v0.3.4
Download binaries at https://crashoverride.com/downloads
Breaking Changes
-
Attestation key generation/retrieval was refactored to use key providers. As such, all previous config values related to signing backup service have changed (#239). The removed attributes are:
use_signing_key_backup_service
signing_key_backup_service_url
signing_key_backup_service_auth_config_name
signing_key_backup_service_timeout
signing_key_location
Instead, now each individual key provider can be separately configured:
attestation { key_provider: "embed" # or "backup" which enables key backup provider # as previously configured by # `use_signing_key_backup_service` attestation_key_embed { location: "./chalk." # used to be `signing_key_location` } attestation_key_backup { location: "./chalk." # used to be `signing_key_location` uri: "https://..." # used to be `signing_key_backup_service_url` auth: "..." # used to be `signing_key_backup_service_auth_config_name` timeout: << 1 sec >> # used to be `signing_key_backup_service_timeout` } }
Fixes
- Make docker build correctly wrap
ENTRYPOINT
when base image has it defined (#147). - Fix a segfault when using secrets backup service during
chalk setup
(#220). - Honor cache component cache on chalk conf load (#222).
- Fix a segfault when accidentally providing
http://
URL to a sink instead ofhttps://
(#223). - Fix leaking FDs that didn't allow to chalk large zip files such as large Java jar file (#229).
- Fix chalking zip file reporting git-repo keys (#230).
- Fix cosign not honoring
CHALK_PASSWORD
in all operations (#232). - Fix git plugin not parsing some git objects correctly, which in some cases misreported git keys (#241).
- Fix
chalk load
not honoring default parameter value after any incorrect previous value was provided (#242).
New Features
- Support con4m function
memoize
, which allows caching function callback result into chalk mark for future lookups (#239). - Support con4m function
auth_headers
, which allows getting auth headers for a specific auth config (#239). - Support con4m function
parse_json
, which parses JSON string (#239). - Support
get
attestation key provider which allows retrieving key-material over API (#239). chalk exec
no longer requires--exec-command-name
and can get command name to exec directly from args (#155):chalk exec -- echo hello
Commits since previous tag: v0.3.3...v0.3.4