Releases: coreos/rpm-ostree
Releases · coreos/rpm-ostree
2022.19
What's Changed
- daemon: Add logging of sysroot load and locking times by @cgwalters in #4219
- client: Add some more error prefixing by @cgwalters in #4221
- encapsulate: Add
--copymeta-optby @cgwalters in #4222 - Two minor staticanalysis fixes by @cgwalters in #4225
- docs/rebase: Document rebasing to a container image by @cgwalters in #4223
- client: Bump most dbus method timeouts to 5 minutes by @cgwalters in #4224
- build(deps): bump libdnf from
e4452b1to82c59efby @dependabot in #4229 - build(deps): bump serde from 1.0.148 to 1.0.151 by @dependabot in #4231
- build(deps): bump envsubst from 0.2.0 to 0.2.1 by @dependabot in #4232
- sysroot: Fix conflicting authentication options && build: Release 2022.19 by @cgwalters in #4233
Full Changelog: v2022.18...v2022.19
Contributors
cgwalters and dependabot
Assets 3
2022.18
What's Changed
- Finish porting to cap-std by @cgwalters in #4212
- packaging: Upgrade skopeo to a requirement by @cgwalters in #4211
- A few CI updates by @cgwalters in #4210
- ci: Verify package layering across upgrades by @cgwalters in #4217
- Print message when rpm-ostree initramfs --disable is run by @kenneth-dsouza in #4216
- Update to cap-std-ext 1.0.2 by @cgwalters in #4218
- Release 2022.18 by @cgwalters in #4220
New Contributors
- @kenneth-dsouza made their first contribution in #4216
Full Changelog: v2022.17...v2022.18
Contributors
cgwalters and kenneth-dsouza
Assets 3
2022.17
This pulls in several notable fixes for the container flow
around image garbage collection.
Aside from that there's some cleanup to the initramfs
and initramfs-etc commands, a few documentation tweaks
and internal improvements.
Alessandro Di Stefano (1):
Fix the treefiles reference link in ex-rebuild.md
Colin Walters (19):
container-encapsulate: Format errors correctly
composepost: Port symlink generation to cap-std
composepost: Port rpmdb hardlinking to cap-std
composepost: Handle existing absolute symlinks
cxxrsutil: Drop use of `&mut` in `gobj_wrap()`
Prune container image layers during cleanup too
Update to ostree-ext 0.10, glib 0.16, cap-std 1.0
sysroot: Centralize layer prune + logging
lockfile: Port to non-deprecated chrono APIs
upgrader: Can't currently check-only in container flow
upgrade: Make image pruning idempotent
override: Honor `--install` in container case too
docs: Document registry auth
composepost: Port selinux timestamp tweaks to cap-std
README.md: More clearly link to container bits
Use default `all` rule for bindings
daemon: Make failure to query base image non-fatal
Update to ostree-ext 0.10.1
Release 2022.17
Jonathan Lebon (7):
packaging/spec: Upstream "Disable LTO on 32 bits"
packaging/spec: Drop el8-specific block
docs: Make clearer that `initramfs --enable` involves dracut
man: drop `ex` prefix on initramfs-etc command
man: move `initramfs-etc` to right after `initramfs`
man: mention `initramfs-etc` in `initramfs` docs
app: Make `initramfs-etc` help string more explicit
Joseph Marrero (1):
cliwrap/kernel_install: use original systemctl when running dracut
Luca BRUNO (1):
importer: fix translation of top directories
dependabot[bot] (11):
build(deps): bump futures from 0.3.24 to 0.3.25
build(deps): bump cxx from 1.0.79 to 1.0.82
build(deps): bump libc from 0.2.135 to 0.2.137
build(deps): bump serde_json from 1.0.87 to 1.0.89
build(deps): bump rayon from 1.5.3 to 1.6.0
build(deps): bump serde from 1.0.147 to 1.0.148
build(deps): bump chrono from 0.4.22 to 0.4.23
build(deps): bump cxx-build from 1.0.81 to 1.0.83
build(deps): bump indicatif from 0.17.1 to 0.17.2
build(deps): bump rustix from 0.36.4 to 0.36.5
build(deps): bump openssl from 0.10.42 to 0.10.44
-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg5CRAd4pqfdf6DWMgvDhrcq1x8Q
gQPSQHIoZaiiRTt68AAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQD49w7kXNafZSiQJIcmKNYfvPfme48c/GqcA+unajguEpGUYcmOw41r+G+a5CcsNB8
n6kzgDJKcHL6uL5C9GJgE=
-----END SSH SIGNATURE-----
v2022.16
Client
- Rebasing to a container refspec has now been declared stable and no longer
requires the--experimentalflag. - Include version in
rpm-ostree statusoutput even when deployed from a
container. - Improve container-related documentation.
- Prune previous container payloads during rebase.
Compose
- Support a new
repovarsexperimental treefile key. This key feeds into the
librepo URL variable substitution logic. This is useful for the case where the
same repo files are used by multiple streams and e.g. thebaseurlneeds to
be templated by more than justreleaseverandbasearch. - Support
rpm-ostree compose image --labelto directly add labels to the OCI
image. - Workaround a recent semanage bug causing the SELinux policy to be recompiled
on client systems even when unneeded. If you've been using Fedora 37 before
GA, your system may be unnecessarily carrying a customized SELinux policy.
This is harmless (base policy updates still take effect) but less efficient.
You can get back to the original policy by following
these steps. - Make
container: trueimply more appropriate defaults likeselinux: false
andtmp-is-dir: true.
Internals
- Update CI to Fedora 37.
- Fix some new compiler warnings.
- Port more Rust code from
openattocap-std - Improve error-reporting in importer path.
- Stop using deprecated interrupt safety librpm API on rpm 4.18 and newer.
- Fix a memory leak in the core.
Colin Walters (27):
tests/override-kernel: Adapt for Linux kernels newer than 5
ci: Fix references to old FCOS location
util: Fix `-fpermissive` warning
Add version to status even for containers
treefile: Make `container: true` opt-in to saner defaults
build-sys: Don't delete systemd units in `make clean`
Update to ostree-ext 0.9
docs/container: Flesh out a bit more and tweak
Stabilize container functionality
docs/container: Explain you can upgrade too
Always use merge commit for container deployments
compose/image: Add `--label`
Update to ostree-ext v0.9.1
daemon: Query container image commit
When rebasing, prune previous container by default
composepost: Port a few bits to cap-std
composepost: Port default target bits to cap-std
composepost: Port remove files handling to cap-std
composepost: Port script function to cap-std
composepost: Port rpmdb symlinking to cap-std
composepost: Port os-release handling to cap-std
composepost: Port outer wrapper function to cap-std
composepost: Port one test to cap-std
composepost: Port directory size computation to cap-std
composepost: Port altfiles mutation to cap-std
build: Compile with rpm 4.18
packaging/spec: Add a dummy changelog
Jonathan Lebon (11):
libpriv/postprocess: work around semanage bug
ci: Update for Fedora 37
ci: Run "Build Integration Test Data" GHA privileged
core: Plug leak in vars dir handling
rust/extensions: Copy `directory` field to generated treefile
app/compose: Factor out helper to set repos dir
app/compose: Clear out vars dir
treefile: Support `repovars` key
Release 2022.16
Luca BRUNO (1):
libpriv/importer: bubble up filepath errors
v2022.15
The biggest feature here is that in the new container-native
flow, installing packages that invoke useradd will by
default generate systemd-sysusers fragments. This means
that e.g. RUN rpm-ostree install libvirt in a Dockerfile
will still end up with the qemu user client side.
There's also a notable bugfix for unauthenticated container
fetches.
Also on the client side, there are new DBus APIs for
fetching package metadata, which will be used by
e.g. gnome-software.
-
ci: migrate to new directory and method names by @jlebon in #4089
-
composepost: Drop unnecessary injection of presets by @cgwalters in #4087
-
build(deps): bump cxx from 1.0.76 to 1.0.78 by @dependabot in #4073
-
build(deps): bump cxx-build from 1.0.76 to 1.0.78 by @dependabot in #4072
-
Update to ostree-ext 0.8.8 by @cgwalters in #4091
-
app: Improve error-prefixing in local RPM file handling by @jlebon in #4100
-
build(deps): bump libglnx from
26375b5toe701578by @dependabot in #4093 -
build(deps): bump cxx from 1.0.78 to 1.0.79 by @dependabot in #4094
-
status: Make
--booted --jsondo the expected thing together by @cgwalters in #4090 -
build(deps): bump serde_yaml from 0.9.13 to 0.9.14 by @dependabot in #4102
-
build(deps): bump cxx-build from 1.0.78 to 1.0.80 by @dependabot in #4104
-
build(deps): bump serde_json from 1.0.86 to 1.0.87 by @dependabot in #4103
-
architecture: Document /var by @cgwalters in #4105
-
Rework useradd(etc) sysusers integration to work in container flow by @cgwalters in #4092
-
daemon: Implement WhatProvides and GetPackages methods by @mcrha in #4099
-
ci: use Containerfile instead of Dockerfile by @jmarrero in #4109
-
deploy: Don't crash if no revision specified with --register-driver by @cgwalters in #4112
-
Update to ostree-ext 0.8.9 by @cgwalters in #4108
-
Release 2022.15 by @cgwalters in #4117
Git-EVTag-v0-SHA512: 0bcda4f74d0cf9caef533d1d14a4742c347bf46b48c3a57b63ed74a1a1b3ee31d2eb70a9a5d988387f9f2a817ed165cf3096783a25cfeac2c3e6f524e747fdc2
Contributors
major, cgwalters, and 4 other contributors
Assets 3
v2022.14
Release 2022.14
Client
rpm-ostree apply-livenow prints out systemd units that changed
Container
- It's no longer necessary to
rpm-ostree cliwrap --enablein a Dockerfile when overriding the kernel. - The initramfs generated in containers now includes device files.
- A change to encapsulate at format version 1 by default was made. This moves towards deprecating version 0 in future releases.
- Related to this, the client now explicitly warns loudly if it encounters a format v0 image.
Compose
- The
metadatafield now correctly functions with inheritance. - Container whiteouts found at build time are now converted to be generated at ostree deployment time
- new configuration options to enable individual cliwraps.
Internals
rpm-ostree removecan now be used inside a container as well as using it via dnf/yum compatibility layer i.e.dnf remove.
Akihiko Odaki (1):
core: Get the kernel version from the kernel path
Colin Walters (41):
container: Add progress spinners to `compose container-encapsulate`
build: Ignore changes to `metadata`
core: Initialize unprivileged member variable
core: Add an API to deinitialize libdnf
core: Also only set bootable metadata if `!container`
Add `compose image`
cliwrap/rpm: Don't drop privileges in a container image
cliwrap/yumdnf: Add `dnf image apply-live`
pkg: Make `rpm-ostree remove` functional in a container
cliwrap/yumdnf: Implement `remove`
client: Fix some unused variable warnings
build-sys: Disable LTO by default
compose: stop passing JSON treefile to function computing checksum
compose: Add `cliwrap-binaries`
ci: Tweaks for stopping infra container
compose-image: Add `--layer-repo` option
core: Make checksum API support caller picking the algorithm
Deduplicate code to compute state digest
tests/container-image: Add another fast compression, bump timeout
treefile: Merge metadata field
tests: Use `--offline` for second build
rust: Update to ostree-rs-ext 0.8.5
compose-image: Support `--lockfile`
compose-image: Print diff of layers
rust: Update to ostree-ext 0.8.6
docs: Describe `compose image`
container: Ensure unprivileged fetch can read `/run/ostree/auth.json`
docs/experimental: Describe `ex rebuild`
rust: Bump ostree-ext
override: Don't crash if argument produces no file descriptors
tests: Add a helper to go more fully offline
cliwrap: Also inject /dev/random into cliwrap'd dracut
container: Encapsulate at format version 1 by default
rebuild: Fix logic for container-only handling
compose: Handle embedded whiteouts
container: Enable wrappers duing transaction
upgrade: Warn and sleep if we find a deprecated v0 format container
tests: Bump memory requests to work around Fedora repodata size
ci: Adjust limits for bumping memory
systemctl-wrapper: Pass through usage of --root directly
ci: Add a test case for container builds
Jan Macku (1):
ci(lint): add shell linter - Differential ShellCheck
Jonathan Lebon (2):
core: Filter for latest when downloading packages
ci: Request more memory for RPM building
Joseph Marrero (2):
ridiculous-rhel-devel-workaround: use yum localinstall instead of rpm -U
rust/src/client: change container test to use environment variable
Luca BRUNO (2):
libpriv/utils: add some non-null assertions
libdnf-sys: remove incorrect noexcept
RishabhSaini (1):
apply-live: Invoke `systemctl daemon-reload` after unit files change
New Contributors
- @akihikodaki made their first contribution in #4038)
- @jamacku made their first contribution in #4008
Full Changelog: v2022.13...v2022.14
Contributors
jamacku and akihikodaki
Assets 3
2022.13
Release 2022.13
Client
A major update in this release is that rpm-ostree apply-live is now
a stabilized interface. There's a lot more to do to enhance this;
among other things, we should (much like dnf needs-restarting)
help you find processes and services that should be restarted, but
the basic mechanics can be relied on here.
The ex module interface is still experimental, but now may be
used as part of container builds.
We now more cleanly handle the lack of polkit.
Some enhancements to the (not enabled by default) yum/dnf "personality"
landed; this is active when cliwrap: true.
There is now the first use of privilege separation in the daemon;
we use DynamicUser=rpm-ostree in the main rpm-ostreed.service,
and this unprivileged userid is used for forking off the
skopeo process to perform container image fetches. This avoids
doing network requests (HTTP) as root. Much more use of
privilege separation is planned.
There's a notable bugfix for service start speed on systems with
a lot of container mounts in /var/lib/containers.
Build/Compose
rpm-ostree has gained the ability to intercept and process useradd
and groupadd invocations run from RPM scripts; this will aid
synthesizing systemd sysusers.d fragments automatically.
The branch names of ostree-layers are now ignored when computing
the change checksum.
Internals
All unnecessary use of Pin<&mut T> in the Rust/C++ bridge is gone.
The ongoing conversion to the Rust cap-std crate continues.
Colin Walters (49):
rust: Drop rustix linux_raw backend (and pre-generated `.a` files)
container: Make `--format-version` properly optional
dirdiff: Port to cap-std
tests/encapsulate.sh: Explicitly test chunked encapsulation here
packaging: Drop `gnome-common`
ridiculous-rhel-devel-workaround: Try to replace all packages
Enable `ex module` in a container
polkit-agent: Don't print a warning if not installed
cliwrap: Add -y option to yum/dnf
treefile: `#[derive(Clone)]`
build-sys: Switch to committing cxx.rs generated code
Remove last uses of `Pin<&mut someglibtype>`
lib: Add `deny(clippy::dbg_macro & todo)`
rust: Fix single-character clippy lint
rust: Fix clippy unnecessary ref lints
rust: A few more misc clippy fixes
rust: A few more misc clippy fixes
rust: A few more misc clippy fixes
rust: A few more misc clippy fixes
rust: A few more misc clippy fixes
rust/cxx: Fix clippy lint around use of `transmute`
rust/treefile: Allow a clippy lint
install: Add `-y/--assumeyes` option, prompt on tty by default
ci: Add a clippy check
yumdnf: Remove interception of --help and --version
yumdnf: Add a `yum image rebase` subcommand
Deprecate `ex-container` entrypoint (use `ostree container`)
Move `container-encapsulate` under `compose`
rust: Bump to ostree-ext 0.8.2
tests/container-image: Use `--compression-fast`
docs/container: Talk about `compose container-encapsulate`
unit: Bump `TimeoutStartSec=5m`
Stabilize `rpm-ostree apply live`
scripts: Ignore filesystem.posttrans
compose: Fix `container` to work again, add a test
yumdnf: Make `yum install cowsay` just do it and not lecture
rust/bwrap: Use cap-std
Use `DynamicUser=yes` for main service, isolate container fetch
Switch to `BindReadOnlyPaths` for `/var/lib/containers`
build-sys: Stop generating systemd units
Add an always-on `container` feature
rust: Run `cargo clippy --fix`
core: Ignore subdirectories of `/usr/lib/modules` without a kernel
Fix tokio panic in legacy `rpm-ostree container-encapsulate` path
Add `ex deploy-from-self`
rust: Bump to ostree-ext 0.8.4
tests: Use `--bootable` when generating derived commits
treefile: Add generic metadata
Release 2022.13
Jonathan Lebon (3):
libpriv/kernel: Run dracut with `DRACUT_NO_MKNOD=1`
app/status: Fix printing commits without rpmmd-repos metadata
Add .git-blame-ignore-revs and seed with `clang-format` commit
Luca BRUNO (8):
libpriv/core: overlay ostree content before running scriptlets
core: wrap and intercept `groupadd` calls in scriptlets
libpriv/scripts: inject pkgname in scriptlets environment
core: wrap and intercept `useradd` calls in scriptlets
builtins: properly mark a future incompatibility warning
core: wrap and intercept `usermod` calls in scriptlets
builtins/scriptlet_intercept: improve error paths
builtins/scriptlet-intercept: misc tweaks and refinements
RishabhSaini (1):
treefile: Exclude ostree_layer_names from checksum
dependabot[bot] (45):
build(deps): bump phf from 0.10.1 to 0.11.0
build(deps): bump cxx-build from 1.0.71 to 1.0.72
build(deps): bump cxx from 1.0.71 to 1.0.72
build(deps): bump serde_yaml from 0.8.25 to 0.8.26
build(deps): bump tracing-subscriber from 0.3.14 to 0.3.15
build(deps): bump reqwest from 0.11.4 to 0.11.11
build(deps): bump clap from 3.2.8 to 3.2.14
build(deps): bump libdnf from `eff7e68` to `6529773`
build(deps): bump rustix from 0.35.6 to 0.35.7
build(deps): bump nix from 0.24.1 to 0.24.2
build(deps): bump serde from 1.0.138 to 1.0.140
build(deps): bump serde_yaml from 0.8.26 to 0.9.2
build(deps): bump tracing from 0.1.35 to 0.1.36
build(deps): bump indicatif from 0.16.2 to 0.17.0 (+ new API port)
build(deps): bump libglnx from `c59eb27` to `26375b5`
build(deps): bump libc from 0.2.126 to 0.2.127
build(deps): bump serde_json from 1.0.82 to 1.0.83
build(deps): bump serde_yaml from 0.9.2 to 0.9.4
build(deps): bump chrono from 0.4.19 to 0.4.20
build(deps): bump indoc from 1.0.6 to 1.0.7
build(deps): bump clap from 3.2.14 to 3.2.16
build(deps): bump anyhow from 1.0.58 to 1.0.60
build(deps): bump chrono from 0.4.20 to 0.4.21
build(deps): bump phf from 0.11.0 to 0.11.1
build(deps): bump cxx from 1.0.72 to 1.0.73
build(deps): bump paste from 1.0.7 to 1.0.8
build(deps): bump cxx-build from 1.0.72 to 1.0.73
build(deps): bump serde from 1.0.140 to 1.0.143
build(deps): bump camino from 1.0.9 to 1.1.1
build(deps): bump chrono from 0.4.21 to 0.4.22
build(deps): bump libdnf from `6529773` to `a361dab`
build(deps): bump clap from 3.2.16 to 3.2.17
build(deps): bump nix from 0.24.2 to 0.25.0
build(deps): bump serde_yaml from 0.9.4 to 0.9.9
build(deps): bump anyhow from 1.0.60 to 1.0.61
build(deps): bump libc from 0.2.127 to 0.2.131
build(deps): bump futures from 0.3.21 to 0.3.23
build(deps): bump either from 1.7.0 to 1.8.0
build(deps): bump once_cell from 1.13.0 to 1.13.1
build(deps): bump anyhow from 1.0.61 to 1.0.62
build(deps): bump libc from 0.2.131 to 0.2.132
build(deps): bump serde_json from 1.0.83 to 1.0.85
build(deps): bump serde from 1.0.143 to 1.0.144
build(deps): bump libdnf from `a361dab` to `6744080`
build(deps): bump rustix from 0.35.7 to 0.35.9
Git-EVTag-v0-SHA512: eb20de8ec592da61d697c85a9e39181fb02df689adf516988e574f12df94f55945623ecb764064339665bce8f9001b207c22cf8af4e52c4858397fe5c4f1d61a
2022.12
rpm-ostree v2022.12
Client
- Give a better error for
ex modulein a container by @cgwalters in #3831
Build/compose
Internals (highlighted)
- Bump to ostree-ext 0.8.1 by @cgwalters in #3860
- rustix: use libc backend by @cgwalters in #3841
- Drop use of
curl, usereqwestinstead by @cgwalters in #3849 - Fix build on c9s and add CI by @cgwalters in #3846
A few static analysis fixes, e.g.:
- libdnf-sys: Remove incorrect
noexceptby @cgwalters in #3848
New Contributors
Full Changelog: v2022.11...v2022.12
Contributors
cgwalters and jlebon
Assets 3
2022.11
rpm-ostree v2022.11
Client
- Update to ostree ext 0.8 by @cgwalters in #3798
This notably pulls in a (hopefully final) new format for chunked container images. - rust/src/cliwrap: Add
RPMOSTREE_CLIWRAP_SKIPto skip cliwraps by @jmarrero in #3790 - app/override: Support remote overrides by @jlebon in #3636
For example, it is now possible to run e.g.rpm-ostree override replace --experimental --from repo=updates-testing systemdto pull the latestsystemdfrom theupdates-testingrpm-md repository. - app/status: Print deployment Index in status by @har7an in #3780
- cli: fix rebase help around remote flag by @miabbott in #3828
- Wrap kernel-install calls on containers by @jmarrero in #3689
Build/compose
- doc/treefile: Elaborate on all the changes we made to
packagesby @cgwalters in #3824
Internals (highlighted)
- Use
cargo vendor-filtererby @cgwalters in #3786
This project only runs on Linux, and this greatly helps shrink our vendored dependencies. - Only use single-threaded tokio reactor by @cgwalters in #3791
- rust: port to clap 3.2 by @lucab in #3767
New Contributors
As is common, there are many other small cleanup changes and code refactoring and Rust dependency bumps that are omitted from this. More information:
Full Changelog: v2022.10...v2022.11
Contributors
lucab, cgwalters, and 4 other contributors
Assets 3
2022.10
rpm-ostree v2022.10
Client
- rust/fedora-integration: Only download valid packages to replace by @jlebon in #3704
- cliwrap/dracut: Don't intercept if we're running in systemd by @cgwalters in #3737
- rpmostree-container: print transaction by @jmarrero in #3739
- rpmostreed-sysroot: Use G_IO_ERROR_BUSY for "Transaction in progress" error by @mcrha in #3691
- daemon: Add
treefilemodifier toUpdateDeploymentby @jlebon in #3759 - daemon: Handle rebasing back from container to ostree by @cgwalters in #3680
- Enable compilation with librhsm by @cgwalters in #3679
Compose
- build: Hard require rpm 4.16 by @cgwalters in #3626
- As rpm 4.16 is not in el8, this release effectively drops support for RHEL8-era librpm. There is a new rhel8 branch which continues maintenance there.
- kernel: Stop hardcoding
dracut --gzipby @cgwalters in #3745 - rust/scripts: Ignore
kernel-automotive-core.posttransby @jlebon in #3721
Dependency bumps
- rust: Bump ostree and ostree-rs-ext by @cgwalters in #3699
- This release notably includes better support for injecting OSTree GPG signatures into containers, which will help switch to "chunked" images for Fedora CoreOS and others.
- build(deps): bump libdnf from
6d74efcto9f0c0d2by @dependabot in #3725 - Many Rust dependencies were updated as usual.
Internals, CI and other changes
- Updated the code rebase to Rust 2021 edition.
- We're continuing to oxidize more parts of the codebase.
- On the Rust side, we're continuing transition from
openattocap-std. - A lot of CI-related changes as usual.
- And various minor fixes and enhancements.
New Contributors
Full Changelog: v2022.9...v2022.10
Contributors
cgwalters, jmarrero, and 3 other contributors