Skip to content
Tags give the ability to mark specific points in history as being important
  • upstream/2017.13
    Upstream version 2017.13
  • v2017.13
    ae613210 · Release 2017.13 ·
    Release 2017.13
    A lot of across-the-board improvements here; the pure bugfixes are mostly in the
    experimental Avahi bits, hardening the `FIFREEZE` on `/boot` code, explicit
    errors when trying to commit non-UTF8 filenames, and finally a number of fixes
    around our use of `mmap`.
    One slight backwards-incompatible change (but I doubt it'll break anyone):
    `Disallow refs starting with a non-letter or digit`
    If this *does* affect you, please let us know ASAP.
    For improvements, first up, Alex changed the static delta
    code to avoid holding everything in memory; this is a substantial
    improvement for large deltas, and also for flatpak which uses
    deltas as a "bundle" format.
    A few notable changes:
    `commit: Add _CONSUME modifier flag`
    You probably want to use this by default for your build/package
    `core: Add standard SOURCE_TITLE metadata key`
    This one I think is conceptually quite interesting; for many people, their
    ostree commits are *derived* from something else that has its own versioning,
    and it's useful to show that explicitly. I encourage ostree-based build systems
    to consider rendering human-readable information about your builds into this
    standardized metadata key.
    On the command line side, Ruixin Bao for cleaning
    up the `--help` output significantly.
    And thanks to Simon McVittie for his regular fixups to the tests
    to ensure they keep running in Debian!
    Full shortlog below:
    Alexander Larsson (4):
          Add OtVariantBuilder
          static deltas: Use OtVariantBuilder to create deltas
          static-delta-compilation: Move some things around
          static deltas: Process each part as soon as its done
    Colin Walters (58):
          lib/commit: Add some gtk-doc and internal doc comments
          lib/sysroot: Add some more comments
          lib/pull: Fix regression with pull-local for nonexistent refs
          lib/syslinux: Port to fd-relative
          lib/uboot: Port to fd-relative
          lib/pull: Minor cleanup to metadata scanning function, add docs
          lib/core: Init struct stat buffer
          lib/sysroot: Fix pointer going out of scope in unlock code
          Deduplicate and fix up our use of mmap()
          lib/utils: Port a bit to decl-after-stmt style
          lib/pull: Change fetcher to return O_TMPFILE
          lib/util: Delete some unused functions
          lib/deltas: Move variant read helper into the deltas code
          commit: Add _CONSUME modifier flag
          lib: Add a lighter weight internal checksum wrapper
          lib/core: (refactor) Drop wrapper and unneeded args for variant writing
          lib/core: Port a few functions to decl-after-stmt
          lib/core: Use GBytes for file headers
          lib/commit: Make -path commit helper API private
          tree-wide: Update to new libglnx fd APIs
          lib/deploy: Use _exit() for FIFREEZE watchdog
          lib/deltas: Check cancellable during processing
          lib/pull: Drop duplicate/different error for GPG but no detached meta
          lib/pull: Also do commit GPG verification before writing
          tests/basic: Add missing ${COMMIT_ARGS} for bare-user-only
          lib/commit: Implement "adoption" with CONSUME flag
          lib: Use a common helper function to compare checksums
          lib/sysroot: Fix error handling when mounting overlayfs fails
          tests: Add test-pull-bareuseronly
          lib/deltas: Use fastpath for regfile writes for bare-user-only
          lib/deltas: Use pread() instead of lseek()+read()
          lib/commit: Avoid trying to delete `.` with _CONSUME flag
          lib/commit: Fix indentation in file commit code
          lib/commit: Use direct fd xattr operations again on regular files
          syntax-check: Add a rule to enforce glnx_autofd over glnx_fd_close
          lib/pull: Update summary checksum code to use new checksum API
          lib/repo: Update summary code to use newer hashing API
          lib/commit: (refactor) Clean up delta bare write API
          Disallow refs starting with a non-letter or digit
          lib/checkout: For "process whiteouts" mode, replace directories too
          repo: Add wrapper function for setting devino cache on checkout opts
          docs/related-projects: Add Google Usenix link
          bin/status: Port to new style
          bin/status: Inline metadata parsing for versions
          core: Add standard SOURCE_TITLE metadata key
          lib/commit: Fix hardlink checkout commit with bare-user + mod xattrs
          ci: Update centos container to current again
          tree-wide: Use autoptr for OstreeKernelArgs
          lib/repo: Fix loading commitstate with parent repos
          lib/deltas: Fix change to use pread() in write opcode
          lib: Minor static delta fixes
          lib/pull: When --require-static-deltas, use them even for file:/// repos
          lib/pull: Delete unused "exampleos" code
          bin/delta-compilation: Add a "progress bar" for bsdiff generation
          deltas: Add an if0'd bit to print bsdiff objects
          tests: Add a "pull-test2" that uses slightly more realistic content
          Update libglnx
          Release 2017.13
    Dan Nicholson (4):
          lib/deploy: Ignore FIFREEZE/FITHAW errors when already in state
          build: Fix bsdiff Makefile circular dependency
          build: Do * substitutions from make correctly
          lib/repo: Properly handle NULL homedir when signing commit
    Jonathan Lebon (12):
          build-sys: Post-release version bump
          app/main: use HAVE_LIBCURL_OR_LIBSOUP for pull CLI
          ci: really turn on warnings
          tree: fix compiler warnings
          lib/commit: minor coverity fix
          libotutil/checksum-utils: fix openssl compilation
          ci: compile f26/c7-primary with libcurl/openssl
          tests: drop unused variable
          ostree/checksum: port to new decl style
          lib/core: add ostree_checksum_file_at API
          lib/checkout: fallback to checksum for UNION_IDENTICAL
          lib/commit: fix checking flag with bitwise OR
    Marcus Folkesson (1):
          docs: mention the $OSTREE_REPO environment variable
    Matthew Leeds (2):
          lib/gpg: Print debug info when reading GPG keys
          lib/utils: Check for invalid UTF-8 in filenames
    Philip Withnall (10):
          lib/bloom: Add some missing preconditions on n_bytes
          lib/repo-commit: Import detached metadata even if hardlink exists
          docs: Clarify %NULL argument to ostree_sysroot_new()
          lib/repo: Clarify that ostree_repo_remote_fetch_summary() doesn’t verify
          lib/repo-finder-avahi: Fix a leak in a GVariantIter loop
          lib/repo-finder: Add OstreeRepoFinderOverride
          lib/sysroot: Expand docs for ostree_sysroot_get_repo()
          lib/repo-finder-avahi: Fix memory corruption of a GVariantIter
          lib/repo-finder-mount: Fix propagating NULL errors
          lib/repo-finder-mount: Ignore mounts which have a ‘system’ file system
    Ruixin Bao (3):
          ostree: Describe subcommands in help output
          ostree: move flags into command struct, pass down through builtins
          ostree: provide command description in a better place
    Shaun Taheri (1):
          static deltas: Set optional flag for superblock
    Simon McVittie (3):
          Cope with xattr syscalls raising EOPNOTSUPP
          Make sure * are up to date before `make dist`
          ostree-system-generator: Include <libglnx.h> for autocleanups
    Git-EVTag-v0-SHA512: ccfdad2f0fb324404c1d8886fb415dbf6447ea369ffbd7047c687e167461234c569c3492e7700d975ee92ca8e8951d6eb90e6c52b231e3e23db72a5ed724486e
  • debian/2017.12-2_bpo9+1
    ostree Debian release 2017.12-2~bpo9+1
  • debian/2017.12-1_bpo9+1
    ostree Debian release 2017.12-1~bpo9+1
  • debian/2017.12-2
    83e5da34 · 2017.12-2 ·
    ostree Debian release 2017.12-2
  • debian/2017.12-1
    f5517cfa · 2017.12-1 ·
    ostree Debian release 2017.12-1
  • upstream/2017.12
    Upstream version 2017.12
  • v2017.12
    64f3257d · Release 2017.12 ·
    Release 2017.12
    Quite a lot in this release.  First, on the notable bugfix side,
    we fixed an issue where background threads could remain alive
    after an error was encountered during pulls.  Particularly
    for projects like flatpak that do multiple pulls in process, this
    is an important fix.
    Another important change related to pulls is that libostree now
    performs checksums when mirroring again.
    The intent here was to speed up mirroring, but it led to a confusing security
    story.  Now it's easier to explain: for HTTP pulls we verify checksums
    (and this can be disabled), for local filesystem pulls we don't,
    (but it can be enabled).  We've always verified checksums by
    default when pulling from an `archive` repository into a non-archive.
    Anton Gerasimov contributed a change to the libcurl backend
    to support `PKCS#11` URIs, useful for storing certificates in a
    hardware or software enclave.
    The schema for the experimental OstreeRepoFinderMount API to find OSTree
    repos on removable media has changed incompatibly, so that the media doesn’t
    need to contain two similar lists of refs. It will now look in .ostree/repos.d,
    .ostree/repo, ostree/repo and var/lib/flatpak paths on removable media.
    Similarly, the experimental ostree_repo_resolve_keyring_for_collection() API
    has changed to return an OstreeRemote containing the keyring, rather than just
    the keyring, making it more generally useful.
    The bloom filter used when finding refs from remote peers has been fixed to
    work correctly on 32-bit architectures (such as ARM). This doesn’t change the
    bloom filter format, but will require bloom filters created on 32-bit
    architectures to be regenerated in order for advertisements from those machines
    to work.
    Repositories which have a collection ID set will now put their repository
    metadata in an ostree-metadata ref when `ostree summary --update` is run, in
    addition to putting it in the summary file. This is part of a plan to securely
    allow unsigned summary files for peer-to-peer pulling of refs. This won’t
    happen for repositories which don’t have a collection ID set, or if
    --enable-experimental-api is not configured.
    A new `ostree create-usb` command has been added (if configured with
    --enable-experimental-api) which can be used to put refs from repositories onto
    removable media in a format which can be detected by OstreeRepoFinderMount.
    For example, to allow easy sharing of flatpaks or OS updates between offline
    OstreeRepo has gained hash() and equal() methods, so it can now easily be used
    in a hash table based on its device number and inode, rather than using its
    A minor bug was fixed in rofiles-fuse, which would cause files to be
    created with random mode bits if called for `O_RDONLY`.
    For clients that use `OstreeRepoDevInoCache`, a bug was fixed which
    caused libostree to ignore callbacks that allow modifying file modes,
    ownership, and extended attributes.
    libostree now supports `--with-crypto=gnutls`.  Like the OpenSSL
    support, this is currently just checksums, but Jussi Laako
    is driving this towards making the GPG
    dependency optional and supporting other signature methods.
    In previous releases, libostree learned how to make hardlinks
    for local pulls.  But if we couldn't hardlink (e.g. the devices
    were separate), the local pull code went through a much slower
    generic path that included re-checksumming
    objects.  Now there's a copy/reflink fast path that uses
    `FICLONE`/`copy_file_range()` directly if possible.  This can be
    substantially faster.
    `ostree prune` learned a new `--only-branch` option.  This
    can be a lot more convenient for release engineering tasks.
    As usual, more work was done to improve the testsuite. It should
    now be able to better detect `tmpfs`/`overlayfs` environments. The
    upstream CI now also runs tests in a non-overlayfs environment
    for better coverage.
    Anton Gerasimov (1):
          Add support for pkcs11 URIs in TLS client key/certificate
    Colin Walters (38):
          lib/repo: Port gpg signing function to new code style
          lib/checkout: Do UNION_FILES via atomic renameat()
          lib/pull: Drop partial fetch code from libsoup backend
          Update libglnx
          tests/prune: Factor out a helper for counting commits in the repo
          bin/prune: Add --only-branch
          ci: Use distro-sync instead of upgrade
          tree-wide: Some glnx_fstatat_allow_noent() porting
          lib/repo: Minor cleanup to object import function
          lib/pull: Wait for pending ops to complete on error
          tests/libtest: Factor out user xattr detection
          lib/repo: Don't syncfs or fsync() dirs if fsync opt is disabled
          lib/repo: Move alloca() outside of loop
          lib/checkout: Squash a gcc maybe-uninitialized warning
          tree-wide: Squash a few warnings when building with no features
          lib: Move bareuseronly verification into commit/core
          lib/commit: Don't try to call linkat() for import on distinct devices
          ci: Add an "all options disabled" context
          lib/repo: Use correct name for tmpdir lockfile
          tree-wide: Remove Emacs modelines
          lib/core: Add static assertions for OstreeRepoMode enum values
          lib: Define an alias OSTREE_REPO_MODE_ARCHIVE
          lib/commit: Some misc porting to decl-after-stmnt
          lib/commit: Add a copy fastpath for imports
          bin/pull: Fix description of --untrusted
          lib/pull: Minor refactoring of metadata scanning function
          lib/pull: Refactor to use OstreeRepoImportFlags internally
          lib/pull: Default checksum for archive mirror, add TRUSTED_HTTP flag
          tests,ci: Move "test-basic" (bare mode) to installed test
          lib/pull: Add status for imported objects
          ci: Record primary context results using g-d-t-r --log-directory
          lib/diff: Add compile-time ABI check on 64 bit arches
          tests/commit-sign: Update a bit to more modern style
          lib/pull: Don't request deltas for unchanged commits
          tree-wide: Bump libglnx, port to new lockfile init
          tests: Add 404 tests for dirtree objects too
          libarchive: Fix assertion error if used with CANONICAL_PERMISSIONS
          Release 2017.12
    Jonathan Lebon (11):
          build-sys: Post-release version bump
          rofiles-fuse: also pass mode for O_RDONLY
          tests: allow specifying tmpdir
          tests/libtest: check that we have setfattr
          Add a .vimrc and .editorconfig
          lib/commit: add comments to explain dir commit path
          lib/commit: fix using uninitialized var
          tests/ always nuke repo and files
          lib/commit: don't query devino cache for modified files
          tests: check for relabeling rather than overlay
          tests/installed: also run test-basic-c
    Jussi Laako (1):
          Add --with-crypto=gnutls
    Matthew Leeds (1):
          lib/pull: Clarify use of unsigned summary support
    Philip Withnall (21):
          lib/repo: Add ostree_repo_equal() for comparing repos
          lib/repo-finder-mount: Change the schema for finding repos on volumes
          lib/repo: Drop outdated FIXME comment from ostree-repo.h
          lib/repo: Add ostree_repo_hash() and tests
          lib/repo-finder-mount: Add var/lib/flatpak as a well-known directory
          src/pull: Support local pulls for collection–refs
          create-usb: Add a create-usb command to complement OstreeRepoFinderMount
          lib/repo-refs: Add first version of ostree_repo_resolve_collection_ref()
          lib/repo-pull: Use resolve() instead of list() in fetch_ref_contents()
          lib/repo-pull: Fix a potential minor leak
          lib/repo: Change resolve_keyring_for_collection() to return a remote
          lib/remote: Store name of remote providing keyring for dynamic remotes
          lib/repo-pull: Fix remote names in refspecs from non-mirror P2P pulls
          tests: Add a manual integration test for OstreeRepoFinderMount
          tests: Update some tests to use OSTREE_REPO_MODE_ARCHIVE not ARCHIVE_Z2
          tests/repo: Drop modeline from top of file
          lib/bloom: Fix bloom hashing on 32-bit architectures
          lib/bloom: Fix a -Wconversion warning in OstreeBloom
          man: Fix a copypasta error in ostree-summary.xml
          ostree/summary: Eliminate redundant gotos from error handling path
          ostree/summary: Generate an ostree-metadata ref when updating summary
    Simon McVittie (4):
          tests: Fix JavaScript tests with gjs 1.50.0
 Skip trivial-httpd if enabled
          tests: Explicitly unset LANGUAGE after setting LC_ALL
          tests: Reset umask to 022 while creating test repository
    yceh (1):
          bin/commit: Fix build failure when libarchive is not used
    Git-EVTag-v0-SHA512: bfa0b7eceb4e4ac915d7ed0a352fa778e47d2ac2bac75fd895ede1f5bcbb65c44848505eb785bac45d57c5574f0ac1d3accb6c323617582cb25c55bc229a3294
  • debian/2017.11-2_bpo9+1
    ostree Debian release 2017.11-2~bpo9+1
  • debian/2017.11-2
    102f05fc · 2017.11-2 ·
    ostree Debian release 2017.11-2
  • debian/2017.10-1_bpo9+1
    ostree Debian release 2017.10-1~bpo9+1
  • debian/2017.11-1
    cf3a5757 · 2017.11-1 ·
    ostree Debian release 2017.11-1
  • upstream/2017.11
    Upstream version 2017.11
  • v2017.11
    6c0738a0 · Release 2017.11 ·
    Release 2017.11
    This release has a few new features, some UX improvements for the command
    line, and a variety of bugfixes.
    First off though is this commit: `docs/build: s/libOSTree/libostree/`.
    The project is now more canonically called "libostree", though "OSTree"
    and "ostree" are also fine.
    The most important bugfix for anyone using `rofiles-fuse` (typically
    build systems, rpm-ostree also uses it) is:
    Alexander Larsson (1):
          rofiles-fuse: Fix lchown() and hardlink verification for symlinks
    On the features side, we've added a few new APIs to the libarchive
    importing and checkout path that will be used by rpm-ostree.  This
    should be of interest to anyone using libostree for build systems
    or underlying a hybrid image/package system like rpm-ostree.  For
    example rpm-ostree automatically converts RPMs that have content
    in /boot:
    using the new libarchive filtering that landed here in libostree.
    This is because ostree doesn't support updating anything in /boot
    *besides* the bootloader configuration.
    Another good example of a package system integration change is the
    the RPM semantic of merging identical files.  Thanks to
    Ruixin Bao!
    Also on the host system side, there is a new (canonical) place
    for build systems to put the kernel/initramfs: /usr/lib/modules/$kver.
    This change matches the current Fedora kernel RPM, and was originally
    inspired by changes coming from the systemd camp.  More information:
    Guy Shapiro contributed a change to have all of the deployments
    show up in the uboot configuration, to help enable automatic fallback
    if a new OS fails to boot.
    Colin Walters did a lot of style cleanups, some "error prefixing"
    work to ensure we produce understandable errors in more situations,
    and one other notable cleanup:
        boot: Add a tmpfiles.d snippet to clean up /var/tmp/ostree-ovl.XXX
    This should be nice for anyone who uses `ostree admin unlock` frequently.
    Dan Nicholson has been doing a lot of work on improving libostree's
    management of configuration for remotes:
    Jonathan Lebon did a lot of cleanup in the command line parsing
    and fixes for --help, and also helped with the new --selinux-label
    option for `ostree commit`.  (And also did tons and tons of code review!)
    Robert McQueen has been continuing work on fixing up libostree's handling of
    GPG keys that have subkeys - there's now:
    lib/gpg: Add _FINGERPRINT_PRIMARY to OstreeGpgVerifyResult
    which effectively reverts an earlier change to make the primary key
    show up as the main fingerprint.
    Philip Withnall and Simon McVittie contributed build system and test
    $ git shortlog v2017.10..6c0738a000800856d09774d50d16d84c1b537a7b
    Alexander Larsson (1):
          rofiles-fuse: Fix lchown() and hardlink verification for symlinks
    Colin Walters (46):
          build-sys: Post-release version bump
          boot: Add a tmpfiles.d snippet to clean up /var/tmp/ostree-ovl.XXX
          bin: Squash some -Wuninit warnings with porting to new style
          lib/sysroot: Support /usr/lib/modules/$kver for kernel/initramfs
          docs/build: s/libOSTree/libostree/
          lib/deploy: Add .img to end of initramfs in /usr/lib/modules
          lib/pull: Add support for timestamp-check option, use in upgrader
          lib/commit: Remove duplicated function for filter processing
          lib/commit: Honor commit filter for libarchive --tar-autocreate-parents
          build/ Comment out setting of LC_ALL
          bin/main: Remove duplicated usage output on unknown commands
          lib/repo: Add some assertions for ABI sizes
          bin/commit: Add --selinux-policy option
          libarchive: Add support for translating paths during commit
          tree-wide: Replace archive-z2 with archive
          bin/prune: Port to new style
          bin/admin: Port switch,upgrade to new style
          bin/admin: Check for booted deployment to see if we should reboot
          bin/admin: Change init-fs to stop loading a sysroot to init one
          bin/admin: Do sysroot loading during argument parsing
          bin/admin: Check for booted sysroot for root-required commands
          ci: Hackaround Fedora rpm/libdb/glibc issue
          lib/repo: Add apidoc for repo properties
          lib/repo: Add error prefixing during hardlink object import
          bin/local-pull: Clarify docs, add more tests for corrupted local pulls
          lib/sysroot: A bit more new style porting
          lib/gpg: Use nicer helper for gpg error messages
          lib/gpg: Port a few misc gpg functions to new style
          tests/rofiles-fuse: Add tests for chmod/chown
          tree-wide: Use helpers for unlinkat()
          lib/commit: Update docs/code style for ostree_repo_scan_hardlinks()
          lib/pull: Only look for cookie files for non-local remotes
          lib/pull: A bit of new style porting
          lib/commit: Add some error prefixing for txn commit/tmpdir
          lib/sysroot: Use fd-relative acccess for bootversion cleanup
          tree-wide: Add error prefixing for most remaining syscalls
          lib/grub2: Port some to new code style
          lib: Add a private helper to abort txns, use in sysroot cleanup
          lib/syslinux: Port to new code style
          ci: Fixate CentOS container image until rpm-md repos sync
          lib/sysroot: Use direct g_mkdtemp() for overlay tmpdir
          build-sys: Add -Werror=switch
          lib/repo: Port tmpdir locking func to new style
          lib/checkout: Rename disjoint union, change to merge identical files
          tests: Port some bits of C to new style
          Release 2017.11
    Dan Nicholson (4):
          repo: Fix non-system remotes-config-dir usage
          sysroot: Reload config after setting sysroot kind
          repo: Add add-remotes-config-dir option
          repo: Ensure new config doesn't set remotes in separate file
    Guy Shapiro (3):
          lib/sysroot: fix placement for not-default deployment
          uboot: move system uEnv merge to new function, clean up
          uboot: add non-default deployments to uEnv.txt
    Jonathan Lebon (12):
          tests: fix admin upgrade timestamp file check
          pull: better description for --mirror
          ostree-sysroot: convert function to new style
          ostree-sysroot: make simple_write_deployment smarter
          commit: filter out selinux label before commit
          bin/main: Print usage when no command given
          bin/config: Tweak parameter string
          tests/ Rework and strengthen checks
          bin/admin: Don't require root for instutil
          bin/static-delta: Convert to new style and tweak output
          bin/admin: Don't load sysroot for root commands
          bin/remote: don't load repo on root command
    Matthew Leeds (5):
          lib/repo-refs: Include remote refs when using collections
          lib/repo-refs: Fix typos in last commit
          tests: Make the deployment mutable in test-sysroot.js
          tests: Check "refs -c PREFIX" behavior
          lib/repo: Update outdated comment
    Philip Withnall (2):
          build: Add distcheck configure flags to fix systemd and bash-completion
          build: Ensure ostree-tmpfiles.conf is distributed
    Robert McQueen (3):
          lib/gpg: Add _FINGERPRINT_PRIMARY to OstreeGpgVerifyResult
          lib/gpg: Correct missing line prefix with bad signatures
          lib/gpg: Provide the public key to the duplicate check
    Ruixin (1):
          checkout: add an extra checkout_overwrite mode
    Simon McVittie (6):
          test-libarchive-import: Skip if extended attributes are unsupported
 This test uses bare-user, hence needs xattrs
          libtest: Allow skipping single checks without user xattrs
          basic-test: Skip explicit uses of bare-user if no user xattrs
          test-basic-user-only: Skip final step if no user xattrs
          Remove shebang from bash completions
    Git-EVTag-v0-SHA512: 2b541ac9e19ad265e6b95bf04d2d3bb0efedf95e301709e0261ca74401b4fb3f8431d39c312527537cd3bb94c6870adb5c71b477a8684ac2b04807b50770bb9d
  • debian/2017.10-1
    9ba46cff · 2017.10-1 ·
    ostree Debian release 2017.10-1
  • upstream/2017.10
    Upstream version 2017.10
  • v2017.10
    39567691 · Release 2017.10 ·
    Release 2017.10
    In this release, Philip set up Coverity scans, and we fixed
    all of the problems it found.  I'm proud that we ended up
    with a notably lower than average defect density.  None of
    the issues were critical; the only off-by-one array indexing
    for example was in a test case.
    Two new contributors showed up and submitted patches for
    the documentation - it's hard to describe how happy this makes me!
    `bash: Add bash completion` (Matthew Barnes)
    is a quite welcome change as well!
    There are a number of smaller features:
    `lib/repo: Add API to create and list ref aliases`
    We're planning to use this for Fedora Atomic Host to
    define a version-independent ref, while still offering
    per-major refs.
    `repo: Introduce ostree_repo_open_at() and ostree_repo_create_at()` is
    a notable new API, and finally completes our fd-relative porting for
    `OstreeRepo`.  The semantics of these functions are nicer; it's now
    more convenient to unconditionally call `ostree_repo_create_at()` for
    example to ensure a repository exists, returning the opened result.
    `lib/sysroot: Add journal-msg signal` is a nice cleanup in that we finally
    stopped doing `printf()` in the library code for `OstreeSysroot`. If you
    maintain a client, you should start listening for this signal, like the demo
    command line does (if you want the text of course).
    In the "important bugfixes" category,
    `pull: mark commits from local cache as partial`
    fixes up the `--localcache-repos` logic, which is used in
    Fedora's Anaconda at least.
    Philip also contributed a number of bugfixes for the collections
    logic as well as cases of trying to download a missing summary file.
    Thanks to all contributors!
    Colin Walters (39):
          build-sys: Post-release version bump
          grub2: Handle aarch64 (at least on Fedora/RHEL)
          lib/pull: Journal fetch results
          docs/pull: Finish incomplete docs for pull@hash syntax
          tests: Add some return value checking to pacify Coverity
          bin/refs: Fix error handling logic
          tests/lzma: Use GRand over random()
          rofiles-fuse: Add missing error handling for fcntl()
          tests/lzma: Fix off-by-one in buffer size
          lib/commit: Rework a conditional set for clarity and Coverity
          lib/curl: Only check individual request errors
          lib/gpg: Switch to GLib autocleanups for gpgme types
          tree-wide: Use GLib autocleanups for libarchive
          lib/sysroot: Add prefixes to syncfs/fsync error messages
          lib/deploy: Add structured logging info for syncfs() times
          lib/repo: Add API to create and list ref aliases
          lib/pull: Log state of summary/commit GPG verification
          tests/ Add a comment that this copy is canonical
          tree-wide: Use g_autoptr(Ostree*)
          lib: Define and use an autoptr cleanup for gpgme_key_t
          tree-wide: Fix the build with old glib (Ubuntu Trusty etc.)
          lib/deltas: Squash Coverity warning for div-by-zero in delta show
          bin/pull: Fix @ override syntax when pulling multiple refs
          tree-wide: Remove trailing semicolon from autoptr declarations
          lib: Port gpg verification for remotes to fd-relative
          lib/deploy: Use a FIFREEZE/FITHAW cycle for /boot
          lib/sysroot-deploy: Port a kernel finding logic to new style
          lib/sysroot-deploy: Refactor kernel layout parsing
          lib/sysroot: Add journal-msg signal
          lib/deploy: Close test suite race condition
          repo: Introduce ostree_repo_open_at() and ostree_repo_create_at()
          Update libglnx
          build-sys: Move bash completions to /usr/share/ by default
          lib/deploy: Really close testing race condition
          lib/deploy: Ignore errors from FITHAW
          lib/sysroot: Port a few functions to new style
          docs/related-projects: Tweak client side snapshot text, add casync
          lib: Fix v2017.10 symbols to inherit from v2017.8
          Release 2017.10
    Guy Shapiro (2):
          Documentation: README: Remove deprecated wiki link
          Documentation: static delta default from
    Jonathan Lebon (5):
          man: document configured branches
          pull: mark commits from local cache as partial
          ostree-deployment.c: simplify equality check
          pull: mention libcurl in NOT_SUPPORTED pull path
          ot-main.c: fix signal callback signature
    Lisa St. John (1):
    Matthew Barnes (2):
          bash: Add bash completion
          ostree: Add naggy comments to help keep options in sync
    Matthew Leeds (2):
          main: Fix subcommand usage output
          man: Update ostree-refs manpage
    Philip Withnall (12):
          lib/repo-pull: Fix counting of latest commits when finding repos
          lib/repo-finder: Avoid a potential unref-of-NULL crash
          lib/repo-pull: Add a missing precondition
          lib/repo-refs: Add ostree_repo_remote_list_collection_refs() API
          lib/repo-finder-avahi: Drop redundant conditional
          lib/repo-commit: Drop unreachable conditional branch
          lib/sepolicy: Drop duplicate assignment
          ostree/parse-datetime: Ensure tm structs are initialised
          lib/repo: Fix handling of missing summary files when downloading
          lib/repo-finder: Emit gpg-verify-summary=false in dynamic remote config
          lib/gpg-verify: Add an OstreeGpgError error domain
          lib/repo-finder-config: Add some more debug output
    Robert McQueen (2):
          gpg-verify-result: canonicalise key when looking up signatures
          gpg-verify-result: try to display the primary key ID from signatures
    Stef Walter (2):
 Fix running out of tree
          man: The min-free-space-percent item goes in [core] section
    Git-EVTag-v0-SHA512: af9b85f48e6f3e2de6393ab5f458e6ef405c82a1f618b8fe3c2441fa149d629f9ab464907695a9c8eb82de413692ec1015421f0958315dffe514f23ce798db3d
  • debian/2017.9-1
    a4065292 · 2017.9-1 ·
    ostree Debian release 2017.9-1
  • upstream/2017.9
    Upstream version 2017.9
  • v2017.9
    fa3e07e5 · Release 2017.9 ·
    Release 2017.9
    A notable new feature in this release is that the pull machinery now interprets
    two new metadata keys: `ostree.ref-binding` and `ostree.collection-binding`.
    This allows closing a longstanding class of "sidegrade" attacks that Florian
    Weimer identified when performing a security audit of libostree years ago:
    There was a more recent discussion on this topic on the list:
    For the ostree-as-host case, this only matters if you offer multiple refs. For
    flatpak, it's more important as a MITM attacker could actually switch applications;
    that's why flatpak implemented this a while ago as `xa.ref`.
    I'll note here that it's recommended for content providers to make use of
    ostree's support for `tls-ca-path` to implement TLS CA pinning, which protects
    all metadata and content in a strong fashion; in this scenario the GPG
    signatures act as a secondary layer of defense and make offline verification
    easier (for e.g. mirroring).
    Otherwise, there's some performance enhancements for local pulls, and a variety
    of bugfixes.
    Thanks to all contributors!
    Colin Walters (24):
          build-sys: Post-release version bump
          deploy: Port some functions to new style
          checkout: Don't set dir mtime to 0 when doing a force copy checkout
          tests: Run pull tests for bare/bare-user
          lib/pull: Avoid journaling 404s for optional content
          ci/papr: Update to F26
          lib/pull: Do local content imports async too
          Add a notion of "physical" sysroot, use for remote writing
          bin/cookies: Drop libsoup code, fix fd-relative issues, new style
          lib/pull: Drop direct use of ->repodir
          Update libglnx, port various bits to new API
          core: Sanitize error text validating refs (e.g. against HTML)
          lib/repo: Auto-recreate repo/tmp if it's deleted
          ci/papr: Switch primary to libcurl, add libsoup context
          lib/commit: Fix EBADF with GENERATE_SIZES option for commit
          ci/papr: Add a suite to run introspection-based tests without ASAN
          lib: Add #defines for current well-known metadata keys
          tests: More fixes for gjs tests
          ci: Enable -Werror for clang
          build: Turn off default warnings if we find -Werror specified
          Update libglnx, port some uses to newer APIs
          lib/core: Add #defines for ref/collection binding
          ci: Enable libcurl by default on Fedora
          Release 2017.9
    Emmanuele Bassi (1):
          Move the include directive to the enum template
    Krzesimir Nowak (4):
          ostree: Add collection and ref bindings to metadata on commit
          lib/pull: Pass the ref together with the request
          lib/pull: Collection and ref bindings verification
          tests: New tests for creating commits with bindings and pulling them
    Philip Withnall (4):
          lib/repo-commit: Fix types of content size cache entries
          lib/repo: Add OSTREE_REPO_METADATA_REF as a well-known metadata store
          build: Ensure all .sym files are distributed in tarballs
          build: Ensure all experimental tests are distributed in tarballs
    Ruixin (1):
          lib: Add #define for endoflife metadata key
    Simon McVittie (1):
          build: Don't distribute generated man pages
    Git-EVTag-v0-SHA512: d5eff57f587038fcb29ee373db2ecae03908bb1fb0cbbad8d6f30fa8ec618c24b7312b03a4b958a8c10ce1450525382609f6726e837b77a7de8aa26c87a9cf67