v0.12.0

Changelog

• Parallel pull mode improvements
  • Create fewer requests when using ranged GETs (#1631, #1781)
    • This should fix GOAWAY and similar errors thrown by registries with abuse protection.
  • Add asynchronous digest verification (#1654)
  • Harden image cleanup logic on image pull failures (#1638)
• Add soci-snapshotter-grpc config command
  • soci-snapshotter-grpc config dump (#1693)
  • soci-snapshotter-grpc config default (#1702)
• Skip existing zTOCs when regenerating zTOCs (#1720)
• Hard-fail on config parsing errors (#1651)
• Lower “layer not found” severity from Error to Warn for id-mapping (#1772)
• Fix incorrect node info output (#1755)
• Fix race condition in soci rebuild-db (#1729)
• Fix soci ztoc ls showing wrong zTOCs for shared layers (#1728)

Full Changelog: v0.11.1...v0.12.0

These binaries were compiled using glibc 2.34.

v0.11.1

❗ PLEASE NOTE:❗ while v0.11.1 should not be a breaking change, it is coming very quickly after v0.10.0, which does have breaking changes. Please refer to the v0.10.0 release notes for more information on the breaking changes.

Changelog

• Fixed bug where snapshotter did not start if the default config file did not exist (#1625)

Full Changelog: v0.11.0...v0.11.1

These binaries were compiled using glibc 2.34.

v0.10.1

❗ PLEASE NOTE:❗ while v0.10.1 should not be a breaking change, it is coming very quickly after v0.10.0, which does have breaking changes. Please refer to the v0.10.0 release notes for more information on the breaking changes.

Changelog

• Fixed bug where snapshotter did not start if the default config file did not exist (#1624)

Full Changelog: v0.10.0...v0.10.1

These binaries were compiled using glibc 2.34.

v0.11.0

❗ PLEASE NOTE:❗ while v0.11.0 should not be a breaking change, it is coming very quickly after v0.10.0, which does have breaking changes. Please refer to the v0.10.0 release notes for more information on the breaking changes.

Changelog

Features

• Add parallel pull/unpack mode (#1607)
  • This is an entirely non-lazy-loading pull mode (parallel_pull_unpack) that pulls large layers in chunks, allowing them to be pulled faster, similar in idea to the multi-part fetch introduced in containerd 2.1. This implementation notably uses a temporary file as a buffer instead of smaller in-memory buffers. This allows SOCI to parallelize the store and decompression operations. Additionally, upon getting the first Prepare request from containerd, we will prepare all of these operations across multiple layers. All of this parallelization combined can result in much faster image pulls for more powerful hardware.

Full Changelog: v0.10.0...v0.11.0

These binaries were compiled using glibc 2.34.

v0.10.0

Changelog

v0.10.0 introduces significant changes to the architecture of the SOCI snapshotter as well as breaking changes across the SOCI snapshotter, SOCI CLI, and SOCI Library.

❗Breaking Changes ❗

• [SOCI Snapshotter] Introduced SOCI Index Manifest v2 and disabled SOCI Index Manifest v1. See the SOCI Index Manifest v2 documentation
• [SOCI Snapshotter] Removed Namespace config option under [content-store]. The SOCI snapshotter now uses the namespace it receives from containerd via context. (#1509)
• [SOCI CLI] Switched the default content store to containerd in the SOCI CLI. (#1502)
  • SOCI Indexes are now tied to their parent image’s lifecycle. When you delete the image, containerd will garbage collect the SOCI index.
• [SOCI library] Refactor the IndexBuilder library (#1501)
  • NewIndexBuilder no longer takes an ArtifactsDB. Use soci.WithArtifactsDb instead
  • BuildOption was renamed to BuilderOption
  • IndexBuilder.Build takes BuildOption that apply to a single build
  • Platform configuration is moved from a top level IndexBuilder option to a Build option. Use soci.WithPlatform in indexBuilder.Build to control the platform

Other Changes

• Fixed a bug where expired credentials were not properly refreshed (#1481)
• Fixed a bug where listing files in directories sometimes returned incomplete or truncated contents (#1482)
• Add a metric when SOCI fails to pull a layer without lazy loading (#1494)
• Fixed a bug where the SOCI snapshotter ignored the containerd namespace from the client when using the containerd content store (#1509)
• Fixed a bug where file reads would fail or return incorrect data if direct = false under directory_cache was set in the snapshotter config (#1531)
• Fixed a bug where non-lazy layer fetch would fail if the layer size was set to 0 and the registry did not support http HEAD (an occasional issue with Kubernetes) (#1493)
• Allow overriding the SOCI root directory #1563

Full Changelog: v0.9.0...v0.10.0

These binaries were compiled using glibc 2.34.

v0.9.0

Changelog

• Fix bind order dependency bug with metrics socket. (#1440)
• Resolve warnings for CVE-2024-45338 (#1439)

Full changelog: v0.8.0...v0.9.0

These binaries were compiled with Ubuntu 20.04, using glibc 2.31.

v0.8.0

Changelog

• Add support for ID-mapped layers (#1392)
• Support systemd socket activation (#1378)

Full changelog: v0.7.0...v0.8.0

These binaries were compiled with Ubuntu 20.04, using glibc 2.31.

v0.7.0

Changelog

• Update Go version to 1.21.12 in CI (#1296)
• Fix bug in creating SOCI index with containerd content store (#1244)
• Allow images to be lazily loaded from an insecure localhost (#1289)
• Add config option skip_check_snapshotter_supported to skip an expensive check for if overlayfs is supported on the system, providing daemon startup time improvements (#1279)
• Fix re-auth for ECR credentials when token expires (#1196)
• Revert "Disable xattrs by default" due to a bug where containers fail to start if the image has a layer with xattrs disabled and a volume mount is present in said layer (#1315)
  • This optimization was enabled by default in v0.6.0 and v0.6.1. If using these versions and seeing a failed to list xattrs on /some/dir/ - operation not supported when running a container, please rebuild your SOCI index with the new SOCI CLI version and re-push the SOCI index
  • While the optimization is once again disabled by default, it can still be enabled by specifying --optimizations xattr in the CLI create call

Full Changelog: v0.6.1...v0.7.0

These binaries were compiled with Ubuntu 20.04, using glibc 2.31.

v0.6.1

Changelog

• Update golang.org/x/net to v0.25.0 to address CVE-2024-24788

Full Changelog: v0.6.0...v0.6.1

These binaries were compiled with Ubuntu 20.04, using glibc 2.31.

v0.6.0

Changelog

• Add concurrency limits when setting up layers (#1061)
• Reduce snapshotter overhead (#1080, #1066, #1021, #1133)
• Fix file descriptor leak when unpacking remote content (#1037)
• Fix max concurrent uploads on SOCI push (#1119)
• Skip registry calls when content has completed fetching (#1147)

Note: Our previous release erroneously had a trailing ./ before the binary names. This is fixed and moving forward it shouldn’t be an issue. (#1095)

Full Changelog: v0.5.0...v0.6.0

These binaries were compiled with Ubuntu 20.04, using glibc 2.31.