v0.10.0

What's Changed

• CDH | Add Aliyun STS Token support for KMS by @Xynnn007 in #591
• chore(deps): Bump url from 2.5.1 to 2.5.2 by @dependabot in #594
• Revert "Handle gzip whiteouts correctly" by @stevenhorsman in #603
• cdh:golang support to dynamic generate go code with proto file by @ChengyuZhu6 in #605
• image-rs: make tar reader async by @Xynnn007 in #602
• dep: update protobuf to v3.5.0 by @Xynnn007 in #609
• AA | Add Eventlog Recording for Attestation Agent by @Xynnn007 in #548
• attester: implement runtime measurement for az vtpm TEEs by @mkulke in #610
• AA: fallback to pcr in configfile in extend operations by @mkulke in #612
• chore(deps): Bump tokio from 1.36.0 to 1.38.0 by @dependabot in #611
• AA: handle multiline content in log events by @mkulke in #615
• image-rs: update cosign signed image test materials by @Xynnn007 in #618
• image-rs: bail out if unable to get registry auth credentials by @wainersm in #620
• cdh: support to encrypt block device by @ChengyuZhu6 in #617
• CDH/KMS: update aliyun KMS client key encoding by @Xynnn007 in #621
• cdh:storage: Add -u flag to mktemp to avoid file creation by @ChengyuZhu6 in #622
• cdh/kms: modify get_secret() function by @1570005763 in #624
• image-rs: Support to reuse meta_store by @ChengyuZhu6 in #623
• CDH/KMS: mark Get trait immutable by @Xynnn007 in #625
• AA: add GetTeeType API by @Xynnn007 in #613
• ci: fix doc_lazy_continuation findings with Rust 1.80.0 by @mythi in #629
• AA: add flag to enable eventlog by @Xynnn007 in #627
• ocicrypt-rs: dont't swallow pre_unwrap_key() error by @mkulke in #630
• ci: increase open-pull-requests-limit from 1 to 3 by @arronwy in #638
• GHA: Remove {pre,post}-action steps for self-hosted runners by @BbolroC in #637
• chore(deps): Bump serial_test from 2.0.0 to 3.1.1 by @dependabot in #640
• chore(deps): Bump oci-spec from 0.6.5 to 0.6.7 by @dependabot in #639
• chore(deps): Bump tokio from 1.38.0 to 1.39.2 by @dependabot in #642
• chore(deps): Bump log from 0.4.21 to 0.4.22 by @dependabot in #643
• ci: Remove duplicate build when a PR is merged to main by @arronwy in #644
• GHA: Introduce cancel-in-progress by @BbolroC in #647
• GHA: Fix condition for duplicate checks post-merge by @BbolroC in #648
• chore(deps): Bump base64 from 0.21.7 to 0.22.0 by @dependabot in #646
• chore(deps): Bump thiserror from 1.0.57 to 1.0.63 by @dependabot in #645
• attestation-agent: Extend ResourceUri to support query string by @cclaudio in #634
• chore(deps): Bump assert_cmd from 1.0.8 to 2.0.15 by @dependabot in #649
• chore(deps): Bump serde_json from 1.0.117 to 1.0.122 by @dependabot in #654
• Improve KBS protocol version handling and bump the version to v0.1.1 due to kbs-types changes by @mythi in #628
• chore(deps): Bump uuid from 1.7.0 to 1.10.0 by @dependabot in #656
• chore(deps): Bump flate2 from 1.0.28 to 1.0.31 by @dependabot in #650
• image-rs: update cosign signature verification unit test by @Xynnn007 in #658
• chore(deps): Bump serde from 1.0.197 to 1.0.205 by @dependabot in #660
• chore(deps): Bump tokio-util from 0.7.10 to 0.7.11 by @dependabot in #659
• add vault support to secret-cli tool by @fitzthum in #631
• chore(deps): Bump strum_macros from 0.26.2 to 0.26.4 by @dependabot in #663
• initdata: add initdata hash in ibmse evidence by @huoqifeng in #616
• cdh: improves the luks-encrypt-storage script by @wainersm in #666
• chore(deps): Bump shadow-rs from 0.23.0 to 0.32.0 by @dependabot in #668
• chore(deps): Bump tdx-attest-rs from DCAP_1.20 to DCAP_1.21 by @dependabot in #662
• deps: upgrade oci-distribution to v0.12.0 by @burgerdev in #665
• chore(deps): Bump toml from 0.8.14 to 0.8.19 by @dependabot in #671
• chore(deps): Bump openssl from 0.10.64 to 0.10.66 by @dependabot in #676
• chore(deps): Bump reqwest from 0.12.4 to 0.12.5 by @dependabot in #677
• AA: avoid creating AAEL if it is disabled by @Xynnn007 in #678
• ci: fix the CoCoKeyprovider image pushing logic by @Xynnn007 in #673
• keyprovider: Pin a specific version of skopeo by @fidencio in #669
• lint: fix rust lint error by @Xynnn007 in #680
• cdh:storage: Refactor luksFormat command to use --batch-mode by @ChengyuZhu6 in #679
• chore(deps): Bump tokio from 1.39.2 to 1.39.3 by @dependabot in #682
• AA: fix timeout when processing multiple incoming requests by @imlk0 in #681
• chore(deps): Bump strum from 0.25.0 to 0.26.3 by @dependabot in #683
• chore(deps): Bump sequoia-openpgp from 1.20.0 to 1.21.2 by @dependabot in #686
• chore(deps): Bump assert_cmd from 2.0.15 to 2.0.16 by @dependabot in #685
• chore(deps): Bump dircpy from 0.3.16 to 0.3.19 by @dependabot in #693
• docs: add coco_keyprovider to tools section by @fitzthum in #695
• chore(deps): Bump serde from 1.0.205 to 1.0.209 by @dependabot in #696
• image-rs: check xattrs for target dir when image unpacking by @Xynnn007 in #691
• chore(deps): Bump lazy_static from 1.4.0 to 1.5.0 by @dependabot in #697
• cdh:golang: Add support for SecureMount in the go client tool by @ChengyuZhu6 in #700
• chore(deps): Bump async-compression from 0.4.10 to 0.4.12 by @dependabot in #701
• chore(deps): Bump zstd from 0.12.4 to 0.13.1 by @dependabot in #703
• update CODEOWNERS by @mythi in #704
• image-rs: Handle gzip whiteouts correctly by @squarti in https://github.com/confidential-containers/guest-components/p...

v0.9.0

What's Changed

• aa/attester: Update csv-rs dep to rev 9d8882e. by @BaoshunFang in #388
• image-rs: change namespace of ICR images by @mattarnoatibm in #383
• image-rs: fix nightly lint error by @Xynnn007 in #390
• api-server-rest: Add actionable error message for ttrcp client by @arronwy in #389
• CDH add unwrapkey API by @Xynnn007 in #349
• Fix link error by @Xynnn007 in #393
• Cca: list Arm CCA as one of CC KBC attesters by @chendave in #391
• CI for Confidential Data Hub by @Xynnn007 in #395
• Cargo.lock: update dep by @Xynnn007 in #396
• cdh: add secure mount feature in cdh by @LindaYu17 in #345
• Attester: Update CSV evidence format by @jialez0 in #398
• attestion-agent: bump az_snp_vtpm attester version by @mkulke in #399
• CDH: add en/decrypt support for eHSM-KMS by @1570005763 in #359
• update peerpod daemon.json path by @katexochen in #401
• ocicrypt-rs: regenerate keyprovider g/ttrpc code by @mkulke in #405
• image-rs: fix image layer ordering by @mkulke in #404
• AA: Add API to extend measurement register at runtime by @jialez0 in #392
• kbs-types and sigstore updates by @mythi in #408
• Makefile: add platform Makefile to quickly build guest component binaries by @Xynnn007 in #407
• CDH/eHSM: add features for eHSM support by @Xynnn007 in #409
• Update CI and ttrpc built proto files by @Xynnn007 in #411
• chore(deps): update sigstore-rs to 0.8.0 and oci-distribution to 0.10.0 by @mythi in #414
• AA/kbs_protocol: fix RCAR handshake protocol by @Xynnn007 in #406
• Random key generation by @piotrpalcz in #385
• image-rs: enable the test of reading credentials from auth config by @ChengyuZhu6 in #421
• image-rs: Redefine constructions of ImageClient and ImageConfig by @ChengyuZhu6 in #416
• attester: add evidence_getter binary by @Xynnn007 in #418
• attestation-agent: add az-tdx-vtpm attester by @mkulke in #375
• AA: fix CI failure by @1570005763 in #424
• Makefile: add more platforms to Makefile by @fitzthum in #425
• sample: always enable sample attester by @fitzthum in #426
• aa/cdh: make agent-config path configurable by env by @mkulke in #429
• cocokeyprovider: add support for daemonize by @Xynnn007 in #417
• Fixes mount parameter order in CDH/Storage/OSS by @Xynnn007 in #432
• Move AA abilities to CDH by @Xynnn007 in #427
• build: Rename the feature flag and set default by @bpradipt in #437
• AA/kbs_protocol: fix the RCAR handshake unit test by @Xynnn007 in #438
• image-rs: fix integration test by @Xynnn007 in #441
• CDH: add get_secret support for Aliyun KMS by @1570005763 in #423
• aa_kbc_params: centralize handling in CDH and AA by @mkulke in #440
• chore(deps): Bump actions/cache from 3 to 4 by @dependabot in #445
• Update az snp vtpm to 0.5 by @surajssd in #436
• aa: Update csv-rs dep to rev b74aa8c. by @BaoshunFang in #448
• AA: Support get CoCo-AS Attestation Token by @jialez0 in #449
• Makefile: support to build components for all platforms and amd by @Xynnn007 in #453
• RFC: attester: tdx: try not to error on broken report_data by @mythi in #452
• cdh/kms:add 'Aliyun' as 'VaultProvider' by @1570005763 in #455
• Nit Fix: remove abandoned file for backup by @jialez0 in #457
• AA: Add coco_as feature to cc_kbc to default support CoCo-AS by @jialez0 in #459
• cdh/kms: add default value for "AliSecretAnnotations" by @1570005763 in #458
• deps: Update az-snp-vtpm & az-tdx-vtpm to 0.5.1 by @surajssd in #460
• AA: Add Config file mechanism by @jialez0 in #454
• Fix: Use strum string to parse AA token type string by @jialez0 in #463
• keyprovider: extend docker image and documentation by @mkulke in #451
• AA: Add API of CheckInitData by @Xynnn007 in #462
• workflow: trigger nydus test in workflow by @ChengyuZhu6 in #433
• ci: install DCAP packages from Jammy repo by @mythi in #350
• chore(deps): Bump tdx-attest-rs from DCAP_1.16 to DCAP_1.20 by @dependabot in #442
• Cargo.lock: Update dep of curve25519-dalek and x25519-dalek by @ChengyuZhu6 in #471
• chore(deps): Bump deranged from 0.3.10 to 0.3.11 by @dependabot in #472
• Replace unsafe NonNull::new_unchecked with NonNull:new by @pingzhaozz in #461
• CI: fix rust-nightly static checks by @portersrc in #476
• attester: add TSM REPORT module and move TDX to use it by @mythi in #434
• chore(deps): Bump http-auth from 0.1.8 to 0.1.9 by @dependabot in #475
• CI: Fix nightly lint error & fix rust nightly version by @Xynnn007 in #477
• image-rs: add encrypted nydus image tests by @ChengyuZhu6 in #469
• chore(deps): Bump anyhow from 1.0.77 to 1.0.80 by @dependabot in #478
• chore(deps): Bump base64 from 0.21.5 to 0.21.7 by @dependabot in #479
• chore(deps): Bump k256 from 0.13.2 to 0.13.3 by @dependabot in #481
• CDH | Add configuration file when launching by @Xynnn007 in #444
• chore(deps): Bump tls_codec from 0.4.0 to 0.4.1 by @dependabot in #482
• chore(deps): Bump scroll from 0.11.0 to 0.12.0 by @dependabot in #483
• chore(deps): Bump dsa from 0.6.2 to 0.6.3 by @dependabot in #484
• attester: bump az-*-vtpm crates to 0.5.2 by @mkulke in #486
• AA/attester: add README docs by @Xynnn007 in #493
• cdh: make the config path configurable by env by @mkulke in https...

v0.8.0

What's Changed

• Add unit test case for unencrypted images by @portersrc in #287
• ci: refactor workflows by @katexochen in #275
• chore(deps): Bump actions/checkout from 2 to 3 by @dependabot in #176
• aa: Rename Occlum attester to SGX attester and add Gramine support to it by @mythi in #167
• attestation-agent/Attesters: refactor the trait of Attester by @Xynnn007 in #284
• Unify common deps to the same version in Cargo.toml of the worksppace by @Xynnn007 in #285
• Update base64 crate in guest-components by @Xynnn007 in #282
• image-rs: add image block device dm-verity and mount by @ChengyuZhu6 in #270
• ci: enable image-rs rust lint check for all features by @arronwy in #291
• aa: sgx-attester: update occlum_dcap to a tagged version by @mythi in #289
• chore(deps): Update strum requirement from 0.24 to 0.25 by @dependabot in #293
• image-rs: refine implementation of dm-verity by @jiangliu in #294
• chore(deps): Update strum_macros requirement from 0.24 to 0.25 by @dependabot in #297
• image-rs: add sha1 hash algorithm support in dm-verity by @ChengyuZhu6 in #300
• Provide builder for KBS Protocol Wrapper by @mkulke in #278
• Confidential-Datahub API definition and Sealed Secrets by @Xynnn007 in #288
• Added two security enhancements to AA by @jialez0 in #273
• Made Attester trait's get_evidence() async by @mkulke in #299
• image pull tests: replace image ref by @Xynnn007 in #301
• Add panic with error msg when test-async-pull-client fails by @portersrc in #303
• Update commands to generate test image and remove duplicated test case by @arronwy in #305
• image-rs: Fix the flaky CI with assert_retry by @arronwy in #306
• image-rs: change fallback kbs_uri from localhost to http://localhost by @mkulke in #308
• chore(deps): Update tonic-build requirement from 0.8.0 to 0.9.2 by @dependabot in #302
• chore(deps): Update env_logger requirement from 0.9.0 to 0.10.0 by @dependabot in #310
• kbs_protocol: use rusttls when rust-crypto feature is enabled by @mythi in #307
• chore(deps): Update oci-spec requirement from 0.5.8 to 0.6.2 by @dependabot in #311
• Refactor kbs client by @Xynnn007 in #304
• image-rs: enclave-cc updates by @mythi in #312
• chore(deps): Update async-compression requirement from 0.3.15 to 0.4.1 by @dependabot in #313
• Kbs protocol fix cargo toml by @Xynnn007 in #315
• Confidential DataHub Part 2: KMS support and unseal secret with KMS by @Xynnn007 in #309
• chore(deps): Update shadow-rs requirement from 0.5.25 to 0.23.0 by @dependabot in #316
• Fix: Initialization of tee type is lacked in get_token API by @jialez0 in #320
• Confidential DataHub Part 3: Define Vault API & Support GetResource API with KBS-Client & Sev support by @Xynnn007 in #319
• verity: support parsing options from remote snapshotter by @ChengyuZhu6 in #317
• Add initial support for a hygon csv attester by @BaoshunFang in #323
• Confidential DataHub Part 4: CDH binary & Attestation API for AA by @Xynnn007 in #322
• image: Add a function to get image name from remote by @ChengyuZhu6 in #324
• cargo: Fix the build dependency for eaa_kbc by @arronwy in #327
• image-rs: Update loopdev to latest master by @surajssd in #328
• image-rs: add feature gate for verity by @ChengyuZhu6 in #331
• Remove git reference for sev by @emanuellima1 in #334
• Initial implementation rest api server for CoCo by @arronwy in #325
• versions: Downgrade clap by @stevenhorsman in #337
• versions: Add tilde to clap dependency by @stevenhorsman in #339
• Fix enclave-cc dep by @Xynnn007 in #335
• ci: Use toolchain match the kata to replace the beta by @arronwy in #338
• aa/attester: Update csv-rs dep to rev bcf3bcc. by @BaoshunFang in #342
• Verity: Redefine functions to support kata by @ChengyuZhu6 in #343
• aa/attester: Update csv-rs dep to rev 05fbacd. by @BaoshunFang in #348
• Add Cargo.lock for consistent builds by @beraldoleal in #344
• workflows: Bump to rust 1.72 by @stevenhorsman in #356
• New tee type: CCA (Confidential Compute Architecture) by @chendave in #321
• Api server rest makefile by @stevenhorsman in #358
• Read agent config from file by @stevenhorsman in #365
• Fix cc kbc aa param config file parsing by @stevenhorsman in #368
• attestation-agent: fix extraction of peerpod kbs host addr extraction in token code by @mkulke in #371
• api-server-rest: fix aa_addr cli param by @mkulke in #370
• image-rs: Support simple signing with X-R-S-S by @mattarnoatibm in #372
• cdh/kms/kbs: raise warning when failed to read file for offline-fs-kbc by @Xynnn007 in #374
• Fix Aliyun KMS suite by @Xynnn007 in #376
• cdh/kms: add rustls-tls feature for aliyun by @Xynnn007 in #377
• Fix CDH & kbs_protocol by @Xynnn007 in #381
• chore(deps): Bump docker/login-action from 2 to 3 by @dependabot in #362
• chore(deps): Bump docker/build-push-action from 4 to 5 by @dependabot in #363
• ci: disable eaa-kbc ci for PR and Merge by @Xynnn007 in #386
• chore(deps): Bump actions/checkout from 3 to 4 by @dependabot in #351

New Contributors

• @ChengyuZhu6 made their first contribution in #270
• @BaoshunFang made their first contribution in #323
• @emanuellima1 made their first contribution in #334
• @beraldoleal made their first contribution in #344
• @chendave made their first contribution in #321

**Full...

v0.7.0

Although this is v0.7.0, this is the first release of the merged guest-components repository.

Previous releases in this repository are from when the repository contained only image-rs.
This is one reason that so many people are listed as new contributors in this release.

What's Changed

• Add some robustness fixes to integration tests by @mkulke in #159
• 3 Repo merge by @dcmiddle in #158
• Fix ci by @Xynnn007 in #163
• ci: Occlum: fix ci test by @Xynnn007 in #175
• Update TDX attester dependencies version to 1.16 by @jialez0 in #174
• Add missing attesters to Readme by @katexochen in #172
• feat: use ndyus to speed up the image deployment process in image-rs by @taoohong in #117
• kbs_protocol: Return unquoted string from attestation() by @jepio in #168
• aa/attester: Update virtee/sev dep to 1.2 by @jepio in #179
• ci: Fix integration test for image-rs by @Xynnn007 in #271
• Optimize implementation of image-rs/stream by @jiangliu in #264
• Add doc about how to pull encrypted Nydus image with image-rs by @taoohong in #196
• AA: use URL safe base64 encoding for TeePubKey by @katexochen in #177
• Adjusted the handling of URLs to support more types of hosts by @jialez0 in #173
• Optimize implementation of image-rs/pull by @jiangliu in #266
• image-rs: improve AA build and output by @katexochen in #274
• ci: add link checker workflow by @katexochen in #277
• docs: update links to new repo and fix broken links by @katexochen in #276
• Tidy up the warnings from integration tests by @portersrc in #279
• docs: update generate_test_data guide link by @Xynnn007 in #280
• image-rs: Fix the rust lint warning by @arronwy in #281
• Fix kbs url in cc-kbc by @Xynnn007 in #286

New Contributors

• @mkulke made their first contribution in #159
• @dcmiddle made their first contribution in #158
• @katexochen made their first contribution in #172
• @taoohong made their first contribution in #117
• @jepio made their first contribution in #168
• @portersrc made their first contribution in #279

Full Changelog: v0.6.0...v0.7.0

v0.6.0

What's Changed

• Fix remove ring by @Xynnn007 in #135
• Signature: delete useless notes by @Xynnn007 in #142
• Cargo.toml: add occlum cckbc feature by @Xynnn007 in #144
• pull: Add max concurrent download limit support by @arronwy in #146
• gh: add dependency bot by @Xynnn007 in #147
• chore(deps): Update serial_test requirement from 0.9.0 to 2.0.0 by @dependabot in #149
• chore(deps): Bump actions/checkout from 2 to 3 by @dependabot in #148
• chore(deps): Update serde_yaml requirement from 0.8 to 0.9 by @dependabot in #150
• chore(deps): Update zstd requirement from 0.11 to 0.12 by @dependabot in #151
• config: Add max_concurrent_download for pull operation by @arronwy in #153
• chore(deps): Update rstest requirement from 0.16.0 to 0.17.0 by @dependabot in #152
• bump: v0.6.0 for ocicrypt-rs and attestation-agent by @Xynnn007 in #155
• dep: Update ocicrypt-rs & attestation-agent by @stevenhorsman in #157

New Contributors

• @dependabot made their first contribution in #149

Full Changelog: v0.5.1...v0.6.0

v0.5.1

deps: Bump ocicrypt-rs to v0.5.1

I've missed one dependency bump while releasing ocicrypt-rs v0.5.0,
which lead to a new v0.5.1 release, which we should use here.

Signed-off-by: Fabiano Fidêncio <[email protected]>

v0.5.0

Merge pull request #139 from fidencio/topic/adapt-dependencies-to-v0.…

v0.4.0

lint: fix clippy warning for ttrpc proto

Signed-off-by: Xynnn007 <[email protected]>

v0.2.0: Merge pull request #75 from arronwy/bump_ocicrypt-rs

cargo: Bump ocicrypt-rs to v0.2.0