Skip to content

2017.4

Compare
Choose a tag to compare
@cgwalters cgwalters released this 12 Apr 19:10
v2017.4

A notable new feature in this release is a fourth repository
mode: "bare-user-only". This is very similar to bare-user, but
canonicalizes permissions and ignores xattrs. The intended
use of this is for "non-OS" container tools such as flatpak, where one
intentionally discards the traditional file ownership.
(I'm calling this container case "non-OS" to distinguish from other container tools
where one might want to "log in" via PAM and supporting distinct UIDs
inside a single container is valuable)
More information: #750

We have a few new APIs, such as ostree_check_version() which is
important when making use of some of the "API extensions" we have
using GVariant on e.g. ostree_repo_pull_with_options().

The diff is a bit larger due to us switching to a new code style.

Another quite important change is that ostree trivial-httpd is
disabled by default. With a libcurl build, this is the last part
that links to libsoup. It's only needed for unit tests, so can
be subpackaged or discarded. (We're doing the latter for Fedora)

Speaking of curl, we now support --with-openssl which enables
using OpenSSL's libcrypto for SHA256. This can be notably faster.
You likely want this if e.g. libcurl is already linked to OpenSSL
for you. I'm increasingly confident in the curl code, and should
be ready to recommend using it by default in the next release or
two.

Thanks to all contributors!

Alexander Larsson (4):
      Add _ostree_repo_mode_is_bare helper
      Add bare-user-only repo mode
      commit: Add --canonical-permissions argument
      Add basic tests for bare-user-only repo modes

André Klitzing (2):
      Avoid unnecessary includes
      Fix includes if built against musl

Anton Gerasimov (1):
      Define TARGET_PREFIX to use with grub2 deployment

Colin Walters (46):
      Disable "ostree trivial-httpd" by default now
      core: Add runtime ostree_check_version()
      builtin/show: Convert to direct return/decl-after-stmt style
      pull: Squash a `-Wmaybe-uninitialized` warning
      lib: Exclude soup header from introspection
      lib: Squash most of the gtk-doc warnings for missing parameters
      lib: Add a private copy of checksum-instream
      core: Support building with OpenSSL for checksums
      sysroot/deploy: Some cleanup to decl-after-stmt/return FALSE style
      sysroot: Prep refactoring of cleanup logic
      build: Quiet automake warning for bupsplit
      build: Various fixes for openssl build
      Bump libglnx, port a few callers to new error API
      sepolicy: Add ostree_sepolicy_new_at()
      sepolicy: Add better private API for setfscreatecon
      cfg.mk: Add a syntax check for a redundant : in glnx_throw
      repo/refs: Convert to new code style
      sysroot: Add ostree_sysroot_write_deployments_with_options()
      core: Convert some functions to new code style
      build: Dist ostree-sepolicy-private.h
      commit: Prefix error with target object name on failure to write
      repo+tests: Add [core]disable-xattrs=true, use it on overlayfs
      pull: Also skip partial commits for deltas if no summary file
      ci: Enable -Werror=unused-result with -Wp,-D_FORTIFY_SOURCE=2
      sysroot: Don't cache sepolicy
      repo/commit: Change most of this file to new code style
      build: Expose autocleanups unconditionally, start using them
      lib: Fix OSTREE_CHECK_VERSION()
      lib: Delete old GFile path helpers, and migrate single last user
      lib: Delete old unused GFile helpers
      libutil: Delete unused threadpool wrapper
      libutil: Delete unused GVariant I/O functions
      libutil: Delete some unused checksum helper API
      libutil: Delete some unused error handling APIs
      Add Coccinelle usage: one for blacklisting, one for patch collection
      sepolicy: Fix regressions from introduction of sepolicy_new_at()
      Add flag to make SELinux label failure fatal, add hack for /proc
      ci: Add a check that submodule changes include "Update submodule: "
      core: Fix default value of disable_xattrs
      repo/core: Convert some functions to new code style
      soup: Hold a ref to the pending URI during completion processing
      sysroot/deploy: More code style conversion
      curl: Enable pipelining for HTTP/2
      Fix a few gtk-doc warnings
      checkout: Provide useful error with checkout -H and incompat mode
      Release 2017.4

Daniel J Walsh (1):
      sysroot/unlock: Ensure overlay label on /usr is `usr_t`

Erik Larsson (1):
      diff: Add ostree_diff_dirs_with_options(), expose via cmdline

Georges Basile Stavracas Neto (1):
      libostree: add versioning macros

Git-EVTag-v0-SHA512: 71f0649308f04f15eb6a22b4b34c2804d680d5870dd3b6391079fa2be6c0f4df74e7ed4f8abbb461104ad23707ecf38587b187a8bd240a9979e4800c13efce78
-----BEGIN PGP SIGNATURE-----

iQEwBAABCgAaBQJY7npbExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwuu
tAf+OodLq6R8wuDDJUwOHTHTPlaCW5fZn/MEm3IIpeX7A3Cnr3+t6ZgY4LBtc22Q
w3eHCoHMC181Xr6Rz3RtncRXtMJyvQjanLXDdTCJomkNEi4e4YngMLO1wqQ/5gY+
Dcgo8/u4n5lM9ns5rSxDZ3U+kSkkfVWwkTbDlBYpn5hnrW27k/OSbN4uXqCccjTE
LMRuniUqFaNSy1ia2Sr//6znpoYlaFfL30VEL9GJlvkxsg8c0ToCwnuzcvMP1mM4
SY3noj1LqZ+nVtBTRWDdpY666CdgzPm30OxssVL8fdtXN1MBIWQVBsNmkAvRhFjJ
sRaWwbjxsdQ0TXOmZuaJj3WQrQ==
=iIP/
-----END PGP SIGNATURE-----