Roburio Albatross Versions Save

CHANGES:

This is a breaking release since the binaries to be installed have been revised and merged. The albatross-client-local is now albatross-client [--socket], albatross-provision-ca is now albatross-client sign or albatross-client generate. The albatross-client-remote is now albatross-client certificate. The albatross-client-bistro is now albatross-client <command> --destination <host> --ca ca.pem --ca-key ca.pem --server-ca cacert.pem.

And finally, albatross-tls-inetd is now albatross-tls-endpoint --inetd.

• Document TLS usage (#155, #156 @TheLortex @hannesm)
• Improve TLS experience by providing more reasonable error messages and apply more checks before establishing a TLS session (#157 @hannesm @reynir)
• Slim down binaries:
  • remove albatross-stat-client binary (#161 @hannesm)
  • move X509 parts out of Albatross_cli (#158 @reynir)
  • merge albatross-tls-inetd with albatross-tls-endpoint (#160 @hannesm)
  • merge albatross-client-inspect-dump into albatross-client (#161 @hannesm)
  • merge albatross-provision-ca and albatross-provision-request into albatross-client (#159 @reynir @hannesm)
  • merge albatross-client-remote and albatross-client-bistro and albatross-client-local into albatross-client (#162 @hannesm)
• Check solo5 ABI tender version, allow multiple solo5 tenders to exist (named as solo5-{s,h}vt.<ABI> (#163 @hannesm)
• Improve documentation and manpages (#164 @hannesm)

CHANGES:

• Update to tls 0.16 packaging (#154 @hannesm)

CHANGES:

• Systemd scripts: default to less verbose logging (#151 @dinosaure @reynir)
• Add a command to restart unikernels (#148 @hannesm @reynir)

CHANGES:

• Improve error messages when socket binding fails, and when albatross-console is not running (#139, inspired by #137, @hannesm @samoht)
• Debian packages: add gmp and libnl package dependencies (#141 #142 @reynir @hannesm)
• albatross-tls-endpoint: use Unix.inet6_addr_any, also add a command line argument to specify the listening address (#144 #145 @reynir @hannesm, reported in #143 by @palainp)
• command line: allow multiple ":" in the hostname (to support IPv6 addresses) (#146 @hannesm)

CHANGES:

• Support --block-sector-size (solo5 0.7.4) (#134 @hannesm @reynir)
• Invert communication between albatross-stats and albatross-daemon (#131 #133 @hannesm @reynir)
• Cleanups (avoid catch-all, remove migrate_name support, #130 @hannesm)
• Add minimal support for macOS (#128 @samoht)
• Upgrade to http-lwt-client 0.2.0 (#127 @hannesm)
• Remove unnecessary includes (#126 @reynir)

CHANGES:

• BUGFIX policy (vmm_resources): when inserting a policy, check policies above, but not the same one (@hannesm)
• tls-endpoint: listen on systemd socket, add systemd example (#119 @Julow @reynir)
• albatross-stats systemd service: allow AF_NETLINK to gather network interface statistics (@reynir)
• BUGFIX albatross-stats: use if_nametoindex, simplify code (#125 @dinosaure @reynir @hannesm)
• Add deployment scripts for nixos (#120 @Julow)

CHANGES:

• Albatross_influx: drop leading ':' if path should be dropped (#114 @hannesm)
• FreeBSD packaging: rename albatross_stat to albatross_stats (#113 @hannesm)
• Refactor albatross BHyve stat collection (to avoid exception in List.combine) (#116 @reynir @hannesm)
• Albatross-client-update: adapt URLs to current builder-web deployment (#117 @hannesm)
• Albatross-client: allow passing a mac address explicitly to create for each network interface (#107 @reynir)

CHANGES:

• Revise Name.t to use ':' as path separation, and allow '.' in labels. Previously the path was built by the common name in the X.509 certificate chain and the leaf certificate was appended (i.e. chain certificate "foo", chain certificate "bar", leaf certificate "my.unikernel" lead to the name "foo.bar.my.unikernel" -- and chain certificate "foo", leaf "bar.my.unikernel" lead to the identical name). Since the holder of the certificate and private key "foo" could issue at any point another intermediate certificate for "bar", this is not security critical -- but for resource management this was confusing and lead to some issues (policy could be violated). Now, the path separator is ':' (i.e. "foo:bar:my.unikernel" and "foo:bar.my.unikernel"). In addition, various test cases have been added, for vmm_trie, vmm_resources and also for old and new wire versions (albatross daemon state, command execution) to ensure that old clients continue to work with new server components. The wire version has been bumped to WV5, since the Name.t encoding was changed. (#111, @hannesm @reynir)
• systemd: fifo are created by albatross_daemon (not albatross_console) (#106, @reynir)
• systemd: cleanup, use group albatross, (#108, fixes #105, @reynir)
• documentation: remove solo5-elftool requirement -- since 1.4.0 ocaml-solo5-elftool is used (#109 @hannesm)
• CI execute tests (#112, @hannesm)
• fix URL to builder-web (https://builds.robur.coop) which dropped the opam-switch postfix in the URL (#113 @hannesm)
• albatross-client-local, albatross-client-bistro: support remote (socket/host) '-' to output the command as hexdump (PEM file) on standard output (@hannesm)

CHANGES:

• Debian packaging: set architecture to DEB_TARGET_ARCH (@reynir)
• FreeBSD packaging: normalize version number (. instead of -) (@hannesm)
• Add systemd service script for albatross_influx (@hannesm)
• Update to cmdliner 1.1.0 (#104 @hannesm)
• Support IPv6 in daemon (albatross_tls_endpoint) and influx (#104 @hannesm)

CHANGES:

• fix issues "use OCaml solo5-elftool instead of binary" where the compressed unikernel image was passed to the tool (if albatross-provision-request was used, and in albatross-daemon) (#101 by @palainp, fixed in #102 by @hannesm)