Releases: canonical/pebble
v1.16.0: better service start/stop, warnings as notices
This release includes a few significant, user-visible changes and fixes:
- Improvements to how services with dependencies are started and stopped (using "lanes"), so that independent services are started in parallel, and dependent services start up serially. Error handling is also improved. Fix in #437 and closes #231 (thanks @troyanov for the report).
- A fix for a tricky bug in
pebble exec, so it doesn't lose output in interactive mode. Thanks @dmitry-lyfar for the report, and the fix in #466! - Reduce the size of
exectasks by not storing the execSetup (which includes all environment variables) in state. This speeds up (and shrinks the data) when serialising state to disk duringstate.Unlock. Fix is in #478. - Ensure Pebble doesn't hang (with no error message) when the state file directory is read-only or otherwise inaccessible. Thanks for the report @berkayoz in #462. Fix in #481.
- Re-implement warnings using notices. This was always the intention since the notices feature was added (it was designed as a superset of warnings), but we'd never gotten to it. Lots of nice code deletion in #486.
Also, something that doesn't affect the operation of Pebble: we've moved the documentation from a "big long README" to a proper documentation site. Code is in the docs directory, and the website lives at https://canonical-pebble.readthedocs-hosted.com/. Thanks @IronCore864 for your work on this!
There are also a ton of minor fixes and tweaks, listed below.
Other minor changes:
- fix(snap): set Pebble version before snap builds by @cjdcordeiro in #450
- refactor: pull in the snapd RestartManager refactoring in #446
- fix: avoid need to lock state for restart.Pending() in #451
- fix: make Client.Pull properly handle API errors in #452
- feat(daemon): add Err() to retrieve the tomb death reason by @thp-canonical in #453
- fix: actually turn off child subreaping in reaper.Stop in #454
- feat(daemon): allow overriding layers directory in daemon.Options by @thp-canonical in #456
- feat(overlord): reversed order of manager stop by @Ardelean-Calin in #447
- fix(logger): Make MockLogger threadsafe by @thp-canonical in #441
- fix(overlord): allow ensure when state is available by @flotter in #482
- fix: initialize socketPath to prevent stale cache by @holmanb in #491
- test: improve osutil.mkdir test coverage in #492
- ci: add a monthly (or on demand) TIOBE reporting workflow in #494
- refactor(state): avoid need for state lock in LatestWarningTime in #493
New Contributors
- @AnneCYH made their first contribution in #457
- @Ardelean-Calin made their first contribution in #447
- @holmanb made their first contribution in #491
Full Changelog: v1.15.0...v1.16.0
Contributors
Assets 7
v1.15.0: Identities, Go 1.22
This version adds support for the Pebble Identities features (described in OP043), and updates the Go version when building binaries and Snaps from Go 1.20 to Go 1.22.
What's Changed
- feat(state): core of reading/writing identities in state by @benhoyt in #428
- feat(daemon): identities API endpoints by @benhoyt in #429
- feat(client): Go client for identities by @benhoyt in #430
- feat(cli): identities CLI commands by @benhoyt in #431
- fix(snap): build snap with Go 1.22 to fix CVE-2024-24790 by @cjdcordeiro in #448
- feat(daemon): use identities to auth API requests by @benhoyt in #434
- chore: use Go 1.22 (supported), in go.mod and binary builds by @benhoyt in #449
Full Changelog: v1.14.0...v1.15.0
Contributors
Assets 7
v1.14.1: Snap fixes: build on Go 1.22 and fix version
This is a patch release which includes two fixes:
v1.14.0
This is a very small release, mainly so that we can start using the check-name feature in Juju.
What's Changed
- fix(planstate): don't hold planLock while calling plan-changed listeners by @benhoyt in #436
- docs: various improvements to "service dependencies" section by @benhoyt in #442
- feat: include check name in notice data for perform-check and recover-check by @tonyandrewmeyer in #444
Full Changelog: v1.13.0...v1.14.0
Contributors
Assets 7
v1.13.0
This release includes a few minor fixes, notably disabling --verbose for pebble enter exec now that --verbose has been removed from the default Rockcraft entrypoint.
What's Changed
- fix: work around issue with user.Lookup not returning UnknownUserError in #427
- fix(daemon): turn off net/http panic recovery in #350
- fix(enter): block --verbose for exec subcommand by @rebornplusplus in #394
- docs: a new getting started tutorial for pebble in #421
- docs: create reusable content for how to install guide and the tutorial in #433
Full Changelog: v1.12.0...v1.13.0
Contributors
Assets 7
v1.12.0
One change to fix a significant panic in the new health checks system (#415), a fix for mkdir to chmod as expected, and several minor changes.
What's Changed
- fix(checkstate): ignore and abort carryover changes by @flotter in #415
- feat(personality): Allow state filename customization by @thp-canonical in #416
- docs: starter pack by @IronCore864 in #417
- docs: splitting readme into pebble docs with the diataxis method by @IronCore864 in #419
- feat: unified osutil.Mkdir API with options by @IronCore864 in #418
- fix: note exist-ok behaviour of "mkdir -p" in argument help by @benhoyt in #424
- fix: avoid legacy Snapcraft location for LP creds by @cjdcordeiro in #425
- feat(osutil.Mkdir): add the chmod flag by @IronCore864 in #423
- chore: update golang.org/x dependencies by @benhoyt in #426
Full Changelog: v1.11.0...v1.12.0
Contributors
Assets 7
v1.11.0: health checks implemented with Changes and Tasks
The highlight of this release is that health checks were reimplemented as Changes and Tasks, making it possible to introspect and debug check failures (#409).
Also included are the security fixes from #406, which were also released in the v1.10.2 patch release. In addition, there are a couple of minor fixes for layer validation and client ID validation from first-time contributor @IronCore864.
What's Changed
- feat(client): add change-update notice type by @benhoyt in #401
- fix(daemon): require admin access for POSTs and file pull API by @benhoyt in #406
- feat: make layers with label prefix "pebble-" reserved by @IronCore864 in #403
- feat: client side change id validation by @IronCore864 in #404
- chore: use RFC2602 domain (example.com) in custom notice examples by @benhoyt in #407
- feat: perform health checks via changes and tasks by @benhoyt in #409
Full Changelog: v1.10.0...v1.11.0
Contributors
Assets 7
v1.10.2: require admin access for POSTs and file pull API
This addresses the following security issues:
- Lock down all POSTs/writes to require admin.
- Lock down the files "pull" API to require admin.
- Lock down the task-websocket endpoint to admin.
Full Changelog: v1.10.1...v1.10.2
v1.7.4: require admin access for file pull API
This locks down the files "pull" API to require admin. Even though it's a read (GET), this meant any user could potentially read sensitive files.
Changelog since v1.7.3: v1.7.3...v1.7.4
v1.4.2: require admin access for file pull API
This locks down the files "pull" API to require admin. Even though it's a read (GET), this meant any user could potentially read sensitive files.
Changelog since v1.4.1: v1.4.1...v1.4.2