====== 0.9.1 (2008-02-12) ------ Client changes - Major hoard cache performance improvements - Performance improvements to lshoard, rmhoard, and stat subcommands - Update udev rules to make /dev/loop* and /dev/openisrctl mode 660, group "isrusers". (The group name can be overridden using the --with-group configure option.) - Add -Y/--splice checkp option for use in recovering data from a damaged local cache - Automatically run checkp at resume/checkin time if the previous resume terminated abnormally - Warn before resuming a parcel with a damaged local cache - Show total size of all VMM state, not just the memory image file, in "isr stat" - Add bash completion rules for "isr" command - Add logtype field to parcel log messages - Fix "Couldn't generate tag list" error at checkout/checkin - Fix ATTACH error at Parcelkeeper startup - Fix keyroot disclosure on multi-user client hosts with world-readable home directories - Fix symlink attacks; respect TMPDIR environment variable - Fix fcntl locking through libvdisk on 64-bit platforms - Error out, rather than displaying a password prompt, when connecting to a server we don't have authentication credentials for - Correctly notice the lack of a network connection when there are no active network interfaces - Fix "isr hoard" on clients which have never done a checkout - Miscellaneous fixes and cleanups - Packaging updates ------ Server changes - Fix checkparcel for parcels whose CHUNKSIZE is not a multiple of CHUNKSPERDIR - Fix symlink attacks - upgrade-0.9: Fix bug which could cause converted parcels to fail checkparcel validation - upgrade-0.9: Refuse to run if the source parcel is checked out - upgrade-0.9: Do not fail if the source parcel has never been checked out ------ isr_admin changes - copyparcel: Fix generation of invalid parcel.cfg files - makeparcel: Generate appropriate .vmx and .vmdk files for the new parcel. Add mandatory -m/--memsize option. - copyparcel: Prune cfg tarball and update parcel-specific parameters in .vmx file - Add delparcel command ====== 0.9 (2007-12-18) ------ Client changes - Incompatible change to hoard cache format; see http://www.coda.cs.cmu.edu/maillists/isr-list/isrlist-2007/0007.html - Fix Nexus BUG() on UP kernels - Fix deadlock with concurrent SQLite queries - "isr clean" now does a soft release of the parcel lock, making it safe to use instead of "isr discard" + "isr checkin" (which is slower). The historical behavior is available via "isr clean -f". - Add -l option to "isr stat", which shows the parcel UUID - Improve thoroughness of "isr checkhoard" and implement "isr checkhoard -c" - Improve accuracy of Parcelkeeper progress bars - Clean up SQL error logging - Update to SQLite 3.5.4 - Minor fixes and cleanups - Packaging updates ------ Server changes - Remove dependency on procmail - Merge parcel nonce file into lockfile - Fix isr_admin makeparcel on 32-bit hosts - upgrade-0.9 cfg directory whitelist/blacklist updates ====== 0.9-pre (2007-12-03) ------ Headlines - Significant server API changes. 0.9-series clients will not work with older servers, and vice versa. Parcels created for older versions of ISR will need to be converted to 0.9 format before they can be used with an 0.9 server. - The distinction between nameservers and content servers has been eliminated; each parcel is now associated with exactly one server. - The client has a new hoard cache implementation which significantly reduces the need to download data more than once, even across parcels. ------ Parcel format changes - Parcel data is now encrypted with the AES algorithm instead of Blowfish. - Replace redundant ASCII and binary keyring files with a new, SQLite-based keyring - Eliminate index.lev1 file and fold its contents into parcel.cfg - Session logs are now per-parcel rather than per-user. Actions which do not apply to a specific parcel are logged to the per-parcel log of every parcel known to the client. - Each parcel now has a UUID which uniquely identifies that parcel - The layout of the ~/.isr directory on the client has changed significantly ------ Client changes - Checkouts and hoard caches created by OpenISR 0.8.4 and earlier will not be recognized by this version. At resume time, the client will warn about any old-style checkouts, and will offer to delete old-style hoard caches to free up disk space. - Replace Vulpes with Parcelkeeper, a near-complete rewrite - Always copy disk chunks, keyrings, and memory images to the hoard cache after downloading, eliminating redundant downloads - Eliminate extra copy of memory image on the first resume after checkout, at the cost of a slower "isr discard" - Dramatically improve the performance of "isr ls" - Significantly clean up logging format for enhanced readability - Add experimental support for LZF compression - Add low-level infrastructure for VMM independence - Rename the Nexus "zap" sysfs action to "kill" to clarify the destructive nature of the action - No longer zero the Nexus "state_times" counters when the sysfs attribute is read. Writing a string to the attribute file will zero the counters. - Eliminate or reduce several logging races - Miscellaneous fixes and cleanups ------ "isr" command line - Add new hoard cache management commands: lshoard, rmhoard, checkhoard - Rename -n/--nameserver option to -s/--server - Rename -X/--noauto option to -F/--no-fullscreen - Eliminate "clean -a"; use rmhoard instead - Eliminate broken (and dangerous) "reset" command - Eliminate "-p" option, which was accepted and ignored in 0.8 - Eliminate "checkparcel" command, which was just an alias for "checkp" - Move server-side parcel validation from "checkp" to "checkp -e" - Move local cache validation from "stat -c" to "checkp" - Move hoard cache validation from "stat -c" to "checkhoard" - "checkp" and "checkhoard" will not validate the hashes of stored disk chunks unless the -c/--checkstate option is provided - Eliminate "disconnect"; use "checkout -d"/"resume -d" instead. "checkout -d" is now an alias for checkout + hoard, and "resume -d" will invoke "hoard" if the parcel is not fully hoarded. - Eliminate -x/--nocheckstate; the functionality it was bypassing is now mandatory for checkin/sync and is no longer the default in other cases. When passing -d/--disconnected to checkout and resume, you can pass -c/--checkstate to get the old "disconnect" behavior. - Allow a parcel's UUID to be used on the command line in place of its name if the parcel is currently checked out ------ Client configuration - Read per-user config file from ~/.openisrrc instead of ~/.openisr.conf - Rename "nameserver" config option to "server" - Change format of "logmask"/"console_logmask" options: instead of a bitmask, these now take a comma-separated list of log types. Currently accepted types are: none, info, error, chunk, transport, query, slow. - Add "compression" option, which specifies the compression algorithm to be used for newly written disk chunks - Add "hoard_minsize" option, which specifies the hoard cache size (in MB) below which no chunks will be garbage-collected from the cache - Add "disable_lookaside" debug option; set this to "1" to force re-downloading of the keyring and memory image at checkout ------ Significant client bugfixes - Permit a server-side checkparcel operation concurrently with other parcel operations (such as resume) - Disallow sync/checkin if we no longer hold the parcel lock - No longer allow running in disconnected mode if the local cache is fully populated but the hoard cache is not, since this could cause "isr discard" to have unexpected side effects - Properly handle simultaneous checkouts of parcels with the same userid and parcel name, but different servers ------ Server changes - Ship the server code in the source tarball; the server can be installed by passing --enable-server to configure. - Allow the server modules to be installed anywhere in the filesystem, so long as the new "isr_runserv" wrapper script is in the PATH - Add a script, upgrade-0.9.pl, which will read an ISR-3 or OpenISR 0.8 parcel and write out a new one in OpenISR 0.9 format - Improve the thoroughness of the checkparcel module - Various performance improvements ------ isr_admin changes - All isr_admin commands should now work properly - Simplify isr_admin's command-line syntax - Add "isr_admin makeparcel" command to create an empty parcel from scratch ------ Server configuration - The message-of-the-day file is now located at /etc/openisr/motd - cfg tarballs included in parcels generated with "isr_admin makeparcel" will be pre-populated from the contents of the /etc/openisr/skel directory, if it exists - Server.pm no longer contains system-specific configuration information. That data has been moved to a new config file, /etc/openisr/locksrv.conf, which contains "key = value" pairs. Default values will be chosen if locksrv.conf is missing or does not contain a particular key. - Add "content_root" config option to locksrv.conf, giving the path to the HTTP document root - Add "default_pass" config option, giving the password that will be assigned to user accounts created by isr_admin - Add "hostname" config option, giving the server hostname that should be written to parcel.cfg files generated by isr_admin ------ Significant server bugfixes - Don't create world-readable, unencrypted keyrings in the webroot - Don't set execute bits on chunk and image files during commit - Allow checkparcel on a version != 1 which has no predecessors (i.e., a parcel that has been pruned) - Don't allow a client to commit or rollback a parcel unless the client holds a valid nonce - Avoid potential data corruption if multiple clients try to upload a checkin at the same time (due to a stolen parcel lock) - Avoid exposing a parcel's keyroot to other users of the server system - Generate each new parcel with a unique keyroot - Significantly improve the entropy in generated keyroots ====== 0.8.4 (2007-11-20) - Add dependency on "pv" (http://www.ivarch.com/programs/pv.shtml) - Fix kernel crash triggerable by any local user - Fix rare deadlock on single-core, non-HT machines - Dramatically reduce Vulpes' CPU utilization - Add support for 2.6.23 kernel - Add support for running VMware on 64-bit hosts - Add AES support to Nexus - Add support for external "dirtometer" program - Add openisr-config script to build and install the OpenISR kernel modules - Show a progress bar while encoding/decoding a memory image - Various improvements to handling of parcel memory image - Improve handling of loop device unbinding at suspend time - Fix client-commit and resume failures after a VMware crash with newer versions of VMware - Fix bug which could cause a stale memory image to be used after a parcel was shut down - Print a warning on resume if the loaded Nexus module is out-of-date - Various fixes and performance improvements - Packaging updates ====== 0.8.3 (2007-07-11) - Fix deadlock under high I/O load with large guest memory image - Fix kernel oops occurring with some kernel builds (e.g. Fedora Core 5) after Nexus block device shutdown. As a side effect, Nexus is no longer unloadable on 2.6.10 and 2.6.11. - Fix hang of "isr" command on 32-bit Ubuntu 7.04 systems - Add support for kernels 2.6.21 and 2.6.22 - Improve performance of client commit phase of "isr checkin" - Automatically load the loop driver at boot - Packaging updates - Minor fixes ====== 0.8.2 (2007-04-16) - Fix memory leak in Nexus kernel module. After upgrading to 0.8.2, you should reboot your system to free up leaked memory. - Fix race condition when performing checkouts on multiple parcels at once, potentially leading to nonce mismatches at checkin - Fix loop device leak when running multiple parcels simultaneously. This could eventually cause Vulpes to refuse to start until loop devices were manually deallocated. - Compile fixes for some Linux distributions - Documentation updates ====== 0.8.1 (2007-03-15) - Improve efficiency of zlib compression/decompression - Add optimized SHA-1 implementation for x86-64 architecture - Add support for kernel 2.6.20 - Add "nexus_debug" helper program to list/show/set Nexus debug bits - Convert build system to GNU Autotools - Improve performance of "isr stat" - Improve reliability of "isr disconnect" - Allow the checkout process to be cancelled with ctrl-C during memory image download - Add support for null encryption in Nexus and its test harness - Eliminate "hostid" per-system unique identifier. Upgrades from 0.8 will retain the identifier in /etc/openisr/hostid, but it will be ignored. - Improved documentation - Minor fixes ====== 0.8 (2007-02-15) - First release of OpenISR