Releases: aws/aws-nitro-enclaves-cli
v1.3.4
Release v1.3.3
Release v1.3.2
What's Changed
- scripts/run_tests.sh: Add check dependencies by @foersleo in #625
- blobs: Update linuxkit binaries to version based on v1.2.0 by @foersleo in #626
- clippy: resolve build errors for Rust 1.79 by @eugkoira in #630
- nitro-cli: Update enclave boot timeout based on allocated memory by @mariusknaust in #633
Full Changelog: v1.3.1...v1.3.2
Release v1.3.1
- vsock-proxy: Bump version to 1.0.1
- vsock_proxy: Use system-configured nameservers for DNS resolution
- Update init blob to support user namespaces
- clippy: resolve build errors for Rust 1.78
Full Changelog: https://github.com/aws/aws-nitro-enclaves-cli/compare/v1.3.0..v1.3.1
Release v1.3.0
This release focuses on resolving two critical issues:
the vsock-proxy DNS lookup limitation (#553) and the compatibility
problem with Docker versions 25 and later (#591). Furthermore, it
updates several important crate dependencies to their latest
versions.
- cargo: Update cargo.lock to eliminate build failures
- build(deps): bump base64 from 0.21.4 to 0.22.0
- build(deps): bump tokio from 1.28.2 to 1.32.0
- fix(deps): downgrade crate versions due to compatibility issues
- version: Release vsock_proxy v1.0.0
- vsock_proxy: Introduce DnsResolutionInfo type
- vsock_proxy: add tests
- vsock_proxy: change function's signature
- clippy/cargo: resolve build errors and warnings
- vsock_proxy: Perform DNS resolution after the expiration of the TTL
- vsock_proxy: Handle allowlisting out of Proxy
- vsock_proxy: rename starter.rs
- vsock_proxy: Refactor DNS-related functionality
- vsock_proxy: refactor
- cargo: Upgrade num-derive to v0.4
- enclave_build: Extract stream output handling
- enclave_build: Refactor docker.rs for consistent Runtime creation
- enclave_build: Extract build_tarball method
- enclave_build: Extract parse_docker_host method
- enclave_build: Extract inspect method
- enclave_build: Add more tests
- fix: Switch to bollard for docker API interaction
- ci: use cargo-about v0.5.0
- ci: disable automatic license file generation
- enclave_build: fix clippy failure
- build(deps): bump inotify from 0.10.0 to 0.10.2
- build(deps): bump dns-lookup from 1.0.8 to 2.0.3
- vsock_proxy: set log level to warn
- github: update the action version
- clippy: eliminate warnings & errors
- rust: msrv version bump
- build(deps): bump mio from 0.8.6 to 0.8.11
- docs: Correct image signing manual
Release 1.2.3
- Dependencies updates: base64 bindgen chrono env_logger flexi_logger futures
idna inotify libc log nix num-traits openssl page_size rand rustix serde
serde_json serde_yaml shlex signal-hook tempfile tokio url vmm-sys-util vsock - Fix clippy errors and warnings after updates
- Added dependabot support
- Improve help text of the memory argument
- Use public containers in tests
- Update and refactor run_tests.sh
Release 1.2.2
- update third party crates license file
- update clap
- update bindgen
- update cpufeatures
- update chrono
- update tempfile
- update hyper
- Fix fmt issues
- Fix clippy issues after tokio update.
- build(deps): bump tokio from 1.18.4 to 1.18.5
- ci: reserve 2 cpus, not specific cpus
- ci: mark logs as plaintext
- CI: prevent tests from getting stuck
- CI: use get-login-password instead of get-login
- build(deps): bump tokio from 1.17.0 to 1.18.4
- clippy: fix minor issue
- cli/enclave_proc: handle EINTR for epoll_wait()
- use ubuntu from the public ECR gallery
- Update THIRD_PARTY_LICENSES_RUST_CRATES.html
- nitro-enclaves-allocator: Set local language to English
- do not re-run Actions checks during tests
- add license checks
- add audit step
- ci: add workflows build, clippy and format workflows
- fix clippy::explicit_auto_deref
- fix clippy::partialeq_to_none
- regenerate driver-bindings with Default
- enclave_build: Fix clippy warning (clippy::needless_borrow)
- vsock-proxy: Add "ap-southeast-3" endpoints to config
v1.2.1
- Fix nitro-cli debug mode, when using attach_console and debug_mode options.
- Refactor Dockerfiles for faster builds and remove duplication.
- Mock input in nitro-cli unit tests to allow running them on systems without
Nitro Enclaves support or having various CPU configurations. - Refactor console disconnect timeout feature.
- Fix race condition in nitro-cli on command dispatch.
- Allow NITRO_CLI_INSTALL_DIR to be overriden in nitro-cli-env.sh.
- Use aws-nitro-enclaves-image-format crate.
- Allow NITRO_CLI_INSTALL_DIR be set for path to allocator.yaml.
- Use DOCKER_HOST env variable properly when interacting with the shiplift
library. - Update linuxkit blobs to v0.8+.
- Create driver-bindings crate with static bindings for the Nitro Enclaves
kernel driver. - Remove custom metadata structure restriction for EIF images.
- Add symlinks for the blobs used by the command executer sample.
- Fix clippy warnings.
- Bump Rust version to 1.58.1.
- Bump socket2 from 0.3.11 to 0.3.19 in vsock_proxy.
- Bump smallvec from 0.6.13 to 0.6.14 in vsock_proxy.
- Update clap crate to 3.2.
- Update nitro-cli crates dependencies to the latest version.
- Fix broken nitro-cli enclave proc doctest.
- Fix typos in the nitro-cli documentation.
v1.2.0
-
Upgraded EIF to version 4 containing metadata section.
-
Users can now assign image name and version with
--image-name
and--image-version
options when building EIF images. Custom json metadata file can be attached with--metadata
option. -
Users can view custom and auto-generated metadata when calling
describe-eif
command ordescribe-enclaves
command with--metadata
option. -
Users can now attach to a debug enclave console immediately after calling
run-enclave
with--attach-console
option. -
Updated nix crate to v0.23, vsock crate to v0.2, base64 crate to v0.13 and hex crate to v0.4.
-
Documentation updates
- Update Nitro CLI README to include new distros with Nitro Enclaves kernel driver available.
- Update Nitro CLI README to include references to official documentation.
v1.1.0
-
Added automatic entropy seeding support for Nitro Enclaves. This allows customers to use with no code changes applications that require entropy. The NitroSecureModule driver integrates with the Linux entropy subsystem to provide entropy on-demand, without requiring additional integration work in the application.
-
Updated the Enclave Kernel to the latest microVM kernel based on the 4.14 AL2 kernel version.
-
Users can retrieve information about an existing eif, including the enclave PCR values and signing certificate data, using the new
describe-eif
command. -
Users can now define enclave names with the
--enclave-name option
, and then issue nitro-cli commands using this name instead of the enclave id. Works with theconsole
,run-enclave
andterminate-enclave
commands. -
Users can calculate the PCR hash for a given data file, or can process the PCR8 value for a given signing certificate, using the new
pcr
command. -
Having nitro-cli hang on the enclave console can now be avoided by setting a timeout value with the
--disconnect-timeout
option for theconsole
command. -
Updated the tar crate to v0.4.36 and the hyper crate to v0.14.11.
-
Bugfixes
- Update the enclave boot timeout logic to consider the enclave image size.
- Fix remote server's matching against allowlist for vsock proxy.
- Add pylint fixes to the nitro-cli tests.
- Verify the signing certificate of the enclave image and add explicit error
handling. - Exit if the hugepages configuration fails in the nitro-enclaves-allocator
service. - Set correct group ownership for /dev/nitro_enclaves in the nitro-cli spec.
-
Documentation updates
- Add refs for Nitro CLI install from sources on a set of Linux distros in the nitro-cli docs.
- Update references to the AWS Nitro Enclaves COSE crate in the nitro-cli docs.
- Update vsock proxy configuration file location in the vsock proxy README.
- Update command executer sample README to reflect current state.
- Update Nitro CLI README to include information about enclave disk space.