containers/buildah v1.44.0

on GitHub

Please Note!

The Configuration File lookup behavior has changed. Callers of functions in this project that read configuration files should refer to containers-config(5) for details.

What's Changed

Notable changes

• fix(build): make --tag oci-archive:xxx.tar work with simple images by @aeijdenberg in #6284
• RPM: build with sequoia on F43+ by @lsm5 in #6395
• Bump Buildah to v1.42.0, storage v1.61.0, image v5.38.0, common v0.66.0 by @TomSweeneyRedHat in #6439
• Introduce CommitResults(), add --metadata-file by @nalind in #6442
• buildah build: use the same overlay for the context directory for the whole build by @nalind in #5975
• [CVE-2025-52881] vendor: update to github.com/opencontainers/runc@v1.3.3 by @cyphar in #6473
• internal/mkcw/embed: cross-compile using Go by @nalind in #6471
• Update VMs, linter, fix warnings, add a "fmt" target by @nalind in #6502
• Remove Cgroups v1 support (podman6) by @lsm5 in #6424
• vendor: update container-libs, and runtime-spec by @lsm5 in #6527
• vendor: update latest common, image, storage by @Luap99 in #6543
• vendor: Update container-libs with cgv1 removed by @lsm5 in #6564
• build: add --iidfile-raw CLI option by @lsm5 in #6521
• test: do not untar archive into fs when checking file names by @iTrooz in #6548
• Use cached images instead of fedoraproject.org by @IrvingMg in #6634
• Run: don't try to encode SystemContext with json by @nalind in #6650
• Bump go.podman.io/{storage,image/v5,common} to main by @nalind in #6651
• chroot.bats(chroot with overlay root): ensure we can overlay by @nalind in #6636
• feat(build): print error on build flag --output=type=something by @iTrooz in #6476
• Add --source-policy-file flag for BuildKit-compatible source policies by @tinovyatkin in #6647
• feat(build): add --mount option by @aeijdenberg in #6289
• Fix call to chown by @stilwelb in #6683
• copier: drain tar stream to prevent broken pipe errors by @Honny1 in #6678
• Add a test where a default ARG value is a quoted string by @nalind in #6679
• Handle new FROM --after flag for explicit stage dependencies by @jlebon in #6654
• test: Fix the typo in bud test by @ypu in #6685
• tree: replace various nested append calls with slices.Concat by @jlebon in #6686
• ignore ErrLayerUnknown in cache lookup by @Luap99 in #6688
• Enable building Windows container images by @sebsoto in #6592
• Stop using the old github.com/docker/docker package paths by @mtrmac in #6692
• fix: support SHELL during RUN commands in image build by @aeijdenberg in #6695
• imagebuildah.stageExecutor.Run(): pull images for transient mounts by @nalind in #6690
• feat: support --mount=type=secret,id=foo,env=bar by @aeijdenberg in #6285
• chroot: error out on --network != host when $BUILDAH_ISOLATION by @nalind in #6697
• Add a more generic "prepend or append instructions" method by @nalind in #6700
• imagebuildah: avoid empty layer in single-layer build path by @jlebon in #6699
• Add an undocumented general "run with RPC service" by @nalind in #6675
• tests: Adapt tests to run on architectures other than amd64 by @ricardobranco777 in #6701
• Builder.getSecretMount(): don't leak an fd by @nalind in #6702
• tests/from.bats "from cpu-shares test": update cgroupv2 weights by @nalind in #6674
• Do not load config files in re-exec process by @Luap99 in #6711
• Update testing VM images by @nalind in #6715
• tests: Replace cat with bash input redirection by @ricardobranco777 in #6717
• tests: some more storage.conf rewrite prep by @Luap99 in #6714
• tests: remove cgroupsv1 checks and simplify cgroupsv2 conditionals by @lsm5 in #6720
• tests: use jq to validate images --json structure by @ricardobranco777 in #6716
• fix(deps): update module google.golang.org/grpc to v1.79.3 by @renovate[bot] in #6733
• Podman6: remove CNI by @lsm5 in #6453
• feat: add support for preserving and labeling intermediate stage images by @ezopezo in #6556
• Fix COPY/ADD --from= with ARG in stage scope by @Honny1 in #6730
• New images 2026-03-19 by @Luap99 in #6742
• Add /assign command GitHub Action by @timcoding1988 in #6738
• Fix panic in --secret flag parsing when key has no value by @Honny1 in #6746
• Add additional caching diagnostics to stage executor by @celskeggs in #6758
• docs: fix build tool tutorial with correct modules by @btwotch in #6770
• internal/mkcw/embed/entrypoint_amd64.gz: rebuild with native assembler by @lsm5 in #6736
• copier: add RemoveOptions.AllowNotFound by @akca in #6782
• copier: add MkdirOptions.MakeParents by @akca in #6783
• tests/helpers.bash: when determining the OCI runtime, use temporary storage by @nalind in #6772
• Makefile: add some missing dependencies by @nalind in #6785
• Introduce deterministic network ordering - vendor c/common, c/image, c/storage main by @mheon in #6722
• Group global commands in global help output by @nalind in #6773
• CI: remove dependencies on online apt repositories by @nalind in #6791
• internal/mkcw: make errors easier to compare, update tests by @nalind in #6664
• COPY --exclude: make patterns context relative by @Honny1 in #6729
• Fix the copier:get operation to properly gather symlink information by @BenjaminSchubert in #6759
• Update to use shared configfile implementation by @jankaluza in #6787
• RUN-4547: Move buildah import paths by @baude in #6797
• manifest create: add --amend and --replace for non-list images by @c-kruse in #6676
• copier: Fix some log messages by @BenjaminSchubert in #6808
• copier: Fix the bookkeeping of the requested root by @BenjaminSchubert in #6807
• Move registries.conf files to v2 format by @Luap99 in #6801
• vendor registries.conf rework by @Luap99 in #6799
• Makefile: preserve entrypoint_amd64 and .gz in clean target by @lsm5 in #6811
• deps: switch away from runc/libct/devices by @kolyshkin in #6809
• docs: Add note about the ssh mount options for non-root users by @plaes in #6810
• Remove OWNERS file by @baude in #6812
• Remove slirp for Podman6 by @lsm5 in #6443
• Packit: Only create dist-git PRs for rawhide by @lsm5 in #6826
• Add RunOptions.ValidExitCodes and --valid-exit-codes flag by @akca in #6817
• deps: bump selinux to v1.14.1 by @kolyshkin in #6846
• tmt: archive audit and journal logs after test execution by @lsm5 in #6850
• rpm/buildah.spec tests: require xz and /usr/bin/selinuxenabled by @nalind in #6849
• fix: duplicated "the" in define/types.go and pkg/sshagent comments by @quyentonndbs in #6852
• Fix stale cache when using bind mount with build stage by @ekedaigle in #6845
• copier: add AddAndCopyOptions.DirCopyContents by @akca in #6816
• Ignore .containerignore for git repositories in ADD by @simonbrauner in #6800
• Respect compression_format from containers.conf in push, build --cache-to, and commit by @Honny1 in #6757
• imagebuildah.executor.getCreatedBy(): use digests for previous stages by @nalind in #6855
• copier: add Mkfile() for creating files with inline content by @akca in #6857
• add/copy: support AllowWildcard and AllowEmptyWildcard by @akca in #6843
• copier: add RemoveOptions.AllowWildcard by @akca in #6827
• Correctly report archiveSource if we can't find it by @mtrmac in #6858
• Fix a race in TestCannotChangeMultipleRequestsWithDifferentChroot by @mtrmac in #6859
• copier.TestTarPut(): test both with and without chroot by @nalind in #6856
• Don't report an error in a possible RPC server start/stop ordering by @mtrmac in #6862
• Bump c/common to v0.68.0, c/image v5.40.0, c/storage v1.63.0 by @TomSweeneyRedHat in #6872
• Restore the previous TempDirForURL API by @mtrmac in #6875

Dependency updates

• fix(deps): update github.com/containers/luksy digest to adfea1d by @renovate[bot] in #6467
• fix(deps): update module github.com/containerd/platforms to v1.0.0-rc.2 by @renovate[bot] in #6472
• fix(deps): update module github.com/moby/buildkit to v0.25.2 by @renovate[bot] in #6474
• fix(deps): update module github.com/docker/docker to v28.5.2+incompatible by @renovate[bot] in #6478
• fix(deps): update module github.com/opencontainers/cgroups to v0.0.6 by @renovate[bot] in #6464
• fix(deps): update module golang.org/x/crypto to v0.44.0 by @renovate[bot] in #6495
• fix(deps): update module github.com/moby/buildkit to v0.26.0 by @renovate[bot] in #6500
• chore(deps): update dependency golangci/golangci-lint to v2.6.2 by @renovate[bot] in #6506
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.12.3 by @renovate[bot] in #6505
• fix(deps): update module github.com/moby/buildkit to v0.26.1 by @renovate[bot] in #6509
• fix(deps): update module github.com/moby/buildkit to v0.26.2 by @renovate[bot] in #6519
• fix(deps): update module golang.org/x/crypto to v0.45.0 [security] by @renovate[bot] in #6517
• fix(deps): update github.com/containers/luksy digest to e33b6d6 by @renovate[bot] in #6553
• fix(deps): update common, image, and storage deps to 94e31d2 by @renovate[bot] in #6529
• fix(deps): update module github.com/spf13/cobra to v1.10.2 by @renovate[bot] in #6567
• chore(deps): update dependency golangci/golangci-lint to v2.7.0 by @renovate[bot] in #6566
• chore(deps): update dependency golangci/golangci-lint to v2.7.1 by @renovate[bot] in #6568
• chore(deps): update dependency golangci/golangci-lint to v2.7.2 by @renovate[bot] in #6575
• fix(deps): update module golang.org/x/sync to v0.19.0 by @renovate[bot] in #6578
• fix(deps): update module golang.org/x/sys to v0.39.0 by @renovate[bot] in #6579
• fix(deps): update module golang.org/x/term to v0.38.0 by @renovate[bot] in #6580
• fix(deps): update module golang.org/x/crypto to v0.46.0 by @renovate[bot] in #6582
• fix(deps): update github.com/opencontainers/runtime-tools digest to 5e63903 by @renovate[bot] in #6619
• fix(deps): update module github.com/moby/buildkit to v0.26.3 by @renovate[bot] in #6605
• fix(deps): update github.com/containers/luksy digest to ca09631 by @renovate[bot] in #6618
• fix(deps): update module tags.cncf.io/container-device-interface to v1.1.0 by @renovate[bot] in #6596
• chore(deps): update dependency golangci/golangci-lint to v2.8.0 by @renovate[bot] in #6624
• fix(deps): update module golang.org/x/sys to v0.40.0 by @renovate[bot] in #6625
• fix(deps): update module golang.org/x/crypto to v0.47.0 by @renovate[bot] in #6632
• chore(deps): update dependency containers/automation_images to v20251211 by @renovate[bot] in #6602
• fix(deps): update module github.com/sirupsen/logrus to v1.9.4 by @renovate[bot] in #6638
• fix(deps): update common, image, and storage deps to b5801a6 by @renovate[bot] in #6653
• fix(deps): update common, image, and storage deps to 28c83ab by @renovate[bot] in #6661
• fix(deps): update module github.com/openshift/imagebuilder to v1.2.20 by @renovate[bot] in #6663
• fix(deps): update module golang.org/x/crypto to v0.48.0 by @renovate[bot] in #6680
• chore(deps): update dependency golangci/golangci-lint to v2.9.0 by @renovate[bot] in #6684
• chore(deps): update dependency golangci/golangci-lint to v2.10.1 by @renovate[bot] in #6689
• fix(deps): update module google.golang.org/grpc to v1.79.1 by @renovate[bot] in #6703
• fix(deps): update module github.com/moby/moby/client to v0.3.0 by @renovate[bot] in #6705
• fix(deps): update module google.golang.org/grpc to v1.79.2 by @renovate[bot] in #6706
• chore(deps): update dependency golangci/golangci-lint to v2.11.1 by @renovate[bot] in #6707
• fix(deps): update module golang.org/x/term to v0.41.0 by @renovate[bot] in #6721
• chore(deps): update dependency containers/automation_images to v20260310 by @renovate[bot] in #6723
• fix(deps): update module golang.org/x/sync to v0.20.0 by @renovate[bot] in #6709
• chore(deps): update module github.com/sigstore/fulcio to v1.8.5 [security] by @renovate[bot] in #6641
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.13.0 by @renovate[bot] in #6659
• fix(deps): update module github.com/moby/buildkit to v0.28.0 by @renovate[bot] in #6649
• fix(deps): update module golang.org/x/crypto to v0.49.0 by @renovate[bot] in #6725
• fix(deps): update module github.com/opencontainers/runc to v1.4.1 by @renovate[bot] in #6728
• fix(deps): update module github.com/containerd/platforms to v1.0.0-rc.3 by @renovate[bot] in #6741
• fix(deps): update common, image, and storage deps to 7e1f14c by @renovate[bot] in #6740
• fix(deps): update common, image, and storage deps to 8af7873 by @renovate[bot] in #6749
• fix(deps): update module github.com/moby/buildkit to v0.28.1 [security] by @renovate[bot] in #6748
• chore(deps): update module github.com/moby/moby/v2 to v2.0.0-beta.8 [security] by @renovate[bot] in #6750
• fix(deps): update module github.com/fsouza/go-dockerclient to v1.13.1 by @renovate[bot] in #6751
• fix(deps): update module github.com/moby/buildkit to v0.29.0 by @renovate[bot] in #6743
• fix(deps): update module github.com/containerd/platforms to v1.0.0-rc.4 by @renovate[bot] in #6754
• fix(deps): update module google.golang.org/grpc to v1.80.0 by @renovate[bot] in #6756
• fix(deps): update github.com/opencontainers/runtime-tools digest to 8a4db57 by @renovate[bot] in #6753
• fix(deps): update module github.com/opencontainers/runc to v1.4.2 by @renovate[bot] in #6766
• chore(deps): update module github.com/go-jose/go-jose/v4 to v4.1.4 [security] by @renovate[bot] in #6767
• fix(deps): update module github.com/moby/moby/client to v0.4.0 by @renovate[bot] in #6769
• fix(deps): update module golang.org/x/sys to v0.43.0 by @renovate[bot] in #6776
• fix(deps): update module golang.org/x/term to v0.42.0 by @renovate[bot] in #6777
• fix(deps): update module golang.org/x/crypto to v0.50.0 by @renovate[bot] in #6779
• fix(deps): update module github.com/mattn/go-shellwords to v1.0.13 by @renovate[bot] in #6784
• fix(deps): update module github.com/docker/go-connections to v0.7.0 by @renovate[bot] in #6789
• fix(deps): update module github.com/containers/ocicrypt to v1.3.0 by @renovate[bot] in #6790
• fix(deps): update module github.com/moby/moby/client to v0.4.1 by @renovate[bot] in #6798
• fix(deps): update module google.golang.org/grpc to v1.81.0 by @renovate[bot] in #6838
• fix(deps): update module golang.org/x/sys to v0.44.0 by @renovate[bot] in #6839
• fix(deps): update module github.com/openshift/imagebuilder to v1.2.21 by @renovate[bot] in #6837
• fix(deps): update module golang.org/x/term to v0.43.0 by @renovate[bot] in #6840
• fix(deps): update module golang.org/x/crypto to v0.51.0 by @renovate[bot] in #6842
• fix(deps): update module github.com/moby/buildkit to v0.30.0 by @renovate[bot] in #6848
• fix(deps): update module google.golang.org/grpc to v1.81.1 by @renovate[bot] in #6853
• fix(deps): update module golang.org/x/sys to v0.45.0 by @renovate[bot] in #6863
• fix(deps): update module golang.org/x/crypto to v0.52.0 by @renovate[bot] in #6866

New Contributors

• @cyphar made their first contribution in #6473
• @iTrooz made their first contribution in #6548
• @IrvingMg made their first contribution in #6634
• @tinovyatkin made their first contribution in #6647
• @stilwelb made their first contribution in #6683
• @jlebon made their first contribution in #6654
• @sebsoto made their first contribution in #6592
• @ezopezo made their first contribution in #6556
• @timcoding1988 made their first contribution in #6738
• @celskeggs made their first contribution in #6758
• @btwotch made their first contribution in #6770
• @akca made their first contribution in #6782
• @c-kruse made their first contribution in #6676
• @plaes made their first contribution in #6810
• @quyentonndbs made their first contribution in #6852
• @ekedaigle made their first contribution in #6845
• @simonbrauner made their first contribution in #6800

Full Changelog: v1.42.0...v1.44.0