Releases: confidential-containers/guest-components
Releases · confidential-containers/guest-components
v0.10.0
What's Changed
- CDH | Add Aliyun STS Token support for KMS by @Xynnn007 in #591
- chore(deps): Bump url from 2.5.1 to 2.5.2 by @dependabot in #594
- Revert "Handle gzip whiteouts correctly" by @stevenhorsman in #603
- cdh:golang support to dynamic generate go code with proto file by @ChengyuZhu6 in #605
- image-rs: make tar reader async by @Xynnn007 in #602
- dep: update protobuf to v3.5.0 by @Xynnn007 in #609
- AA | Add Eventlog Recording for Attestation Agent by @Xynnn007 in #548
- attester: implement runtime measurement for az vtpm TEEs by @mkulke in #610
- AA: fallback to pcr in configfile in extend operations by @mkulke in #612
- chore(deps): Bump tokio from 1.36.0 to 1.38.0 by @dependabot in #611
- AA: handle multiline content in log events by @mkulke in #615
- image-rs: update cosign signed image test materials by @Xynnn007 in #618
- image-rs: bail out if unable to get registry auth credentials by @wainersm in #620
- cdh: support to encrypt block device by @ChengyuZhu6 in #617
- CDH/KMS: update aliyun KMS client key encoding by @Xynnn007 in #621
- cdh:storage: Add
-u
flag to mktemp to avoid file creation by @ChengyuZhu6 in #622 - cdh/kms: modify get_secret() function by @1570005763 in #624
- image-rs: Support to reuse meta_store by @ChengyuZhu6 in #623
- CDH/KMS: mark Get trait immutable by @Xynnn007 in #625
- AA: add GetTeeType API by @Xynnn007 in #613
- ci: fix doc_lazy_continuation findings with Rust 1.80.0 by @mythi in #629
- AA: add flag to enable eventlog by @Xynnn007 in #627
- ocicrypt-rs: dont't swallow pre_unwrap_key() error by @mkulke in #630
- ci: increase open-pull-requests-limit from 1 to 3 by @arronwy in #638
- GHA: Remove {pre,post}-action steps for self-hosted runners by @BbolroC in #637
- chore(deps): Bump serial_test from 2.0.0 to 3.1.1 by @dependabot in #640
- chore(deps): Bump oci-spec from 0.6.5 to 0.6.7 by @dependabot in #639
- chore(deps): Bump tokio from 1.38.0 to 1.39.2 by @dependabot in #642
- chore(deps): Bump log from 0.4.21 to 0.4.22 by @dependabot in #643
- ci: Remove duplicate build when a PR is merged to main by @arronwy in #644
- GHA: Introduce cancel-in-progress by @BbolroC in #647
- GHA: Fix condition for duplicate checks post-merge by @BbolroC in #648
- chore(deps): Bump base64 from 0.21.7 to 0.22.0 by @dependabot in #646
- chore(deps): Bump thiserror from 1.0.57 to 1.0.63 by @dependabot in #645
- attestation-agent: Extend ResourceUri to support query string by @cclaudio in #634
- chore(deps): Bump assert_cmd from 1.0.8 to 2.0.15 by @dependabot in #649
- chore(deps): Bump serde_json from 1.0.117 to 1.0.122 by @dependabot in #654
- Improve KBS protocol version handling and bump the version to v0.1.1 due to kbs-types changes by @mythi in #628
- chore(deps): Bump uuid from 1.7.0 to 1.10.0 by @dependabot in #656
- chore(deps): Bump flate2 from 1.0.28 to 1.0.31 by @dependabot in #650
- image-rs: update cosign signature verification unit test by @Xynnn007 in #658
- chore(deps): Bump serde from 1.0.197 to 1.0.205 by @dependabot in #660
- chore(deps): Bump tokio-util from 0.7.10 to 0.7.11 by @dependabot in #659
- add vault support to secret-cli tool by @fitzthum in #631
- chore(deps): Bump strum_macros from 0.26.2 to 0.26.4 by @dependabot in #663
- initdata: add initdata hash in ibmse evidence by @huoqifeng in #616
- cdh: improves the luks-encrypt-storage script by @wainersm in #666
- chore(deps): Bump shadow-rs from 0.23.0 to 0.32.0 by @dependabot in #668
- chore(deps): Bump tdx-attest-rs from DCAP_1.20 to DCAP_1.21 by @dependabot in #662
- deps: upgrade oci-distribution to v0.12.0 by @burgerdev in #665
- chore(deps): Bump toml from 0.8.14 to 0.8.19 by @dependabot in #671
- chore(deps): Bump openssl from 0.10.64 to 0.10.66 by @dependabot in #676
- chore(deps): Bump reqwest from 0.12.4 to 0.12.5 by @dependabot in #677
- AA: avoid creating AAEL if it is disabled by @Xynnn007 in #678
- ci: fix the CoCoKeyprovider image pushing logic by @Xynnn007 in #673
- keyprovider: Pin a specific version of skopeo by @fidencio in #669
- lint: fix rust lint error by @Xynnn007 in #680
- cdh:storage: Refactor luksFormat command to use --batch-mode by @ChengyuZhu6 in #679
- chore(deps): Bump tokio from 1.39.2 to 1.39.3 by @dependabot in #682
- AA: fix timeout when processing multiple incoming requests by @imlk0 in #681
- chore(deps): Bump strum from 0.25.0 to 0.26.3 by @dependabot in #683
- chore(deps): Bump sequoia-openpgp from 1.20.0 to 1.21.2 by @dependabot in #686
- chore(deps): Bump assert_cmd from 2.0.15 to 2.0.16 by @dependabot in #685
- chore(deps): Bump dircpy from 0.3.16 to 0.3.19 by @dependabot in #693
- docs: add coco_keyprovider to tools section by @fitzthum in #695
- chore(deps): Bump serde from 1.0.205 to 1.0.209 by @dependabot in #696
- image-rs: check xattrs for target dir when image unpacking by @Xynnn007 in #691
- chore(deps): Bump lazy_static from 1.4.0 to 1.5.0 by @dependabot in #697
- cdh:golang: Add support for SecureMount in the go client tool by @ChengyuZhu6 in #700
- chore(deps): Bump async-compression from 0.4.10 to 0.4.12 by @dependabot in #701
- chore(deps): Bump zstd from 0.12.4 to 0.13.1 by @dependabot in #703
- update CODEOWNERS by @mythi in #704
- image-rs: Handle gzip whiteouts correctly by @squarti in https://github.com/confidential-containers/guest-components/p...
v0.9.0
What's Changed
- aa/attester: Update csv-rs dep to rev 9d8882e. by @BaoshunFang in #388
- image-rs: change namespace of ICR images by @mattarnoatibm in #383
- image-rs: fix nightly lint error by @Xynnn007 in #390
- api-server-rest: Add actionable error message for ttrcp client by @arronwy in #389
- CDH add unwrapkey API by @Xynnn007 in #349
- Fix link error by @Xynnn007 in #393
- Cca: list Arm CCA as one of CC KBC attesters by @chendave in #391
- CI for Confidential Data Hub by @Xynnn007 in #395
- Cargo.lock: update dep by @Xynnn007 in #396
- cdh: add secure mount feature in cdh by @LindaYu17 in #345
- Attester: Update CSV evidence format by @jialez0 in #398
- attestion-agent: bump az_snp_vtpm attester version by @mkulke in #399
- CDH: add en/decrypt support for eHSM-KMS by @1570005763 in #359
- update peerpod daemon.json path by @katexochen in #401
- ocicrypt-rs: regenerate keyprovider g/ttrpc code by @mkulke in #405
- image-rs: fix image layer ordering by @mkulke in #404
- AA: Add API to extend measurement register at runtime by @jialez0 in #392
- kbs-types and sigstore updates by @mythi in #408
- Makefile: add platform Makefile to quickly build guest component binaries by @Xynnn007 in #407
- CDH/eHSM: add features for eHSM support by @Xynnn007 in #409
- Update CI and ttrpc built proto files by @Xynnn007 in #411
- chore(deps): update sigstore-rs to 0.8.0 and oci-distribution to 0.10.0 by @mythi in #414
- AA/kbs_protocol: fix RCAR handshake protocol by @Xynnn007 in #406
- Random key generation by @piotrpalcz in #385
- image-rs: enable the test of reading credentials from auth config by @ChengyuZhu6 in #421
- image-rs: Redefine constructions of ImageClient and ImageConfig by @ChengyuZhu6 in #416
- attester: add evidence_getter binary by @Xynnn007 in #418
- attestation-agent: add az-tdx-vtpm attester by @mkulke in #375
- AA: fix CI failure by @1570005763 in #424
- Makefile: add more platforms to Makefile by @fitzthum in #425
- sample: always enable sample attester by @fitzthum in #426
- aa/cdh: make agent-config path configurable by env by @mkulke in #429
- cocokeyprovider: add support for daemonize by @Xynnn007 in #417
- Fixes mount parameter order in CDH/Storage/OSS by @Xynnn007 in #432
- Move AA abilities to CDH by @Xynnn007 in #427
- build: Rename the feature flag and set default by @bpradipt in #437
- AA/kbs_protocol: fix the RCAR handshake unit test by @Xynnn007 in #438
- image-rs: fix integration test by @Xynnn007 in #441
- CDH: add get_secret support for Aliyun KMS by @1570005763 in #423
- aa_kbc_params: centralize handling in CDH and AA by @mkulke in #440
- chore(deps): Bump actions/cache from 3 to 4 by @dependabot in #445
- Update az snp vtpm to 0.5 by @surajssd in #436
- aa: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in #448
- AA: Support get CoCo-AS Attestation Token by @jialez0 in #449
- Makefile: support to build components for all platforms and amd by @Xynnn007 in #453
- RFC: attester: tdx: try not to error on broken report_data by @mythi in #452
- cdh/kms:add 'Aliyun' as 'VaultProvider' by @1570005763 in #455
- Nit Fix: remove abandoned file for backup by @jialez0 in #457
- AA: Add
coco_as
feature tocc_kbc
to default support CoCo-AS by @jialez0 in #459 - cdh/kms: add default value for "AliSecretAnnotations" by @1570005763 in #458
- deps: Update az-snp-vtpm & az-tdx-vtpm to 0.5.1 by @surajssd in #460
- AA: Add Config file mechanism by @jialez0 in #454
- Fix: Use strum string to parse AA token type string by @jialez0 in #463
- keyprovider: extend docker image and documentation by @mkulke in #451
- AA: Add API of CheckInitData by @Xynnn007 in #462
- workflow: trigger nydus test in workflow by @ChengyuZhu6 in #433
- ci: install DCAP packages from Jammy repo by @mythi in #350
- chore(deps): Bump tdx-attest-rs from DCAP_1.16 to DCAP_1.20 by @dependabot in #442
- Cargo.lock: Update dep of curve25519-dalek and x25519-dalek by @ChengyuZhu6 in #471
- chore(deps): Bump deranged from 0.3.10 to 0.3.11 by @dependabot in #472
- Replace unsafe NonNull::new_unchecked with NonNull:new by @pingzhaozz in #461
- CI: fix rust-nightly static checks by @portersrc in #476
- attester: add TSM REPORT module and move TDX to use it by @mythi in #434
- chore(deps): Bump http-auth from 0.1.8 to 0.1.9 by @dependabot in #475
- CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in #477
- image-rs: add encrypted nydus image tests by @ChengyuZhu6 in #469
- chore(deps): Bump anyhow from 1.0.77 to 1.0.80 by @dependabot in #478
- chore(deps): Bump base64 from 0.21.5 to 0.21.7 by @dependabot in #479
- chore(deps): Bump k256 from 0.13.2 to 0.13.3 by @dependabot in #481
- CDH | Add configuration file when launching by @Xynnn007 in #444
- chore(deps): Bump tls_codec from 0.4.0 to 0.4.1 by @dependabot in #482
- chore(deps): Bump scroll from 0.11.0 to 0.12.0 by @dependabot in #483
- chore(deps): Bump dsa from 0.6.2 to 0.6.3 by @dependabot in #484
- attester: bump az-*-vtpm crates to 0.5.2 by @mkulke in #486
- AA/attester: add README docs by @Xynnn007 in #493
- cdh: make the config path configurable by env by @mkulke in https...
v0.8.0
What's Changed
- Add unit test case for unencrypted images by @portersrc in #287
- ci: refactor workflows by @katexochen in #275
- chore(deps): Bump actions/checkout from 2 to 3 by @dependabot in #176
- aa: Rename Occlum attester to SGX attester and add Gramine support to it by @mythi in #167
- attestation-agent/Attesters: refactor the trait of Attester by @Xynnn007 in #284
- Unify common deps to the same version in Cargo.toml of the worksppace by @Xynnn007 in #285
- Update base64 crate in guest-components by @Xynnn007 in #282
- image-rs: add image block device dm-verity and mount by @ChengyuZhu6 in #270
- ci: enable image-rs rust lint check for all features by @arronwy in #291
- aa: sgx-attester: update occlum_dcap to a tagged version by @mythi in #289
- chore(deps): Update strum requirement from 0.24 to 0.25 by @dependabot in #293
- image-rs: refine implementation of dm-verity by @jiangliu in #294
- chore(deps): Update strum_macros requirement from 0.24 to 0.25 by @dependabot in #297
- image-rs: add sha1 hash algorithm support in dm-verity by @ChengyuZhu6 in #300
- Provide builder for KBS Protocol Wrapper by @mkulke in #278
- Confidential-Datahub API definition and Sealed Secrets by @Xynnn007 in #288
- Added two security enhancements to AA by @jialez0 in #273
- Made Attester trait's get_evidence() async by @mkulke in #299
- image pull tests: replace image ref by @Xynnn007 in #301
- Add panic with error msg when test-async-pull-client fails by @portersrc in #303
- Update commands to generate test image and remove duplicated test case by @arronwy in #305
- image-rs: Fix the flaky CI with assert_retry by @arronwy in #306
- image-rs: change fallback kbs_uri from localhost to http://localhost by @mkulke in #308
- chore(deps): Update tonic-build requirement from 0.8.0 to 0.9.2 by @dependabot in #302
- chore(deps): Update env_logger requirement from 0.9.0 to 0.10.0 by @dependabot in #310
- kbs_protocol: use rusttls when rust-crypto feature is enabled by @mythi in #307
- chore(deps): Update oci-spec requirement from 0.5.8 to 0.6.2 by @dependabot in #311
- Refactor kbs client by @Xynnn007 in #304
- image-rs: enclave-cc updates by @mythi in #312
- chore(deps): Update async-compression requirement from 0.3.15 to 0.4.1 by @dependabot in #313
- Kbs protocol fix cargo toml by @Xynnn007 in #315
- Confidential DataHub Part 2: KMS support and unseal secret with KMS by @Xynnn007 in #309
- chore(deps): Update shadow-rs requirement from 0.5.25 to 0.23.0 by @dependabot in #316
- Fix: Initialization of tee type is lacked in get_token API by @jialez0 in #320
- Confidential DataHub Part 3: Define Vault API & Support GetResource API with KBS-Client & Sev support by @Xynnn007 in #319
- verity: support parsing options from remote snapshotter by @ChengyuZhu6 in #317
- Add initial support for a hygon csv attester by @BaoshunFang in #323
- Confidential DataHub Part 4: CDH binary & Attestation API for AA by @Xynnn007 in #322
- image: Add a function to get image name from remote by @ChengyuZhu6 in #324
- cargo: Fix the build dependency for eaa_kbc by @arronwy in #327
- image-rs: Update loopdev to latest master by @surajssd in #328
- image-rs: add feature gate for verity by @ChengyuZhu6 in #331
- Remove git reference for sev by @emanuellima1 in #334
- Initial implementation rest api server for CoCo by @arronwy in #325
- versions: Downgrade clap by @stevenhorsman in #337
- versions: Add tilde to clap dependency by @stevenhorsman in #339
- Fix enclave-cc dep by @Xynnn007 in #335
- ci: Use toolchain match the kata to replace the beta by @arronwy in #338
- aa/attester: Update csv-rs dep to rev bcf3bcc. by @BaoshunFang in #342
- Verity: Redefine functions to support kata by @ChengyuZhu6 in #343
- aa/attester: Update csv-rs dep to rev 05fbacd. by @BaoshunFang in #348
- Add Cargo.lock for consistent builds by @beraldoleal in #344
- workflows: Bump to rust 1.72 by @stevenhorsman in #356
- New tee type: CCA (Confidential Compute Architecture) by @chendave in #321
- Api server rest makefile by @stevenhorsman in #358
- Read agent config from file by @stevenhorsman in #365
- Fix cc kbc aa param config file parsing by @stevenhorsman in #368
- attestation-agent: fix extraction of peerpod kbs host addr extraction in token code by @mkulke in #371
- api-server-rest: fix aa_addr cli param by @mkulke in #370
- image-rs: Support simple signing with X-R-S-S by @mattarnoatibm in #372
- cdh/kms/kbs: raise warning when failed to read file for offline-fs-kbc by @Xynnn007 in #374
- Fix Aliyun KMS suite by @Xynnn007 in #376
- cdh/kms: add rustls-tls feature for aliyun by @Xynnn007 in #377
- Fix CDH & kbs_protocol by @Xynnn007 in #381
- chore(deps): Bump docker/login-action from 2 to 3 by @dependabot in #362
- chore(deps): Bump docker/build-push-action from 4 to 5 by @dependabot in #363
- ci: disable eaa-kbc ci for PR and Merge by @Xynnn007 in #386
- chore(deps): Bump actions/checkout from 3 to 4 by @dependabot in #351
New Contributors
- @ChengyuZhu6 made their first contribution in #270
- @BaoshunFang made their first contribution in #323
- @emanuellima1 made their first contribution in #334
- @beraldoleal made their first contribution in #344
- @chendave made their first contribution in #321
**Full...
v0.7.0
Although this is v0.7.0, this is the first release of the merged guest-components repository.
Previous releases in this repository are from when the repository contained only image-rs
.
This is one reason that so many people are listed as new contributors in this release.
What's Changed
- Add some robustness fixes to integration tests by @mkulke in #159
- 3 Repo merge by @dcmiddle in #158
- Fix ci by @Xynnn007 in #163
- ci: Occlum: fix ci test by @Xynnn007 in #175
- Update TDX attester dependencies version to 1.16 by @jialez0 in #174
- Add missing attesters to Readme by @katexochen in #172
- feat: use ndyus to speed up the image deployment process in image-rs by @taoohong in #117
- kbs_protocol: Return unquoted string from attestation() by @jepio in #168
- aa/attester: Update virtee/sev dep to 1.2 by @jepio in #179
- ci: Fix integration test for image-rs by @Xynnn007 in #271
- Optimize implementation of image-rs/stream by @jiangliu in #264
- Add doc about how to pull encrypted Nydus image with image-rs by @taoohong in #196
- AA: use URL safe base64 encoding for TeePubKey by @katexochen in #177
- Adjusted the handling of URLs to support more types of hosts by @jialez0 in #173
- Optimize implementation of image-rs/pull by @jiangliu in #266
- image-rs: improve AA build and output by @katexochen in #274
- ci: add link checker workflow by @katexochen in #277
- docs: update links to new repo and fix broken links by @katexochen in #276
- Tidy up the warnings from integration tests by @portersrc in #279
- docs: update generate_test_data guide link by @Xynnn007 in #280
- image-rs: Fix the rust lint warning by @arronwy in #281
- Fix kbs url in cc-kbc by @Xynnn007 in #286
New Contributors
- @mkulke made their first contribution in #159
- @dcmiddle made their first contribution in #158
- @katexochen made their first contribution in #172
- @taoohong made their first contribution in #117
- @jepio made their first contribution in #168
- @portersrc made their first contribution in #279
Full Changelog: v0.6.0...v0.7.0
v0.6.0
What's Changed
- Fix remove ring by @Xynnn007 in #135
- Signature: delete useless notes by @Xynnn007 in #142
- Cargo.toml: add occlum cckbc feature by @Xynnn007 in #144
- pull: Add max concurrent download limit support by @arronwy in #146
- gh: add dependency bot by @Xynnn007 in #147
- chore(deps): Update serial_test requirement from 0.9.0 to 2.0.0 by @dependabot in #149
- chore(deps): Bump actions/checkout from 2 to 3 by @dependabot in #148
- chore(deps): Update serde_yaml requirement from 0.8 to 0.9 by @dependabot in #150
- chore(deps): Update zstd requirement from 0.11 to 0.12 by @dependabot in #151
- config: Add max_concurrent_download for pull operation by @arronwy in #153
- chore(deps): Update rstest requirement from 0.16.0 to 0.17.0 by @dependabot in #152
- bump: v0.6.0 for ocicrypt-rs and attestation-agent by @Xynnn007 in #155
- dep: Update ocicrypt-rs & attestation-agent by @stevenhorsman in #157
New Contributors
- @dependabot made their first contribution in #149
Full Changelog: v0.5.1...v0.6.0
v0.5.1
v0.5.0
v0.4.0
v0.2.0: Merge pull request #75 from arronwy/bump_ocicrypt-rs
cargo: Bump ocicrypt-rs to v0.2.0