v0.4.13

Download binaries at https://crashoverride.com/downloads

---

New Features

• _OP_EXIT_CODE key which reports external commands exit code such as for chalk docker build. (#417)

• _OP_CLOUD_SYS_VENDOR key for reporting sys vendor file content used to identity cloud provider. (#418)

• FAILED_KEYS and _OP_FAILED_KEYS - metadata keys which chalk could not collect metadata for. (#422) Each key contains:

  • code - short identifiable code of a known error
  • message - exact encountered error/exception message
  • description - human-readable description of the error with additional context how to potentially resolve it

• _NETWORK_PARTIAL_TRACEROUTE_IPS - collect local network subnet IPs even when running inside docker network-namespaced (not using --network=host) container (#425)

• DOCKERFILE_PATH_WITHIN_VCTL key reports the path of a Dockerfile relative to the VCS' project root. (#426)

---

Commits since the previous tag: v0.4.12...v0.4.13

v0.4.12

Download binaries at https://crashoverride.com/downloads

---

Breaking Changes

• Removing attestation_key_backup provider. It was an experimental service which is discontinued in favor of other attestation providers. (#411)

Fixes

• conffile plugin was sending some empty keys vs skipping them during reporting. Now it has matching behavior to
  other plugins which ignores empty keys. (#412)
• AWS instance is determined from board_asset_tag file when present. This allows to report _AWS_INSTANCE_ID even
  when cloud metadata endpoint is not reachable. (#413)
• Reporting AWS Lambda functions ARN for non-us-east-1 regions. Previously global STS AWS endpoint was used
  which cannot fetch STS get-caller-identity for other AWS regions. (#414)

---

Commits since the previous tag: v0.4.11...v0.4.12

v0.4.11

Download binaries at https://crashoverride.com/downloads

---

Fixes

• docker run-time host metadata collection was failing for non-build commands such as docker push. (#399)
• procfs plugin was throwing an exception while parsing /proc/net/dev to populate _OP_IPV[4/6]_INTERFACES keys.
  (#399)
• _IMAGE_DIGEST is sent for docker push when buildx is not available. Normally chalk needs to validate type of the manifest in the registry (image or list) which is currently done via buildx imagetools. When buildx is missing and the operation was docker push the pushed image can only be image manifest as only buildx supports list manifests. (#401)
• _REPO_DIGESTS was reported even when image digest was not known during buildx-enabled docker builds. (#402)
• METADATA_ID and METADATA_HASH were incorrectly computed for all docker push operations. (#403)

---

Commits since the previous tag: v0.4.10...v0.4.11

v0.4.10

Download binaries at https://crashoverride.com/downloads

---

Fixes

• Fixing ENTRYPOINT wrapping for empty-like definitions (#396):

  • ENTRYPOINT
  • ENTRYPOINT []
  • ENTRYPOINT [""]
    Now chalk correctly parses and wraps as appropriate
    depending on the use of buildkit.

Other

• Increasing cloud metadata endpoint collection timeout from 500ms to 1sec as in some cases it takes longer than 500ms to get a response. (#388)
• Not showing exec report when chalk is running in interactive shell. (#390)
• Not showing any chalk exec logs when running in interactive shell. (#394)

---

Commits since the previous tag: v0.4.9...v0.4.10

v0.4.9

Download binaries at https://crashoverride.com/downloads

---

Fixes

• When the base image is already wrapped by chalk, ENTRYPOINT was recursively wrapped. This broke image runtime as it was always exiting with a non-zero exit code. (#385)

New Features

• docker build and docker push now use the mark_default chalk template instead of minimal. As such, basic metadata about the repository are now included by default in the chalk mark (e.g. /chalk.json), such as the repository origin and commit ID. (#380)

• New chalk keys (#382):

  • DOCKER_TARGET - The name of the target being built in the Dockerfile
  • DOCKER_BASE_IMAGES - The breakdown of all base images across all sections of the Dockerfile
  • DOCKER_COPY_IMAGES - The breakdown of all external COPY --from across all sections of the Dockerfile

---

Commits since the previous tag: v0.4.8...v0.4.9

v0.4.8

Download binaries at https://crashoverride.com/downloads

---

Fixes

• A chalk report would previously omit the _OP_CLOUD_PROVIDER and _OP_CLOUD_PROVIDER_SERVICE_TYPE keys when (#362, #370):

  • No other instance metadata key (e.g. _GCP_INSTANCE_METADATA or _OP_CLOUD_PROVIDER_IP) was subscribed.
  • The instance metadata service couldn't be reached, or returned invalid data.

• _OP_ERRORS was missing any logs/errors from plugins. The key was collected by the system plugin which is executed first. The key is now populated by metsys plugin which is executed last. (#369)

---

Commits since the previous tag: v0.4.7...v0.4.8

v0.4.7

Download binaries at https://crashoverride.com/downloads

---

Fixes

• Docker build --metadata-file flag is only added when using buildx >= 0.6.0. In addition the flag is only added when using docker >= 22 as docker aliased docker build to docker buildx build which allows to use buildx flags in normal build command. (#357)

---

Commits since the previous tag: v0.4.6...v0.4.7

v0.4.6

Download binaries at https://crashoverride.com/downloads

---

Fixes

• Chalk did not extract correct commit ID for git repos with HEAD being symbolic reference to an annotated tag. This usually happens via git symbolic-ref HEAD. (#347)

• Chalk misreported annotated git tag as not annotated. To ensure tag is up-to-date with origin, chalk refetches
  regular tags (not annotated) from origin. To customize this behavior use git.refetch_lightweight_tags config. (#349)

• Chalk docker build did not support remote git context which was neither a tag or a branch. (#351) For example:

  docker build https://github.com/user/repo.git#refs/pull/1/merge
  

• Chalk did not correctly handle git annotated tags with an empty message. (#354)

---

Commits since the previous tag: v0.4.5...v0.4.6

v0.4.5

Download binaries at https://crashoverride.com/downloads

---

Fixes

• Docker push of a distroless image built without buildx could not extract the chalk mark from the image. (#338)
• Chalk did not report the correct branch name and commit id information when the git branch contained a / character. (#340)
• For packed repos (e.g. via git gc), chalk could not report all git-related keys like COMMIT_ID, TAG, etc. (#341)

New Features

• Added the BUILD_COMMIT_ID key. This reports the commit ID that triggered the build in CI/CD. (#339)

---

Commits since the previous tag:: v0.4.4...v0.4.5

v0.4.4

Download binaries at https://crashoverride.com/downloads

---

Fixes

• chalk exec did not pass full executable being execed in arguments in execv() syscall. This broke distro-less Python images which used virtualenv as sys.executable wasn't virtual env python but instead was system python path. (#333)

---

Commits since the previous tag: v0.4.3...v0.4.4