umoci 0.3.0
umoci
now passes all of the requirements for the CII best practices
bading program. openSUSE/umoci#134umoci
also now has more extensive architecture, quick-start and
roadmap documentation. openSUSE/umoci#134umoci
now supports1.0.0
of the OCI image
specification and1.0.0
of the OCI runtime
specification, which are the first milestone release.
Note that there are still some remaining UX issues with--image
and
other parts ofumoci
which may be subject to change in future
versions. In particular, this update of the specification now means
that images may have ambiguous tags.umoci
will warn you if an
operation may have an ambiguous result, but we plan to improve this
functionality far more in the future. openSUSE/umoci#133
openSUSE/umoci#142umoci
also now supports more complicated descriptor walk structures,
and also handles mutation of such structures more sanely. At the
moment, this functionality has not been used "in the wild" andumoci
doesn't have the UX to create such structures (yet) but these will be
implemented in future versions. openSUSE/umoci#145umoci repack
now supports--mask-path
to ignore changes in the
rootfs that are in a child of at least one of the provided masks when
generating new layers. openSUSE/umoci#127
- Error messages from
github.com/openSUSE/umoci/oci/cas/drivers/dir
actually make sense now. openSUSE/umoci#121 umoci unpack
now generatesconfig.json
blobs according to the
still proposed OCI image specification conversion
document. openSUSE/umoci#120umoci repack
also now automatically addingConfig.Volumes
from the
image configuration to the set of masked paths. This matches recently
added recommendations by the spec, but is a
backwards-incompatible change because the new default is that
Config.Volumes
will be masked. If you wish to retain the old
semantics, use--no-mask-volumes
(though make sure to be aware of
the reasoning behindConfig.Volume
masking). openSUSE/umoci#127umoci
now usesSecureJoin
rather than a patched
version ofFollowSymlinkInScope
. The two implementations are roughly
equivalent, butSecureJoin
has a nicer API and is maintained as a
separate project. openSUSE/umoci#148- Switched to using
golang.org/x/sys/unix
oversyscall
where
possible, which makes the codebase significantly cleaner.
openSUSE/umoci#141
Thanks to all of the contributors that made this release possible:
- Aleksa Sarai [email protected]
- Maximilian Meister [email protected]
- Valentin Rothberg [email protected]
Signed-off-by: Aleksa Sarai [email protected]