@cyphar cyphar released this Nov 11, 2018 · 5 commits to master since this release

Assets 7
  • All umoci commands that had --history.* options can now decide to omit a
    history entry with --no-history. Note that while this is supported for
    commands that create layers (umoci repack, umoci insert, and umoci raw add-layer) it is not recommended to use it for those commands since it can
    cause other tools to become confused when inspecting the image history. The
    primary usecase is to allow umoci config --no-history to leave no traces in
    the history. See SUSE/kiwi#871. #270
  • umoci insert now has a --tag option that allows you to non-destructively
    insert files into an image. The semantics match umoci config --tag.
    #273

Thanks to all of the people that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Sep 11, 2018 · 31 commits to master since this release

Assets 7
  • umoci now has an exposed Go API. At the moment it's unclear whether it will
    be changed significantly, but at the least now users can use
    umoci-as-a-library in a fairly sane way. #245
  • Added umoci unpack --keep-dirlinks (in the same vein as rsync's flag with
    the same name) which allows layers that contain entries which have a symlink
    as a path component. #246
  • umoci insert now supports whiteouts in two significant ways. You can use
    --whiteout to "insert" a deletion of a given path, while you can use
    --opaque to replace a directory by adding an opaque whiteout (the default
    behaviour causes the old and new directories to be merged).
    #257
  • Docker has changed how they handle whiteouts for non-existent files. The
    specification is loose on this (and in umoci we've always been liberal with
    whiteout generation -- to avoid cases where someone was confused we didn't
    have a whiteout for every entry). But now that they have deviated from the
    spec, in the interest of playing nice, we can just follow their new
    restriction (even though it is not supported by the spec). This also makes
    our layers slightly smaller. #254
  • umoci unpack now no longer erases system.nfs4_acl and also has some more
    sophisticated handling of forbidden xattrs. #252
    #248
  • umoci unpack now appears to work correctly on SELinux-enabled systems
    (previously we had various issues where umoci wouldn't like it when it was
    trying to ensure the filesystem was reproducibly generated and SELinux xattrs
    would act strangely). To fix this, now umoci unpack will only cause errors
    if it has been asked to change a forbidden xattr to a value different than
    it's current on-disk value. #235 #259

Thanks to all of the people that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Aug 16, 2018 · 68 commits to master since this release

Assets 7
  • The number of possible tags that are now valid with umoci subcommands has
    increased significantly due to an expansion in the specification of the
    format of the ref.name annotation. To quote the specification, the
    following is the EBNF of valid refname values. #234
    refname   ::= component ("/" component)*
    component ::= alphanum (separator alphanum)*
    alphanum  ::= [A-Za-z0-9]+
    separator ::= [-._:@+] | "--"
    
  • A new umoci insert subcommand which adds a given file to a path inside the
    container. #237
  • A new umoci raw unpack subcommand in order to allow users to unpack images
    without needing a configuration or any of the manifest generation.
    #239
  • umoci how has a logo. Thanks to Max Bailey for contributing
    this to the project. #165 #249
  • umoci unpack now handles out-of-order regular whiteouts correctly (though
    this ordering is not recommended by the spec -- nor is it required). This is
    an extension of #229 that was missed during review.
    #232
  • umoci unpack and umoci repack now make use of a far more optimised gzip
    compression library. In some benchmarks this has resulted in umoci repack
    speedups of up to 3x (though of course, you should do your own benchmarks).
    umoci unpack unfortunately doesn't have as significant of a performance
    improvement, due to the nature of gzip decompression (in future we may
    switch to zlib wrappers). #225 #233

Thanks to all of the contributors that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Mar 10, 2018 · 111 commits to master since this release

Assets 7
  • umoci repack now supports --refresh-bundle which will update the
    OCI bundle's metadata (mtree and umoci-specific manifests) after packing the
    image tag. This means that the bundle can be used as a base layer for
    future diffs without needing to unpack the image again. #196
  • Added a website, and reworked the documentation to be better structured. You
    can visit the website at umo.ci. #188
  • Added support for the user.rootlesscontainers specification, which allows
    for persistent on-disk emulation of chown(2) inside rootless containers.
    This implementation is interoperable with @AkihiroSuda's PRoot
    fork
    (though we do not test its interoperability at the
    moment) as both tools use the same protobuf
    specification
    . #227
  • umoci unpack now has support for opaque whiteouts (whiteouts which remove
    all children of a directory in the lower layer), though umoci repack does
    not currently have support for generating them. While this is technically a
    spec requirement, through testing we've never encountered an actual user of
    these whiteouts. #224 #229
  • umoci unpack will now use some rootless tricks inside user namespaces for
    operations that are known to fail (such as mknod(2)) while other operations
    will be carried out as normal (such as lchown(2)). It should be noted that
    the /proc/self/uid_map checking we do can be tricked into not detecting
    user namespaces, but you would need to be trying to break it on purpose.
    #171 #230
  • Fix a bug in our "parent directory restore" code, which is responsible for
    ensuring that the mtime and other similar properties of a directory are not
    modified by extraction inside said directory. The bug would manifest as
    xattrs not being restored properly in certain edge-cases (which we
    incidentally hit in a test-case). #161 #162
  • umoci unpack will now "clean up" the bundle generated if an error occurs
    during unpacking. Previously this didn't happen, which made cleaning up the
    responsibility of the caller (which was quite difficult if you were
    unprivileged). This is a breaking change, but is in the error path so it's
    not critical. #174 #187
  • umoci gc now will no longer remove unknown files and directories that
    aren't flock(2)ed, thus ensuring that any possible OCI image-spec
    extensions or other users of an image being operated on will no longer
    break. #198
  • umoci unpack --rootless will now correctly handle regular file unpacking
    when overwriting a file that umoci doesn't have write access to. In
    addition, the semantics of pre-existing hardlinks to a clobbered file are
    clarified (the hard-links will not refer to the new layer's inode).
    #222 #223

Thanks to all of the contributors that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Mar 5, 2018 · 207 commits to master since this release

Assets 7
  • Fix several minor bugs in hack/release.sh that caused the release artefacts
    to not match the intended style, as well as making it more generic so other
    projects can use it. #155 #163

  • A recent configuration issue caused go vet and go lint to not run as part
    of our CI jobs. This means that some of the information submitted as part of
    CII best practices badging was not accurate. This has been corrected,
    and after review we concluded that only stylistic issues were discovered by
    static analysis. #158

  • 32-bit unit test builds were broken in a refactor in [0.3.0]. This has been
    fixed, and we've added tests to our CI to ensure that something like this
    won't go unnoticed in the future. #157

  • umoci unpack would not correctly preserve set{uid,gid} bits. While this
    would not cause issues when building an image (as we only create a manifest
    of the final extracted rootfs), it would cause issues for other users of
    umoci. #166 #169

  • Updated to v0.4.1 of go-mtree, which fixes several minor
    bugs with manifest generation. #176

  • umoci unpack would not handle "weird" tar archive layers previously (it
    would error out with DiffID errors). While this wouldn't cause issues for
    layers generated using Go's archive/tar implementation, it would cause
    issues for GNU gzip and other such tools. #178
    #179

  • umoci unpack's mapping options (--uid-map and --gid-map) have had an
    interface change, to better match the user_namespaces(7)
    interfaces. Note that this is a breaking change, but the workaround is to
    switch to the trivially different (but now more consistent) format.
    #167

  • umoci unpack used to create the bundle and rootfs with world
    read-and-execute permissions by default. This could potentially result in an
    unsafe rootfs (containing dangerous setuid binaries for instance) being
    accessible by an unprivileged user. This has been fixed by always setting the
    mode of the bundle to 0700, which requires a user to explicitly work around
    this basic protection. This scenario was documented in our security
    documentation previously, but has now been fixed. #181
    #182


Thanks to all of the contributors that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Jul 20, 2017 · 261 commits to master since this release

Assets 7
  • umoci now passes all of the requirements for the CII best practices
    bading program
    . #134
  • umoci also now has more extensive architecture, quick-start and
    roadmap documentation. #134
  • umoci now supports 1.0.0 of the OCI image
    specification
    and 1.0.0 of the OCI runtime
    specification
    , which are the first milestone release.
    Note that there are still some remaining UX issues with --image and
    other parts of umoci which may be subject to change in future
    versions. In particular, this update of the specification now means
    that images may have ambiguous tags. umoci will warn you if an
    operation may have an ambiguous result, but we plan to improve this
    functionality far more in the future. #133
    #142
  • umoci also now supports more complicated descriptor walk structures,
    and also handles mutation of such structures more sanely. At the
    moment, this functionality has not been used "in the wild" and umoci
    doesn't have the UX to create such structures (yet) but these will be
    implemented in future versions. #145
  • umoci repack now supports --mask-path to ignore changes in the
    rootfs that are in a child of at least one of the provided masks when
    generating new layers. #127
  • Error messages from github.com/openSUSE/umoci/oci/cas/drivers/dir
    actually make sense now. #121
  • umoci unpack now generates config.json blobs according to the
    still proposed OCI image specification conversion
    document. #120
  • umoci repack also now automatically adding Config.Volumes from the
    image configuration to the set of masked paths. This matches recently
    added recommendations by the spec, but is a
    backwards-incompatible change because the new default is that
    Config.Volumes will be masked. If you wish to retain the old
    semantics, use --no-mask-volumes (though make sure to be aware of
    the reasoning behind Config.Volume masking). #127
  • umoci now uses SecureJoin rather than a patched
    version of FollowSymlinkInScope. The two implementations are roughly
    equivalent, but SecureJoin has a nicer API and is maintained as a
    separate project. #148
  • Switched to using golang.org/x/sys/unix over syscall where
    possible, which makes the codebase significantly cleaner.
    #141

Thanks to all of the contributors that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Apr 12, 2017 · 342 commits to master since this release

Assets 6
  • hack/release.sh automates the process of generating all of the published
    artefacts for releases. The new script also generates signed source code
    archives. #116
  • umoci now outputs configurations that are compliant with v1.0.0-rc5 of
    the OCI runtime-spec
    . This means that now you can use runc
    v1.0.0-rc3 with umoci (and rootless containers should work out of the box
    if you use a development build of runc). #114
  • umoci unpack no longer adds a dummy linux.seccomp entry, and instead just
    sets it to null. #114

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Apr 10, 2017 · 354 commits to master since this release

Assets 4
  • umoci now has some automated scripts for generated RPMs that are used in
    openSUSE to automatically submit packages to OBS. #101
  • --clear=config.{cmd,entrypoint} is now supported. While this interface is a
    bit weird (cmd and entrypoint aren't treated atomically) this makes the
    UX more consistent while we come up with a better cmd and entrypoint UX.
    #107
  • New subcommand: umoci raw runtime-config. It generates the runtime-spec
    config.json for a particular image without also unpacking the root
    filesystem, allowing for users of umoci that are regularly parsing
    config.json without caring about the root filesystem to be more efficient.
    However, a downside of this approach is that some image-spec fields
    (Config.User) require a root filesystem in order to make sense, which is
    why this command is hidden under the umoci-raw(1) subcommand (to make sure
    only users that understand what they're doing use it). #110
  • umoci's oci/cas and oci/config libraries have been massively refactored
    and rewritten, to allow for third-parties to use the OCI libraries. The plan
    is for these to eventually become part of an OCI project. #90
  • The oci/cas interface has been modifed to switch from *ispec.Descriptor
    to ispec.Descriptor. This is a breaking, but fairly insignificant, change.
    #89
  • umoci now uses an updated version of go-mtree, which has a complete
    rewrite of Vis and Unvis. The rewrite ensures that unicode handling is
    handled in a far more consistent and sane way. #88
  • umoci used to set process.user.additionalGids to the "normal value" when
    unpacking an image in rootless mode, causing issues when trying to actually
    run said bundle with runC. #109

Thanks to all of the contributors that helped make this release happen:

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Feb 10, 2017 · 402 commits to master since this release

Assets 4
  • CHANGELOG.md has now been added. #76
  • umoci now supports v1.0.0-rc4 images, which has made fairly minimal
    changes to the schema (mainly related to mediaTypes). While this change
    is backwards compatible (several fields were removed from the schema, but
    the specification allows for "additional fields"), tools using older versions
    of the specification may fail to operate on newer OCI images. There was no UX
    change associated with this update.
  • umoci tag would fail to clobber existing tags, which was in contrast to how
    the rest of the tag clobbering commands operated. This has been fixed and is
    now consistent with the other commands. #78
  • umoci repack now can correctly handle unicode-encoded filenames, allowing
    the creation of containers that have oddly named files. This required fixes
    to go-mtree (where the issue was). #80

Signed-off-by: Aleksa Sarai asarai@suse.de

@cyphar cyphar released this Feb 6, 2017 · 416 commits to master since this release

Assets 4

This is the first beta release of umoci, and it includes very few
changes from v0.0.0-rc3. However, at this point the UX is effectively
stable and umoci is properly tested. The (small) list of changes in this
release from -rc3 is:

  • Static compilation now works properly. #64
  • 32-bit builds have been fixed, and now umoci works on 32-bit
    architectures. #70
  • The unit tests can now be run inside the %check section of an rpmbuild
    script, allowing for proper testing of packages when they are built on
    openSUSE (and Fedora). #65
  • Unit tests have been massively expanded, as have the integration
    tests. In addition, full coverage profiles (both unit and integration)
    are generated to fully understand how much of the code is properly
    tested. Currently it is at ~80%. #68 #69
  • The logging output has been cleaned up to be much better for end-users
    to read. It's also a lot less chatty now. #73
  • This project has now been moved to become an openSUSE project.
    #75

Signed-off-by: Aleksa Sarai asarai@suse.de