Today we’ve released Habitat 0.9.0. This version introduces the ability for plan authors to define the user and group that their Habitat package will run under and have this enforced by the supervisor at runtime, instead of depending on the presence of a hab user.
In addition, we’ve squashed some bugs related to parsing of Handlebars templates by contributing those fixes upstream to the Rust handlebars crate. Many thanks to Ning Sun (@sunng87) for maintaining the handlebars-rust crate and for merging in our PRs so quickly.
For more info on these changes and bugfixes, please read on. If you just want the software, go to the downloads page to get the latest version.
Thanks for using Habitat!
Honoring the pkg_svc_user and pkg_svc_group directives
Previously, Habitat’s supervisor would not properly honor these directives if specified in a plan. The supervisor would expect a hab user and group to already be on the system or container and fail with a “Failed to set permissions” error if these were not present.
With Habitat 0.9.0, we have improved user and group handling significantly:
-
If
pkg_svc_userandpkg_svc_groupare specified in the plan, these will be honored by the supervisor when starting the package. You can either start the supervisor as thepkg_svc_userID, or asroot. In the latter case, the supervisor will run as root but start the process aspkg_svc_user. -
If
pkg_svc_userorpkg_svc_groupare not specified in the plan, the supervisor will try to start the process using thehabuser and group, but if those do not exist, it will start the process as the current user/group.
In situations where the supervisor is started as root but the user process is started as an unprivileged user, only certain directories (files, config, var, data) will be writable by the user process, thus making the runtime system immutable from the user process perspective.
You can also use the variables pkg.svc_user and pkg.svc_group in your Handlebars-templated config files and hooks, which eliminates the need to hardcode hab as the process user inside these files.
Bugfixes
The following bugfixes are of note in this release.
- Handlebars templates couldn’t contain the “-” character
- Handlebars block helpers weren’t fully working with relative elements
- Files containing spaces in packages couldn’t be checksummed
- Fix_interpreter in the build system couldn’t handle directories
Contributors
We’d like to thank the following community members for their contributions to this release:
- Stephen Breyer-Menke added a fix to copy no_proxy settings to the studio.
- Jonathan Morley fixed a bug with URL-escaping of dollar signs in downloads.
- Ben Dang, Paul Welch, Scott Macfarlane and Brian Scott contributed documentation.
For a full list of changes, please view the changelog for this release.
