2.3.1

This is a small security release since CVE-2018-8048 was filed against one of our dependencies (loofah). This release simply upgrades this ruby gem so we avoid hitting that security issue.

2.3.0

Highlight

Security scanning

Portus is now able to scan security vulnerabilities on your Docker images. This is done with different backends, where the stable one is CoreOS Clair. You have to enable the desired backends and then Portus will use them to fetch known security vulnerabilities for your images.

Note: this version of Portus supports Clair v2 specifically (current master branch is not supported).

You can read the blog post for more info.

Commits: 4cd875c2aa9f, d3454cfb84f3, f19094b98737.

Background process

One of the main issues for Portus was that sometimes it took too long to complete certain critical tasks. For this release we have moved these tasks into a separate background process. This background process resides in the bin/background.rb file, and it can be enabled for containerized deployments by setting the PORTUS_BACKGROUND environment variable to true.

The following tasks have been moved into this new process:

• Security scanning: after testing security scanning more in depth, we noticed that sometimes it could block Portus when showing the main page for repositories. This was the first task moved into this new process. Commit: e0f7d53cb2b2.
• Registry events: before creating this process, we dealt with incoming registry events in the main Portus process. The problem with this was that after getting a push event, for example, Portus had to fetch manifests, which could take quite some time. This meant that Portus got blocked in some deployments. Now Portus will simply log the event, and then the background process will process it right away (by default this process will check for events every 2 seconds). This task can be disabled as documented here. Commit: 6a4f7d7dca60.
• Registry synchronization: we have removed the crono process in favor of this new process. Hence, the code that was executed in previous releases by crono has been merged as another task of this new process. Moreover, since it can be quite dangerous, we have added some configuration options: it can be disabled; and it can be tuned with a strategy (from a riskier approach to a safer one). All this has been documented in its documentation page. Commit: ced9b46a9064.

Note on deployment: this new background process has to have access to the same database as the main Portus process.

Anonymous browsing

Portus will now allow anonymous users to search for public images. This is a configurable option which is enabled by default. You can read more about this in the documentation.

Commits: 274c0908a83c, 9d6cc25fd0b4.

OAuth & OpenID Connect support

Portus' authentication logic has been extended to allow OAuth & OpenID Connect. For OAuth you are allowed to login through the following adapters: Google, Github, Gitlab and Bitbucket. Check the config/config.yml file for more info on the exact configurable options.

Commit: 0a5fefdd14d9.

Thanks a lot to Vadim Bauer (@Vad1mo) and Andrei Kislichenko (@andrew2net) for working on this!

API

An effort to design and implement an API for Portus has been started. This is useful for CLI tools like portusctl among other user cases. We do not consider the API to be in a stable state, but it is useful already. We will continue this effort in forthcoming releases. Commits: 2129833f27f0, 28f77d3352ea, 5a9437bba42d, 451e508bd86a, 185f18e98638, a9bdab58d150, 8b42887f83a5, fbe7e8d4ef53, 4a79f222f93b, fbe7e8d4ef53.

Thanks a lot to Vadim Bauer (@Vad1mo) and Andrei Kislichenko (@andrew2net) for working on this!

Puma

The deployment of Portus has been simplified as much as possible. For this reason we have removed a lot of clutter on our official Docker image, and we have embraced best practices for deploying Ruby on Rails applications. For this reason we have set Puma as the web server for Portus.

Commits: 09b722f56221, 9fd61ba7bae0, 6a3b8ca74edb, 2488791f8f54.

Production deployment examples

We provide in the source code examples that illustrate how Portus is intended to be deployed on production. These examples reside in the examples directory. Some observations:

• As stated above, set the PORTUS_BACKGROUND environment variable to true for the background process.
• You can set RAILS_SERVE_STATIC_FILES to true if you want Portus to serve the assets directly (e.g. if you don't want a load-balancer like NGinx or HAproxy to do this).
• Use the new PORTUS_DB_ environment variable prefix instead of the old PORTUS_PRODUCTION_ one for database options. Moreover, in the database you can now specify more options like PORTUS_DB_POOL for stating the DB pool.
• Portus will complain if you provide old environment variables like PORTUS_PRODUCTION_DATABASE, or if you forgot to specify some relevant environment variables for production like PORTUS_MACHINE_FQDN_VALUE. Commit: 06a405c4f5fd.

Commit: ba7b15ed42d0.

Helm Chart

An official Helm Chart for deploying Portus in a Kubernetes cluster is being developed. It is expected to be released soon after this release.

PostgreSQL support

Some tools like CoreOS Clair require PostgreSQL as their database. When developing support for security scanning we noticed that it was quite redundant to have two different databases running. For this reason, we have added PostgreSQL support, so you can use PostgreSQL for both Portus and Clair.

Commit: af1b8b6ca725.

Upgrade to Ruby 2.5

Some features required an upgrade of Ruby. Since SLE 15 and Tumbleweed will most likely have Ruby 2.5 as their default version, we have anticipated this move. So, now Portus is supported for Ruby 2.5. If you try to run Portus on previous versions, it will error out during initialization (commit: ea02cab5c822).

Commits: a2407506ff5c, d86d46c9313c, 46a5a34fda40.

Improvements and small features

• Sort tags by updated_at date not by created_at. Commit: 90ad00a32f49.
• Copy docker pull command to clipboard when clicking a tag: acad5b6f442d.
• Lots of small improvements on the UI. Commits (among others): 097e782ec1a3, bd4d9d8db5ad, 0ae8f5e2fae6, c891792742c0, 50d61606caa7.
• Properly check when the DB is ready, useful for containerized deployments. Commit: 564c3cb5d35c.
• Make the log level configurable on production. Useful for temporarily debugging a producti...

2.2.0

Fixes

• Portus will now properly update the image ID when a tag has been pushed. See PR #1054.
• Fixed how image updates are handled. See PR #1031.
• Follow a consistent order in the signup form. See PR #1119.
• Hide passwords stored in webhooks. See PR #1111.
• Removed reference of missing stylesheets. See PR #1114.
• Fixed a bunch of issues related to activities. See PR #1144.
• Fixed the pre-compilation of the cover.js asset. See PR #1157.

Features

• portusctl: it will show a warning when using the --local-registry flag but the package has not been installed. See PR #1096.
• Portus now supports Docker Distribution 2.5. See PR #1068.
• Allow docker-compose users to specify an alternative port. See PR #1094.

Documentation

• Avoid the confusion on the hostnames to be used. See PR #1056.
• Clarified how the --local-registry flag works. PR #1052.

2.2.0rc2

Merged the PR #1144, which fixes a bunch of issues related to activities.

2.2.0-rc1

The 2.2.0 release has been focused on bug fixing, but it also includes a couple
of additions.

NOTE: This release candidate has known issues that are coming in the PR #1144. These fixes are to be matured but they will make it on the final release.

Fixes

• Portus will now properly update the image ID when a tag has been pushed. See PR #1054.
• Fixed how image updates are handled. See PR #1031.
• Follow a consistent order in the signup form. See PR #1119.
• Hide passwords stored in webhooks. See PR #1111.
• Removed reference of missing stylesheets. See PR #1114.

Features

• portusctl: it will show a warning when using the --local-registry flag but the package has not been installed. See PR #1096.
• Portus now supports Docker Distribution 2.5. See PR #1068.
• Allow docker-compose users to specify an alternative port. See PR #1094.

Documentation

• Avoid the confusion on the hostnames to be used. See PR #1056.
• Clarified how the --local-registry flag works. PR #1052.

2.1.1

This release contains important fixes for the 2.1 release, as well as some small improvements. We advice users from the 2.1 release to upgrade to this new one as soon as possible. There are no migrations or extra work to be done for the upgrade from 2.1

Fixes

• Use the full repository name in the portus:update_tags task (see 005ec6503208)
• Fixed a regression on assets handling (see fc6982a4bfe2 and fdb92fffb5fa)
• Fixed the handling of the "*" action from the registry (see 6afb1ac150e6)

Improvements

• Notification messages are now more consistent (see 72e452b1fd20)
• Order users by username on the admin panel (see e92106cd951b)

2.1.0

Featured

• Fixes and improvements on Docker Distribution support (see f74eb2eac7d6, c8fc5ed6b337, 95ba4d83a539, 552df9caa341, 575d51b3b7d2, 4014a7c14487, e18310e6a2eb and 7494eeed2b88)
• Implemented user removal (see d9d6e3afa224)
• Implemented the removal of images and tags (see b63252ff07a8, 10c060e246ab, 7ae5179ba623, 85730266c9c4, 65a0624cd923, 612734339fa1 and c23758489c57)
  • Also read our blog post on image/tag removal
• Showing the image ID and the digest of docker images (see 0f290526ad97, 960e7599d501, 28dae7f3fb23, ba32d140958a, 0b8d1bff5b85 and e57232b149b5)
• Implemented webhook support (see 4a4a67c62d52, 702356b006d8, 60354bb41ddc, 08918c5a91d2, 4b4d4c0ff70e and b3565d3ade0f)
  • Also read our blog post on webhooks
• Introduce application tokens (see b399f90c0de5 and e38e7602f471)

Improvements and small features

• Better reflect updates on Docker images (see 89b9964c0f0e)
• General improvements and fixes on the UI/UX (see cb033f40898e, e7629b758055, fcfd6d3548aa, 933b86fbe9bf, c886e9009ee0, 818354d7d92c, 868abc65d286, f935d0ae79a5, 128c76febb06, 23da71c64c7c, 1ef1da2e9c70, 78a9d81965fa, a3ffe492d134)
• Allow the admin to provide extra filter options in LDAP lookup (see 99daa00d565b)
• Password length is no longer checked by Portus in LDAP (see 381fd61fb546)
• Relaxed the requirements for user names, and removed the conflicts of user names in LDAP (see a9d5a2646d0d and 215c681e65c2)
• Introduce the display_name option (see 5d8c7e4bec97)
• Allow administrators to turn off smtp authentication (see d837160bbe3e)
• Added an external hostname field to allow for events to come from other named services (see 0d58ed1fce0b)
• Added a help section to the menu (see 40a18a04b1fe)
• Introduced more optional user restrictions (see cddfb5924fae)
• Added the registry.catalog_page option (see de4e4f4db74e)
• Added option to disable change of visibility (see 50fb319ded81)
• The signup form can now be disabled, and users can be created by the admin directly (see 9bbd75cacd935f888460669d77fa47c706a5dbaf, 79bac5c4f54b758831c867fc08b0b567418cae7d and fcf20d7534e2f1172713f82e06ef12abe14df046)
• Added internal policy for namespaces (see 46d1d0bc7251)
• Added namespaces and teams to search (see f1a9698657c8)
• Admins can now change the ownership of a namespace (see e4b137a92a96)
• Display the git tag, branch/commit or version when possible (see a7bfa8dde140)
• Now logs are redirected to the standard output (see dfc72b3d6abd)
• Added the ability to add comments on repositories (see 4d780d93950b)
• Virtual/hidden teams are no longer counted for the "number of teams"-column under admin/users (see 02722126cb92)
• Added rake tasks for creating a registry, updating digests and showing general information (see ec0d0063b781, 4566ea0607fd and 152ce27725f7)
• Added man pages for portusctl (8b4b31e1cfc3)
• Register more activities (see fd97edaf6bb6 and bee150287604)

Fixes

• Various fixes in LDAP support (see b13dca7e207f, 7e3feabcc2bb and 377a59b66c16)
• Discard pagination for CSV activities (see 7f120349279f)
• Make sure that Portus admins are always team owners (see 2db13a3ae524)
• User names are no longer allowed to clash with teams (see b5b0896e78b3)
• Redirect back to accessed page on successful login (see fed27a5dcf6a)
• Fixes on the crono job (see efc33be00d2e and 08d60dd91a5e)
• Multiple fixes in portusctl (see 46b5f449263f, add79d790238, 2025da82f3e5, aa4997ab48a4, f8d473430ee1, 5d4eb85943ff and 78f8f949c46e)
• Multiple fixes in our RPM (see 919452db8507, 0019a65cad3b, 0be925085b30, 050d095b0887 and 3f56c4ae4f6d)
• Show the "I forgot my password" link when the signup is disabled (see 2a244c8160d0)

Breaking changes

• Moved the machine FQDN from secrets.yml to config.yml (see 984671662ade)
• Deprecated the usage of "x.minutes" strings in configuration values. In future
  versions this syntax will be forbidden (see 53400181e439)

Others

• All the improvements, features and bug fixes mentioned in the notes of 2.0.x releases.

2.0.5

Improvements

• The FQDN can now be specified from the configuration too. This is meant to
  help users to transition from 2.0.x to 2.1. See
  commit.
• Portus is now more explicit on the allowed name format. See
  commit.
• Portus is now more friendly on errors based on the namespace name. See
  commit.

portusctl

• Disable automatic generation of certificates. For this, now there are two new
  flags: --ssl-gen-self-signed-certs and --ssl-certs-dir <dir>. See
  commit.
• Wrap crono with the exec command. See
  commit.

Misc

• Some fixes on the generation of the RPM in OBS.

2.0.4

RPM

• Automate Portus release. See commit.
• Rename Portus to portus on the RPM. See commit.
• Refactored RPM. See commit.
• Wrap crono with the exec command in the RPM. See commit.
• Require net-tools on the RPM. See commit.

portusctl

• Use the proper make_admin task. See commit.
• Don't configure mysql in Docker. See commit.
• Added the portus:info task. See commit.

Improvements

• Better Sub-URI handling & configurable config-local.yml path. See PR.
• Update ruby versions on travis. See commit1 and commit2.

Other fixes

• Logout button and search repository are now appearing in small devices. See commit.
• Don't allow access to the hidden global team. See commit.

2.0.3

• Fixed crono job when a repository could not be found. See commit.
• Fixed more issues on docker 1.10 and distribution 2.3. See
  this
  and this
  commits.
• Handle multiple scopes in token requests. See commit.
• Add optional fields to token response. See commit.