umoci 0.3.1
-
Fix several minor bugs in
hack/release.sh
that caused the release artefacts
to not match the intended style, as well as making it more generic so other
projects can use it. openSUSE/umoci#155 openSUSE/umoci#163 -
A recent configuration issue caused
go vet
andgo lint
to not run as part
of our CI jobs. This means that some of the information submitted as part of
CII best practices badging was not accurate. This has been corrected,
and after review we concluded that only stylistic issues were discovered by
static analysis. openSUSE/umoci#158 -
32-bit unit test builds were broken in a refactor in [0.3.0]. This has been
fixed, and we've added tests to our CI to ensure that something like this
won't go unnoticed in the future. openSUSE/umoci#157 -
umoci unpack
would not correctly preserve set{uid,gid} bits. While this
would not cause issues when building an image (as we only create a manifest
of the final extracted rootfs), it would cause issues for other users of
umoci
. openSUSE/umoci#166 openSUSE/umoci#169 -
Updated to v0.4.1 of
go-mtree
, which fixes several minor
bugs with manifest generation. openSUSE/umoci#176 -
umoci unpack
would not handle "weird" tar archive layers previously (it
would error out with DiffID errors). While this wouldn't cause issues for
layers generated using Go'sarchive/tar
implementation, it would cause
issues for GNU gzip and other such tools. openSUSE/umoci#178
openSUSE/umoci#179 -
umoci unpack
's mapping options (--uid-map
and--gid-map
) have had an
interface change, to better match theuser_namespaces(7)
interfaces. Note that this is a breaking change, but the workaround is to
switch to the trivially different (but now more consistent) format.
openSUSE/umoci#167 -
umoci unpack
used to create the bundle and rootfs with world
read-and-execute permissions by default. This could potentially result in an
unsafe rootfs (containing dangerous setuid binaries for instance) being
accessible by an unprivileged user. This has been fixed by always setting the
mode of the bundle to0700
, which requires a user to explicitly work around
this basic protection. This scenario was documented in our security
documentation previously, but has now been fixed. openSUSE/umoci#181
openSUSE/umoci#182
Thanks to all of the contributors that made this release possible:
- Aleksa Sarai asarai@suse.de
- Jonathan Boulle jonathanboulle@gmail.com
- Serge Hallyn serge@hallyn.com
Signed-off-by: Aleksa Sarai asarai@suse.de