Changelog for
rkt-1.28.1-lp151.2.21.x86_64.rpm :
* Tue Aug 08 2017 thippAATTsuse.de- Update to v1.28.1: - This is a minor bugfix release. It does not contain any changes to the rkt code, but it updates dependencies and runtime versions for bugfixes:
* vendor: update go-systemd to v15 (#3759). rkt stopped working when running in a service with systemd v234. This update fixes it.
* scripts: update rkt-builder version to 1.3.0 (#3754). This updates the default Go runtime to 1.8, fixing #3738.
* Mon Jul 31 2017 thippAATTsuse.de- Update to v1.28.0: - This release contains changes to the behavior of rkt run, rkt status, and rkt fly to make them more consistent. Two of them need particular attention:
* rkt status can now omit the pid field when non-existent. Use --wait[-ready] to ensure a pid will be available.
* the default[-restricted] network is not added by default when a custom network is specified with --net. - There are also some improvements on documentation and tests working on arm64. - New features and UX changes:
* stage0/status: fix failure when systemd never runs in stage1 (#3713). This changes the behavior of rkt status when a PID is not available: instead of crashing, it will now omit the pid field. Users that need to read the PID shortly after an invocation of rkt run should now use the --wait[-ready] flag explicitly.
* BREAKING network: do not automatically add default
* networks when custom ones are specified (#3685).
* stage1/fly: preserve environment between run and enter (#3712). Fly run now writes the app env file, and fly enter reads it.
* stage1/fly: make run/enter honour uid/gid/suppGids (#3717). Refactored common functionality out of run. - Bugfixes:
* stage1/init/units: keep journald running while apps are shutting down (#3726). This prevents a race when apps are writing to their stdout/err (and output is being sent to stage1\'s journal) while shutting down. If journald terminates before the apps finish shutting down, their output will be lost.
* tests: get functional tests working on arm64 (#3737). Various arch fixups to get make check with a coreos stage1 working on arm64 machines.
* Fix --user --group on arm64 (#3736). Fixes issue https://github.com/rkt/rkt/issues/3714 (rkt run --user fails on arm64). - Other changes:
* docs: update CLI flags in run.md (#3748). Also added rkt-run options present in rkt 1.27.0 but not present in the run.md markdown. The entries in markdown have been sorted.
* tests/net: skip TestNetCustomBridge on semaphore (#3740). Reference https://github.com/rkt/rkt/issues/3739
* doc: mention external stage1s (#3723). This was discussed on: https://github.com/rkt/rkt/pull/3645#issuecomment-296865635
* rkt/pubkeys: print debug logs on discovery errors (#3705). Thisreorders log-printing and error-returning when pubkeys discovery fails, in order to print useful debugging information on error.
* docs: correct rkt pronunciation (#3674). rkt has an icon of a rocket but previously the official pronunciation was \"rock-it\" which is incompatible with the logo. This change fixes that.
* stage0: fix message formatting errors, stale forward-vars (#3722).
* Thu Jul 06 2017 thippAATTsuse.de- Update to v1.27.0: - This minor release contains bugfixes and other improvements related to the tests and the documentation. - New Features:
* stage1/kvm: add arm64 build (#3690). - Bugfixes:
* stage0: list|status --format=json panics: RuntimeApp.Mounts.AppVolume is optional (#3699). When it is nil, the Volume info at the Pod level (with the same name) should be used. Without this patch rkt list --format=json panics on a nil pointer when Apps reference Volumes from the Pod level.
* imagestore: Fix sql resource leaks (#3682). When using sql queries the rows iterator needs to be closed if the entire query result is not iterated over. Failure to close the iterator results in resource leakage. - Other changes:
* networking: change the default-restricted subnet (#3718). Previously, we were using 172.17/16, which conflicts with the default Docker networking. Change it to 172.31/16.
* scripts/pkg: improved detection of active mounts (#3710). On systems which have /var/lib/rkt as a separate partition, the active mount detection in before-remove needs to not get confused by the presence of /var/lib/rkt itself as a mount. Therefore a longer path is used for active mount detection.
* stage1/usr_from_coreos: add new image signing sub-key EF4B4ED9 (#3686). See coreos/init#236.
* scripts: skip nonexistent stage1 images when packaging (#3687). Not all builds will generate all stage1 images. It depends on what ./configure flags (--with-stage1-flavors) were used.
* tests: Only run race test on supported arch (#3684). Fixes build errors like these when run on non amd64 machines:
* functional test: Fix manifest arch error (#3681). The manifest contains values for the ACI arch and OS, not the go language values.
* Documentation updates: #3680, #3679, #3700, #3709
* Wed May 31 2017 thippAATTsuse.de- Update to v1.26.0: - This minor release contains bugfixes and other improvements. It also adds better support for the arm architecture to rkt, so that you can now fetch images via autodiscovery and have the correct seccomp whitelist to run them. Also notable is the new possibilty to pass extra kernel parameters to kvm, and last but not least a significant prepare/run speedup in stage0. This also introduces stricter validation on volume names, now rejecting duplicate ones. - New Features:
* stage1: improve duplicate mount-volume detection (#3666). Breaking change: volumes with duplicate names are now rejected.
* stage0/{run,prepare}: remove ondisk verification (#3623). For backwards compatibility, specifying \'insecure-options=ondisk\' will still run without error, however it will also not do anything.
* kvm/qemu: add extra kernel parameters (#3644). - Bugfixes:
* seccomp: add arch-specific syscalls on ARM (#3636).
* fetch: use proper appc os/arch labels (#3621).
* tests/caps: skip if overlayfs support is missing (#3670).
* build/stage1: transfer user xattr data (#3665).
* stage1: include
for makedev function (#3604). - Other changes:
* Add code of conduct (#3661). Required by CNCF.
* rkt list|status: app state info (i.e. exit codes) in --format=json (#3638).
* integrations: add mesos (#3624).
* Documentation: add container linux and tectonic as production users (#3618).
* Documentation: add Gentoo to the list of distributions that have rkt (#3613).
* Documentation: add some individual blog posts (#3611).
* Documentation: cleanup stage1 stuff (#3612).
* dist: use multi-user.target instead of default.target (#3620).
* added production-users and integrations pages (#3602).
* scripts: update rkt-builder version (#3595).
* Tue Feb 21 2017 thippAATTsuse.de- Update to v1.25.0: - This minor release contains bugfixes and other improvements related to the KVM flavour, which is now using qemu-kvm by default. - New Features:
* Switch default kvm flavour from lkvm to qemu (#3562). - Bug fixes:
* stage1/kvm: Change RAM calculation, and increase minimum (#3572).
* stage1: Ensure ptmx device usable by non-root for all flavours (#3484). - Other changes:
* tests: fix TestNonRootReadInfo when $HOME is only accessible by current user (#3580).
* glide: bump grpc to 1.0.4 (#3584).
* vendor: bump docker2aci to 0.16.0 (#3591).
* Mon Feb 06 2017 thippAATTsuse.de- Update to v1.24.0: - This release includes experimental support for attaching to a running application\'s input and output. It also introduces a more finely grained pull-policy flag. - New Features:
* rkt: add experimental support for attachable applications (#3396). It consists of:
* a new attach subcommand
* a set of per-app flags to control stdin/stdout/stderr modes
* a stage1 iottymux binary for multiplexing and attaching
* two new templated stage1 services, iomux and ttymux
* run/prepare/fetch: replace --no-store and --store-only with --pull-policy (#3554).
* Replaces the --no-store and --store-only flags with a singular flag --pull-policy.
* can accept one of three things, never, new, and update.
* --no-store has been aliased to --pull-policy=update
* --store-only has been aliased to --pull-policy=never - Bug fixes:
* image gc: don\'t remove images that currently running pods were made from (#3549).
* stage1/fly: evaluate symlinks in mount targets (#3570).
* lib/app: use runtime app mounts and appVolumes rather than mountpoints (#3571). - Other changes:
* kvm/qemu: Update QEMU to v2.8.0 (#3568).
* stage0/app-add: CLI args should override image ones (#3566).
* lib/app: use runtime app mounts and appVolumes rather than mountpoints (#3571).
* kvm/lkvm: update lkvm version to HEAD (#3569).
* vendor: bump appc to v0.8.10 (#3574).
* docs: (#3552) - Build & Test:
* tests: remove gexpect from TestAppUserGroup (#3561).
* travis: remove \"gimme.local\" script (#3556).
* tests: fix when $HOME is only accessible by current user (#3559).
* makelib: introduce --enable-incremental-build, enabling \"go install\" (#3553).
* Fri Jan 20 2017 thippAATTsuse.de- Update to v1.23.0: - This release adds a lot of bugfixes around the rkt fly flavor, garbage collection, kvm, and the sandbox. The new experimental app subcommand now follows the semantic of CRI of not quitting prematurely if apps fail or exit. Finally docker2aci received an important update fixing issues with os/arch labels which caused issues on arm architectures, a big thanks here goes to AATTybubnov for this contribution. - New features:
* sandbox: don\'t exit if an app fails (#3478). In contrast to regular rkt run behavior, the sandbox now does not quit if all or single apps fail or exit. - Bug fixes:
* stage1: fix incorrect splitting function (#3541).
* sandbox/app-add: fix mount targets with absolute symlink targets (#3490).
* namefetcher: fix nil pointer dereference (#3536).
* Bump appc/docker2aci library version to 0.15.0 (#3534). This supports the conversion of images with various os/arch labels.
* stage1: uid shift systemd files (#3529).
* stage1/kvm/lkvm: chown files and dirs on creation (#3485).
* stage1/fly: record pgid and let stop fallback to it (#3523).
* common/overlay: allow data directory name with colon character (#3505).
* api-service: stop erroring when a pod is running (#3525).
* stage1/fly: clear FD_CLOEXEC only once (#3521).
* stage1: Add hostname to /etc/hosts (#3522).
* gc: avoid erroring in race to deletion (#3515).
* tests/rkt_stop: Wait for \'stop\' command to complete (#3518).
* pkg/pod: avoid nil panic for missing pods (#3514). - Other changes:
* stage1: move more logic out of AppUnit (#3496).
* tests: use appc schema instead of string templates (#3520).
* stage1: kvm: Update kernel to 4.9.2 (#3530).
* stage1: remount entire subcgroup r/w, instead of each knob (#3494).
* tests: update AWS CI setup (#3509).
* pkg/fileutil: helper function to get major, minor numbers of a device file (#3500).
* pkg/log: correctly handle var-arg printf params (#3516).
* Documentation/stop: describe --uuid-file option (#3511).
* Mon Jan 09 2017 thippAATTsuse.de- Update to v1.22.0: - This is a stabilization release which includes better support for environments without systemd, improvements to GC behavior in complex scenarios, and several additional fixes. - New features and UX changes:
* rkt/cat-manifest: add support for --uuid-file (#3498).
* stage1: fallback if systemd cgroup doesn\'t exist (#3507).
* vendor: bump gocapability (#3493). This change renames sys_psacct to sys_pacct.
* stage0/app: pass debug flag to entrypoints (#3469). - Bug fixes:
* gc: fix cleaning mounts and files (#3486). This improves GC behavior in case of busy mounts and other complex scenarios.
* mount: ensure empty volume paths exist for copy-up (#3468).
* rkt stop/rm: a pod must be closed after PodFromUUIDString() (#3492). - Other changes:
* stage1/kvm: add a dash in kernel LOCALVERSION (#3489).
* stage1/kvm: Improve QEMU Makefile rules (#3474).
* pkg/pod: use IncludeMostDirs bitmask instead of constructing it (#3506).
* pkg/pod: add WaitReady, dry Sandbox methods (#3462).
* vendor: bump gexpect to 0.1.1 (#3467).
* common: fix \'the the\' duplication in comment (#3497).
* docs: multiple updates (#3479, #3501, #3464, #3495).- Update to v1.21.0: - This release includes bugfixes for the experimental CRI support, more stable integration tests, and some other interesting changes. - New features:
* Change the subnet for the default-restricted network (#3440), (#3459).
* Prepare for writable /proc/sys, and /sys (#3389).
* Documentation/proposals: add OCI Image Format roadmap (#3425). - Bug fixes:
* stage1: app add, status didn\'t work with empty vols (#3451).
* stage1: properly run defer\'d umounts in app add (#3455).
* cri: correct \'created\' timestamp (#3399).
* fly: ensure the target bin directory exists before building (#3436).
* rkt: misc systemd-related fixes (#3418). - Other changes:
* pkg/mountinfo: move mountinfo parser to its own package (#3415).
* stage1: persist runtime parameters (#3432), (#3450).
* stage1: signal supervisor readiness (#3424), (#3439).
* sandbox: add missing flagDNSDomain and flagHostsEntries parameters (#3430).
* pkg/tar: fix variable name in error (#3433).
* tests: fix TestExport for the KVM+overlay case (#3435).
* tests: fix some potential gexpect hangs (#3443).
* tests: add smoke test for app sandbox (#3371).
* tests: tentative fixes for sporadic host and kvm failures (#3434).
* rkt: remove empty TODO (#3417).
* Documentation updates: #3446, (#3421), (#3412).
* Fri Nov 25 2016 thippAATTsuse.de- Update to v1.20.0: - This release contains additional bug fixes for the new experimental app subcommand, following the path towards the Container Runtime Interface (CRI). It also adds first step towards OCI by introducing an internal concept called \"distribution points\", which will allow rkt to recognize multiple image formats internally. Finally the rkt fly flavor gained support for rkt enter. - New features and UX changes:
* stage1/fly: Add a working rkt enter implementation (#3377). - Bug fixes:
* tests/build-and-run-test.sh: fix systemd revision parameter (#3395).
* namefetcher: Use ETag in fetchVerifiedURL() (#3374).
* rkt/run: validates pod manifest to make sure it contains at least one app (#3363).
* rkt/app: multiple bugfixes (#3405). - Other changes:
* glide: deduplicate cni entries and update go-systemd (#3372).
* stage0: improve list --format behavior and flags (#3403).
* pkg/pod: flatten the pod state if-ladders (#3404).
* tests: adjust security tests for systemd v232 (#3401).
* image: export ImageListEntry type for image list (#3383).
* glide: bump gopsutil to v2.16.10 (#3400).
* stage1: update coreos base to alpha 1235.0.0 (#3388).
* rkt: Implement distribution points (#3369). This is the implementation of the distribution concept proposed in #2953.
* build: add --with-stage1-systemd-revision option for src build (#3362).
* remove isReallyNil() (#3381). This is cleanup PR, removing some reflection based code.
* vendor: update appc/spec to 0.8.9 (#3384).
* vendor: Remove direct k8s dependency (#3312).
* Documentation updates: #3366, #3376, #3379, #3406, #3410.
* Mon Nov 14 2016 thippAATTsuse.de- Update to v1.19.0: - This release contains multiple changes to rkt core, bringing it more in line with the new Container Runtime Interface (CRI) from Kubernetes. - A new experimental app subcommand has been introduced, which allows creating a \"pod sandbox\" and dynamically mutating it at runtime. This feature is not yet completely stabilized, and is currently gated behind an experimental flag. - New features and UX changes:
* rkt: experimental support for pod sandbox (#3318). This PR introduces an experimental app subcommand and many additional app-level options.
* rkt/image: align image selection behavior for the rm subcommand (#3353).
* stage1/init: leave privileged pods without stage2 mount-ns (#3290).
* stage0/image: list images output in JSON format (#3334).
* stage0/arch: initial support for ppc64le platform (#3315). - Bug fixes:
* gc: make sure CNI_PATH is same for gc and init (#3348).
* gc: clean up some GC leaks (#3317).
* stage0: minor wording fixes (#3351).
* setup-data-dir.sh: fallback to the mkdir/chmods if the rkt.conf doesn\'t exist (#3335).
* scripts: add gpg to Debian dependencies (#3339).
* kvm: fix for breaking change in Debian Sid GCC default options (#3354).
* image/list: bring back field filtering in plaintext mode (#3361). - Other changes:
* cgroup/v1: introduce mount flags to mountFsRO (#3350).
* kvm: update QEMU version to 2.7.0 (#3341).
* kvm: bump kernel version to 4.8.6, updated config (#3342).
* vendor: introduce kr/pretty and bump go-systemd (#3333).
* vendor: update docker2aci to 0.14.0 (#3356).
* tests: add the --debug option to more tests (#3340).
* scripts/build-rir: bump rkt-builder version to 1.1.1 (#3360).
* Documentation updates: #3321, #3331, #3325.
* Thu Oct 27 2016 thippAATTsuse.de- Update to v1.18.0: - This minor release contains bugfixes, UX enhancements, and other improvements. - UX changes:
* rkt: gate diagnostic output behind --debug (#3297).
* rkt: Change exit codes to 254 (#3261). - Bug fixes:
* stage1/kvm: correctly bind-mount read-only volumes (#3304).
* stage0/cas: apply xattr attributes (#3305).
* scripts/install-rkt: add iptables dependency (#3309).
* stage0/image: set proxy if InsecureSkipVerify is set (#3303). - Other changes:
* vendor: update docker2aci to 0.13.0 (#3314). This fixes multiple fetching and conversion bugs, including two security issues.
* scripts: update glide vendor script (#3313).
* vendor: update appc/spec to v0.8.8 (#3310).
* stage1: update to CoreOS 1192.0.0 (and update sanity checks) (#3283).
* cgroup: introduce proper cgroup/v1, cgroup/v2 packages (#3277).
* Documentation updates: (#3281), (#3319), (#3308).
* Thu Oct 13 2016 thippAATTsuse.de- Update to v1.17.0: - This is a minor release packaging rkt-api systemd service units, and fixing a bug caused by overly long lines in generated stage1 unit files. - New features and UX changes:
* dist: Add systemd rkt-api service and socket (#3271).
* dist: package rkt-api unit files (#3275). - Bug fixes:
* stage1: break down overlong property lines (#3279). - Other changes:
* stage0: fix typo and some docstring style (#3266).
* stage0: Create an mtab symlink if not present (#3265).
* stage1: use systemd protection for kernel tunables (#3273).
* Documentation updates: (#3280, #3263, #3268, #3254, #3199, #3256)
* Fri Sep 30 2016 thippAATTsuse.de- Update to v1.16.0: - This release contains an important bugfix for the stage1-host flavor, as well as initial internal support for cgroup2 and pod sandboxes as specified by kubernetes CRI (Container Runtime Interface). - Bug fixes:
* stage1/host: fix systemd-nspawn args ordering (#3216). Fixes https://github.com/coreos/rkt/issues/3215. - New features:
* rkt: support for unified cgroups (cgroup2) (#3032). This implements support for cgroups v2 along support for legacy version.
* cri: initial implementation of stage1 changes (#3218). This PR pulls the stage1-based changes from the CRI branch back into master, leaving out the changes in stage0 (new app subcommands). - Other changes:
* doc/using-rkt-with-systemd: fix the go app example (#3217).
* rkt: refactor app-level flags handling (#3209). This is in preparation for https://github.com/coreos/rkt/pull/3205
* docs/distributions: rearrange, add centos (#3212).
* rkt: Correct typos listed by the tool misspell (#3208).
* Thu Sep 15 2016 thippAATTsuse.de- Update to v1.15.0: - This relase brings some expanded DNS configuration options, beta support for QEMU, recursive volume mounts, and improved sd_notify support. - Major changes:
* DNS configuration improvements (#3161):
* Respect DNS results from CNI
* Add --dns=host mode to bind-mount the host\'s /etc/resolv.conf
* Add --dns=none mode to ignore CNI DNS
* Add --hosts-entry (IP=HOSTNAME) to tweak the pod\'s /etc/hosts
* Add --hosts-entry=host to bind-mount the host\'s /etc/hosts
* Introduce QEMU support as an alternative KVM hypervisor (#2952)
* add support for recursive volume/mounts (#2880)
* stage1: allow sd_notify from the app in the container to the host (#2826).
* Thu Sep 01 2016 thippAATTsuse.de- Update to v.1.14.0: - This release updates the coreos and kvm flavors, bringing in a newer stable systemd (v231). Several fixes and cgroups-related changes landed in api-service, and better heuristics have been introduced to avoid using overlays in non-supported environments. Finally, run-prepared now honors options for insecure/privileged pods too. - New features and UX changes:
* stage1: update to CoreOS 1151.0.0 and systemd v231 (#3122).
* common: fall back to non-overlay with ftype=0 (#3105).
* rkt: honor insecure-options in run-prepared (#3138). - Bug fixes:
* stage0: fix golint warnings (#3099).
* rkt: avoid possible panic in api-server (#3111).
* rkt/run: allow --set-env-file files with comments (#3115).
* scripts/install-rkt: add wget as dependency (#3124).
* install-rkt.sh: scripts: Fix missing files in .deb when using install-rkt.sh (#3127).
* tests: check for run-prepared with insecure options (#3139). - Other changes:
* seccomp/docker: update docker whitelist to include mlock (#3126). This updates the AATTdocker/default-whitelist to include mlock-related syscalls (mlock, mlock2, mlockall).
* build: add PowerPC (#2936).
* scripts: install-rkt.sh: fail install-pak on errors (#3150). When install-pak (called from install-rkt.sh) fails at some point abort packaging.
* api_service: Rework cgroup detection (#3072). Use the subcgroup file hint provided by some stage1s rather than machined registration.
* Documentation/devel: add make images target (#3142). This introduces the possibility to generate graphivz based PNG images using a new images make target.
* vendor: update appc/spec to 0.8.7 (#3143).
* stage1/kvm: avoid writing misleading subcgroup (#3107).
* vendor: update go-systemd to v12 (#3125).
* scripts: bump coreos.com/rkt/builder image version (#3092). This bumps rkt-builder version to 1.0.2, in order to work with seccomp filtering.
* export: test export for multi-app pods (#3075).
* Documentation updates: (#3146, #2954, #3128, #2953, #3103, #3087, #3097, #3096, #3095, #3089)
* Tue Aug 23 2016 thippAATTsuse.de- remove %tmpfiles_create macro- extend rkt-rpmlintrc
* Tue Aug 23 2016 thippAATTsuse.de- Add rkt-rpmlintrc
* Tue Aug 23 2016 thippAATTsuse.de- Update to v1.13.0: - This release introduces support for exporting single applications out of multi-app pods. Moreover, it adds additional support to control device manipulation inside pods. Finally all runtime security features can now be optionally disabled at the pod level via new insecure options. This version also contains multiple bugfixes and supports Go 1.7. - New features and UX changes
* export: name flag for exporting multi-app pods (#3030).
* stage1: limit device node creation/reading/writing with DevicePolicy= and DeviceAllow= (#3027, #3058).
* rkt: implements --insecure-options={capabilities,paths,seccomp,run-all} (#2983). - Bug fixes
* kvm: use a properly formatted comment for iptables chains (#3038). rkt was using the chain name as comment, which could lead to confusion.
* pkg/label: supply mcsdir as function argument to InitLabels() (#3045).
* api_service: improve machined call error output (#3059).
* general: fix old appc/spec version in various files (#3055).
* rkt/pubkey: use custom http client including timeout (#3084).
* dist: remove quotes from rkt-api.service ExecStart (#3079).
* build: multiple fixes (#3042, #3041, #3046).
* configure: disable tests on host flavor with systemd <227 (#3047). - Other changes
* travis: add go 1.7, bump go 1.5/1.6 (#3077).
* api_service: Add lru cache to cache image info (#2910).
* scripts: add curl as build dependency (#3070).
* vendor: use appc/spec 0.8.6 and k8s.io/kubernetes v1.3.0 (#3063).
* common: use fileutil.IsExecutable() (#3023).
* build: Stop printing irrelevant invalidation messages (#3050).
* build: Make generating clean files simpler to do (#3057).
* Documentation: misc changes (#3053, #2911, #3035, #3036, #3037, #2945, #3083, #3076, #3033, #3064, #2932).
* functional tests: misc fixes (#3049).
* Fri Aug 05 2016 thippAATTsuse.de- include ${_libexecdir}/tmpfiles.d/rkt.conf in package
* Fri Aug 05 2016 thippAATTsuse.de- Update to v1.12.0: This release introduces support for seccomp filtering via two new seccomp isolators. It also gives a boost to api-service performance by introducing manifest caching. Finally it fixes several regressions related to Docker images handling. [#]### New features and UX changes- cli: rename `--cap-retain` and `--cap-remove` to `--caps-
*` ([#2994](https://github.com/coreos/rkt/pull/2994)).- stage1: apply seccomp isolators ([#2753](https://github.com/coreos/rkt/pull/2753)). This introduces support for appc seccomp isolators.- scripts: add /etc/rkt owned by group rkt-admin in setup-data-dir.sh ([#2944](https://github.com/coreos/rkt/pull/2944)).- rkt: add `--caps-retain` and `--caps-remove` to prepare ([#3007](https://github.com/coreos/rkt/pull/3007)).- store: allow users in the rkt group to delete images ([#2961](https://github.com/coreos/rkt/pull/2961)).- api_service: cache pod manifest ([#2891](https://github.com/coreos/rkt/pull/2891)). Manifest caching considerably improves api-service performances.- store: tell the user to run as root on db update ([#2966](https://github.com/coreos/rkt/pull/2966)).- stage1: disabling cgroup namespace in systemd-nspawn ([#2989](https://github.com/coreos/rkt/pull/2989)). For more information see [systemd#3589](https://github.com/systemd/systemd/pull/3589).- fly: copy rkt-resolv.conf in the app ([#2982](https://github.com/coreos/rkt/pull/2982)).- store: decouple aci store and treestore implementations ([#2919](https://github.com/coreos/rkt/pull/2919)).- store: record ACI fetching information ([#2960](https://github.com/coreos/rkt/pull/2960)). [#]### Bug fixes- stage1/init: fix writing of /etc/machine-id ([#2977](https://github.com/coreos/rkt/pull/2977)).- rkt-monitor: multiple fixes ([#2927](https://github.com/coreos/rkt/pull/2927), [#2988](https://github.com/coreos/rkt/pull/2988)).- rkt: don\'t errwrap cli_apps errors ([#2958](https://github.com/coreos/rkt/pull/2958)).- pkg/tar/chroot: avoid errwrap in function called by multicall ([#2997](https://github.com/coreos/rkt/pull/2997)).- networking: apply CNI args to the default networks as well ([#2985](https://github.com/coreos/rkt/pull/2985)).- trust: provide InsecureSkipTLSCheck to pubkey manager ([#3016](https://github.com/coreos/rkt/pull/3016)).- api_service: update grpc version ([#3015](https://github.com/coreos/rkt/pull/3015)).- fetcher: httpcaching fixes ([#2965](https://github.com/coreos/rkt/pull/2965)). [#]### Other changes- build,stage1/init: set interpBin at build time for src flavor ([#2978](https://github.com/coreos/rkt/pull/2978)).- common: introduce RemoveEmptyLines() ([#3004](https://github.com/coreos/rkt/pull/3004)).- glide: update docker2aci to v0.12.3 ([#3026](https://github.com/coreos/rkt/pull/3026)). This fixes multiple bugs in layers ordering for Docker images.- glide: update go-systemd to v11 ([#2970](https://github.com/coreos/rkt/pull/2970)). This fixes a buggy corner-case in journal seeking (implicit seek to head).- docs: document capabilities overriding ([#2917](https://github.com/coreos/rkt/pull/2917), [#2991](https://github.com/coreos/rkt/pull/2991)).- issue template: add \'\
\' to the end of environment output ([#3008](https://github.com/coreos/rkt/pull/3008)).- functional tests: multiple fixes ([#2999](https://github.com/coreos/rkt/pull/2999), [#2979](https://github.com/coreos/rkt/pull/2979), [#3014](https://github.com/coreos/rkt/pull/3014)).
* Fri Jul 22 2016 thippAATTsuse.de- Upgrade to v1.11.0: This release sets the ground for the new upcoming KVM qemu flavor. It adds support for exporting a pod to an ACI including all modifications. The rkt API service now also supports systemd socket activation. Finally we have diagnostics back, helping users to find out why their app failed to execute. [#]### New features- rkt fetch: support for the docker image format v2.2 and draft OCI image format and allows fetching via digest.- KVM: Hypervisor support for KVM flavor focusing on qemu ([#2684](https://github.com/coreos/rkt/pull/2684)). This provides a generic mechanism to use different kvm hypervisors (such as lkvm, qemu-kvm).- rkt: add command to export a pod to an aci ([#2889](https://github.com/coreos/rkt/pull/2889)). Adds a new export command to rkt which generates an ACI from a pod; saving any changes made to the pod.- rkt/api: detect when run as a systemd.socket(5) service ([#2916](https://github.com/coreos/rkt/pull/2916)). This allows rkt to run as a systemd socket-based unit.- rkt/stop: implement --uuid-file ([#2902](https://github.com/coreos/rkt/pull/2902)). So the user can use the value saved on rkt run with --uuid-file-save. [#]### Bug fixes- scripts/glide-update: ensure running from $GOPATH ([#2885](https://github.com/coreos/rkt/pull/2885)). glide is confused when it\'s not running with the rkt repository inside $GOPATH.- store: fix missing shared storelock acquisition on NewStore ([#2896](https://github.com/coreos/rkt/pull/2896)).- store,rkt: fix fd leaks ([#2906](https://github.com/coreos/rkt/pull/2906)). Close db lock on store close. If we don\'t do it, there\'s a fd leak everytime we open a new Store, even if it was closed.- stage1/enterexec: remove trailing \
in environment variables ([#2901](https://github.com/coreos/rkt/pull/2901)). Loading environment retained the new line character (\
), this produced an incorrect evaluation of the environment variables.- stage1/gc: skip cleaning our own cgroup ([#2914](https://github.com/coreos/rkt/pull/2914)).- api_service/log: fix file descriptor leak in GetLogs() ([#2930](https://github.com/coreos/rkt/pull/2930)).- protobuf: fix protoc-gen-go build with vendoring ([#2913](https://github.com/coreos/rkt/pull/2913)).- build: fix x86 builds ([#2926](https://github.com/coreos/rkt/pull/2926)). This PR fixes a minor issue which leads to x86 builds failing.- functional tests: add some more volume/mount tests ([#2903](https://github.com/coreos/rkt/pull/2903)).- stage1/init: link pod\'s journal in kvm flavor ([#2934](https://github.com/coreos/rkt/pull/2934)). In nspawn flavors, nspawn creates a symlink from /var/log/journal/${machine-id} to the pod\'s journal directory. In kvm we need to do the link ourselves.- build: Build system fixes ([#2938](https://github.com/coreos/rkt/pull/2938)). This should fix the expr: syntax error and useless rebuilds of network plugins. [#]### Other changes- stage1: diagnostic functionality for rkt run ([#2872](https://github.com/coreos/rkt/pull/2872)). If the app exits with ExecMainStatus == 203, the app\'s reaper runs the diagnostic tool and prints the output on stdout. systemd sets ExecMainstatus to EXIT_EXEC (203) when execve() fails.- build: add support for more architectures at configure time ([#2907](https://github.com/coreos/rkt/pull/2907)).- stage1: update coreos image to 1097.0.0 ([#2884](https://github.com/coreos/rkt/pull/2884)). This is needed for a recent enough version of libseccomp (2.3.0), with support for new syscalls (eg. getrandom).- api: By adding labels to the image itself, we don\'t need to pass the manifest to filter function ([#2909](https://github.com/coreos/rkt/pull/2909)). api: Add labels to pod and image type.- api: optionally build systemd-journal support ([#2868](https://github.com/coreos/rkt/pull/2868)). This introduces a \'sdjournal\' tag and corresponding stubs in api_service, turning libsystemd headers into a soft-dependency.- store: simplify db locking and functions ([#2897](https://github.com/coreos/rkt/pull/2897)). Instead of having a file lock to handle inter process locking and a sync.Mutex to handle locking between multiple goroutines, just create, lock and close a new file lock at every db.Do function.- stage1/enterexec: Add entry to ASSCB_EXTRA_HEADERS ([#2924](https://github.com/coreos/rkt/pull/2924)). Added entry to ASSCB_EXTRA_HEADERS for better change tracking.- build: use rkt-builder ACI ([#2923](https://github.com/coreos/rkt/pull/2923)).- Add hidden \'image fetch\' next to the existing \'fetch\' option ([#2860](https://github.com/coreos/rkt/pull/2860)).- stage1: prepare-app: don\'t mount /sys if path already used ([#2888](https://github.com/coreos/rkt/pull/2888)). When users mount /sys or a sub-directory of /sys as a volume, prepare-app should not mount /sys: that would mask the volume provided by users.- build,stage1/init: set interpBin at build time to fix other architecture builds (e.g. x86) ([#2950](https://github.com/coreos/rkt/pull/2950)).- functional tests: re-purpose aws.sh for generating AMIs ([#2736](https://github.com/coreos/rkt/pull/2736)).- rkt: Add --cpuprofile --memprofile for profiling rkt ([#2887](https://github.com/coreos/rkt/pull/2887)). Adds two hidden global flags and documentation to enable profiling rkt.- functional test: check PATH variable for trailer \
character ([#2942](https://github.com/coreos/rkt/pull/2942)).- functional tests: disable TestVolumeSysfs on kvm ([#2941](https://github.com/coreos/rkt/pull/2941)).- Documentation updates ([#2918](https://github.com/coreos/rkt/pull/2918)) [#]### Library updates- glide: update docker2aci to v0.12.1 ([#2873](https://github.com/coreos/rkt/pull/2873)). Includes support for the docker image format v2.2 and OCI image format and allows fetching via digest.
* Wed Jul 13 2016 thippAATTsuse.de- Upgrade to v1.10.1: This is a minor bug fix release. [#]### Bug fixes rkt/run: handle malformed environment files ([#2901](https://github.com/coreos/rkt/pull/2901)) stage1/enterexec: remove trailing \
in environment variables ([#2901](https://github.com/coreos/rkt/pull/2901))
* Mon Jul 11 2016 thippAATTsuse.de- Upgrade to 1.10.0: This release introduces a number of important features and improvements:- ARM64 support- A new subcommand rkt stop to gracefully stop running pods- native Go vendoring with Glide- rkt is now packaged for openSUSE Tumbleweed and Leap [#]### New features- Add ARM64 support ([#2758](https://github.com/coreos/rkt/pull/2758)). This enables ARM64 cross-compliation, fly, and stage1-coreos.- Replace Godep with Glide, introduce native Go vendoring ([#2735](https://github.com/coreos/rkt/pull/2735)).- rkt: rkt stop ([#2438](https://github.com/coreos/rkt/pull/2438)). Cleanly stops a running pod. For systemd-nspawn, sends a SIGTERM. For kvm, executes systemctl halt. [#]### Bug fixes- stage1/fly: respect runtimeApp App\'s MountPoints ([#2852](https://github.com/coreos/rkt/pull/2852)). Fixes [#2846](https://github.com/coreos/rkt/issues/2846).- run: fix sandbox-side metadata service to comply to appc v0.8.1 ([#2863](https://github.com/coreos/rkt/pull/2863)). Fixes [#2621](https://github.com/coreos/rkt/issues/2621). [#]### Other changes- build directory layout change ([#2758](https://github.com/coreos/rkt/pull/2758)): The rkt binary and stage1 image files have been moved from the \'bin\' sub-directory to the \'target/bin\' sub-directory.- networking/kvm: add flannel default gateway parsing ([#2859](https://github.com/coreos/rkt/pull/2859)).- stage1/enterexec: environment file with \'\
\' as separator (systemd style) ([#2839](https://github.com/coreos/rkt/pull/2839)).- pkg/tar: ignore global extended headers ([#2847](https://github.com/coreos/rkt/pull/2847)).- pkg/tar: remove errwrap ([#2848](https://github.com/coreos/rkt/pull/2848)).- tests: fix abuses of appc types.Isolator ([#2840](https://github.com/coreos/rkt/pull/2840)).- common: remove unused GetImageIDs() ([#2834](https://github.com/coreos/rkt/pull/2834)).- common/cgroup: add mountFsRO() helper function ([#2829](https://github.com/coreos/rkt/pull/2829)).- Documentation updates ([#2732](https://github.com/coreos/rkt/pull/2732), [#2869](https://github.com/coreos/rkt/pull/2869), [#2810](https://github.com/coreos/rkt/pull/2810), [#2865](https://github.com/coreos/rkt/pull/2865), [#2825](https://github.com/coreos/rkt/pull/2825), [#2841](https://github.com/coreos/rkt/pull/2841), [#2732](https://github.com/coreos/rkt/pull/2732)) [#]### Library updates- glide: bump ql to v1.0.4 ([#2875](https://github.com/coreos/rkt/pull/2875)). It fixes an occassional panic when doing GC.- glide: bump gopsutils to 2.1 ([#2876](https://github.com/coreos/rkt/pull/2876)). To include [shirou/gopsutil#194](https://github.com/shirou/gopsutil/pull/194) (this adds ARM aarch64 support)- vendor: update appc/spec to 0.8.5 ([#2854](https://github.com/coreos/rkt/pull/2854)).
* Wed Jul 06 2016 msabateAATTsuse.com- Using the golang-packaging and some of its macros
* Tue Jul 05 2016 thippAATTsuse.de- Upgrade to v1.9.1: This is a minor bug fix release. [#]### Bug fixes Godeps: update go-systemd ([#2837](https://github.com/coreos/rkt/pull/2837)). go-systemd v10 fixes a panic-inducing bug due to returning incorrect Read() length values. stage1/fly: use 0755 to create mountpaths ([#2836](https://github.com/coreos/rkt/pull/2836)). This will allow any user to list the content directories. It does not have any effect on the permissions on the mounted files itself.
* Wed Jun 22 2016 msabateAATTsuse.com- Upgraded to 1.8.0: This release focuses on stabilizing the API service, fixing multiple issues in the logging subsystem. [#]### New features and UX changes- api: GetLogs: improve client example with \'Follow\' ([#2747](https://github.com/coreos/rkt/pull/2747)).- kvm: add proxy arp support to macvtap ([#2715](https://github.com/coreos/rkt/pull/2715)).- stage0/config: add a CLI flag to pretty print json ([#2745](https://github.com/coreos/rkt/pull/2745)).- stage1: make /proc/bus/ read-only ([#2743](https://github.com/coreos/rkt/pull/2743)). [#]### Bug fixes- api: GetLogs: use the correct type in LogsStreamWriter ([#2744](https://github.com/coreos/rkt/pull/2744)).- api: fix service panic on incomplete pods ([#2739](https://github.com/coreos/rkt/pull/2739)).- api: Fix the GetLogs() when appname is given ([#2763](https://github.com/coreos/rkt/pull/2763)).- pkg/selinux: various fixes ([#2723](https://github.com/coreos/rkt/pull/2723)).- pkg/fileutil: don\'t remove the cleanSrc if it equals \'.\' ([#2731](https://github.com/coreos/rkt/pull/2731)).- stage0: remove superfluous error verbs ([#2750](https://github.com/coreos/rkt/pull/2750)). [#]### Other changes- Godeps: bump go-systemd ([#2754](https://github.com/coreos/rkt/pull/2754)). Fixes a panic on the api-service when calling GetLogs().- Documentation updates ([#2756](https://github.com/coreos/rkt/pull/2756), [#2741](https://github.com/coreos/rkt/pull/2741), [#2737](https://github.com/coreos/rkt/pull/2737), [#2742](https://github.com/coreos/rkt/pull/2742), [#2730](https://github.com/coreos/rkt/pull/2730), [#2729](https://github.com/coreos/rkt/pull/2729))- Test improvements ([#2726](https://github.com/coreos/rkt/pull/2726)).
* Tue May 31 2016 msabateAATTsuse.com- Upgrade to v1.7.0 [#]### New features and UX changes- stage1: implement no-new-privs linux isolator ([#2677](https://github.com/coreos/rkt/pull/2677)).- stage0: disable OverlayFS by default when working on ZFS ([#2600](https://github.com/coreos/rkt/pull/2600)).- stage1: (partially) restrict access to procfs and sysfs paths ([#2683](https://github.com/coreos/rkt/pull/2683)).- stage1: clean up pod cgroups on GC ([#2655](https://github.com/coreos/rkt/pull/2655)).- stage1/prepare-app: don\'t mount /sys/fs/cgroup in stage2 ([#2681](https://github.com/coreos/rkt/pull/2681)).- stage0: complain and abort on conflicting CLI flags ([#2666](https://github.com/coreos/rkt/pull/2666)).- stage1: update CoreOS image signing key ([#2659](https://github.com/coreos/rkt/pull/2659)).- api_service: Implement GetLogs RPC request ([#2662](https://github.com/coreos/rkt/pull/2662)).- networking: update to CNI v0.3.0 ([#3696](https://github.com/coreos/rkt/pull/2696)). [#]### Bug fixes- api: fix image size reporting ([#2501](https://github.com/coreos/rkt/pull/2501)).- build: fix build failures on manpages/bash-completion target due to missing GOPATH ([#2646](https://github.com/coreos/rkt/pull/2646)).- dist: fix \"other\" permissions so rkt list can work without root/rkt-admin ([#2698](https://github.com/coreos/rkt/pull/2698)).- kvm: fix logging network plugin type ([#2635](https://github.com/coreos/rkt/pull/2635)).- kvm: transform flannel network to allow teardown ([#2647](https://github.com/coreos/rkt/pull/2647)).- rkt: fix panic on rm a non-existing pod with uuid-file ([#2679](https://github.com/coreos/rkt/pull/2679)).- stage1/init: work around `cgroup/SCM_CREDENTIALS` race ([#2645](https://github.com/coreos/rkt/pull/2645)).- gc: mount stage1 on GC ([#2704](https://github.com/coreos/rkt/pull/2704)).- stage1: fix network files leak on GC ([#2319](https://github.com/coreos/rkt/issues/2319)). [#]### Other changes- deps: remove unused dependencies ([#2703](https://github.com/coreos/rkt/pull/2703)).- deps: appc/spec, k8s, protobuf updates ([#2697](https://github.com/coreos/rkt/pull/2697)).- deps: use tagged release of github.com/shirou/gopsutil ([#2705](https://github.com/coreos/rkt/pull/2705)).- deps: bump docker2aci to v0.11.1 ([#2719](https://github.com/coreos/rkt/pull/2719)).- Documentation updates ([#2620](https://github.com/coreos/rkt/pull/2620), [#2700](https://github.com/coreos/rkt/pull/2700), [#2637](https://github.com/coreos/rkt/pull/2637), [#2591](https://github.com/coreos/rkt/pull/2591), [#2651](https://github.com/coreos/rkt/pull/2651), [#2699](https://github.com/coreos/rkt/pull/2699), [#2631](https://github.com/coreos/rkt/pull/2631)).- Test improvements ([#2587](https://github.com/coreos/rkt/pull/2587), [#2656](https://github.com/coreos/rkt/pull/2656), [#2676](https://github.com/coreos/rkt/pull/2676), [#2554](https://github.com/coreos/rkt/pull/2554), [#2690](https://github.com/coreos/rkt/pull/2690), [#2674](https://github.com/coreos/rkt/pull/2674), [#2665](https://github.com/coreos/rkt/pull/2665), [#2649](https://github.com/coreos/rkt/pull/2649), [#2643](https://github.com/coreos/rkt/pull/2643), [#2637](https://github.com/coreos/rkt/pull/2637), [#2633](https://github.com/coreos/rkt/pull/2633)).
* Wed May 18 2016 msabateAATTsuse.com- Upgrade to v1.6.0
* Thu Apr 28 2016 msabateAATTsuse.com- Fix on rkt group
* Fri Apr 22 2016 msabateAATTsuse.com- Update to v1.4.0
* Sat Oct 03 2015 mrueckertAATTsuse.de- Update to v0.8.1 rkt v0.8.1 is an incremental release with numerous bug fixes and clean-up to the build system. It also introduces a few small new features and UX improvements. - New features and UX changes: - `rkt rm` is now variadic: it can now remove multiple pods in one command, by UUID - The `APPNAME` column in `rkt image list` output has been changed to the more accurate `NAME`. This involves a schema change in rkt\'s on-disk datastore, but this should be upgraded transparently. - Headers are now sent when following HTTP redirects while trying to retrieve an image - The default metadata service port number was changed from a registered/reserved IANA port to an arbitrary port in the non-dynamic range - Added the ability to override arguments for network plugins - rkt will now error out if someone attempts to use `--private-users` with the lkvm backend - Bug fixes: - Fixed creation of /tmp in apps\' root filesystems with correct permissions - Fixed garbage collection after umounts (for example, if a system reboots before a pod is cleanly destroyed) - Fixed a race in interactive mode when using the lkvm backend that could cause a deadlock or segfault - Fixed bad parameter being passed to the metadata service (\"uid\" -> \"uuid\") - Fixed setting of file permissions during stage1 set up - Fixed a potential race condition during simultaneous `iptables` invocation - Fixed ACI download progress being sent to stderr instead of stdout, now consistent with the output during retrieval of Docker images - `rkt help prepare` will now show the correct default stage1 image - rkt will refuse to add isolators with nil Limits, preventing a panic caused by an ambiguity in upstream appc schema - Other changes: - Reworked the SELinux implementation to use `systemd-nspawn`\'s native context-switching feature - Added a workaround for a bug in Docker <1.8 when it is run on the same system as rkt (see https://github.com/coreos/rkt/issues/1210#issuecomment-132793300) - Added a `rkt-xxxx-tapN` name to tap devices that rkt creates - Functional tests now clean intermediate images between tests - Countless improvements and cleanup to the build system - Numerous documentation improvements, including splitting out all top-level `rkt` subcommands into their own documents- Changes for v0.8.0 rkt 0.8.0 includes support for running containers under an LKVM hypervisor and experimental user namespace support. - Documentation improvements - Better integration with systemd: - journalctl -M - machinectl {reboot,poweroff} - Update stage1\'s systemd to v222 - Add more functional tests - Build system improvements - Fix bugs with garbage-collection - LKVM stage1 support with network and volumes - Smarter image discovery: ETag and Cache-Control support - Add CNI DHCP plugin - Support systemd socket activation - Backup CAS database when migrating - Improve error messages - Add the ability to override ACI exec - Optimize rkt startup times when a stage1 is present in the store - Trust keys fetched via TLS by default - Add the ability to garbage-collect a specific pod - Add experimental user namespace support - Bugfixes- Changes for v0.7.0 rkt 0.7.0 includes new subcommands for `rkt image` to manipulate images from the local store. It also has a new build system based on autotools and integration with SELinux. - New subcommands for `rkt image`: extract, render and export - Metadata service: - Auth now based on tokens - Registration done by default, unless --mds-register=false is passed - Build: - Remove support for Go 1.3 - Replace build system with autoconf and make - Network: fixes for plugins related to mnt namespace - Signature: clearer error messages - Security: - Support for SELinux - Check signature before downloading - Commands: fix error messages and parameter parsing - Output: reduce output verbosity - Systemd integration: fix stop bug - Tests: Improve tests output- switched to github tarball
* Tue Jun 23 2015 dmacvicarAATTsuse.de- move binaries to libexec so that rkt finds them alongside itself without polluting /usr/bin- add systemd-nspawn version requiremnt
* Tue Jun 23 2015 dmacvicarAATTsuse.de- initial package for 0.6.1