Skip to content

Tags

Tags give the ability to mark specific points in history as being important

  • v2020.7

    32a3a129 · Release 2020.7 · 
    Release 2020.7

Static deltas can now be signed to more easily
support offline verification.

There's now support for multiple initramfs images;
the idea here is that one can have a "main" initramfs
image and a secondary one which represents local
configuration.

The documentation is now moved to https://ostreedev.github.io/ostree/#

A lot of preparatory cleanups to the pull code landed
for upcoming work on indexing deltas outside of the summary.

On the bugfix side, the biggest one is a fix for
an assertion failure when upgrading from systems
before ostree supported devicetree.

Also notable is that ostree no longer hardlinks zero
sized files to avoid hitting filesystem maximum
link counts.

```
Alexander Larsson (17):
      list-deltas: Don't break on non-subdir entries
      Fix leak when signing
      pull: Break out _ostree_repo_save_cache_summary_file() helper
      pull: Actually mmap summary files
      Add and use ot_checksum_bytes helper
      deltas: Break out _ostree_repo_static_delta_superblock_digest() helper
      Break out the signature verification code into a helper function
      fetch_summary_with_options: drop unnecessary "goto out" use
      Add g_autoptr helper for pushing a thread default main context
      repo_remote_fetch_summary: Use GMainContextPopDefault
      Inline repo_remote_fetch_summary
      Minor cleanup of _ostree_repo_remote_new_fetcher()
      ostree-repo-pull.c: Extract mirrorlist generation to helper
      Update the symbols files to match that we're now on 2020.6
      ostree_repo_find_remotes_async: Fix leak of summary
      fetch_summary_with_options: Fix n-network-retries option parsing
      signatures: Fix leak in _sign_detached_metadata_append()

Colin Walters (10):
      Post-release version bump
      ci: Drop var mount test
      deploy: Add some error prefixing around xattr setting
      commit: Tighten scope of two variables
      checkout: Ensure copies of unreadable usermode checkouts are readable
      deploy: Remove deployment bootcsum assertion
      delta: Some minor code style fixups
      checkout: Don't hardlink zero sized files
      libglnx: Bump to master
      Release 2020.7

Frédéric Danis (12):
      lib/deltas: Add inline signature for static-delta superblock
      bin/static-delta: Add support to sign superblock
      lib/deltas: Add signature check API for static-delta superblock
      bin/static-delta: Add command to verify delta signature
      lib/deltas: Support signed delta in execute_offline
      lib/deltas: Support signed delta in dump
      tests/delta: new tests for signed deltas
      tests/libtest.sh: Add skip_without_sign_ed25519() function
      tests/delta: new tests for 'ed25519' signed deltas
      lib/deltas: Check signed delta in execute_offline
      bin/static-delta: Add signature parameters to apply-offline
      tests/delta: Add new tests for applying signed deltas

Jonathan Lebon (8):
      Makefile-libostree.am: Uncomment BUILDOPT_IS_DEVEL_BUILD conditional
      lib: Minor versioning related fixes
      lib/bootconfig: Add support for multiple initrd keys
      lib/deploy: Add deploy/stage APIs with options
      lib/deploy: Add support for overlay initrds
      Add Packit integration
      lib/deploy: Don't leak fd when checksumming dtbs
      ci: Make Packit ignore downstream patches

Phaedrus Leeds (1):
      Avoid shadowing local variables

Philip Withnall (3):
      lib/repo: Add mode and tombstone config options to the summary file
      lib/pull: Read mode and tombstone options from summary file if possible
      ostree/dump: Fix a memory leak

Timothée Ravier (7):
      docs: Add Jekyll and theme config
      docs: Update Index page
      docs: Update Contributing and tutorial pages
      docs: Move and update pages from the manual
      docs: Move historical README to the docs
      README: Update and mention new docs
      docs: Fix URL in Jekyll _config.yml
```

Git-EVTag-v0-SHA512: d6f38b96bc9385bf89f347300967b53709be34d2bad9b78eecd7f5ae5c1bcadb18daca38576d65d325279d0bc77488fe49524c39114e3b2b05a7fe6eb24ac704
    Unverified

  • debian/2020.6-1

    b892da09 · Release to unstable · 
    ostree release 2020.6-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/2020.6

    12212491 · New upstream version 2020.6 · 
    Upstream version 2020.6

  • v2020.6

    5d2183f6 · Release 2020.6 · 
    Release 2020.6

One notable feature: ostree now supports `/` and `/boot` being on the same filesystem.
I know this has been a long time coming and often demanded - thanks to everyone
who contributed, but particularly @wmanley who even did two separate implementations to
better compare the advantages/disadvantages!
PR: https://github.com/ostreedev/ostree/pull/2149

Other than that it's mostly bugfixes; there is one quite important one for anyone using the `readonly=true` for `/sysroot` (which is still just Fedora CoreOS I suspect).

There's some improvements to the GObject Introspection metadata, some (cosmetic) static analyzer fixes, a fix for the immutable bit on s390x, dropping a deprecated bit in the systemd unit file, etc.

Thanks to everyone who contributed!

```
Colin Walters (11):
      Post-release version bump
      tests/inst: Bump to latest ostree and gtk-rs
      pull: Assign idle_src variable before calling unref()
      prepare-root: Remove unused variable
      admin/pin: Enforce that index is a number
      tests: Check the immutable bit
      linuxfsutil: Pass int to ioctl, not long
      tests/inst: Port to new sh-inline repo
      tests/inst: Update to published sh-inline crate
      Release 2020.6
      Post-release version bump

Felix Krull (2):
      lib: add some missing version tags
      lib: mark out parameters as out parameters

Jonathan Lebon (4):
      configure.ac: Set is_release_build=no
      ostree-prepare-root: Fix /etc bind mount
      ostree-remount: Remount /etc rw if needed
      ci: Temporarily import kola test from jlebon's FCOS fork

Matt Bilker (1):
      Fix mkinitcpio with newer systemd versions

Simon McVittie (1):
      boot: Replace deprecated StandardOutput=syslog with journal, etc.

William Manley (2):
      Refactor tests/bootloader-entries-crosscheck.py
      sysroot: Support /boot on root or as seperate filesystem for syslinux and u-boot

```

Git-EVTag-v0-SHA512: 87bbc042f89d96c9cdeb46853289fb816047532ce7061014e933b215bb5b97fb816472e532236866144f174e31dab5883eed753d7ebba07854532c657b6005b7
    Unverified

  • debian/2020.5-1_bpo10+1

    bdeddd12 · Rebuild for buster-backports · 
    ostree release 2020.5-1~bpo10+1 for buster-backports (buster-backports)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • debian/2020.5-1

    772b65fe · Release to unstable · 
    ostree release 2020.5-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/2020.5

    deefe62f · New upstream version 2020.5 · 
    Upstream version 2020.5

  • v2020.5

    8715989d · Release 2020.5 · 
    Release 2020.5

This release primarily fixes a regression in 2020.4 where the "readonly sysroot" changes incorrectly left the sysroot read-only on systems that started out with a read-only `/` (most of them, e.g. Fedora Silverblue/IoT at least)
Link: https://github.com/ostreedev/ostree/pull/2160/commits/33eeb7b9ebd858c0246a9155b7a64b9f8a258583

One thing *not* fixed in this release that also changed in 2020.4 is that if you were shipping an OS build with device trees before proper support landed in 2020.4, you may need to "ratchet" an upgrade process.  See the linked issue for ongoing discussion.
Link: https://github.com/ostreedev/ostree/issues/2154

There's some additions to the pull API to aid flatpak, and although it turns out those are likely to be obviated by https://github.com/ostreedev/ostree/pull/2167 - we will retain those options in the future.
Link: https://github.com/ostreedev/ostree/pull/2166

There were a few fixes to the man pages, and `ostree show` now displays the parent commit.

The default dracut config now enables reproducibility.
Link: https://github.com/ostreedev/ostree/pull/2170

On the "feature" side, there is a new `ostree admin unlock --transient`.  We expect this to be a foundation for further support for "live" updates.
Link: https://github.com/ostreedev/ostree/pull/2103/commits/f2773c1b55cdcc7eea0558e4f2505d4ecbd53d62

Finally, various CI improvements landed - more testing of FCOS in PXE/ISO, and most notably there's a large brand new test (written in Rust) that exercises a mix of `kill -9` and `reboot -ff` (immediate forced reboots) while upgrading.

```
Benjamin Gilbert (1):
      ci: test FCOS PXE and ISO install

Colin Walters (8):
      Post-release version bump
      remount: Still remount /sysroot writable if not configured ro
      tests/repo-finder: Explicitly commit empty dir
      ci: Fix ISO testing
      ci: Barf on unset umask
      Add "transient" unlock
      tests/inst: Add destructive test framework
      Release 2020.5

Jonathan Lebon (7):
      app: Fix various CLI metavariable names
      lib/deploy: Clean up kargs override handling
      lib/deploy: Avoid shadowing variable
      lib/deploy: Simplify deployment creation
      lib/cleanup: Drop unnecessary GEqualFunc cast
      lib/deploy: Drop unneccessary function arg
      lib/deploy: Clarify comment re. staging API

João Paulo Rechi Vita (1):
      dracut: Create reproducible images

Philip Withnall (2):
      pull: Improve formatting of pull options in documentation
      pull: Add summary-{,sig-}bytes options to ostree_repo_pull()

Stefan Agner (3):
      man: add glossary to main man page
      man: add missing options to the ostree-commit man page
      Show commit checksum of parent, if present

Stephen Lowrie (1):
      ci: add pxe-offline-install testiso scenario
```

Git-EVTag-v0-SHA512: 9459e49ccc4e644f421364b2c95c66cdc535769a884677b977cf74ef23486997d8ce1977892f79bdb4da0ca211e03e3ea81946babd076bcde540659499b76876
    Unverified

  • debian/2020.4-2

    a81fa4ab · Release to unstable · 
    ostree release 2020.4-2 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • debian/2020.4-1

    59c88b47 · Release to unstable · 
    ostree release 2020.4-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/2020.4

    10a6e008 · New upstream version 2020.4 · 
    Upstream version 2020.4

  • v2020.4

    901747f9 · Release 2020.4 · 
    Release 2020.4

By far the biggest change in this release is new ed25519 signing support, powered by libsodium.
See: https://github.com/ostreedev/ostree/issues/1233

`ostree commit` [gained a new `--base` argument](https://github.com/ostreedev/ostree/pull/2059/commits/329a82c57e954392a2b33e60bcb8163892064205), which significantly simplifies constructing "derived" commits, particularly for systems using SELinux.

Handling of the [read-only sysroot was reimplemented](https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077) to run in the initramfs and be more reliable.  Enabling the `readonly=true` flag in the repo config is recommended.

Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on NFS.

[lib: Coerce flags enums to GIR bitfields](https://github.com/ostreedev/ostree/pull/2089/commits/dc69f56de6dab66f7bb4fe66aa203e84efa9676c) changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection consumers (but not C).

A new [timestamp-check-from-rev](https://github.com/ostreedev/ostree/pull/2099/commits/c8efce06564b7adef83994dddb41cd61a030207d) option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS.

Several fixes and enhancements were [made for "collection" pulls](https://github.com/ostreedev/ostree/pull/1973/commits) including a new `--mirror` option.

The `ostree commit` command learned a new [`--mode-ro-executables`](https://github.com/ostreedev/ostree/pull/2091) which enforces [W^R](https://en.wikipedia.org/wiki/W%5EX) semantics on all executables.

A new commit metadata key ([`OSTREE_COMMIT_META_KEY_ARCHITECTURE`](https://github.com/ostreedev/ostree/pull/2121)) was added to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying.

Some [new tests are being written in Rust](https://github.com/ostreedev/ostree/pull/2048/commits/1f637bf34103746ab07f359d5488224134a16a08), and ostree now itself uses the Rust ostree bindings for tests; work on this is ongoing.

The `pull` command learned a new `--per-object-fsync` which restores the original libostree behaviour of `fsync`ing each object as they are written. This makes the overall operation take much longer, but exhibits an I/O latency profile friendlier to neighbouring processes (such as databases) that also invoke `fsync`. This will be used in OpenShift for example, where etcd latency is crucial.

There's a lot in the pipeline, including better handling of the `/boot = /` case, static delta inline signatures, more CI work, etc.

```
AJ Jordan (1):
      Fix typo

Colin Walters (62):
      main/pin: Fix usage of GError
      tests: Rework tests/installed → tests/kola
      tests/kola: Two test fixes
      main/commit: Rework control flow to use --tree=X path
      tests/pull-repeated: Bump up retries to match max fails
      repo/commit: Add support for --selinux-policy-from-base
      build-sys: Print libsodium status at end of configure
      sign-ed25519: Convert some functions to new style
      sign-dummy: Convert to current code style
      signing: Remove g_debug(__FUNCTION__)
      lib: Add error prefixing for sysroot load and repo open
      sysroot: Reorganize sysroot load code a bit
      lib: Squash two gtk-doc warnings
      tests/pull-sizes: Disable xattrs everywhere
      pull: Update key loading function to match error style
      commit: Add --base argument
      OWNERS: add d4s to reviewers
      Only enable "dummy" signature type with opt-in env variable
      lib/pull: Two cosmetic internal function renames
      Change signature opts to include type, cleanup error handling
      ci: Build minimal without libsodium too
      Use `sign-ed25519` for the feature name
      travis: Add some libsodium coverage
      lib: Move internal binding verification API to repo.c
      lib: Move pull struct definition into repo-pull-private.h
      lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
      deploy: Add --no-merge
      finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
      tests/staged-deploy: Cleanup initial state
      signing: Add #define OSTREE_SIGN_NAME_ED25519
      commit: Add --mode-ro-executables option
      ostree-prepare-root: Requires=sysroot.mount
      remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF
      signing: Change API to create instances directly
      tests/staged-delay.sh: New test
      pull: Further cleanup signapi verification
      finalize: Add RequiresMountsFor=/boot too
      ci: Install kola tests
      pull: Only have API to disable signapi for local pulls
      ci: Test for clock skew
      admin-test: Show err.txt on unexpected failure
      pull: Add support for sign-verify=<list>
      Move ro /sysroot bind mount of /etc into initramfs
      tests/kola: Move to tests/kolainst
      Add new Rust-based tests
      remote-add: Default to explicit sign-verify backends
      pull: Add error prefixing with specific object when parsing
      bupsplit: rustfmt(*)
      tests/rust: Extract a with_webserver_in helper wrapper
      commit: Note in help that --base takes an argument
      core: Add OSTREE_COMMIT_META_KEY_ARCHITECTURE
      tests: Add a pre-signed-pull.sh test
      sign/ed25519: Output failed signatures in error message
      signapi: Change API to also return a success message
      libostree-devel.sym: Remove nonexistent stub symbol
      core: Add documentation for ostree_commit_get_timestamp()
      sysroot: Remove unimplemented ostree_sysroot_lock_with_mount_namespace
      tests: Port to Debian autopkgtest reboot API
      tests: Add needs-internet tag for webserver bits
      pull: Also append bytes written
      pull: Add --per-object-fsync
      Release 2020.4

Dan Nicholson (1):
      lib: Coerce flags enums to GIR bitfields

Denis Pynkin (80):
      Add libsodium dependency
      lib/sign: initial implementation
      sign: add new builtin for signing
      sign: allow to sign commits from CLI
      lib/sign: enable verification for pulling
      tests: add test for commits sign/verification
      sign: API changes for public keys and CLI keys format
      builtin/sign: allow to provide the file with public keys
      tests/sign: check public keys load from file
      builtin/sign: remove libsodium-specific code
      sign: fix unneeded objects creation
      sign: fix error return for dummy module
      builtin/sign: remove libsodium dependency
      sign: fixes for ed25519 for loading public keys from files
      sign: check signatures for pulled commits
      tests/sign: add initial test for pulling
      lib/sign: disable mandatory signature check
      lib/sign: add support of file with valid keys for remote
      lib/sign: read ed25519 public keys from well known places
      builtin/sign: allow to sign with keys from secret file
      tests/gpg: skip test in JS if GPG is not supported
      sign: fix memory leaks and code cleanup
      builtin/sign: allow to use multiple public keys for verification
      lib/sign-ed25519: cleanup unneeded code
      lib/sign: public API optimisation
      lib/sign: allow to add keys as base64 string for ed25519
      sign: use common function for loading public keys during pulling
      lib/sign: minor optimisation for ed25519
      lib/sign: add ostree_seign_clear_keys function
      lib/sign: add revoking mechanism for ed25519 keys
      builtin/sign: add option 'keys-dir'
      tests/sign: check system-wide config and revoked keys
      man: document `ostree sign`
      bash-completion: add completion for `ostree sign`
      apidoc: add API documentation for signing interface
      man: document commit signing
      bin/pull-local: add --sign-verify
      tests/libtest: add functions for ed25519 tests
      tests/sign: use library functions for ed25519 keys
      tests/local-pull: test "--sign-verify" option
      bin/remote-add: added "--no-sign-verify" option
      tests: use option "--no-sign-verify" for adding remote
      tests/sign: disable GPG for alternatively signed pull
      lib/sign: allow to build with glib version less than 2.44
      lib/sign: use separate public and secret keys for 'dummy'
      tests/sign: add verification key for pulling with dummy
      lib/sign: fix the false failure while loading keys
      tests/sign: allow to start pull test without libsodium
      lib/sign: new function for summary file signing
      bin/summary: add signing with alternative mechanism
      lib/repo-pull: verify signature on summary pull
      tests/sign: new test for summary file verification
      man: add signature options for ostree summary
      gpg: do not fail GPG-related configuration get for remote
      lib/repo-pull: change sign supporting functions
      lib/repo-pull: set default for sign-verify-summary
      lib/repo-pull: add signature check while fetching summary
      bin/pull-local: add --sign-verify-summary
      lib/sign: make dummy engine non-public
      lib/sign: make ed25519 engine non-public
      lib/sign: better error handling of ed25519 initialization
      lib/repo-pull: return error from signing engine
      lib/repo-pull: return errors from signature engines
      tests/sign: added check with file and single key on pull
      sign-ed25519: Convert functions to new style
      sign-dummy: optimize ostree_sign_dummy_data_verify
      lib/sign: convert ostree_sign_summary to new style
      tests/sign: check pull failure with invalid remote options
      lib/sign: return false for non-implemented functions
      sign-pull: improve error handling
      ostree-repo: improve error handling
      lib/repo-pull: fix GPG check while pulling remote
      Add ci_pkgs to travis-install.sh
      Fix the lost line separator
      Add the same config options for distcheck
      tests/signed-commit: fix the test of well-known places
      sign: rename option for enabling ed25519
      signapi: expose metadata format and key
      sign/ed25519: fix the abort in case of incorrect public key
      sign/ed25519: fix return value if no correct keys in file

Felix Krull (1):
      lib: fix typo in function docs

Frédéric Danis (1):
      lib/deltas: convert ostree_repo_static_delta_generate to new style

Javier Martinez Canillas (1):
      grub2: Don't add menu entries if GRUB supports parsing BLS snippets

Jonathan Lebon (17):
      Post-release version bump
      bin/diff: Clarify documentation around REV and DIR syntax
      lib/pull: Don't leave commits pulled by depth as partial
      ci: Adapt to use new fcosKola semantics
      lib/commit: Add more error prefixing
      lib: Rename function for staging dir check
      lib/commit: Check that dirent is a directory before cleaning
      lib/pull: Add `timestamp-check-from-rev`
      lib/upgrader: Pull with `timestamp-check-from-rev`
      tests/admin-test: Ensure that commits are 1s apart
      switchroot/remount: Neuter sysroot.readonly for now
      tests/admin-test: Fix --allow-downgrade check
      libglnx: Bump to latest
      ci: Import latest ci-commitmessage-submodules from rpm-ostree
      ci: Remove libpaprci/ directory
      lib/repo: Handle EACCES for POSIX locking
      ci: Constrain parallel build jobs

Matthew Leeds (4):
      lib/fetcher-util: retry download on G_IO_ERROR_PARTIAL_INPUT
      find-remotes: Add a --mirror option
      Don't copy summary for collection-ref mirror subset pulls
      tests: Check that example symbol isn't released

NEPO (1):
      README.md: Fix link to CONTRIBUTING.md

Stefan Agner (7):
      docs: clarify archive repo type
      docs: extend object type documentation
      docs: extend repository types
      deploy: support devicetree directory
      man/checkout: fix short name option of --user-mode
      checkout: use FILE as option argument string for --skip-list
      man/checkout: document missing options

William Manley (1):
      OWNERS: Uncomment @wmanley

```

Git-EVTag-v0-SHA512: b65a23ebc1de1b33d886657720c84cffdf9a67e4a154e732693a986a8b2f781c36574e509acf329b835354116bcdabde55a96084f06e5abcb77f6e02e09779f4
    Unverified

  • debian/2020.3-1_bpo10+1

    ee24ddb2 · Rebuild for buster-backports. · 
    ostree release 2020.3-1~bpo10+1 for buster-backports (buster-backports)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • debian/2020.3-1

    7eadc0e8 · Release to unstable · 
    ostree release 2020.3-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]
    Unverified

  • upstream/2020.3

    9df54a83 · New upstream version 2020.3 · 
    Upstream version 2020.3

  • v2020.3

    6ed48234 · Release 2020.3 · 
    Release 2020.3

A quick followup to 2020.2, which introduced support
for [read-only sysroot][1] ended up breaking some of
the Fedora CoreOS tests in [coreos-assembler][2]
which in turn holds back ostree going into FCOS:
https://github.com/coreos/fedora-coreos-tracker/issues/343

Now we've closed that gap and are running more of those
tests as part of our [new CI][3].

[1] https://github.com/ostreedev/ostree/pull/1767/commits/5af403be0cc64df50ad21cef05f3268ead256d6d
[2] https://github.com/coreos/fedora-coreos-tracker/issues/343
[3] https://github.com/coreos/fedora-coreos-tracker/issues/263

```
Colin Walters (3):
      Post-release version bump
      ci: Test kola --upgrades
      main: Also automatically remount rw /sysroot for `ostree pull` etc.

Jonathan Lebon (3):
      ci: migrate to new coreos-ci project
      ci: use `fcosKola` for running kola tests
      Release 2020.3
```

Git-EVTag-v0-SHA512: 0032a560965e0dc2e8cd27b4324b54ca5f968a0a1f2ca67f1de7d810ac135595c034f3f5d2f8f68ef38cb0172558d0911583cd57c17cf12b1cba19ebdadf8997
    Unverified

  • debian/2020.2-1

    b4276c2f · Release to unstable · 
    ostree Debian release 2020.2-1
    Unverified

  • upstream/2020.2

    08d4ffe7 · New upstream version 2020.2 · 
    Upstream version 2020.2

  • v2020.2

    c6085ebd · Release 2020.2 · 
    Release 2020.2

"Brown paper bag" release that actually sets the
`is_release_build=yes` flag and also fixes the
`Since:` on a few new functions.

Git-EVTag-v0-SHA512: 0adf090dcafc39ff06e8269b220e626c32256b599311d2c16758c0ce59e96dbfb9788a759710663c19b515190d1ac5a1dd1b1d46a476d4d11b92fc71ad5c0659
    Unverified

  • v2020.1

    04c85fa1 · Release 2020.1 · 
    Release 2020.1

There is now support for making the [`/sysroot` mount point read-only to start](https://github.com/ostreedev/ostree/pull/1767), and this is used by Fedora CoreOS today.   This protects against a lot of accidental damage, and also generalizes and improves the previous special case handling of having `/boot` read-only.  One known issue is that `ostree pull` is broken with this enabled, and this will be fixed.

Error-handling around GPG verification has had an overhaul. Specifically, libostree now has more specific error codes to distinguish between different verification failures. This should allow apps to have more fine-grained control over how to respond to errors. Do note that the error messages themselves have changed, and we strongly suggest that anyone relying on a specific error message string to migrate to using the API directly.

The original "archive" (split up objects) format didn't make it easy for a client system to know how much data it would be downloading.  Later, static deltas were added which addressed this problem, but there are situations in which object fetches still occur.  Later then support for optional `sizes` metadata in commit objects was added but was never really stabilized/publicized.  There were also some bugs in it.  [That is now completed](https://github.com/ostreedev/ostree/pull/1957) - the sizes data is now stable. and new API was added to read it.

This release adds [initial fs-verity support](https://github.com/ostreedev/ostree/pull/1959); it doesn't do too much today.  Bigger picture it's important to understand that the vision of OSTree is to enable Linux systems that feel like they're "image based" (transactional, versioned updates, no dependency resolution client side), but also to enable things like doing commits on the client side.  Today rpm-ostree supports replacing the kernel client side as a first class operation.  This is crucially important to make it feel truly like a Linux system that *you own*.  See also [this blog](https://blog.verbum.org/2019/12/23/starting-from-open-and-foss/).  Having a story for how system integrity works in this model is more complicated, but we (the CoreOS team at RHT) will be continuing work on it.

A small tweak was made to have OSTree create repo structure directories and files (such as `objects/` or `.lock`) with group write permissions. This is useful for managing OSTree remote servers from multiple UIDs. For systems with the default umask of `0022`, this should have no effect.

We've extensively reworked CI for the upstream repo. In addition to Travis, testing is now done on top of Fedora CoreOS. Not all tests have been carried over, but expect to see more coming. This rework will also allow us to have more comprehensive tests previously not possible.

Several fixes were made to the test suite to handle the cases of systemd vs no-systemd, and `systemd` is now advertised in the list of features in `ostree --version` if present.

---

```
$ git shortlog --no-merges v2019.6..
Alex Kiernan (6):
      test-switchroot.sh: Exclude /proc from file list
      build: Expose systemd in OSTREE_FEATURES
      tests: Skip /var test if running with systemd and libmount
      test-switchroot.sh: Find ostree-prepare-root in installed tests
      fixup! test-switchroot.sh: Find ostree-prepare-root in installed tests
      build: fix systemd feature advertisement

Cole Robinson (1):
      docs: Fix 'package layering' rpm-ostree link

Colin Walters (8):
      Post-release version bump
      finalize-staged: Use the core option parsing to load sysroot
      Support mounting /sysroot (and /boot) read-only
      Initial fs-verity support
      Add .cci.jenkinsfile
      travis: Update debian/ubuntu environments
      ci: Replace PAPR with CoreOS CI
      deploy: Avoid trying to change immutable state unnecessarily

Dan Nicholson (26):
      lib/commit: Only set generate_sizes for archive repos
      tests/sizes: Improve metadata validation
      lib/commit: Fix object sizes metadata for multiple commits
      lib/commit: Make size entries for existing objects
      tests/sizes: Test sizes metadata with existing objects
      tests/sizes: Test that sizes metadata is not reused
      tests/sizes: Check duplicate file doesn't add sizes entry
      libarchive: Support commit sizes metadata
      core: Add OstreeCommitSizesEntry type
      core: Add ostree_commit_get_object_sizes API
      bin/show: Add --print-sizes option to show sizes metadata
      tests/core: Really pick C.UTF-8 locale
      ci/rpmostree: Bump to 2019.4
      lib/gpg: Prefer declare-and-initialize style
      tests/libtest: Record long GPG key IDs and fingerprints
      tests/libtest: Make temporary gpghome private
      tests/gpghome: Create revocation certificates for keys
      tests/gpg-verify-data: Split out signature data
      tests/gpg-verify-data: Empty out trustdb.gpg
      tests/test-gpg-verify-result: Allow specifying signature files
      lib/gpg: Add more specific OstreeGpgError codes
      tests/gpg: Test ostree_gpg_verify_result_require_valid_signature
      tests/gpg: Add tests for importing updated remote GPG keys
      ci/flatpak: Patch GPG error assertions from OSTree
      ostree/trivial-httpd: Fix --autoexit with --daemonize and --log-file
      ostree/trivial-httpd: Add log message for autoexit

John Hiesey (1):
      lib/commit: Include object type in sizes metadata

Jonathan Lebon (1):
      lib/repo: Create repo directories as 0775

clime (1):
      Update ostree-pull.xml with info about pulled refs location and access

```

Git-EVTag-v0-SHA512: b3907c7d53696eee789bf9be60df54385a3146347b78752212745b2f84e0429b5d50f8cb7408b2be483757893e1b65dc1eeb5c8fa1f6446efbe81efbd998e249
    Unverified