Releases: ostreedev/ostree
2017.9
A notable new feature in this release is that the pull machinery now interprets
two new metadata keys: ostree.ref-binding and ostree.collection-binding.
This allows closing a longstanding class of "sidegrade" attacks that Florian
Weimer identified when performing a security audit of libostree years ago:
https://bugzilla.gnome.org/show_bug.cgi?id=724873
There was a more recent discussion on this topic on the list:
https://mail.gnome.org/archives/ostree-list/2017-May/msg00013.html
For the ostree-as-host case, this only matters if you offer multiple refs. For
flatpak, it's more important as a MITM attacker could actually switch applications;
that's why flatpak implemented this a while ago as xa.ref.
I'll note here that it's recommended for content providers to make use of
ostree's support for tls-ca-path to implement TLS CA pinning, which protects
all metadata and content in a strong fashion; in this scenario the GPG
signatures act as a secondary layer of defense and make offline verification
easier (for e.g. mirroring).
Otherwise, there's some performance enhancements for local pulls, and a variety
of bugfixes.
Thanks to all contributors!
Colin Walters (24):
build-sys: Post-release version bump
deploy: Port some functions to new style
checkout: Don't set dir mtime to 0 when doing a force copy checkout
tests: Run pull tests for bare/bare-user
lib/pull: Avoid journaling 404s for optional content
ci/papr: Update to F26
lib/pull: Do local content imports async too
Add a notion of "physical" sysroot, use for remote writing
bin/cookies: Drop libsoup code, fix fd-relative issues, new style
lib/pull: Drop direct use of ->repodir
Update libglnx, port various bits to new API
core: Sanitize error text validating refs (e.g. against HTML)
lib/repo: Auto-recreate repo/tmp if it's deleted
ci/papr: Switch primary to libcurl, add libsoup context
lib/commit: Fix EBADF with GENERATE_SIZES option for commit
ci/papr: Add a suite to run introspection-based tests without ASAN
lib: Add #defines for current well-known metadata keys
tests: More fixes for gjs tests
ci: Enable -Werror for clang
build: Turn off default warnings if we find -Werror specified
Update libglnx, port some uses to newer APIs
lib/core: Add #defines for ref/collection binding
ci: Enable libcurl by default on Fedora
Release 2017.9
Emmanuele Bassi (1):
Move the include directive to the enum template
Krzesimir Nowak (4):
ostree: Add collection and ref bindings to metadata on commit
lib/pull: Pass the ref together with the request
lib/pull: Collection and ref bindings verification
tests: New tests for creating commits with bindings and pulling them
Philip Withnall (4):
lib/repo-commit: Fix types of content size cache entries
lib/repo: Add OSTREE_REPO_METADATA_REF as a well-known metadata store
build: Ensure all .sym files are distributed in tarballs
build: Ensure all experimental tests are distributed in tarballs
Ruixin (1):
lib: Add #define for endoflife metadata key
Simon McVittie (1):
build: Don't distribute generated man pages
Git-EVTag-v0-SHA512: d5eff57f587038fcb29ee373db2ecae03908bb1fb0cbbad8d6f30fa8ec618c24b7312b03a4b958a8c10ce1450525382609f6726e837b77a7de8aa26c87a9cf67
2017.8
This is a quicker release closely following 2017.7, but it still
includes a number of changes. First, a lot of work is landing
from Philip/Krzesimir for doing "collections" and pulling
content from Avahi/USB drives etc. That work is still underneath
--enable-experimental-api, but look for more from that soon!
Other notable user-visible feature PRs from this cycle are:
lib/repo: Add min-free-space-percent option, default 3%: #987
Add "pull --localcache-repo": #982
An important bugfix for bare-user repo mode owners is:
lib/commit: Ensure bare-user objects are always user-readable: #989
Besides that we have a lot of code cleanup, CI work, etc.
Thanks to all contributors!
Colin Walters (44):
main: DevelBuild=yes to `ostree --version` for devel builds
build-sys: Post-release version bump
repo: Squash a gcc `-Wmaybe-uninitialized` warning
ci: Enable -Werror=maybe-uninitialized
lib/core: Avoid NULL deref in content_file_parse() if out variable unset
lib/repo: Split archive/bare file parsing
lib/repo: More cleanup of load_file() internals
lib/deltas: Port to more to new code style
cmd/fsck: Port to new style
tests: add a syntax-check rule for glnx_prefix_error()
lib/commit: Clean up commit file type handling variables
lib: Hoist unlinkat() cleanup API to fsutil, use in pull
lib: Use OtTmpFile for static delta processing
lib/commit: Fix fallocate size for bare-user symlinks
lib/ref: Suppress more collection ref methods from introspection
ci: Make introspection warnings fatal
lib/deltas: Some style porting
build: Don't scan ostree-remote.h for introspection if !experimental-api
pull: Check free space when pulling deltas
ci: Actually run installed tests again
Port to GLnxTmpfile
tree-wide: Misc porting to newer libglnx APIs
libutil: Add a helper for O_TMPFILE + mmap()
lib/commit: Refactor non-failable size indexing function
lib/deltas: More porting to new code style
lib/repo: Port bareuser-conversion stat to bare load
lib/pull: Some small style porting
tests: Fix assert_files_hardlinked
lib/pull: Don't fetch detached metadata twice for local pulls
tree-wide: Replace various uses of `archive-z2` → `archive`
cmdline/pull: Print final status even if noninteractive
lib: Add a helper to convert struct stat → GFileInfo
lib/commit: Port a few minor functions to new style
lib/pull: Move check for requested content earlier
Add "pull --localcache-repo"
lib/commit: Fix a tmpfile fd leak in static delta processing
bin/commit: Port helper functions to new style
bin/commit: Add '=' to --statoverride
lib/commit: Ensure bare-user objects are always user-readable
lib/commit: Use provided length when doing writes
lib/repo: Add min-free-space-percent option, default 3%
pull: Cleanly error when doing local pulls of remote-prefixed refs
lib/repo: Immediately error creating bare-user repo on tmpfs
Release 2017.8
Jonathan Lebon (6):
ci: add ci-release-build.sh
papr: build and test on c7
test-switchroot.sh: skip if no busybox
codebase: start using GLNX_HASH_TABLE_FOREACH macros
ci: unconditionally turn on -Werror
pull: fix GLNX_HASH_TABLE_FOREACH_KV regressions
Philip Withnall (31):
build: Add ‘devel’ or ‘release’ to OSTREE_FEATURES for test-symbols.sh
lib/core: Add ostree_validate_remote_name() for remote names
lib/core: Fix ‘Since’ line for ostree_validate_remote_name()
lib/sym: Fix symbol versions for 2017.7 experimental symbols
lib/remote: Fix ‘Since’ line for OstreeRemote
lib/repo: Split out ref handling from regenerate_summary()
lib/ref: Add OstreeCollectionRef type for globally unique refs
lib/repo: Add collection ID support to OstreeRepo
lib/refs: Add methods for setting/listing collection–refs
lib/pull: Add collection support to ostree_repo_pull_with_options()
lib/repo-finder: Add basic support for finding remote URIs by ref name
lib/repo-finder: Add config-file based OstreeRepoFinder implementation
lib/repo-finder: Add mount based OstreeRepoFinder implementation
lib/bloom: Add an internal bloom filter implementation
lib/repo-finder: Add Avahi based OstreeRepoFinder implementation
find-remotes: Add a find-remotes built-in command
find-remotes: Add pull support to the find-remotes built-in command
init: Add a --collection-id argument to the built-in init command
remote-add: Add a --collection-id argument to the built-in add command
refs: Add a --collections argument to the built-in refs command
ostree/dump: Include collection IDs and mirrored refs in summary dumps
ostree/builtins: Add support for collection–refs to a few utilities
tests: Add integration tests for collections
lib/refs: Add runtime error checking for collection ID validity
lib/repo: Fix a typo in a documentation comment
tests: Fix incorrect `summary --update` usage in test-local-pull.sh
ostree/summary: Add support for adding additional metadata
lib/pull: Don’t cache summary file until its signature is verified
lib/pull: Check whether summary is in normal form when loading it
lib/pull: Use ostree_repo_verify_summary() to verify summary on pull
lib/repo: Fix repo-finder deleting remote configs when run
Simon McVittie (1):
build: Always include ostree-trivial-httpd.xml in tarballs
Git-EVTag-v0-SHA512: e1c420d6528a51dc5daacaec241c6ffaa66be4ba8e07d61bad74086e6add9418a036f26f571e13ea90db482ff2985608c97faa3eb951216a0411cf062de8a4cc
2017.7
The most notable thing for this release is that for flatpak users/distributors,
this release adds a lot of (opt-in) hardening against setuid or world-writable
files. These issues are also (to a lesser degree) applicable to ostree-based
build systems which use the bare-user repository mode. A pending flatpak
version will require this version of libostree. More information in:
flatpak/flatpak#845
For ostree-as-host, we fixed a major regression in SELinux labeling for
/etc (only applies to SELinux-using host systems).
Known issue: test-symbols.sh will fail when building from the tarball (as
opposed to a git clone). Pending fix: #944
Besides that, there's various smaller cleanups and fixes. It's great to see
contributors from a variety of organizations; having libostree be a shared
infrastructure layer across distributions is a longstanding vision. Thanks to
all contributors!
Alexander Larsson (5):
fetcher: Send Accept-Encoding: gzip when downloading summary
repo: After renaming in all loose objects, ensure metadata is stable
lib/repo: Always look in staging directory for objects
pull: When mirroring, only replace summary if we're doing a full mirror
static delta apply: Work on bare-user-only repos
Anton Gerasimov (1):
lib/sysroot: Add API to get pending/rollback for given stateroot
Brian C. Lane (1):
Remove the OSTREE_MAX_RECURSION limit on metadata depth
Colin Walters (51):
tests/test-symbols.sh: Fix with --enable-experimental-api
ci: Add unit case for --enable-experimental-api
tests/libtest-core: Copy rpm-ostree changes, clean up
bin/cookies: Delete dead tmpfile code in cookie list command
Add stub for new libglnx tmpfile API, port simpler callers to it
lib/deploy: Port config merge logic to new code style
tests: Add some C tests for object writing
pull-test: Add some 404 tests
lib/fsutil: Delete unused GFile ioctl method
lib/fsutil: Port to new code style
lib: Add an "is_system" member to OstreeRepo
lib/sysroot: Add non-failable ostree_sysroot_repo()
tree-wide: Add+run spatch to use glnx_throw()
cmd: Use autoptr for GKeyFile
lib/util: Some style conversion
Add a notion of "physical" sysroot, use for remote writing
repo/commit: Dedup metadata writing API implementations
repo/commit: Dedup content writing API implementation
repo/commit: In the expected checksum case, check existence early
repo/commit: Don't renormalize trusted metadata
repo/commit: Split up metadata/content commit paths
lib/repo: Delete unused private prototypes
Revert "Add a notion of "physical" sysroot, use for remote writing"
Don't install trivial-httpd man page if not enabled
Canonicalize bare-user-only perms with 0755 mask
builtins/cat: Port to new code style
lib/repofile: Port mostly to new code style
lib/repofile: Follow symlinks for `g_file_read()`
lib/repo: For bare-user, mask content object modes with 0775
tests: Add a test for bare-user-only failing to commit suid content
repo/commit: Support group-writable files for bare-user-only
ci: Update to match current rpm-ostree
ci: Add CentOS 7 build
repo: Fix leak of superblock fds when generating summary
lib/commit: Port final object writing function to new code style
lib/commit: Drop some conditionals/clarify code in content path
lib/checkout: Ignore world-writable dirs for bare-user-only checkout
lib/repo: Refactor object copy import function
lib/repo: Skip import via hardlink if repo owners don't match
lib/repo: Import metadata via hardlink even for distinct repo modes
lib/repo: Support hardlink conversions from bare-user to bu-only
lib/pull: Add OSTREE_REPO_PULL_FLAGS_BAREUSERONLY_FILES
lib/checkout: Add bareuseronly_dirs option
build-sys: post-release version bump
lib/sysroot: Add some g_prefix_error() for ostree_sysroot_cleanup()
lib/pull: Extend BAREUSERONLY_FILES flag to HTTP requests
lib: Split symbol versioning into -released and -devel
checkout: Fix SELinux policy labeling when recursing
tests: Fix previous commit for selinux testing
build-sys: Add "release build" flag, use for symbol versioning
Release 2017.7
Daniel Drake (2):
libtest: allow committing to alternative branches
Allow commits to mark refs as EOL, replaced by others
David Shea (1):
lib/repo: Fix annotations for out parameters
Jonathan Lebon (6):
pull: complete detached meta fetch before scanning
PAPR: migrate to the new name
checkout: don't apply SELinux labeling in user mode
checkout: also chmod in the user checkout case
manual: document bare-user-only repo mode
basic-test.sh: explicitly check for uncompressed objects
Krzesimir Nowak (1):
lib/sysroot: Document the NO_CLEAN flag
Owen W. Taylor (1):
lib/repo: Don't copy xattrs when manipulating the GPG keyring
Philip Withnall (16):
lib/remote: Add a getter for OstreeRemote.name
lib/remote: Add internal annotations to OstreeRemote
lib/remote: Add arguments to internal OstreeRemote constructor
lib/repo: Add return value to _ostree_repo_add_remote()
lib/repo: Make ost_repo_remove_remote() available internally
lib/remote: Fix compilation with --enable-experimental-api
build: Use AM_TESTS_ENVIRONMENT rather than TESTS_ENVIRONMENT
lib/repo: Reindent some code in regenerate_summary() for clarity
lib/pull: Fix a typo in a documentation comment
lib/pull: Simplify a for-loop initialisation
lib/pull: Drop some trailing whitespace
lib/pull: Fix an over-indented block
ostree/dump: Improve formatting for well-known commit metadata keys
lib/repo: Omit deltas from the summary file if there are none
lib/fetcher: Add cleanup function for OstreeFetcher
lib/pull: Fix construction of a refspec to use the correct separator
Tristan Van Berkom (1):
ostreee-version.h.in: Added Since: version annotations
Git-EVTag-v0-SHA512: 5115bcfa837cf59ed3672f5c7717796091ce2e88eb3ecb75148d14055246529afc2206d8e02540d2f6cb0254bee4d29506b47dbd65212f5a0b14a846f1cc986e
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJZR/ALExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwsj
Fwf+J5XIzBg7EWZOvM46tJsIz4SheSC0ULEIOT497S25mZepMUbyWfp5eS1pgr8O
daj/tUwRqWjC84kTF6lo0ChBahQl6d+QFQsC8HYdyKfBgnIfVOEkKfdea5Q2Syed
Ox/ntiPUDdO1bUZ+72X6TpQGaBhV1XfL8l9GT91ZCRgQ22yt3i0hdiAJOX+ka0ix
bD3Dy1LQz/CieUz7ViAMHWxZvva42a+ybKdzgX2r0W9Ci6NXXysOSMtKXCzoNyZl
rf0lzpmx0LpddICUEkn07uSoC2y9Yep8JRH4UKJ5vdbP3h76D1cMckRwNvYvtsjO
vapkPL9pqn/Fv2Rr/oNY3WPJ5w==
=IYbt
-----END PGP SIGNATURE-----
2017.6
One of the most notable changes in this release is that we switched
to using a systemd generator for handling /var, which means admins
can now set it up as an explicit mount point. We feel pretty confident
in the code, but do test your specific setup. One note in particular;
the new model (obviously) requires systemd, and while we tried to preserve
the non-systemd path, it wasn't explicitly tested.
Issue: #855
The work to port to a new code style continues rapidly; at this point
most of the library is converted, with just the command line remaining.
I think the new style is a lot more readable now that we rely fully
on __attribute__((cleanup)).
Philip Withnall contributed changes to enhance the OstreeAsyncProgress
reporting API, which I think is going to be quite useful for user
interface frontends (like GNOME Software).
PR: #819
There's a smattering of smaller bugfixes; minor memory leaks, double close()
and the like. In this cycle we also beefed up our CI/testing more - we
now test both Fedora Atomic Host and flatpak more explicitly. Contributions
to extend the suite to other distributions would be appreciated; for example,
tests for ostree-as-host on Debian. Our Travis-executed tests
should be extensible.
Thanks to Dan Nicholson for also fixing some of the test suite for installed
tests, and also contributing introspection fixes for language bindings.
Another feature that involved a lot of internal changes is our handling
for /etc on SELinux-based systems. We now label files as we go rather
than having a more fragile separate relabeling path. This is also
exposed as an API, which is used by rpm-ostree now. I think this
particular change highlights the strength of "libostree" as an API
that can be reused by higher level systems.
PR: #797
Thanks to all contributors!
Colin Walters (62):
pull: Support deltas for explicit commits
checkout: Fix bare-user symlink checkouts
Bump release for 2017.5
lib/boot: Convert bootconfig parser to new code style
sysroot: Continue conversion of some simpler functions to new style
cmdline: Start conversion to new code style
repo: Optimize bare-user content object reads a bit
repo/checkout: Finish conversion to new code style
lib/cleanup: Port some of the cleanup code to fd-relative and new style
repo: Add a "force copy" flag to checkout
lib/core: Complete conversion to new code style
Rename "osname" → "stateroot"
lib/util: Delete some leftover pre-libglnx directory opening functions
repo: Drop unused cache variables leftover from pack files
repo/checkout: Cache lookups of dirmeta objects
checkout: Merge union/add logic for copies during checkout
tests: Factor out a libtest-core.sh
tests/installed: New installed, privileged tests using Fedora AH
checkout: Add SELinux labeling for checkout, use in deploy
repo: Port object listing func to use libglnx more + new style
repo: More porting to new style
repo: Fix incorrect use of errno() error throwing
lib/sepolicy: Convert to new code style
sepolicy: Cache the value of is_selinux_enabled() to work around bug
lib/checkout: Use TEMP_FAILURE_RETRY()
ci: Add a context for testing flatpak
ci: Fix flatpak test pkg install
checkout: Dedup calls to memcache ref
repo: Delete the last use of GFile tmp_dir
tree-wide: Convert to using autoptr(GString) vs g_string_free(...,TRUE)
Add --enable-installed-tests=exclusive, fix installed case
utils/checksum: Port to new code style
fsck: Check for refs missing corresponding commit
tests: For installed, s/test-/itest-/ to avoid in-tree name clashes
tests: Migrate test-pull-many.sh to installed on FAH
ci: Extend FAH rootfs for installed tests
ci: More flatpak ci fixes
ci: Move travis scripts from tests/ → ci/
diff: Port some to new code style
sysroot: More porting to new code style
checkout/commit: Use glnx_regfile_copy_bytes() if possible
lib/prune: Complete porting to new code style
lib/checkout: Move special case for subpath of file to toplevel
lib/checkout: Optimize checkout by avoiding OstreeRepoFile recusion
repo: Fix double close() in summary generation
lib/repo: Port more of GPG and summary functions to new code style
checkout: Plug a memleak of the state stringbuf
tree-wide: Switch tabs ⭾ in various files over to spaces ␠
lib/checkout: Fix regression in subpath for regular files
remount: Drop support for auto-tmpfs-on-var; use systemd.volatile=state
lib/remote: Box OstreeRemote if experimental-api
lib/repo: Fix double close()
switchroot/remount: Trim set of remounted filesystems
switchroot/remount: Check mount status before remounting, be verbose
Switch to using a systemd generator for /var
tree-wide: Add a few missing O_CLOEXEC
lib: Add "open dfd iter handling noent" helper, port tree-wide
lib/upgrader: Port to new code style
build: Use cd $(srcdir) instead of `git -C`
switchroot/generator: Add var.mount to local-fs.target.requires
lib/pull: Port some functions to new code style
Release 2017.6
Dan Nicholson (5):
pull: Fix crash specifying override URL in summary fetch
commit: Mark ostree_repo_transaction_set_ref* checksums nullable
pull: Allow additional HTTP headers for summary fetch
tests: Install libtest-core.sh with installed tests
tests: Look for trivial-httpd in $libexecdir
Francesco Giannelli (1):
switchroot: Document a bit more, add demo shell implementation
Jonathan Lebon (2):
tests/ci-commitmessage-submodules.sh: fix for RHCI
libglnx: bump and use new helper methods
Krzesimir Nowak (1):
apidoc: Add missing enums to sections file
Philip Withnall (22):
ostree: Use G_OPTION_ARG_FILENAME where appropriate
tests: Ignore some standard automake check output files
libostree: Rework OstreeAsyncProgress to use GVariants internally
libostree: Add multiple getter/setter support to OstreeAsyncProgress
src: Port to new OstreeAsyncProgress atomic API
libostree: Allow OstreeAsyncProgress:status to be set atomically
libostree: Get and set OstreeAsyncProgress:status atomically
libostree: Fix a typo in docs for ostree_repo_pull_with_options()
libostree: Add missing checks for invalid timestamps
libostree: Fix potential use of uninitialised memory in progress API
libostree: Ensure progress keys are all always set
libostree: Add some additional metadata to the summary file
libostree: Document endianness of GVariant metadata types
ostree: Add --view mode to `ostree summary`
ostree: Improve formatting for well-known summary metadata keys
ostree: Use #defines for well-known metadata key names
tests: Add a test for `ostree summary --view`
tests: Fix regex escaping in test-summary-view.sh
build: Add --enable-experimental-api configure option for unstable APIs
libostree: Expose $OSTREE_FEATURES in the pkg-config file
libostree: Make OstreeRemote a public and internal API
build: Add -C arguments to some git invocations
Sjoerd Simons (1):
repo/commit: Fix memory leak
Git-EVTag-v0-SHA512: 47a502039ce8abaa83e5872560846d592fc5e38557a190c3b1101f7ea245a3eeee21be8b9aa39c1ab163dc30072d7ef495b26ba18388d4216421b73e3dfd9372
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJZHMGOExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwt9
LQf/Vu7fVSmtfrlQV6j+uaWeg2sEcYjValgk517aksWBaMlacGbvlYf8N6PESYPv
RcXbv4uNAvHOLKck5yU8iT633f3QpW2gei/IvqIYrV25ePJGhODRs7qGwjkKVVy8
BjEf80AcX/0HT6HGyX0CYLsVJJ8Hg6QSM3dzSMBaqMeWx1HnAK/2pWFQAssUfqRh
6UWWjZfCzW809RqY2efy7nJXDfHDoB4sEFDM8CGs12kQ4tcPJqp6kjMHcuXfC8v9
XZh48yfHb/6o3En4ZTd8cUR7nB5nItnFp+AwXOje7VQa8o2vyiUWvZ8InVJj6/Fx
wZfYgbOcDCfqp++WzsZNhaajBg==
=+xRv
-----END PGP SIGNATURE-----
2017.5
2017.4
A notable new feature in this release is a fourth repository
mode: "bare-user-only". This is very similar to bare-user, but
canonicalizes permissions and ignores xattrs. The intended
use of this is for "non-OS" container tools such as flatpak, where one
intentionally discards the traditional file ownership.
(I'm calling this container case "non-OS" to distinguish from other container tools
where one might want to "log in" via PAM and supporting distinct UIDs
inside a single container is valuable)
More information: #750
We have a few new APIs, such as ostree_check_version() which is
important when making use of some of the "API extensions" we have
using GVariant on e.g. ostree_repo_pull_with_options().
The diff is a bit larger due to us switching to a new code style.
Another quite important change is that ostree trivial-httpd is
disabled by default. With a libcurl build, this is the last part
that links to libsoup. It's only needed for unit tests, so can
be subpackaged or discarded. (We're doing the latter for Fedora)
Speaking of curl, we now support --with-openssl which enables
using OpenSSL's libcrypto for SHA256. This can be notably faster.
You likely want this if e.g. libcurl is already linked to OpenSSL
for you. I'm increasingly confident in the curl code, and should
be ready to recommend using it by default in the next release or
two.
Thanks to all contributors!
Alexander Larsson (4):
Add _ostree_repo_mode_is_bare helper
Add bare-user-only repo mode
commit: Add --canonical-permissions argument
Add basic tests for bare-user-only repo modes
André Klitzing (2):
Avoid unnecessary includes
Fix includes if built against musl
Anton Gerasimov (1):
Define TARGET_PREFIX to use with grub2 deployment
Colin Walters (46):
Disable "ostree trivial-httpd" by default now
core: Add runtime ostree_check_version()
builtin/show: Convert to direct return/decl-after-stmt style
pull: Squash a `-Wmaybe-uninitialized` warning
lib: Exclude soup header from introspection
lib: Squash most of the gtk-doc warnings for missing parameters
lib: Add a private copy of checksum-instream
core: Support building with OpenSSL for checksums
sysroot/deploy: Some cleanup to decl-after-stmt/return FALSE style
sysroot: Prep refactoring of cleanup logic
build: Quiet automake warning for bupsplit
build: Various fixes for openssl build
Bump libglnx, port a few callers to new error API
sepolicy: Add ostree_sepolicy_new_at()
sepolicy: Add better private API for setfscreatecon
cfg.mk: Add a syntax check for a redundant : in glnx_throw
repo/refs: Convert to new code style
sysroot: Add ostree_sysroot_write_deployments_with_options()
core: Convert some functions to new code style
build: Dist ostree-sepolicy-private.h
commit: Prefix error with target object name on failure to write
repo+tests: Add [core]disable-xattrs=true, use it on overlayfs
pull: Also skip partial commits for deltas if no summary file
ci: Enable -Werror=unused-result with -Wp,-D_FORTIFY_SOURCE=2
sysroot: Don't cache sepolicy
repo/commit: Change most of this file to new code style
build: Expose autocleanups unconditionally, start using them
lib: Fix OSTREE_CHECK_VERSION()
lib: Delete old GFile path helpers, and migrate single last user
lib: Delete old unused GFile helpers
libutil: Delete unused threadpool wrapper
libutil: Delete unused GVariant I/O functions
libutil: Delete some unused checksum helper API
libutil: Delete some unused error handling APIs
Add Coccinelle usage: one for blacklisting, one for patch collection
sepolicy: Fix regressions from introduction of sepolicy_new_at()
Add flag to make SELinux label failure fatal, add hack for /proc
ci: Add a check that submodule changes include "Update submodule: "
core: Fix default value of disable_xattrs
repo/core: Convert some functions to new code style
soup: Hold a ref to the pending URI during completion processing
sysroot/deploy: More code style conversion
curl: Enable pipelining for HTTP/2
Fix a few gtk-doc warnings
checkout: Provide useful error with checkout -H and incompat mode
Release 2017.4
Daniel J Walsh (1):
sysroot/unlock: Ensure overlay label on /usr is `usr_t`
Erik Larsson (1):
diff: Add ostree_diff_dirs_with_options(), expose via cmdline
Georges Basile Stavracas Neto (1):
libostree: add versioning macros
Git-EVTag-v0-SHA512: 71f0649308f04f15eb6a22b4b34c2804d680d5870dd3b6391079fa2be6c0f4df74e7ed4f8abbb461104ad23707ecf38587b187a8bd240a9979e4800c13efce78
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJY7npbExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwuu
tAf+OodLq6R8wuDDJUwOHTHTPlaCW5fZn/MEm3IIpeX7A3Cnr3+t6ZgY4LBtc22Q
w3eHCoHMC181Xr6Rz3RtncRXtMJyvQjanLXDdTCJomkNEi4e4YngMLO1wqQ/5gY+
Dcgo8/u4n5lM9ns5rSxDZ3U+kSkkfVWwkTbDlBYpn5hnrW27k/OSbN4uXqCccjTE
LMRuniUqFaNSy1ia2Sr//6znpoYlaFfL30VEL9GJlvkxsg8c0ToCwnuzcvMP1mM4
SY3noj1LqZ+nVtBTRWDdpY666CdgzPm30OxssVL8fdtXN1MBIWQVBsNmkAvRhFjJ
sRaWwbjxsdQ0TXOmZuaJj3WQrQ==
=iIP/
-----END PGP SIGNATURE-----
2017.3
A variety of small fixes here. One of the most notable things is
the static delta progress computation is now more accurate; this should
make it easier to write a user interface consuming libostree that displays
how much will be downloaded before initiating it.
Related to this, ostree admin upgrade gained --pull-only and --deploy-only
which makes it easier to write e.g. a systemd timer unit that does background
pulls, but only do a deployment (i.e. upgrade) on administrator/device owner
action. A bit more information in #642
and #640
There are two API additions - it's now possible to configure the progress UI frequency
and the zlib compression level.
Besides that, there are a variety of smaller fixes. My favorite is probably
a small fix for grub2 on ppc64,
so we now have fedora/26/ppc64le/atomic-host.
Thanks to all contributors!
Christian Hergert (1):
repo/checkout: fix 32-bit builds
Colin Walters (28):
deltas: Don't put unreadable *from* objects in fallback
delta-show: Don't dump whole superblock, do show fallback checksums
repo: Fix static delta progress display
pull: Explicitly error out if metadata objects are fallbacks
pull: Fold together deltapart+fallback count for display
ci: Install PyYAML
lib: Ensure an error is set in ensure_unlinked() if errno != ENOENT
libtest: Re-enable quiet mode for building fs tree
README.md: Add more/clean up links to consuming projects
libglnx: Re-bump to master due to accidental reversion
ci: Hard error on all -fsanitize=undefined warnings
build: Add --with-smack, use it to reset contexts for writing objects
main: Make ostree --version output YAML (and add gitrev)
deploy: Correctly use libmount unref() calls rather than free()
man/repo-config: Document mirrorlist
tree-wide: Squash noncritical compiler warnings
deploy/libmount: Fix build with old util-linux 2.23 (CentOS7)
fetcher: Log failures into journal
upgrade: Add support for --pull-only and --deploy-only
grub2: Use g_spawn_sync() rather than GSubprocess to avoid SIGCHLD
grub2: Use "linux16" only on x86/x86_64
pull: Use all available commits for delta sources
fetcher/curl: Fix leaks caught by ASAN
Allow and start using C99 declaration-after-statement
repo/checkout: Verify early if src/destination are on same device
checkout: Support a "pure addition" mode
repo/checkout: Convert a few functions to new "stmt-decl/FALSE" style
Release 2017.3
Gatis Paeglis (1):
deltas: Expose the filename parameter
Georges Basile Stavracas Neto (2):
repo-pull: add option to set the async update frequency
ostree: allow setting update frequency from command line
Giuseppe Scrivano (1):
contrib/golang: rm directory
Jonathan Lebon (2):
pull: don't use static deltas if archive repo
libglnx: bump for -Wmaybe-uninitialized fix
Philip Withnall (2):
build: Fix disabling --enable-man if xsltproc is not available
libostree: Allow compression level to be set for archive-z2 stream
Git-EVTag-v0-SHA512: 55adebf589a0f2115f0ab3cb3f69b42ba3a08c19b3bf54580c437ac08e336651d54849666ab5718e466bdc99bbbaedca79f91619d6e5db3a0f15849029d33cfe
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJYwa5GExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwvT
ywf/dTxmhHzODOw1cCx+OIb7kNf5THsxfz58RR+mhglzt26pNcoo+qKmSbRafHLi
n7+lt5U3VxucqLqPnxbEgj/1r6LzKZ5ZKyqXivsouSLv/leBm/cIeR1s/6JxL8N1
CHc6v9/AG7U4W9USYhy/PSf8PM1M0RbyeCXRi+tfvIfQRDyVo8JY3VBXxbm9YX3T
rY0GT35yHbbY9J+nMhJvi5jqKuiGa86OvT+pYmOUXIfaD54wmjLwoGGDyXh7Zhnb
rhLCNMe8hXM5PTWoidYloczTkwcw2HiKxS0olb1+hHTekSdOEsS86SxMst9JLXu3
0eTaFMNlKKf26LKYliV4jUI0mA==
=8CIL
-----END PGP SIGNATURE-----
2017.2
First, this release renames the project to libostree. This best matches
the current usage of the code, where different projects act as client tools.
More information in the pull request.
However - if you're a user of ostree admin upgrade; don't worry, it will
continue to be maintained and there are improvements in the pipeline.
It's possible that there will be an effort to have a "canonical" ostree
client-side daemon in the future.
Moving on, there are some smaller bugfixes and enhancements in this release,
and two big new build-time options.
--with-curl: We now support libcurl as a HTTP backend. This passes all of the
existing tests, and is suitable for evaluation by downstream consumers. Please
give it a try, and it's likely we'll classify it as equally stable as the
libsoup backend within a release or two. Among other features, the libcurl
backend can speak HTTP/2, which can result in substantial speedups in the
non-static-delta case. Another motivation for this is that for rpm-ostree we
already depend on libcurl, which also links to OpenSSL in Fedora. Whereas
libsoup->glib-networking->gnutls, so with this change we'll drop gnutls too.
PR: #641
--enable-rust: This is an experiment in following a similar plan to what Firefox is doing with
Rust. When this build time option is enabled, a very small bit of libostree (the
rsync-style rollsum code) is in Rust, and linked statically into the rest of the
library. There are no plans right now to make this a hard requirement in the
near future. Please let us know if a dependency on Rust would be
a blocker for your usage of libostree. Or conversely, if using Rust is exciting
for you and would make you more likely to contribute, please also let us know that!
There's more information in the pull request.
Thanks to all contributors!
Alexander Larsson (1):
rofiles-fuse: Support write/read_buf()
Anton Gerasimov (1):
admin-switch: Don't segfault if there's no remote
Chen Fan (1):
doc: fix typo in CONTRIBUTING
Colin Walters (19):
lib: Adjust comments in symbols section for last release
lib: Prefix GPG errors with the checksum
travis: Disable tests (but keep builds) on flaky distros
lib: Move the bupsplit selftest into our test framework
tests: Add setup for more realistic repo, change pull-many to use
Rename to libOSTree
oxidation: Add implementation of bupsplit in Rust
packaging/: Delete
lib: Add ostree_repo_reload_config()
rust: Support `make dist` -> cargo vendor
repo: Add archive/zlib-level option, drop default compression to 6
pull: Add queuing into the higher level logic
fetcher: Drop the libsoup queue
pull: Show Estimating if we're scanning too
libcurl backend
libglnx: Bump
commit: Support -F/--body-file, like git
build: Remove .PHONY for Rust shared library
Release 2017.2
Jonathan Lebon (4):
trivial-httpd: trivial option help string fixes
docs: update pulp_ostree link
trusted.gpg.d: keep in the same location
fetcher queue: also throttle on outstanding writes
Krisztian Litkey (1):
libostree: added empty ot_cleanup_{read,write}_archive macros.
Philip Withnall (1):
ostree-repo: Clarify error behaviour of remote option getters
Simon McVittie (1):
libostree: Don't distribute generated enumtypes in tarballs
Git-EVTag-v0-SHA512: 1191007c2417ecaae5eded9453e830f1e91532360d44a9d4e9a845ab62491863e0ad1a20437d476172d6867a4b0548ca89ad5715b802c2a9e0f6d53f62f812a8
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJYo0urExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwsi
xQgAgqh6Ncfdalon2ib1RHYzVEl4lqGz+cVRZGCZAl7bdwx8HbAfbS2lGnrSG6RA
o97/Q9rtOfnMjsjFWQpwxt56DXu7s/ULthGOjw7y0f5gp8e2sPcbnbQdOxI9wnyU
v1JjiKD8QmO5u1Dj6rLIMi5WmQFAEsU6TPUcJw95KBHc4e0n9MVfy3gJZV/MO51Y
uT6qAa4MNl3O9Inos4JOqLDYnSLHkLquVqGvebOuRiJfhIcH9BLPsXGe5CWwUTe3
1KVN5lGD0wnBawCnsZiJw7iVG5Nb3lHEz3qIyfVZH2b+eq3gqt+EpXCOia7WeUz8
qfl84nExhadLEhbrGLtl+QpeRw==
=8xvm
-----END PGP SIGNATURE-----
2017.1
This release has mostly bugfixes, the main new feature is that the prune
command gained more sophistication around selectively pruning branches. We're
planning to use this in Project Atomic work where we want to co-locate both
"development" and "stable" branches in the same repository.
The next release is likely to be more exciting, as we have an additional new
libcurl backend in the works - this release contains some preparatory cleanup
for that.
Thanks to all contributors!
Colin Walters (19):
docs: Fix ostree.version -> version
fetcher: Hoist core "mirrored request" API to public
fetcher: Move high level functions into "fetcher-util"
fetcher: Split lowlevel API into file/membuf variants
build-sys: Minor makefile tweaks
Split trivial-httpd into separate binary
pull: Rework delta superblock fetches to be async
trivial-httpd: Daemonize better
.dir-locals.el: Standard Emacs indentation config
unlock: Fix description for --hotfix
tests: Alias assert_not_reached() -> fatal()
pull: Fix theoretical checksum collision for metadata fetches
fetcher: Rework API to use strings for tls keys/db
tests: Don't inject newline in URL
tests: Loosen error regexp
libtest: Enable web server logs
Add support for more selective pruning
tests: Add a big (many objects) pull
Release 2017.1
Dan Nicholson (3):
repo: Fix indentation
repo: Fix object list keys ownership
repo: Fix list_objects annotations
Mario Sanchez Prada (1):
static-delta: Pretend that world unreadable objects are new objects
Paul van Tilburg (1):
admin: Use execlp() to look for systemctl as the shell would
Simon McVittie (3):
Fix TAP syntax in test-basic-user.sh, and run it
Sourced test snippets: remove shebang and make non-executable
Make corrupt-repo-ref.js executable
Git-EVTag-v0-SHA512: f6a195f995f2269a3312aa57dea7e575cfd38030dc6237590b1c00ebf117666604a149b864a60ab5685d4384b07661dce1960a4d0d230697046ac48e73b7ccfc
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJYhm+2Exx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwtM
gQf+PDEGF6JSj82cpfm9j6ghqhUULgiJWS96zR3Y+QGJuyUG12vhh4G+oXgWZ6PC
N8bInWnylzYNYVvfHx8DErIi+GZrILYgDDo2yV+C3GRUUY6POZmTO1NyzPAVDbMV
p/qYKj3w2a5LeZXbl8+hoL/sNcrrpzKJwNdL4j4c5sxhkSrlGtNNVgtkPA+qIUXv
9HolOoa5/JWY1mL8d31US3cOzSFswJPd6M8kki3kqCdTozpD82WbICiWazXepyuS
NdG5V6l7oosYtwcv/TKqo05Omu+DFQd7CoJEKuvZpbLgrwtO7rINvRDXJPvuEEb7
sdYOzUax1YhkgvemDBSLHkyEWg==
=Rwxg
-----END PGP SIGNATURE-----
2016.15
This release is mostly bugfixes - for example, it cleans up the vast
majority of memory leaks caught by ASAN. We also build without
libsoup again, which is preparatory for a potential addition
of a libcurl HTTP backend.
Another notable change is that we now always checksum individual
objects even when applying static deltas, regardless of whether or not
the summary file is signed. This is part of an ongoing thread about
supporting OCI as a transport layer.
Alexander Larsson (5):
pull: scan_commit_object() - don't load variant twice
ostree-repo-traverse: Don't leak floating GVariant
pull_with_options: Don't leak csum_v
pull: Don't leak delta superblock variants
delta compilation: Fix leak
Colin Walters (34):
[ASAN] delta compilation: More leak fixes
[ASAN] deltas: Fix minor memory leak
[ASAN] cmdline: Fix minor leak in delta cmdline entrypoint
traverse: Use g_hash_table_add
[ASAN] sysroot: Fix leak/double free of keyfile origin
[ASAN] metalink: Fix leaks of buffer
[ASAN] bootconfig: Drop a pointless strdup in parser
[ASAN] set-origin: Squash a leak
[ASAN] tests: Fix leaks
Define and use cleanup helpers for libarchive
[ASAN] tests: Cleanup all current remaining leaks
tests: Use G_DEBUG=fatal-warnings here too
tests/keyfile-utils: Drop tests covering preconditions
lib: Always checksum content in deltas
pull: Write .commitpartial for local pulls first too
lib: Remove unused ostree_metalink_get_uri()
tree-wide: Use g_hash_table_add() where applicable
ci: Make all ci tests gating for Homu
build: Add more default errors
lib: Ensure we use _GNU_SOURCE in enum templates
fetcher: Define an abstraction over SoupURI
build: Make libsoup optional again
[ASAN] sysroot: Squash a leak in lockfile acquisition
build: Always do enum scanning now
tree-wide: Switch to autoptr for GOptionContext
build: Error if glib isn't found
repo: Add unconfigured-state to remote config options
Skip gjs-based tests if ASAN is enabled
tests: Tweak installed tests to deal with ASAN
ci: Drop sudo installed tests
ci: Combine UBSAN and ASAN by default
lib: Squash last use of GFile deltas_dir
ci: Rebase to f25
Release 2016.15
Dan Nicholson (1):
repo: Fix annotations for remote_fetch_summary functions
Jasper St. Pierre (1):
ostree-repo-traverse: Remove an accidental print statement
Mario Sanchez Prada (1):
man: Mention bare-user in manpages, along with the other modes
Simon McVittie (13):
build: clean up ostree-remount if building without systemd
ci-build: consistently use yes/no for booleans, not yes/empty
ci-install: add ci_distro
travis-ci: put an explicit copyright/license on the scripts
travis-ci: Use a non-ostree-specific name for the Docker image
travis-ci: Move helper function to before we start building anything
travis-ci: cat the test log after successful test runs
travis-ci: Run `make distcheck` too
travis-ci: Use "slim" Debian image for testing
travis-ci: Enable stretch (the future Debian 9), replacing unstable
travis-ci: document parameter variables
tests: prepend to an existing LD_LIBRARY_PATH, GI_TYPELIB_PATH
Terminate individual tests after (10 * $TEST_TIMEOUT_FACTOR) minutes
Git-EVTag-v0-SHA512: 18060109c2493e6a1524e293c8a664b4a8da1f23c6b25761083fc50f806aa06911d8d58171fa2985909ea1e33a011c7d3e0dc824cda54b4699fe8b04e0a1a00d
-----BEGIN PGP SIGNATURE-----
iQEwBAABCgAaBQJYTuJtExx3YWx0ZXJzQHZlcmJ1bS5vcmcACgkQ3EX9WSHBPwsN
DQf/cMQmtVotFK81Lu/NuebOPaKJtaB0gx/TDW0ODJuPO15PTVYBbDLfFwIg4cCG
KtiKp4YVGBeBjK04lLNovrpcZts7xfrRIrUiprAzPfbmDciEChg9LGUEz5WfcI+b
s88Lg+3OHDZbI3M3vdAu9nX02M8Go80lkUshG/SEnAruZg2Kis8l3ciiShKylSVr
X7Ndp3IOHKnut03jcI6SK9BGpSbCx5CHatYnvExYq50DXptWLr9CfQitGDiBtdVk
fMTvSSeZMJSnAp56y0KdentJiRePbYeAyhAUPTrNpgTxlt0WUJeh58qlmV2AHA7l
GUbFLVNinNfOVCS30TmPIADMeA==
=8Pnb
-----END PGP SIGNATURE-----