Releases: canonical/pebble
v1.17.0: restart services that fail within 1s "okay delay", and more
The main user-facing feature this release adds is that Pebble will now auto-restart services that fail to start within the 1-second "okay delay" time window. Previously the user would have to re-start
these manually. The API (and CLI) still returns an error in this case, with a message indicating it will restart, for example "service start attempt: exited quickly with code 1, will restart".
The release also adds support for customisable plan sections (for projects that import and build on top of Pebble).
It also fixes several bugs, including a panic during start with certain configurations.
All changes:
-
feat(planstate): add plan section support by @flotter in #489
-
feat(plan): add plan sub-directory support by @flotter in #509
-
feat: set home when user is set by @IronCore864 in #521
-
feat: restart services failed within okay delay by @IronCore864 in #520
-
fix: allow stopping services in "starting" state by @IronCore864 in #503
-
fix: ring buffer deadlock by @IronCore864 in #511
-
fix: allow stopping services in the starting state by @IronCore864 in #512
-
fix: mapping service to lanes when services are in random order by @IronCore864 in #528
-
test: make root tests easier to run by @IronCore864 in #501
-
test: add integration tests for "pebble run" by @IronCore864 in #497
-
chore: bump the snapcore/action-build action version by @tonyandrewmeyer in #505
-
chore: vuln scan failure workaround by @IronCore864 in #507
-
chore: revert changes introduced by allowing stopping services in starting state by @IronCore864 in #510
-
chore(client): fix typo in AutoStart doc comment by @benhoyt in #515
-
docs: add a security policy document by @tonyandrewmeyer in #504
-
docs: remove reusable content from search result by @IronCore864 in #516
-
docs: fix tutorial by including a status check after stopping http-server by @dwilding in #523
-
docs: make landing pages more informative by @dwilding in #524
-
docs: add snap as an installation method by @dwilding in #526
New Contributors
Full Changelog: v1.16.0...v1.17.0
v1.16.0: better service start/stop, warnings as notices
This release includes a few significant, user-visible changes and fixes:
- Improvements to how services with dependencies are started and stopped (using "lanes"), so that independent services are started in parallel, and dependent services start up serially. Error handling is also improved. Fix in #437 and closes #231 (thanks @troyanov for the report).
- A fix for a tricky bug in
pebble exec
, so it doesn't lose output in interactive mode. Thanks @dmitry-lyfar for the report, and the fix in #466! - Reduce the size of
exec
tasks by not storing the execSetup (which includes all environment variables) in state. This speeds up (and shrinks the data) when serialising state to disk duringstate.Unlock
. Fix is in #478. - Ensure Pebble doesn't hang (with no error message) when the state file directory is read-only or otherwise inaccessible. Thanks for the report @berkayoz in #462. Fix in #481.
- Re-implement warnings using notices. This was always the intention since the notices feature was added (it was designed as a superset of warnings), but we'd never gotten to it. Lots of nice code deletion in #486.
Also, something that doesn't affect the operation of Pebble: we've moved the documentation from a "big long README" to a proper documentation site. Code is in the docs
directory, and the website lives at https://canonical-pebble.readthedocs-hosted.com/. Thanks @IronCore864 for your work on this!
There are also a ton of minor fixes and tweaks, listed below.
Other minor changes:
- fix(snap): set Pebble version before snap builds by @cjdcordeiro in #450
- refactor: pull in the snapd RestartManager refactoring in #446
- fix: avoid need to lock state for restart.Pending() in #451
- fix: make Client.Pull properly handle API errors in #452
- feat(daemon): add Err() to retrieve the tomb death reason by @thp-canonical in #453
- fix: actually turn off child subreaping in reaper.Stop in #454
- feat(daemon): allow overriding layers directory in daemon.Options by @thp-canonical in #456
- feat(overlord): reversed order of manager stop by @Ardelean-Calin in #447
- fix(logger): Make MockLogger threadsafe by @thp-canonical in #441
- fix(overlord): allow ensure when state is available by @flotter in #482
- fix: initialize socketPath to prevent stale cache by @holmanb in #491
- test: improve osutil.mkdir test coverage in #492
- ci: add a monthly (or on demand) TIOBE reporting workflow in #494
- refactor(state): avoid need for state lock in LatestWarningTime in #493
New Contributors
- @AnneCYH made their first contribution in #457
- @Ardelean-Calin made their first contribution in #447
- @holmanb made their first contribution in #491
Full Changelog: v1.15.0...v1.16.0
v1.15.0: Identities, Go 1.22
This version adds support for the Pebble Identities features (described in OP043), and updates the Go version when building binaries and Snaps from Go 1.20 to Go 1.22.
What's Changed
- feat(state): core of reading/writing identities in state by @benhoyt in #428
- feat(daemon): identities API endpoints by @benhoyt in #429
- feat(client): Go client for identities by @benhoyt in #430
- feat(cli): identities CLI commands by @benhoyt in #431
- fix(snap): build snap with Go 1.22 to fix CVE-2024-24790 by @cjdcordeiro in #448
- feat(daemon): use identities to auth API requests by @benhoyt in #434
- chore: use Go 1.22 (supported), in go.mod and binary builds by @benhoyt in #449
Full Changelog: v1.14.0...v1.15.0
v1.14.1: Snap fixes: build on Go 1.22 and fix version
This is a patch release which includes two fixes:
v1.14.0
This is a very small release, mainly so that we can start using the check-name feature in Juju.
What's Changed
- fix(planstate): don't hold planLock while calling plan-changed listeners by @benhoyt in #436
- docs: various improvements to "service dependencies" section by @benhoyt in #442
- feat: include check name in notice data for perform-check and recover-check by @tonyandrewmeyer in #444
Full Changelog: v1.13.0...v1.14.0
v1.13.0
This release includes a few minor fixes, notably disabling --verbose
for pebble enter exec
now that --verbose
has been removed from the default Rockcraft entrypoint.
What's Changed
- fix: work around issue with user.Lookup not returning UnknownUserError in #427
- fix(daemon): turn off net/http panic recovery in #350
- fix(enter): block --verbose for exec subcommand by @rebornplusplus in #394
- docs: a new getting started tutorial for pebble in #421
- docs: create reusable content for how to install guide and the tutorial in #433
Full Changelog: v1.12.0...v1.13.0
v1.12.0
One change to fix a significant panic in the new health checks system (#415), a fix for mkdir
to chmod as expected, and several minor changes.
What's Changed
- fix(checkstate): ignore and abort carryover changes by @flotter in #415
- feat(personality): Allow state filename customization by @thp-canonical in #416
- docs: starter pack by @IronCore864 in #417
- docs: splitting readme into pebble docs with the diataxis method by @IronCore864 in #419
- feat: unified osutil.Mkdir API with options by @IronCore864 in #418
- fix: note exist-ok behaviour of "mkdir -p" in argument help by @benhoyt in #424
- fix: avoid legacy Snapcraft location for LP creds by @cjdcordeiro in #425
- feat(osutil.Mkdir): add the chmod flag by @IronCore864 in #423
- chore: update golang.org/x dependencies by @benhoyt in #426
Full Changelog: v1.11.0...v1.12.0
v1.11.0: health checks implemented with Changes and Tasks
The highlight of this release is that health checks were reimplemented as Changes and Tasks, making it possible to introspect and debug check failures (#409).
Also included are the security fixes from #406, which were also released in the v1.10.2 patch release. In addition, there are a couple of minor fixes for layer validation and client ID validation from first-time contributor @IronCore864.
What's Changed
- feat(client): add change-update notice type by @benhoyt in #401
- fix(daemon): require admin access for POSTs and file pull API by @benhoyt in #406
- feat: make layers with label prefix "pebble-" reserved by @IronCore864 in #403
- feat: client side change id validation by @IronCore864 in #404
- chore: use RFC2602 domain (example.com) in custom notice examples by @benhoyt in #407
- feat: perform health checks via changes and tasks by @benhoyt in #409
Full Changelog: v1.10.0...v1.11.0
v1.10.2: require admin access for POSTs and file pull API
This addresses the following security issues:
- Lock down all POSTs/writes to require admin.
- Lock down the files "pull" API to require admin.
- Lock down the task-websocket endpoint to admin.
Full Changelog: v1.10.1...v1.10.2
v1.7.4: require admin access for file pull API
This locks down the files "pull" API to require admin. Even though it's a read (GET), this meant any user could potentially read sensitive files.
Changelog since v1.7.3: v1.7.3...v1.7.4