podman 5.5.0

[BrewTestBot]

Created by brew bump

---

Created with brew bump-formula-pr.

• resource blocks have been checked for updates.

release notes

### Features
- A new command has been added, `podman machine cp`, to copy files into a running `podman machine` VM.
- A new command has been added, `podman artifact extract`, to copy some or all of the contents of an OCI artifact to a location on disk.
- The `--mount` option to `podman create`, `podman run`, and `podman pod create` now supports a new mount type, `--mount type=artifact`, to mount OCI artifacts into containers.
- The `podman artifact add` command now features two new options, `--append` (to add new files to an existing artifact) and `--file-type` (to specify the MIME type of the file added to the artifact) ([#25884](https://github.com/containers/podman/issues/25884)).
- The `podman artifact rm` command now features a new option, `--all`, to remove all artifacts in the local store.
- The `--filter` option to `podman pause`, `podman ps`, `podman restart`, `podman rm`, `podman start`, `podman stop`, and `podman unpause` now accepts a new filter, `command`, which filters on the first element (`argv[0]`) of the command run in the container.
- The `podman exec` command now supports a new option, `--cidfile`, to specify the ID of the container to exec into via a file ([#21256](https://github.com/containers/podman/issues/21256)).
- The `podman kube generate` and `podman kube play` commands now supports a new annotation, `io.podman.annotation.pids-limit/$containername`, preserving the PID limit for containers across `kube generate` and `kube play` ([#24418](https://github.com/containers/podman/issues/24418)).
- Quadlet `.container` units now support three new keys, `Memory=` (set maximum memory for the created container), `ReloadCmd` (execute a command via systemd `ExecReload`), and `ReloadSignal` (kill the container with the given signal via systemd `ExecReload`) ([#22036](https://github.com/containers/podman/issues/22036)).
- Quadlet `.container`, `.image`, and `.build` units now support two new keys, `Retry` (number of times to retry pulling image on failure) and `RetryDelay` (delay between retries) ([#25109](https://github.com/containers/podman/issues/25109)).
- Quadlet `.pod` units now support a new key, `HostName=`, to set the pod's hostname ([#25639](https://github.com/containers/podman/issues/25639)).
- Quadlet files now support a new option, `UpheldBy`, in the `Install` section, corresponding to the systemd `Upholds` option.
- The names of Quadlet units specified as systemd dependencies are now automatically translated - e.g. `Wants=my.container` is now valid.
- Podman now generates events for the creation and removal of secrets ([#24030](https://github.com/containers/podman/issues/24030)).
- A new global option has been added to Podman, `--cdi-spec-dir`, to specify additional search paths for CDI specs to the CDI loader ([#18292](https://github.com/containers/podman/issues/18292) and [#25691](https://github.com/containers/podman/issues/25691)).
- The `podman build` command now supports a new option, `--inherit-labels` (defaults to true), which controls whether labels are inherited from the base image or base stages.
- The `podman update` command now supports two new options, `--env` and `--unsetenv`, to alter the environment variables of existing containers ([#24875](https://github.com/containers/podman/issues/24875)).
Breaking Changes

Due to changes in Docker API types, two small breaking changes have been made in the Go bindings for the REST API. The containers.Commit() function now returns a new struct (types.IDResponse) with identical contents, and the containers.ExecCreate function's handlers.ExecCreateConfig parameter now contains a different embedded struct, potentially requiring changes to how it is assigned to.

Changes

Podman now requires at least Go 1.23 to build.
Healthchecks have been refactored to avoid writing to the database as much as possible, greatly improving performance on systems with many simultaneous healthchecks running.
Healthchecks now have a new status, stopped, which is reported if the container the healthcheck was run on stopped before the check could be completed (#25276).
Containers in pods are now stopped in order based on their dependencies, with the infra container being stopped last, preventing application containers from losing networking before they are stopped due to the infra container stopping prematurely.
Due to challenges with handling automatic installation, the Windows installer no longer installs WSLv2 or Hyper-V.
Quadlet will now print warnings when skipping lines to help identify malformed Quadlet files (#25339).
Creating podman machine VMs with a host mount over the VM's /tmp directory is no longer allowed (#18230).
The podman logs command now allows options to be specified after the container name (e.g. podman logs $containername --follow) (#25653).
Podman, by default, no longer uses a pause image for pod infra and service containers. Instead, a root filesystem containing only the catatonit binary will be used (#23292).
The podman system reset command no longer removes the user's podman.sock API socket.
When using Netavark v1.15 and higher, containers in non-default networks will no longer have the default search domain dns.podman added. Queries resolving such names will still work.
Stopping a Quadlet .network unit will now delete the network (if no containers are actively using it) (#23678).
For security hardening, the /proc/interrupts and /sys/devices/system/cpu/$CPU/thermal_throttle paths are now masked by default in containers (#25634).

Bugfixes

Fixed a bug where healthchecks would still run while a container was paused (#24590).
Fixed a bug where the remote Podman client on Windows could not mount named volumes with a single-character name into containers (#25218).
Fixed a bug where mounting an image could panic when run without CAP_SYS_ADMIN (#25241).
Fixed a bug where Podman would not report errors when setting up healthchecks (#25034).
Fixed a bug where the podman exec command would not add the additional groups of the user the exec session was run as unless the user was explicitly added with the --user option (#25610).
Fixed a bug where errors during the podman network connect and podman network disconnect commands could create errors in the database which would cause podman inspect on the container to fail.
Fixed a bug where the podman kube generate command did not correctly generate YAML for volume mounts using a subpath.
Fixed a bug where the podman system df command could show a negative reclaimable size.
Fixed a bug where accessing a rootful podman machine VM that was not podman-machine-default (the default VM) with the podman machine ssh command would put the user into the rootless shell (#25332).
Fixed a bug where the podman machine init would report nonsensical memory values in error messages when trying to create a machine with more memory than the system.
Fixed a bug where the remote Podman client's podman start --attach command would incorrectly print an error when run on a container created with the --rm option (#25965).
Fixed a bug where the remote Podman client's podman pull command could hang and leak memory if the server was unexpectedly stopped or encountered an error during a pull.
Fixed a bug where the remote Podman client's podman cp command would, on Windows, often fail to copy files into the container due to improper handling of Windows paths (#14862).
Fixed a bug where the podman container clone command did not correctly copy healthcheck settings to the new container (#21630).
Fixed a bug where the podman kube play command would fail to start empty pods (#25786).
Fixed a bug where the podman volume ls command did not output headers when no volumes were present (#25911).
Fixed a bug where healthcheck configuration provided by a container's image could not be overridden unless the --health-cmd option was specified when creating the container (#20212).
Fixed a bug where the --user option to podman create and podman run could not be used with users added to the container by the --hostuser option (#25805).
Fixed a bug where the podman system reset command on FreeBSD would incorrectly print an error.
Fixed a bug where stopping the podman machine start command with SIGINT could result in machine state being incorrectly set to "Starting" (#24416).
Fixed a bug where the podman machine start command would fail when starting a VM with volume mounts containing spaces using the HyperV machine provider (#25500).

API

Fixed a bug where the Compat Create API for Containers ignored ulimits specified in the request when Podman was run rootless (#25881).

Misc

Erroneous errors from the ExecStartAndAttach() function in the Go bindings for the REST API have been silenced, where the function would incorrectly report errors when stdin was consumed after the exec session was stopped (#25344).
Updated Buildah to v1.40.0
Updated the containers/common library to v0.63.0
Updated the containers/image library to v5.35.0
Updated the containers/storage library to v1.58.0

---

[chenrui333]

   # github.com/containers/podman/v5/cmd/podman
  link: duplicated definition of symbol dlopen, from github.com/ebitengine/purego and github.com/ebitengine/purego
  gmake: *** [Makefile:393: bin/darwin/podman] Error 1

• cmd/link: Go 1.24.3 and 1.23.9 regression - duplicated definition of symbol dlopen golang/go#73617
• egctl 1.4.0 #223391

[chenrui333]

• fix macos compile issue with go 1.24.3 containers/podman#26137

[github-actions]

🤖 An automated task has requested bottles to be published to this PR.

Please do not push to this PR branch before the bottle commits have been pushed, as this results in a state that is difficult to recover from. If you need to resolve a merge conflict, please use a merge commit. Do not force-push to this PR branch.