Release v1.3.1

• vsock-proxy: Bump version to 1.0.1
• vsock_proxy: Use system-configured nameservers for DNS resolution
• Update init blob to support user namespaces
• clippy: resolve build errors for Rust 1.78

Full Changelog: https://github.com/aws/aws-nitro-enclaves-cli/compare/v1.3.0..v1.3.1

Release v1.3.0

This release focuses on resolving two critical issues:
the vsock-proxy DNS lookup limitation (#553) and the compatibility
problem with Docker versions 25 and later (#591). Furthermore, it
updates several important crate dependencies to their latest
versions.

• cargo: Update cargo.lock to eliminate build failures
• build(deps): bump base64 from 0.21.4 to 0.22.0
• build(deps): bump tokio from 1.28.2 to 1.32.0
• fix(deps): downgrade crate versions due to compatibility issues
• version: Release vsock_proxy v1.0.0
• vsock_proxy: Introduce DnsResolutionInfo type
• vsock_proxy: add tests
• vsock_proxy: change function's signature
• clippy/cargo: resolve build errors and warnings
• vsock_proxy: Perform DNS resolution after the expiration of the TTL
• vsock_proxy: Handle allowlisting out of Proxy
• vsock_proxy: rename starter.rs
• vsock_proxy: Refactor DNS-related functionality
• vsock_proxy: refactor
• cargo: Upgrade num-derive to v0.4
• enclave_build: Extract stream output handling
• enclave_build: Refactor docker.rs for consistent Runtime creation
• enclave_build: Extract build_tarball method
• enclave_build: Extract parse_docker_host method
• enclave_build: Extract inspect method
• enclave_build: Add more tests
• fix: Switch to bollard for docker API interaction
• ci: use cargo-about v0.5.0
• ci: disable automatic license file generation
• enclave_build: fix clippy failure
• build(deps): bump inotify from 0.10.0 to 0.10.2
• build(deps): bump dns-lookup from 1.0.8 to 2.0.3
• vsock_proxy: set log level to warn
• github: update the action version
• clippy: eliminate warnings & errors
• rust: msrv version bump
• build(deps): bump mio from 0.8.6 to 0.8.11
• docs: Correct image signing manual

Release 1.2.3

• Dependencies updates: base64 bindgen chrono env_logger flexi_logger futures
  idna inotify libc log nix num-traits openssl page_size rand rustix serde
  serde_json serde_yaml shlex signal-hook tempfile tokio url vmm-sys-util vsock
• Fix clippy errors and warnings after updates
• Added dependabot support
• Improve help text of the memory argument
• Use public containers in tests
• Update and refactor run_tests.sh

Release 1.2.2

• update third party crates license file
• update clap
• update bindgen
• update cpufeatures
• update chrono
• update tempfile
• update hyper
• Fix fmt issues
• Fix clippy issues after tokio update.
• build(deps): bump tokio from 1.18.4 to 1.18.5
• ci: reserve 2 cpus, not specific cpus
• ci: mark logs as plaintext
• CI: prevent tests from getting stuck
• CI: use get-login-password instead of get-login
• build(deps): bump tokio from 1.17.0 to 1.18.4
• clippy: fix minor issue
• cli/enclave_proc: handle EINTR for epoll_wait()
• use ubuntu from the public ECR gallery
• Update THIRD_PARTY_LICENSES_RUST_CRATES.html
• nitro-enclaves-allocator: Set local language to English
• do not re-run Actions checks during tests
• add license checks
• add audit step
• ci: add workflows build, clippy and format workflows
• fix clippy::explicit_auto_deref
• fix clippy::partialeq_to_none
• regenerate driver-bindings with Default
• enclave_build: Fix clippy warning (clippy::needless_borrow)
• vsock-proxy: Add "ap-southeast-3" endpoints to config

v1.2.1

• Fix nitro-cli debug mode, when using attach_console and debug_mode options.
• Refactor Dockerfiles for faster builds and remove duplication.
• Mock input in nitro-cli unit tests to allow running them on systems without
  Nitro Enclaves support or having various CPU configurations.
• Refactor console disconnect timeout feature.
• Fix race condition in nitro-cli on command dispatch.
• Allow NITRO_CLI_INSTALL_DIR to be overriden in nitro-cli-env.sh.
• Use aws-nitro-enclaves-image-format crate.
• Allow NITRO_CLI_INSTALL_DIR be set for path to allocator.yaml.
• Use DOCKER_HOST env variable properly when interacting with the shiplift
  library.
• Update linuxkit blobs to v0.8+.
• Create driver-bindings crate with static bindings for the Nitro Enclaves
  kernel driver.
• Remove custom metadata structure restriction for EIF images.
• Add symlinks for the blobs used by the command executer sample.
• Fix clippy warnings.
• Bump Rust version to 1.58.1.
• Bump socket2 from 0.3.11 to 0.3.19 in vsock_proxy.
• Bump smallvec from 0.6.13 to 0.6.14 in vsock_proxy.
• Update clap crate to 3.2.
• Update nitro-cli crates dependencies to the latest version.
• Fix broken nitro-cli enclave proc doctest.
• Fix typos in the nitro-cli documentation.

v1.2.0

• Upgraded EIF to version 4 containing metadata section.

• Users can now assign image name and version with --image-name and --image-version options when building EIF images. Custom json metadata file can be attached with --metadata option.

• Users can view custom and auto-generated metadata when calling describe-eif command or describe-enclaves command with --metadata option.

• Users can now attach to a debug enclave console immediately after calling run-enclave with --attach-console option.

• Updated nix crate to v0.23, vsock crate to v0.2, base64 crate to v0.13 and hex crate to v0.4.

• Documentation updates

  • Update Nitro CLI README to include new distros with Nitro Enclaves kernel driver available.
  • Update Nitro CLI README to include references to official documentation.

v1.1.0

• Added automatic entropy seeding support for Nitro Enclaves. This allows customers to use with no code changes applications that require entropy. The NitroSecureModule driver integrates with the Linux entropy subsystem to provide entropy on-demand, without requiring additional integration work in the application.

• Updated the Enclave Kernel to the latest microVM kernel based on the 4.14 AL2 kernel version.

• Users can retrieve information about an existing eif, including the enclave PCR values and signing certificate data, using the new describe-eif command.

• Users can now define enclave names with the --enclave-name option, and then issue nitro-cli commands using this name instead of the enclave id. Works with the console, run-enclave and terminate-enclave commands.

• Users can calculate the PCR hash for a given data file, or can process the PCR8 value for a given signing certificate, using the new pcr command.

• Having nitro-cli hang on the enclave console can now be avoided by setting a timeout value with the --disconnect-timeout option for the console command.

• Updated the tar crate to v0.4.36 and the hyper crate to v0.14.11.

• Bugfixes

  • Update the enclave boot timeout logic to consider the enclave image size.
  • Fix remote server's matching against allowlist for vsock proxy.
  • Add pylint fixes to the nitro-cli tests.
  • Verify the signing certificate of the enclave image and add explicit error
    handling.
  • Exit if the hugepages configuration fails in the nitro-enclaves-allocator
    service.
  • Set correct group ownership for /dev/nitro_enclaves in the nitro-cli spec.

• Documentation updates

  • Add refs for Nitro CLI install from sources on a set of Linux distros in the nitro-cli docs.
  • Update references to the AWS Nitro Enclaves COSE crate in the nitro-cli docs.
  • Update vsock proxy configuration file location in the vsock proxy README.
  • Update command executer sample README to reflect current state.
  • Update Nitro CLI README to include information about enclave disk space.

v1.0.12

The Github release is in sync with the aws-nitro-enclaves-cli 1.0.12-0 release from the Amazon Linux 2 extras repo.

v1.0.11

The Github release is in sync with the aws-nitro-enclaves-cli 1.0.11-0 release from the Amazon Linux 2 extras repo.

v1.0.10

The Github release is in sync with the 1.0.10-1 release from Amazon Linux 2 repo.

• Sat Feb 06 2021 Gabriel Bercaru bercarug@amazon.com - 1.0.10-1

  • Changed release from 0 to 1

• Tue Feb 02 2021 Gabriel Bercaru bercarug@amazon.com - 1.0.10-0

  • Removed the %posttrans scriptlet and delegated the task of
    re-performing resources initialization to a trigger script
    which runs only when uninstalling v1.0 or the package (during an update)
  • Fri Nov 27 2020 Gabriel Bercaru bercarug@amazon.com - 1.0.9-0
  • Added checks for the pre & post uninstallation hooks to check
    whether an upgrade or an uninstallation is being performed

• Tue Nov 24 2020 Gabriel Bercaru bercarug@amazon.com - 1.0-8

  • Added third_party directory with linuxkit credit
  • Improved 'insufficient resources' error messages
  • Updated the allocator service
  • Enforce an enclave memory lower limit of 4x the size of the EIF file
  • Added a check wrt the enclave flags, when issuing a console command

• Thu Nov 05 2020 Gabriel Bercaru bercarug@amazon.com - 1.0-7

  • Updated init blob file to reflect recent init code changes

• Wed Nov 04 2020 Gabriel Bercaru bercarug@amzon.com - 1.0-6

  • Improved the error messages related to file operation failures
  • Updated the documentation landing page reported in error logs

• Sun Oct 25 2020 Gabriel Bercaru bercarug@amazon.com - 1.0-5

  • Refactored integration tests main scripts in order to use the allocator service

• Tue Oct 20 2020 Dan Horobeanu dhr@amazon.com - 1.0-4

  • Removed dependency on nitro_enclaves.device for the allocator service
  • Removed timeout from the allocator oneshot service

• Mon Oct 19 2020 Gabriel Bercaru bercarug@amazon.com - 1.0-3

  • Updated license string to 'Apache 2.0'

• Sat Oct 17 2020 Dan Horobeanu dhr@amazon.com - 1.0-1

  • Updated license to Apache-2.0
  • General cleanup and resync with make install output

• Wed Oct 14 2020 Gabriel Bercaru bercarug@amazon.com - 1.0-0

  • Include resources reservation service