Skip to content

umoci 0.3.0
Compare
Choose a tag to compare
@cyphar cyphar released this 20 Jul 16:47
v0.3.0
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 9E18AA267DDB8DB4
Learn about vigilant mode.
264b0ab
This commit was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 9E18AA267DDB8DB4
Learn about vigilant mode.
  • umoci now passes all of the requirements for the CII best practices
    bading program    . openSUSE/umoci#134
  • umoci also now has more extensive architecture, quick-start and
    roadmap documentation. openSUSE/umoci#134
  • umoci now supports 1.0.0 of the OCI image
    specification     and 1.0.0 of the OCI runtime
    specification    , which are the first milestone release.
    Note that there are still some remaining UX issues with --image and
    other parts of umoci which may be subject to change in future
    versions. In particular, this update of the specification now means
    that images may have ambiguous tags. umoci will warn you if an
    operation may have an ambiguous result, but we plan to improve this
    functionality far more in the future. openSUSE/umoci#133
    openSUSE/umoci#142
  • umoci also now supports more complicated descriptor walk structures,
    and also handles mutation of such structures more sanely. At the
    moment, this functionality has not been used "in the wild" and umoci
    doesn't have the UX to create such structures (yet) but these will be
    implemented in future versions. openSUSE/umoci#145
  • umoci repack now supports --mask-path to ignore changes in the
    rootfs that are in a child of at least one of the provided masks when
    generating new layers. openSUSE/umoci#127
  • Error messages from github.com/openSUSE/umoci/oci/cas/drivers/dir
    actually make sense now. openSUSE/umoci#121
  • umoci unpack now generates config.json blobs according to the
    still proposed OCI image specification conversion
    document. openSUSE/umoci#120
  • umoci repack also now automatically adding Config.Volumes from the
    image configuration to the set of masked paths. This matches recently
    added recommendations by the spec, but is a
    backwards-incompatible change because the new default is that
    Config.Volumes will be masked. If you wish to retain the old
    semantics, use --no-mask-volumes (though make sure to be aware of
    the reasoning behind Config.Volume masking). openSUSE/umoci#127
  • umoci now uses SecureJoin rather than a patched
    version of FollowSymlinkInScope. The two implementations are roughly
    equivalent, but SecureJoin has a nicer API and is maintained as a
    separate project. openSUSE/umoci#148
  • Switched to using golang.org/x/sys/unix over syscall where
    possible, which makes the codebase significantly cleaner.
    openSUSE/umoci#141

Thanks to all of the contributors that made this release possible:

Signed-off-by: Aleksa Sarai asarai@suse.de

Assets 7
Loading