Skip to content
Release 2017.12

Quite a lot in this release.  First, on the notable bugfix side,
we fixed an issue where background threads could remain alive
after an error was encountered during pulls.  Particularly
for projects like flatpak that do multiple pulls in process, this
is an important fix.

Another important change related to pulls is that libostree now
performs checksums when mirroring again.
The intent here was to speed up mirroring, but it led to a confusing security
story.  Now it's easier to explain: for HTTP pulls we verify checksums
(and this can be disabled), for local filesystem pulls we don't,
(but it can be enabled).  We've always verified checksums by
default when pulling from an `archive` repository into a non-archive.

Anton Gerasimov contributed a change to the libcurl backend
to support `PKCS#11` URIs, useful for storing certificates in a
hardware or software enclave.

The schema for the experimental OstreeRepoFinderMount API to find OSTree
repos on removable media has changed incompatibly, so that the media doesn’t
need to contain two similar lists of refs. It will now look in .ostree/repos.d,
.ostree/repo, ostree/repo and var/lib/flatpak paths on removable media.

Similarly, the experimental ostree_repo_resolve_keyring_for_collection() API
has changed to return an OstreeRemote containing the keyring, rather than just
the keyring, making it more generally useful.

The bloom filter used when finding refs from remote peers has been fixed to
work correctly on 32-bit architectures (such as ARM). This doesn’t change the
bloom filter format, but will require bloom filters created on 32-bit
architectures to be regenerated in order for advertisements from those machines
to work.

Repositories which have a collection ID set will now put their repository
metadata in an ostree-metadata ref when `ostree summary --update` is run, in
addition to putting it in the summary file. This is part of a plan to securely
allow unsigned summary files for peer-to-peer pulling of refs. This won’t
happen for repositories which don’t have a collection ID set, or if
--enable-experimental-api is not configured.

A new `ostree create-usb` command has been added (if configured with
--enable-experimental-api) which can be used to put refs from repositories onto
removable media in a format which can be detected by OstreeRepoFinderMount.
For example, to allow easy sharing of flatpaks or OS updates between offline

OstreeRepo has gained hash() and equal() methods, so it can now easily be used
in a hash table based on its device number and inode, rather than using its

A minor bug was fixed in rofiles-fuse, which would cause files to be
created with random mode bits if called for `O_RDONLY`.

For clients that use `OstreeRepoDevInoCache`, a bug was fixed which
caused libostree to ignore callbacks that allow modifying file modes,
ownership, and extended attributes.

libostree now supports `--with-crypto=gnutls`.  Like the OpenSSL
support, this is currently just checksums, but Jussi Laako
is driving this towards making the GPG
dependency optional and supporting other signature methods.

In previous releases, libostree learned how to make hardlinks
for local pulls.  But if we couldn't hardlink (e.g. the devices
were separate), the local pull code went through a much slower
generic path that included re-checksumming
objects.  Now there's a copy/reflink fast path that uses
`FICLONE`/`copy_file_range()` directly if possible.  This can be
substantially faster.

`ostree prune` learned a new `--only-branch` option.  This
can be a lot more convenient for release engineering tasks.

As usual, more work was done to improve the testsuite. It should
now be able to better detect `tmpfs`/`overlayfs` environments. The
upstream CI now also runs tests in a non-overlayfs environment
for better coverage.

Anton Gerasimov (1):
      Add support for pkcs11 URIs in TLS client key/certificate

Colin Walters (38):
      lib/repo: Port gpg signing function to new code style
      lib/checkout: Do UNION_FILES via atomic renameat()
      lib/pull: Drop partial fetch code from libsoup backend
      Update libglnx
      tests/prune: Factor out a helper for counting commits in the repo
      bin/prune: Add --only-branch
      ci: Use distro-sync instead of upgrade
      tree-wide: Some glnx_fstatat_allow_noent() porting
      lib/repo: Minor cleanup to object import function
      lib/pull: Wait for pending ops to complete on error
      tests/libtest: Factor out user xattr detection
      lib/repo: Don't syncfs or fsync() dirs if fsync opt is disabled
      lib/repo: Move alloca() outside of loop
      lib/checkout: Squash a gcc maybe-uninitialized warning
      tree-wide: Squash a few warnings when building with no features
      lib: Move bareuseronly verification into commit/core
      lib/commit: Don't try to call linkat() for import on distinct devices
      ci: Add an "all options disabled" context
      lib/repo: Use correct name for tmpdir lockfile
      tree-wide: Remove Emacs modelines
      lib/core: Add static assertions for OstreeRepoMode enum values
      lib: Define an alias OSTREE_REPO_MODE_ARCHIVE
      lib/commit: Some misc porting to decl-after-stmnt
      lib/commit: Add a copy fastpath for imports
      bin/pull: Fix description of --untrusted
      lib/pull: Minor refactoring of metadata scanning function
      lib/pull: Refactor to use OstreeRepoImportFlags internally
      lib/pull: Default checksum for archive mirror, add TRUSTED_HTTP flag
      tests,ci: Move "test-basic" (bare mode) to installed test
      lib/pull: Add status for imported objects
      ci: Record primary context results using g-d-t-r --log-directory
      lib/diff: Add compile-time ABI check on 64 bit arches
      tests/commit-sign: Update a bit to more modern style
      lib/pull: Don't request deltas for unchanged commits
      tree-wide: Bump libglnx, port to new lockfile init
      tests: Add 404 tests for dirtree objects too
      libarchive: Fix assertion error if used with CANONICAL_PERMISSIONS
      Release 2017.12

Jonathan Lebon (11):
      build-sys: Post-release version bump
      rofiles-fuse: also pass mode for O_RDONLY
      tests: allow specifying tmpdir
      tests/libtest: check that we have setfattr
      Add a .vimrc and .editorconfig
      lib/commit: add comments to explain dir commit path
      lib/commit: fix using uninitialized var
      tests/ always nuke repo and files
      lib/commit: don't query devino cache for modified files
      tests: check for relabeling rather than overlay
      tests/installed: also run test-basic-c

Jussi Laako (1):
      Add --with-crypto=gnutls

Matthew Leeds (1):
      lib/pull: Clarify use of unsigned summary support

Philip Withnall (21):
      lib/repo: Add ostree_repo_equal() for comparing repos
      lib/repo-finder-mount: Change the schema for finding repos on volumes
      lib/repo: Drop outdated FIXME comment from ostree-repo.h
      lib/repo: Add ostree_repo_hash() and tests
      lib/repo-finder-mount: Add var/lib/flatpak as a well-known directory
      src/pull: Support local pulls for collection–refs
      create-usb: Add a create-usb command to complement OstreeRepoFinderMount
      lib/repo-refs: Add first version of ostree_repo_resolve_collection_ref()
      lib/repo-pull: Use resolve() instead of list() in fetch_ref_contents()
      lib/repo-pull: Fix a potential minor leak
      lib/repo: Change resolve_keyring_for_collection() to return a remote
      lib/remote: Store name of remote providing keyring for dynamic remotes
      lib/repo-pull: Fix remote names in refspecs from non-mirror P2P pulls
      tests: Add a manual integration test for OstreeRepoFinderMount
      tests: Update some tests to use OSTREE_REPO_MODE_ARCHIVE not ARCHIVE_Z2
      tests/repo: Drop modeline from top of file
      lib/bloom: Fix bloom hashing on 32-bit architectures
      lib/bloom: Fix a -Wconversion warning in OstreeBloom
      man: Fix a copypasta error in ostree-summary.xml
      ostree/summary: Eliminate redundant gotos from error handling path
      ostree/summary: Generate an ostree-metadata ref when updating summary

Simon McVittie (4):
      tests: Fix JavaScript tests with gjs 1.50.0 Skip trivial-httpd if enabled
      tests: Explicitly unset LANGUAGE after setting LC_ALL
      tests: Reset umask to 022 while creating test repository

yceh (1):
      bin/commit: Fix build failure when libarchive is not used

Git-EVTag-v0-SHA512: bfa0b7eceb4e4ac915d7ed0a352fa778e47d2ac2bac75fd895ede1f5bcbb65c44848505eb785bac45d57c5574f0ac1d3accb6c323617582cb25c55bc229a3294