@jonboulle jonboulle released this Apr 23, 2015 · 4351 commits to master since this release

Assets 4

rkt 0.5.4 introduces a number of new features - repository authentication, per-app arguments + local image signature verification, port forwarding and more. Further, although we aren't yet guaranteeing API/ABI stability between releases, we have added important work towards this goal including functional testing and database migration code.

This release also sees the removal of the --spawn-metadata-svc flag to rkt run. The flag was originally provided as a convenience, making it easy for users to get started with the metadata service. In rkt v0.5.4 we removed it in favor of explicitly starting it via rkt metadata-service command. For more details on running the metadata service - including example unit files for use with systemd - check out the documentation.

Full changelog:
- added configuration support for repository authentication (HTTP Basic Auth, O Auth, and Docker repositories). Full details in Documentation/
- rkt run now supports per-app arguments and per-image --signature specifications
- rkt run and rkt fetch will now verify signatures for local image files
- rkt run with --private-net now supports port forwarding (using --port=NAME:1234)
- rkt run now supports a --local flag to use only local images (i.e. no discovery or remote image retrieval will be performed)
- added initial support for running directly from a pod manifest
- the store DB now supports migrations for future versions
- systemd-nspawn machine names are now set to pod UUID
- removed the --spawn-metadata-svc option from rkt run; this mode was inherently racy and really only for convenience. A separate rkt metadata-service invocation should be used instead.
- various internal codebase refactoring: "cas" renamed to "store", tasks to encapsulate image fetch operations, etc
- bumped docker2aci to support authentication for Docker registries and fix a bug when retrieving images from Google Container Registry
- fixed a bug where --interactive did not work with arguments
- garbage collection for networking is now embedded in the stage1 image
- when rendering images into the treestore, a global syncfs() is used instead of a per-file sync(). This should significantly improve performance when first extracting large images
- added extensive functional testing on
- added a test-auth-server to facilitate testing of fetching images