- Guard WAL recovery and stale .running cleanup behind a try-acquired store lock\n- Persist rollback ResetState via MetadataStore to recompute checksums\n- Track a killable host PID for namespace enter/stop and treat SIGTERM/SIGKILL as clean exit\n- Derive OCI status PID via runtime state output\n- Make sandbox chroot script quoting robust for exec/enter
Piping CLI output into tools like head may close stdout early.
Rust then panics when printing.
Install a panic hook that exits successfully on EPIPE instead of
emitting a panic backtrace.
The snapshots command printed a snapshot layer internal ID that restore
cannot use.
Compute and display the stored layer manifest hash so it can be
copy/pasted into restore. JSON output now includes restore_hash.
Add an integration test covering commit -> snapshots -> restore.
Refactor build and rebuild command handlers to pass BuildOptions instead
of multiple boolean flags, satisfying clippy's excessive-bools and
too-many-arguments lints.
Apply rustfmt output in CLI and core engine code.
Add CLI integration coverage for:
- 'pin --check' on pinned and unpinned base.image
- 'build --offline' failing fast when system packages are requested
Add a new 'pin' subcommand to rewrite base.image to an explicit URL.
Extend build and rebuild with --locked, --offline, and --require-pinned-image,
and wire flags into the core engine build options.
Introduce BuildOptions to parameterize build and rebuild.
Add build_with_options/rebuild_with_options to support locked, offline, and
require-pinned-image modes. Locked mode verifies an existing lock file and
fails on drift. Offline mode fails fast when system packages are requested.
Also re-export BuildOptions from karapace-core.
Add RuntimeSpec.offline and thread it through OCI/namespace backends.
Offline mode requires cached base images, forces sandbox network isolation,
and fails fast when system package resolution/installation would require
network access.
Add 'karapace new' to generate a manifest from templates or prompts.
Add 'karapace tui' to launch the terminal UI.
Improve env-id resolution errors in non-JSON output with suggestions.
Add dialoguer and toml as CLI dependencies.
- Run cargo fmt on skip_if_root() blocks
- Add skip_if_root() to migrate_atomic_version_unchanged_on_write_failure
- Add libc dev-dependency to karapace-store for root check
- Remove explicit shell: sh from container rustup steps (OCI exec
can't find sh in PATH; default run shell works)
- Add skip_if_root() to 8 permission-based tests (root bypasses
filesystem permissions in Docker containers)
- Replace dtolnay/rust-toolchain with manual rustup install via sh
for container-based jobs (opensuse lacks bash, which the composite
action requires)
- Keep dtolnay/rust-toolchain for non-container ubuntu jobs
- Add KARAPACE_SKIP_PREREQS=1 env var check to skip runtime prerequisite
checks (user namespaces, fuse-overlayfs) when testing with mock backend
- Set KARAPACE_SKIP_PREREQS=1 in CLI integration test helper
- Add bash to opensuse/tumbleweed container deps (required by
dtolnay/rust-toolchain action)
- 23 commands, each in its own module under commands/
- Thin main.rs dispatcher with clap subcommand routing
- Progress spinners (indicatif) and colored state output (console)
- Environment resolution by env_id, short_id, name, or prefix
- Structured JSON output (--json) on all query commands
- --verbose/-v for debug, --trace for trace-level logging
- KARAPACE_LOG env var for fine-grained log control
- Exit codes: 0 success, 1 failure, 2 manifest error, 3 store error
- Prerequisite check before runtime operations
- Shell completions (bash/zsh/fish/elvish/powershell) and man page generation
- RemoteBackend trait: put/get/has blob, registry operations
- HTTP backend (ureq): blob transfer with X-Karapace-Protocol header
- Push/pull transfer with blake3 integrity verification on pull
- JSON registry for name@tag references
- RemoteConfig: persistent server URL configuration
- Auth token support via Bearer header
- Header-capturing mock server for protocol verification tests
