v1.11.0

This release sets the ground for the new upcoming KVM qemu flavor. It adds support for exporting a pod to an ACI including all modifications. The rkt API service now also supports systemd socket activation. Finally we have diagnostics back, helping users to find out why their app failed to execute.

New features

• rkt fetch: support for the docker image format v2.2 and draft OCI image format and allows fetching via digest.
• KVM: Hypervisor support for KVM flavor focusing on qemu (#2684). This provides a generic mechanism to use different kvm hypervisors (such as lkvm, qemu-kvm).
• rkt: add command to export a pod to an aci (#2889). Adds a new export command to rkt which generates an ACI from a pod; saving any changes made to the pod.
• rkt/api: detect when run as a systemd.socket(5) service (#2916). This allows rkt to run as a systemd socket-based unit.
• rkt/stop: implement --uuid-file (#2902). So the user can use the value saved on rkt run with --uuid-file-save.

Bug fixes

• scripts/glide-update: ensure running from $GOPATH (#2885). glide is confused when it's not running with the rkt repository inside $GOPATH.
• store: fix missing shared storelock acquisition on NewStore (#2896).
• store,rkt: fix fd leaks (#2906). Close db lock on store close. If we don't do it, there's a fd leak everytime we open a new Store, even if it was closed.
• stage1/enterexec: remove trailing \n in environment variables (#2901). Loading environment retained the new line character (\n), this produced an incorrect evaluation of the environment variables.
• stage1/gc: skip cleaning our own cgroup (#2914).
• api_service/log: fix file descriptor leak in GetLogs() (#2930).
• protobuf: fix protoc-gen-go build with vendoring (#2913).
• build: fix x86 builds (#2926). This PR fixes a minor issue which leads to x86 builds failing.
• functional tests: add some more volume/mount tests (#2903).
• stage1/init: link pod's journal in kvm flavor (#2934). In nspawn flavors, nspawn creates a symlink from /var/log/journal/${machine-id} to the pod's journal directory. In kvm we need to do the link ourselves.
• build: Build system fixes (#2938). This should fix the expr: syntax error and useless rebuilds of network plugins.

Other changes

• stage1: diagnostic functionality for rkt run (#2872). If the app exits with ExecMainStatus == 203, the app's reaper runs the diagnostic tool and prints the output on stdout. systemd sets ExecMainstatus to EXIT_EXEC (203) when execve() fails.
• build: add support for more architectures at configure time (#2907).
• stage1: update coreos image to 1097.0.0 (#2884). This is needed for a recent enough version of libseccomp (2.3.0), with support for new syscalls (eg. getrandom).
• api: By adding labels to the image itself, we don't need to pass the manifest to filter function (#2909). api: Add labels to pod and image type.
• api: optionally build systemd-journal support (#2868). This introduces a 'sdjournal' tag and corresponding stubs in api_service, turning libsystemd headers into a soft-dependency.
• store: simplify db locking and functions (#2897). Instead of having a file lock to handle inter process locking and a sync.Mutex to handle locking between multiple goroutines, just create, lock and close a new file lock at every db.Do function.
• stage1/enterexec: Add entry to ASSCB_EXTRA_HEADERS (#2924). Added entry to ASSCB_EXTRA_HEADERS for better change tracking.
• build: use rkt-builder ACI (#2923).
• Add hidden 'image fetch' next to the existing 'fetch' option (#2860).
• stage1: prepare-app: don't mount /sys if path already used (#2888). When users mount /sys or a sub-directory of /sys as a volume, prepare-app should not mount /sys: that would mask the volume provided by users.
• build,stage1/init: set interpBin at build time to fix other architecture builds (e.g. x86) (#2950).
• functional tests: re-purpose aws.sh for generating AMIs (#2736).
• rkt: Add --cpuprofile --memprofile for profiling rkt (#2887). Adds two hidden global flags and documentation to enable profiling rkt.
• functional test: check PATH variable for trailer \n character (#2942).
• functional tests: disable TestVolumeSysfs on kvm (#2941).
• Documentation updates (#2918)

Library updates

• glide: update docker2aci to v0.12.1 (#2873). Includes support for the docker image format v2.2 and OCI image format and allows fetching via digest.

v1.10.1

This is a minor bug fix release.

Bug fixes

• rkt/run: handle malformed environment files (#2901)
• stage1/enterexec: remove trailing \n in environment variables (#2901)

v1.10.0

This release introduces a number of important features and improvements:

• ARM64 support
• A new subcommand rkt stop to gracefully stop running pods
• native Go vendoring with Glide
• rkt is now packaged for openSUSE Tumbleweed and Leap

New features

• Add ARM64 support (#2758). This enables ARM64 cross-compliation, fly, and stage1-coreos.
• Replace Godep with Glide, introduce native Go vendoring (#2735).
• rkt: rkt stop (#2438). Cleanly stops a running pod. For systemd-nspawn, sends a SIGTERM. For kvm, executes systemctl halt.

Bug fixes

• stage1/fly: respect runtimeApp App's MountPoints (#2852). Fixes #2846.
• run: fix sandbox-side metadata service to comply to appc v0.8.1 (#2863). Fixes #2621.

Other changes

• build directory layout change (#2758): The rkt binary and stage1 image files have been moved from the 'bin' sub-directory to the 'target/bin' sub-directory.
• networking/kvm: add flannel default gateway parsing (#2859).
• stage1/enterexec: environment file with '\n' as separator (systemd style) (#2839).
• pkg/tar: ignore global extended headers (#2847).
• pkg/tar: remove errwrap (#2848).
• tests: fix abuses of appc types.Isolator (#2840).
• common: remove unused GetImageIDs() (#2834).
• common/cgroup: add mountFsRO() helper function (#2829).
• Documentation updates (#2732, #2869, #2810, #2865, #2825, #2841, #2732)

Library updates

• glide: bump ql to v1.0.4 (#2875). It fixes an occassional panic when doing GC.
• glide: bump gopsutils to 2.1 (#2876). To include shirou/gopsutil#194 (this adds ARM aarch64 support)
• vendor: update appc/spec to 0.8.5 (#2854).

v1.9.1

v1.9.1

This is a minor bug fix release.

Bug fixes

• Godeps: update go-systemd (#2837). go-systemd v10 fixes a panic-inducing bug due to returning incorrect Read() length values.
• stage1/fly: use 0755 to create mountpaths (#2836). This will allow any user to list the content directories. It does not have any effect on the permissions on the mounted files itself.

v1.9.0

This release focuses on bug fixes and developer tooling and UX improvements.

New features and UX changes

• rkt/run: added --set-env-file switch and priorities for environments (#2816). --set-env-file gets an environment variables file path in the format "VAR=VALUE\n...".
• run: add --cap-retain and --cap-remove (#2771).
• store: print more information on rm as non-root (#2805).
• Documentation/vagrant: use rkt binary for getting started (#2808).
• docs: New file in documentation - instruction for new developers in rkt (#2639).
• stage0/trust: change error message if prefix/root flag missing (#2661).

Bug fixes

• rkt/uuid: fix match when uuid is an empty string (#2807).
• rkt/api_service: fix fly pods (#2799).
• api/client_example: fix panic if pod has no apps (#2766). Fixes the concern expressed in #2763 (comment)
• api_service: wait until a pod regs with machined (#2788).

Other changes

• stage1: update coreos image to 1068.0.0 (#2821).
• KVM: Update LKVM patch to mount with mmap mode (#2795).
• stage1: always write /etc/machine-id (#2440). Prepare rkt for systemd-v230 in stage1.
• stage1/prepare-app: always adjust /etc/hostname (#2761).

v1.8.0

v1.8.0

This release focuses on stabilizing the API service, fixing multiple issues in the logging subsystem.

New features and UX changes

• api: GetLogs: improve client example with 'Follow' (#2747).
• kvm: add proxy arp support to macvtap (#2715).
• stage0/config: add a CLI flag to pretty print json (#2745).
• stage1: make /proc/bus/ read-only (#2743).

Bug fixes

• api: GetLogs: use the correct type in LogsStreamWriter (#2744).
• api: fix service panic on incomplete pods (#2739).
• api: Fix the GetLogs() when appname is given (#2763).
• pkg/selinux: various fixes (#2723).
• pkg/fileutil: don't remove the cleanSrc if it equals '.' (#2731).
• stage0: remove superfluous error verbs (#2750).

Other changes

• Godeps: bump go-systemd (#2754). Fixes a panic on the api-service when calling GetLogs().
• Documentation updates (#2756, #2741, #2737, #2742, #2730, #2729).
• Test improvements (#2726).

v1.7.0

v1.7.0

This release introduces some new security features, including a "no-new-privileges" isolator and initial (partial) restrictions on /proc and /sys access.
Cgroups handling has also been improved with regards to setup and cleaning. Many bugfixes and new documentation are included too.

New features and UX changes

• stage1: implement no-new-privs linux isolator (#2677).
• stage0: disable OverlayFS by default when working on ZFS (#2600).
• stage1: (partially) restrict access to procfs and sysfs paths (#2683).
• stage1: clean up pod cgroups on GC (#2655).
• stage1/prepare-app: don't mount /sys/fs/cgroup in stage2 (#2681).
• stage0: complain and abort on conflicting CLI flags (#2666).
• stage1: update CoreOS image signing key (#2659).
• api_service: Implement GetLogs RPC request (#2662).
• networking: update to CNI v0.3.0 (#3696).

Bug fixes

• api: fix image size reporting (#2501).
• build: fix build failures on manpages/bash-completion target due to missing GOPATH (#2646).
• dist: fix "other" permissions so rkt list can work without root/rkt-admin (#2698).
• kvm: fix logging network plugin type (#2635).
• kvm: transform flannel network to allow teardown (#2647).
• rkt: fix panic on rm a non-existing pod with uuid-file (#2679).
• stage1/init: work around cgroup/SCM_CREDENTIALS race (#2645).
• gc: mount stage1 on GC (#2704).
• stage1: fix network files leak on GC (#2319).

Other changes

• deps: remove unused dependencies (#2703).
• deps: appc/spec, k8s, protobuf updates (#2697).
• deps: use tagged release of github.com/shirou/gopsutil (#2705).
• deps: bump docker2aci to v0.11.1 (#2719).
• Documentation updates (#2620, #2700, #2637, #2591, #2651, #2699, #2631).
• Test improvements (#2587, #2656, #2676, #2554, #2690, #2674, #2665, #2649, #2643, #2637, #2633).

v1.6.0

v1.6.0

This release focuses on security enhancements. It provides additional isolators, creating a new mount namespace per app. Also a new version of CoreOS 1032.0.0 with systemd v229 is being used in stage1.

New features and UX changes

• stage1: implement read-only rootfs (#2624). Using the Pod manifest readOnlyRootFS option mounts the rootfs of the app as read-only using systemd-exec unit option ReadOnlyDirectories, see appc/spec.
• stage1: capabilities: implement both remain set and remove set (#2589). It follows the Linux Isolators semantics from the App Container Executor spec, as modified by appc/spec#600.
• stage1/init: create a new mount ns for each app (#2603). Up to this point, you could escape the app's chroot easily by using a simple program downloaded from the internet 1. To avoid this, we now create a new mount namespace per each app.
• api: Return the pods even when we failed getting information about them (#2593).
• stage1/usr_from_coreos: use CoreOS 1032.0.0 with systemd v229 (#2514).

Bug fixes

• kvm: fix flannel network info (#2625). It wasn't saving the network information on disk.
• stage1: Machine name wasn't being populated with the full UUID (#2575).
• rkt: Some simple arg doc string fixes (#2588). Remove some unnecessary indefinite articles from the start of argument doc strings and fixes the arg doc string for run-prepared's --interactive flag.
• stage1: Fix segfault in enterexec (#2608). This happened if rkt enter was executed without the TERM environment variable set.
• net: fix port forwarding behavior with custom CNI ipMasq'ed networks and allow different hostPort:podPort combinations (#2387).
• stage0: check and create /etc (#2599). Checks '/etc' before writing to '/etc/rkt-resolv.conf' and creates it with default permissions if it doesn't exist.

Other changes

• godep: update cni to v0.2.3 (#2618).
• godep: update appc/spec to v0.8.1 (#2623, #2611).
• dist: Update tmpfiles to create /etc/rkt (#2472). By creating this directory, users can run rkt trust without being root, if the user is in the rkt group.
• Invoke gofmt with simplify-code flag (#2489). Enables code simplification checks of gofmt.
• Implement composable uid/gid generators (#2510). This cleans up the code a bit and implements uid/gid functionality for rkt fly.
• stage1: download CoreOS over HTTPS (#2568).
• Documentation updates (#2555, #2609, #2605, #2578, #2614, #2579, #2570).
• Test improvements (#2613, #2566, #2508).

v1.5.1

This release is a minor bug fix release.

Bug fixes

• rkt: fix bug where rkt errored out if the default data directory didn't exist #2557.
• kvm: fix docker volume semantics (#2558). When a Docker image exposes a mount point that is not mounted by a host volume, Docker volume semantics expect the files in the directory to be available to the application. This was not working properly in the kvm flavor and it's fixed now.
• kvm: fix net long names (#2543). Handle network names that are longer than the maximum allowed by iptables in the kvm flavor.

Other changes

• minor tests and clean-ups (#2551).

v1.5.0

This release switches to pure systemd for running apps within a pod. This lays the foundation to implement enhanced isolation capabilities. For example, starting with v1.5.0, apps are started with more restricted capabilities. User namespace support and the KVM stage1 are not experimental anymore. Resource usage can be benchmarked using the new rkt-monitor tool.

New features and UX changes

• stage1: replace appexec with pure systemd (#2493). Replace functionality implemented in appexec with equivalent systemd options. This allows restricting the capabilities granted to apps in a pod and makes enabling other security features (per-app mount namespaces, seccomp filters...) easier.
• stage1: restrict capabilities granted to apps (#2493). Apps in a pod receive now a smaller set of capabilities.
• rkt/image: render images on fetch (#2398). On systems with overlay fs support, rkt was delaying rendering images to the tree store until they were about to run for the first time which caused that first run to be slow for big images. When fetching as root, render the images right away so the first run is faster.

Bug fixes

• kvm: fix mounts regression (#2530). Cause - AppRootfsPath called with local "root" value was adding
  stage1/rootfs twice. After this change this is made properly.
• rkt/image: strip "Authorization" on redirects to a different host (#2465). We now don't pass the "Authorization" header if the redirect goes to a different host, it can leak sensitive information to unexpected third parties.
• stage1/init: interpret the string "root" as UID/GID 0 (#2458). This is a special case and it should work even if the image doesn't have /etc/passwd or /etc/group.

Improved documentation

• added benchmarks folder, benchmarks for v1.4.0 (#2520). Added the Documentation/benchmarks folder which includes a README that describes how rkt-monitor works and how to use it, and a file detailing the results of running rkt-monitor on each current workload with rkt v1.4.0.
• minor documentation fixes (#2455, #2528, #2511).

Testing

• kvm: enable functional tests for kvm (#2007). This includes initial support for running functional tests on the kvm flavor.

Other changes

• benchmarks: added rkt-monitor benchmarks (#2324). This includes the code for a golang binary that can start rkt and watch its resource usage and bash scripts for generating a handful of test scenarios.
• scripts: generate a Debian Sid ACI instead of using the Docker hub image (#2471). This is the first step to having an official release builder.
• pkg/sys: add SYS_SYNCFS definition for ppc64/ppc64le (#2443). Added missing SYS_SYNCFS definition for ppc64 and ppc64le, fixing build failures on those architectures.
• userns: not experimental anymore (#2486). Although it requires doing a recursive chown for each app, user namespaces work fine and shouldn't be marked as experimental.
• kvm: not experimental anymore (#2485). The kvm flavor was initially introduced in rkt v0.8.0, no reason to mark it as experimental.