La nouvelle version de Fatbuildr v2.0.0 est publiée, elle inclut de nombreuses nouvelles fonctionnalités majeures.
Parmi ces nouveautés, vous trouverez notamment :
- Le support des sources multiples pour les paquets deb et RPM,
- Le support de l’authentication sur l’API REST avec des jetons JWT,
- Une politique RBAC configurable pour contrôler les permissions d’accès à l’API REST,
- L’analyse statique automatique des paquets deb et RPM avec lintian and rpmlint,
- Plusieurs politique configurables et automatisable de purge de l’historique des tâches,
- La possibilité d’ouvrir un shell interactif en cas d’échec de construction d’un paquet RPM pour faciliter l’analyse.
Cette nouvelle version inclut également plusieurs corrections de bugs et des améliorations internes.
Voici le contenu complet de la note de version (en anglais) :
Added
- web: add JWT token based authentication with RBAC policy for managing access permissions to the REST API and the HTML web endpoints (#21). Fatbuildr provides a default policy that can be overriden by site administrators.
- Associate tasks to originating users (#79)
- Automatic static analysis of RPM and Deb packages based on rpmlint and lintian after successful build (#16)
- Add support of interactive build for RPM packages format (#61)
- Add support of multiple sources for packages artifacts (#66)
- Report Deb and RPM packages content after successful builds, with additional pbuilder hook and mock plugin respectively (#74)
- Add possibility to purge tasks history and their workspaces directories with multiple configurable policies (#34)
- Add support of plain files as additional sources in RPM packages (#86)
- conf:
- Add
[tokens]
section with settings to control generation and validation of JWT tokens. - Add
policy
andvendor_policy
settings in[web]
section to define path to RBAC policy definition file loaded by Fatbuildrweb. - Add
[tasks]
section with parameters to specify tasks workspaces location and tasks history purge policy.
- Add
- polkit:
- Add org.rackslab.Fatbuildr.manage-token action.
- Add org.rackslab.Fatbuildr.build-as action.
- Add org.rackslab.Fatbuildr.purge-history action.
- dbus:
- Add
BuildAs
method toorg.rackslab.Fatbuildr.Instance
object to submit build task with another user identity.
- Add
- cli:
- Add
shell
andenv-shell
operations tofatbuildrctl images
command to open an interactive shell in a container running the image dedicated to a given format or in a build environment associated to a distribution (#18). - Add
-d, --distribution
option tofatbuildrctl images
command to filter the container images or the build environments targeted by the operation. - Add
-a, --architecture
option tofatbuildrctl images
command to limit the build environments targeted by the operation to a specific hardware architecture. - Add short option
-f
as an alternative to--format
long option offatbuildrctl images
command. - Add
fatbuildrctl tokens
command to list, generate and save JWT tokens for HTTP REST API authentication in user’s tokens directory. - Add support for JWT token based authentication to Fatbuildrweb REST API.
- Add support of HTTP/404 REST API response codes.
- Add
- prefs: add optional
tokens
parameter in theprefs
section for specifying the path of user’s tokens directory. - utils:
- Add support of multiple sources archives in
import-srcrpm
. - Add support of plain files as RPM packages sources in
import-srcrpm
.
- Add support of multiple sources archives in
- pkgs: add dependency on PyJWT python external library for managing JWT tokens.
- docs:
- Document
tokens
command infatbuildrctl
manpage. - Document
tokens
parameter in user’s preferences file infatbuildrctl
manpage. - Document new
history purge
subcommand in infatbuildrctl
manpage - Add section about API tokens in
fatbuildrctl
manpage. - Add section about Local sources and
--sources
option value format infatbuildrctl
manpage. - Add section about authentication in REST API reference page.
- Mention new polkit actions org.rackslab.Fatbuildr.manage-token, org.rackslab.Fatbuildr.purge-history and org.rackslab.Fatbuildr.build-as with a special note for *-as actions.
- Mention permission action required by all Fatbuildrweb REST API and HTML endpoints in references pages.
- Document error object returned by REST API for denied permission.
- Add section about policy configuration in Fatbuildrweb administration page.
- Document system configuration new
[tokens]
section and new parameters in[web]
section. - Document new
purge
parameter in[tasks]
section. - Mention multiple sources support, static analysis, packages content listing, RBAC policy and JWT authentication in advanced features description.
- Add page about packages source tree with all principles followed for various types of sources illustrated by new diagrams.
- Mention HTTP/404 reponse codes in REST API when instance or task is unknown by fatbuildrd and when format, distribution, derivative, architecture or artifact is not found in registries.
- Add page about tasks history purge capabilities with the various policies, the expected format of the limit value in configuration parameter and a quick howto setup regular automatic purge with a cronjob.
- Add example cronjob for automatic regular tasks history purge.
- Mention possibility to have additional plain files in the
rpm
subdirectoryof artifacts definitions repository.
- Document
Fixed
- Static analysis errors reported by ruff tool with a simple initial configuration (#75).
- Properly remove deprecated source RPM packages from repository after a successful build (#58).
- Compiler
-Wunused-result
warnings with binary wrappers (#70). - cli:
- daemon: avoid global hazardous catch of all RuntimeErrors and restrict handling to supported FatbuildrRuntimeError, as a basis for better error management.
- Avoid removal of tilde from version extracted in source tarball filename when submitted during build through HTTP REST API (#81).
- Remove useless imports
- images:
- Fix fatbuildr user and group with host UID/GID in deb format container image due to possible conflicts with other installed Debian sid packages (#83)
- Add missing shebang in derivatives pbuilder hook
- docs: Fix prescript token names in artifact definition reference.
Changed
- Merge queue and archives directories into a common workspaces directory (#88)
- cli:
- Transform
images
command options--create
,--update
,--create-envs
and--update-envs
into an operation positional argument with the corresponding possible valuescreate
,update
,env-create
,env-update
. - Replace
fatbuildrctl {patches,build}
command options--source-dir
and--source-version
by generic option--sources
. - Replace
fatbuildrctl archives
byfatbuildrctl history
command to avoid confusion with the notion of source archives (#87)
- Transform
- artifacts:
- Rename YAML artifact definition file from
meta.yml
toartifact.yml
. The old name is still supported but the user is warned with a deprecation notice (#73). - Replace
tarball
option bysource
orsources
, depending on the number of archive sources. - Modify format of
versions
,derivatives
andchecksums
keys to support optional multiple sources for packages artifacts. - The RPM spec file token
{{ source }}
is replaced by{{ sources }}
to declare possibly multiple sources.
- Rename YAML artifact definition file from
- conf:
- Replaced
queue
andarchives
parameters in[dirs]
section of system configuration byworkspaces
parameter in[tasks]
section. - Bump Fedora release from 37 to 38 in rpm and osi container images (#96).
- Replaced
- dbus: Replace
Archives()
byHistory()
method inorg.rackslab.Fatbuildr.Instance
object to avoid confusion with the notion of source archives. - web:
- Build tasks are submitted to fatbuildrd with original requesting user’s identity when fatbuildrd runs with another user (typically
fatbuildr
system user) so the tasks are properly associated to the original user. - Return HTTP/404 with clear error message when instance or task is unknown by fatbuildrd and when format, distribution, derivative, architecture or artifact is not found in registries (#64).
- Introduce new array of
SourceArchive
objects in the properties ofTask
JSON objects for build tasks. - Modify optional source archives filename multipart build requests to support sending of multiples sources.
- Build tasks are submitted to fatbuildrd with original requesting user’s identity when fatbuildrd runs with another user (typically
- docs:
- Convert APT sources file in quickstart guide from one-line format to Deb822-style format (#72)
- Modify artifact definition reference documentation with changes introduced to support packages artifacts with multiple sources and many examples to cover most cases.
- Modify REST API reference with changes introduced to support packages artifacts with multiple sources.
- Replace options
--source-dir
and--source-version
by--sources
infatbuildrctl
manpage. - Modify system configuration reference to mention replacement of
queue
andarchives
in[dirs]
section by commonworkspaces
parameter in[tasks]
section. - Update example outputs with new common workspaces directory to match new default paths.
- Replace notion of archives by history to designate the list of terminated tasks.
- Update support fedora release in quickstart guide to 37 and 38. Also update example instance file to mention fedora 38 instead of fedora 36.
- Rename
fatbuildr.web
module tofatbuildr.procotols.http.server
for more proximity withfatbuildr.procotols.http.client
code. - pkgs:
- Adapt artifact definitions and packaging code for fatbuildr and its dependencies to new format defined for multiple sources support.
- Replace fatbuildr prescript with a supplementary source for bootstrap.
- Bump dasbus dependency to latest version 1.7 (#67).
- examples: Change hello package artifact definition to new format defined for multiple sources support.
Removed
- pkgs: removed support of Fedora 36
- docs: removed mention of Fedora 36 in quickstart guide
Plus de détails sur le logiciel Fatbuildr sont disponibles dans sa page de description complète. Vous pouvez également découvrir les fonctionnalités avancées de la solution.
Envie d’essayer ? Suivez le guide de démarrage !
Liens utiles :