[v0.61] Some backports

libimage/image_test.go

@@ -391,7 +391,7 @@ func TestUntag(t *testing.T) {
 func getImageAndRuntime(t *testing.T) (*Runtime, *Image) {
 	// Note: this will resolve pull from the GCR registry (see
 	// testdata/registries.conf).
-	busyboxLatest := "docker.io/library/busybox:latest"
+	busyboxLatest := "quay.io/libpod/busybox:latest"
 
 	runtime := testNewRuntime(t)
 	ctx := context.Background()

libimage/pull_test.go

@@ -223,7 +223,7 @@ func TestPullOCINoReference(t *testing.T) {
 	// Exercise pulling from the OCI transport and make sure that a
 	// specified reference is preserved in the image name.
 
-	busybox := "docker.io/library/busybox:latest"
+	busybox := "quay.io/libpod/busybox:latest"
 	runtime := testNewRuntime(t)
 	ctx := context.Background()
 	pullOptions := &PullOptions{}

libimage/push_test.go

@@ -22,7 +22,7 @@ func TestPush(t *testing.T) {
 	// Prefetch alpine.
 	pullOptions := &PullOptions{}
 	pullOptions.Writer = os.Stdout
-	_, err := runtime.Pull(ctx, "docker.io/library/alpine:latest", config.PullPolicyAlways, pullOptions)
+	_, err := runtime.Pull(ctx, "quay.io/libpod/alpine:latest", config.PullPolicyAlways, pullOptions)
 	require.NoError(t, err)
 
 	pushOptions := &PushOptions{}
@@ -81,7 +81,7 @@ func TestPushOtherPlatform(t *testing.T) {
 	pullOptions := &PullOptions{}
 	pullOptions.Writer = os.Stdout
 	pullOptions.Architecture = "arm64"
-	pulledImages, err := runtime.Pull(ctx, "docker.io/library/alpine:latest", config.PullPolicyAlways, pullOptions)
+	pulledImages, err := runtime.Pull(ctx, "quay.io/libpod/alpine:latest", config.PullPolicyAlways, pullOptions)
 	require.NoError(t, err)
 	require.Len(t, pulledImages, 1)
 
@@ -95,7 +95,7 @@ func TestPushOtherPlatform(t *testing.T) {
 	require.NoError(t, err)
 	tmp.Close()
 	defer os.Remove(tmp.Name())
-	_, err = runtime.Push(ctx, "docker.io/library/alpine:latest", "docker-archive:"+tmp.Name(), pushOptions)
+	_, err = runtime.Push(ctx, "quay.io/libpod/alpine:latest", "docker-archive:"+tmp.Name(), pushOptions)
 	require.NoError(t, err)
 }
 
@@ -107,7 +107,7 @@ func TestPushWithForceCompression(t *testing.T) {
 	pullOptions := &PullOptions{}
 	pullOptions.Writer = os.Stdout
 	pullOptions.Architecture = "arm64"
-	pulledImages, err := runtime.Pull(ctx, "docker.io/library/alpine:latest", config.PullPolicyAlways, pullOptions)
+	pulledImages, err := runtime.Pull(ctx, "quay.io/libpod/alpine:latest", config.PullPolicyAlways, pullOptions)
 	require.NoError(t, err)
 	require.Len(t, pulledImages, 1)
 
@@ -121,7 +121,7 @@ func TestPushWithForceCompression(t *testing.T) {
 	pushOptions.SystemContext.DirForceDecompress = true
 	pushOptions.Writer = os.Stdout
 	dirDest := t.TempDir()
-	_, err = runtime.Push(ctx, "docker.io/library/alpine:latest", "dir:"+dirDest, pushOptions)
+	_, err = runtime.Push(ctx, "quay.io/libpod/alpine:latest", "dir:"+dirDest, pushOptions)
 	require.NoError(t, err)
 
 	// Pull uncompressed alpine from `dir:dirDest` as source.
@@ -137,7 +137,7 @@ func TestPushWithForceCompression(t *testing.T) {
 	pushOptions.OciAcceptUncompressedLayers = true
 	pushOptions.Writer = os.Stdout
 	ociDest := t.TempDir()
-	_, err = runtime.Push(ctx, "docker.io/library/alpine:latest", "oci:"+ociDest, pushOptions)
+	_, err = runtime.Push(ctx, "quay.io/libpod/alpine:latest", "oci:"+ociDest, pushOptions)
 	require.NoError(t, err)
 
 	// blobs from first push
@@ -154,7 +154,7 @@ func TestPushWithForceCompression(t *testing.T) {
 	pushOptions.Writer = os.Stdout
 	pushOptions.CompressionFormat = &compression.Gzip
 	pushOptions.ForceCompressionFormat = false
-	_, err = runtime.Push(ctx, "docker.io/library/alpine:latest", "oci:"+ociDest, pushOptions)
+	_, err = runtime.Push(ctx, "quay.io/libpod/alpine:latest", "oci:"+ociDest, pushOptions)
 	require.NoError(t, err)
 
 	// blobs from second push
@@ -175,7 +175,7 @@ func TestPushWithForceCompression(t *testing.T) {
 	pushOptions.Writer = os.Stdout
 	pushOptions.CompressionFormat = &compression.Gzip
 	pushOptions.ForceCompressionFormat = true
-	_, err = runtime.Push(ctx, "docker.io/library/alpine:latest", "oci:"+ociDest, pushOptions)
+	_, err = runtime.Push(ctx, "quay.io/libpod/alpine:latest", "oci:"+ociDest, pushOptions)
 	require.NoError(t, err)
 
 	// collect blobs from third push

libimage/remove_test.go

@@ -14,7 +14,7 @@ import (
 func TestRemoveImages(t *testing.T) {
 	// Note: this will resolve pull from the GCR registry (see
 	// testdata/registries.conf).
-	busyboxLatest := "docker.io/library/busybox:latest"
+	busyboxLatest := "quay.io/libpod/busybox:latest"
 
 	runtime := testNewRuntime(t)
 	ctx := context.Background()

libimage/runtime_test.go

@@ -109,8 +109,8 @@ func TestRuntimeListImagesAllImages(t *testing.T) {
 	ctx := context.Background()
 
 	// Prefetch alpine, busybox.
-	testRuntimePullImage(t, runtime, ctx, "docker.io/library/alpine:latest")
-	testRuntimePullImage(t, runtime, ctx, "docker.io/library/busybox:latest")
+	testRuntimePullImage(t, runtime, ctx, "quay.io/libpod/alpine:latest")
+	testRuntimePullImage(t, runtime, ctx, "quay.io/libpod/busybox:latest")
 
 	images, err := runtime.ListImages(ctx, nil)
 	require.NoError(t, err)
@@ -122,7 +122,7 @@ func TestRuntimeListImagesAllImages(t *testing.T) {
 	}
 	assert.ElementsMatch(t,
 		image_names,
-		[]string{"docker.io/library/alpine:latest", "docker.io/library/busybox:latest"},
+		[]string{"quay.io/libpod/alpine:latest", "quay.io/libpod/busybox:latest"},
 	)
 }
 
@@ -131,15 +131,15 @@ func TestRuntimeListImagesByNames(t *testing.T) {
 	ctx := context.Background()
 
 	// Prefetch alpine, busybox.
-	testRuntimePullImage(t, runtime, ctx, "docker.io/library/alpine:latest")
-	testRuntimePullImage(t, runtime, ctx, "docker.io/library/busybox:latest")
+	testRuntimePullImage(t, runtime, ctx, "quay.io/libpod/alpine:latest")
+	testRuntimePullImage(t, runtime, ctx, "quay.io/libpod/busybox:latest")
 
 	for _, test := range []struct {
 		name     string
 		fullName string
 	}{
-		{"alpine", "docker.io/library/alpine:latest"},
-		{"busybox", "docker.io/library/busybox:latest"},
+		{"alpine", "quay.io/libpod/alpine:latest"},
+		{"busybox", "quay.io/libpod/busybox:latest"},
 	} {
 		images, err := runtime.ListImagesByNames([]string{test.name})
 		require.NoError(t, err)

libimage/save_test.go

@@ -19,9 +19,9 @@ func TestSave(t *testing.T) {
 	// Prefetch alpine, busybox.
 	pullOptions := &PullOptions{}
 	pullOptions.Writer = os.Stdout
-	_, err := runtime.Pull(ctx, "docker.io/library/alpine:latest", config.PullPolicyAlways, pullOptions)
+	_, err := runtime.Pull(ctx, "quay.io/libpod/alpine:latest", config.PullPolicyAlways, pullOptions)
 	require.NoError(t, err)
-	_, err = runtime.Pull(ctx, "docker.io/library/busybox:latest", config.PullPolicyAlways, pullOptions)
+	_, err = runtime.Pull(ctx, "quay.io/libpod/busybox:latest", config.PullPolicyAlways, pullOptions)
 	require.NoError(t, err)
 
 	// Save the two images into a multi-image archive.  This way, we can

libnetwork/pasta/pasta_linux.go

@@ -110,13 +110,26 @@ func Setup(opts *SetupOptions) (*SetupResult, error) {
 			return err
 		}
 		for _, addr := range addrs {
-			// make sure to skip localhost and other special addresses
-			if ipnet, ok := addr.(*net.IPNet); ok && ipnet.IP.IsGlobalUnicast() {
-				result.IPAddresses = append(result.IPAddresses, ipnet.IP)
-				if !ipv4 && util.IsIPv4(ipnet.IP) {
+			// make sure to skip loopback and multicast addresses
+			if ipnet, ok := addr.(*net.IPNet); ok && !ipnet.IP.IsLoopback() && !ipnet.IP.IsMulticast() {
+				if util.IsIPv4(ipnet.IP) {
+					result.IPAddresses = append(result.IPAddresses, ipnet.IP)
 					ipv4 = true
-				}
-				if !ipv6 && util.IsIPv6(ipnet.IP) {
+				} else if !ipnet.IP.IsLinkLocalUnicast() {
+					// Else must be ipv6.
+					// We shouldn't resolve hosts.containers.internal to IPv6
+					// link-local addresses, for two reasons:
+					// 1. even if IPv6 is disabled in pasta (--ipv4-only), the
+					//    kernel will configure an IPv6 link-local address in the
+					//    container, but that doesn't mean that IPv6 connectivity
+					//    is actually working
+					// 2. link-local addresses need to be suffixed by the zone
+					//    (interface) to be of any use, but we can't do it here
+					//
+					// Thus, don't include IPv6 link-local addresses in
+					// IPAddresses: Podman uses them for /etc/hosts entries, and
+					// those need to be functional.
+					result.IPAddresses = append(result.IPAddresses, ipnet.IP)
 					ipv6 = true
 				}
 			}

pkg/ssh/connection_golang.go

@@ -10,7 +10,6 @@ import (
 	"net/url"
 	"os"
 	"os/user"
-	"path"
 	"path/filepath"
 	"regexp"
 	"strings"
@@ -313,7 +312,7 @@ func ValidateAndConfigure(uri *url.URL, iden string, insecureIsMachineConnection
 		if !errors.Is(err, os.ErrNotExist) {
 			return nil, err
 		}
-		keyDir := path.Dir(keyFilePath)
+		keyDir := filepath.Dir(keyFilePath)
 		if err := fileutils.Exists(keyDir); errors.Is(err, os.ErrNotExist) {
 			if err := os.Mkdir(keyDir, 0o700); err != nil {
 				return nil, err

rpm/containers-common.spec

@@ -141,7 +141,7 @@ done
 
 %install
 # install config and policy files for registries
-install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,systemd}
+install -dp %{buildroot}%{_sysconfdir}/containers/{certs.d,oci/hooks.d,networks,systemd}
 install -dp %{buildroot}%{_sharedstatedir}/containers/sigstore
 install -dp %{buildroot}%{_datadir}/containers/systemd
 install -dp %{buildroot}%{_prefix}/lib/containers/storage
@@ -187,6 +187,7 @@ ln -s ../../../..%{_sysconfdir}/yum.repos.d/redhat.repo %{buildroot}%{_datadir}/
 %files
 %dir %{_sysconfdir}/containers
 %dir %{_sysconfdir}/containers/certs.d
+%dir %{_sysconfdir}/containers/networks
 %dir %{_sysconfdir}/containers/oci
 %dir %{_sysconfdir}/containers/oci/hooks.d
 %dir %{_sysconfdir}/containers/registries.conf.d