apple
diff --git a/‎.github/ISSUE_TEMPLATE/01-bug.yml‎
Lines changed: 2 additions & 2 deletions b/‎.github/ISSUE_TEMPLATE/01-bug.yml‎
Lines changed: 2 additions & 2 deletions
diff --git a/‎.github/ISSUE_TEMPLATE/02-feature.yml‎
Lines changed: 1 addition & 1 deletion b/‎.github/ISSUE_TEMPLATE/02-feature.yml‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎.github/workflows/common.yml‎
Lines changed: 4 additions & 6 deletions b/‎.github/workflows/common.yml‎
Lines changed: 4 additions & 6 deletions
diff --git a/‎.spi.yml‎
Lines changed: 11 additions & 9 deletions b/‎.spi.yml‎
Lines changed: 11 additions & 9 deletions
diff --git a/‎BUILDING.md‎
Lines changed: 33 additions & 21 deletions b/‎BUILDING.md‎
Lines changed: 33 additions & 21 deletions
diff --git a/‎Makefile‎
Lines changed: 56 additions & 64 deletions b/‎Makefile‎
Lines changed: 56 additions & 64 deletions
@@ -1,7 +1,7 @@
 name: Bug report
 description: File a bug report.
 title: "[Bug]: "
-labels: ["bug", "triage"]
+type: "Bug"
 body:
   - type: markdown
     attributes:
@@ -34,7 +34,7 @@ body:
   - type: textarea
     id: expected
     attributes:
-      label: Expected Behavior
+      label: Expected behavior
       description: A concise description of what you expected to happen.
     validations:
       required: true
 
@@ -1,7 +1,7 @@
 name: Feature or enhancement request
 description: File a request for a feature or enhancement
 title: "[Request]: "
-labels: ["feature", "triage"]
+type: "Feature"
 body:
   - type: markdown
     attributes:
 
@@ -11,13 +11,12 @@ on:
 jobs:
   buildAndTest:
     name: Build and test the project
+    if: github.repository == 'apple/container'
     timeout-minutes: 60
     runs-on: [self-hosted, macos, sequoia, ARM64]
     permissions:
       contents: read
       packages: read
-    env:
-      CURRENT_SDK: y
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
@@ -44,7 +43,7 @@ jobs:
             false
           fi
         env:
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
+          DEVELOPER_DIR: "/Applications/Xcode-latest.app/Contents/Developer"
 
       - name: Set build configuration
         run: |
@@ -58,7 +57,7 @@ jobs:
           make container dsym docs
           tar cfz _site.tgz _site
         env:
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
+          DEVELOPER_DIR: "/Applications/Xcode-latest.app/Contents/Developer"
 
       - name: Create package
         run: |
@@ -71,8 +70,7 @@ jobs:
           launchctl setenv HTTP_PROXY $HTTP_PROXY
           make test cleancontent install-kernel integration
         env:
-          DEVELOPER_DIR: "/Applications/Xcode_26.b1.app/Contents/Developer"
-          CURRENT_SDK: y # explicitly repeated due to local env block
+          DEVELOPER_DIR: "/Applications/Xcode-latest.app/Contents/Developer"
 
       - name: Save documentation artifact
         uses: actions/upload-artifact@v4
 
@@ -1,12 +1,14 @@
 version: 1
 builder:
   configs:
-    - documentation_targets:
-      - ContainerSandboxService
-      - ContainerNetworkService
-      - ContainerImagesService
-      - ContainerClient
-      - ContainerLog
-      - ContainerPlugin
-      - ContainerXPC
-      - TerminalProgress
+    -
+      documentation_targets:
+        - ContainerSandboxService
+        - ContainerNetworkService
+        - ContainerImagesService
+        - ContainerClient
+        - ContainerLog
+        - ContainerPlugin
+        - ContainerXPC
+        - TerminalProgress
+      swift_version: '6.2'
@@ -6,6 +6,9 @@ To build the `container` project, you need:
 - macOS 15 minimum, macOS 26 beta recommended
 - Xcode 26 beta, set as the [active developer directory](https://developer.apple.com/library/archive/technotes/tn2339/_index.html#//apple_ref/doc/uid/DTS40014588-CH1-HOW_DO_I_SELECT_THE_DEFAULT_VERSION_OF_XCODE_TO_USE_FOR_MY_COMMAND_LINE_TOOLS_)
 
+> [!IMPORTANT]
+> There is a bug in the `vmnet` framework on macOS 26 beta that causes network creation to fail if the `container` helper applications are located under your `Documents` or `Desktop` directories. If you use `make install`, you can simply run the `container` binary in `/usr/local`. If you prefer to use the binaries that `make all` creates in your project `bin` and `libexec` directories, locate your project elsewhere, such as `~/projects/container`, until this issue is resolved.
+
 ## Compile and test
 
 Build `container` and the background services from source, and run basic and integration tests:
@@ -20,6 +23,13 @@ Copy the binaries to `/usr/local/bin` and `/usr/local/libexec` (requires enterin
 make install
 ```
 
+Or to install a release build, with better performance than the debug build:
+
+```bash
+BUILD_CONFIGURATION=release make all test integration
+BUILD_CONFIGURATION=release make install
+```
+
 ## Compile protobufs
 
 `container` uses gRPC to communicate to the builder virtual machine that creates images from `Dockerfile`s, and depends on specific versions of `grpc-swift` and `swift-protobuf`. If you make changes to the gRPC APIs in the [container-builder-shim](https://github.com/apple/container-builder-shim) project, install the tools and re-generate the gRPC code in this project using:
@@ -38,58 +48,60 @@ to prepare your build environment.
 
 2. In your development shell, go to the `container` project directory.
 
-    ```
+    ```bash
     cd container
     ```
 
 3. If the `container` services are already running, stop them.
 
-    ```
+    ```bash
     bin/container system stop
     ```
 
-4. Configure the environment variable `CONTAINERIZATION_PATH` to refer to your Containerization project, and update your `Package.resolved` file.
-
-    ```
-    export CONTAINERIZATION_PATH=../containerization
-    swift package update containerization
-    ```
-
-5. Build the init filesystem for your local copy of the Containerization project.
+4. Use the Swift package manager to configure use your local `containerization` package and update your `Package.resolved` file.
 
-    ```
-    (cd ${CONTAINERIZATION_PATH} && make clean all)
+    ```bash
+    /usr/bin/swift package edit --path ../containerization containerization
+    /usr/bin/swift package update containerization
     ```
 
-6. Build `container`.
+    > [!IMPORTANT]
+    > If you are using Xcode, you will need to temporarily modify `Package.swift` instead of using `swift package edit`, using a path dependency in place of the versioned `container` dependency:
+    >
+    >    ```swift
+    >    .package(path: "../containerization"),
+    >    ```
+5. Build `container`.
 
     ```
     make clean all
     ```
 
-7. Start the `container` services.
+6. Restart the `container` services.
 
     ```
+    bin/container system stop
     bin/container system start
     ```
 
 To revert to using the Containerization dependency from your `Package.swift`:
 
-1. Unset your `CONTAINERIZATION_PATH` environment variable, and update `Package.resolved`.
+1. Use the Swift package manager to restore the normal `containerization` dependency and update your `Package.resolved` file. If you are using Xcode, revert your `Package.swift` change instead of using `swift package unedit`.
 
-    ```
-    unset CONTAINERIZATION_PATH
-    swift package update containerization
+    ```bash
+    /usr/bin/swift package unedit containerization
+    /usr/bin/swift package update containerization
     ```
 
 2. Rebuild `container`.
 
-    ```
+    ```bash
     make clean all
     ```
 
 3. Restart the `container` services.
 
-    ```
-    bin/container system restart
+    ```bash
+    bin/container system stop
+    bin/container system start
     ```
@@ -28,12 +28,6 @@ DSYM_DIR := bin/$(BUILD_CONFIGURATION)/bundle/container-dSYM
 DSYM_PATH := bin/$(BUILD_CONFIGURATION)/bundle/container-dSYM.zip
 CODESIGN_OPTS ?= --force --sign - --timestamp=none
 
-ifeq (,$(CURRENT_SDK))
-	CURRENT_SDK_ARGS :=
-else
-	CURRENT_SDK_ARGS := -Xswiftc -DCURRENT_SDK
-endif
-
 MACOS_VERSION := $(shell sw_vers -productVersion)
 MACOS_MAJOR := $(shell echo $(MACOS_VERSION) | cut -d. -f1)
 
@@ -49,13 +43,12 @@ all: init-block
 .PHONY: build
 build:
 	@echo Building container binaries...
-	@#Remove this when the updated macOS SDK is available publicly
-	$(SWIFT) build -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) ; \
+	@$(SWIFT) build -c $(BUILD_CONFIGURATION)
 
 .PHONY: container
-container: build 
-	@# Install binaries under project directory
-	@"$(MAKE)" BUILD_CONFIGURATION=$(BUILD_CONFIGURATION) DESTDIR=$(ROOT_DIR)/ SUDO= install
+# Install binaries under project directory
+container: build
+	@"$(MAKE)" BUILD_CONFIGURATION=$(BUILD_CONFIGURATION) DESTDIR="$(ROOT_DIR)/" SUDO= install
 
 .PHONY: release
 release: BUILD_CONFIGURATION = release
@@ -67,93 +60,94 @@ init-block:
 
 .PHONY: install
 install: installer-pkg
-	@echo Installing container installer package 
+	@echo Installing container installer package
 	@if [ -z "$(SUDO)" ] ; then \
 		temp_dir=$$(mktemp -d) ; \
 		xar -xf $(PKG_PATH) -C $${temp_dir} ; \
-		(cd $${temp_dir} && tar -xf Payload -C $(DESTDIR)) ; \
+		(cd $${temp_dir} && tar -xf Payload -C "$(DESTDIR)") ; \
 		rm -rf $${temp_dir} ; \
 	else \
 		$(SUDO) installer -pkg $(PKG_PATH) -target / ; \
-	fi 
-	
-$(STAGING_DIR): 
-	@echo Installing container binaries from $(BUILD_BIN_DIR) into $(STAGING_DIR)...
-	@rm -rf $(STAGING_DIR)
-	@mkdir -p $(join $(STAGING_DIR), bin)
-	@mkdir -p $(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/bin)
-	@mkdir -p $(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/bin)
-	@mkdir -p $(join $(STAGING_DIR), libexec/container/plugins/container-core-images/bin)
-
-	@install $(BUILD_BIN_DIR)/container $(join $(STAGING_DIR), bin/container)
-	@install $(BUILD_BIN_DIR)/container-apiserver $(join $(STAGING_DIR), bin/container-apiserver)
-	@install $(BUILD_BIN_DIR)/container-runtime-linux $(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/bin/container-runtime-linux)
-	@install config/container-runtime-linux-config.json $(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/config.json)
-	@install $(BUILD_BIN_DIR)/container-network-vmnet $(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/bin/container-network-vmnet)
-	@install config/container-network-vmnet-config.json $(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/config.json)
-	@install $(BUILD_BIN_DIR)/container-core-images $(join $(STAGING_DIR), libexec/container/plugins/container-core-images/bin/container-core-images)
-	@install config/container-core-images-config.json $(join $(STAGING_DIR), libexec/container/plugins/container-core-images/config.json)
+	fi
+
+$(STAGING_DIR):
+	@echo Installing container binaries from "$(BUILD_BIN_DIR)" into "$(STAGING_DIR)"...
+	@rm -rf "$(STAGING_DIR)"
+	@mkdir -p "$(join $(STAGING_DIR), bin)"
+	@mkdir -p "$(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/bin)"
+	@mkdir -p "$(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/bin)"
+	@mkdir -p "$(join $(STAGING_DIR), libexec/container/plugins/container-core-images/bin)"
+
+	@install "$(BUILD_BIN_DIR)/container" "$(join $(STAGING_DIR), bin/container)"
+	@install "$(BUILD_BIN_DIR)/container-apiserver" "$(join $(STAGING_DIR), bin/container-apiserver)"
+	@install "$(BUILD_BIN_DIR)/container-runtime-linux" "$(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/bin/container-runtime-linux)"
+	@install config/container-runtime-linux-config.json "$(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/config.json)"
+	@install "$(BUILD_BIN_DIR)/container-network-vmnet" "$(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/bin/container-network-vmnet)"
+	@install config/container-network-vmnet-config.json "$(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/config.json)"
+	@install "$(BUILD_BIN_DIR)/container-core-images" "$(join $(STAGING_DIR), libexec/container/plugins/container-core-images/bin/container-core-images)"
+	@install config/container-core-images-config.json "$(join $(STAGING_DIR), libexec/container/plugins/container-core-images/config.json)"
 
 	@echo Install uninstaller script
-	@install scripts/uninstall-container.sh $(join $(STAGING_DIR), bin/uninstall-container.sh)
+	@install scripts/uninstall-container.sh "$(join $(STAGING_DIR), bin/uninstall-container.sh)"
 
 .PHONY: installer-pkg
 installer-pkg: $(STAGING_DIR)
 	@echo Signing container binaries...
-	@codesign $(CODESIGN_OPTS) --identifier com.apple.container.cli $(join $(STAGING_DIR), bin/container)
-	@codesign $(CODESIGN_OPTS) --identifier com.apple.container.apiserver $(join $(STAGING_DIR), bin/container-apiserver)
-	@codesign $(CODESIGN_OPTS) --prefix=com.apple.container. $(join $(STAGING_DIR), libexec/container/plugins/container-core-images/bin/container-core-images)
-	@codesign $(CODESIGN_OPTS) --prefix=com.apple.container. --entitlements=signing/container-runtime-linux.entitlements $(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/bin/container-runtime-linux)
-	@codesign $(CODESIGN_OPTS) --prefix=com.apple.container. --entitlements=signing/container-network-vmnet.entitlements $(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/bin/container-network-vmnet)
+	@codesign $(CODESIGN_OPTS) --identifier com.apple.container.cli "$(join $(STAGING_DIR), bin/container)"
+	@codesign $(CODESIGN_OPTS) --identifier com.apple.container.apiserver "$(join $(STAGING_DIR), bin/container-apiserver)"
+	@codesign $(CODESIGN_OPTS) --prefix=com.apple.container. "$(join $(STAGING_DIR), libexec/container/plugins/container-core-images/bin/container-core-images)"
+	@codesign $(CODESIGN_OPTS) --prefix=com.apple.container. --entitlements=signing/container-runtime-linux.entitlements "$(join $(STAGING_DIR), libexec/container/plugins/container-runtime-linux/bin/container-runtime-linux)"
+	@codesign $(CODESIGN_OPTS) --prefix=com.apple.container. --entitlements=signing/container-network-vmnet.entitlements "$(join $(STAGING_DIR), libexec/container/plugins/container-network-vmnet/bin/container-network-vmnet)"
 
 	@echo Creating application installer
-	@pkgbuild --root $(STAGING_DIR) --identifier com.apple.container-installer --install-location /usr/local $(PKG_PATH)
-	@rm -rf $(STAGING_DIR)
+	@pkgbuild --root "$(STAGING_DIR)" --identifier com.apple.container-installer --install-location /usr/local --version ${RELEASE_VERSION} $(PKG_PATH)
+	@rm -rf "$(STAGING_DIR)"
 
 .PHONY: dsym
 dsym:
 	@echo Copying debug symbols...
-	@rm -rf $(DSYM_DIR)
-	@mkdir -p $(DSYM_DIR)
-	@cp -a $(BUILD_BIN_DIR)/container-runtime-linux.dSYM $(DSYM_DIR)
-	@cp -a $(BUILD_BIN_DIR)/container-network-vmnet.dSYM $(DSYM_DIR)
-	@cp -a $(BUILD_BIN_DIR)/container-core-images.dSYM $(DSYM_DIR)
-	@cp -a $(BUILD_BIN_DIR)/container-apiserver.dSYM $(DSYM_DIR)
-	@cp -a $(BUILD_BIN_DIR)/container.dSYM $(DSYM_DIR)
+	@rm -rf "$(DSYM_DIR)"
+	@mkdir -p "$(DSYM_DIR)"
+	@cp -a "$(BUILD_BIN_DIR)/container-runtime-linux.dSYM" "$(DSYM_DIR)"
+	@cp -a "$(BUILD_BIN_DIR)/container-network-vmnet.dSYM" "$(DSYM_DIR)"
+	@cp -a "$(BUILD_BIN_DIR)/container-core-images.dSYM" "$(DSYM_DIR)"
+	@cp -a "$(BUILD_BIN_DIR)/container-apiserver.dSYM" "$(DSYM_DIR)"
+	@cp -a "$(BUILD_BIN_DIR)/container.dSYM" "$(DSYM_DIR)"
 
 	@echo Packaging the debug symbols...
-	@(cd $(dir $(DSYM_DIR)) ; zip -r $(notdir $(DSYM_PATH)) $(notdir $(DSYM_DIR)))
+	@(cd "$(dir $(DSYM_DIR))" ; zip -r $(notdir $(DSYM_PATH)) $(notdir $(DSYM_DIR)))
 
 .PHONY: test
 test:
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --skip TestCLI
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --skip TestCLI
 
 .PHONY: install-kernel
 install-kernel:
 	@bin/container system stop || true
-	@bin/container system start --enable-kernel-install  
+	@bin/container system start --enable-kernel-install
 
 .PHONY: integration
 integration: init-block
 	@echo Ensuring apiserver stopped before the CLI integration tests...
-	@bin/container system stop
-	@scripts/ensure-container-stopped.sh
+	@bin/container system stop && sleep 3 && scripts/ensure-container-stopped.sh
 	@echo Running the integration tests...
 	@bin/container system start
 	@echo "Removing any existing containers"
 	@bin/container rm --all
 	@echo "Starting CLI integration tests"
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --filter TestCLIRunLifecycle
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --filter TestCLIExecCommand
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --filter TestCLIRunCommand
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --filter TestCLIImagesCommand
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --filter TestCLIRunBase
-	@$(SWIFT) test -c $(BUILD_CONFIGURATION) $(CURRENT_SDK_ARGS) --filter TestCLIBuildBase
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLINetwork
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLIRunLifecycle
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLIExecCommand
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLICreateCommand
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLIRunCommand
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLIImagesCommand
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLIRunBase
+	@$(SWIFT) test -c $(BUILD_CONFIGURATION) --filter TestCLIBuildBase
 	@echo Ensuring apiserver stopped after the CLI integration tests...
 	@scripts/ensure-container-stopped.sh
 
 .PHONY: fmt
-fmt:	swift-fmt update-licenses
+fmt: swift-fmt update-licenses
 
 .PHONY: swift-fmt
 SWIFT_SRC = $(shell find . -type f -name '*.swift' -not -path "*/.*" -not -path "*.pb.swift" -not -path "*.grpc.swift" -not -path "*/checkouts/*")
@@ -182,12 +176,10 @@ serve-docs:
 	@python3 -m http.server --bind 127.0.0.1 --directory ./_serve
 
 .PHONY: docs
-docs: _site
-
-_site:
+docs:
 	@echo Updating API documentation...
-	rm -rf $@
-	@scripts/make-docs.sh $@ container
+	@rm -rf _site
+	@scripts/make-docs.sh _site container
 
 .PHONY: cleancontent
 cleancontent:
@@ -197,7 +189,7 @@ cleancontent:
 
 .PHONY: clean
 clean:
-	@echo Cleaning the build files...
+	@echo Cleaning build files...
 	@rm -rf bin/ libexec/
 	@rm -rf _site _serve
 	@$(SWIFT) package clean