chore: prepare v1.4.0-rc.0

Signed-off-by: Francesco Noacco <francesco.noacco@secomind.com>

Author: noaccOS

CHANGELOG.md

@@ -7,12 +7,27 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## Unreleased
 
-## Added
+## [1.4.0-rc.0] - 2026-04-08
 
+### Added
+
+- Add required flag for mappings of object aggregated interfaces
+- [astarte_pairing] Support for FIDO Device Onboard v1.1 for device registration. The following environment variables have been added for the Vault connectivity:
+  - `ASTARTE_VAULT_URL` - The URL to access Vault.
+  - `ASTARTE_VAULT_AUTHENTICATION_MECHANISM` - The mechanism to use for authenticating with Vault (default: `""`, allowed: \["token"])
+  - `ASTARTE_VAULT_TOKEN` - Token to authenticate with Vault, used if `ASTARTE_VAULT_AUTHENTICATION_MECHANISM` is `"token"` (default: `""`)
+  - `ASTARTE_VAULT_SSL_CA_FILE` - path to the CA certificate file for the vault TLS connection; when not specified, the bundled cURL certificate bundle will be used
+  - `ASTARTE_VAULT_SSL_CUSTOM_SNI` - custom SNI hostname for the vault TLS connection; when not specified, the vault hostname will be used
+  - `ASTARTE_VAULT_SSL_DISABLE_SNI` - Disable Server Name Indication for Vault. (default: `false`)
+  - `ASTARTE_VAULT_SSL_ENABLED` - Whether to enable SSL for the Vault connection. (default `false`)
 - [astarte_realm_management] Allow listing interfaces with mappings using the `detailed=true` parameter
 - [astarte_import] Added support for data types: `doublearray`, `integerarray`,
   `booleanarray`, `longintegerarray`, `stringarray`, `datetimearray`, `binaryblobarray`.
 
+### Changed
+
+- [astarte_data_updater_plant] Use mississippi consumer for data updater processes
+
 ## [1.3.0] - Unreleased
 
 ### Changed

apps/astarte_appengine_api/mix.exs

@@ -22,7 +22,7 @@ defmodule Astarte.AppEngine.API.Mixfile do
     [
       app: :astarte_appengine_api,
       elixir: "~> 1.15",
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,
       test_coverage: [tool: ExCoveralls],

apps/astarte_data_updater_plant/mix.exs

@@ -23,7 +23,7 @@ defmodule Astarte.DataUpdaterPlant.Mixfile do
     [
       app: :astarte_data_updater_plant,
       elixir: "~> 1.15",
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       build_embedded: Mix.env() == :prod,
       start_permanent: Mix.env() == :prod,
       elixirc_paths: elixirc_paths(Mix.env()),

apps/astarte_housekeeping/mix.exs

@@ -22,7 +22,7 @@ defmodule Astarte.Housekeeping.Mixfile do
   def project do
     [
       app: :astarte_housekeeping,
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       elixir: "~> 1.15",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,

apps/astarte_pairing/mix.exs

@@ -23,7 +23,7 @@ defmodule Astarte.Pairing.Mixfile do
     [
       app: :astarte_pairing,
       elixir: "~> 1.15",
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       elixirc_paths: elixirc_paths(Mix.env()),
       start_permanent: Mix.env() == :prod,
       test_coverage: [tool: ExCoveralls],

apps/astarte_realm_management/mix.exs

@@ -22,7 +22,7 @@ defmodule Astarte.RealmManagement.Mixfile do
   def project do
     [
       app: :astarte_realm_management,
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       build_path: "_build",
       config_path: "config/config.exs",
       deps_path: "deps",

apps/astarte_trigger_engine/mix.exs

@@ -23,7 +23,7 @@ defmodule Astarte.TriggerEngine.Mixfile do
     [
       app: :astarte_trigger_engine,
       elixir: "~> 1.15",
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       elixirc_paths: elixirc_paths(Mix.env()),
       build_embedded: Mix.env() == :prod,
       start_permanent: Mix.env() == :prod,

doc/mix.exs

@@ -10,7 +10,7 @@ defmodule Doc.MixProject do
 
     [
       app: :doc,
-      version: "1.4.0-dev",
+      version: "1.4.0-rc.0",
       elixir: "~> 1.15",
       start_permanent: Mix.env() == :prod,
       deps: deps(),

doc/pages/user/035-register_device.md

@@ -91,6 +91,26 @@ the Device, which includes securing the communication channel. On the other hand
 extremely flexible approach to Registration, which can be implemented through an entirely custom
 logic.
 
+## FIDO Device Onboard
+
+Since v1.4.0, Astarte can also be used as the Owner Onboarding Service for [FDO 1.1], allowing
+devices to be registered without being aware of their destination realm during device
+initialization. Device Initialization is out of scope for the Astarte implementation of FDO, and
+Astarte expects an external rendezvous server to be available and correctly configured.
+
+When using FDO, the Device ID is derived from the device's hardware id, and the
+_Credentials Secret_ is sent directly to the device in the Owner Service Info messages.
+
+### Key management
+
+Astarte needs access to the owner private key in order to complete the Transfer Ownership protocol.
+Vault/OpenBao is used as a safe storage solution, and messages are signed directly by it without
+ever being downloaded by Astarte.
+
+In order to import your keys, you may either upload your private key to astarte, which is imported
+in Vault and immediately forgotten, or have Vault generate a keypair for you, and then you can use
+the new public key to extend the Ownership Voucher yourself.
+
 ## Credentials Secret Lifecycle
 
 _Credentials Secrets_ are meant to be immutable - as such, they should be handled with extreme care.
@@ -113,3 +133,5 @@ If there's the need of registering the device again (e.g.: a Device has been tam
 to its plant with its previous _Credentials Secret_ compromised), it is possible to explicitly
 unregister the device to obtain a new _Credentials Secret_ using [Pairing's Agent APIs](api/index.html?urls.primaryName=Pairing%20API#/agent/unregisterDevice) or with `astartectl`
 (see the output of `astartectl pairing agent unregister -h` for more documentation).
+
+[FDO 1.1]: https://fidoalliance.org/device-onboarding-overview/

docker-compose.yml

@@ -295,7 +295,7 @@ services:
 
   # VerneMQ
   vernemq:
-    image: astarte/vernemq:snapshot
+    image: astarte/vernemq:1.4.0-rc.0
     hostname: vernemq
     env_file:
       - ./.env