Releases: coreos/rpm-ostree
Release 2023.11
This is a smaller release. Notable new features and bug fixes are:
- rpm-ostree now supports adding generic container configs #4701
- rpm-ostree now adds padding between dracut's initramfs and random CPIO #4683
Colin Walters (10):
Update to ostree-ext 0.12.5
daemon: Make one bit of C++ code compatible with f38+f39 clang-format
ci/test-container: Drop modularity tests in F39
ci/test-container: Update for f39
Remove layering-modules test
tests: Add f39 compatibility
tests/container-build-integration: Use testing-devel
tests: Skip tests that need the fix for https://github.com/systemd/systemd/issues/29275
lib: Update ostree-ext
compose: Add support for specifying image config
Hongxu Jia (2):
correct bash completion
src/app/libmain.cxx: correct output of rpm-ostree compose -h
Jonathan Lebon (6):
tests/layering-fedorainfra: update bodhi/koji URLs for f39
tests/libtest: drop BuildArch from spec file for test RPMs
ci: bump vmcheck timeout to 1 hour
ci: cancel previous build on PR update
lockfile: add SRPM name in metadata field
libpriv/kernel: Add padding between dracut initramfs and random CPIO
Joseph Marrero (1):
Stop vendoring bootc
New Contributors
- @hongxu-jia made their first contribution in #4681
Full Changelog: v2023.10...v2023.11
Release 2023.10
This is a re-release of 2023.9 with the correct version number.
This release has a variety of smaller fixes and cleanups, plus one new opt-in new feature to ensure the SELinux labels for /usr/etc
are the same as /etc
, which is important for enabling "transient etc" with ostree.
- compose: Two minor cleanups by @cgwalters in #4629
- ci: Bump hardcoded Ignition version by @cgwalters in #4639
- deny: Add ring by @cgwalters in #4630
- packaging/rpm-ostree: update python3 macros and builddep by @jmarrero in #4641
- docs/handbook: Add more details about inactive overrides by @jlebon in #4642
- Bump to ostree-ext 0.12.3 by @cgwalters in #4665
- Hard require ostree 2023.7 by @cgwalters in #4672
- Ensure rofiles-fuse gets SIGTERM if we exit by @cgwalters in #4660
- ci/upgrade: disable
zincati.service
in config.bu by @HuijingHei in #4671 - build(deps): bump tracing from 0.1.37 to 0.1.40 by @dependabot in #4669
- treefile: Add option to label
/usr/etc
as/etc
by @cgwalters in #4640 - libpriv/rpm-util: Query package repo checksum under lock by @jlebon in #4673
Full Changelog: v2023.8...v2023.9
Release 2023.8
The biggest feature in this release is support for
rpm-ostree upgrade --check
when using a container flow;
this should unblock GUI tools like Plasma Discover and gnome-software
which want to check for updates and prompt the user for downloads.
There's a variety of other smaller bugfixes and features and internal
cleanups.
Colin Walters (32):
daemon/search: Fix memory leaks
Bump to containers-image-proxy 0.5.5
search: Fix a NULL ptr deref with zero terms
packaging: Write to target/
ci: Add autovendor flow
sysroot: Silence clang-analyzer warning
pkg-builtins: Add assertions to quiet clang-analyzer
ci/autovendor: Make it work
cxx: Regenerate
install/uninstall: Error out with --enablerepo on booted host
Update to ostree-ext 0.11.6
Remove unreferenced container images in cleanup, not rebase
core: Print total imported
core: Include repo name in download error
core: Add warning when we have pkgs to download in cache-only mode
scripts: Also ignore kernel-64k scripts
ci: Run cosa unprivileged
docs: Add bootc
Pin bootc to a git tag
lib: Update to bootc 0.1.1 (ostree-ext 0.12, cap-std-ext 3.x)
lockfile: Port away from deprecated chrono method
composepost: Use O_TMPFILE, not memfd
rust: Drop dependency on `memfd`
compose-image: Add `--initialize-mode`
Port a few things from nix to rustix
gitmodules: Switch to github for libglnx
container: Make `rpmostree.inputhash` optional
Update to ostree-ext 0.12.1
build-sys: Hard require ostree 2023.6
core: Add composefs digest for local commits too
Update to ostree-ext 0.12.2
Release 2023.8
CoreOS Bot (1):
Sync repo templates ⚙
Jonathan Lebon (5):
Cargo.toml: specify `nix` features to use
core: Convert path to ostree convention when deleting
tests/libvm.sh: Support `VMIMAGE` override
tests/vmcheck: Add container-selinux hack in selinux override test
libpriv/core: Tolerate rpmdb vs on-disk file type mismatch
Joseph Marrero (1):
ci: update ignition on test-container test
Luke Yang (1):
Add `container upgrade --check` function
dependabot[bot] (29):
build(deps): bump openssl from 0.10.56 to 0.10.57
build(deps): bump tokio from 1.29.1 to 1.32.0
build(deps): bump camino from 1.1.4 to 1.1.6
build(deps): bump serde_json from 1.0.104 to 1.0.105
build(deps): bump rustix from 0.37.20 to 0.38.3
build(deps): bump nix from 0.26.2 to 0.26.4
build(deps): bump regex from 1.9.3 to 1.9.5
build(deps): bump tempfile from 3.7.1 to 3.8.0
build(deps): bump cxx-build from 1.0.105 to 1.0.107
build(deps): bump libglnx from `c02eb59` to `54ad67d`
build(deps): bump libc from 0.2.146 to 0.2.147
build(deps): bump serde from 1.0.179 to 1.0.188
build(deps): bump clap from 4.3.21 to 4.4.2
build(deps): bump indicatif from 0.17.5 to 0.17.6
build(deps): bump either from 1.8.1 to 1.9.0
build(deps): bump chrono from 0.4.26 to 0.4.30
build(deps): bump cxx from 1.0.105 to 1.0.107
build(deps): bump libc from 0.2.147 to 0.2.148
build(deps): bump rustix from 0.38.3 to 0.38.13
build(deps): bump indoc from 2.0.3 to 2.0.4
build(deps): bump nix from 0.26.4 to 0.27.1
build(deps): bump anyhow from 1.0.71 to 1.0.75
build(deps): bump libglnx from `54ad67d` to `aff1eea`
build(deps): bump rustix from 0.38.13 to 0.38.14
build(deps): bump serde_yaml from 0.9.21 to 0.9.25
build(deps): bump clap from 4.4.2 to 4.4.4
build(deps): bump rayon from 1.7.0 to 1.8.0
build(deps): bump reqwest from 0.11.18 to 0.11.20
build(deps): bump indicatif from 0.17.6 to 0.17.7
v2023.7
Release 2023.7
This is a bugfix release that includes:
- A bootc-lib fix for containers/bootc#112 which was breaking our builds.
- The fix for #4508 which caused segfaults when any flag was passed between the
rpm-ostree
command andusroverlay
option.
Colin Walters (3):
man: Describe GPG key behavior
main: Move usroverlay parsing back to C++ consistently
usroverlay: Pass arguments to `ostree admin unlock`
Joseph Marrero (1):
Update bootc-lib
Full Changelog: v2023.6...v2023.7
v2023.6
v2023.6
Release 2023.6
This version of rpm-ostree contains numerous bug fixes and enhancements. Notable features are:
-
rpm-ostree now supports the "search" verb allowing users to use rpm-ostree to search for available packages. An example of this is:
rpm-ostree search *kernel
-
We now generate composefs metadata if ostree was compiled with support for composefs
-
rpm-ostree now vendors
bootc
, and this functionality can be accessed by creating a symlinkln -sr /usr/bin/rpm-ostree /usr/bin/bootc
This is an experimental feature for now.
Alexander Larsson (1):
commit: Always enable generation pf composefs metadata if possible
Colin Walters (9):
postprocess: Use --refresh now
container: Clarify error for nonexistent previous manifest file
client: Add an error prefix in deployment path
main: Update ostree-ext, add provisional-repair entrypoint
Bump to ostree-ext 0.11.4
Revert "main: Drop deprecated `container-encapsulate` entrypoint"
Use cap-tempfile via cap-std-ext
status: Fix possibly uninitialized warning
Bump to ostree-ext 0.11.5
Eric Curtin (1):
kernel: Specify multiple kernel or initramfs in error message
Felix Yan (1):
docs: correct a typo in Makefile.am
Huijing Hei (4):
sysuers: fix error if running `groupadd` with `-f`
passwd: Rename func `data_from_json` to `write_data_from_treefile` and add comment
passwd: sync `etc/{,g}shadow` according to `etc/{passwd,group}`
passwd: add `enum PasswdKind`
Joseph Marrero (4):
ci/test-container.sh: use f37 ignition for replace test
rust/src/main.rs: Add bootc entry point
.cci.jenkinsfile: up build pod memory to 6GB
scripts: also ignore kernel-debug-modules.posttrans
Luke Yang (2):
Add a `search` CLI verb and DBus API
Add `kola` tests and fix `Name & Summary` search
Timothée Ravier (2):
docs: Document ostree native container URL format
packaging/spec.in: Enable rpm-ostree-countme.timer following presets
New Contributors
- @ericcurtin made their first contribution in #4494
- @felixonmars made their first contribution in #4520
Full Changelog: v2023.5...v2023.6
v2023.5
New features
rpm-ostree can now directly pull container images from containers-storage
(e.g. the result of podman build
):
rpm-ostree rebase ostree-unverified-image:containers-storage:localhost/mytestimage
Other changes
Adam0Brien (2):
Add --force-replacefiles to docs/administrator-handbook.md
Add --force-replacefile to man page
Colin Walters (13):
daemon: Never do interactive auth for RegisterClient
Port to clap v4
compose: Oxidize bits propagating `core.fsync`
compose: Also propagate ex-{fsverity,composefs}
build-sys: Use new `tier = 2` from cargo-vendor-filterer
compose: Adapt to composefs change with `ex-integrity` group
tests/container-image: Revert use of automatic upgrade trigger
core: Error out instead of aborting on reinstalls
importer: Drop non-root files in CPIO check
tests: Use `-p qemu` for cosa
Bump to ostree-ext 0.11.1
Drop isolation when fetching from containers-storage:
deploy-from-self: Add some error prefixing
Joseph Marrero (2):
packaging/rpm-ostree.spec.in: use SPDX license identifier
Release 2023.5
Luke Yang (2):
Added more override examples
Sorted builtin commands alphabetically
RishabhSaini (2):
Update to ostree-ext 0.20, cap-std-ext 2.0
container: Add --previous-build-manifest
New Contributors
- @Adam0Brien made their first contribution in #4436
& - @lukewarmtemp made their first contribution in #4438
Full Changelog: v2023.4...v2023.5
2023.4
Probably the biggest thing here is a fix for
#4284
which affects Fedora Silverblue users.
User visible changes
- app: Add a global
-q/--quiet
flag by @cgwalters in #4384 - Add a "apply" (reboot) automatic update strategy by @cgwalters in #4392
Notable bugfixes
- Make output handling thread-local by @cgwalters in #4405
Other changes
-
Fix typo in error log if initramfs generation fails by @plata in #4380
-
rust/ffiutil: Drop dead GError code by @cgwalters in #4365
-
lib: Use re-exported oci-spec from ostree-ext by @cgwalters in #4383
-
tests/compose-image: Remove workaround as F38 commit reached stable by @jmarrero in #4376
-
kargs: Simplify idempotent append and delete operations by @Razaloc in #4161
-
scripts: Ignore kernel-redhat
%posttrans
scripts by @jlebon in #4386 -
rust: Bump various crates && rust: Bump dependabot PR limit to 6 by @cgwalters in #4385
-
upgrade: Split output lines for stored versus to-fetch by @cgwalters in #4394
-
build(deps): bump serde from 1.0.160 to 1.0.162 by @dependabot in #4396
-
build(deps): bump libc from 0.2.142 to 0.2.143 by @dependabot in #4395
-
build(deps): bump rust-ini from 0.18.0 to 0.19.0 by @dependabot in #4397
-
useradd: Add
-M/--no-create-home
by @cgwalters in #4399 -
output: More daemon-side progress debugging by @cgwalters in #4402
-
man/rpm-ostree: Document
status
switches by @jlebon in #4413 -
client: Print when we're attaching to an existing transaction by @cgwalters in #4398
-
tests: Drop
ex
from initramfs-etc by @cgwalters in #4406 -
daemon: Add logging for invocations of non-txn methods by @cgwalters in #4404
-
build(deps): bump serde from 1.0.162 to 1.0.163 by @dependabot in #4409
-
tests/container: Update package fixtures to f38 by @cgwalters in #4414
-
Regenerate cxx bindings by @cgwalters in #4416
-
Release 2023.4 by @cgwalters in #4418
New Contributors
Full Changelog: v2023.3...v2023.4
v2023.3
Notable changes this release:
Client
- New
--enablerepo
,--disablerepo
,--setreleasever
options on the cli. These allow
users to enable specific repositories and set releasever when installing packages.
Daemon:
- Unconditionally authorize uid 0 first - unconditionally query the credentials via dbus-{daemon,broker} first, this should avoid errors that can occur if polkit isn't installed or running.
Colin Walters (13):
main: Don't use timestamps and colors in tracing logs when running in systemd
cached-sigs: Be compatible with `cosa build-fast`
libtest: Hack around regression in journalctl
tests/layering-fedorainfra: Bump to newer systemd
core: Don't try to load rpm IMA sigs client side unless requested
main: Don't write colors to non-ttys
Bump tokio to 1.26
daemon: Unconditionally authorize uid 0 first
progress: Add more logging/tracing
console: Also print which task is being overwritten
build: Allow GLib 2.70, also `-Wno-error=deprecated-declarations`
Cargo.lock: Bump many dependencies
deny: Allow Unicode-DFS-2016
Jan Macku (2):
ci: trigger `differential-shellcheck` workflow on `push`
ci(fix): add missing permissions - `security-events`
Joseph Marrero (8):
rust/src/scripts: ignore rt and automotive debug scripts.
tests/vmcheck/test-override-kernel: account for kernel-modules-core
treefile: Add enablerepo/disablerepo/setreleasever cli options
treefile: cleanup enable_repo function
test-container: Add test for enablerepo,disablerepo and releasever
ci: Make sure cxx code is clang-formatted
ci: Update tests for Fedora 38
Release 2023.3
Timothée Ravier (1):
docs: Use upstream theme & update to 0.4.1
Full Changelog: v2023.2...v2023.3
v2023.2
Notable changes this release:
Client
- New
--compare-with-build
option on the cli Uses the ostree container library to compare OCI compliant images.
Compose
- New
--copy-retry-times
option to specify the amount of times we retry when copying images fails.
Daemon:
- Support
LockLayering=true
configuration option that provides an easy way for a sysadmin to disable all package layering and initramfs customizations. - Use a socket in
/run
, require non-abstract. The new glib changed to use non-abstract sockets by default, which broke us.
Colin Walters (11):
Update ostree-ext, use version API
compose/image: Add `--copy-retry-times`
core: Add some more debugging and error info around repos
treefile: Return `.` instead of `""` for parent directory
ci: Stop using Fedora 32
main: Drop deprecated `container-encapsulate` entrypoint
Drop `ex-container` entrypoint
daemon: Use a socket in `/run`, require non-abstract
ci: Use `cosa kola` to properly set `ARTIFACT_DIR`
spec: Add `Requires: /usr/bin/setpriv`
Bump ostree-ext
Jonathan Lebon (1):
Support `LockLayering=true` config knob
Joseph Marrero (1):
rust/src/scripts.rs: ignore posttrans for kernel-rt-core
RishabhSaini (1):
Add --compare-with-build to cli Uses the ostree container library to comapre OCI compliant images
Thorsten Leemhuis (1):
docs: adjust to new location of kernel-vanilla-repos
Full Changelog: v2023.1...v2023.2
v2023.1
Client
- Log when a client joins an existing transaction.
- Fix local initramfs regeneration on systems composed with
boot-location: new
. - Fix container flow in Turkish locales ( #4237 )
Compose
- Loosen lockfile semantics so that a missing locked package does not trigger
an error unless the compose requires it. - Drop support for locking by source packages.
Internals
- Update workflow actions to Fedora 37.
- Replace unmaintained actions-rs/toolchain with dtolnay/rust-toolchain.
- Add more error-prefixing in passwd, kernel, and cleanup-related paths.
- Add container-based upgrade test via Prow.
Benjamin Gilbert (2):
workflows: update actions to current major versions
workflows: replace actions-rs/toolchain with dtolnay/rust-toolchain
Colin Walters (8):
ci: Add infrastructure for use with Prow upgrade testing
passwd: Add various error prefixing
sysroot: Log when client joins an existing transaction
Update to ostree-ext 0.10.4
tests/upgrades: Disable zincati
Add a `try_fail_point!` macro and use it in more places
kernel: Add some error prefixing
cleanup: Add some error prefixing
Jonathan Lebon (11):
core: Disable modules earlier
core: Allow lockfiles to reference missing package names
libpriv/kernel: fix kver parsing from vmlinuz in /boot and /usr/lib/ostree-boot
.gitignore: add clangd-related files
compose: Drop support for `source-packages` in lockfiles
core: Further loosen lockfile handling
Revert ".gitignore: add clangd-related files"
Release 2023.1