Skip to content

2017.7

Compare
Choose a tag to compare
@cgwalters cgwalters released this 19 Jun 15:45
v2017.7

The most notable thing for this release is that for flatpak users/distributors,
this release adds a lot of (opt-in) hardening against setuid or world-writable
files. These issues are also (to a lesser degree) applicable to ostree-based
build systems which use the bare-user repository mode. A pending flatpak
version will require this version of libostree. More information in:
flatpak/flatpak#845

For ostree-as-host, we fixed a major regression in SELinux labeling for
/etc (only applies to SELinux-using host systems).

Known issue: test-symbols.sh will fail when building from the tarball (as
opposed to a git clone). Pending fix: #944

Besides that, there's various smaller cleanups and fixes. It's great to see
contributors from a variety of organizations; having libostree be a shared
infrastructure layer across distributions is a longstanding vision. Thanks to
all contributors!

Alexander Larsson (5):
      fetcher: Send Accept-Encoding: gzip when downloading summary
      repo: After renaming in all loose objects, ensure metadata is stable
      lib/repo: Always look in staging directory for objects
      pull: When mirroring, only replace summary if we're doing a full mirror
      static delta apply: Work on bare-user-only repos

Anton Gerasimov (1):
      lib/sysroot: Add API to get pending/rollback for given stateroot

Brian C. Lane (1):
      Remove the OSTREE_MAX_RECURSION limit on metadata depth

Colin Walters (51):
      tests/test-symbols.sh: Fix with --enable-experimental-api
      ci: Add unit case for --enable-experimental-api
      tests/libtest-core: Copy rpm-ostree changes, clean up
      bin/cookies: Delete dead tmpfile code in cookie list command
      Add stub for new libglnx tmpfile API, port simpler callers to it
      lib/deploy: Port config merge logic to new code style
      tests: Add some C tests for object writing
      pull-test: Add some 404 tests
      lib/fsutil: Delete unused GFile ioctl method
      lib/fsutil: Port to new code style
      lib: Add an "is_system" member to OstreeRepo
      lib/sysroot: Add non-failable ostree_sysroot_repo()
      tree-wide: Add+run spatch to use glnx_throw()
      cmd: Use autoptr for GKeyFile
      lib/util: Some style conversion
      Add a notion of "physical" sysroot, use for remote writing
      repo/commit: Dedup metadata writing API implementations
      repo/commit: Dedup content writing API implementation
      repo/commit: In the expected checksum case, check existence early
      repo/commit: Don't renormalize trusted metadata
      repo/commit: Split up metadata/content commit paths
      lib/repo: Delete unused private prototypes
      Revert "Add a notion of "physical" sysroot, use for remote writing"
      Don't install trivial-httpd man page if not enabled
      Canonicalize bare-user-only perms with 0755 mask
      builtins/cat: Port to new code style
      lib/repofile: Port mostly to new code style
      lib/repofile: Follow symlinks for `g_file_read()`
      lib/repo: For bare-user, mask content object modes with 0775
      tests: Add a test for bare-user-only failing to commit suid content
      repo/commit: Support group-writable files for bare-user-only
      ci: Update to match current rpm-ostree
      ci: Add CentOS 7 build
      repo: Fix leak of superblock fds when generating summary
      lib/commit: Port final object writing function to new code style
      lib/commit: Drop some conditionals/clarify code in content path
      lib/checkout: Ignore world-writable dirs for bare-user-only checkout
      lib/repo: Refactor object copy import function
      lib/repo: Skip import via hardlink if repo owners don't match
      lib/repo: Import metadata via hardlink even for distinct repo modes
      lib/repo: Support hardlink conversions from bare-user to bu-only
      lib/pull: Add OSTREE_REPO_PULL_FLAGS_BAREUSERONLY_FILES
      lib/checkout: Add bareuseronly_dirs option
      build-sys: post-release version bump
      lib/sysroot: Add some g_prefix_error() for ostree_sysroot_cleanup()
      lib/pull: Extend BAREUSERONLY_FILES flag to HTTP requests
      lib: Split symbol versioning into -released and -devel
      checkout: Fix SELinux policy labeling when recursing
      tests: Fix previous commit for selinux testing
      build-sys: Add "release build" flag, use for symbol versioning
      Release 2017.7

Daniel Drake (2):
      libtest: allow committing to alternative branches
      Allow commits to mark refs as EOL, replaced by others

David Shea (1):
      lib/repo: Fix annotations for out parameters

Jonathan Lebon (6):
      pull: complete detached meta fetch before scanning
      PAPR: migrate to the new name
      checkout: don't apply SELinux labeling in user mode
      checkout: also chmod in the user checkout case
      manual: document bare-user-only repo mode
      basic-test.sh: explicitly check for uncompressed objects

Krzesimir Nowak (1):
      lib/sysroot: Document the NO_CLEAN flag

Owen W. Taylor (1):
      lib/repo: Don't copy xattrs when manipulating the GPG keyring

Philip Withnall (16):
      lib/remote: Add a getter for OstreeRemote.name
      lib/remote: Add internal annotations to OstreeRemote
      lib/remote: Add arguments to internal OstreeRemote constructor
      lib/repo: Add return value to _ostree_repo_add_remote()
      lib/repo: Make ost_repo_remove_remote() available internally
      lib/remote: Fix compilation with --enable-experimental-api
      build: Use AM_TESTS_ENVIRONMENT rather than TESTS_ENVIRONMENT
      lib/repo: Reindent some code in regenerate_summary() for clarity
      lib/pull: Fix a typo in a documentation comment
      lib/pull: Simplify a for-loop initialisation
      lib/pull: Drop some trailing whitespace
      lib/pull: Fix an over-indented block
      ostree/dump: Improve formatting for well-known commit metadata keys
      lib/repo: Omit deltas from the summary file if there are none
      lib/fetcher: Add cleanup function for OstreeFetcher
      lib/pull: Fix construction of a refspec to use the correct separator

Tristan Van Berkom (1):
      ostreee-version.h.in: Added Since: version annotations



Git-EVTag-v0-SHA512: 5115bcfa837cf59ed3672f5c7717796091ce2e88eb3ecb75148d14055246529afc2206d8e02540d2f6cb0254bee4d29506b47dbd65212f5a0b14a846f1cc986e
-----BEGIN PGP SIGNATURE-----

iQEwBAABCgAaBQJZR/ALExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwsj
Fwf+J5XIzBg7EWZOvM46tJsIz4SheSC0ULEIOT497S25mZepMUbyWfp5eS1pgr8O
daj/tUwRqWjC84kTF6lo0ChBahQl6d+QFQsC8HYdyKfBgnIfVOEkKfdea5Q2Syed
Ox/ntiPUDdO1bUZ+72X6TpQGaBhV1XfL8l9GT91ZCRgQ22yt3i0hdiAJOX+ka0ix
bD3Dy1LQz/CieUz7ViAMHWxZvva42a+ybKdzgX2r0W9Ci6NXXysOSMtKXCzoNyZl
rf0lzpmx0LpddICUEkn07uSoC2y9Yep8JRH4UKJ5vdbP3h76D1cMckRwNvYvtsjO
vapkPL9pqn/Fv2Rr/oNY3WPJ5w==
=IYbt
-----END PGP SIGNATURE-----