-
Notifications
You must be signed in to change notification settings - Fork 63
/
NEWS
153 lines (138 loc) · 6.18 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
22.02.1
=======
* Minor fixes and updates to run on CLE 6.X
21.03.1
=======
* Update from Python 2 to Python 3 in the Gateway
* Convert from Flask to Sanic in the Gateway
* Bug fix to catch Umoci failures
* Update to Dockerfile to include tools to support use_external mode
18.03.5
========
* Add support for external mode (see docs/skopeo.rst)
18.03.4
========
* Bug fix to match pending status between the gateway and CLI
* Bug fix to pick up the threads settings for the image gateway
18.03.3
========
* Bug fix for JSON header type
18.03.2
========
* Bug fix for importing images
* Bug fix for error handling of job data loading
* Support for SLES15
18.03.1
========
* Add support for clearing the external environment
* Add support for user specifying environment variables on command line
* Add support for user specifying environment variables via a file
* Fix entrypoint bug to not require an argument if the image specifies an entrypoint
* Fix workdir bug to only use the image workdir when the --workdir option is specified
* Fix user/group acl parsing bug and improve error handling
* Fix bug in environment variable matching
* Add SHIFTER_IMAGEREQUEST and SHIFTER_IMAGE environment variables in the shifter environment to show the requested image tag and resolved id
18.03.0
=========
* Support for Private Repos and user supplied ACLs on private images
* Improved handling of entrypoint, command, and working directory to be more
compliant with docker.
* Shifter module support to allow user-selectable, site-definable content to
modify container setup.
* Basic metrics on image usage (number of lookups)
* Add direct image import capability for privileged users
* API to view the current work queue and status
* Minor fixes for RPM builds
* Improved image unpacking for some edge cases
* Dropped celery dependency to simplify installation
* Updated support for Slurm 17.11
* Reduced help output in most error conditions (it was rather verbose)
* Memory management improvements
* Remove kernel module loading support
* Remove support for all base filesystems except squashfs
* Dropped support for systems with legacy pt_chown pty allocation (i.e., sshd can only run as user now)
* Other bug fixes
16.08.5
==========
* Update slurm integration for slurm 17.11 spank modifications
* Update slurm integration to update for Slurm CVE-2017-15566
* Properly exit in slurm integration when dlopen() for libslurm.so fails
16.08.3
==========
* Perform volume mount realpath() and lstat() verification with user privileges,
to ensure user has access to content at container construction time
* Add shifter_realpath() to calculate user volume mount paths relative to
alternate root (accounts for symlinks that might inadvertently (or
intentionally) try to pull user volume mounts out of the container.
* Fix buffer overrun in volume map flag parsing code
* Clean up clang & coverity-found issues
* Improve error handling in shifter core logic
* Improve shifter imagegw logging
* Address pylint-found errors (a few minor bugs)
16.08.2
===========
* Fix slurm tests (was missing some build options) and clear up some warnings
* Fix errant xfs dependency in tests
* Force user-level sshd to get group identities from external environment
* Add additional checks to ensure bind mounts stay within approved paths and
validate that mount points are directories better
16.08.1
===========
* Fixed bug in user volume mount flag parsing that could segfault
* Fixed bug that could cause group file filtration to assign incorrect gid,
potentially security issue if sshd_config was modified away from shifter
defaults
* Fixed bug that caused PATH to be searched incorrectly
* Fixed issue with user volume mounts able to traverse relative paths
inappropriately
* Fixed bug that confused SHIFTER_VOLUME environment variable with shifter
command line arguments
* Performance and functionality improvements in docker image conversion
* Add support for unicode filenames in images
* Support for Docker and/or unionfs whiteouts to allows files to be deleted
in ancestral layers
* Erase possibility of download collisions in image worker
* Refactored SLURM plugin to better organize and abstract SLURM api
* Fully support SLURM extern step for shifter sshd
* Add imagegw heartbeating capability to increase robustness of image pulls
* Add image expiration capability to allow images age out or be
administratively removed
* Allow sshd to be explicitly enabled in SLURM integration
* Allow ccm-emulation-mode to be explicity enabled in SLURM integration
* Make perNodeCache pre-unlink cache files to create no mess for administrator
to clean up
* Only allow shifter to automatically create mount points on its tmpfs/ramfs
* Enable docker-type images to implicitly assume "latest" if no tag is
specified by user
* Ensure failed image pulls are fully cleaned up
* Check if the current image version is installed on the platform before pulling
* Remove old debugging functionality
* Allow /etc required files to re-try copy (fixes dvs copy issue)
* Require admin capability to autoexpire
* By default run sshd as user, add udiRoot.conf option to run with privilege
* Restrict capabilities that processes run within shifter can obtain (including
via non-root sshd)
* Fix bug in VolumeMap flag parsing
16.04.0
===========
+ Modified repo layout to push udiRoot to top-level
+ Added RPM spec file for RHEL- and SLES-based systems
+ Added writable perNodeCache capability
+ Enabled BB support
15.12.1
===========
+ Fixed bug preventing autoshift/ccm in slurm/udiRoot integration from
chdir'ing to permission restricted paths on root-squashed filesystems
+ Fixed bug on some systems where the udiRoot would get recursively mounted in
the odd situation that the udiMount point overlapped the VFS being mounted
+ Corrected udiRoot testsuite to run in automated test framework
15.12.0
===========
+ Integrate external deps (util-linux/mount, openssh, libressl) into automake
build
+ Create /var/empty earlier in case an image already provides it (need it no
matter what)
+ Renamed ImageGwConnect to shifterimg
+ Updated ImageGwConnect helper application to work with changes to imagegw
output and allow user to specify image type. Add image listing support.
+ Created iniital README