linux AMD machine.
-# The default value is `testing`.
+# If unspecified, the default Podman machine image will be used.
 #
-#image = "testing"
+#image = ""
 
 # Memory in MB a machine is created with.
 #
@@ -843,6 +856,11 @@ default_sysctls = [
 #
 #provider = ""
 
+# Rosetta supports running x86_64 Linux binaries on a Podman machine on Apple silicon.
+# The default value is `true`. Supported on AppleHV(arm64) machines only.
+#
+#rosetta=true
+
 # The [machine] table MUST be the last entry in this file.
 # (Unless another table is added)
 # TOML does not provide a way to end a table other than a further table being

vendor/github.com/containers/common/pkg/config/default.go

@@ -286,10 +286,14 @@ func defaultMachineConfig() MachineConfig {
 	return MachineConfig{
 		CPUs:     uint64(cpus),
 		DiskSize: 100,
-		Image:    getDefaultMachineImage(),
-		Memory:   2048,
-		User:     getDefaultMachineUser(),
-		Volumes:  attributedstring.NewSlice(getDefaultMachineVolumes()),
+		// TODO: Set machine image default here
+		// Currently the default is set in Podman as we need time to stabilize
+		// VM images and locations between different providers.
+		Image:   "",
+		Memory:  2048,
+		User:    getDefaultMachineUser(),
+		Volumes: attributedstring.NewSlice(getDefaultMachineVolumes()),
+		Rosetta: true,
 	}
 }
 
@@ -354,6 +358,7 @@ func defaultEngineConfig() (*EngineConfig, error) {
 	c.PodmanshTimeout = uint(30)
 	c.ExitCommandDelay = uint(5 * 60)
 	c.Remote = isRemote()
+	c.Retry = 3
 	c.OCIRuntimes = map[string][]string{
 		"crun": {
 			"/usr/bin/crun",
@@ -479,7 +484,6 @@ func defaultEngineConfig() (*EngineConfig, error) {
 	// TODO - ideally we should expose a `type LockType string` along with
 	// constants.
 	c.LockType = getDefaultLockType()
-	c.MachineEnabled = false
 	c.ChownCopiedFiles = true
 
 	c.PodExitPolicy = defaultPodExitPolicy
@@ -648,11 +652,6 @@ func (c *Config) LogDriver() string {
 	return c.Containers.LogDriver
 }
 
-// MachineEnabled returns if podman is running inside a VM or not.
-func (c *Config) MachineEnabled() bool {
-	return c.Engine.MachineEnabled
-}
-
 // MachineVolumes returns volumes to mount into the VM.
 func (c *Config) MachineVolumes() ([]string, error) {
 	return machineVolumes(c.Machine.Volumes.Get())
@@ -682,12 +681,6 @@ func getDefaultSSHConfig() string {
 	return filepath.Join(dirname, ".ssh", "config")
 }
 
-// getDefaultImage returns the default machine image stream
-// On Windows this refers to the Fedora major release number
-func getDefaultMachineImage() string {
-	return "testing"
-}
-
 // getDefaultMachineUser returns the user to use for rootless podman
 // This is only for the apple, hyperv, and qemu implementations.
 // WSL's user will be hardcoded in podman to "user"

vendor/github.com/containers/common/pkg/config/default_windows.go

@@ -1,6 +1,13 @@
 package config
 
-import "os"
+import (
+	"fmt"
+	"os"
+	"path/filepath"
+	"strings"
+
+	"github.com/containers/storage/pkg/homedir"
+)
 
 // isCgroup2UnifiedMode returns whether we are running in cgroup2 mode.
 func isCgroup2UnifiedMode() (isUnified bool, isUnifiedErr error) {
@@ -36,7 +43,10 @@ func getLibpodTmpDir() string {
 
 // getDefaultMachineVolumes returns default mounted volumes (possibly with env vars, which will be expanded)
 func getDefaultMachineVolumes() []string {
-	return []string{}
+	hd := homedir.Get()
+	vol := filepath.VolumeName(hd)
+	hostMnt := filepath.ToSlash(strings.TrimPrefix(hd, vol))
+	return []string{fmt.Sprintf("%s:%s", hd, hostMnt)}
 }
 
 func getDefaultComposeProviders() []string {

vendor/github.com/containers/common/pkg/hooks/hooks.go

@@ -122,10 +122,8 @@ func (m *Manager) Hooks(config *rspec.Spec, annotations map[string]string, hasBi
 					switch stage {
 					case "createContainer":
 						config.Hooks.CreateContainer = append(config.Hooks.CreateContainer, namedHook.hook.Hook)
-					case "createRuntime":
+					case "createRuntime", "prestart":
 						config.Hooks.CreateRuntime = append(config.Hooks.CreateRuntime, namedHook.hook.Hook)
-					case "prestart":
-						config.Hooks.Prestart = append(config.Hooks.Prestart, namedHook.hook.Hook)
 					case "poststart":
 						config.Hooks.Poststart = append(config.Hooks.Poststart, namedHook.hook.Hook)
 					case "poststop":

vendor/github.com/containers/common/pkg/machine/machine.go

@@ -4,9 +4,6 @@ import (
 	"os"
 	"strings"
 	"sync"
-
-	"github.com/containers/common/pkg/config"
-	"github.com/sirupsen/logrus"
 )
 
 type Marker struct {
@@ -29,9 +26,7 @@ var (
 
 func loadMachineMarker(file string) {
 	var kind string
-
-	// Support deprecated config value for compatibility
-	enabled := isLegacyConfigSet()
+	enabled := false
 
 	if content, err := os.ReadFile(file); err == nil {
 		enabled = true
@@ -41,17 +36,6 @@ func loadMachineMarker(file string) {
 	marker = &Marker{enabled, kind}
 }
 
-func isLegacyConfigSet() bool {
-	config, err := config.Default()
-	if err != nil {
-		logrus.Warnf("could not obtain container configuration")
-		return false
-	}
-
-	//nolint:staticcheck //lint:ignore SA1019 deprecated call
-	return config.Engine.MachineEnabled
-}
-
 func IsPodmanMachine() bool {
 	return GetMachineMarker().Enabled
 }

vendor/github.com/containers/common/pkg/netns/netns_linux.go

@@ -177,16 +177,26 @@ func newNSPath(nsPath string) (ns.NetNS, error) {
 
 // UnmountNS unmounts the given netns path
 func UnmountNS(nsPath string) error {
+	var rErr error
 	// Only unmount if it's been bind-mounted (don't touch namespaces in /proc...)
 	if !strings.HasPrefix(nsPath, "/proc/") {
 		if err := unix.Unmount(nsPath, unix.MNT_DETACH); err != nil {
-			return fmt.Errorf("failed to unmount NS: at %s: %v", nsPath, err)
+			// Do not return here, always try to remove below.
+			// This is important in case podman now is in a new userns compared to
+			// when the netns was created. The umount will fail EINVAL but removing
+			// the file will work and the kernel will destroy the bind mount in the
+			// other ns because of this. We also need it so pasta doesn't leak.
+			rErr = fmt.Errorf("failed to unmount NS: at %s: %w", nsPath, err)
 		}
 
 		if err := os.Remove(nsPath); err != nil {
-			return fmt.Errorf("failed to remove ns path %s: %v", nsPath, err)
+			err := fmt.Errorf("failed to remove ns path: %w", err)
+			if rErr != nil {
+				err = fmt.Errorf("%v, %w", err, rErr)
+			}
+			rErr = err
 		}
 	}
 
-	return nil
+	return rErr
 }