Release 2021.4
A fair set of minor bugfixes. Many fixes landed for `bare-user-only` (e.g. unprivileged flatpak) mode, and further work is forthcoming to ensure that `ostree fsck` for example also does the right thing. There's a new public API to verify signatures outside of HTTP fetches, intended to be used for cases like the "ostree native container" bits in ostree-rs-ext.
ostree learned about [OpenPGP Web Key Directory](https://datatracker.ietf.org/doc/html/draft-koch-openpgp-webkey-service-08) and there are more APIs to access remote GPG keys, in preparation for direct support for updating/rotating keys.
Several CI improvements landed, and minor static analyzer warnings were fixed.
The "deployment staging" model is now explicitly stabilized, and is fairly strongly recommended. In a future libostree release it is likely we will make it even easier to opt in to newer defaults such as staging and readonly sysroot.
```
Benjamin Gilbert (3):
man: improve statoverride description
workflows: bump lint toolchain
workflows: limit permissions to reading repo contents
Buddelmann, Richard RB (1):
repo-pull: legacy_transaction_resuming flag ignored
Colin Walters (10):
lib: Change read_commit_detached_metadata to be nullable
ci: Run main GH action CI build+test as non-root
checkout: Save errno when re-throwing
checkout: Also ignore xattrs for union in bare-user-only mode
Add an API to verify a commit signature explicitly
tests/basic: Skip --no-xattrs if we have selinux
upgrade: Stabilize deployment staging
Add support for "custom remotes"
Release 2021.4
configure: post-release version bump
Dan Nicholson (13):
lib/repo: Factor out GPG verifier key imports
lib/repo: Factor out GPG verifier preparation
lib/repo: Allow preparing GPG verifier without global keyrings
lib/repo: Add ostree_repo_remote_get_gpg_keys()
bin/remote: Add list-gpg-keys subcommand
libotutil: Import implementation of zbase32 encoding
libotutil: Add helper for GPG WKD update URLs
lib/repo: Include WKD update URLs in GPG key listing
bin/remote: Include update URLs in list-gpg-keys
fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys()
fixup! bin/remote: Add list-gpg-keys subcommand
fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys()
bin/remote: Rename list-gpg-keys to gpg-list-keys
Jonathan Lebon (3):
lib/sign-dummy: Handle incorrect signatures correctly
lib/sysroot: Fix error message about creating `/var/lib`
ostree/dump: Fix free'ing a static string
Luca BRUNO (15):
configure: post-release version bump
builtins/commit: check for conflicting permissions options
builtins/commit: move commit modifier to auto-cleanup
lib/core/checksum: add flag to use canonical permissions
lib/repo/checkout: use canonical perms in bare-user-only mode
lib/commit: autofix permissions for bare-user-only
lib/diff: ignore xattrs if disabled on either repos
lib/diff: automatically skip xattrs in bare-user-only mode
builtins/commit: set up relevant flags in bare-user-only mode
lib/commit: automatically skip xattrs in bare-user-only mode
tests: update several bare-user-only checks
lib: improve transactions auto-cleanup logic
libtest: tweak selinux/relabel message
tests/basic: avoid changing ownership
tests: skip a broken fsck case
Simon McVittie (1):
tests: Unset SOURCE_DATE_EPOCH
刘建强 (1):
fix: Avoid wild pointers
```
Git-EVTag-v0-SHA512: eace94b80c91fb88dc9357a42c0f06b4d4cdd198c0c87586d4ef5ee307cf96237202546e1bfe630d2f55988f497224c86bfa2b384000374b9bd6badc22a772a4