fix: bump podman 5.5.2 + dependency updates

* podman 5.5.2
* passt 2025_06_11.0293c6f
* alpine 3.22 base image
* Go-based binaries built using Go 1.24
* Rust-based binaries built using Rust 1.87

Author: mgoltzsche

Dockerfile

@@ -1,10 +1,10 @@
 # Download gpg
-FROM alpine:3.20 AS gpg
+FROM alpine:3.22 AS gpg
 RUN apk add --no-cache gnupg
 
 
 # runc
-FROM golang:1.23-alpine3.20 AS runc
+FROM golang:1.24-alpine3.22 AS runc
 ARG RUNC_VERSION=v1.3.0
 # Download runc binary release since static build doesn't work with musl libc anymore since 1.1.8, see https://github.com/opencontainers/runc/issues/3950
 RUN set -eux; \
@@ -16,7 +16,7 @@ RUN set -eux; \
 
 
 # podman build base
-FROM golang:1.23-alpine3.20 AS podmanbuildbase
+FROM golang:1.24-alpine3.22 AS podmanbuildbase
 RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 	btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \
 	glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \
@@ -27,7 +27,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 # podman (without systemd support)
 FROM podmanbuildbase AS podman
 RUN apk add --update --no-cache tzdata curl
-ARG PODMAN_VERSION=v5.5.1
+ARG PODMAN_VERSION=v5.5.2
 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp'
 ARG PODMAN_CGO=1
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
@@ -59,14 +59,15 @@ RUN set -ex; \
 # conmon (without systemd support)
 FROM podmanbuildbase AS conmon
 ARG CONMON_VERSION=v2.1.13
+RUN apk add --update --no-cache pcre2-static
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon
 WORKDIR /conmon
 RUN set -ex; \
 	make git-vars bin/conmon PKG_CONFIG='pkg-config --static' CFLAGS='-std=c99 -Os -Wall -Wextra -Werror -static' LDFLAGS='-s -w -static'; \
 	bin/conmon --help >/dev/null
 
 
-FROM rust:1.78-alpine3.20 AS rustbase
+FROM rust:1.87-alpine3.22 AS rustbase
 RUN apk add --update --no-cache git make musl-dev
 
 
@@ -93,7 +94,7 @@ RUN cargo build --release
 FROM podmanbuildbase AS passt
 WORKDIR /
 RUN apk add --update --no-cache autoconf automake meson ninja linux-headers libcap-static libcap-dev clang llvm coreutils
-ARG PASST_VERSION=2025_05_12.8ec1341
+ARG PASST_VERSION=2025_06_11.0293c6f
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$PASST_VERSION git://passt.top/passt
 WORKDIR /passt
 RUN set -ex; \
@@ -157,7 +158,7 @@ RUN set -ex; \
 
 
 # Build podman base image
-FROM alpine:3.20 AS podmanbase
+FROM alpine:3.22 AS podmanbase
 LABEL maintainer="Max Goltzsche <[email protected]>"
 RUN apk add --no-cache tzdata ca-certificates
 COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon

Dockerfile-remote

@@ -1,5 +1,5 @@
 # podman build base
-FROM golang:1.23-alpine3.20 AS podmanbuildbase
+FROM golang:1.24-alpine3.22 AS podmanbuildbase
 RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 	btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \
 	glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \
@@ -9,7 +9,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 # podman remote
 FROM podmanbuildbase AS podman-remote
 RUN apk add --update --no-cache curl
-ARG PODMAN_VERSION=v5.5.1
+ARG PODMAN_VERSION=v5.5.2
 RUN git clone -c advice.detachedHead=false --depth=1 --branch=${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
 WORKDIR $GOPATH/src/github.com/containers/podman
 RUN set -eux; \
@@ -20,6 +20,6 @@ RUN set -eux; \
 	podman --help >/dev/null; \
 	[ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false)
 
-FROM alpine:3.20
+FROM alpine:3.22
 COPY --from=podman-remote /usr/local/bin /usr/local/bin
 RUN adduser -D podman-remote -h /podman -u 1000

Makefile

@@ -163,7 +163,7 @@ run:
 		$(PODMAN_IMAGE) /bin/sh
 
 clean:
-	$(DOCKER) run --rm -v "`pwd`:/work" alpine:3.20 rm -rf /work/build
+	$(DOCKER) run --rm -v "`pwd`:/work" alpine:3.22 rm -rf /work/build
 
 run-server: podman-ssh
 	# TODO: make sshd log to stdout (while still ensuring that we know when it is available)

test/pod.yaml

@@ -5,7 +5,7 @@ metadata:
 spec:
   containers:
   - name: build
-    image: alpine:3.17
+    image: alpine:3.22
     command: ["/bin/sh"]
     args:
     - -c

test/remote.bats

@@ -24,7 +24,7 @@ teardown_file() {
 
 @test "remote podman - run container" {
 	$DOCKER run --rm --network=host --pull=never "${PODMAN_REMOTE_IMAGE}" \
-		podman --url=tcp://$PODMAN_ADDRESS run alpine:3.17 echo hello from remote container
+		podman --url=tcp://$PODMAN_ADDRESS run alpine:3.22 echo hello from remote container
 }
 
 @test "remote podman - build dockerfile" {
@@ -33,7 +33,7 @@ teardown_file() {
 		"${PODMAN_REMOTE_IMAGE}" \
 		sh -c "set -ex; \
 			mkdir /tmp/testcontext
-			printf 'FROM alpine:3.17\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile
+			printf 'FROM alpine:3.22\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile
 			podman --log-level=debug --remote --url=tcp://$PODMAN_ADDRESS build -t testbuild -f /tmp/testcontext/Dockerfile /tmp/testcontext; \
 			podman --url=tcp://$PODMAN_ADDRESS run testbuild echo hello from remote container"
 }

test/rootful.bats

@@ -18,7 +18,7 @@ skipIfDockerUnavailableAndNotRunAsRoot() {
 	$DOCKER run --rm --privileged --entrypoint /bin/sh -u root:root \
 		-v "$PODMAN_ROOT_DATA_DIR:/var/lib/containers/storage" \
 		--pull=never "${PODMAN_IMAGE}" \
-		-c 'podman run --rm alpine:3.17 wget -O /dev/null http://example.org'
+		-c 'podman run --rm alpine:3.22 wget -O /dev/null http://example.org'
 }
 
 @test "rootful podman - build dockerfile" {

test/rootless.bats

@@ -20,20 +20,20 @@ teardown_file() {
 	$DOCKER run --rm --privileged -u podman:podman \
 		-v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \
 		--pull=never "${PODMAN_IMAGE}" \
-		docker run --rm alpine:3.17 wget -O /dev/null http://example.org
+		docker run --rm alpine:3.22 wget -O /dev/null http://example.org
 }
 
 @test "$TEST_PREFIX podman - uid mapping (using fuse-overlayfs) {
 	$DOCKER run --rm --privileged -u podman:podman \
 		-v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \
 		--pull=never "${PODMAN_IMAGE}" \
-		docker run --rm alpine:3.17 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]'
+		docker run --rm alpine:3.22 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]'
 }
 
 @test "$TEST_PREFIX podman - unmapped uid" {
 	$DOCKER run --rm --privileged --user 9000:9000 -e HOME=/tmp \
 		--pull=never "${PODMAN_IMAGE}" \
-		docker run --rm alpine:3.17 wget -O /dev/null http://example.org
+		docker run --rm alpine:3.22 wget -O /dev/null http://example.org
 }
 
 @test "$TEST_PREFIX podman - build image from dockerfile" {
@@ -42,7 +42,7 @@ teardown_file() {
 		--pull=never "${PODMAN_IMAGE}" \
 		-c 'set -e;
 			podman build -t podmantestimage -f - . <<-EOF
-				FROM alpine:3.17
+				FROM alpine:3.22
 				RUN echo hello world > /hello
 				CMD ["/bin/cat", "/hello"]
 			EOF'