9 files changed, 90 insertions, 37 deletions
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index 18bf4a530..9649e7abb 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -41,6 +41,7 @@
 - The output of `podman system connection list` is now deterministic, with connections being sorted alpabetically by their name.
 - The auto-update service (`podman-auto-update.service`) has had its default timer adjusted so it now starts at a random time up to 15 minutes after midnight, to help prevent system congestion from numerous daily services run at once.
 - Systemd unit files generated by `podman generate systemd` now depend on `network-online.target` by default ([#10655](https://github.com/containers/podman/issues/10655)).
+- Systemd unit files generated by `podman generate systemd` now use `Type=notify` by default, instead of using PID files.
 - The `podman info` command's logic for detecting package versions on Gentoo has been improved, and should be significantly faster.
 
 ### Bugfixes
@@ -61,8 +62,10 @@
 - Fixed a bug where the remote Podman client's `podman build` command would only respect `.containerignore` and not `.dockerignore` files (when both are present, `.containerignore` will be preferred) ([#10907](https://github.com/containers/podman/issues/10907)).
 - Fixed a bug where the remote Podman client's `podman build` command would fail to send the Dockerfile being built to the server when it was excluded by the `.dockerignore` file, resulting in an error ([#9867](https://github.com/containers/podman/issues/9867)).
 - Fixed a bug where the remote Podman client's `podman build` command could unexpectedly stop streaming the output of the build ([#10154](https://github.com/containers/podman/issues/10154)).
+- Fixed a bug where the remote Podman client's `podman build` command would fail to build when run on Windows ([#11259](https://github.com/containers/podman/issues/11259)).
 - Fixed a bug where the `podman manifest create` command accepted at most two arguments (an arbitrary number of images are allowed as arguments, which will be added to the manifest).
 - Fixed a bug where named volumes would not be properly chowned to the UID and GID of the directory they were mounted over when first mounted into a container ([#10776](https://github.com/containers/podman/issues/10776)).
+- Fixed a bug where named volumes created using a volume plugin would be removed from Podman, even if the plugin reported a failure to remove the volume ([#11214](https://github.com/containers/podman/issues/11214)).
 - Fixed a bug where the remote Podman client's `podman exec -i` command would hang when input was provided via shell redirection (e.g. `podman --remote exec -i foo cat <<<"hello"`) ([#7360](https://github.com/containers/podman/issues/7360)).
 - Fixed a bug where containers created with `--rm` were not immediately removed after being started by `podman start` if they failed to start ([#10935](https://github.com/containers/podman/issues/10935)).
 - Fixed a bug where the `--storage-opt` flag to `podman create` and `podman run` was nonfunctional ([#10264](https://github.com/containers/podman/issues/10264)).
@@ -78,6 +81,9 @@
 - Fixed a bug where the `podman unpause --all` command would throw an error for every container that was not paused ([#11098](https://github.com/containers/podman/issues/11098)).
 - Fixed a bug where timestamps for the `since` and `until` filters using Unix timestamps with a nanoseconds portion could not be parsed ([#11131](https://github.com/containers/podman/issues/11131)).
 - Fixed a bug where the `podman info` command would sometimes print the wrong path for the `slirp4netns` binary.
+- Fixed a bug where rootless Podman containers joined to a CNI network would not have functional DNS when the host used systemd-resolved without the resolved stub resolver being enabled ([#11222](https://github.com/containers/podman/issues/11222)).
+- Fixed a bug where `podman network connect` and `podman network disconnect` of rootless containers could sometimes break port forwarding to the container ([#11248](https://github.com/containers/podman/issues/11248)).
+- Fixed a bug where joining a container to a CNI network by ID and adding network aliases to this network would cause the container to fail to start ([#11285](https://github.com/containers/podman/issues/11285)).
 
 ### API
 - Fixed a bug where the Compat List endpoint for Containers included healthcheck information for all containers, even those that did not have a configured healthcheck.
@@ -86,6 +92,7 @@
 - Fixed a bug where the Compat Wait endpoint for Containers would always send an empty string error message when no error occurred.
 - Fixed a bug where the Libpod Stats endpoint for Containers would not error when run on rootless containers on cgroups v1 systems (nonsensical results would be returned, as this configuration cannot be supportable).
 - Fixed a bug where the Compat List endpoint for Images omitted the `ContainerConfig` field ([#10795](https://github.com/containers/podman/issues/10795)).
+- Fixed a bug where the Compat Build endpoint for Images was too strict when validating the `Content-Type` header, rejecting content that Docker would have accepted ([#11022](https://github.com/containers/podman/issues/11012)).
 - Fixed a bug where the Compat Pull endpoint for Images could fail, but return a 200 status code, if an image name that could not be parsed was provided.
 - Fixed a bug where the Compat Pull endpoint for Images would continue to pull images after the client disconnected.
 - Fixed a bug where the Compat List endpoint for Networks would fail for non-bridge (e.g. macvlan) networks ([#10266](https://github.com/containers/podman/issues/10266)).
@@ -95,9 +102,9 @@
 - The Compat Pull endpoint for Images now supports the `platform` query parameter.
 
 ### Misc
-- Updated Buildah to v1.22.0
+- Updated Buildah to v1.22.3
 - Updated the containers/storage library to v1.34.1
-- Updated the containers/image library to v5.15.1
+- Updated the containers/image library to v5.15.2
 - Updated the containers/common library to v0.42.1
 
 ## 3.2.3
diff --git a/libpod/runtime_ctr.go b/libpod/runtime_ctr.go
index 059f56798..02bbb6981 100644
--- a/libpod/runtime_ctr.go
+++ b/libpod/runtime_ctr.go
@@ -246,6 +246,20 @@ func (r *Runtime) setupContainer(ctx context.Context, ctr *Container) (_ *Contai
 		ctr.config.Networks = netNames
 	}
 
+	// https://github.com/containers/podman/issues/11285
+	// normalize the networks aliases to use network names and never ids
+	if len(ctr.config.NetworkAliases) > 0 {
+		netAliases := make(map[string][]string, len(ctr.config.NetworkAliases))
+		for nameOrID, aliases := range ctr.config.NetworkAliases {
+			netName, err := network.NormalizeName(r.config, nameOrID)
+			if err != nil {
+				return nil, err
+			}
+			netAliases[netName] = aliases
+		}
+		ctr.config.NetworkAliases = netAliases
+	}
+
 	// Inhibit shutdown until creation succeeds
 	shutdown.Inhibit()
 	defer shutdown.Uninhibit()
diff --git a/libpod/runtime_volume_linux.go b/libpod/runtime_volume_linux.go
index 3d5bc8bb2..f489fbbb5 100644
--- a/libpod/runtime_volume_linux.go
+++ b/libpod/runtime_volume_linux.go
@@ -234,11 +234,6 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool) error
 	// Set volume as invalid so it can no longer be used
 	v.valid = false
 
-	// Remove the volume from the state
-	if err := r.state.RemoveVolume(v); err != nil {
-		return errors.Wrapf(err, "error removing volume %s", v.Name())
-	}
-
 	var removalErr error
 
 	// If we use a volume plugin, we need to remove from the plugin.
@@ -266,11 +261,19 @@ func (r *Runtime) removeVolume(ctx context.Context, v *Volume, force bool) error
 			req := new(pluginapi.RemoveRequest)
 			req.Name = v.Name()
 			if err := v.plugin.RemoveVolume(req); err != nil {
-				removalErr = errors.Wrapf(err, "volume %s could not be removed from plugin %s, but it has been removed from Podman", v.Name(), v.Driver())
+				return errors.Wrapf(err, "volume %s could not be removed from plugin %s", v.Name(), v.Driver())
 			}
 		}
 	}
 
+	// Remove the volume from the state
+	if err := r.state.RemoveVolume(v); err != nil {
+		if removalErr != nil {
+			logrus.Errorf("Error removing volume %s from plugin %s: %v", v.Name(), v.Driver(), removalErr)
+		}
+		return errors.Wrapf(err, "error removing volume %s", v.Name())
+	}
+
 	// Free the volume's lock
 	if err := v.lock.Free(); err != nil {
 		if removalErr == nil {
diff --git a/pkg/api/handlers/compat/images_build.go b/pkg/api/handlers/compat/images_build.go
index 08d1df4b8..0fcca1821 100644
--- a/pkg/api/handlers/compat/images_build.go
+++ b/pkg/api/handlers/compat/images_build.go
@@ -34,13 +34,16 @@ func BuildImage(w http.ResponseWriter, r *http.Request) {
 		contentType := hdr[0]
 		switch contentType {
 		case "application/tar":
-			logrus.Warnf("tar file content type is  %s, should use \"application/x-tar\" content type", contentType)
+			logrus.Infof("tar file content type is  %s, should use \"application/x-tar\" content type", contentType)
 		case "application/x-tar":
 			break
 		default:
-			utils.BadRequest(w, "Content-Type", hdr[0],
-				fmt.Errorf("Content-Type: %s is not supported. Should be \"application/x-tar\"", hdr[0]))
-			return
+			if utils.IsLibpodRequest(r) {
+				utils.BadRequest(w, "Content-Type", hdr[0],
+					fmt.Errorf("Content-Type: %s is not supported. Should be \"application/x-tar\"", hdr[0]))
+				return
+			}
+			logrus.Infof("tar file content type is  %s, should use \"application/x-tar\" content type", contentType)
 		}
 	}
 
diff --git a/pkg/bindings/images/build.go b/pkg/bindings/images/build.go
index e1aeae244..39e0fc5df 100644
--- a/pkg/bindings/images/build.go
+++ b/pkg/bindings/images/build.go
@@ -481,9 +481,9 @@ func nTar(excludes []string, sources ...string) (io.ReadCloser, error) {
 					return nil // skip root dir
 				}
 
-				name := strings.TrimPrefix(path, s+string(filepath.Separator))
+				name := filepath.ToSlash(strings.TrimPrefix(path, s+string(filepath.Separator)))
 
-				excluded, err := pm.Matches(filepath.ToSlash(name)) // nolint:staticcheck
+				excluded, err := pm.Matches(name) // nolint:staticcheck
 				if err != nil {
 					return errors.Wrapf(err, "error checking if %q is excluded", name)
 				}
diff --git a/pkg/machine/fcos.go b/pkg/machine/fcos.go
index 11936aee7..49ec01e67 100644
--- a/pkg/machine/fcos.go
+++ b/pkg/machine/fcos.go
@@ -3,14 +3,14 @@
 package machine
 
 import (
-	"crypto/sha256"
-	"io/ioutil"
 	url2 "net/url"
+	"os"
 	"path/filepath"
 	"runtime"
 	"strings"
 
 	digest "github.com/opencontainers/go-digest"
+	"github.com/sirupsen/logrus"
 )
 
 // These should eventually be moved into machine/qemu as
@@ -91,24 +91,23 @@ func UpdateAvailable(d *Download) (bool, error) {
 	//	 check the sha of the local image if it exists
 	//  get the sha of the remote image
 	// == dont bother to pull
-	files, err := ioutil.ReadDir(filepath.Dir(d.LocalPath))
+	if _, err := os.Stat(d.LocalPath); os.IsNotExist(err) {
+		return false, nil
+	}
+	fd, err := os.Open(d.LocalPath)
 	if err != nil {
 		return false, err
 	}
-	for _, file := range files {
-		if filepath.Base(d.LocalPath) == file.Name() {
-			b, err := ioutil.ReadFile(d.LocalPath)
-			if err != nil {
-				return false, err
-			}
-			s := sha256.Sum256(b)
-			sum := digest.NewDigestFromBytes(digest.SHA256, s[:])
-			if sum.Encoded() == d.Sha256sum {
-				return true, nil
-			}
+	defer func() {
+		if err := fd.Close(); err != nil {
+			logrus.Error(err)
 		}
+	}()
+	sum, err := digest.SHA256.FromReader(fd)
+	if err != nil {
+		return false, err
 	}
-	return false, nil
+	return sum.Encoded() == d.Sha256sum, nil
 }
 
 func getFcosArch() string {
diff --git a/test/apiv2/10-images.at b/test/apiv2/10-images.at
index 195b11ff0..abc8d44b7 100644
--- a/test/apiv2/10-images.at
+++ b/test/apiv2/10-images.at
@@ -173,7 +173,7 @@ curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
 BUILD_TEST_ERROR=""
 
 if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
-    echo -e "${red}NOK: Image build from tar failed response was not 200 OK"
+    echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/x-tar)"
     BUILD_TEST_ERROR="1"
 fi
 
@@ -182,6 +182,38 @@ if ! grep -q 'quay.io/libpod/alpine_labels' "${TMPD}/response.txt"; then
     BUILD_TEST_ERROR="1"
 fi
 
+curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
+    -H "content-type: application/tar" \
+    --dump-header "${TMPD}/headers.txt" \
+    -o /dev/null \
+    "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null
+if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
+    echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/tar)"
+    BUILD_TEST_ERROR="1"
+fi
+
+# Yes, this is very un-RESTful re: Content-Type header ignored when compatibility endpoint used
+# See https://github.com/containers/podman/issues/11012
+curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
+    -H "content-type: application/json" \
+    --dump-header "${TMPD}/headers.txt" \
+    -o /dev/null \
+    "http://$HOST:$PORT/v1.40/build?dockerfile=containerfile" &> /dev/null
+if ! grep -q '200 OK' "${TMPD}/headers.txt"; then
+    echo -e "${red}NOK: Image build from tar failed response was not 200 OK (application/tar)"
+    BUILD_TEST_ERROR="1"
+fi
+
+curl -XPOST --data-binary @<(cat $CONTAINERFILE_TAR) \
+    -H "content-type: application/json" \
+    --dump-header "${TMPD}/headers.txt" \
+    -o /dev/null \
+    "http://$HOST:$PORT/v1.40/libpod/build?dockerfile=containerfile" &> /dev/null
+if ! grep -q '400 Bad Request' "${TMPD}/headers.txt"; then
+    echo -e "${red}NOK: Image build should have failed with 400 (wrong Content-Type)"
+    BUILD_TEST_ERROR="1"
+fi
+
 cleanBuildTest
 if [[ "${BUILD_TEST_ERROR}" ]]; then
     exit 1
diff --git a/test/e2e/network_connect_disconnect_test.go b/test/e2e/network_connect_disconnect_test.go
index b1f3607ab..217efdeec 100644
--- a/test/e2e/network_connect_disconnect_test.go
+++ b/test/e2e/network_connect_disconnect_test.go
@@ -236,8 +236,6 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("podman network connect and run with network ID", func() {
-		SkipIfRemote("remote flakes to much I will fix this in another PR")
-		SkipIfRootless("network connect and disconnect are only rootful")
 		netName := "ID" + stringid.GenerateNonCryptoID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
@@ -249,7 +247,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 		Expect(session).Should(Exit(0))
 		netID := session.OutputToString()
 
-		ctr := podmanTest.Podman([]string{"run", "-dt", "--name", "test", "--network", netID, ALPINE, "top"})
+		ctr := podmanTest.Podman([]string{"run", "-dt", "--name", "test", "--network", netID, "--network-alias", "somealias", ALPINE, "top"})
 		ctr.WaitWithDefaultTimeout()
 		Expect(ctr).Should(Exit(0))
 
@@ -269,7 +267,7 @@ var _ = Describe("Podman network connect and disconnect", func() {
 		Expect(session).Should(Exit(0))
 		newNetID := session.OutputToString()
 
-		connect := podmanTest.Podman([]string{"network", "connect", newNetID, "test"})
+		connect := podmanTest.Podman([]string{"network", "connect", "--alias", "secondalias", newNetID, "test"})
 		connect.WaitWithDefaultTimeout()
 		Expect(connect).Should(Exit(0))
 
@@ -324,8 +322,6 @@ var _ = Describe("Podman network connect and disconnect", func() {
 	})
 
 	It("podman network disconnect and run with network ID", func() {
-		SkipIfRemote("remote flakes to much I will fix this in another PR")
-		SkipIfRootless("network connect and disconnect are only rootful")
 		netName := "aliasTest" + stringid.GenerateNonCryptoID()
 		session := podmanTest.Podman([]string{"network", "create", netName})
 		session.WaitWithDefaultTimeout()
diff --git a/test/e2e/run_networking_test.go b/test/e2e/run_networking_test.go
index 92388b099..8eabeba97 100644
--- a/test/e2e/run_networking_test.go
+++ b/test/e2e/run_networking_test.go
@@ -764,7 +764,6 @@ var _ = Describe("Podman run networking", func() {
 	})
 
 	It("podman run check dnsname adds dns search domain", func() {
-		Skip("needs dnsname#57")
 		net := "dnsname" + stringid.GenerateNonCryptoID()
 		session := podmanTest.Podman([]string{"network", "create", net})
 		session.WaitWithDefaultTimeout()