Skip to content

v0.3.4
Compare
Choose a tag to compare
@ee7 ee7 released this 18 Mar 17:25
· 19 commits to main since this release
v0.3.4
9a5959d
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Download binaries at https://crashoverride.com/downloads

Breaking Changes

  • Attestation key generation/retrieval was refactored to use key providers. As such, all previous config values related to signing backup service have changed (#239). The removed attributes are:

    • use_signing_key_backup_service
    • signing_key_backup_service_url
    • signing_key_backup_service_auth_config_name
    • signing_key_backup_service_timeout
    • signing_key_location

    Instead, now each individual key provider can be separately configured:

    attestation {
  key_provider: "embed" # or "backup" which enables key backup provider
                        # as previously configured by
                        # `use_signing_key_backup_service`
  attestation_key_embed {
    location: "./chalk." # used to be `signing_key_location`
  }
  attestation_key_backup {
    location: "./chalk."    # used to be `signing_key_location`
    uri:      "https://..." # used to be `signing_key_backup_service_url`
    auth:     "..."         # used to be `signing_key_backup_service_auth_config_name`
    timeout:  << 1 sec >>   # used to be `signing_key_backup_service_timeout`
  }
}

Fixes

  • Make docker build correctly wrap ENTRYPOINT when base image has it defined (#147).
  • Fix a segfault when using secrets backup service during chalk setup (#220).
  • Honor cache component cache on chalk conf load (#222).
  • Fix a segfault when accidentally providing http:// URL to a sink instead of https:// (#223).
  • Fix leaking FDs that didn't allow to chalk large zip files such as large Java jar file (#229).
  • Fix chalking zip file reporting git-repo keys (#230).
  • Fix cosign not honoring CHALK_PASSWORD in all operations (#232).
  • Fix git plugin not parsing some git objects correctly, which in some cases misreported git keys (#241).
  • Fix chalk load not honoring default parameter value after any incorrect previous value was provided (#242).

New Features

  • Support con4m function memoize, which allows caching function callback result into chalk mark for future lookups (#239).
  • Support con4m function auth_headers, which allows getting auth headers for a specific auth config (#239).
  • Support con4m function parse_json, which parses JSON string (#239).
  • Support get attestation key provider which allows retrieving key-material over API (#239).
  • chalk exec no longer requires --exec-command-name and can get command name to exec directly from args (#155): 
    chalk exec -- echo hello

Commits since previous tag: v0.3.3...v0.3.4

Assets 2