microsandbox-rb 0.7.0 → 0.8.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +42 -0
- data/Cargo.lock +25 -25
- data/README.md +4 -2
- data/ext/microsandbox/Cargo.toml +4 -4
- data/lib/microsandbox/version.rb +2 -2
- metadata +1 -1
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 06dc745a315d5d79f21e702032d45a984dbf53110e3375bb560de9cb008866d6
|
|
4
|
+
data.tar.gz: 9168ece64600356ce88ed3c3ed42cc88f4354f3619abfdc32fabd578745cf6c4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: d8fed4d0957be541dd5de600dd24386ff7b62d9933e45e244a49200185989cb8427279c80234038a4355aee296fdc96ec1cd5738e4bcf3fae48b27388f7dcad5
|
|
7
|
+
data.tar.gz: 9310a3b2d3a0322e701bc85cbfe6b820576b4254c3d49099bbfcab07690421c1e2d9705d0106e1d2931fb3516a0d462401758d5393552810427a6891ed6fc79e
|
data/CHANGELOG.md
CHANGED
|
@@ -8,6 +8,48 @@ wraps, and the README's Versioning section keeps the full gem→runtime map.
|
|
|
8
8
|
|
|
9
9
|
## [Unreleased]
|
|
10
10
|
|
|
11
|
+
## [0.8.0] - 2026-06-25
|
|
12
|
+
|
|
13
|
+
Adopts upstream runtime **`v0.5.10`** (up from the `v0.5.8` that `0.7.0` shipped).
|
|
14
|
+
Runtime-only bump — no public Ruby API change.
|
|
15
|
+
|
|
16
|
+
### Runtime
|
|
17
|
+
|
|
18
|
+
- **Adopted upstream `v0.5.10`** — the `microsandbox`/`microsandbox-network` git
|
|
19
|
+
deps and `Microsandbox::RUNTIME_VERSION` now pin `v0.5.10`. This is the runtime
|
|
20
|
+
bump originally attempted against `v0.5.9` during the `0.7.0` cycle and reverted:
|
|
21
|
+
upstream's `v0.5.9` git tag predated its own crate-version bump, so the prebuilt
|
|
22
|
+
runtime-provisioning path (`PREBUILT_VERSION = env!("CARGO_PKG_VERSION")`)
|
|
23
|
+
resolved to `0.5.8` and downloaded a `msb` that rejected the new `--config-fd`
|
|
24
|
+
flag the SDK unconditionally passes — every `Sandbox.create` died at boot.
|
|
25
|
+
Upstream chose not to re-tag (most package registries forbid republishing a tag)
|
|
26
|
+
and instead cut a clean **`v0.5.10`** whose tag carries the matching crate
|
|
27
|
+
version `0.5.10` (upstream
|
|
28
|
+
[#1029](https://github.com/superradcompany/microsandbox/issues/1029)). The bump
|
|
29
|
+
carries the following upstream changes:
|
|
30
|
+
- **Heartbeat no longer reclaims busy sandboxes** (upstream #1011). The host
|
|
31
|
+
watchdog is now idle-detection only — a healthy sandbox with an active (or
|
|
32
|
+
briefly starved) `exec` session is never killed for a stale heartbeat, the
|
|
33
|
+
way it could be before.
|
|
34
|
+
- **Launch config moved off the process argv** (upstream #1006). Bulky and
|
|
35
|
+
secret-bearing config (the network blob, env) is handed to the sandbox over
|
|
36
|
+
an inherited, unlinked-tempfile fd instead of `--`-flags, so it no longer
|
|
37
|
+
leaks into `ps` / `/proc/<pid>/cmdline`.
|
|
38
|
+
|
|
39
|
+
### Changed
|
|
40
|
+
|
|
41
|
+
- **Directory bind mounts now carry a default 4 GiB guest-write quota**
|
|
42
|
+
(upstream #1020). Any `volumes:` entry that binds a host directory (e.g.
|
|
43
|
+
`volumes: { "/out" => "/host/out" }`) is given a `DEFAULT_BIND_QUOTA_MIB`
|
|
44
|
+
(4096 MiB) guest-write budget by the v0.5.10 runtime when no explicit quota is
|
|
45
|
+
set, so a sandbox can no longer fill the host disk through a bind mount. This
|
|
46
|
+
is a **behavior change**: a workload that wrote more than 4 GiB to a bind mount
|
|
47
|
+
under the `v0.5.8` runtime (`0.7.0`) will now fail with `ENOSPC`. The gem does
|
|
48
|
+
not yet expose a per-bind quota override (named-volume `Volume.create` accepts
|
|
49
|
+
`quota_mib:`, but the inline bind-mount path does not) — that escape hatch is a
|
|
50
|
+
tracked follow-up. Until then, route large-write mounts through a named volume
|
|
51
|
+
with an explicit `quota_mib:`.
|
|
52
|
+
|
|
11
53
|
## [0.7.0] - 2026-06-23
|
|
12
54
|
|
|
13
55
|
A large parity release closing the binding gaps an audit against the upstream
|
data/Cargo.lock
CHANGED
|
@@ -3003,8 +3003,8 @@ dependencies = [
|
|
|
3003
3003
|
|
|
3004
3004
|
[[package]]
|
|
3005
3005
|
name = "microsandbox"
|
|
3006
|
-
version = "0.5.
|
|
3007
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3006
|
+
version = "0.5.10"
|
|
3007
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3008
3008
|
dependencies = [
|
|
3009
3009
|
"anyhow",
|
|
3010
3010
|
"astral-tokio-tar",
|
|
@@ -3056,8 +3056,8 @@ dependencies = [
|
|
|
3056
3056
|
|
|
3057
3057
|
[[package]]
|
|
3058
3058
|
name = "microsandbox-agent-client"
|
|
3059
|
-
version = "0.5.
|
|
3060
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3059
|
+
version = "0.5.10"
|
|
3060
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3061
3061
|
dependencies = [
|
|
3062
3062
|
"ciborium",
|
|
3063
3063
|
"microsandbox-protocol",
|
|
@@ -3069,8 +3069,8 @@ dependencies = [
|
|
|
3069
3069
|
|
|
3070
3070
|
[[package]]
|
|
3071
3071
|
name = "microsandbox-db"
|
|
3072
|
-
version = "0.5.
|
|
3073
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3072
|
+
version = "0.5.10"
|
|
3073
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3074
3074
|
dependencies = [
|
|
3075
3075
|
"async-trait",
|
|
3076
3076
|
"sea-orm",
|
|
@@ -3081,8 +3081,8 @@ dependencies = [
|
|
|
3081
3081
|
|
|
3082
3082
|
[[package]]
|
|
3083
3083
|
name = "microsandbox-filesystem"
|
|
3084
|
-
version = "0.5.
|
|
3085
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3084
|
+
version = "0.5.10"
|
|
3085
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3086
3086
|
dependencies = [
|
|
3087
3087
|
"libc",
|
|
3088
3088
|
"microsandbox-utils",
|
|
@@ -3094,8 +3094,8 @@ dependencies = [
|
|
|
3094
3094
|
|
|
3095
3095
|
[[package]]
|
|
3096
3096
|
name = "microsandbox-image"
|
|
3097
|
-
version = "0.5.
|
|
3098
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3097
|
+
version = "0.5.10"
|
|
3098
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3099
3099
|
dependencies = [
|
|
3100
3100
|
"astral-tokio-tar",
|
|
3101
3101
|
"async-compression",
|
|
@@ -3120,8 +3120,8 @@ dependencies = [
|
|
|
3120
3120
|
|
|
3121
3121
|
[[package]]
|
|
3122
3122
|
name = "microsandbox-metrics"
|
|
3123
|
-
version = "0.5.
|
|
3124
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3123
|
+
version = "0.5.10"
|
|
3124
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3125
3125
|
dependencies = [
|
|
3126
3126
|
"chrono",
|
|
3127
3127
|
"libc",
|
|
@@ -3131,8 +3131,8 @@ dependencies = [
|
|
|
3131
3131
|
|
|
3132
3132
|
[[package]]
|
|
3133
3133
|
name = "microsandbox-migration"
|
|
3134
|
-
version = "0.5.
|
|
3135
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3134
|
+
version = "0.5.10"
|
|
3135
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3136
3136
|
dependencies = [
|
|
3137
3137
|
"sea-orm-migration",
|
|
3138
3138
|
"serde_json",
|
|
@@ -3140,8 +3140,8 @@ dependencies = [
|
|
|
3140
3140
|
|
|
3141
3141
|
[[package]]
|
|
3142
3142
|
name = "microsandbox-network"
|
|
3143
|
-
version = "0.5.
|
|
3144
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3143
|
+
version = "0.5.10"
|
|
3144
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3145
3145
|
dependencies = [
|
|
3146
3146
|
"base64",
|
|
3147
3147
|
"bytes",
|
|
@@ -3180,8 +3180,8 @@ dependencies = [
|
|
|
3180
3180
|
|
|
3181
3181
|
[[package]]
|
|
3182
3182
|
name = "microsandbox-protocol"
|
|
3183
|
-
version = "0.5.
|
|
3184
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3183
|
+
version = "0.5.10"
|
|
3184
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3185
3185
|
dependencies = [
|
|
3186
3186
|
"chrono",
|
|
3187
3187
|
"ciborium",
|
|
@@ -3195,8 +3195,8 @@ dependencies = [
|
|
|
3195
3195
|
|
|
3196
3196
|
[[package]]
|
|
3197
3197
|
name = "microsandbox-runtime"
|
|
3198
|
-
version = "0.5.
|
|
3199
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3198
|
+
version = "0.5.10"
|
|
3199
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3200
3200
|
dependencies = [
|
|
3201
3201
|
"bytes",
|
|
3202
3202
|
"chrono",
|
|
@@ -3225,8 +3225,8 @@ dependencies = [
|
|
|
3225
3225
|
|
|
3226
3226
|
[[package]]
|
|
3227
3227
|
name = "microsandbox-types"
|
|
3228
|
-
version = "0.5.
|
|
3229
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3228
|
+
version = "0.5.10"
|
|
3229
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3230
3230
|
dependencies = [
|
|
3231
3231
|
"chrono",
|
|
3232
3232
|
"serde",
|
|
@@ -3237,8 +3237,8 @@ dependencies = [
|
|
|
3237
3237
|
|
|
3238
3238
|
[[package]]
|
|
3239
3239
|
name = "microsandbox-utils"
|
|
3240
|
-
version = "0.5.
|
|
3241
|
-
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.
|
|
3240
|
+
version = "0.5.10"
|
|
3241
|
+
source = "git+https://github.com/superradcompany/microsandbox?tag=v0.5.10#a62c4e45da7320e89aafc44b8a44fc74ec49fb53"
|
|
3242
3242
|
dependencies = [
|
|
3243
3243
|
"dirs",
|
|
3244
3244
|
"libc",
|
|
@@ -3249,7 +3249,7 @@ dependencies = [
|
|
|
3249
3249
|
|
|
3250
3250
|
[[package]]
|
|
3251
3251
|
name = "microsandbox_rb"
|
|
3252
|
-
version = "0.
|
|
3252
|
+
version = "0.8.0"
|
|
3253
3253
|
dependencies = [
|
|
3254
3254
|
"chrono",
|
|
3255
3255
|
"futures",
|
data/README.md
CHANGED
|
@@ -383,8 +383,8 @@ change diverged the two numbers — the gem version is **not** a reliable indica
|
|
|
383
383
|
of the embedded runtime version. To learn which runtime a build wraps, ask it:
|
|
384
384
|
|
|
385
385
|
```ruby
|
|
386
|
-
Microsandbox::VERSION # => "0.
|
|
387
|
-
Microsandbox.runtime_version # => "v0.5.
|
|
386
|
+
Microsandbox::VERSION # => "0.8.0" (the gem's own version)
|
|
387
|
+
Microsandbox.runtime_version # => "v0.5.10" (the embedded upstream runtime tag)
|
|
388
388
|
```
|
|
389
389
|
|
|
390
390
|
| Gem version | Upstream runtime | Notes |
|
|
@@ -396,6 +396,8 @@ Microsandbox.runtime_version # => "v0.5.8" (the embedded upstream runtime tag
|
|
|
396
396
|
| `0.5.11` | `v0.5.8` | gem-only revision |
|
|
397
397
|
| `0.5.12` | `v0.5.8` | gem-only revision |
|
|
398
398
|
| `0.6.0` | `v0.5.8` | gem version decoupled from the upstream tag; adds `runtime_version` |
|
|
399
|
+
| `0.7.0` | `v0.5.8` | SDK parity release (large binding-gap closure) |
|
|
400
|
+
| `0.8.0` | `v0.5.10` | adopts upstream `v0.5.10` (idle-only heartbeat, config-fd hardening, **4 GiB default bind-mount quota**); supersedes the reverted `v0.5.9` attempt |
|
|
399
401
|
|
|
400
402
|
**Going forward** — the gem version moves on its own semver track and no longer
|
|
401
403
|
mirrors the upstream tag:
|
data/ext/microsandbox/Cargo.toml
CHANGED
|
@@ -6,8 +6,8 @@ name = "microsandbox_rb"
|
|
|
6
6
|
description = "Ruby SDK native extension for microsandbox — secure, fast microVM-based sandboxing."
|
|
7
7
|
# Must equal Microsandbox::VERSION (lib/microsandbox/version.rb) — Native.version
|
|
8
8
|
# returns this via env!("CARGO_PKG_VERSION") and version_spec.rb asserts equality.
|
|
9
|
-
# The core-crate dependency below stays pinned at its own tag (v0.5.
|
|
10
|
-
version = "0.
|
|
9
|
+
# The core-crate dependency below stays pinned at its own tag (v0.5.10).
|
|
10
|
+
version = "0.8.0"
|
|
11
11
|
authors = ["Super Rad Company <development@superrad.company>"]
|
|
12
12
|
repository = "https://github.com/superradcompany/microsandbox"
|
|
13
13
|
license = "Apache-2.0"
|
|
@@ -35,8 +35,8 @@ rb-sys = "0.9"
|
|
|
35
35
|
# `.cargo/config.toml.example`). "ssh" matches the feature set the Python/Node
|
|
36
36
|
# SDKs ship with; default features add "prebuilt" (provisions msb + libkrunfw at
|
|
37
37
|
# build time), "net", and "keyring".
|
|
38
|
-
microsandbox = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.
|
|
39
|
-
microsandbox-network = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.
|
|
38
|
+
microsandbox = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.10", default-features = true, features = ["ssh"] }
|
|
39
|
+
microsandbox-network = { git = "https://github.com/superradcompany/microsandbox", tag = "v0.5.10" }
|
|
40
40
|
|
|
41
41
|
# Async core bridged to Ruby's synchronous API via a blocking tokio runtime.
|
|
42
42
|
tokio = { version = "1", features = ["rt-multi-thread", "sync", "time"] }
|
data/lib/microsandbox/version.rb
CHANGED
|
@@ -8,12 +8,12 @@ module Microsandbox
|
|
|
8
8
|
# Versioning section of the README for the full gem-to-runtime map. Must equal
|
|
9
9
|
# the native ext's Cargo crate version (`Native.version`), enforced by
|
|
10
10
|
# spec/unit/version_spec.rb.
|
|
11
|
-
VERSION = "0.
|
|
11
|
+
VERSION = "0.8.0"
|
|
12
12
|
|
|
13
13
|
# The upstream microsandbox runtime release this gem build embeds — the `tag`
|
|
14
14
|
# pinned on the `microsandbox`/`microsandbox-network` git deps in
|
|
15
15
|
# ext/microsandbox/Cargo.toml. Exposed at runtime as
|
|
16
16
|
# {Microsandbox.runtime_version}. spec/unit/version_spec.rb asserts it stays in
|
|
17
17
|
# sync with the Cargo tag so it can't silently drift out of date.
|
|
18
|
-
RUNTIME_VERSION = "v0.5.
|
|
18
|
+
RUNTIME_VERSION = "v0.5.10"
|
|
19
19
|
end
|