update podman 4.4.0 and dependencies

dependency updates:
* alpine:3.17
* conmon 2.1.6
* CNI plugins 1.2.0
* libfuse 3.13.1
* fuse-overlayfs 1.10
* crun 1.8

Also, updated bats to 1.8.2

Dockerfile

@@ -1,10 +1,10 @@
 # Download gpg
-FROM alpine:3.15 AS gpg
+FROM alpine:3.17 AS gpg
 RUN apk add --no-cache gnupg
 
 
 # runc
-FROM golang:1.18-alpine3.15 AS runc
+FROM golang:1.18-alpine3.17 AS runc
 ARG RUNC_VERSION=v1.1.4
 RUN set -eux; \
 	apk add --no-cache --virtual .build-deps gcc musl-dev libseccomp-dev libseccomp-static make git bash; \
@@ -18,7 +18,7 @@ RUN set -eux; \
 
 
 # podman build base
-FROM golang:1.18-alpine3.15 AS podmanbuildbase
+FROM golang:1.18-alpine3.17 AS podmanbuildbase
 RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 	btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \
 	glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \
@@ -29,7 +29,7 @@ RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 # podman (without systemd support)
 FROM podmanbuildbase AS podman
 RUN apk add --update --no-cache tzdata curl
-ARG PODMAN_VERSION=v4.3.1
+ARG PODMAN_VERSION=v4.4.0
 ARG PODMAN_BUILDTAGS='seccomp selinux apparmor exclude_graphdriver_devicemapper containers_image_openpgp'
 ARG PODMAN_CGO=1
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
@@ -49,7 +49,7 @@ RUN set -ex; \
 
 # conmon (without systemd support)
 FROM podmanbuildbase AS conmon
-ARG CONMON_VERSION=v2.1.5
+ARG CONMON_VERSION=v2.1.6
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${CONMON_VERSION} https://github.com/containers/conmon.git /conmon
 WORKDIR /conmon
 RUN set -ex; \
@@ -59,7 +59,7 @@ RUN set -ex; \
 
 # CNI plugins
 FROM podmanbuildbase AS cniplugins
-ARG CNI_PLUGIN_VERSION=v1.1.1
+ARG CNI_PLUGIN_VERSION=v1.2.0
 ARG CNI_PLUGINS="ipam/host-local main/loopback main/bridge meta/portmap meta/tuning meta/firewall"
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=${CNI_PLUGIN_VERSION} https://github.com/containernetworking/plugins /go/src/github.com/containernetworking/plugins
 WORKDIR /go/src/github.com/containernetworking/plugins
@@ -98,7 +98,7 @@ RUN set -ex; \
 # fuse-overlayfs (derived from https://github.com/containers/fuse-overlayfs/blob/master/Dockerfile.static)
 FROM podmanbuildbase AS fuse-overlayfs
 RUN apk add --update --no-cache autoconf automake meson ninja clang g++ eudev-dev fuse3-dev
-ARG LIBFUSE_VERSION=fuse-3.12.0
+ARG LIBFUSE_VERSION=fuse-3.13.1
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$LIBFUSE_VERSION https://github.com/libfuse/libfuse /libfuse
 WORKDIR /libfuse
 RUN set -ex; \
@@ -109,7 +109,7 @@ RUN set -ex; \
 	touch /dev/fuse; \
 	ninja install; \
 	fusermount3 -V
-ARG FUSEOVERLAYFS_VERSION=v1.9
+ARG FUSEOVERLAYFS_VERSION=v1.10
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch=$FUSEOVERLAYFS_VERSION https://github.com/containers/fuse-overlayfs /fuse-overlayfs
 WORKDIR /fuse-overlayfs
 RUN set -ex; \
@@ -121,7 +121,7 @@ RUN set -ex; \
 
 
 # Build podman base image
-FROM alpine:3.15 AS podmanbase
+FROM alpine:3.17 AS podmanbase
 LABEL maintainer="Max Goltzsche <[email protected]>"
 RUN apk add --no-cache tzdata ca-certificates
 COPY --from=conmon /conmon/bin/conmon /usr/local/lib/podman/conmon
@@ -155,7 +155,7 @@ COPY --from=runc   /usr/local/bin/runc   /usr/local/bin/runc
 # Download crun
 # (switched keyserver from sks to ubuntu since sks is offline now and gpg refuses to import keys from keys.openpgp.org because it does not provide a user ID with the key.)
 FROM gpg AS crun
-ARG CRUN_VERSION=1.6
+ARG CRUN_VERSION=1.8
 RUN set -ex; \
 	wget -O /usr/local/bin/crun https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd; \
 	wget -O /tmp/crun.asc https://github.com/containers/crun/releases/download/$CRUN_VERSION/crun-${CRUN_VERSION}-linux-amd64-disable-systemd.asc; \

Dockerfile-remote

@@ -1,17 +1,15 @@
 # podman build base
-FROM golang:1.18-alpine3.15 AS podmanbuildbase
+FROM golang:1.18-alpine3.17 AS podmanbuildbase
 RUN apk add --update --no-cache git make gcc pkgconf musl-dev \
 	btrfs-progs btrfs-progs-dev libassuan-dev lvm2-dev device-mapper \
 	glib-static libc-dev gpgme-dev protobuf-dev protobuf-c-dev \
 	libseccomp-dev libseccomp-static libselinux-dev ostree-dev openssl iptables \
 	bash go-md2man
-ARG BATS_VERSION=v1.7.0
-RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${BATS_VERSION} https://github.com/bats-core/bats-core.git && cd bats-core && ./install.sh /usr/local
 
 # podman remote
 FROM podmanbuildbase AS podman-remote
 RUN apk add --update --no-cache curl
-ARG PODMAN_VERSION=v4.3.1
+ARG PODMAN_VERSION=v4.4.0
 RUN git clone -c 'advice.detachedHead=false' --depth=1 --branch ${PODMAN_VERSION} https://github.com/containers/podman src/github.com/containers/podman
 WORKDIR $GOPATH/src/github.com/containers/podman
 RUN make install.tools
@@ -23,6 +21,6 @@ RUN set -eux; \
 	podman --help >/dev/null; \
 	[ "$(ldd /usr/local/bin/podman-remote | wc -l)" -eq 0 ] || (ldd /usr/local/bin/podman-remote; false)
 
-FROM alpine:3.15
+FROM alpine:3.17
 COPY --from=podman-remote /usr/local/bin /usr/local/bin
 RUN adduser -D podman-remote -h /podman -u 1000

Makefile

@@ -12,7 +12,7 @@ GPG_IMAGE = gpg-signer
 
 BUILD_DIR = ./build
 
-BATS_VERSION = v1.7.0
+BATS_VERSION = v1.8.2
 BATS_DIR := $(BUILD_DIR)/bats-$(BATS_VERSION)
 BATS = $(BATS_DIR)/bin/bats
 BATS_TEST ?= test

test/remote.bats

@@ -24,7 +24,7 @@ teardown_file() {
 
 @test "remote podman - run container" {
 	$DOCKER run --rm --network=host --pull=never "${PODMAN_REMOTE_IMAGE}" \
-		podman --url=tcp://$PODMAN_ADDRESS run alpine:3.14 echo hello from remote container
+		podman --url=tcp://$PODMAN_ADDRESS run alpine:3.17 echo hello from remote container
 }
 
 @test "remote podman - build image from dockerfile" {
@@ -33,7 +33,7 @@ teardown_file() {
 		"${PODMAN_REMOTE_IMAGE}" \
 		sh -c "set -ex; \
 			mkdir /tmp/testcontext
-			printf 'FROM alpine:3.14\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile
+			printf 'FROM alpine:3.17\nRUN echo hello\nCMD [ "/bin/echo", "hello" ]' > /tmp/testcontext/Dockerfile
 			podman --log-level=debug --remote --url=tcp://$PODMAN_ADDRESS build -t testbuild -f /tmp/testcontext/Dockerfile /tmp/testcontext; \
 			podman --url=tcp://$PODMAN_ADDRESS run testbuild echo hello from remote container"
 }

test/rootful.bats

@@ -18,7 +18,7 @@ skipIfDockerUnavailableAndNotRunAsRoot() {
 	$DOCKER run --rm --privileged --entrypoint /bin/sh -u root:root \
 		-v "$PODMAN_ROOT_DATA_DIR:/var/lib/containers/storage" \
 		--pull=never "${PODMAN_IMAGE}" \
-		-c 'podman run --rm alpine:3.14 wget -O /dev/null http://example.org'
+		-c 'podman run --rm alpine:3.17 wget -O /dev/null http://example.org'
 }
 
 @test "rootful podman - build image from dockerfile" {

test/rootless.bats

@@ -12,20 +12,20 @@ load test_helper.bash
 	$DOCKER run --rm --privileged -u podman:podman \
 		-v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \
 		--pull=never "${PODMAN_IMAGE}" \
-		docker run --rm alpine:3.14 wget -O /dev/null http://example.org
+		docker run --rm alpine:3.17 wget -O /dev/null http://example.org
 }
 
 @test "$TEST_PREFIX podman - uid mapping (using fuse-overlayfs) {
 	$DOCKER run --rm --privileged -u podman:podman \
 		-v "$PODMAN_ROOT_DATA_DIR:/podman/.local/share/containers/storage" \
 		--pull=never "${PODMAN_IMAGE}" \
-		docker run --rm alpine:3.14 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]'
+		docker run --rm alpine:3.17 /bin/sh -c 'set -ex; touch /file; chown guest /file; [ $(stat -c %U /file) = guest ]'
 }
 
 @test "$TEST_PREFIX podman - unmapped uid" {
 	$DOCKER run --rm --privileged --user 9000:9000 \
 		--pull=never "${PODMAN_IMAGE}" \
-		docker run --rm alpine:3.14 wget -O /dev/null http://example.org
+		docker run --rm alpine:3.17 wget -O /dev/null http://example.org
 }
 
 @test "$TEST_PREFIX podman - build image from dockerfile" {
@@ -34,7 +34,7 @@ load test_helper.bash
 		--pull=never "${PODMAN_IMAGE}" \
 		-c 'set -e;
 			podman build -t podmantestimage -f - . <<-EOF
-				FROM alpine:3.14
+				FROM alpine:3.17
 				RUN echo hello world > /hello
 				CMD ["/bin/cat", "/hello"]
 			EOF'