Tags: q66/ostree
Tags
Release 2022.1 This release adds transparent support for external sub-commands on the `ostree` binary. Custom binaries present in PATH in the form of `ostree-<subcmd>` will be now used as a fallback for sub-commands that are not natively implemented. For example, this means that a custom `/usr/bin/ostree-my-command` binary can be used to transparently provide `ostree my-command`. Build logic has been updated to support both libfuse 2.x and 3.x. Auto-detection is performed at configuration time, and the 3.x library is preferred from now on. Legacy 2.x support will be deprecated and removed in the future. Several fixes and safety improvements have been merged, also addressing some static analysis warnings. The git submodule for `bsdiff` has been updated to latest upstream revision, picking up additional bound-checks and fixing CVE-2014-9862. Git-EVTag-v0-SHA512: ed5805dfc07b9bc32fbd72d797de4c0db6c6130c0fbd550eb0b26cfee5726108c25ef040bbc9f9834495240c2ef3c05a3ba166d5e154e7516ae81db556f5ee9c
This is a bugfix release. Most of the fixes are related to warnings highlighted by `gcc -fanalyzer` static source analysis. Performance of pruning logic has been improved, avoiding unnecessary trips through redundant serialization (ostreedev#2484). A regression has been fixed so that `ostree` is properly behaving again when used from the initramfs, at a point where `/sysroot` may not be mounted yet (ostreedev#2486). A race condition related to `sysroot.readonly` has been addressed by directly setting up sysroot readonly in initramfs (ostreedev#2187). --- ``` Colin Walters (14): Remove OstreeTlsCertInteraction bits from introspection remote: Fix gcc `-fanalyzer` warning deployment: Fix gcc `-fanalyzer` warning sysroot: Fix gcc `-fanalyzer` warning fetcher/soup: Fix gcc `-fanalyzer` warning static-delta: Fix probably not actually possible NULL deref utils: Fix unreachable `NULL` deref by adding assertion variantutil: Fix gcc `-fanalyzer` warnin Attempt to update packit flow to build in COPR libglnx: Bump to ef502aa ci: Enable -fanalyzer tests/rollsum: Use `g_malloc` not `malloc` prepare-root: Set up sysroot readonly in initramfs ci: Require `libcap2-bin` for `capsh` Dan Nicholson (1): lib/prune: Avoid unnecessary object serialization Jonathan Lebon (1): app: Only remount /sysroot if needed Luca BRUNO (8): prepare-root: tweak log messages to clarify errors repo/private: move OstreeRepoAutoTransaction to a boxed type tests/var-mount: tweak test setup prepare-root: make all mount operations silent prepare-root: check return codes for errors when assembling paths prepare-root: get rid of a global variable prepare-root: check for read-only sysroot status early on Release 2021.6 Ryan Gonzalez (1): lib: Avoid dereferencing NULL error values Simon McVittie (1): test-commit-sign.sh: Skip a unit test when running as an installed-test Timothée Ravier (1): docs: Do not convert -- & --- to en/em-dash Valentin David (1): lib: Fix a bad call to g_file_get_child Šimon (Simon) Rataj (1): Added Fedora Kinoite link ``` Git-EVTag-v0-SHA512: 68f80d5f3585642ca98a9e9f462a12047735038b97e4e50b8ca338935a660f3da691ae1360b06f648a04ed264e9f2e4c39714cb8b7063f25152a542da8c1bba8
Release 2021.5 In this release, the sysroot code now ignores (with a log) any non-regular/non-symlink files in `/etc`. See: ostreedev#2446 There are a few fixes and API additions for the new "ostree container" work happening in Rust in: https://github.com/ostreedev/ostree-rs-ext/ Some internal preparatory work landed for making an `AutoTransaction` API for C. Finally, some small test suite improvements landed. ``` Colin Walters (11): tests/pull-test: Avoid duplicating test numbers tests: Add new TAP APIs bin/commit: Fix --tree=tar with --selinux-policy tests: Use ostree-ext 0.3.0 fsck: Print a success message repo: Add an API to init `OstreeSePolicy` from commit directly sepolicy: Add deprecation comment for `_get_path()` lib: Add an API to construct a `MutableTree` from a commit deploy: Ignore sockets, fifos in /etc during merge Release 2021.5 configure: post-release version bump Luca BRUNO (1): repo/private: allow committing/aborting through a transaction guard ``` Git-EVTag-v0-SHA512: 96b1d96a0a9c63193670969ca55b64cc11a0b0fbe7e8f8996245f9d6f7c81a43a4081bc4226ada0ce81c8d8a173414dc062945148b87ebc19a8787a199e6079b
Release 2021.4 A fair set of minor bugfixes. Many fixes landed for `bare-user-only` (e.g. unprivileged flatpak) mode, and further work is forthcoming to ensure that `ostree fsck` for example also does the right thing. There's a new public API to verify signatures outside of HTTP fetches, intended to be used for cases like the "ostree native container" bits in ostree-rs-ext. ostree learned about [OpenPGP Web Key Directory](https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-08) and there are more APIs to access remote GPG keys, in preparation for direct support for updating/rotating keys. Several CI improvements landed, and minor static analyzer warnings were fixed. The "deployment staging" model is now explicitly stabilized, and is fairly strongly recommended. In a future libostree release it is likely we will make it even easier to opt in to newer defaults such as staging and readonly sysroot. ``` Benjamin Gilbert (3): man: improve statoverride description workflows: bump lint toolchain workflows: limit permissions to reading repo contents Buddelmann, Richard RB (1): repo-pull: legacy_transaction_resuming flag ignored Colin Walters (10): lib: Change read_commit_detached_metadata to be nullable ci: Run main GH action CI build+test as non-root checkout: Save errno when re-throwing checkout: Also ignore xattrs for union in bare-user-only mode Add an API to verify a commit signature explicitly tests/basic: Skip --no-xattrs if we have selinux upgrade: Stabilize deployment staging Add support for "custom remotes" Release 2021.4 configure: post-release version bump Dan Nicholson (13): lib/repo: Factor out GPG verifier key imports lib/repo: Factor out GPG verifier preparation lib/repo: Allow preparing GPG verifier without global keyrings lib/repo: Add ostree_repo_remote_get_gpg_keys() bin/remote: Add list-gpg-keys subcommand libotutil: Import implementation of zbase32 encoding libotutil: Add helper for GPG WKD update URLs lib/repo: Include WKD update URLs in GPG key listing bin/remote: Include update URLs in list-gpg-keys fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys() fixup! bin/remote: Add list-gpg-keys subcommand fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys() bin/remote: Rename list-gpg-keys to gpg-list-keys Jonathan Lebon (3): lib/sign-dummy: Handle incorrect signatures correctly lib/sysroot: Fix error message about creating `/var/lib` ostree/dump: Fix free'ing a static string Luca BRUNO (15): configure: post-release version bump builtins/commit: check for conflicting permissions options builtins/commit: move commit modifier to auto-cleanup lib/core/checksum: add flag to use canonical permissions lib/repo/checkout: use canonical perms in bare-user-only mode lib/commit: autofix permissions for bare-user-only lib/diff: ignore xattrs if disabled on either repos lib/diff: automatically skip xattrs in bare-user-only mode builtins/commit: set up relevant flags in bare-user-only mode lib/commit: automatically skip xattrs in bare-user-only mode tests: update several bare-user-only checks lib: improve transactions auto-cleanup logic libtest: tweak selinux/relabel message tests/basic: avoid changing ownership tests: skip a broken fsck case Simon McVittie (1): tests: Unset SOURCE_DATE_EPOCH 刘建强 (1): fix: Avoid wild pointers ``` Git-EVTag-v0-SHA512: eace94b80c91fb88dc9357a42c0f06b4d4cdd198c0c87586d4ef5ee307cf96237202546e1bfe630d2f55988f497224c86bfa2b384000374b9bd6badc22a772a4
Release 2021.3 This release adds new repository-locking methods to the API, in order to make lock handling more granular and better suited for multi-threaded consumers of the library. Several bugs have been fixed related to service unit ordering and enablement. Pulling from remotes with unknown schemes now produces more friendly error messages. API documentation is now automatically published to <https://ostreedev.github.io/ostree/reference/>. By default, commit timestamps now respect the 'SOURCE_DATE_EPOCH' environment flag, improving support for reproducible outputs. On the community side, the default git development branch has been renamed to 'main' and the IRC channel moved to the libera.chat network. --- ``` Alexander Larsson (1): libtest-core: Add assert_files_equal Benjamin Gilbert (1): OWNERS: remove Christian Kellner (1): Fix small typo in ostree-sysroot.c Colin Walters (9): build-sys: Add toplevel workspace Cargo.toml tests/inst: Make nondestructive tests runnable as unit tests configure: post-release version bump ci: Fix GH action for rustfmt pull: Cleanly error out on unknown schemes ci: Fix staged-delay to work with newer systemd repo: Make locking APIs public deploy: Warn if we find content in the deployment's /var Use generator to enable ostree-remount.service and ostree-finalize-staged.path Dan Nicholson (27): tests: Test without a cache directory by default docs: Fix CONTRIBUTING link docs: Provide bundler setup for building site locally docs: Add github workflow for building and publishing docs docs: Copy in API docs and add link workflow/docs: Give token write permission to push gh-pages tests/gpg: Don't assert subkey expiration when only primary expired repo: Require lock type in ostree_repo_lock_pop build-sys: Bump required GLib to 2.44 repo: Make locking per-OstreeRepo repo: Make locking precondition failures fatal test-concurrency: Lower lock timeout tests: Add single process repo locking tests repo: Use g_new for OstreeRepoAutoLock Don't fail build when systemd unit path not defined ci: Rename GitHub Actions rust workflow metadata file ci: Add GitHub Actions workflow for test suite ci: So long, Travis CI ci: Disable fail-fast in GitHub Tests workflow ci: Drop special handling of test-suite.log ci: Update Debian and Ubuntu build dependencies ci: Use Debian and Ubuntu release stage tags Jonathan Lebon (2): docs: Add more details about 3-way merge ostree-remount: Order before systemd-rfkill.* Luca BRUNO (2): lib/commit: respect SOURCE_DATE_EPOCH for commit timestamp ci/release-build: evaluate package_version from m4 definition Micah Abbott (1): docs: typo fix for /usr/etc Philip Withnall (1): docs: Change IRC channel to libera.chat from freenode Simon McVittie (5): libtest: On failure, make it clearer what has happened libtest-core: On failure, make it clearer what has happened libtest-core: Update URL of rpm-ostree libtest-core: Mention bubblewrap as a user of this file libtest.sh: Remove duplicate ERR trap and report_err() Timothée Ravier (4): packit: update for F34, rawhide branch & master rename *: rename master branch to main *: rename master to main in tests & examples *: rename master branch to main (external repos) ``` Git-EVTag-v0-SHA512: bb2e0eb5926f8da1160d89f8b3d8008d5842c43c0ae33997a20ad74b65a813b5ab0fdec9c1aed037517eb7c301ff52213db058970b5e979fdb6c769efff65722
Release 2021.2 This release mainly adds new APIs for file writing, which we will use in the new ostree-rs-ext project to improve imports from tarballs. The other feature is that rofiles-fuse now handles xattrs (but - rofiles-fuse should be considered deprecated, see ostreedev#2281 ). There's also some more introspection API tweaks, and some testing improvements. Thanks to all contributors! Benjamin Gilbert (1): docs: fix "Edit this page on GitHub" links Colin Walters (25): configure: post-release version bump .lgtm.yml: Add package deps installdeps: Drop PyYAML tests/pull-test: Use mv -f in a few cases cci: Update for buildroot changes repo: Fix load_variant_if_exists to return a nullable value repo: Ensure load_variant_if_exists sets NULL value build-sys: Include all mkinitcpio bits manual-tests: Fix unused variables core: Fix lgtm.com warning about always true `if (bits > 0)` tests: Drop openat override tests/inst: Update ostree crate tests/inst: Update rpm-ostree client tests/inst: Update tokio, hyper and nix build-sys: Remove --enable-experimental-api core: Drop unused error handling from object stream helper tests: Silence a gcc warning repo: Add ostree_repo_write_regfile_inline travis: Bump Ubuntu versions repo: Add ostree_repo_write_symlink repo: Add ostree_repo_write_regfile tests: More tests for inline writing repo: Ensure we set the size for regfile inline Release 2021.2 configure: post-release version bump Dan Nicholson (6): Remove apidoc .gitignore from version control Ensure consistent apidoc .gitignore travis: Don't ask any debconf questions when installing packages travis: Drop i386 Ubuntu target travis: Correct ci_suite settings for buster travis: Add back a 32 bit i386 build Felix Krull (1): lib: fix some version tags Stefan Berger (1): rofiles-fuse: Enable support for setting and getting xattrs Git-EVTag-v0-SHA512: 82ed5d5fec3a782758ba89fa4e822e2c6fed33a8b47c55e3963bafb7ba8873cb62fbcb9ecc8028aae0bea516adbee83c54f781cd0ab589e785210856a6a05cd4
Release 2020.8
This release mostly contains scalability improvements and bugfixes.
Caching-related HTTP headers are now supported on summaries and signatures, so that they do not have to be re-downloaded if not changed in the meanwhile.
Summaries and delta have been reworked to allow more fine-grained fetching.
It is now possible to store deltas in detached metadata outside of summary files, so that only relevant ones can be pulled when downloading a particular commit.
In particular, deltas can now be stored in a separate directory indexed by target commit, thus grouping the subset of deltas affecting it. These indexes are updated when the summary is updated and the in-summary delta index would normally be updated.
Related to the above, a new core option has been added to drop the deltas from the summary. However, as that would break older versions looking for the deltas there, it is off by default.
Finally, this fixes several bugs related to atomic variables, HTTP timeouts, and 32-bit architectures.
---
```
Alexander Larsson (16):
deltas: Add _ostree_get_relative_static_delta_index_path()
deltas: Add ostree_repo_list_static_delta_indexes() function
deltas: Update delta indexes when updating summary
deltas: Add and document no-deltas-in-summary config option
deltas: Make ostree_repo_static_delta_reindex() public
deltas: Add CLI ops to list and reindex delta-indexes
deltas: Use delta indexes when pulling
deltas: Add tests for delta indexes
deltas: Take a shared repo lock while reindexing deltas
deltas: Set `indexed-deltas` key in the config and summary
pull: Only download summary if we need it for the pull operation
tests: Add a testcase to ensure we're not using the summary if we don't need it
Add ostree_repo_gpg_sign_data()
ostree pull: Add more g_debug spew around fetching deltas
ostree_repo_gpg_sign_data: Fix API doc argument name
pull: Don't save into cache passed in GByte summaries
Colin Walters (7):
Post-release version bump
deploy: Remove (transfer none) from fd arg
travis: Add a 32 bit build
sysroot: Fix up some GI nullable annotations
bin/checkout: Port some to new style
deployment: Add a bunch of docs and fix annotations
deployment: Ensure query_deployments_for returns nullable values
Dan Nicholson (1):
lib/deltas: Annotate from checksum as nullable
Felix Krull (1):
lib: fix GI parameter tags
Jonathan Lebon (4):
ostree-prepare-root: print st_dev and st_ino as 64-bit ints
lib/fetcher-curl: Use G_SOURCE_REMOVE instead of FALSE
lib/fetch-curl: Unref timeout source
Drop use of `volatile`
Kelvin Fan (1):
docs: Fix various typos
Luca BRUNO (5):
ci/travis: move to newer base distro
ci: run ci-release-build.sh on GitHub
workflows/release: pattern-match on PR title
Philip Withnall (5):
libostree: Add support for ETag and Last-Modified headers
lib/pull: Hook up HTTP caching headers for summary and summary.sig
tests: Add simple test for summary file caching
ostree/trivial-httpd: Add Last-Modified/ETag support
tests: Split RFC 2616 date parsing code out and add tests
William Manley (8):
ostree_repo_get_bootloader: Document transfer none
Refactor: Centralise choosing the appropriate bootloader
Refactor: sysroot.bootloader: Store enum value rather than string
Add support for explicitly requesting any specific bootloader type
Refactor `ostree_sysroot_query_bootloader`
Tests: Refactor bootloader-entries-crosscheck
```
Git-EVTag-v0-SHA512: 3a901507254214cda091915f7de2cb90a5a1042f40eadd3a4bdcd295e2c4f7fd9015447f3958cfdd816c5d7460752b6a0d0e4a5fca0287798d3071653ba59d47
Release 2020.7 Static deltas can now be signed to more easily support offline verification. There's now support for multiple initramfs images; the idea here is that one can have a "main" initramfs image and a secondary one which represents local configuration. The documentation is now moved to https://ostreedev.github.io/ostree/# A lot of preparatory cleanups to the pull code landed for upcoming work on indexing deltas outside of the summary. On the bugfix side, the biggest one is a fix for an assertion failure when upgrading from systems before ostree supported devicetree. Also notable is that ostree no longer hardlinks zero sized files to avoid hitting filesystem maximum link counts. ``` Alexander Larsson (17): list-deltas: Don't break on non-subdir entries Fix leak when signing pull: Break out _ostree_repo_save_cache_summary_file() helper pull: Actually mmap summary files Add and use ot_checksum_bytes helper deltas: Break out _ostree_repo_static_delta_superblock_digest() helper Break out the signature verification code into a helper function fetch_summary_with_options: drop unnecessary "goto out" use Add g_autoptr helper for pushing a thread default main context repo_remote_fetch_summary: Use GMainContextPopDefault Inline repo_remote_fetch_summary Minor cleanup of _ostree_repo_remote_new_fetcher() ostree-repo-pull.c: Extract mirrorlist generation to helper Update the symbols files to match that we're now on 2020.6 ostree_repo_find_remotes_async: Fix leak of summary fetch_summary_with_options: Fix n-network-retries option parsing signatures: Fix leak in _sign_detached_metadata_append() Colin Walters (10): Post-release version bump ci: Drop var mount test deploy: Add some error prefixing around xattr setting commit: Tighten scope of two variables checkout: Ensure copies of unreadable usermode checkouts are readable deploy: Remove deployment bootcsum assertion delta: Some minor code style fixups checkout: Don't hardlink zero sized files libglnx: Bump to master Release 2020.7 Frédéric Danis (12): lib/deltas: Add inline signature for static-delta superblock bin/static-delta: Add support to sign superblock lib/deltas: Add signature check API for static-delta superblock bin/static-delta: Add command to verify delta signature lib/deltas: Support signed delta in execute_offline lib/deltas: Support signed delta in dump tests/delta: new tests for signed deltas tests/libtest.sh: Add skip_without_sign_ed25519() function tests/delta: new tests for 'ed25519' signed deltas lib/deltas: Check signed delta in execute_offline bin/static-delta: Add signature parameters to apply-offline tests/delta: Add new tests for applying signed deltas Jonathan Lebon (8): Makefile-libostree.am: Uncomment BUILDOPT_IS_DEVEL_BUILD conditional lib: Minor versioning related fixes lib/bootconfig: Add support for multiple initrd keys lib/deploy: Add deploy/stage APIs with options lib/deploy: Add support for overlay initrds Add Packit integration lib/deploy: Don't leak fd when checksumming dtbs ci: Make Packit ignore downstream patches Phaedrus Leeds (1): Avoid shadowing local variables Philip Withnall (3): lib/repo: Add mode and tombstone config options to the summary file lib/pull: Read mode and tombstone options from summary file if possible ostree/dump: Fix a memory leak Timothée Ravier (7): docs: Add Jekyll and theme config docs: Update Index page docs: Update Contributing and tutorial pages docs: Move and update pages from the manual docs: Move historical README to the docs README: Update and mention new docs docs: Fix URL in Jekyll _config.yml ``` Git-EVTag-v0-SHA512: d6f38b96bc9385bf89f347300967b53709be34d2bad9b78eecd7f5ae5c1bcadb18daca38576d65d325279d0bc77488fe49524c39114e3b2b05a7fe6eb24ac704
Release 2020.6 One notable feature: ostree now supports `/` and `/boot` being on the same filesystem. I know this has been a long time coming and often demanded - thanks to everyone who contributed, but particularly @wmanley who even did two separate implementations to better compare the advantages/disadvantages! PR: ostreedev#2149 Other than that it's mostly bugfixes; there is one quite important one for anyone using the `readonly=true` for `/sysroot` (which is still just Fedora CoreOS I suspect). There's some improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file, etc. Thanks to everyone who contributed! ``` Colin Walters (11): Post-release version bump tests/inst: Bump to latest ostree and gtk-rs pull: Assign idle_src variable before calling unref() prepare-root: Remove unused variable admin/pin: Enforce that index is a number tests: Check the immutable bit linuxfsutil: Pass int to ioctl, not long tests/inst: Port to new sh-inline repo tests/inst: Update to published sh-inline crate Release 2020.6 Post-release version bump Felix Krull (2): lib: add some missing version tags lib: mark out parameters as out parameters Jonathan Lebon (4): configure.ac: Set is_release_build=no ostree-prepare-root: Fix /etc bind mount ostree-remount: Remount /etc rw if needed ci: Temporarily import kola test from jlebon's FCOS fork Matt Bilker (1): Fix mkinitcpio with newer systemd versions Simon McVittie (1): boot: Replace deprecated StandardOutput=syslog with journal, etc. William Manley (2): Refactor tests/bootloader-entries-crosscheck.py sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot ``` Git-EVTag-v0-SHA512: 87bbc042f89d96c9cdeb46853289fb816047532ce7061014e933b215bb5b97fb816472e532236866144f174e31dab5883eed753d7ebba07854532c657b6005b7
PreviousNext