-
-
-
v2017.8
Release 2017.8 This is a quicker release closely following 2017.7, but it still includes a number of changes. First, a lot of work is landing from Phillip/Krzesimir for doing "collections" and pulling content from Avahi/USB drives etc. That work is still underneath `--enable-experimental-api`, but look for more from that soon! Other notable user-visible feature PRs from this cycle are: `lib/repo: Add min-free-space-percent option, default 3%`: <https://github.com/ostreedev/ostree/pull/987> `Add "pull --localcache-repo"`: <https://github.com/ostreedev/ostree/pull/982> An important bugfix for `bare-user` repo mode owners is: `lib/commit: Ensure bare-user objects are always user-readable`: <https://github.com/ostreedev/ostree/pull/989> Besides that we have a lot of code cleanup, CI work, etc. Thanks to all contributors! ``` Colin Walters (44): main: DevelBuild=yes to `ostree --version` for devel builds build-sys: Post-release version bump repo: Squash a gcc `-Wmaybe-uninitialized` warning ci: Enable -Werror=maybe-uninitialized lib/core: Avoid NULL deref in content_file_parse() if out variable unset lib/repo: Split archive/bare file parsing lib/repo: More cleanup of load_file() internals lib/deltas: Port to more to new code style cmd/fsck: Port to new style tests: add a syntax-check rule for glnx_prefix_error() lib/commit: Clean up commit file type handling variables lib: Hoist unlinkat() cleanup API to fsutil, use in pull lib: Use OtTmpFile for static delta processing lib/commit: Fix fallocate size for bare-user symlinks lib/ref: Suppress more collection ref methods from introspection ci: Make introspection warnings fatal lib/deltas: Some style porting build: Don't scan ostree-remote.h for introspection if !experimental-api pull: Check free space when pulling deltas ci: Actually run installed tests again Port to GLnxTmpfile tree-wide: Misc porting to newer libglnx APIs libutil: Add a helper for O_TMPFILE + mmap() lib/commit: Refactor non-failable size indexing function lib/deltas: More porting to new code style lib/repo: Port bareuser-conversion stat to bare load lib/pull: Some small style porting tests: Fix assert_files_hardlinked lib/pull: Don't fetch detached metadata twice for local pulls tree-wide: Replace various uses of `archive-z2` → `archive` cmdline/pull: Print final status even if noninteractive lib: Add a helper to convert struct stat → GFileInfo lib/commit: Port a few minor functions to new style lib/pull: Move check for requested content earlier Add "pull --localcache-repo" lib/commit: Fix a tmpfile fd leak in static delta processing bin/commit: Port helper functions to new style bin/commit: Add '=' to --statoverride lib/commit: Ensure bare-user objects are always user-readable lib/commit: Use provided length when doing writes lib/repo: Add min-free-space-percent option, default 3% pull: Cleanly error when doing local pulls of remote-prefixed refs lib/repo: Immediately error creating bare-user repo on tmpfs Release 2017.8 Jonathan Lebon (6): ci: add ci-release-build.sh papr: build and test on c7 test-switchroot.sh: skip if no busybox codebase: start using GLNX_HASH_TABLE_FOREACH macros ci: unconditionally turn on -Werror pull: fix GLNX_HASH_TABLE_FOREACH_KV regressions Philip Withnall (31): build: Add ‘devel’ or ‘release’ to OSTREE_FEATURES for test-symbols.sh lib/core: Add ostree_validate_remote_name() for remote names lib/core: Fix ‘Since’ line for ostree_validate_remote_name() lib/sym: Fix symbol versions for 2017.7 experimental symbols lib/remote: Fix ‘Since’ line for OstreeRemote lib/repo: Split out ref handling from regenerate_summary() lib/ref: Add OstreeCollectionRef type for globally unique refs lib/repo: Add collection ID support to OstreeRepo lib/refs: Add methods for setting/listing collection–refs lib/pull: Add collection support to ostree_repo_pull_with_options() lib/repo-finder: Add basic support for finding remote URIs by ref name lib/repo-finder: Add config-file based OstreeRepoFinder implementation lib/repo-finder: Add mount based OstreeRepoFinder implementation lib/bloom: Add an internal bloom filter implementation lib/repo-finder: Add Avahi based OstreeRepoFinder implementation find-remotes: Add a find-remotes built-in command find-remotes: Add pull support to the find-remotes built-in command init: Add a --collection-id argument to the built-in init command remote-add: Add a --collection-id argument to the built-in add command refs: Add a --collections argument to the built-in refs command ostree/dump: Include collection IDs and mirrored refs in summary dumps ostree/builtins: Add support for collection–refs to a few utilities tests: Add integration tests for collections lib/refs: Add runtime error checking for collection ID validity lib/repo: Fix a typo in a documentation comment tests: Fix incorrect `summary --update` usage in test-local-pull.sh ostree/summary: Add support for adding additional metadata lib/pull: Don’t cache summary file until its signature is verified lib/pull: Check whether summary is in normal form when loading it lib/pull: Use ostree_repo_verify_summary() to verify summary on pull lib/repo: Fix repo-finder deleting remote configs when run Simon McVittie (1): build: Always include ostree-trivial-httpd.xml in tarballs ``` Git-EVTag-v0-SHA512: e1c420d6528a51dc5daacaec241c6ffaa66be4ba8e07d61bad74086e6add9418a036f26f571e13ea90db482ff2985608c97faa3eb951216a0411cf062de8a4cc
-
debian/2016.15-5_bpo8+1
ostree Debian release 2016.15-5~bpo8+1
-
-
-
v2017.7
Release 2017.7 The most notable thing for this release is that for flatpak users/distributors, this release adds a lot of (opt-in) hardening against setuid or world-writable files. These issues are also (to a lesser degree) applicable to ostree-based build systems which use the `bare-user` repository mode. A pending flatpak version will require this version of libostree. More information in: https://github.com/flatpak/flatpak/issues/845 For ostree-as-host, we fixed a major regression in SELinux labeling for `/etc` (only applies to SELinux-using host systems). Known issue: `test-symbols.sh` will fail when building from the tarball (as opposed to a git clone). Pending fix: https://github.com/ostreedev/ostree/pull/944 Besides that, there's various smaller cleanups and fixes. It's great to see contributors from a variety of organizations; having libostree be a shared infrastructure layer across distributions is a longstanding vision. Thanks to all contributors! ``` Alexander Larsson (5): fetcher: Send Accept-Encoding: gzip when downloading summary repo: After renaming in all loose objects, ensure metadata is stable lib/repo: Always look in staging directory for objects pull: When mirroring, only replace summary if we're doing a full mirror static delta apply: Work on bare-user-only repos Anton Gerasimov (1): lib/sysroot: Add API to get pending/rollback for given stateroot Brian C. Lane (1): Remove the OSTREE_MAX_RECURSION limit on metadata depth Colin Walters (51): tests/test-symbols.sh: Fix with --enable-experimental-api ci: Add unit case for --enable-experimental-api tests/libtest-core: Copy rpm-ostree changes, clean up bin/cookies: Delete dead tmpfile code in cookie list command Add stub for new libglnx tmpfile API, port simpler callers to it lib/deploy: Port config merge logic to new code style tests: Add some C tests for object writing pull-test: Add some 404 tests lib/fsutil: Delete unused GFile ioctl method lib/fsutil: Port to new code style lib: Add an "is_system" member to OstreeRepo lib/sysroot: Add non-failable ostree_sysroot_repo() tree-wide: Add+run spatch to use glnx_throw() cmd: Use autoptr for GKeyFile lib/util: Some style conversion Add a notion of "physical" sysroot, use for remote writing repo/commit: Dedup metadata writing API implementations repo/commit: Dedup content writing API implementation repo/commit: In the expected checksum case, check existence early repo/commit: Don't renormalize trusted metadata repo/commit: Split up metadata/content commit paths lib/repo: Delete unused private prototypes Revert "Add a notion of "physical" sysroot, use for remote writing" Don't install trivial-httpd man page if not enabled Canonicalize bare-user-only perms with 0755 mask builtins/cat: Port to new code style lib/repofile: Port mostly to new code style lib/repofile: Follow symlinks for `g_file_read()` lib/repo: For bare-user, mask content object modes with 0775 tests: Add a test for bare-user-only failing to commit suid content repo/commit: Support group-writable files for bare-user-only ci: Update to match current rpm-ostree ci: Add CentOS 7 build repo: Fix leak of superblock fds when generating summary lib/commit: Port final object writing function to new code style lib/commit: Drop some conditionals/clarify code in content path lib/checkout: Ignore world-writable dirs for bare-user-only checkout lib/repo: Refactor object copy import function lib/repo: Skip import via hardlink if repo owners don't match lib/repo: Import metadata via hardlink even for distinct repo modes lib/repo: Support hardlink conversions from bare-user to bu-only lib/pull: Add OSTREE_REPO_PULL_FLAGS_BAREUSERONLY_FILES lib/checkout: Add bareuseronly_dirs option build-sys: post-release version bump lib/sysroot: Add some g_prefix_error() for ostree_sysroot_cleanup() lib/pull: Extend BAREUSERONLY_FILES flag to HTTP requests lib: Split symbol versioning into -released and -devel checkout: Fix SELinux policy labeling when recursing tests: Fix previous commit for selinux testing build-sys: Add "release build" flag, use for symbol versioning Release 2017.7 Daniel Drake (2): libtest: allow committing to alternative branches Allow commits to mark refs as EOL, replaced by others David Shea (1): lib/repo: Fix annotations for out parameters Jonathan Lebon (6): pull: complete detached meta fetch before scanning PAPR: migrate to the new name checkout: don't apply SELinux labeling in user mode checkout: also chmod in the user checkout case manual: document bare-user-only repo mode basic-test.sh: explicitly check for uncompressed objects Krzesimir Nowak (1): lib/sysroot: Document the NO_CLEAN flag Owen W. Taylor (1): lib/repo: Don't copy xattrs when manipulating the GPG keyring Philip Withnall (16): lib/remote: Add a getter for OstreeRemote.name lib/remote: Add internal annotations to OstreeRemote lib/remote: Add arguments to internal OstreeRemote constructor lib/repo: Add return value to _ostree_repo_add_remote() lib/repo: Make ost_repo_remove_remote() available internally lib/remote: Fix compilation with --enable-experimental-api build: Use AM_TESTS_ENVIRONMENT rather than TESTS_ENVIRONMENT lib/repo: Reindent some code in regenerate_summary() for clarity lib/pull: Fix a typo in a documentation comment lib/pull: Simplify a for-loop initialisation lib/pull: Drop some trailing whitespace lib/pull: Fix an over-indented block ostree/dump: Improve formatting for well-known commit metadata keys lib/repo: Omit deltas from the summary file if there are none lib/fetcher: Add cleanup function for OstreeFetcher lib/pull: Fix construction of a refspec to use the correct separator Tristan Van Berkom (1): ostreee-version.h.in: Added Since: version annotations ``` Git-EVTag-v0-SHA512: 5115bcfa837cf59ed3672f5c7717796091ce2e88eb3ecb75148d14055246529afc2206d8e02540d2f6cb0254bee4d29506b47dbd65212f5a0b14a846f1cc986e
-
-
-
v2017.6
Release 2017.6 One of the most notable changes in this release is that we switched to using a systemd generator for handling `/var`, which means admins can now set it up as an explicit mount point. We feel pretty confident in the code, but do test your specific setup. One note in particular; the new model (obviously) requires systemd, and while we tried to preserve the non-systemd path, it wasn't explicitly tested. Issue: https://github.com/ostreedev/ostree/issues/855 The work to port to a new code style continues rapidly; at this point most of the library is converted, with just the command line remaining. I think the new style is a lot more readable now that we rely fully on `__attribute__((cleanup))`. Philip Withnall contributed changes to enhance the `OstreeAsyncProgress` reporting API, which I think is going to be quite useful for user interface frontends (like GNOME Software). PR: https://github.com/ostreedev/ostree/pull/819 There's a smattering of smaller bugfixes; minor memory leaks, double `close()` and the like. In this cycle we also beefed up our CI/testing more - we now test both Fedora Atomic Host and flatpak more explicitly. Contributions to extend the suite to other distributions would be appreciated; for example, tests for ostree-as-host on Debian. Our Travis-executed tests should be extensible. Thanks to Dan Nicholson for also fixing some of the test suite for installed tests, and also contributing introspection fixes for language bindings. Another feature that involved a lot of internal changes is our handling for `/etc` on SELinux-based systems. We now label files as we go rather than having a more fragile separate relabeling path. This is also exposed as an API, which is used by `rpm-ostree` now. I think this particular change highlights the strength of "libostree" as an API that can be reused by higher level systems. PR: https://github.com/ostreedev/ostree/pull/797 Thanks to all contributors! Colin Walters (62): pull: Support deltas for explicit commits checkout: Fix bare-user symlink checkouts Bump release for 2017.5 lib/boot: Convert bootconfig parser to new code style sysroot: Continue conversion of some simpler functions to new style cmdline: Start conversion to new code style repo: Optimize bare-user content object reads a bit repo/checkout: Finish conversion to new code style lib/cleanup: Port some of the cleanup code to fd-relative and new style repo: Add a "force copy" flag to checkout lib/core: Complete conversion to new code style Rename "osname" → "stateroot" lib/util: Delete some leftover pre-libglnx directory opening functions repo: Drop unused cache variables leftover from pack files repo/checkout: Cache lookups of dirmeta objects checkout: Merge union/add logic for copies during checkout tests: Factor out a libtest-core.sh tests/installed: New installed, privileged tests using Fedora AH checkout: Add SELinux labeling for checkout, use in deploy repo: Port object listing func to use libglnx more + new style repo: More porting to new style repo: Fix incorrect use of errno() error throwing lib/sepolicy: Convert to new code style sepolicy: Cache the value of is_selinux_enabled() to work around bug lib/checkout: Use TEMP_FAILURE_RETRY() ci: Add a context for testing flatpak ci: Fix flatpak test pkg install checkout: Dedup calls to memcache ref repo: Delete the last use of GFile tmp_dir tree-wide: Convert to using autoptr(GString) vs g_string_free(...,TRUE) Add --enable-installed-tests=exclusive, fix installed case utils/checksum: Port to new code style fsck: Check for refs missing corresponding commit tests: For installed, s/test-/itest-/ to avoid in-tree name clashes tests: Migrate test-pull-many.sh to installed on FAH ci: Extend FAH rootfs for installed tests ci: More flatpak ci fixes ci: Move travis scripts from tests/ → ci/ diff: Port some to new code style sysroot: More porting to new code style checkout/commit: Use glnx_regfile_copy_bytes() if possible lib/prune: Complete porting to new code style lib/checkout: Move special case for subpath of file to toplevel lib/checkout: Optimize checkout by avoiding OstreeRepoFile recusion repo: Fix double close() in summary generation lib/repo: Port more of GPG and summary functions to new code style checkout: Plug a memleak of the state stringbuf tree-wide: Switch tabs ⭾ in various files over to spaces ␠ lib/checkout: Fix regression in subpath for regular files remount: Drop support for auto-tmpfs-on-var; use systemd.volatile=state lib/remote: Box OstreeRemote if experimental-api lib/repo: Fix double close() switchroot/remount: Trim set of remounted filesystems switchroot/remount: Check mount status before remounting, be verbose Switch to using a systemd generator for /var tree-wide: Add a few missing O_CLOEXEC lib: Add "open dfd iter handling noent" helper, port tree-wide lib/upgrader: Port to new code style build: Use cd $(srcdir) instead of `git -C` switchroot/generator: Add var.mount to local-fs.target.requires lib/pull: Port some functions to new code style Release 2017.6 Dan Nicholson (5): pull: Fix crash specifying override URL in summary fetch commit: Mark ostree_repo_transaction_set_ref* checksums nullable pull: Allow additional HTTP headers for summary fetch tests: Install libtest-core.sh with installed tests tests: Look for trivial-httpd in $libexecdir Francesco Giannelli (1): switchroot: Document a bit more, add demo shell implementation Jonathan Lebon (2): tests/ci-commitmessage-submodules.sh: fix for RHCI libglnx: bump and use new helper methods Krzesimir Nowak (1): apidoc: Add missing enums to sections file Philip Withnall (22): ostree: Use G_OPTION_ARG_FILENAME where appropriate tests: Ignore some standard automake check output files libostree: Rework OstreeAsyncProgress to use GVariants internally libostree: Add multiple getter/setter support to OstreeAsyncProgress src: Port to new OstreeAsyncProgress atomic API libostree: Allow OstreeAsyncProgress:status to be set atomically libostree: Get and set OstreeAsyncProgress:status atomically libostree: Fix a typo in docs for ostree_repo_pull_with_options() libostree: Add missing checks for invalid timestamps libostree: Fix potential use of uninitialised memory in progress API libostree: Ensure progress keys are all always set libostree: Add some additional metadata to the summary file libostree: Document endianness of GVariant metadata types ostree: Add --view mode to `ostree summary` ostree: Improve formatting for well-known summary metadata keys ostree: Use #defines for well-known metadata key names tests: Add a test for `ostree summary --view` tests: Fix regex escaping in test-summary-view.sh build: Add --enable-experimental-api configure option for unstable APIs libostree: Expose $OSTREE_FEATURES in the pkg-config file libostree: Make OstreeRemote a public and internal API build: Add -C arguments to some git invocations Sjoerd Simons (1): repo/commit: Fix memory leak Git-EVTag-v0-SHA512: 47a502039ce8abaa83e5872560846d592fc5e38557a190c3b1101f7ea245a3eeee21be8b9aa39c1ab163dc30072d7ef495b26ba18388d4216421b73e3dfd9372
-
-
-
-
v2017.5
Release 2017.5 This is a bugfix release for 2017.4 to fix a regression that broke flatpak: #798 Git-EVTag-v0-SHA512: d4b87e7b4d2fe1f931f18d2ae62d88e90442d5957a36e0caab12df5f3faa6409adc03b9d60b966a1b4c065d07ff9a8986ee9e05faa000a55c5651d62e74bb745
-
-
-
-
v2017.4
Release 2017.4 A notable new feature in this release is a *fourth* repository mode: "bare-user-only". This is very similar to `bare-user`, but canonicalizes permissions and ignores xattrs. The intended use of this is for "non-OS" container tools such as flatpak, where one intentionally discards the traditional file ownership. (I'm calling this container case "non-OS" to distinguish from other container tools where one might want to "log in" via PAM and supporting distinct UIDs inside a single container is valuable) More information: https://github.com/ostreedev/ostree/pull/750 We have a few new APIs, such as `ostree_check_version()` which is important when making use of some of the "API extensions" we have using `GVariant` on e.g. `ostree_repo_pull_with_options()`. The diff is a bit larger due to us switching to a new code style. Another quite important change is that `ostree trivial-httpd` is disabled by default. With a libcurl build, this is the last part that links to libsoup. It's only needed for unit tests, so can be subpackaged or discarded. (We're doing the latter for Fedora) Speaking of curl, we now support `--with-openssl` which enables using OpenSSL's `libcrypto` for SHA256. This can be notably faster. You likely want this if e.g. `libcurl` is already linked to OpenSSL for you. I'm increasingly confident in the curl code, and should be ready to recommend using it by default in the next release or two. Thanks to all contributors! Alexander Larsson (4): Add _ostree_repo_mode_is_bare helper Add bare-user-only repo mode commit: Add --canonical-permissions argument Add basic tests for bare-user-only repo modes André Klitzing (2): Avoid unnecessary includes Fix includes if built against musl Anton Gerasimov (1): Define TARGET_PREFIX to use with grub2 deployment Colin Walters (46): Disable "ostree trivial-httpd" by default now core: Add runtime ostree_check_version() builtin/show: Convert to direct return/decl-after-stmt style pull: Squash a `-Wmaybe-uninitialized` warning lib: Exclude soup header from introspection lib: Squash most of the gtk-doc warnings for missing parameters lib: Add a private copy of checksum-instream core: Support building with OpenSSL for checksums sysroot/deploy: Some cleanup to decl-after-stmt/return FALSE style sysroot: Prep refactoring of cleanup logic build: Quiet automake warning for bupsplit build: Various fixes for openssl build Bump libglnx, port a few callers to new error API sepolicy: Add ostree_sepolicy_new_at() sepolicy: Add better private API for setfscreatecon cfg.mk: Add a syntax check for a redundant : in glnx_throw repo/refs: Convert to new code style sysroot: Add ostree_sysroot_write_deployments_with_options() core: Convert some functions to new code style build: Dist ostree-sepolicy-private.h commit: Prefix error with target object name on failure to write repo+tests: Add [core]disable-xattrs=true, use it on overlayfs pull: Also skip partial commits for deltas if no summary file ci: Enable -Werror=unused-result with -Wp,-D_FORTIFY_SOURCE=2 sysroot: Don't cache sepolicy repo/commit: Change most of this file to new code style build: Expose autocleanups unconditionally, start using them lib: Fix OSTREE_CHECK_VERSION() lib: Delete old GFile path helpers, and migrate single last user lib: Delete old unused GFile helpers libutil: Delete unused threadpool wrapper libutil: Delete unused GVariant I/O functions libutil: Delete some unused checksum helper API libutil: Delete some unused error handling APIs Add Coccinelle usage: one for blacklisting, one for patch collection sepolicy: Fix regressions from introduction of sepolicy_new_at() Add flag to make SELinux label failure fatal, add hack for /proc ci: Add a check that submodule changes include "Update submodule: " core: Fix default value of disable_xattrs repo/core: Convert some functions to new code style soup: Hold a ref to the pending URI during completion processing sysroot/deploy: More code style conversion curl: Enable pipelining for HTTP/2 Fix a few gtk-doc warnings checkout: Provide useful error with checkout -H and incompat mode Release 2017.4 Daniel J Walsh (1): sysroot/unlock: Ensure overlay label on /usr is `usr_t` Erik Larsson (1): diff: Add ostree_diff_dirs_with_options(), expose via cmdline Georges Basile Stavracas Neto (1): libostree: add versioning macros Git-EVTag-v0-SHA512: 71f0649308f04f15eb6a22b4b34c2804d680d5870dd3b6391079fa2be6c0f4df74e7ed4f8abbb461104ad23707ecf38587b187a8bd240a9979e4800c13efce78
-
-