umoci 0.2.1

• hack/release.sh automates the process of generating all of the published
  artefacts for releases. The new script also generates signed source code
  archives. openSUSE/umoci#116
• umoci now outputs configurations that are compliant with v1.0.0-rc5 of
  the OCI runtime-spec. This means that now you can use runc
  v1.0.0-rc3 with umoci (and rootless containers should work out of the box
  if you use a development build of runc). openSUSE/umoci#114
• umoci unpack no longer adds a dummy linux.seccomp entry, and instead just
  sets it to null. openSUSE/umoci#114

Signed-off-by: Aleksa Sarai asarai@suse.de

umoci 0.2.0

• umoci now has some automated scripts for generated RPMs that are used in
  openSUSE to automatically submit packages to OBS. openSUSE/umoci#101
• --clear=config.{cmd,entrypoint} is now supported. While this interface is a
  bit weird (cmd and entrypoint aren't treated atomically) this makes the
  UX more consistent while we come up with a better cmd and entrypoint UX.
  openSUSE/umoci#107
• New subcommand: umoci raw runtime-config. It generates the runtime-spec
  config.json for a particular image without also unpacking the root
  filesystem, allowing for users of umoci that are regularly parsing
  config.json without caring about the root filesystem to be more efficient.
  However, a downside of this approach is that some image-spec fields
  (Config.User) require a root filesystem in order to make sense, which is
  why this command is hidden under the umoci-raw(1) subcommand (to make sure
  only users that understand what they're doing use it). openSUSE/umoci#110
• umoci's oci/cas and oci/config libraries have been massively refactored
  and rewritten, to allow for third-parties to use the OCI libraries. The plan
  is for these to eventually become part of an OCI project. openSUSE/umoci#90
• The oci/cas interface has been modifed to switch from *ispec.Descriptor
  to ispec.Descriptor. This is a breaking, but fairly insignificant, change.
  openSUSE/umoci#89
• umoci now uses an updated version of go-mtree, which has a complete
  rewrite of Vis and Unvis. The rewrite ensures that unicode handling is
  handled in a far more consistent and sane way. openSUSE/umoci#88
• umoci used to set process.user.additionalGids to the "normal value" when
  unpacking an image in rootless mode, causing issues when trying to actually
  run said bundle with runC. openSUSE/umoci#109

Thanks to all of the contributors that helped make this release happen:

• Aleksa Sarai asarai@suse.de
• Erik Hollensbe github@hollensbe.org
• Vincent Batts vbatts@hashbangbash.com
• Maximilian Meister mmeister@suse.de
• Antonio Murdaca runcom@redhat.com

Signed-off-by: Aleksa Sarai asarai@suse.de

umoci 0.1.0

• CHANGELOG.md has now been added. openSUSE/umoci#76
• umoci now supports v1.0.0-rc4 images, which has made fairly minimal
  changes to the schema (mainly related to mediaTypes). While this change
  is backwards compatible (several fields were removed from the schema, but
  the specification allows for "additional fields"), tools using older versions
  of the specification may fail to operate on newer OCI images. There was no UX
  change associated with this update.
• umoci tag would fail to clobber existing tags, which was in contrast to how
  the rest of the tag clobbering commands operated. This has been fixed and is
  now consistent with the other commands. openSUSE/umoci#78
• umoci repack now can correctly handle unicode-encoded filenames, allowing
  the creation of containers that have oddly named files. This required fixes
  to go-mtree (where the issue was). openSUSE/umoci#80

Signed-off-by: Aleksa Sarai asarai@suse.de

umoci 0.0.0

This is the first beta release of umoci, and it includes very few
changes from v0.0.0-rc3. However, at this point the UX is effectively
stable and umoci is properly tested. The (small) list of changes in this
release from -rc3 is:

• Static compilation now works properly. openSUSE/umoci#64
• 32-bit builds have been fixed, and now umoci works on 32-bit
  architectures. openSUSE/umoci#70
• The unit tests can now be run inside the %check section of an rpmbuild
  script, allowing for proper testing of packages when they are built on
  openSUSE (and Fedora). openSUSE/umoci#65
• Unit tests have been massively expanded, as have the integration
  tests. In addition, full coverage profiles (both unit and integration)
  are generated to fully understand how much of the code is properly
  tested. Currently it is at ~80%. openSUSE/umoci#68 openSUSE/umoci#69
• The logging output has been cleaned up to be much better for end-users
  to read. It's also a lot less chatty now. openSUSE/umoci#73
• This project has now been moved to become an openSUSE project.
  openSUSE/umoci#75

Signed-off-by: Aleksa Sarai asarai@suse.de

umoci 0.0.0~rc3

umoci has now gone a large amount of cleanup, and included the addition
of a few previously missing features. The main thing blocking a full
release is that manifest lists are still unsupported, and there are some
upstream PRs that define some of umoci's operations that need to be
merged before umoci can be considered a compliant implementation. In
addition, the logging library needs to be swapped (and the amount of
output reduced).

Here's a short list of features added:

• xattr support for both packing and unpacking was added, in particular
  this code also handles the issue of security.selinux. More policy
  decisions need to be added, but those are being discussed upstream.
  cyphar/umoci#52 cyphar/umoci#49
• Ensure that environment variables have no duplicates. This ensures
  that umoci won't duplicate environment variables in either Config.Env
  or the extracted process.env. cyphar/umoci#30
• Add support for read-only CAS operations with a read-only filesystem.
  Previously, attempting to open an OCI image on a read-only filesystem
  would fail miserably, now you can do read-only operations without
  issue. cyphar/umoci#47
• Garbage collection now also garbage collects old tmpdirs, and other
  garbage from inside an image layout. cyphar/umoci#17
• Output a helpful comment about --rootless if you're getting EPERMs.
• Enable stack traces from an error if the --debug flag was applied to
  umoci. This is a feature that hopefully will be added to pkg/errors
  upstream.
• Cleanups to vendoring of go-mtree so that it's much more
  upstream-friendly.

Signed-off-by: Aleksa Sarai asarai@suse.com

umoci 0.0.0~rc2

umoci now has a stable UX, as well as proper documentation for the UX in
the form of generated man pages. Here's the full list of cool features:

• umoci v0.0.0-rc2 has support for rootless unpacking and repacking!
  cyphar/umoci#26
• It also has support for regular UID and GID mapping! cyphar/umoci#26
• Symlinks and other similarly tricky unpacking problems have been
  resolved. All symlink path components are resolved inside the root
  filesystem of the container during unpacking. cyphar/umoci#27
• Tag modification commands (such as umoci-tag(1), umoci-rm(1),
  umoci-ls(1)) have been implemented. cyphar/umoci#6 cyphar/umoci#40
• umoci-stat(1) has been implemented. Currently it only outputs history
  information, but this will change in the future. It has stable JSON
  output. cyphar/umoci#38
• umoci-init(1) and umoci-new(1) have been implemented, allowing for the
  creation of entirely new images from scratch. cyphar/umoci#5
  cyphar/umoci#42
• umoci-repack(1) and umoci-config(1) now automatically generate history
  entries (since the history is actually used by tooling like skopeo). In
  addition, the history mutation from umoci-config(1) has been removed
  because it was just unsafe. In order for users to be able to configure
  history entries' values, --history.* flags have been introduced.
  cyphar/umoci#
• umoci-unpack(1) now saves all of the important argument metadata
  provided to it inside the generated bundle. These saved arguments are
  loaded by umoci-repack(1) to make the workflow much more sane.
• --image and --from arguments have been combined into skopeo-style
  [:] arguments to --image. cyphar/umoci#39
• Errors encountered during generation of a delta layer now are
  correctly propagated. cyphar/umoci#33
• Hardlinks are now correctly unpacked as bone-fide hardlinks.
  cyphar/umoci#25
• Support for unpacking and configuring annotations (which is a
  v1.0.0-rc3 feature of the OCI image specification). There's still some
  work to be done upstream in making the unpacking procedure specified
  but this is as good as you're going to get for a while.
  cyphar/umoci#43
• umoci has full integration and unit testing. cyphar/umoci#12
• umoci now has validation integration tests to ensure that at every
  stage of a test we could stop and still have a completely valid OCI
  image and that every extracted bundle is a valid OCI runtime bundle.

This code is still being reworked (though much more slowly than before).
Hold off on using it anywhere until we hit the proper 0.0.0 release!

Signed-off-by: Aleksa Sarai asarai@suse.com

umoci 0.0.0~rc1

At this point, umoci implements enough functionality to be able to
extract, repack and modify OCI images. It is still missing major
functionality (such as the ability to create an entirely new image or
just create tags for images), but should be enough for a demo.

Please don't use this anywhere important. There are known security
issues with this release (which will be fixed before 0.0.0).

Signed-off-by: Aleksa Sarai asarai@suse.com