Releases: ostreedev/ostree
2022.6
This release contains a collection of bugfixes and enhancements. Notable fixes concern finalize-staged, which should now better support automounted partitions and skip waiting for termination signal.
A file descriptor leak has been fixed in the commit logic. The codebase has also been fixed to avoid conflicting declarations when building with latest glibc (>= 2.36). Thanks @GeorgesStavracas for both fixes!
On the feature side, there is now basic support for handling overlayfs whiteouts on checkout through a new --process-passthrough-whiteouts flag. This is useful for users that need to carry container storage embedded into ostree commits. Thanks @mangelajo for that!
The ostree rev-parse command gained a new --single flag to better support repositories containing exactly one commit.
Overall, the s390x Secure Execution (SE) logic has been reworked to stop relying on glue scripts.
Thanks to all contributors!
Andrea Perotti (1):
Fix recursive git archive reference
Colin Walters (12):
configure: post-release version bump
rust-bindings: Fix `cargo fmt`
deny.toml: Add `Unicode-DFS-2016`
Remove unused `linux/fs.h` includes
Move FIFREEZE/FITHAW ioctl invocations into linuxfsutil.c
cli/rev-parse: Port to new code style
cli/rev-parse: Add `--single` option
rust: Update to latest git
ci: Also drop seccomp on debian testing
rust: Bind `ostree_repo_list_commits_starting_with`
finalize-staged: Don't listen to `SIGTERM`, just let kernel exit us
README.md: Link otto
Dan Nicholson (3):
main: Factor out sysroot loading
finalize-staged: Ensure /boot automount doesn't expire
lib/pull: Fix max-metadata-size documentation
Georges Basile Stavracas Neto (1):
lib/commit: Unref repo on success
Huijing Hei (1):
Fix `ostree admin kargs edit-in-place` assertion when deployments are pending
Jon Oster (1):
docs: Add aktualizr and TorizonCore to related projects
Jonathan Lebon (3):
lib/commit: Directly use FICLONE for payload link
tests/kolainst/staged-deploy: parse `rpm-ostree status --json` instead
docs: Add section about staged deployments
Luca BRUNO (7):
libostree: fix a typo in annotation
lib/bootloader: assert invariants
lib/mtree: drop redundant name checks
otutil: add error handling to variant builders
lib/sign: convert invariant checks to assertions
lib/repo: properly initialize boolean variable
lib/sysroot-deploy: explicitly handle `g_variant_lookup` results
Lukas Kalbertodt (1):
Update to `libtest-mimic` 0.5.0
Miguel Angel Ajo (1):
Support overlayfs whiteouts on checkout
Nikita Dubrovskii (3):
s390x: ensure both 'root' and 'boot' luks keys exist
s390x: simplify 's390x-se-luks-gencpio' script
s390x: use 'libarchive' to modify initrd in SE case
Sam James (1):
buildutil/glibtests.m4: fix bashism
dependabot[bot] (1):
build(deps): bump libglnx from `c59eb27` to `26375b5`
git-bruh (1):
ostree-fetcher-curl: check for HTTP2 support before trying to use it
Contributors
Assets 3
2022.5
This release fixes a denial of service security issue: GHSA-gqf4-p3gv-g8vw
The core fix is in sign/ed25519: Verify signatures are minimum length in 83e6357 which should be an easily backportable commit. (There's some further changes to add test coverage for this that can be ignored)
This only affects builds that use libsodium; it is however remotely reachable (assuming that the client is talking to a compromised server; ordinarily exploiting this would require that or breaking TLS/https). Thanks to @DemiMarie for the report!
Additional highlights are:
- Greatly improved performance for
ostree pruneon large repositories - Support for in-place kargs changes
Thanks to everyone who contributed!
Chris Mucciolo (1):
docs add debos to readme distribution build tools
Colin Walters (44):
configure: post-release version bump
repo: Optimize memory use of `ostree_repo_list_objects()`
rust: Bump semver, add feature for current release
repo: Further optimize `ostree_repo_list_objects_set()`
ci: Add a flow that does a git libostree + git rust-bindings
prune: Also use object set API in `ostree_repo_prune_from_reachable()`
lib: Fix symbol versioning inheritance
tests/inst: Bump the version of ostree-ext
rust-bindings: Fix repository reference
rust-bindings: use correct README.md
rust-bindings: Update cargo package list
rust: Switch to 2021 edition
ci: Bump MSRV
rust: Use inline `format!` variables in a few places
repo: Document non-obvious way to list all commits
fsck: Don't load all object names into memory
fsck: De-indent loop
fsck: Move most commit processing into helper function
fsck: Use `load_variant_if_exists`
rust-bindings: Wire up `tests/`
cli/os-init: Port to C99 style
cli/undeploy: Port to C99 style
cli/unlock: Port to C99 style
cli/config: Port to C99 style
cli/diff: Port to C99 style
cli/gpg-sign: Port to C99 style
cli/remote-list: Port to C99 style
cli/refs: Port to C99 style
ci/rust: Enable `cap-std-apis` in default build, add a no-feature build
ci/rust: Change MSRV to `cargo check`
Fix clippy lint in cap-std bits
rust: Bump semver to 0.15
Bump to cap-std 0.25 and io-lifetimes 0.7
repo: Metadata return values from `load_file` are not nullable
tests/staged-deploy.sh: Hack around cosa systemd unit check
tests/inst: Port to cap-std
lib: Stop using old `ostree_sysroot_get_repo()` API
deny: Sync with rpm-ostree
deploy: Ensure sysroot is initialized for kargs in place
sysroot: Have `ensure_writable` also always initialize
sysroot: Add a few more assertions about `boot_fd`
sign/ed25519: Verify signatures are minimum length
rust: Add a test case for ed25519
Release 2022.5
Huijing Hei (4):
RFE: Add a hidden option to `ostree admin kargs edit-in-place` to update all existing deployments in place
Fix `ostree admin kargs edit-in-place` fails issue
Add test to verify `ostree admin kargs edit-in-place` working
Update doc about adding new function to libostree
Jonathan Lebon (2):
Drop `.packit.yaml`
tests/inst/destructive: stop disabling fedora-coreos-pinger
Matthias Beyer (1):
Fix link to rust bindings
Nikita Dubrovskii (1):
s390x: rename sd-boot to sdboot
Saqib Ali (2):
lib/prune: speed up pruning by retrieving only commits
ostree-repo: bls-append-except-default followup
Simon McVittie (1):
test-basic-c: Don't assert that extended attributes are available
Full Changelog: v2022.4...v2022.5
Contributors
Assets 3
2022.4
The big change in this release is that we have merged the Rust bindings repository into the main one:
#2575
As of right now though, this is just (somewhat) simplifying development of the Rust bindings, as we can now more easily share CI configuration and a single PR can add a new API and update the Rust bindings in one step.
As of right now though, the "libostree" C library will still be buildable without depending on Rust itself. We may change that in the future; for more, please see and discuss at: #2427
There are a few other additions in this release:
- A new repository option
bls-append-except-defaultintended to help with enabling GRUB password locking - Further fixes for s390x SE
- Various CI improvements
- Several API additions and fixes to the Rust bindings (on top of the prior release)
Colin Walters (80):
configure: post-release version bump
repo: Add concurrency=send
ci: Add GH action to build
Update to 2021.2
Bump versions
Bump sys version requirement
Mark src/auto/* as generated
ci: Fix buildroot to use new official image
Update to glib 0.14
Bump versions
Add 2021.3 feature
Re-export glib, gio
Deny unused results, warn on missing docs (except auto/)
Add new GLib 0.14 variant types for metadata types
Add more documentation for --features=v2021_3
Fix build with --features=v2021_3, use in CI by default
Use glib-sys via re-exported `glib::ffi` (and similar for gio)
Release 0.12.2
lib: Export ffi too
Cargo.toml: Bump to glib 0.14.4
Release 0.12.3
Release 0.13
sys: Release 0.9.0
lib: Reexport libc::AT_FDCWD
Make `SePolicy` have `Send`
repo: Expose dfd_as_file()
(cargo-release) version 0.13.1
(cargo-release) start next development iteration 0.13.2-alpha.0
repo: Add `auto_transaction` and `TransactionGuard`
(cargo-release) version 0.13.2
(cargo-release) version 0.13.3-alpha.1
Update to 2021.5
Bump ostree-sys version
(cargo-release) version 0.13.3
(cargo-release) start next development iteration 0.13.4-alpha.0
repo: Add `require_rev` method
repo: Add an API to read and parse directory metadata
Release 0.13.4
Add a `cap-std-apis` feature with open/create
repo: Add two more cap-std APIs
Add `COMMIT_META_CONTAINER_CMD` constant
Release 0.13.5
Fast-track fix for `ostree_gpg_verify_result_get_all()`
Release 0.13.6
Add manual bindings for MutableTree reading
repo: Add `query_file` API
lib: Run `cargo fmt`
Add a `repo()` accessor to `TransactionGuard`
build-sys: Adjust for merge of ostree-rs
docs/ima: Also link the SUSE docs
cfg.mk: Don't even look at rust-bindings/
Add APIs to get xattrs from disk
tests/inst: Fix install rules for ostree-rs merger
ci: Work around GH actions `container:` + git + security bug
tests/inst: Add .gitignore
ci: Move rust-bindings CI to toplevel
rust-bindings: Remove some unused CI/test bits
Merge pull request #2602 from cgwalters/fix-docs-ci
Merge pull request #2601 from cgwalters/expose-get-xattrs
Merge pull request #2575 from cgwalters/merge-ostree-rs
ci: use cargo-deny
sysroot: Quiet one gcc `-fanalyzer` warning
sysroot: Strengthen several `g_return_if_fail` into `g_assert()`
ci: Drop gcc `-fanalyzer` by default
ci: Drop all `runAsUser: 0` in builds
Merge pull request #2608 from cgwalters/fanalyzer-fixes
ci: Move codestyle and min build to GH actions
Merge pull request #2580 from nikita-dubrovskii/sdboot_partition
Merge pull request #2612 from HuijingHei/deploy-karg-delete
Merge pull request #2605 from saqibali-2k/pr/bls-append
ci: Drop libsoup build in jenkins
ci: Drop an unused files
ci: Add a codestyle.sh
gitignore: Add ci-build/
Rename ostree-cmdprivate to drop out of introspection
Drop `OSTREE_BUILT_FEATURES` from introspection
rust-bindings: Delete committed gir files
rust-bindings: Use OSTree-1.0.gir from our own builddir
rust-bindings: Update to latest git
Release 2022.4
Dusty Mabe (1):
Merge pull request #2614 from nikita-dubrovskii/issue-2867
Felix Krull (357):
Add config file and gir files
Add initial gir output
Add external libraries and regenerate
Update names and dependencies
Add manual definition for stat
Start describing libostree
Add build files for libostree
Generate
Add some basic types and regenerate
Add a prelude module for star imports
Add a test/sample program
Add additional 'new' method to Repo
Add as much of Repo as easily possible
Integrate docs into source
Generate functions and constants
Try implementing traverse_commit by hand
Ignore Cargo.lock in libs
sample: try to extract a file from the repo
Add ObjectName wrapper to solve hashing issues
repo: change custom new method to std::path::Path-alike
repo: remove now-incorrect comment
object_name: extend ObjectName
Add RepoListRefsExtFlags
repo: implement list_refs and list_refs_ext
Add simple repo roundtrip test
Remove sample
Add Makefile
Regenerate libostree-sys
Regenerate libostree
repo: newlines
Add docs to generated files
Copy autodocs to hand-implemented methods in RepoExtManual
Generate docs for RepoExtManual
Ignore internal structs in libostree-sys
Regenerate libostree-sys
Add include to make libostree-sys tests work
Run cargo fmt on the custom code
Explicitly implement PartialEq for ObjectName to satisfy clippy
Exclude generated code from clippy
Un-bump versions
Add workspace Cargo.toml
Add CI config
Install libostree in CI
Use libostree from backports
Also install libostree-dev for libostree builds
Install libostree for everything, actually
Do release build and simply job names
Remove package stage for now
Add some metadata to libostree-sys
Add libostree-sys publish step
Fix libostree-sys publish step
Fix Gitlab URL & remove readme
Add docs build
Always build docs
Only publish for master & set docs urls
Remove release builds
Bump -sys version
Try setting up docs.rs capable build
libostree-sys: switch to docs.rs and add license file
libostree: add metadata, readme, and license file
Disable libostree docs
Strip the libostree docs
Bump -sys version
Add libostree release task
libostree-sys: remove license file
libostree: include API docs at build time using a feature flag
Remove docs targets
Build API docs with LGPL parts
Always build docs
Fix docs build hopefully
Keep only one license file in the repo root
Add a symlink to the package readme in the repo root
Move readme to repo root and copy it to the code prior to packaging
Update docs back to self-hosted
Add Gitlab badge
Bump versions
Add LICENSE to packages
Update readme a lot
Add badge-with-link to docs
Fix -sys pre-package
--allow-dirty to deal with the extra files we copy in
Add back API docs merge to Makefile
Remove lgpl-docs feature
Update readme
Add CMake to build gir
Add features
Move main crate into repo root
Move installed tools into target/tools
Exclude unnecessary files correctly
Update gitlab-ci.yml
Get rid of pre-package workaround
Reorganise gitlab-ci.yml a bit
Move libostree-sys/ to sys/
Remove some methods that are not generated correctly
Test with all features
sys: regenerate
Repo rename
Pin gir version
Remove version constants to fix build with different libostree versions
Remove unnecessary gir/* aliases
Rename libostree-sys to ostree-sys
Rename libostree to ostree
Rename libostree to ostree
Add note about crate rename
Update base gir files
Update OSTree gir and regenerate
Test sys with v2018_9 until I can get 2019.2 for CI
Add explanatory comments to ostree-sys.toml
Fix features in Repo
Build CollectionRef manually
Fix return type for CollectionRef::new
Add some sanity tests for CollectionRef
Sanity test for ObjectName
Fix a few more missing methods
Add some tests for Repo
Fix some issues with RepoFile
Add some explanatory comments to gir config
Pin rustdoc-stripper version
Add more types
sys: regenerate with external version file
Add version features
Update gir version
sys: regenerate with new gir
Add missing version features
Regenerate and update to new gir and glib-rs version
Build with older libostree version for now
Reorganise test code
Switch to generated CollectionRef
Clarify reasons for async exclude
Fix
Add docs for methods that were moved to RepoExtManual
Switch ObjectName to GString
Add some more unsorted types
Refactor tests and add test for traverse_commit
Don't allow nightly runs to fail
Add other interesting pipeline stages
Don't separately build ostree-sys with nightly
Disable CollectionRef tests on too-old features
Suppress unused import warnings in generated code
Try caching
...
2022.3
A big patch landed to update our baseline GLib requirement to 2.66
(in preparation for a libsoup update, which is also coming). Thanks
so much to Daniel Kolesa!
Various test suite improvements and documentation improvements;
we now publish man pages! Thanks Dan Nicholson.
How to use Linux IMA with ostree is now documented - this
I think is a key point in helping "bridge" between the original
goal of ostree being a "flexible" Linux system with the stronger
security guarantees of other systems that use e.g. dm-verity.
More to come here!
A few static analyzer fixes (nothing critical). Some improvements
to the test suite.
As far as bugfixes, there's a notable one to the OstreeRepoAutoTransaction
refcounting that showed up in valgrind.
And last but not least, we finally closed a longstanding conflict
between ostree and per-machine SELinux policy customizations; ostree
learned how to use bubblewrap to create a container targeting
the pending deployment to re-build the policy if necessary.
Thanks so much to all contributors!
Colin Walters (17):
configure: post-release version bump
tmpfiles: Create `/run/ostree`
tests: Stop using inventory crate
Update to nix 0.23
Update to ostree-ext 0.6
Update to rand 0.8
ci: Disable Ubuntu LTS
ci: Update docs workflow to use fcos-buildroot
Update to sh-inline 0.2
deploy: Be a bit more verbose about SELinux bits
libarchive: Handle `archive_entry_symlink()` returning NULL
fetcher/curl: Consistently check return value `curl_easy_setopt`
ci: Mask zincati for synthetic update
docs: Add new IMA document
Update docs/ima.md
Add an `ostree-boot-complete.service` to propagate staging failures
Release 2022.3
Damiano Donati (1):
README.md: update ostree-rs language binding link
Dan Nicholson (5):
man: Remove unnecessary nbsp's from ostree man page
man: Allow building HTML man pages
man: Use custom XSL stylesheet for HTML output
man: Create an HTML index
docs: Publish man pages
Daniel Kolesa (1):
glib: bump glib requirement to 2.66 and port to GUri
Jan Tojnar (1):
tests/test-cli-extensions: Fix with single-binary coreutils
Joe Talbott (1):
Add Fedora Kinoite link to index.md also.
Luca BRUNO (2):
apidoc: add missing page includes
tests: move fixture to fix installed tests
Ondrej Mosnacek (1):
deploy: Try to rebuild policy in new deployment if needed
Philip Withnall (1):
ostree-repo-pull: Take correct out path on error
Simon McVittie (5):
s390x-se-luks-gencpio: Fix shebang syntax
s390x-se-luks-gencpio: Use interoperable path for bash
test-prune: Read to the end of cut(1) output
repo: Factor out _ostree_repo_auto_transaction_new()
repo: Correctly initialize refcount of temporary transaction
Git-EVTag-v0-SHA512: 1e1ef032836c9b65dcd4de8140e4b742e73b87432c7ffa47cc7cc47e95a74680ff03f872295f8e4af316869ceabcfb74a65ec447bf005998ad1a2220fc5bbfbb
-----BEGIN PGP SIGNATURE-----
iQFHBAABCgAxFiEEq5KKnPjdBikJw3u93EX9WSHBPwsFAmJyzoYTHHdhbHRlcnNA
dmVyYnVtLm9yZwAKCRDcRf1ZIcE/C0f1B/9Zk7vSRF7HT+ErhcRmrFyTeC2bzl+C
D2lv4K4QLtwo2LgSm06GtztRIxqCGE+8g4G68VPqbh+BZ9i4HXaiI8bfIPQTCY2w
c2ITP81hdAZ23Ns8o/8qbF18usCVpjTyhzBHmgVbq+MSzsfjfjZE1yqxup2VYn1k
4T8UOQVJA2YR3TJkLLzsca1py8UkRkV9qfaTn6+VG6msuscUNrTHUkuc6kzsG6nd
Lsc8ijecusvyxpmwWHJ0LdBpBiC5mbzCdw2kIF10cl1XzNUI/2n2j26RmNx/RoW0
4Paib05G8o567PhawY653lPLP3+/SQ2HLVCQPoAv4lEL13yZ1QOVe2vO
=dt+M
-----END PGP SIGNATURE-----
2022.2
A usual collection of bugfixes and smaller enhancements. There is at least one bugfix worth calling out, which is #2549 that affects reliability of pulls with static deltas. It's a nicely self contained change, and if you aren't in a position to update to this latest release, we suggest cherry picking it.
On the feature side, there's a new ostree prune --commit-only which allow decoupling deleting unreachable (or undesired) commits from actually deleting the referenced objects, so object garbage collection can be delayed for a later time, or amortized.
The summary file now contains version information, which can help avoid fetching commits just to display that (often desired) metadata.
Another notable feature is initial read side support for the new bare-split-xattrs repository mode that was created as part of the "ostree native containers" work in https://github.com/ostreedev/ostree-rs-ext/ We haven't yet committed to marking that as production ready and stable ~forever, but it's getting close.
Thanks to all contributors!
Christian Hergert (2):
lib/util: add syslog.h for ot_journal_print()
lib/bootloader: use ot_journal_print() instead of sd-journal
Colin Walters (11):
main: Also support CLI extensions in `/usr/libexec/libostree/ext`
sysroot: Add a public `#define OSTREE_PATH_BOOTED`
deploy: Add a 5s max timeout on global filesystem `sync()`
deploy: Also log to journal if we time out global sync()
core: Mark `ostree_create_directory_metadata` as `(not nullable)`
lib/tar: Add some error prefixing
build-sys: Drop `-Werror=aggregate-return`
mtree: Use declare-and-initialize style
mtree: Load traversed subdirs when creating parents
Release 2022.2
configure: post-release version bump
Dan Nicholson (3):
github: Workaround glib/seccomp issue on Ubuntu impish
lib/repo: Add commit version metadata to summary metadata
.lgtm.yml: Fix gpgme dependency
Jonathan Lebon (9):
lib/deploy: When deleting staged deployment, delete any lock
ostree/deploy: Test finalization locking
tests/kolainst: Avoid recursive symlinks
ci/libbuild.sh: drop yum/CentOS support
ci/make-git-snapshot.sh: fix archive name
ci/make-git-snapshot.sh: auto-initialize submodules
ci/make-git-snapshot.sh: xz the archive
Add COPR integration Makefile
lib/gpg-verify-result: Add missing floating annotation
Luca BRUNO (14):
configure: post-release version bump
libotutil: avoid leaking builder memory on error
ostree: check g_setenv return value
libostree/sepolicy: get rid of a g_setenv() call
lib/commit: always validate metadata
lib/commit: reject empty metadata keys
builtin: use GCancellable and GError everywhere
lib/repo: open file only if required
lib/commit: clean up assertions
lib/core: introduce two new object types for split xattrs
lib/core: introduce 'bare-split-xattrs' mode
lib/repo: read split xattrs content from file-xattrs-link objects
lib/commit: disallow writing content in 'bare-split-xattrs' mode
tests/basic-bare-split-xattrs: add fixture, check read logic
Marco Melorio (2):
man: Fix typo in ostree-admin-switch
man: Fix typo in ostree-find-remotes
Nikita Dubrovskii (2):
s390x: add "IBM Secure Execution for Linux" support
s390x: add LUKS keyfile to 'sd-boot'
Phaedrus Leeds (2):
Fix marking static delta commits as partial
lib/repo-refs: Remove misleading newline
Saqib Ali (4):
src/ostree: Add --commit-only option to ostree prune
man/prune, bash: Add --commit-only flag for ostree prune
tests/test-prune.sh: expand testing for --commit-only
tests/test-prune.sh: Use TAP API
Simon McVittie (2):
libotutil: Avoid infinite recursion during error unwinding
Update submodule: libglnx
dependabot[bot] (2):
build(deps): bump libglnx from `803adaf` to `88da8dd`
build(deps): bump libglnx from `88da8dd` to `c71f7ae`
2022.1
New year, new ostree version!
This release adds transparent support for external sub-commands on the ostree binary. Custom binaries present in PATH in the form of ostree-<subcmd> will be now used as a fallback for sub-commands that are not natively implemented.
For example, this means that a custom /usr/bin/ostree-my-command binary can be used to transparently provide ostree my-command.
Build logic has been updated to support both libfuse 2.x and 3.x. Auto-detection is performed at configuration time, and the 3.x library is preferred from now on. Legacy 2.x support will be deprecated and removed in the future.
Several fixes and safety improvements have been merged, also addressing some static analysis warnings. The git submodule for bsdiff has been updated to latest upstream revision, picking up additional bound-checks and fixing CVE-2014-9862.
Colin Walters (3):
repo: Change locking for summary regeneration to be shared
soup-uri: Fix clang-analyzer warning by dropping dead code
tests: Fix clang-analyzer not seeing through `g_error()`
Joseph Marrero (1):
Update FSF license notices to use URL instead of address
Luca BRUNO (11):
lib: misc static analysis fixes
lib/repo: assert that writable state and error agree
lib/repo: do no return an arbitrary mode on failure
lib/repo: do no return a NULL on failure
tests: assert mandatory values are present
main: add support for CLI extensions via external binaries
tests/cli-extensions: tweak test logic
lib: use ostree-content-writer header
bsdiff: bump submodule, pick up fix for CVE-2014-9862
lib/static-delta: throw a proper error on bspatch failure
github: add dependabot config
Simon McVittie (1):
rofiles-fuse: Build using FUSE 3 if possible, falling back to FUSE 2
2021.6
This is a bugfix release.
Most of the fixes are related to warnings highlighted by gcc -fanalyzer static source analysis.
Performance of pruning logic has been improved, avoiding unnecessary trips through redundant serialization (#2484).
A regression has been fixed so that ostree is properly behaving again when used from the initramfs, at a point where /sysroot may not be mounted yet (#2486).
A race condition related to sysroot.readonly has been addressed by directly setting up sysroot readonly in initramfs (#2187).
Colin Walters (14):
Remove OstreeTlsCertInteraction bits from introspection
remote: Fix gcc `-fanalyzer` warning
deployment: Fix gcc `-fanalyzer` warning
sysroot: Fix gcc `-fanalyzer` warning
fetcher/soup: Fix gcc `-fanalyzer` warning
static-delta: Fix probably not actually possible NULL deref
utils: Fix unreachable `NULL` deref by adding assertion
variantutil: Fix gcc `-fanalyzer` warnin
Attempt to update packit flow to build in COPR
libglnx: Bump to ef502aabf7d3a0d37f9c4d228f870ac93404447b
ci: Enable -fanalyzer
tests/rollsum: Use `g_malloc` not `malloc`
prepare-root: Set up sysroot readonly in initramfs
ci: Require `libcap2-bin` for `capsh`
Dan Nicholson (1):
lib/prune: Avoid unnecessary object serialization
Jonathan Lebon (1):
app: Only remount /sysroot if needed
Luca BRUNO (8):
prepare-root: tweak log messages to clarify errors
repo/private: move OstreeRepoAutoTransaction to a boxed type
tests/var-mount: tweak test setup
prepare-root: make all mount operations silent
prepare-root: check return codes for errors when assembling paths
prepare-root: get rid of a global variable
prepare-root: check for read-only sysroot status early on
Release 2021.6
Ryan Gonzalez (1):
lib: Avoid dereferencing NULL error values
Simon McVittie (1):
test-commit-sign.sh: Skip a unit test when running as an installed-test
Timothée Ravier (1):
docs: Do not convert -- & --- to en/em-dash
Valentin David (1):
lib: Fix a bad call to g_file_get_child
Šimon (Simon) Rataj (1):
Added Fedora Kinoite link
2021.5
In this release, the sysroot code now ignores (with a log) any non-regular/non-symlink files in /etc. See: #2446
There are a few fixes and API additions for the new "ostree container" work happening in Rust in: https://github.com/ostreedev/ostree-rs-ext/
Some internal preparatory work landed for making an AutoTransaction API for C.
Finally, some small test suite improvements landed.
Colin Walters (11):
tests/pull-test: Avoid duplicating test numbers
tests: Add new TAP APIs
bin/commit: Fix --tree=tar with --selinux-policy
tests: Use ostree-ext 0.3.0
fsck: Print a success message
repo: Add an API to init `OstreeSePolicy` from commit directly
sepolicy: Add deprecation comment for `_get_path()`
lib: Add an API to construct a `MutableTree` from a commit
deploy: Ignore sockets, fifos in /etc during merge
Release 2021.5
configure: post-release version bump
Luca BRUNO (1):
repo/private: allow committing/aborting through a transaction guard
Closes: #2456
2021.4
A fair set of minor bugfixes. Many fixes landed for bare-user-only (e.g. unprivileged flatpak) mode, and further work is forthcoming to ensure that ostree fsck for example also does the right thing.
There's a new public API to verify signatures outside of HTTP fetches, intended to be used for cases like the "ostree native container" bits in ostree-rs-ext. Related, there is now an API and CLI to enable "custom remotes".
ostree learned about OpenPGP Web Key Directory and there are more APIs to access remote GPG keys, in preparation for direct support for updating/rotating keys.
Several CI improvements landed, and minor static analyzer warnings were fixed.
The "deployment staging" model is now explicitly stabilized, and is fairly strongly recommended. In a future libostree release it is likely we will make it even easier to opt in to newer defaults such as staging and readonly sysroot.
Benjamin Gilbert (3):
man: improve statoverride description
workflows: bump lint toolchain
workflows: limit permissions to reading repo contents
Buddelmann, Richard RB (1):
repo-pull: legacy_transaction_resuming flag ignored
Colin Walters (10):
lib: Change read_commit_detached_metadata to be nullable
ci: Run main GH action CI build+test as non-root
checkout: Save errno when re-throwing
checkout: Also ignore xattrs for union in bare-user-only mode
Add an API to verify a commit signature explicitly
tests/basic: Skip --no-xattrs if we have selinux
upgrade: Stabilize deployment staging
Add support for "custom remotes"
Release 2021.4
configure: post-release version bump
Dan Nicholson (13):
lib/repo: Factor out GPG verifier key imports
lib/repo: Factor out GPG verifier preparation
lib/repo: Allow preparing GPG verifier without global keyrings
lib/repo: Add ostree_repo_remote_get_gpg_keys()
bin/remote: Add list-gpg-keys subcommand
libotutil: Import implementation of zbase32 encoding
libotutil: Add helper for GPG WKD update URLs
lib/repo: Include WKD update URLs in GPG key listing
bin/remote: Include update URLs in list-gpg-keys
fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys()
fixup! bin/remote: Add list-gpg-keys subcommand
fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys()
bin/remote: Rename list-gpg-keys to gpg-list-keys
Jonathan Lebon (3):
lib/sign-dummy: Handle incorrect signatures correctly
lib/sysroot: Fix error message about creating `/var/lib`
ostree/dump: Fix free'ing a static string
Luca BRUNO (15):
configure: post-release version bump
builtins/commit: check for conflicting permissions options
builtins/commit: move commit modifier to auto-cleanup
lib/core/checksum: add flag to use canonical permissions
lib/repo/checkout: use canonical perms in bare-user-only mode
lib/commit: autofix permissions for bare-user-only
lib/diff: ignore xattrs if disabled on either repos
lib/diff: automatically skip xattrs in bare-user-only mode
builtins/commit: set up relevant flags in bare-user-only mode
lib/commit: automatically skip xattrs in bare-user-only mode
tests: update several bare-user-only checks
lib: improve transactions auto-cleanup logic
libtest: tweak selinux/relabel message
tests/basic: avoid changing ownership
tests: skip a broken fsck case
Simon McVittie (1):
tests: Unset SOURCE_DATE_EPOCH
刘建强 (1):
fix: Avoid wild pointers
2021.3
This release adds new repository-locking methods to the API, in order to make lock handling more granular and better suited for multi-threaded consumers of the library.
Several bugs have been fixed related to service unit ordering and enablement. Pulling from remotes with unknown schemes now produces more friendly error messages.
API documentation is now automatically published to https://ostreedev.github.io/ostree/reference/.
By default, commit timestamps now respect the 'SOURCE_DATE_EPOCH' environment flag, improving support for reproducible outputs.
On the community side, the default git development branch has been renamed to 'main' and the IRC channel moved to the libera.chat network.
Alexander Larsson (1):
libtest-core: Add assert_files_equal
Benjamin Gilbert (1):
OWNERS: remove
Christian Kellner (1):
Fix small typo in ostree-sysroot.c
Colin Walters (9):
build-sys: Add toplevel workspace Cargo.toml
tests/inst: Make nondestructive tests runnable as unit tests
configure: post-release version bump
ci: Fix GH action for rustfmt
pull: Cleanly error out on unknown schemes
ci: Fix staged-delay to work with newer systemd
repo: Make locking APIs public
deploy: Warn if we find content in the deployment's /var
Use generator to enable ostree-remount.service and ostree-finalize-staged.path
Dan Nicholson (27):
tests: Test without a cache directory by default
docs: Fix CONTRIBUTING link
docs: Provide bundler setup for building site locally
docs: Add github workflow for building and publishing docs
docs: Copy in API docs and add link
workflow/docs: Give token write permission to push gh-pages
tests/gpg: Don't assert subkey expiration when only primary expired
repo: Require lock type in ostree_repo_lock_pop
build-sys: Bump required GLib to 2.44
repo: Make locking per-OstreeRepo
repo: Make locking precondition failures fatal
test-concurrency: Lower lock timeout
tests: Add single process repo locking tests
repo: Use g_new for OstreeRepoAutoLock
Don't fail build when systemd unit path not defined
ci: Rename GitHub Actions rust workflow metadata file
ci: Add GitHub Actions workflow for test suite
ci: So long, Travis CI
ci: Disable fail-fast in GitHub Tests workflow
ci: Drop special handling of test-suite.log
ci: Update Debian and Ubuntu build dependencies
ci: Use Debian and Ubuntu release stage tags
Jonathan Lebon (2):
docs: Add more details about 3-way merge
ostree-remount: Order before systemd-rfkill.*
Luca BRUNO (2):
lib/commit: respect SOURCE_DATE_EPOCH for commit timestamp
ci/release-build: evaluate package_version from m4 definition
Micah Abbott (1):
docs: typo fix for /usr/etc
Philip Withnall (1):
docs: Change IRC channel to libera.chat from freenode
Simon McVittie (5):
libtest: On failure, make it clearer what has happened
libtest-core: On failure, make it clearer what has happened
libtest-core: Update URL of rpm-ostree
libtest-core: Mention bubblewrap as a user of this file
libtest.sh: Remove duplicate ERR trap and report_err()
Timothée Ravier (4):
packit: update for F34, rawhide branch & master rename
*: rename master branch to main
*: rename master to main in tests & examples
*: rename master branch to main (external repos)