Tags

Upstream version 2020.3

Release 2020.3

A quick followup to 2020.2, which introduced support
for [read-only sysroot][1] ended up breaking some of
the Fedora CoreOS tests in [coreos-assembler][2]
which in turn holds back ostree going into FCOS:
https://github.com/coreos/fedora-coreos-tracker/issues/343

Now we've closed that gap and are running more of those
tests as part of our [new CI][3].

[1] https://github.com/ostreedev/ostree/pull/1767/commits/5af403be0cc64df50ad21cef05f3268ead256d6d
[2] https://github.com/coreos/fedora-coreos-tracker/issues/343
[3] https://github.com/coreos/fedora-coreos-tracker/issues/263

```
Colin Walters (3):
      Post-release version bump
      ci: Test kola --upgrades
      main: Also automatically remount rw /sysroot for `ostree pull` etc.

Jonathan Lebon (3):
      ci: migrate to new coreos-ci project
      ci: use `fcosKola` for running kola tests
      Release 2020.3
```

Git-EVTag-v0-SHA512: 0032a560965e0dc2e8cd27b4324b54ca5f968a0a1f2ca67f1de7d810ac135595c034f3f5d2f8f68ef38cb0172558d0911583cd57c17cf12b1cba19ebdadf8997

ostree Debian release 2020.2-1

Upstream version 2020.2

Release 2020.2

"Brown paper bag" release that actually sets the
`is_release_build=yes` flag and also fixes the
`Since:` on a few new functions.

Git-EVTag-v0-SHA512: 0adf090dcafc39ff06e8269b220e626c32256b599311d2c16758c0ce59e96dbfb9788a759710663c19b515190d1ac5a1dd1b1d46a476d4d11b92fc71ad5c0659

Release 2020.1

There is now support for making the [`/sysroot` mount point read-only to start](https://github.com/ostreedev/ostree/pull/1767), and this is used by Fedora CoreOS today.   This protects against a lot of accidental damage, and also generalizes and improves the previous special case handling of having `/boot` read-only.  One known issue is that `ostree pull` is broken with this enabled, and this will be fixed.

Error-handling around GPG verification has had an overhaul. Specifically, libostree now has more specific error codes to distinguish between different verification failures. This should allow apps to have more fine-grained control over how to respond to errors. Do note that the error messages themselves have changed, and we strongly suggest that anyone relying on a specific error message string to migrate to using the API directly.

The original "archive" (split up objects) format didn't make it easy for a client system to know how much data it would be downloading.  Later, static deltas were added which addressed this problem, but there are situations in which object fetches still occur.  Later then support for optional `sizes` metadata in commit objects was added but was never really stabilized/publicized.  There were also some bugs in it.  [That is now completed](https://github.com/ostreedev/ostree/pull/1957) - the sizes data is now stable. and new API was added to read it.

This release adds [initial fs-verity support](https://github.com/ostreedev/ostree/pull/1959); it doesn't do too much today.  Bigger picture it's important to understand that the vision of OSTree is to enable Linux systems that feel like they're "image based" (transactional, versioned updates, no dependency resolution client side), but also to enable things like doing commits on the client side.  Today rpm-ostree supports replacing the kernel client side as a first class operation.  This is crucially important to make it feel truly like a Linux system that *you own*.  See also [this blog](https://blog.verbum.org/2019/12/23/starting-from-open-and-foss/).  Having a story for how system integrity works in this model is more complicated, but we (the CoreOS team at RHT) will be continuing work on it.

A small tweak was made to have OSTree create repo structure directories and files (such as `objects/` or `.lock`) with group write permissions. This is useful for managing OSTree remote servers from multiple UIDs. For systems with the default umask of `0022`, this should have no effect.

We've extensively reworked CI for the upstream repo. In addition to Travis, testing is now done on top of Fedora CoreOS. Not all tests have been carried over, but expect to see more coming. This rework will also allow us to have more comprehensive tests previously not possible.

Several fixes were made to the test suite to handle the cases of systemd vs no-systemd, and `systemd` is now advertised in the list of features in `ostree --version` if present.

---

```
$ git shortlog --no-merges v2019.6..
Alex Kiernan (6):
      test-switchroot.sh: Exclude /proc from file list
      build: Expose systemd in OSTREE_FEATURES
      tests: Skip /var test if running with systemd and libmount
      test-switchroot.sh: Find ostree-prepare-root in installed tests
      fixup! test-switchroot.sh: Find ostree-prepare-root in installed tests
      build: fix systemd feature advertisement

Cole Robinson (1):
      docs: Fix 'package layering' rpm-ostree link

Colin Walters (8):
      Post-release version bump
      finalize-staged: Use the core option parsing to load sysroot
      Support mounting /sysroot (and /boot) read-only
      Initial fs-verity support
      Add .cci.jenkinsfile
      travis: Update debian/ubuntu environments
      ci: Replace PAPR with CoreOS CI
      deploy: Avoid trying to change immutable state unnecessarily

Dan Nicholson (26):
      lib/commit: Only set generate_sizes for archive repos
      tests/sizes: Improve metadata validation
      lib/commit: Fix object sizes metadata for multiple commits
      lib/commit: Make size entries for existing objects
      tests/sizes: Test sizes metadata with existing objects
      tests/sizes: Test that sizes metadata is not reused
      tests/sizes: Check duplicate file doesn't add sizes entry
      libarchive: Support commit sizes metadata
      core: Add OstreeCommitSizesEntry type
      core: Add ostree_commit_get_object_sizes API
      bin/show: Add --print-sizes option to show sizes metadata
      tests/core: Really pick C.UTF-8 locale
      ci/rpmostree: Bump to 2019.4
      lib/gpg: Prefer declare-and-initialize style
      tests/libtest: Record long GPG key IDs and fingerprints
      tests/libtest: Make temporary gpghome private
      tests/gpghome: Create revocation certificates for keys
      tests/gpg-verify-data: Split out signature data
      tests/gpg-verify-data: Empty out trustdb.gpg
      tests/test-gpg-verify-result: Allow specifying signature files
      lib/gpg: Add more specific OstreeGpgError codes
      tests/gpg: Test ostree_gpg_verify_result_require_valid_signature
      tests/gpg: Add tests for importing updated remote GPG keys
      ci/flatpak: Patch GPG error assertions from OSTree
      ostree/trivial-httpd: Fix --autoexit with --daemonize and --log-file
      ostree/trivial-httpd: Add log message for autoexit

John Hiesey (1):
      lib/commit: Include object type in sizes metadata

Jonathan Lebon (1):
      lib/repo: Create repo directories as 0775

clime (1):
      Update ostree-pull.xml with info about pulled refs location and access

```

Git-EVTag-v0-SHA512: b3907c7d53696eee789bf9be60df54385a3146347b78752212745b2f84e0429b5d50f8cb7408b2be483757893e1b65dc1eeb5c8fa1f6446efbe81efbd998e249

ostree release 2019.6-1~bpo10+1 for buster-backports (buster-backports)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

ostree release 2019.6-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 2019.6

Release 2019.6

Nothing major in this release, but we have some
bigger stuff outstanding and ready to merge, so I
want to get this release out so that work will
have time to stabilize.

A few build/CI fixes.  A new progress API which
will be used by flatpak (and can be used by others).
Finally, we also avoid reordering kernel arguments.

Thanks to all contributors!

```
git shortlog --no-merges v2019.5..
Alex Kiernan (5):
      tests/core: Fallback to en_US.UTF-8 locale
      tests: Handle EPIPE failures when head terminates
      tests/core: Assume C.UTF-8 if locale isn't found
      tests: Avoid musl failure with `cp -a`
      build: create tests directory for split builds

Colin Walters (6):
      Post-release version bump
      lib/keyfile: Treat "group not found" the same as "key not found"
      Bump libglnx
      tests/repo-finder: Run realpath() on /tmp
      pull: Add support for basic auth
      Release 2019.6

Philip Chimento (2):
      Bump version in symbols file
      libostree: Add ostree_async_progress_copy_state()

Ricardo Salveti (1):
      Makefile: declare ostree_boot_SCRIPTS and append values

Robert Fairley (1):
      lib/kernel-args: Store kernel args as key/value entries

Sam Thursfield (1):
      README.md: Tweak text about BuildStream

Stefan Agner (1):
      Avoid race condition when building outside of source tree
```

Git-EVTag-v0-SHA512: 915ebfe9501a74ca86a3b3aceafad352f4730fb148cc1874f2e49c7076fa1a948049fe9bd96b081502995b56096892a7405f5628f4e2e749bfaed2f35136f42a

ostree release 2019.5-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 2019.5

Release 2019.5

Mainly in this release:

 - We discovered that CLang has a static analyzer `scan-build`;
   it found some small memory leaks so far, otherwise mostly
   noise, but we haven't dug through all the errors yet.
 - Gained a new zipl (s390x bootloader) backend
 - Install the `.hmac` files needed for FIPS mode in `/boot` too

This is also the first release where we switched to using
the OpenShift Prow as a merge bot, though a lot more CI work
is pending.

```
Alex Kiernan (5):
      Always enable trivial-httpd for tests
      Gate ostree-trivial-httpd on BUILDOPT_TRIVIAL_HTTPD
      Revert "Gate ostree-trivial-httpd on BUILDOPT_TRIVIAL_HTTPD"
      Revert "Always enable trivial-httpd for tests"
      tests/export: Guard with check for libarchive

Colin Walters (25):
      ci: Honor ARTIFACTS environment variable
      ci: Make ${ARTIFACTS} directory
      OWNERS: New file
      libostree: Add an assert to pacify clang-analyzer
      repo: [scan-build] Initialize a variable
      sysroot: [scan-build]: Remove a dead assignment
      sysroot: [scan-build] Remove a dead assignment
      repo: [scan-build]: Mark a variable used
      libotutil: Port keyfile-utils.c to new style
      ci: Skip all yum operations if SKIP_INSTALLDEPS is set
      commit: [scan-build] Remove a dead assignment
      tree-wide: [scan-build]: Add some asserts that pointers are non-NULL
      prune: [scan-build] Initialize a variable
      bootloader: Add a zipl bootloader backend
      ci: Trim PAPR config to drop required flag
      tree-wide: [scan-build] Fix some dead stores
      lib/repo: [scan-build] Quiet a dead store warning
      lib/pull: [scan-build] Silence a dead store warning
      tests: Port keyfile test to new style
      lib: Port variant-builder.c to new style
      tests: [scan-build] Initialize a variable
      lib/checksum-utils: Use g_memdup()
      build-sys: Cleanup handling for trivial-httpd-cmdline
      Revert "grub2: Exit gracefully if the configuration has BLS enabled"
      Release 2019.5

Dan Nicholson (1):
      repo: Stop using deprecated G_GNUC_FUNCTION

Javier Martinez Canillas (1):
      grub2: Exit gracefully if the configuration has BLS enabled

Jonathan Lebon (6):
      Post-release version bump
      configure.ac: Add more details on how to do a release
      src/libotutil: Fix strv memory leak
      lib/pull: Avoid calling destroy on unref'ed GSource
      lib/pull: Tweak update_timeout logic again
      lib/deploy: Also install HMAC file into /boot

Umang Jain (1):
      async-progress: Plug memory leak while destroying GSource

```

Git-EVTag-v0-SHA512: 395f281ee8286eb6d22c215abc5146e1f27ecba6b120abee045d178150ea2116dd87e0e82b2d9ef4c150dec719716ae0d2583e5a1f9f38cb790fa81f55867e70

ostree release 2019.4-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 2019.4

2019.4

This is mostly a bugfix release. Notably, the 2019.3 release caused some issues
related to the gpg-agent code spewing messages on the terminal. Additionally,
Fedora 31 users have hit upon issues with `ostree-finalize-staged.service`
running too late to be able to write back its logs to the journal. This then
confused `rpm-ostree` after reboot, because it looks at the previous boot's
journal for this message.

The biggest feature-ish change is support for a partial commit "reason" so that
after `ostree fsck --delete` was used, subsequent `ostree fsck` will continue to
report an error.  This should be used by higher level tools that want to do
"fsck and repair".  It's likely at some point that "fsck and repair" logic will
move down into the libostree core as well.

There are ongoing efforts to port Fedora CoreOS to s390x: one fix landed here to
add the deployment prefix to BLS entries since it's what the `zipl` bootloader
expected.

Special thanks to first-time contributors Benjamin Gilbert and Jason Wessel!

---

```
Benjamin Gilbert (1 PR, 1 commit)
  prepare-root: remember to remove /sysroot.tmp (#1919)

Colin Walters (4 PRs, 4 commits)
  Post-release version bump (#1902)
  sysroot: Add a clearer error if /boot/loader isn't found (#1905)
  ci: Add prow/ subdirectory with Dockerfile (#1906)
  fsck: Fix version in docs, tweak error text (#1918)

Dan Nicholson (3 PRs, 3 commits)
  lib/gpg: Only show gpg-connect-agent stderr on failures (#1908)
  lib/gpg: Don't kill gpg-agent on newer gnupg (#1915)
  lib/gpg: Use g_spawn_sync to kill gpg-agent (#1917)

Jason Wessel (1 PR, 2 commits)
  PR: #1910
    fsck: Add test for --delete corruption, fix repair, and partial commit checks
    fsck: Implement a partial commit reason bitmask

Javier Martinez Canillas (2 PRs, 3 commits)
  lib/bootconfig-parser: Always include deployment index in BLS title (#1911)
  PR: #1904
    lib/bootconfig-parser: Write BLS fragment fields in a deterministic order
    lib/bootconfig-parser: Remove support to preserve comments in BLS files

Jonathan Lebon (2 PRs, 3 commits)
  boot/finalize-staged: Run after systemd-journal-flush.service (#1926)
  Release 2019.4 (#1927)

Philip Withnall (1 PR, 1 commit)
  lib/repo-pull: Add more debugging on pull failure (#1925)
```

Git-EVTag-v0-SHA512: 55b10530b19a813298e0fa1485961182be0002b33cb45effe2f619d91a6a2225be4966774f6c58c15104f32df857ffa48e7b52126020fa075f90610958eb077f

ostree release 2019.3-3 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

ostree release 2019.3-2 for experimental (experimental)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

ostree release 2019.3-1 for unstable (sid)

(maintainer view tag generated by dgit --quilt=unapplied)

[dgit distro=debian split --quilt=unapplied]

Upstream version 2019.3