Add podman machine os upgrade command

[baude]

Implements automatic OS upgrade functionality for Podman machines that requires no user input beyond running the command. The upgrade logic automatically determines the appropriate upgrade path using a three-way comparison between client version, machine version, and OCI registry:

• When the client version is older than the machine version, no action is taken and an error is returned.
• When the client version matches the machine version, the OCI registry is queried to check for in-band updates by comparing image digests. This handles minor, patch level, and updates oci image use cases.
• When the client version is newer than the machine version, the machine is upgraded to match the client's major.minor version.
• No manual image selection or version specification required.

The command supports dry-run mode and JSON (only) output format for automation.

Checklist

Ensure you have completed the following checklist for your pull request to be reviewed:

• Certify you wrote the patch or otherwise have the right to pass it on as an open-source patch by signing all
  commits. (git commit -s). (If needed, use git commit -s --amend). The author email must match
  the sign-off email address. See CONTRIBUTING.md
  for more information.
• Referenced issues using Fixes: #00000 in commit message (if applicable)
• Tests have been added/updated (or no tests are needed)
• Documentation has been updated (or no documentation changes are needed)
• All commits pass make validatepr (format/lint checks)
• Release note entered in the section below (or None if no user-facing changes)

Does this PR introduce a user-facing change?

Addition of `podman machine os upgrade` which automatically updates the Podman virtual machine os based on its origin.

[baude]

Note to reviewers: We have absolutely no way to test this command at this point. os-apply is also not tested. I think this is a card entirely on itself. Nevertheless, to test this, the podman command needs to get built into the machine-os which is the problematic portion.

[packit-as-a-service]

Cockpit tests failed for commit 26394a4. @martinpitt, @jelly, @mvollmer please check.

[ashley-cui]

Tested manually on linux:

1. Init using old image

• First machine upgrade succeeds
• after a reboot, a secondary upgrade fails with Error: failed to parse ostree origin
• Is this the preexisting issue with the new 6.1 OS not yet on quay? But plain init doesn't have output, so I'd assume it should be the same

2. plain podman machine init

• no output, since it's on latest.

3. forced client lower version (client 6.0, machine-os 6.1

• Error: client version 6.1.0 is older than your machine version 6.0.0-dev: upgrade your client
• This message should be flipped, ie Error: client version 6.0.0-dev is older than your machine version 6.1.0 : upgrade your client

I believe these are the larger test cases, but if you need anything more specific.

[packit-as-a-service]

[NON-BLOCKING] Packit jobs failed. @containers/packit-build please check. Everyone else, feel free to ignore.

[ashley-cui]

Tested again, all comments were addressed and functionality LGTM.

[TomSweeneyRedHat]

LGTM
but I'm not long in machine experience, I'd like another set of eyeballs

[l0rd]

The upgrade logic is perfect. I have a few comments on minor things that may be considered as post-merge follow up:

• We should mention that WSL isn't supported in the doc
• The command documentation could be improved (see comments below)
• The changes to go.mod shouldn't be needed
• Do you know why the bloat approved label is needed?
• We should fail earlier if the provider is WSL
• We should fail earlier if the provider is Hyper-V and the user is trying to restart without having the privileges to restart (not running as admin, not member of hyper-v admin group)
• There are no machine tests and I understand that's not possible in this PR but will they be added later? Eventually uncommenting the tests for os apply command too?
• Rather than having two separate commands (machine os apply and machine os upgrade) I find it simpler to have one unique command (machine update). The unique command would have the functionalities of both apply (specify a specific image) and upgrade (get the latest image if none is specified). I have checked a few packages managers (dnf, brew, winget) and they usually allow to specify a version in their upgrade/update command.

[l0rd]

With this description, if I have an old CLI, I may still think that the machine will be updated. We can probably add another sentence that says that the new version will match the client major and minor version. And also I would find it useful to mention that the command machine os apply can update to a specific version.

[l0rd]

For apply we have: "Apply an OCI image to Podman Machine's OS". Compared to that, the cases of machine and os are inconsistent.

[baude]

corrected.

[l0rd]

For apply this is apply [options] IMAGE [NAME] where [NAME] is the corresponding machine name. Here it's called [MACHINE].

[l0rd]

For apply the help is Restart VM to apply changes, for consistency here we could use Restart VM to upgrade.

[baude]

sure!

[mtrmac]

Just a drive-by, the dependency changes caught my eye. I didn’t read ~anything else.

[mtrmac]

A ~full review now, with the disclaimer that I never tried running it or studied the bootc CLI.

[mtrmac]

This is not documented in the option’s primary paragraph, and I think it is critical to include.

(I’m also not sure it is a good idea — will we never have users trying to run the actual upgrade in a script, and needing a structured output?

Or are users wanting to trigger an actual upgrade expected to use the API directly? In that case it’s a bit curious — but still plausible — that the “check for upgrades” users are given a CLI with JSON output.)

[baude]

the idea here is for consumers to be able to "check" if there is an upgrade (consider PD). And then the actual application of the update is done with the value there. That said, I'm asking PD to try this once it merges and they can provide feedback where we might make a change.

[baude]

And yes, i missed adding dry-run to the format description.

[mtrmac]

And then the actual application of the update is done with the value there.

… for GUIs, note that things (in particular registry contents) can change between the “check” and the final update.

I suppose such callers would use os upgrade --format json to make an upgrade decision, and then os apply to actually upgrade to exactly that version — does that work?

[baude]

correct, this is simply a mechanism to tell users that an update is available.

[mtrmac]

Most of machineInfo is left not updated — is it worth documenting which fields are set when?

Arguably letting users experiment might work fine … but they will only see the cross-version upgrade about two times a year, so that might be a surprise.

[mheon]

LGTM on my end. I think all comments are addressed?