podman: 3.4.4 -> 4.0.1

https://github.com/containers/podman/releases/tag/v4.0.0
https://github.com/containers/podman/releases/tag/v4.0.1

- wrap helper binaries via CONTAINERS_HELPER_BINARY_DIR

nixos/tests/podman/default.nix

@@ -126,7 +126,7 @@ import ../make-test-python.nix (
           podman.succeed("docker network create default")
           podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
           podman.succeed(
-            "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+            "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10"
           )
           podman.succeed("docker ps | grep sleeping")
           podman.succeed("podman ps | grep sleeping")

nixos/tests/podman/tls-ghostunnel.nix

@@ -129,7 +129,7 @@ import ../make-test-python.nix (
           podman.succeed("tar cv --files-from /dev/null | podman import - scratchimg")
 
           client.succeed(
-            "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin scratchimg /bin/sleep 10"
+            "docker run -d --name=sleeping -v /nix/store:/nix/store -v /run/current-system/sw/bin:/bin localhost/scratchimg /bin/sleep 10"
           )
           client.succeed("docker ps | grep sleeping")
           podman.succeed("docker ps | grep sleeping")

pkgs/applications/virtualization/podman/default.nix

@@ -17,20 +17,20 @@
 
 buildGoModule rec {
   pname = "podman";
-  version = "3.4.4";
+  version = "4.0.1";
 
   src = fetchFromGitHub {
     owner = "containers";
     repo = "podman";
     rev = "v${version}";
-    sha256 = "sha256-5Y0+xfoMCe3a6kX+OhmxURZXZLAnrS1t8TFyHqjGCeA=";
+    sha256 = "sha256-DpSDMjUFA8coRInJO1jhMALOYG444WRFw1w7vJKc7cw=";
   };
 
   vendorSha256 = null;
 
   doCheck = false;
 
-  outputs = [ "out" "man" ];
+  outputs = [ "out" "man" ] ++ lib.optionals stdenv.isLinux [ "rootlessport" ];
 
   nativeBuildInputs = [ pkg-config go-md2man installShellFiles ];
 
@@ -47,26 +47,31 @@ buildGoModule rec {
   buildPhase = ''
     runHook preBuild
     patchShebangs .
-    ${if stdenv.isDarwin
-      then "make podman-remote"
-      else "make podman"}
+    ${if stdenv.isDarwin then ''
+      make podman-remote # podman-mac-helper uses FHS paths
+    '' else ''
+      make bin/podman bin/rootlessport
+    ''}
     make docs
     runHook postBuild
   '';
 
   installPhase = ''
     runHook preInstall
-  '' + lib.optionalString stdenv.isDarwin ''
-    mv bin/{darwin/podman,podman}
-  '' + ''
-    install -Dm555 bin/podman $out/bin/podman
-    installShellCompletion --bash completions/bash/*
-    installShellCompletion --fish completions/fish/*
-    installShellCompletion --zsh completions/zsh/*
-    MANDIR=$man/share/man make install.man-nobuild
-    install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
-    install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
-    install -Dm644 contrib/systemd/system/podman.{socket,service} -t $out/lib/systemd/system
+    ${if stdenv.isDarwin then ''
+      mv bin/{darwin/podman,podman}
+    '' else ''
+      install -Dm644 cni/87-podman-bridge.conflist -t $out/etc/cni/net.d
+      install -Dm644 contrib/tmpfile/podman.conf -t $out/lib/tmpfiles.d
+      for s in contrib/systemd/**/*.in; do
+        substituteInPlace "$s" --replace "@@PODMAN@@" "podman" # don't use unwrapped binary
+      done
+      PREFIX=$out make install.systemd
+      install -Dm555 bin/rootlessport -t $rootlessport/bin
+    ''}
+    install -Dm555 bin/podman -t $out/bin
+    PREFIX=$out make install.completions
+    MANDIR=$man/share/man make install.man
     runHook postInstall
   '';
 
@@ -87,9 +92,8 @@ buildGoModule rec {
   meta = with lib; {
     homepage = "https://podman.io/";
     description = "A program for managing pods, containers and container images";
-    changelog = "https://github.com/containers/podman/blob/v${version}/changelog.txt";
+    changelog = "https://github.com/containers/podman/blob/v${version}/RELEASE_NOTES.md";
     license = licenses.asl20;
     maintainers = with maintainers; [ marsam ] ++ teams.podman.members;
-    platforms = platforms.unix;
   };
 }

pkgs/applications/virtualization/podman/wrapper.nix

@@ -1,6 +1,7 @@
 { podman-unwrapped
 , runCommand
 , makeWrapper
+, symlinkJoin
 , lib
 , extraPackages ? []
 , podman # Docker compat
@@ -13,8 +14,13 @@
 , cni-plugins # not added to path
 , iptables
 , iproute2
+, catatonit
 }:
 
+# do not add qemu to this wrapper, store paths get written to the podman vm config and break when GCed
+
+# adding aardvark-dns/netavark to `helpersBin` requires changes to the modules and tests
+
 let
   podman = podman-unwrapped;
 
@@ -29,6 +35,16 @@ let
     iproute2
   ] ++ extraPackages);
 
+  helpersBin = symlinkJoin {
+    name = "${podman.pname}-helper-binary-wrapper-${podman.version}";
+
+    # this only works for some binaries, others may need to be be added to `binPath` or in the modules
+    paths = [
+      catatonit # added here for the pause image and also set in `containersConf` for `init_path`
+      podman.rootlessport
+    ];
+  };
+
 in runCommand podman.name {
   name = "${podman.pname}-wrapper-${podman.version}";
   inherit (podman) pname version passthru;
@@ -54,5 +70,6 @@ in runCommand podman.name {
   ln -s ${podman-unwrapped}/lib $out/lib
   ln -s ${podman-unwrapped}/share $out/share
   makeWrapper ${podman-unwrapped}/bin/podman $out/bin/podman \
+    --set CONTAINERS_HELPER_BINARY_DIR ${helpersBin}/bin \
     --prefix PATH : ${binPath}
 ''