Skip to content

umoci 0.4.0
Compare
Choose a tag to compare
@cyphar cyphar released this 10 Mar 09:11
v0.4.0
This tag was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 9E18AA267DDB8DB4
Learn about vigilant mode.
a47bc3c
This commit was signed with the committer’s verified signature.
cyphar Aleksa Sarai
GPG key ID: 9E18AA267DDB8DB4
Learn about vigilant mode.
  • umoci repack now supports --refresh-bundle which will update the
    OCI bundle's metadata (mtree and umoci-specific manifests) after packing the
    image tag. This means that the bundle can be used as a base layer for
    future diffs without needing to unpack the image again. openSUSE/umoci#196
  • Added a website, and reworked the documentation to be better structured. You
    can visit the website at umo.ci. openSUSE/umoci#188
  • Added support for the user.rootlesscontainers specification, which allows
    for persistent on-disk emulation of chown(2) inside rootless containers.
    This implementation is interoperable with @AkihiroSuda's PRoot
    fork     (though we do not test its interoperability at the
    moment) as both tools use the same protobuf
    specification    . openSUSE/umoci#227
  • umoci unpack now has support for opaque whiteouts (whiteouts which remove
    all children of a directory in the lower layer), though umoci repack does
    not currently have support for generating them. While this is technically a
    spec requirement, through testing we've never encountered an actual user of
    these whiteouts. openSUSE/umoci#224 openSUSE/umoci#229
  • umoci unpack will now use some rootless tricks inside user namespaces for
    operations that are known to fail (such as mknod(2)) while other operations
    will be carried out as normal (such as lchown(2)). It should be noted that
    the /proc/self/uid_map checking we do can be tricked into not detecting
    user namespaces, but you would need to be trying to break it on purpose.
    openSUSE/umoci#171 openSUSE/umoci#230
  • Fix a bug in our "parent directory restore" code, which is responsible for
    ensuring that the mtime and other similar properties of a directory are not
    modified by extraction inside said directory. The bug would manifest as
    xattrs not being restored properly in certain edge-cases (which we
    incidentally hit in a test-case). openSUSE/umoci#161 openSUSE/umoci#162
  • umoci unpack will now "clean up" the bundle generated if an error occurs
    during unpacking. Previously this didn't happen, which made cleaning up the
    responsibility of the caller (which was quite difficult if you were
    unprivileged). This is a breaking change, but is in the error path so it's
    not critical. openSUSE/umoci#174 openSUSE/umoci#187
  • umoci gc now will no longer remove unknown files and directories that
    aren't flock(2)ed, thus ensuring that any possible OCI image-spec
    extensions or other users of an image being operated on will no longer
    break. openSUSE/umoci#198
  • umoci unpack --rootless will now correctly handle regular file unpacking
    when overwriting a file that umoci doesn't have write access to. In
    addition, the semantics of pre-existing hardlinks to a clobbered file are
    clarified (the hard-links will not refer to the new layer's inode).
    openSUSE/umoci#222 openSUSE/umoci#223

Thanks to all of the contributors that made this release possible:

Signed-off-by: Aleksa Sarai [email protected]

Assets 7
Loading