-
-
v2017.13ae613210 · ·
Release 2017.13 A lot of across-the-board improvements here; the pure bugfixes are mostly in the experimental Avahi bits, hardening the `FIFREEZE` on `/boot` code, explicit errors when trying to commit non-UTF8 filenames, and finally a number of fixes around our use of `mmap`. One slight backwards-incompatible change (but I doubt it'll break anyone): `Disallow refs starting with a non-letter or digit` If this *does* affect you, please let us know ASAP. PR: https://github.com/ostreedev/ostree/pull/1286 For improvements, first up, Alex changed the static delta code to avoid holding everything in memory; this is a substantial improvement for large deltas, and also for flatpak which uses deltas as a "bundle" format. PR: https://github.com/ostreedev/ostree/pull/1309 A few notable changes: `commit: Add _CONSUME modifier flag` You probably want to use this by default for your build/package systems. PR: https://github.com/ostreedev/ostree/pull/1255 `core: Add standard SOURCE_TITLE metadata key` This one I think is conceptually quite interesting; for many people, their ostree commits are *derived* from something else that has its own versioning, and it's useful to show that explicitly. I encourage ostree-based build systems to consider rendering human-readable information about your builds into this standardized metadata key. PR: https://github.com/ostreedev/ostree/pull/1296 On the command line side, Ruixin Bao for cleaning up the `--help` output significantly. PR: https://github.com/ostreedev/ostree/pull/1267 And thanks to Simon McVittie for his regular fixups to the tests to ensure they keep running in Debian! Full shortlog below: ``` Alexander Larsson (4): Add OtVariantBuilder static deltas: Use OtVariantBuilder to create deltas static-delta-compilation: Move some things around static deltas: Process each part as soon as its done Colin Walters (58): lib/commit: Add some gtk-doc and internal doc comments lib/sysroot: Add some more comments lib/pull: Fix regression with pull-local for nonexistent refs lib/syslinux: Port to fd-relative lib/uboot: Port to fd-relative lib/pull: Minor cleanup to metadata scanning function, add docs lib/core: Init struct stat buffer lib/sysroot: Fix pointer going out of scope in unlock code Deduplicate and fix up our use of mmap() lib/utils: Port a bit to decl-after-stmt style lib/pull: Change fetcher to return O_TMPFILE lib/util: Delete some unused functions lib/deltas: Move variant read helper into the deltas code commit: Add _CONSUME modifier flag lib: Add a lighter weight internal checksum wrapper lib/core: (refactor) Drop wrapper and unneeded args for variant writing lib/core: Port a few functions to decl-after-stmt lib/core: Use GBytes for file headers lib/commit: Make -path commit helper API private tree-wide: Update to new libglnx fd APIs lib/deploy: Use _exit() for FIFREEZE watchdog lib/deltas: Check cancellable during processing lib/pull: Drop duplicate/different error for GPG but no detached meta lib/pull: Also do commit GPG verification before writing tests/basic: Add missing ${COMMIT_ARGS} for bare-user-only lib/commit: Implement "adoption" with CONSUME flag lib: Use a common helper function to compare checksums lib/sysroot: Fix error handling when mounting overlayfs fails tests: Add test-pull-bareuseronly lib/deltas: Use fastpath for regfile writes for bare-user-only lib/deltas: Use pread() instead of lseek()+read() lib/commit: Avoid trying to delete `.` with _CONSUME flag lib/commit: Fix indentation in file commit code lib/commit: Use direct fd xattr operations again on regular files syntax-check: Add a rule to enforce glnx_autofd over glnx_fd_close lib/pull: Update summary checksum code to use new checksum API lib/repo: Update summary code to use newer hashing API lib/commit: (refactor) Clean up delta bare write API Disallow refs starting with a non-letter or digit lib/checkout: For "process whiteouts" mode, replace directories too repo: Add wrapper function for setting devino cache on checkout opts docs/related-projects: Add Google Usenix link bin/status: Port to new style bin/status: Inline metadata parsing for versions core: Add standard SOURCE_TITLE metadata key lib/commit: Fix hardlink checkout commit with bare-user + mod xattrs ci: Update centos container to current again tree-wide: Use autoptr for OstreeKernelArgs lib/repo: Fix loading commitstate with parent repos lib/deltas: Fix change to use pread() in write opcode lib: Minor static delta fixes lib/pull: When --require-static-deltas, use them even for file:/// repos lib/pull: Delete unused "exampleos" code bin/delta-compilation: Add a "progress bar" for bsdiff generation deltas: Add an if0'd bit to print bsdiff objects tests: Add a "pull-test2" that uses slightly more realistic content Update libglnx Release 2017.13 Dan Nicholson (4): lib/deploy: Ignore FIFREEZE/FITHAW errors when already in state build: Fix bsdiff Makefile circular dependency build: Do *.am.inc substitutions from make correctly lib/repo: Properly handle NULL homedir when signing commit Jonathan Lebon (12): build-sys: Post-release version bump app/main: use HAVE_LIBCURL_OR_LIBSOUP for pull CLI ci: really turn on warnings tree: fix compiler warnings lib/commit: minor coverity fix libotutil/checksum-utils: fix openssl compilation ci: compile f26/c7-primary with libcurl/openssl tests: drop unused variable ostree/checksum: port to new decl style lib/core: add ostree_checksum_file_at API lib/checkout: fallback to checksum for UNION_IDENTICAL lib/commit: fix checking flag with bitwise OR Marcus Folkesson (1): docs: mention the $OSTREE_REPO environment variable Matthew Leeds (2): lib/gpg: Print debug info when reading GPG keys lib/utils: Check for invalid UTF-8 in filenames Philip Withnall (10): lib/bloom: Add some missing preconditions on n_bytes lib/repo-commit: Import detached metadata even if hardlink exists docs: Clarify %NULL argument to ostree_sysroot_new() lib/repo: Clarify that ostree_repo_remote_fetch_summary() doesn’t verify lib/repo-finder-avahi: Fix a leak in a GVariantIter loop lib/repo-finder: Add OstreeRepoFinderOverride lib/sysroot: Expand docs for ostree_sysroot_get_repo() lib/repo-finder-avahi: Fix memory corruption of a GVariantIter lib/repo-finder-mount: Fix propagating NULL errors lib/repo-finder-mount: Ignore mounts which have a ‘system’ file system Ruixin Bao (3): ostree: Describe subcommands in help output ostree: move flags into command struct, pass down through builtins ostree: provide command description in a better place Shaun Taheri (1): static deltas: Set optional flag for superblock Simon McVittie (3): Cope with xattr syscalls raising EOPNOTSUPP Make sure *.am.inc are up to date before `make dist` ostree-system-generator: Include <libglnx.h> for autocleanups ``` Git-EVTag-v0-SHA512: ccfdad2f0fb324404c1d8886fb415dbf6447ea369ffbd7047c687e167461234c569c3492e7700d975ee92ca8e8951d6eb90e6c52b231e3e23db72a5ed724486e -
-
-
-
-
v2017.1264f3257d · ·
Release 2017.12 Quite a lot in this release. First, on the notable bugfix side, we fixed an issue where background threads could remain alive after an error was encountered during pulls. Particularly for projects like flatpak that do multiple pulls in process, this is an important fix. PR: https://github.com/ostreedev/ostree/pull/1185 Another important change related to pulls is that libostree now performs checksums when mirroring again. The intent here was to speed up mirroring, but it led to a confusing security story. Now it's easier to explain: for HTTP pulls we verify checksums (and this can be disabled), for local filesystem pulls we don't, (but it can be enabled). We've always verified checksums by default when pulling from an `archive` repository into a non-archive. PR: https://github.com/ostreedev/ostree/pull/1212 Anton Gerasimov contributed a change to the libcurl backend to support `PKCS#11` URIs, useful for storing certificates in a hardware or software enclave. PR: https://github.com/ostreedev/ostree/pull/1183 The schema for the experimental OstreeRepoFinderMount API to find OSTree repos on removable media has changed incompatibly, so that the media doesn’t need to contain two similar lists of refs. It will now look in .ostree/repos.d, .ostree/repo, ostree/repo and var/lib/flatpak paths on removable media. PR: https://github.com/ostreedev/ostree/pull/1179 Similarly, the experimental ostree_repo_resolve_keyring_for_collection() API has changed to return an OstreeRemote containing the keyring, rather than just the keyring, making it more generally useful. PR: https://github.com/ostreedev/ostree/pull/1202 The bloom filter used when finding refs from remote peers has been fixed to work correctly on 32-bit architectures (such as ARM). This doesn’t change the bloom filter format, but will require bloom filters created on 32-bit architectures to be regenerated in order for advertisements from those machines to work. PR: https://github.com/ostreedev/ostree/pull/1231 Repositories which have a collection ID set will now put their repository metadata in an ostree-metadata ref when `ostree summary --update` is run, in addition to putting it in the summary file. This is part of a plan to securely allow unsigned summary files for peer-to-peer pulling of refs. This won’t happen for repositories which don’t have a collection ID set, or if --enable-experimental-api is not configured. PR: https://github.com/ostreedev/ostree/pull/1158 A new `ostree create-usb` command has been added (if configured with --enable-experimental-api) which can be used to put refs from repositories onto removable media in a format which can be detected by OstreeRepoFinderMount. For example, to allow easy sharing of flatpaks or OS updates between offline machines. PR: https://github.com/ostreedev/ostree/pull/1182 OstreeRepo has gained hash() and equal() methods, so it can now easily be used in a hash table based on its device number and inode, rather than using its path. PR: https://github.com/ostreedev/ostree/pull/1179 PR: https://github.com/ostreedev/ostree/pull/1205 A minor bug was fixed in rofiles-fuse, which would cause files to be created with random mode bits if called for `O_RDONLY`. PR: https://github.com/ostreedev/ostree/pull/1200 For clients that use `OstreeRepoDevInoCache`, a bug was fixed which caused libostree to ignore callbacks that allow modifying file modes, ownership, and extended attributes. PR: https://github.com/ostreedev/ostree/pull/1170 libostree now supports `--with-crypto=gnutls`. Like the OpenSSL support, this is currently just checksums, but Jussi Laako is driving this towards making the GPG dependency optional and supporting other signature methods. PR: https://github.com/ostreedev/ostree/pull/1189 In previous releases, libostree learned how to make hardlinks for local pulls. But if we couldn't hardlink (e.g. the devices were separate), the local pull code went through a much slower generic path that included re-checksumming objects. Now there's a copy/reflink fast path that uses `FICLONE`/`copy_file_range()` directly if possible. This can be substantially faster. PR: https://github.com/ostreedev/ostree/pull/1197 `ostree prune` learned a new `--only-branch` option. This can be a lot more convenient for release engineering tasks. PR: https://github.com/ostreedev/ostree/pull/1127 As usual, more work was done to improve the testsuite. It should now be able to better detect `tmpfs`/`overlayfs` environments. The upstream CI now also runs tests in a non-overlayfs environment for better coverage. PR: https://github.com/ostreedev/ostree/pull/1217 PR: https://github.com/ostreedev/ostree/pull/1170 ``` Anton Gerasimov (1): Add support for pkcs11 URIs in TLS client key/certificate Colin Walters (38): lib/repo: Port gpg signing function to new code style lib/checkout: Do UNION_FILES via atomic renameat() lib/pull: Drop partial fetch code from libsoup backend Update libglnx tests/prune: Factor out a helper for counting commits in the repo bin/prune: Add --only-branch ci: Use distro-sync instead of upgrade tree-wide: Some glnx_fstatat_allow_noent() porting lib/repo: Minor cleanup to object import function lib/pull: Wait for pending ops to complete on error tests/libtest: Factor out user xattr detection lib/repo: Don't syncfs or fsync() dirs if fsync opt is disabled lib/repo: Move alloca() outside of loop lib/checkout: Squash a gcc maybe-uninitialized warning tree-wide: Squash a few warnings when building with no features lib: Move bareuseronly verification into commit/core lib/commit: Don't try to call linkat() for import on distinct devices ci: Add an "all options disabled" context lib/repo: Use correct name for tmpdir lockfile tree-wide: Remove Emacs modelines lib/core: Add static assertions for OstreeRepoMode enum values lib: Define an alias OSTREE_REPO_MODE_ARCHIVE lib/commit: Some misc porting to decl-after-stmnt lib/commit: Add a copy fastpath for imports bin/pull: Fix description of --untrusted lib/pull: Minor refactoring of metadata scanning function lib/pull: Refactor to use OstreeRepoImportFlags internally lib/pull: Default checksum for archive mirror, add TRUSTED_HTTP flag tests,ci: Move "test-basic" (bare mode) to installed test lib/pull: Add status for imported objects ci: Record primary context results using g-d-t-r --log-directory lib/diff: Add compile-time ABI check on 64 bit arches tests/commit-sign: Update a bit to more modern style lib/pull: Don't request deltas for unchanged commits tree-wide: Bump libglnx, port to new lockfile init tests: Add 404 tests for dirtree objects too libarchive: Fix assertion error if used with CANONICAL_PERMISSIONS Release 2017.12 Jonathan Lebon (11): build-sys: Post-release version bump rofiles-fuse: also pass mode for O_RDONLY tests: allow specifying tmpdir tests/libtest: check that we have setfattr Add a .vimrc and .editorconfig lib/commit: add comments to explain dir commit path lib/commit: fix using uninitialized var tests/libtest.sh: always nuke repo and files lib/commit: don't query devino cache for modified files tests: check for relabeling rather than overlay tests/installed: also run test-basic-c Jussi Laako (1): Add --with-crypto=gnutls Matthew Leeds (1): lib/pull: Clarify use of unsigned summary support Philip Withnall (21): lib/repo: Add ostree_repo_equal() for comparing repos lib/repo-finder-mount: Change the schema for finding repos on volumes lib/repo: Drop outdated FIXME comment from ostree-repo.h lib/repo: Add ostree_repo_hash() and tests lib/repo-finder-mount: Add var/lib/flatpak as a well-known directory src/pull: Support local pulls for collection–refs create-usb: Add a create-usb command to complement OstreeRepoFinderMount lib/repo-refs: Add first version of ostree_repo_resolve_collection_ref() lib/repo-pull: Use resolve() instead of list() in fetch_ref_contents() lib/repo-pull: Fix a potential minor leak lib/repo: Change resolve_keyring_for_collection() to return a remote lib/remote: Store name of remote providing keyring for dynamic remotes lib/repo-pull: Fix remote names in refspecs from non-mirror P2P pulls tests: Add a manual integration test for OstreeRepoFinderMount tests: Update some tests to use OSTREE_REPO_MODE_ARCHIVE not ARCHIVE_Z2 tests/repo: Drop modeline from top of file lib/bloom: Fix bloom hashing on 32-bit architectures lib/bloom: Fix a -Wconversion warning in OstreeBloom man: Fix a copypasta error in ostree-summary.xml ostree/summary: Eliminate redundant gotos from error handling path ostree/summary: Generate an ostree-metadata ref when updating summary Simon McVittie (4): tests: Fix JavaScript tests with gjs 1.50.0 test-help.sh: Skip trivial-httpd if enabled tests: Explicitly unset LANGUAGE after setting LC_ALL tests: Reset umask to 022 while creating test repository yceh (1): bin/commit: Fix build failure when libarchive is not used ``` Git-EVTag-v0-SHA512: bfa0b7eceb4e4ac915d7ed0a352fa778e47d2ac2bac75fd895ede1f5bcbb65c44848505eb785bac45d57c5574f0ac1d3accb6c323617582cb25c55bc229a3294 -
-
v2017.116c0738a0 · ·
Release 2017.11 This release has a few new features, some UX improvements for the command line, and a variety of bugfixes. First off though is this commit: `docs/build: s/libOSTree/libostree/`. The project is now more canonically called "libostree", though "OSTree" and "ostree" are also fine. The most important bugfix for anyone using `rofiles-fuse` (typically build systems, rpm-ostree also uses it) is: Alexander Larsson (1): rofiles-fuse: Fix lchown() and hardlink verification for symlinks https://github.com/ostreedev/ostree/pull/1137 On the features side, we've added a few new APIs to the libarchive importing and checkout path that will be used by rpm-ostree. This should be of interest to anyone using libostree for build systems or underlying a hybrid image/package system like rpm-ostree. For example rpm-ostree automatically converts RPMs that have content in /boot: https://github.com/projectatomic/rpm-ostree/pull/969 using the new libarchive filtering that landed here in libostree. This is because ostree doesn't support updating anything in /boot *besides* the bootloader configuration. Another good example of a package system integration change is the new OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_IDENTICAL - this matches the RPM semantic of merging identical files. Thanks to Ruixin Bao! https://github.com/ostreedev/ostree/pull/1105 Also on the host system side, there is a new (canonical) place for build systems to put the kernel/initramfs: /usr/lib/modules/$kver. This change matches the current Fedora kernel RPM, and was originally inspired by changes coming from the systemd camp. More information: https://github.com/ostreedev/ostree/pull/1079 Guy Shapiro contributed a change to have all of the deployments show up in the uboot configuration, to help enable automatic fallback if a new OS fails to boot. https://github.com/ostreedev/ostree/pull/1138 Colin Walters did a lot of style cleanups, some "error prefixing" work to ensure we produce understandable errors in more situations, and one other notable cleanup: boot: Add a tmpfiles.d snippet to clean up /var/tmp/ostree-ovl.XXX This should be nice for anyone who uses `ostree admin unlock` frequently. Dan Nicholson has been doing a lot of work on improving libostree's management of configuration for remotes: https://github.com/ostreedev/ostree/pull/1155 Jonathan Lebon did a lot of cleanup in the command line parsing and fixes for --help, and also helped with the new --selinux-label option for `ostree commit`. (And also did tons and tons of code review!) Robert McQueen has been continuing work on fixing up libostree's handling of GPG keys that have subkeys - there's now: lib/gpg: Add _FINGERPRINT_PRIMARY to OstreeGpgVerifyResult which effectively reverts an earlier change to make the primary key show up as the main fingerprint. Philip Withnall and Simon McVittie contributed build system and test fixes. $ git shortlog v2017.10..6c0738a000800856d09774d50d16d84c1b537a7b Alexander Larsson (1): rofiles-fuse: Fix lchown() and hardlink verification for symlinks Colin Walters (46): build-sys: Post-release version bump boot: Add a tmpfiles.d snippet to clean up /var/tmp/ostree-ovl.XXX bin: Squash some -Wuninit warnings with porting to new style lib/sysroot: Support /usr/lib/modules/$kver for kernel/initramfs docs/build: s/libOSTree/libostree/ lib/deploy: Add .img to end of initramfs in /usr/lib/modules lib/pull: Add support for timestamp-check option, use in upgrader lib/commit: Remove duplicated function for filter processing lib/commit: Honor commit filter for libarchive --tar-autocreate-parents build/maint.mk: Comment out setting of LC_ALL bin/main: Remove duplicated usage output on unknown commands lib/repo: Add some assertions for ABI sizes bin/commit: Add --selinux-policy option libarchive: Add support for translating paths during commit tree-wide: Replace archive-z2 with archive bin/prune: Port to new style bin/admin: Port switch,upgrade to new style bin/admin: Check for booted deployment to see if we should reboot bin/admin: Change init-fs to stop loading a sysroot to init one bin/admin: Do sysroot loading during argument parsing bin/admin: Check for booted sysroot for root-required commands ci: Hackaround Fedora rpm/libdb/glibc issue lib/repo: Add apidoc for repo properties lib/repo: Add error prefixing during hardlink object import bin/local-pull: Clarify docs, add more tests for corrupted local pulls lib/sysroot: A bit more new style porting lib/gpg: Use nicer helper for gpg error messages lib/gpg: Port a few misc gpg functions to new style tests/rofiles-fuse: Add tests for chmod/chown tree-wide: Use helpers for unlinkat() lib/commit: Update docs/code style for ostree_repo_scan_hardlinks() lib/pull: Only look for cookie files for non-local remotes lib/pull: A bit of new style porting lib/commit: Add some error prefixing for txn commit/tmpdir lib/sysroot: Use fd-relative acccess for bootversion cleanup tree-wide: Add error prefixing for most remaining syscalls lib/grub2: Port some to new code style lib: Add a private helper to abort txns, use in sysroot cleanup lib/syslinux: Port to new code style ci: Fixate CentOS container image until rpm-md repos sync lib/sysroot: Use direct g_mkdtemp() for overlay tmpdir build-sys: Add -Werror=switch lib/repo: Port tmpdir locking func to new style lib/checkout: Rename disjoint union, change to merge identical files tests: Port some bits of C to new style Release 2017.11 Dan Nicholson (4): repo: Fix non-system remotes-config-dir usage sysroot: Reload config after setting sysroot kind repo: Add add-remotes-config-dir option repo: Ensure new config doesn't set remotes in separate file Guy Shapiro (3): lib/sysroot: fix placement for not-default deployment uboot: move system uEnv merge to new function, clean up uboot: add non-default deployments to uEnv.txt Jonathan Lebon (12): tests: fix admin upgrade timestamp file check pull: better description for --mirror ostree-sysroot: convert function to new style ostree-sysroot: make simple_write_deployment smarter commit: filter out selinux label before commit bin/main: Print usage when no command given bin/config: Tweak parameter string tests/test-help.sh: Rework and strengthen checks bin/admin: Don't require root for instutil bin/static-delta: Convert to new style and tweak output bin/admin: Don't load sysroot for root commands bin/remote: don't load repo on root command Matthew Leeds (5): lib/repo-refs: Include remote refs when using collections lib/repo-refs: Fix typos in last commit tests: Make the deployment mutable in test-sysroot.js tests: Check "refs -c PREFIX" behavior lib/repo: Update outdated comment Philip Withnall (2): build: Add distcheck configure flags to fix systemd and bash-completion build: Ensure ostree-tmpfiles.conf is distributed Robert McQueen (3): lib/gpg: Add _FINGERPRINT_PRIMARY to OstreeGpgVerifyResult lib/gpg: Correct missing line prefix with bad signatures lib/gpg: Provide the public key to the duplicate check Ruixin (1): checkout: add an extra checkout_overwrite mode Simon McVittie (6): test-libarchive-import: Skip if extended attributes are unsupported test-pull-bareuser.sh: This test uses bare-user, hence needs xattrs libtest: Allow skipping single checks without user xattrs basic-test: Skip explicit uses of bare-user if no user xattrs test-basic-user-only: Skip final step if no user xattrs Remove shebang from bash completions Git-EVTag-v0-SHA512: 2b541ac9e19ad265e6b95bf04d2d3bb0efedf95e301709e0261ca74401b4fb3f8431d39c312527537cd3bb94c6870adb5c71b477a8684ac2b04807b50770bb9d -
-
v2017.1039567691 · ·
Release 2017.10 In this release, Philip set up Coverity scans, and we fixed all of the problems it found. I'm proud that we ended up with a notably lower than average defect density. None of the issues were critical; the only off-by-one array indexing for example was in a test case. Two new contributors showed up and submitted patches for the documentation - it's hard to describe how happy this makes me! `bash: Add bash completion` (Matthew Barnes) is a quite welcome change as well! There are a number of smaller features: `lib/repo: Add API to create and list ref aliases` We're planning to use this for Fedora Atomic Host to define a version-independent ref, while still offering per-major refs. `repo: Introduce ostree_repo_open_at() and ostree_repo_create_at()` is a notable new API, and finally completes our fd-relative porting for `OstreeRepo`. The semantics of these functions are nicer; it's now more convenient to unconditionally call `ostree_repo_create_at()` for example to ensure a repository exists, returning the opened result. `lib/sysroot: Add journal-msg signal` is a nice cleanup in that we finally stopped doing `printf()` in the library code for `OstreeSysroot`. If you maintain a client, you should start listening for this signal, like the demo command line does (if you want the text of course). In the "important bugfixes" category, `pull: mark commits from local cache as partial` fixes up the `--localcache-repos` logic, which is used in Fedora's Anaconda at least. Philip also contributed a number of bugfixes for the collections logic as well as cases of trying to download a missing summary file. Thanks to all contributors! Colin Walters (39): build-sys: Post-release version bump grub2: Handle aarch64 (at least on Fedora/RHEL) lib/pull: Journal fetch results docs/pull: Finish incomplete docs for pull@hash syntax tests: Add some return value checking to pacify Coverity bin/refs: Fix error handling logic tests/lzma: Use GRand over random() rofiles-fuse: Add missing error handling for fcntl() tests/lzma: Fix off-by-one in buffer size lib/commit: Rework a conditional set for clarity and Coverity lib/curl: Only check individual request errors lib/gpg: Switch to GLib autocleanups for gpgme types tree-wide: Use GLib autocleanups for libarchive lib/sysroot: Add prefixes to syncfs/fsync error messages lib/deploy: Add structured logging info for syncfs() times lib/repo: Add API to create and list ref aliases lib/pull: Log state of summary/commit GPG verification tests/libtest-core.sh: Add a comment that this copy is canonical tree-wide: Use g_autoptr(Ostree*) lib: Define and use an autoptr cleanup for gpgme_key_t tree-wide: Fix the build with old glib (Ubuntu Trusty etc.) lib/deltas: Squash Coverity warning for div-by-zero in delta show bin/pull: Fix @ override syntax when pulling multiple refs tree-wide: Remove trailing semicolon from autoptr declarations lib: Port gpg verification for remotes to fd-relative lib/deploy: Use a FIFREEZE/FITHAW cycle for /boot lib/sysroot-deploy: Port a kernel finding logic to new style lib/sysroot-deploy: Refactor kernel layout parsing lib/sysroot: Add journal-msg signal lib/deploy: Close test suite race condition repo: Introduce ostree_repo_open_at() and ostree_repo_create_at() Update libglnx build-sys: Move bash completions to /usr/share/ by default lib/deploy: Really close testing race condition lib/deploy: Ignore errors from FITHAW lib/sysroot: Port a few functions to new style docs/related-projects: Tweak client side snapshot text, add casync lib: Fix v2017.10 symbols to inherit from v2017.8 Release 2017.10 Guy Shapiro (2): Documentation: README: Remove deprecated wiki link Documentation: static delta default from Jonathan Lebon (5): man: document configured branches pull: mark commits from local cache as partial ostree-deployment.c: simplify equality check pull: mention libcurl in NOT_SUPPORTED pull path ot-main.c: fix signal callback signature Lisa St. John (1): Update introduction.md Matthew Barnes (2): bash: Add bash completion ostree: Add naggy comments to help keep options in sync Matthew Leeds (2): main: Fix subcommand usage output man: Update ostree-refs manpage Philip Withnall (12): lib/repo-pull: Fix counting of latest commits when finding repos lib/repo-finder: Avoid a potential unref-of-NULL crash lib/repo-pull: Add a missing precondition lib/repo-refs: Add ostree_repo_remote_list_collection_refs() API lib/repo-finder-avahi: Drop redundant conditional lib/repo-commit: Drop unreachable conditional branch lib/sepolicy: Drop duplicate assignment ostree/parse-datetime: Ensure tm structs are initialised lib/repo: Fix handling of missing summary files when downloading lib/repo-finder: Emit gpg-verify-summary=false in dynamic remote config lib/gpg-verify: Add an OstreeGpgError error domain lib/repo-finder-config: Add some more debug output Robert McQueen (2): gpg-verify-result: canonicalise key when looking up signatures gpg-verify-result: try to display the primary key ID from signatures Stef Walter (2): autogen.sh: Fix running out of tree man: The min-free-space-percent item goes in [core] section Git-EVTag-v0-SHA512: af9b85f48e6f3e2de6393ab5f458e6ef405c82a1f618b8fe3c2441fa149d629f9ab464907695a9c8eb82de413692ec1015421f0958315dffe514f23ce798db3d -
-
v2017.9fa3e07e5 · ·
Release 2017.9 A notable new feature in this release is that the pull machinery now interprets two new metadata keys: `ostree.ref-binding` and `ostree.collection-binding`. This allows closing a longstanding class of "sidegrade" attacks that Florian Weimer identified when performing a security audit of libostree years ago: <https://bugzilla.gnome.org/show_bug.cgi?id=724873> There was a more recent discussion on this topic on the list: <https://mail.gnome.org/archives/ostree-list/2017-May/msg00013.html> For the ostree-as-host case, this only matters if you offer multiple refs. For flatpak, it's more important as a MITM attacker could actually switch applications; that's why flatpak implemented this a while ago as `xa.ref`. I'll note here that it's recommended for content providers to make use of ostree's support for `tls-ca-path` to implement TLS CA pinning, which protects all metadata and content in a strong fashion; in this scenario the GPG signatures act as a secondary layer of defense and make offline verification easier (for e.g. mirroring). Otherwise, there's some performance enhancements for local pulls, and a variety of bugfixes. Thanks to all contributors! ``` Colin Walters (24): build-sys: Post-release version bump deploy: Port some functions to new style checkout: Don't set dir mtime to 0 when doing a force copy checkout tests: Run pull tests for bare/bare-user lib/pull: Avoid journaling 404s for optional content ci/papr: Update to F26 lib/pull: Do local content imports async too Add a notion of "physical" sysroot, use for remote writing bin/cookies: Drop libsoup code, fix fd-relative issues, new style lib/pull: Drop direct use of ->repodir Update libglnx, port various bits to new API core: Sanitize error text validating refs (e.g. against HTML) lib/repo: Auto-recreate repo/tmp if it's deleted ci/papr: Switch primary to libcurl, add libsoup context lib/commit: Fix EBADF with GENERATE_SIZES option for commit ci/papr: Add a suite to run introspection-based tests without ASAN lib: Add #defines for current well-known metadata keys tests: More fixes for gjs tests ci: Enable -Werror for clang build: Turn off default warnings if we find -Werror specified Update libglnx, port some uses to newer APIs lib/core: Add #defines for ref/collection binding ci: Enable libcurl by default on Fedora Release 2017.9 Emmanuele Bassi (1): Move the include directive to the enum template Krzesimir Nowak (4): ostree: Add collection and ref bindings to metadata on commit lib/pull: Pass the ref together with the request lib/pull: Collection and ref bindings verification tests: New tests for creating commits with bindings and pulling them Philip Withnall (4): lib/repo-commit: Fix types of content size cache entries lib/repo: Add OSTREE_REPO_METADATA_REF as a well-known metadata store build: Ensure all .sym files are distributed in tarballs build: Ensure all experimental tests are distributed in tarballs Ruixin (1): lib: Add #define for endoflife metadata key Simon McVittie (1): build: Don't distribute generated man pages ``` Git-EVTag-v0-SHA512: d5eff57f587038fcb29ee373db2ecae03908bb1fb0cbbad8d6f30fa8ec618c24b7312b03a4b958a8c10ce1450525382609f6726e837b77a7de8aa26c87a9cf67