Skip to content

v0.11
Compare
Choose a tag to compare
@warpfork warpfork released this 06 Mar 06:26
release/v0.11
f609563

This release of Repeatr includes the "Policy" system -- this is majorly exciting: for the first time, we have containers which drastically reduce the privilege of processes inside them by default.
This is a major improvement to security for users, and hopefully the start of major improvements to the whole ecosystem, since safe operations are now the default operations.
Of course, it's also a massively breaking change for any formulas that previously required powerful and unsafe system permissions -- they now have to admit it up-front! ;)

  • Feature: Policies!! And graceful de-escalation of privileges. [PR: gh#68]
    • By default, executors will drop to user-level privileges and a non-0 (a.k.a non-root) UID.
    • Executors which support advanced features like linux capabilities will also drop those.
    • Policy levels available are, from safest to most empowered: routine, uidzero, governor, and sysad. Routine is the default.
  • Feature: Several minimum-viable-provisioning will be applied to your filesystems and environment before job launch: this is called the "cradle". These features make operating with low privileges (as introduced concurrently by the policies feature) much easier.
    • If you configure a cwd that doesn't already exist, it will be automatically created and be writable.
    • Your jobs may now reliably expect /tmp to exist and to be writable (specifically, it will be forced to chmod=01777; world-writable plus sticky bit, as a tempdir should be).
    • The $HOME environment variable will now be assigned by default. The referenced directory will exist (and be writable, if cradle created it).
    • These new behaviors can be disabled by configuring action.cradle = false in your formulas.
  • Bugfix: Clean up the filesystem more gingerly if major errors are raised during executor operation. Certain failure cases of unmounting could previously cause more files to be removed during "cleanup" -- if you're using host mounts, this could be a fairly major problem and you should upgrade immediately.
  • Bugfix: Files produced by the 'git' transport will now be owned by uid=1000, gid=1000. This is consistent with the default filter values for other transports.
  • Internal: Defining a mechanism to feed results of one formula into another, describing ways to communicate well-known ware hashes by name, and thereupon build automatic update systems and complex processing pipelines. Proof-of-concept work -- will not be externally exposed or API-stable for some time. [PR: gh#67]
Assets 3
Loading