Update dependency hashicorp/packer to v1.11.0

[renovate]

This PR contains the following updates:

Package	Update	Change
hashicorp/packer	minor	1.7.8 -> 1.11.0

---

Release Notes

hashicorp/packer (hashicorp/packer)

v1.11.0

Compare Source

1.11.0 (2024-05-31)

NOTES:

• A LICENSE.txt file has been added to the Packer release artifacts.
  GH-12931
  GH-12940

• Breaking Change: Support for loading single-component plugins has been removed from Packer. GH-12785

• Breaking Change: Support for loading plugin binaries following
  the naming convention of packer-plugin-name has been dropped. Packer will now only load
  plugins stored under the Packer plugin directory using the expected namespaced
  directory and CHECKSUM files. This change drops support for loading plugin
  binaries in Packer's executable directory or a template's current working
  directory. GH-12828

/Users/dev/.packer.d/plugins
└── github.com
    └── hashicorp
        └── happycloud
            ├── packer-plugin-happycloud_v0.0.1_x5.0_darwin_arm64
            └── packer-plugin-happycloud_v0.0.1_x5.0_darwin_arm64_SHA256SUM

FEATURES:

• core: Add -ignore-prerelease-plugins flag to disable the use of development
  plugin binaries for the build and validate commands development plugin
  binaries. GH-12828
  GH-12882
• Packer users can now track Packer version and plugin versions used for each
  build artifact in HCP Packer.
  GH-12866
• hcl2: add textencodebase64 and textdecodebase64 funcs
  For feature parity with Terraform, and since having access to strings
  encoded in something that is not UTF-8 is required in some cases, we add
  both the textencodebase64 and textdecodebase64 functions to HCL2 templates.
  Please note these functions return base64 encoded byte slices because of how
  cty/hcl defines strings (NFC normalised, UTF-8 encoded).
  GH-12997

SECURITY:

• Bump github.com/go-jose/go-jose/v3 to address GHSA-c5q2-7r4c-mv6g.
  GH-12880
• Bump golang.org/x/net to v0.24.0 to address GO-2024-2687.
  GH-12924

IMPROVEMENTS:

• core: Bump github.com/hashicorp/hcp-sdk-go from 0.90.0 to 0.96.0.
  GH-12935
  GH-12942
  GH-12960
  GH-12979
• core: Bump github.com/hashicorp/packer-plugin-sdk from 0.5.2 to 0.5.3
  GH-12932
• core: Bump go-getter/v2 from 2.2.1 to v2.2.2
  GH-12988
• datasource/http: don't error on 2xx code
  Previous versions of Packer only supported 200 as a success case for the http
  datasource. This change makes any status code from 200 to 299 successful.
  GH-12989
• core: Move to predictable plugin loading schema - Packer will now only load
  plugins stored under the Packer plugin directory using the expected namespaced
  directory and CHECKSUM files.
  GH-12828
• core: Remove support loading single-component plugins.
  GH-12785
• core: Rename internal packer plugin command to packer execute to avoid user confusion with
  the plugins subcommand.
  GH-12865
• core: Packer now considers development binaries when evaluating plugin
  version constraints. This work allows users to use binaries with versions
  reported as "x.y.z-dev" to be used with the Packer required_plugins
  block. GH-12828
• core: Packer now supports local paths to plugins for the packer plugins remove
  command. This addition makes it possible to pipe commands like
  packer plugins installed with it for speedy cleanup of installed plugins.
  GH-12886
• core: Relax Packer source address URIs within the required_plugins block to
  support the installation of local plugin binary using a custom or internal
  source address (e.g. mycompany.com/plugins/happyorg/happycloud). Remote
  installation using packer init or packer plugins install does not
  support non-GitHub source URIs. Users using alternative hosts must
  install plugins manually using packer plugins install --path.
  GH-12911, [GH-12962] (https://github.com/hashicorp/packer/pull/12962)
• core: Remote plugins installed containing an internal version number that
  differs from the version number within the binary name can lead to
  confusion when tracking Packer plugin version information. To help track
  such discrepancies in the plugin version, packer init and packer plugin install have been updated to reject installation of such plugins.
  1.0.0-dev). Users are encouraged to notify plugin maintainers of any
  version mismatches.
  GH-12915, GH-12953, GH-12972
• core: don't load plugins with metadata in name
  To avoid confusion with multiple plugins that report the same effective version,
  plugins installed need to have no metadata in their name.
  When installed through Packer commands, the metadata is scrubbed from the name of the
  installed plugin binary, but manually it may still be possible, so we enforce
  that scrubbing at load-time as well.
  GH-12980
• core: Error when multiple paths are specified for PACKER_PLUGIN_PATH
  Since Packer 1.11 removed the capability for PACKER_PLUGIN_PATH to specify
  multiple directories separated by : or ; (depending on the platform), we
  are explicitly erroring when this is discovered, with suggestions as to how
  to fix the problem.
  GH-12967
• core: Version metadata support for plugins. Plugins may now formally have metadata
  in their versions, Packer supports it, and applies the semver recommendations on
  them, i.e. they are ignored for comparison/sorting purposes, but allowed for
  adding extra information about a plugin.
  GH-12888

Given the specified version constraint only versions greater than or equal to 1.1.0 will be considered.

amazon = {
  source = "github.com/hashicorp/amazon"
  version = ">= 1.1.0"
}

If a development binary is installed, Packer will use it if:

1. It is the highest compatible version installed.
2. There is no final plugin version with the same version number installed alongside it.

/Users/dev/.packer.d/plugins
└─ github.com
   └─ hashicorp
    	└── amazon
          ├── packer-plugin-amazon_v1.1.0_x5.0_darwin_arm64
          ├── packer-plugin-amazon_v1.1.0_x5.0_darwin_arm64_SHA256SUM
          ├── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64
          └── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64_SHA256SUM

Version 1.1.1-dev of the Amazon plugin will match the specified version constraint and be used for executing the Packer build.

If, however, a 1.1.1 release version of the plugin is available, it will have precedence over the development binary.

/Users/dev/.packer.d/plugins
└─ github.com
   └─ hashicorp
    	└── amazon
          ├── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64
          ├── packer-plugin-amazon_v1.1.1-dev_x5.0_darwin_arm64_SHA256SUM
          ├── packer-plugin-amazon_v1.1.1_x5.0_darwin_arm64
          └── packer-plugin-amazon_v1.1.1_x5.0_darwin_arm64_SHA256SUM

BUG FIXES:

• core: fix plugin version ordering to not be lexicographic. This fixes an issue
  with how plugins are discovered by Packer, and ensures proper version ordering.
  This means that with this change, versions that are semantically greater,
  but lexicographically inferior will be loaded.
  Ex: 1.0.9 vs. 1.0.10; 1.0.9 > 1.0.10 lexicographically, but semantically
  1.0.10 > 1.0.9
• core/hcp: fix potential race condition when storing plugin details to the HCP
  Packer metadata storage map.
  GH-12936
• core: fix plugin listing on Windows
  This fix addresses bugs present in the alpha releases of 1.11, where
  the discovery of Windows binaries were not matching against the
  filename extension (.exe).
  GH-12981

v1.10.3

Compare Source

1.10.3 (April 22, 2024)

NOTES

• A LICENSE.txt file has been added to the Packer release artifacts.
  12981

FEATURES

• Packer users can now track Packer version and plugin versions used for each
  build artifact in HCP Packer.
  GH-12891
  GH-12910
  GH-12923
  GH-12926

SECURITY

• Bump github.com/go-jose/go-jose/v3 to address GHSA-c5q2-7r4c-mv6g.
  GH-12928
• Bump golang.org/x/net to v0.24.0 to address GO-2024-2687.
  GH-12924

BUG FIXES

• cmd/fmt: Display information error when Packer fmt fails due to HCL2
  parsing error. GH-12870

v1.10.2

Compare Source

1.10.2 (March 6, 2024)

NOTES:

• Continuing the work in in Packer v1.10.0 we introduced the ability to install
  a locally sourced plugin using packer plugins install --path, this
  release extends support to development plugin binaries - binaries that
  report "dev" as part of their plugin version. Instead of manually placing a
  downloaded binary into the executable or current working directory we
  encourage you to run the command packer plugins install –path <path-to- downloaded-extracted-binary> github.com/hashicorp/happycloud to install
  the binary into a Packer compatible path.
  GH-12855

IMPROVEMENTS:

• cmd/plugins: Add support for installing local development binaries to packer plugins install.
  GH-12855
• core: Validate bucket name when using hcp_packer_registry block.
  GH-12820
• core: Update github.com/hashicorp/hcp-sdk-go from 0.83.0 to 0.85.0.
  GH-12850
  GH-12827

BUG FIXES:

• core/hcp: HCP Packer build failures properly distinguish between incompatible
  plugins and general publishing errors.
  GH-12854
  GH-12835

v1.10.1

Compare Source

1.10.1 (January 30, 2024)

NOTES:

• HCP Packer has been updated to follow an artifact-agnostic approach for
  publishing and consuming built artifacts. To best support the new approach, HCP Packer components within Packer have
  been updated to use the v2 nomenclature when publishing build metadata to
  HCP Packer. These changes include data source components for consuming HCP
  Packer stored artifacts. The data source components hcp-packer-version
  and hcp-packer-artifact respectively replace, the now deprecated,
  hcp-packer-iteration
  and hcp-packer-image
  component data sources. The added changes are compatible with all existing HCP Packer workflows and do not warrant any
  immediate template changes by the user. However, we encourage all HCP Packer users to visit the updated
  HCP Packer CHANGELOG to familiarize themselves with the nomenclature changes.
  GH-12794 GH-12799
• The hcp-packer-image data source has been deprecated, please use HCP Packer
  Artifact data source instead.
  GH-12794
• The hcp-packer-iteration data source has been deprecated, please use HCP
  Packer Version data source instead.
  GH-12794
• The contextual variable packer.iterationID has been deprecated, please use
  the new contextual variable packer.versionFingerprint. The iterationID
  represents the HCP Packer iteration that build metadata has been publish
  to, with this release an Iteration is now referred to as a Version and the
  ID has been replaced by the Version Fingerprint.
  GH-12803

FEATURES:

• New Data source hcp-packer-artifact The HCP Packer Artifact Data Source
  retrieves information about an artifact from the HCP Packer Registry.
  GH-12794
• New Data source hcp-packer-version The HCP Packer Version Data Source
  retrieves information about HCP Packer Version from the HCP Packer.
  Registry. GH-12794

SECURITY:

• core: Bump Go dependencies to address various CVEs. GH-12777
• core: Bump github.com/cloudflare/circl to address GHSA-9763-4f94-gfch. GH-12781

IMPROVEMENTS:

• core: Bump github.com/hashicorp/hcp-sdk-go from 0.79.0 to 0.81.0
  GH-12792
  GH-12764
• core: Update error messaging for HCP incompatible plugin builds.
  GH-12800
• core: Update HCP Packer integration to use HCP Packer v2 nomenclature, with
  this change HCP Packer iterations are now referred to as Versions, and
  Images are now referred to as Artifacts. The data sources for interacting
  with HCP Packer have been respectively renamed to align with the terminology
  of Version and Artifact.
  GH-12794
  GH-12799
• core: Update spacing for flags within Help text.
  GH-12742
  GH-12743

v1.10.0

Compare Source

1.10.0 (December 5, 2023)

NOTES:

This release contains breaking changes for practitioner relying on plugins
previously bundled into Packer. As specified in the Bundled Plugins Removal announcement
HashiCorp maintained plugins will no longer be shipped with Packer.
Users are encouraged to use packer init or packer plugins [...] when managing required plugins
needed for executing their builds.
GH-12660

The affected plugins include:

• packer-plugin-amazon
• packer-plugin-ansible
• packer-plugin-azure
• packer-plugin-docker
• packer-plugin-googlecompute
• packer-plugin-qemu
• packer-plugin-vagrant
• packer-plugin-virtualbox
• packer-plugin-vmware
• packer-plugin-vsphere

SECURITY:

• Bump github.com/go-jose/go-jose/v3 to address GO-2023-2334. There have been
  no reported issues with Packer but we are bumping given that it is a
  secondary
  dependency. GH-12723
• Bump Go to 1.20.10 to Address CVE-2023-44487 / CVE-2023-39325.
  GH-12661
• Bump Go to 1.20.11 CVE-2023-45283. There have been no reported issues with
  Packer but we are bumping given its usage of the path/filepath pkg.
  GH-12690
• Bump Packer Plugin SDK to v0.5.2.
  GH-12717

PLUGINS:

• Removed all HashiCorp vendored plugins from being bundled into the Packer binary.
  GH-12660, GH-12720
• packer-plugin-hcloud: The Hetzner Cloud plugin has been handed over to the
  Hetzner integrations team. New releases for this plugin are available at
  https://github.com/hetznercloud/packer-plugin-hcloud. Existing references
  to the plugin will continue to work but users are advised to update the
  required_plugins block to use the new plugin source address.
  required_plugins {
  parallels = {
  source = "github.com/hetznercloud/hcloud"
  version = "~> 1"
  }
  }

IMPROVEMENTS:

• cmd/init: Warn users running packer init on configuration templates with a
  missing required_plugins blocks.
  GH-12638
• cmd/plugins: Add --path flag to packer plugins install subcommand to
  support installation of plugins from a local binary rather than from
  GitHub. GH-12643
• cmd/plugins: Install SHA256SUM file with 0644 perms.
  GH-12665
• cmd/plugins: Remove SHA256SUM file on plugin removal.
  GH-12666
• cmd/plugins: Remove will error if it fails to find the plugin being selected
  for removal. GH-12669
• core/hcl2: Remove empty source file reference on unset variable errors.
  GH-12712
• core/hcl: Improve the recursive execution of data sources with other data
  source dependencies.
  GH-12608
• core: Bump github.com/hashicorp/hcp-sdk-go from 0.73.0 to 0.74.0 -
  GH-12704
• core: Bump Packer Plugin SDK to v0.5.2.
  GH-12717
• core: Provide integration link as hint in error message if a plugin component
  is unknown. GH-12705
• core: Update version output for packer -v and packer --version to match
  packer version.
  GH-12569
• docs: Update plugin installation guides with supported methods for 1.10.0 and
  above. GH-12713

BUG FIXES:

• cmd/plugins: Update packer plugin installed to show all installed plugin
  binaries, including any duplicate versions or binaries copied from a
  different source URI.
  GH-12731

v1.9.5

Compare Source

1.9.5 (December 4, 2023)

SECURITY

• Bump github.com/go-jose/go-jose/v3 to address GO-2023-2334.
  GH-12723

BUG FIXES:

• Add VirtualBox as known plugin prefix to prevent endless bundled plugin warning.
  GH-12719

v1.9.4

Compare Source

1.9.4 (August 18, 2023)

BUG FIXES:

• core: When invoking Packer with the CHECKPOINT_DISABLE environment variable the telemetry
  reporter is left uninitialized in order to disable telemetry reporting.
  Any method calls on the nil reporter is expected to check if the reporter is active or in
  NOOP mode. The SetBundledUsage function, introduced in Packer 1.9.2, failed to perform a nil
  check before attempting to modify an attribute, causing Packer to fail when telemetry is
  disabled. This release fixes this issue by introducing such a check.

v1.9.3

Compare Source

1.9.3 (August 17, 2023)

NOTES:

• New Docker Image: As part of the bundled plugin removal effort, a new
  Docker target called release-full has been added to the Packer release
  artifacts. The release-full image includes Packer and all the official
  plugins pre-installed in its environment. This image is being offered as an
  alternative option for those users who may still be relying on the plugin
  versions bundled into the Packer binary.
  GH-12532

IMPROVEMENTS:

• core/docs: Clarify the expected usage of the packer init command for HCL2
  template builds.GH-12535
• core/hcp: Add support for project-level service principals. A user connecting
  with a project level service principals must provide a valid HCP_PROJECT_ID
  in order to connect.
  GH-12520
  GH-12576
• core: A new Docker image packer:release-full has been added for all
  supported architectures. The release-full image includes Packer and all the
  official plugins pre-installed in its environment.
  GH-12532
• core: Add enhanced support to Packer telemetry for bundle plugins usage.
  GH-12536

BUG FIXES:

• core: Bump golang.org/x/net to v0.13.0 to address CVE GO-2023-1988. Packer
  itself is not vulnerable to the CVE as we don't render web pages, but
  security checks do point it as an issue that needs to be addressed.
  GH-12561
• core: Fix custom plugin loading in current working directory regression.
  GH-12544

v1.9.2

Compare Source

1.9.2 (July 19, 2023)

NOTES:

• Vendored plugins within Packer have not been updated. Plugin releases occur on
  a regular basis to address issues and feature requests.
  Please note that in an upcoming version of Packer, we will remove the last
  bundled plugins from Packer.
  Users are encouraged to use packer init for HCL2 templates or
  packer plugins install with legacy JSON templates for installing external
  plugins.

• Packer will now warn when using bundled plugins. This feature will be removed in
  a future version of the tool, so this warning is meant to bring awareness of the
  upcoming change, and to help users update their environment/templates to be
  ready for this.
  GH-12495

BUG FIXES:

• Fixed a bug with how Packer was discovering plugins: in order to load
  plugins, Packer would recursively scan all the known directories in which
  we could have installed plugins. This caused unnecessary directory
  walks and slowdowns upon invocation. Packer will now only check
  for nested plugins within the directories used by commands such as packer init, or packer plugins install, or as defined in PACKER_PLUGIN_PATH.
  Refer to
  Packer's plugin directory documentation
  for details on how loading works.
  GH-12414

• The packer init subcommand now bundles all the missing installed plugins into one
  condensed warning, as opposed to one warning per missing plugin.
  GH-12506

PLUGINS:

• packer-plugin-parallels: The Parallels plugin has been handed over to the Parallels
  team. New releases for this plugin are available at
  https://github.com/parallels/packer-plugin-parallels. This plugin is is no longer
  being bundled in the Packer binary release. Existing references to the
  plugin will continue to work but users are advised to update the
  required_plugins block to use the new plugin source address.
  GH-12476
  required_plugins {
  parallels = {
  source = "github.com/parallels/parallels"
  version = "~> 1"
  }
  }

IMPROVEMENTS:

• The hcl2_upgrade subcommand will now add required_plugins to the template
  generated from JSON for all our officially supported plugins.
  GH-12504

v1.9.1

Compare Source

1.9.1 (June 1, 2023)

BUG FIXES:

• On May 16th 2023, HCP introduced multi-project support to the platform.
  In order to use multiple projects in your organization, you will need to update Packer
  to version 1.9.1 or above. Starting with 1.9.1, you may specify a project ID to push
  builds to with the HCP_PROJECT_ID environment variable. If no project ID is specified,
  Packer will pick the project with the oldest creation date. Older versions of Packer are
  incompatible with multi-project support on HCP, and builds will fail for HCP
  organizations with multiple projects on versions before 1.9.1.
  GH-12453

v1.9.0

Compare Source

1.9.0 (May 31, 2023)

NOTES:

• Breaking Change: Iteration fingerprints used to be computed from the Git SHA of the
  repository where the template is located when running packer build. This
  changes with this release, and now fingerprints are automatically generated
  as a ULID. This implies that continuing an existing iteration will require
  users to define the fingerprint in the environment manually in order to
  adopt this behaviour, otherwise, by default, a new iteration will be
  created. This does not impact workflows where the fingerprint was defined
  through the HCP_PACKER_ITERATION_FINGERPRINT environment variable, and
  these builds will work exactly as they did before.
  GH-12172

• Breaking Change: Community-maintained plugins bundled with the Packer binary have been removed.
  These external plugin components are released independently of Packer core and can be installed
  directly by the user. Users relying on the external plugin components listed below should refer
  to the packer plugins sub-command and, if using HCL2, a required_plugins block to define a
  list of plugins for building a template.

PLUGINS

• Remove provisioner plugins for Chef, Converge, Puppet, Salt, and Inspec as
  vendored plugins. These plugins have been previously archived and not
  updated in release since being archived. These plugins can be installed
  using packer init or with the Packer plugins sub-command packer plugins install github.com/hashicorp/chef.
  GH-12374

• The following community plugins won't be bundled with Packer anymore:

  • Alicloud
  • CloudStack
  • HCloud
  • HyperOne
  • Hyper-V
  • JDCloud
  • LXC
  • LXD
  • NCloud
  • OpenStack
  • Proxmox
  • TencentCloud
  • Triton
  • Yandex

  GH-12436

Users relying on these external plugin components should refer to the packer plugins sub-command and,
if using HCL2, a required_plugins block to define a list of plugins to use for building a template.

IMPROVEMENTS:

• core/hcp: Now, fingerprints used by HCP Packer are randomly generated ULIDs
  instead of a Git SHA, and a new one is always generated, unless one is
  specified in the environment.
  GH-12172

BUG FIXES:

• Fix LDFLAGS for release pipelines: Between Packer 1.8.5 and Packer 1.8.7, changes
  to the LDFLAGS in use for building the binaries for Packer had mistakenly
  removed some compilation flags, leading to the final binaries not being stripped.
  This change raised the size of the built binaries by as much as 45%.
  In this release, we fixed the LDFLAGS during compilation, yielding leaner binaries.

• Bumped gopsutil to v3. This fixes a macOS intermittent crash reported by the community
  GH-12430

v1.8.7

Compare Source

1.8.7 (May 4, 2023)

Warning
The version/version.go file tagged in this release refers to 1.8.6. If you are building Packer from source
please make sure to set the version information using ldflags at build time.

LD_FLAGS="-X github.com/hashicorp/packer/version.Version=1.8.7 -X github.com/hashicorp/packer/version.VersionPrerelease="
go build -o "$BIN_PATH"  --ldflags=$LD_FLAGS

NOTES:

• Vendored plugins within Packer have not been updated. Plugin releases occur on
  a regular basis to address issues and feature requests. Users are encouraged
  to use packer init for HCL2 templates or packer plugins install with
  legacy JSON templates for installing external plugins.

• packer-plugin-digitalocean: The Digital Ocean Packer plugin has been handed
  over to the Digital Ocean team. New releases for this plugin are available
  at https://github.com/digitalocean/packer-plugin-digitalocean.
  required_plugins {
  digitalocean = {
  source = "github.com/digitalocean/digitalocean"
  version = ">=1.1.1"
  }
  }

• packer-plugin-linode: The Linode plugin has been handed over to the Linode
  team. New releases for this plugin are available at
  https://github.com/linode/packer-plugin-linode. This plugin is is no longer
  being bundled in the Packer binary release. Existing references to the
  plugin will continue to work but users are advised to update the
  required_plugins block to use the new plugin source address.
  GH-12329
  required_plugins {
  linode = {
  source = "github.com/linode/linode"
  version = ">=1.0.5"
  }
  }

• packer-plugin-ucloud: The UCloud plugin has been handed over to the UCloud
  team. New releases for this plugin are available at
  https://github.com/ucloud/packer-plugin-ucloud. This plugin is is no longer
  being bundled in the Packer binary release. Existing references to the
  plugin will continue to work but users are advised to update the
  required_plugins block to use the new plugin source address.
  GH-12335
  required_plugins {
  ucloud = {
  source = "github.com/ucloud/ucloud"
  version = ">=1.0.8"
  }
  }

• packer-plugin-profitbricks: The Profitbricks plugin has been removed as a
  bundled plugin in Packer. New releases for this plugin are available at
  https://github.com/hashicorp/packer-plugin-profitbricks. This plugin is is
  no longer being bundled in the Packer binary release. Existing references
  to the plugin will continue to work but users are advised to update the
  required_plugins block to use the new plugin source address.
  GH-12385
  required_plugins {
  ucloud = {
  source = "github.com/hashicorp/profitbricks"
  version = ">=1.0.2"
  }
  }

PLUGINS

• core: Migrate external Linode plugin to linode/packer-plugin-linode.
  GH-12329
• core: Migrate external UCloud plugin to ucloud/packer-plugin-ucloud.
  GH-12335
• core: Remove external plugin for Digital Ocean as a vendored plugin.
  GH-12376
• core: Remove external plugins for Profitbricks and 1&1 as vendored plugins.
  GH-12385
• docs: Add HCP Ready label to Oracle builder components.
  GH-12217

IMPROVEMENTS

• cmd/console: Add config-type flag to command help.
  GH-12360
• core: Add enhanced support to Packer telemetry for HCL2.
  GH-12319
• Enhance zsh completion for the Packer command.
  GH-12356,
  GH-12366

BUG FIXES

• cmd/hcl2_upgrade: Fix a crash when running the hcl2_upgrade command against a
  legacy JSON template containing user variables with an undefined variables
  block. GH-12257
• core: Bump github.com/hashicorp/hcp-sdk-go to 0.36.0.
  GH-12292
• core: Bump github.com/hashicorp/packer-plugin-sdk to 0.4.0 to address
  CVE-2023-0475, CVE-2022-41723.
  GH-12306
• core: Bump Go module version to 1.20
  GH-12380
• core: Fix regression introduced in 1.8.6, where legacy JSON templates with
  custom builder names are outputted to STDOUT as uninterpolated user
  variables. GH-12290

v1.8.6

Compare Source

1.8.6 (February 15, 2023)

NOTES:

• core: Users will see some changes in how names are displayed during a Packer
  build for JSON templates. Previously only the builder type or the builder
  name, if it was set, would be displayed. Now for named builders
  ("name":"mybuilder") the builder's type and name will be displayed (i.e
  ".mybuilder". This does not impact the behavior of options such as
  only or except, they will continue to work as they did before.)

IMPROVEMENTS:

• Bump bundled plugins to latest available version.
  GH-12271
• bump github.com/hashicorp/hcp-sdk-go from 0.28.0 to 0.29.0
  GH-12163
• Bump github.com/hashicorp/hcp-sdk-go from 0.33.0 to 0.34.0
  GH-12262
• core/hcl2: Packer will no longer warn on excluded post-processors when using
  -only/exlude filters for running select builds.
  GH-12187

BUG FIXES:

• cmd/hcl2_upgrade: Fix crash when variables block is undefined.
  GH-12250
• core/hcl2: Templates with build blocks referencing an unknown source block
  would display an empty string for the template filename at line 0, which
  made it difficult to identify the broken build block. Packer has been
  updated to display the proper filename and line number where the unknown
  reference resides.
  GH-12167
• core: Linux packages now have vendor label and set the default label to
  HashiCorp. This fix is implemented for any future releases, but will not be
  updated for historical releases.

v1.8.5

Compare Source

1.8.5 (December 12, 2022)

NOTES:

• data/packer-image-iteration has been removed. This was an undocumented and
  unusable data source that was built for experimentation but not released. It
  should not affect users in any way but is being mentioned for visibility
  purposes.
  GH-12111

FEATURES:

• core: Metadata for capturing template types such as JSON or HCL2 has been added to the
  HCP Packer registry metadata. Upon running a packer build the type of
  template used during execution will be sent along to the registry as
  additional build metadata.GH-12132

PLUGINS:

The following external plugins have been updated and pinned to address open
issues. Please see their respective changelogs for details on plugin
specific bug fixes and improvements.

• alicloud@v1.0.5 - CHANGELOG
• amazon@v1.1.6 - CHANGELOG
• proxmox@v1.1.0 - CHANGELOG
• vsphere@v1.1.1 - CHANGELOG
• qemu@v1.0.8 - CHANGELOG

IMPROVEMENTS:

• cmd/hcl2_upgrade: Generate variable block for all referenced user input
  variables. GH-12136
• cmd/validate: Add support for the -evaluate-datasources flag to evaluate
  the data sources from a template during validation time.
  GH-12106
  GH-12152
• core/hcl2: Variable definition files containing undeclared variables within
  an HCL2 template will no longer warn during build execution. Warnings will
  be displayed to a user during template validation, which can be disabled by
  passing the -no-warn-undeclared-var flag to the validate command.
  GH-12104
  GH-12109
• core: Docker images have been updated to include the xorriso package for
  supporting the creation of ISO files.GH-12081
• core: Split HCP Packer publishing components into a separate internal-only
  module. GH-11
  GH-12116

BUG FIXES:

• cmd/init: The init command will try to fallback to the next available version
  for a plugin, if the most recent version is not available or has a missing
  checksum file. This should prevent Packer from trying to install versions
  that have a GitHub tag but no actual assets.
  GH-12103
• cmd/plugins: The plugins install sub-command will try to fallback to the
  next available version for a plugin, if the most recent version is not
  available or has a missing checksum file. This should prevent Packer from
  trying to install versions that have a GitHub tag but no actual assets.
  GH-12103
• core: Bump Go version to 1.18.9 to address vulnerability GO-2022-1144, which
  concerns the net/http and golang.org/x/net
  packages.GH-12153
  GH-12158
• core: Fix the registration of deleted input artifacts in HCP Packer when
  setting keep_input_artifacts to
  false.GH-11462
• core: Using different template types when building a HCP Packer
  image iteration will now trigger a runtime build error due to the
  mixing of template types.
  GH-12132

v1.8.4

Compare Source

1.8.4 (October 28 2022)

NOTES:

• Packer user documentation has been moved to the new HashiCorp developer
  documentation portal. The main Packer site (https://www.packer.io) will
  continue to be the home for Packer but all requests for general
  documentation and binary downloads will be redirected to
  https://developer.hashicorp.com/packer. Users are encouraged to visit the
  developer documentation portal for access to all Packer related
  documentation; including integrations with HCP Packer.

• The Oracle builder and post-processor are no longer vendored with Packer
  core. Users of the Oracle plugin should use packer init to install the
  latest version of the plugin. See the Oracle Plugin
  Documentation for more
  information. GH-11983

• HCP Packer environment variables: The behaviour of some HCP Packer-specific
  environment variables has changed slightly. Refer to HCP Packer
  in the Packer documentation for a full list of HCP Packer environment variables. GH-12059

  • For JSON templates, the HCP_PACKER_REGISTRY environment variable was
    previously required to enable the HCP Packer integration. In this release,
    the environment variable is now optional, and can be used for disabling the
    publishing of metadata for any HCP Packer enabled configuration template.
  • For HCL2 templates, the HCP_PACKER_REGISTRY environment variable can be used
    to disable publishing to a HCP Packer registry even if the template defines a
    hcp_packer_registry block. This can be useful for testing that a template
    works as intended prior to pushing metadata to HCP Packer.
  • The HCP_PACKER_BUCKET_NAME environment variable is now the only
    requirement to push metadata to a HCP Packer registry, in both JSON
    and HCL2 templates without a hcp_packer_registry block.

FEATURES:

• provisioner/powershell: Add use_pwsh configuration argument to support pwsh
  in powershell provisioner. GH-11950

PLUGINS:

• builder/oracle: Remove Oracle plugin from the list of vendored
  plugins. GH-11983

IMPROVEMENTS:

• command/hcl2_upgrade: Has been updated to persist all possible template
  engine options that were supported by the legacy JSON templates. While the
  upgrade command copies the template engine options as is support for the
  template options may not actually work with HCL2 templates; indicated by an
  error similar to fieldname type <no value> is invalid. Before executing a
  build with the upgraded template you are encouraged to run packer validate
  against the template and fix any invalid <no value> references.
  GH-12068
• core/hcl2: Packer will now report an error when executing a build with no
  sources selected for execution.
  GH-12016
• core/hcp: Configuration errors for HCP Packer enabled builds have been
  consolidated into a single report to help users address all potential
  issues before retrying their build.
  GH-12031
• core/hcp: Named builds within a legacy JSON template are now published to a
  HCP Packer registry using its full build name (e.g happycloud.windows-srv-2019),
  as opposed to just the build name field (e.g "name"="windows-srv-2019").
  Builders with no defined name will continue to publish build
  metadate using the builder type as the build name (e.g happycloud).
  GH-12059
• core:hcl2: When a variable is set in a variables definitions file (i.e
  *.pkrvars.hcl), but isn't defined with the template files (i.e
  *.pkr.hcl), the outputted error message will now include an example of
  variable block that can be added to the build template to remedy the issue.
  GH-12020
• core: Add ppc64le to binary releases for Linux.
  GH-11966
• core: Bump github.com/hashicorp/packer-plugin-sdk from 0.3.1 to 0.3.2.
  GH-11981
• core: Bump supported Go version to 1.18.
  GH-11927

BUG FIXES:

• command/hcl2_upgrade: special case: Azure shared_image_gallery fix.
  GH-12087
• core: Bump golang.org/x/sys to address CVE-2022-29526.
  GH-11953
• core: Bump golang.org/x/text to v0.3.8.
  GH-12047
• core: Update dependency to resolve GO-2022-0969.
  GH-12009

v1.8.3

Compare Source

1.8.3 (August 2, 2022)

NOTES:

• There's been a change in the way the ssh_timeout and the
  ssh_handshake_attempts configuration arguments work together. The
  behaviour is unchanged if both or none are specified. However, if only one
  of the two is set the other won't have a default value anymore and will be
  ignored. See Packer Plugin SDK change for details

• packer-plugin-digitalocean: The Digital Ocean Packer plugin has been handed over
  to the Digital Ocean team. New releases for this plugin are available at
  https://github.com/digitalocean/packer-plugin-digitalocean. This plugin is
  still being bundled in the Packer binary but will be removed in a future
  release. Existing references to the plugin will continue to work but
  users are advised to update the required_plugins block to use the new
  plugin source address.
  GH-11912

required_plugins {
    digitalocean = {
     source =  "github.com/digitalocean/digitalocean"
     version = ">=1.0.8"
    }
}

• packer-plugin-outscale: The Outscale Packer plugin managed by the Outscale
  team, since Packer 1.7.9, has been removed from the Packer binary. Users are
  advised to install the latest version of the plugin by running
  packer plugins install github.com/outscale/outscale. GH-11912

• packer-plugin-outscale: The Scaleway Packer plugin managed by the Scaleway
  team, since Packer 1.7.7, has been removed from the Packer binary. Users are
  advised to install the latest version of the plugin by running
  packer plugins install github.com/scaleway/scaleway. GH-11912

FEATURES:

• Future Scaffolding: This release contains additional changes that allow
  Packer core to validate that a newly built image is a direct child of a HCP
  Packer registry source image. This feature is only available for HCP Packer
  enabled builds using the hcp_packer_image and hcp_packer_iteration data
  source for setting a builder's source image.
  GH-11861

PLUGINS:

The following external plugins have been updated and pinned to address open
issues. Please see their respective changelogs for details on plugin
specific bug fixes and improvements.

• amazon@v1.1.2 - CHANGELOG
• ansible@v1.0.3 - CHANGELOG
• azure@v1.3.0 - CHANGELOG
• docker@v1.0.7 - CHANGELOG
• googlecompute@v1.0.14 - CHANGELOG
• lxc@v1.0.2 - CHANGELOG
• triton@v1.0.2 - CHANGELOG
• vsphere@v1.0.7 - CHANGELOG
• yandex@v1.1.2 - CHANGELOG

IMPROVEMENTS:

• Bump packer-plugin-sdk to v0.3.1 to fix inconsistencies between ssh_timeout
  and ssh_handshake_attempts configuration arguments in the SSH
  communicator. GH-11909
• core: During long running builds the HCP Packer registry will mark a build as
  timed out if it has not posted an update after a certain number of minutes. For HCP
  Packer enabled builds a status update will now be sent every 2 minutes to
  the registry to prevent long builds from being marked as timed
  out. GH-11846
• data/hcp_packer_image: Add component_type configuration argument to
  support specifying an exact build image when multiple images exist in the
  same provider and region for a given HCP Packer bucket iteration.
  GH-11872
• data/hcp_packer_image: Add support for channel as input argument to
  retrieve an image from the associated iteration. If
  using several images from a single iteration, you may prefer sourcing an
  iteration first, and referencing it for subsequent uses, as every
  hcp_packer_image with the channel set will generate a potentially
  billable HCP Packer request, but if several hcp_packer_images use a
  shared hcp_packer_iteration that will only generate one potentially
  billable request.
  GH-11865

BUG FIXES

• core/hcl2: Fix crash when parsing malformed provisioner override blocks.
  GH-11881
• core/hcl2: Fix crash when running packer validate on templates containing
  one or more HCP Packer data sources.
  GH-11883

v1.8.2

Compare Source

1.8.2 (June 21, 2022)

NOTES:

The Packer plugin SDK includes the latest version of the go-getter library, which has been updated to address the vulnerabilities listed in HCSEC-2022-13.

The updated SDK contains changes that can be breaking for some plugins as the updated go-getter settings in the SDK prevent reading/writing through symlinks and to sub-directories that require upward path traversal (e.g /tmp/.../etc/hosts). The updates also includes a 30 minute maximum timeout for file downloading, which can be an issue for very large or slow downloads if they exceed more than 30 minutes to complete.

SECURITY:

• Bump packer-plugin-sdk to v0.3.0 to address reported vulnerabilities within
  the go-getter library.
  GH-11843
• Bump plugins relying on go-getter for downloading remote files to address
  reported vulnerabilities within the go-getter library. See HCSEC-2022-13 for details.
  GH-11844

FEATURES:

• Future Scaffolding: This release contains changes that allow Packer core to
  validate that a newly built image is a direct child of a HCP Packer
  registry source image. This feature is only available for HCP Packer
  enabled builds using the hcp_packer_image data source for setting a
  builder's source image.
  GH-11832

PLUGINS:

External plugins have been pinned to the following versions. Please see their
respective changelogs for details on plugin specific bug fixes and
improvements.

• azure@v1.1.0 - CHANGELOG
• hyperv@v1.0.4 - CHANGELOG
• parallels@v1.0.3 - CHANGELOG
• proxmox@v1.0.8 - CHANGELOG
• qemu@v1.0.5 - CHANGELOG
• vagrant@v1.0.3 - CHANGELOG
• virtualbox@v1.0.4 - CHANGELOG
• vmware@v1.0.7 - CHANGELOG
• vsphere@v1.0.5 - CHANGELOG

IMPROVEMENTS:

• Add pause_after configuration argument to Powershell provisioner.
  GH-11792
• HCP Packer data sources will now fail for revoked iterations to prevent building non-compliant images.
  GH-11854

BUG FIXES:

• Add missing support for the env configuration argument in remote shell
  provisioners. GH-11819
• The preinst and postrm user scripts, including the service configuration
  directives, have been removed from the Pa

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.