mssola released this
Mar 2, 2018
· 101 commits to master since this release
Portus is now able to scan security vulnerabilities on your Docker images. This is done with different backends, where the stable one is CoreOS Clair. You have to enable the desired backends and then Portus will use them to fetch known security vulnerabilities for your images.
Note: this version of Portus supports Clair v2 specifically (current master branch is not supported).
You can read the blog post for more info.
Commits: 4cd875c2aa9f, d3454cfb84f3, f19094b98737.
One of the main issues for Portus was that sometimes it took too long to complete certain critical tasks. For this release we have moved these tasks into a separate background process. This background process resides in the bin/background.rb file, and it can be enabled for containerized deployments by setting the PORTUS_BACKGROUND environment variable to true.
The following tasks have been moved into this new process:
Note on deployment: this new background process has to have access to the same database as the main Portus process.
Portus will now allow anonymous users to search for public images. This is a configurable option which is enabled by default. You can read more about this in the documentation.
Commits: 274c0908a83c, 9d6cc25fd0b4.
Portus' authentication logic has been extended to allow OAuth & OpenID Connect. For OAuth you are allowed to login through the following adapters: Google, Github, Gitlab and Bitbucket. Check the config/config.yml file for more info on the exact configurable options.
Thanks a lot to Vadim Bauer (@Vad1mo) and Andrei Kislichenko (@andrew2net) for working on this!
An effort to design and implement an API for Portus has been started. This is useful for CLI tools like portusctl among other user cases. We do not consider the API to be in a stable state, but it is useful already. We will continue this effort in forthcoming releases. Commits: 2129833f27f0, 28f77d3352ea, 5a9437bba42d, 451e508bd86a, 185f18e98638, a9bdab58d150, 8b42887f83a5, fbe7e8d4ef53, 4a79f222f93b, fbe7e8d4ef53.
The deployment of Portus has been simplified as much as possible. For this reason we have removed a lot of clutter on our official Docker image, and we have embraced best practices for deploying Ruby on Rails applications. For this reason we have set Puma as the web server for Portus.
Commits: 09b722f56221, 9fd61ba7bae0, 6a3b8ca74edb, 2488791f8f54.
We provide in the source code examples that illustrate how Portus is intended to be deployed on production. These examples reside in the examples directory. Some observations:
An official Helm Chart for deploying Portus in a Kubernetes cluster is being developed. It is expected to be released soon after this release.
Some tools like CoreOS Clair require PostgreSQL as their database. When developing support for security scanning we noticed that it was quite redundant to have two different databases running. For this reason, we have added PostgreSQL support, so you can use PostgreSQL for both Portus and Clair.
Some features required an upgrade of Ruby. Since SLE 15 and Tumbleweed will most likely have Ruby 2.5 as their default version, we have anticipated this move. So, now Portus is supported for Ruby 2.5. If you try to run Portus on previous versions, it will error out during initialization (commit: ea02cab5c822).
Commits: a2407506ff5c, d86d46c9313c, 46a5a34fda40.
This release includes a fix for CVE-2017-14621. Thanks a lot Ricardo Sánchez for reporting this security issue! Commit: c21dfec24cfc.
In this section we want to detail some things that you might want to take into account when upgrading to 2.3:
Finally, we are not running migrations automatically anymore as we used to do before. This is now to be done by the administrator by executing (on the Portus context in /srv/Portus or simply as part of a docker exec command):
$ portusctl exec rake db:migrate
For more details on this check the commits 7fdfe9634180 and 1c4d2b6cf0e0.
Some configuration options that were soft-deprecated in 2.2 will now raise a DeprecationError. These are:
Besides this, Portus will also raise a DeprecationError during initialization in the case you provided the prefix PORTUS_PRODUCTION_ for database configurable options instead of PORTUS_DB_.
Finally, portusctl as provided by Portus is getting deprecated in favor of openSUSE/portusctl. This new portusctl has been built from scratch for the following reasons:
Lots of issues regarding packaging were fixed. We want to highlight the following commits:
Alexander Block, banuchka, Ben Rexin, Diokuz, Fabian Baumanis, Hart Simha, James Maidment, Jordi Massaguer Pla, Lefnui, Maik Hinrichs, Maximilian Meister, Miquel Sabaté Solà, Ricardo Mateus, Robin Müller, Saurabh Surana, Shammah Chancellor, Soedarsono, Thorsten Schifferdecker, Vadim Bauer, Vítor Avelino.
... and many thanks to everyone that has contributed to Portus by leaving comments, sending emails, submitting issues, providing feedback, etc. Thanks!
mssola released this
Jan 30, 2017
· 254 commits to master since this release