Releases: coreos/rpm-ostree
Releases · coreos/rpm-ostree
2022.12
rpm-ostree v2022.12
Client
- Give a better error for
ex modulein a container by @cgwalters in #3831
Build/compose
Internals (highlighted)
- Bump to ostree-ext 0.8.1 by @cgwalters in #3860
- rustix: use libc backend by @cgwalters in #3841
- Drop use of
curl, usereqwestinstead by @cgwalters in #3849 - Fix build on c9s and add CI by @cgwalters in #3846
A few static analysis fixes, e.g.:
- libdnf-sys: Remove incorrect
noexceptby @cgwalters in #3848
New Contributors
Full Changelog: v2022.11...v2022.12
Contributors
cgwalters and jlebon
Assets 3
2022.11
rpm-ostree v2022.11
Client
- Update to ostree ext 0.8 by @cgwalters in #3798
This notably pulls in a (hopefully final) new format for chunked container images. - rust/src/cliwrap: Add
RPMOSTREE_CLIWRAP_SKIPto skip cliwraps by @jmarrero in #3790 - app/override: Support remote overrides by @jlebon in #3636
For example, it is now possible to run e.g.rpm-ostree override replace --experimental --from repo=updates-testing systemdto pull the latestsystemdfrom theupdates-testingrpm-md repository. - app/status: Print deployment Index in status by @har7an in #3780
- cli: fix rebase help around remote flag by @miabbott in #3828
- Wrap kernel-install calls on containers by @jmarrero in #3689
Build/compose
- doc/treefile: Elaborate on all the changes we made to
packagesby @cgwalters in #3824
Internals (highlighted)
- Use
cargo vendor-filtererby @cgwalters in #3786
This project only runs on Linux, and this greatly helps shrink our vendored dependencies. - Only use single-threaded tokio reactor by @cgwalters in #3791
- rust: port to clap 3.2 by @lucab in #3767
New Contributors
As is common, there are many other small cleanup changes and code refactoring and Rust dependency bumps that are omitted from this. More information:
Full Changelog: v2022.10...v2022.11
Contributors
lucab, cgwalters, and 4 other contributors
Assets 3
2022.10
rpm-ostree v2022.10
Client
- rust/fedora-integration: Only download valid packages to replace by @jlebon in #3704
- cliwrap/dracut: Don't intercept if we're running in systemd by @cgwalters in #3737
- rpmostree-container: print transaction by @jmarrero in #3739
- rpmostreed-sysroot: Use G_IO_ERROR_BUSY for "Transaction in progress" error by @mcrha in #3691
- daemon: Add
treefilemodifier toUpdateDeploymentby @jlebon in #3759 - daemon: Handle rebasing back from container to ostree by @cgwalters in #3680
- Enable compilation with librhsm by @cgwalters in #3679
Compose
- build: Hard require rpm 4.16 by @cgwalters in #3626
- As rpm 4.16 is not in el8, this release effectively drops support for RHEL8-era librpm. There is a new rhel8 branch which continues maintenance there.
- kernel: Stop hardcoding
dracut --gzipby @cgwalters in #3745 - rust/scripts: Ignore
kernel-automotive-core.posttransby @jlebon in #3721
Dependency bumps
- rust: Bump ostree and ostree-rs-ext by @cgwalters in #3699
- This release notably includes better support for injecting OSTree GPG signatures into containers, which will help switch to "chunked" images for Fedora CoreOS and others.
- build(deps): bump libdnf from
6d74efcto9f0c0d2by @dependabot in #3725 - Many Rust dependencies were updated as usual.
Internals, CI and other changes
- Updated the code rebase to Rust 2021 edition.
- We're continuing to oxidize more parts of the codebase.
- On the Rust side, we're continuing transition from
openattocap-std. - A lot of CI-related changes as usual.
- And various minor fixes and enhancements.
New Contributors
Full Changelog: v2022.9...v2022.10
Contributors
cgwalters, jmarrero, and 3 other contributors
Assets 3
v2022.9
Compose:
- Add support for propagating RPM IMA signatures
Container:
- Support
yum install foo - Fix
override replaceandoverride removesupport - Support whitespace-separated packages in
ex-override-replacekey
Internals:
- Bump libdnf submodule to latest, which should fix https://bugzilla.redhat.com/show_bug.cgi?id=2083715
- Oxidize more bits in the origin and importer code
- Move testing to Fedora 36
Colin Walters (19):
lib: Add an API to get "system host"
cliwrap: add install verb, support being run in a container
cliwrap: Enable `yum install foo` in a container
core: Check for errors from `hy_subject_get_best_solution`
treefile: Handle whitespace splitting for remote override packages
treefile: Simplify code for whitespace-splitting repo packages
postprocess: Move rpmdb cleanup into Rust
cliwrap: Use `Utf8Path` to drop an `unwrap()` also `ok_or_else`
cliwrap: More Utf8Path usage
rpmutil: Factor out helper for fcaps to single variant
core: Add constants for IMA
postprocess: Automatically propagate user.ostreemeta xattrs in commit
build: Add support for propagating RPM IMA signatures
tests: Add a compose IMA test
testdeps: Install rpm-sign
history: Port to cap-std
treefile: Remove unused workdir
Update to ostree-ext 0.7.2
tree-wide: Update to cap-std 0.25
Jonathan Lebon (36):
libpriv/origin: Back add_modules() by treefile
libpriv/origin: Back remove_modules() by treefile
libpriv/origin: Back remove_all_packages() by treefile
libpriv/origin: Stop caching module-related keys
rust/treefile: Fix has_modules_enable() check
rust/origin: Don't add empty string lists in origin
rust/treefile: Rename `modules` variable for clarity
rust/treefile: Make override-remove field a BTreeSet
libpriv/origin: Back add_overrides() by treefile
libpriv/origin: Back remove_override() by treefile
libpriv/origin: Back remove_all_overrides() by treefile
libpriv/origin: Stop caching override-related keys
rust/treefile: Separately assert override didn't exist
libpriv/origin: Drop unused RpmOstreeOriginOverrideType enum
rust/libdnf-sys: Rename libdnf.hxx to libdnf.hpp and reformat
rust/libdnf-sys: Bridge hy_split_nevra()
Use `--workspace` when running `cargo test`
libpriv/origin: Fix change setting in `add_*_packages`
rust/treefile: Add more testing for `add_packages`
libpriv/origin: Back remove_packages() by treefile
libpriv/origin: Stop caching package-related keys
libpriv/origin: Stop caching unconfigured state
libpriv/origin: Drop unused functions
libpriv/origin: Drop GKeyFile member from RpmOstreeOrigin
libpriv/origin: Free treefile when dropping RpmOstreeOrigin
ci: Reduce parallelism of vmcheck tests to 5
rust/treefile: Drop `set_packages_override_remove`
core: Include expected SHA256 in mismatch error
core: Hint at warnings when dnf_sack_add_cmdline_package fails
app/override: Mark `replace` and `remove` as container capable
tests: Adapt for Fedora 36 rebase
ci: Mark git checkout as safe
ci: Consistently use app.ci over quay.io for cosa and fcos-buildroot images
tests/container-image: Build derived image with --net=host
tests/vmcheck/db: Bump fake glibc.i686 version
Release 2022.9
Luca BRUNO (15):
libpriv/importer: simplify ostree branch handling
libpriv/importer: avoid caching header digest
libpriv/import: move result formatting out of core logic
libpriv/importer: port logic for /var/lib/ symlinks to Rust
libpriv/importer: port logic for /opt symlinks to Rust
importer: minor code tweaks
libpriv/importer: port path translation to Rust
libpriv/core: workaround libdnf vars path lookup
libpriv/core: canonicalize install_root
libpriv/importer: move ostree branch caching to Rust
libpriv/importer: cache package name
libpriv/importer: port docs filtering to Rust
cargo: add bitflags
lockfile: refresh after changes
libpriv/importer: move importer flags to Rust
dependabot[bot] (13):
build(deps): bump nix from 0.23.1 to 0.24.1
build(deps): bump anyhow from 1.0.56 to 1.0.57
build(deps): bump libc from 0.2.124 to 0.2.125
build(deps): bump cxx from 1.0.66 to 1.0.67
build(deps): bump cxx-build from 1.0.66 to 1.0.67
build(deps): bump serde_json from 1.0.79 to 1.0.80
build(deps): bump serde from 1.0.136 to 1.0.137
build(deps): bump serde_yaml from 0.8.23 to 0.8.24
build(deps): bump indoc from 1.0.4 to 1.0.6
build(deps): bump cap-tempfile from 0.24.2 to 0.24.3
build(deps): bump openssl from 0.10.38 to 0.10.40
build(deps): bump serde_json from 1.0.80 to 1.0.81
build(deps): bump libdnf from `e5ecbc1` to `1742be5`
2022.8
rpm-ostree v2022.8
Notable bugfixes
This includes an important fix for consuming layered images generated by earlier ostree versions: ostreedev/ostree-rs-ext#280
We no longer error out if /var/lib/containers does not exist.
Enhancements
The container layering flow now support package overrides from yum repos via origin.d YAML files. More work is coming to eventually support this client-side.
We now expose the new and fixed ostree ima-sign command.
Internals
Thanks to hard work from @lucab, the rpm-ostree codebase is now free of goto out; - this makes it easier to convert code to Rust, which does not have goto.
More work has been done on oxidizing the origin code.
Colin Walters (9):
refts: Correctly canonicalize explicit zero epoch
Add some assertions to silence `gcc -fanalyzer`.
rpmutil: Plug a memory leak in capability conversion
tests: Turn off zincati when rebasing
tests: Loosen regexp for error message
service: Don't fail if `/var/lib/containers` doesn't exist
Update to ostree-ext 0.7.1, add container progress notifications
main: Move `ostree-container` to pkglibdir, also expose `ostree ima-sign`
Release 2022.8
Jonathan Lebon (19):
libpriv/origin: Derive keyfile from treefile
libpriv/origin: Delete remove_transient_state()
rust/origin: Use baserefspec based on `may_require_local_assembly`
rust/treefile: Add container_image_reference derivation field
rust/treefile: Bundle refspec with its type
libpriv/origin: Delete sync_baserefspec()
libpriv/origin: Fully back refspec by treefile
libpriv/origin: Fully back initramfs regeneration by treefile
libpriv/origin: Fully back cliwrap by treefile
rust/origin: Print original value on kf diff mismatch
rust/treefile: Make package and modules-related fields BTreeSets
rust/treefile: Rename local packages-related functions
rust/treefile: Make packages-related setters take Vec ownership
libpriv/origin: Fully back layered packages by treefile
libpriv/origin: Break up add_packages() into multiple functions
rust/origin: Import `ORIGIN_CONTAINER` for brevity
tree: Fix formatting for GLNX_HASH_TABLE_FOREACH
core: Pass replaced pkg names to check_goal_solution instead of nevras
Add support for repo overrides in container flow
Luca BRUNO (6):
daemon/dbus: split apart error handling and transaction detection
daemon/dbus: rework transactions detection and creation
daemon/dbus: remove one goto statement
app/clientlib: remove one goto statement
libpriv/json-parsing: port one helper to Rust
treefile: rename one method
dependabot[bot] (9):
build(deps): bump tracing-subscriber from 0.3.9 to 0.3.11
build(deps): bump memfd from 0.4.1 to 0.5.0
build(deps): bump libc from 0.2.121 to 0.2.122
build(deps): bump tracing from 0.1.32 to 0.1.33
build(deps): bump memfd from 0.5.0 to 0.5.1
build(deps): bump rayon from 1.5.1 to 1.5.2
build(deps): bump libc from 0.2.122 to 0.2.124
build(deps): bump tracing from 0.1.33 to 0.1.34
build(deps): bump ostree-ext from 0.7.0 to 0.7.1
Contributors
lucab
Assets 3
2022.7
What's Changed
- Downgrade tracing-subscriber to 0.3.9 by @cgwalters in #3588
- daemon/dbus: remove some goto statements by @lucab in #3593
- Release 2022.7 by @cgwalters in #3595
Full Changelog: v2022.6...v2022.7
Contributors
lucab and cgwalters
Assets 3
2022.6
rpm-ostree v2022.6
A major new feature in this release is initial support for "chunked" ostree containers.
The client (and part of the build side) was released in ostree-ext 0.7. On the build side here, the new
rpm-ostree container-encapsulate command will generate "chunked" images.
For more information, see ostreedev/ostree-rs-ext#69
Also relating to containers, override replace and override remove now work in container builds.
The rpm-ostree compose extensions command now supports a --rootfs switch to operate directly on a rootfs rather than an ostree ref.
Notable bugfixes
rpm-ostree should now work on CentOS Stream 9 systems without polkit.
We work around kernel packages that have absolute paths in their .hmac files.
We now correctly detect and error out when in a container environment for commands that do not support it.
Internals
We adopted clang-format and reformatted the whole source tree for consistency.
Significant work landed on canonicalization our representation of state in the treefile (not "origin"). For more information, see this issue.
Progress continues on porting to cap-std.
We fixed several clang scan-build warnings.
Several CI reliability improvements landed.
Oxidation continues! Some code was rewritten in Rust (from appoximately 17% of the code to 19%).
We also started adopting Rust inline format!, and fixed some clippy lints.
Special thanks to first-time contributor Jonathan Dickinson!
Benno Rice (7):
Ignore .vscode and libgnlx-config.h
Separate includes that need to retain non-alphabetic ordering.
Add a clang-format configuration file.
Add a pass to ensure C/C++ code under `src` meets style.
Reformat all C/C++ code under src with clang-format.
Fix handling of lockfile parent directory, port to cap_std
Fix clippy warning.
Colin Walters (43):
Bump to containers-image-proxy 0.4.1
Require clang-format on all C/C++ files
Update to cap-std-ext 0.23.3
ci: Only run one instance of `clang-format`
docs: Mention mount point mutability
daemon/sysroot: Use iterators more
compose: Complete porting to cap-std
client: Don't invoke `systemctl start` if unit is already active
client: Warn about reliability of `--check` and `--preview`
extensions: Port to cap-std
Bump to cap-std 0.24.2, use `try_exists()`
lockfile: Use new internal `open_dir_of` helper
composepost: Also remove stamp file created by recent RPM `%posttrans`
rpmutil: Ensure libdnf is initialized when loading rpmdb
ci: Add Github action flow for testing container path
ci: Be verbose for tar extraction
cli: Opt-in some CLI verbs to working inside ostree containers
container: Cleanup BDB rpmdb leftovers after installs
compose extensions: Support `--rootfs`
extensions: Validate we don't have `--repo` and `--rootfs`
ci: Drop skopeo override
composepost: Make rpmdb location `pub(crate)`
architecture: Motivate base vs extensions split
man: Document that `rebase` and `deploy` will also update layered packages
spec: BR `libassuan-devel` on rhel8
daemon: Handle `org.freedesktop.DBus.Error.ServiceUnknown` too
core: Port to cap-std
compose: Fix handling of base rev
daemon: Port to cap-std
extensions: Port to cap-std
testutils: Port to cap-std
testutils: Port to rustix for `Mode`
partial, tree-wide: Switch to using inline variables in `format!`
daemon: Move tokio handle reference into daemon
core: Minor cleanups for kernel hmac bits
ci: Move legacy compose tests to GH actions
ci: Rename some of the GH actions
Update to ostree-ext 0.7, add new `container-encapsulate`
ci: Move codestyle check into our single GH actions flow
ci: Pull buildroot from CI registry
importer: Initialize cpio offset
tree-wide: Rework C++ try/catch to GError bridging
Release 2021.6
Jonathan Dickinson (2):
use basename when cleaning up the .vmlinuz.hmac file
port rpmostreed_generate_object_path to rust
Jonathan Lebon (68):
packaging: Canonicalize tarballs to uid/gid 0
packaging/spec: Don't own /usr/share/dbus-1/system-services
Makefile: add `make clang-format` to format tree
treefile: Don't serialize override-commit if `None`
libpriv/container: Drop treefile generation helper
libpriv/container: Add missing includes
scripts: Also ignore kernel-debug-core.posttrans
.editorconfig|.vimrc: Adapt to .clang-format spec
daemon/upgrader: Cleanup unused variables
treefile: Drop new_from_fields()
daemon/upgrader: Remove misleading try/catch
libpriv/util: Rename CXX_TRY to ROSCXX_TRY and add CXX_TRY
libpriv/util: Add `CXX` and `CXX_VAL` macros
tree: Add missing CXX wrapping
tree: Remove unneeded CXX wrapping
tree: Remove more try/catch blocks
treefile: rework validation for container flow
app/override: Support override remove in container flow
app/override: Support override replace in container flow
vmcheck/history: delete journal hack
rust/origin: support converting treefile to origin
libpriv/origin: Uninline parse_deployment
libpriv/origin: Drop classify_refspec
libpriv/origin: Pass RpmOstreeOrigin directly to helper
libpriv/origin: Drop get_full_refspec
libpriv/origin: Rename has_packages to has_any_packages
libpriv/origin: Delete unused modules_install
rust/origin: Genericize keyfile string list parsing
libpriv/origin: Drop unused get_string
libpriv/origin: Move ref/unref higher up
rust/utils: Add OptionExtGetOrInsertDefault
libpriv/origin: Stop commenting override commit version
rust/origin: Drop duplicate check for `container-image-reference`
core: Make refspec classification infallible
libpriv/origin: Make set_rebase infallible
core: Oxidize rpmostree_refspec_classify
rust: Convert `map().flatten()` to `and_then()`
rust/treefile: Support constructing from YAML strings
libpriv/origin: Drop `G_[BEGIN|END]_DECLS` wrappers
libpriv/origin: Label mutability of all public functions
libpriv/origin: Move source of truth to treefile
libpriv/origin: Back get_refspec() by treefile
libpriv/origin: Back get_custom_description() by treefile
libpriv/origin: Back get_packages() by treefile
libpriv/origin: Back has_modules_enable() by treefile
libpriv/origin: Back get_local_packages() by treefile
libpriv/origin: Back get_override_remove() by treefile
libpriv/origin: Back get_overrides_local_replace() by treefile
libpriv/origin: Back get_override_commit() by treefile
libpriv/origin: Back get_initramfs_etc_files() by treefile
libpriv/origin: Back get_regenerate_initramfs() by treefile
libpriv/origin: Back get_initramfs_args() by treefile
libpriv/origin: Back get_unconfigured_state() by treefile
libpriv/origin: Back has_any_packages() by treefile
libpriv/origin: Back may_require_local_assembly() by treefile
libpriv/origin: Back dup_keyfile() by treefile
libpriv/origin: Back get_cliwrap() by treefile
libpriv/origin: Make sync_treefile() void
libpriv/origin: Use CXX_MUST_VAL in sync_treefile()
libpriv/origin: Add sync_origin()
libpriv/origin: Use set_override_commit() instead of treefile resync
libpriv/origin: Fully back override-commit by treefile
rust/treefile: Make initramfs-etc a set
libpriv/origin: Use initramfs_etc_files_track() instead of treefile resync
libpriv/origin: Use initramfs_etc_files_untrack() instead of treefile resync
libpriv/origin: Use initramfs_etc_files_untrack_all() instead of treefile resync
libpriv/origin: Fully back initramfs-etc files by treefile
ci: Drop unnecessary `parallel`
Luca BRUNO (11):
libpriv/postprocess: always set exit code
daemon/utils: avoid superfluous gotos
daemon: port some sysroot core logic to Rust
libpriv/import: implement autocleanup for rpmfd
daemon/dbus/os: remove some goto statements
daemon/dbus: port some deployment logic to Rust
libpriv/unpacker: tweak error handling
libpriv/unpacker: implement autocleanup for archive
libpriv/editor: rework error handling to avoid goto statements
app: implement auto-cleanup for TransactionProgress
daemon: simplify some error cases
Timothée Ravier (1):
packaging: Remove unneeded Windows binaries from vendor snapshot
dependabot[bot] (13):
build(deps): bump libglnx from `88da8dd` to `c71f7ae`
build(deps): bump once_cell from 1.9.0 to 1.10.0
build(deps): bump termcolor from 1.1.2 to 1.1.3
build(deps): bump regex from 1.5.4 to 1.5.5
build(deps): bump curl from 0.4.42 to 0.4.43
build(deps): bump anyhow from 1.0.55 to 1.0.56
build(deps): bump cxx from 1.0.65 to 1.0.66
build(deps): bump cxx-build from 1.0.65 to 1.0.66
build(deps): bump libc from 0.2.119 to 0.2.121
build(deps): bump cap-tempfile from 0.24.1 to 0.24.2
build(deps): bump tracing from 0.1.31 to 0.1.32
build(deps): bump paste from 1.0.6 to 1.0.7
build(deps): bump tracing-subscriber from 0.3.9 to 0.3.10
2022.5
This is a minor release which adds support for overriding transfiletriggerin Lua scriptlets (#3487) and corrects a tagging issue with the previous release (#3486).
Colin Walters (1):
treefile: Use `std::io::Cursor` when reading byte arrays
Jonathan Lebon (5):
treefile: Add from_fields() constructor, use for `install` in container
scripts: Load transfiletriggerin earlier
scripts: Create named var for RPMSCRIPT_FLAG_EXPAND
scripts: Support transfiletriggerin lua replacements
Release 2022.5
2022.4
rpm-ostree v2022.4
This is a bug fix release which includes a bug fix to an issue that prevents building rpm-ostree on some architectures: #3482
Colin Walters (2):
Revert "fstype: Add license identifier"
Revert "compose: Print information about target filesystem"
Full Changelog: v2022.3...v2022.4
2022.3
rpm-ostree v2022.3
On the compose side, a major feature in this release is support for conditional-include and variable keys. This allows include directives to take effect only if some condition is met. See the treefile documentation for more information on this.
There is also a new repo_metadata treefile option that controls whether and how to inject metadata about the input rpm-md repositories.
The ostree-rs-ext stack is updated to 0.6.5.
On the bugfixes side, when RPM scripts are executed, /run is now properly a tmpfs.
On the client-side, the daemon now caches GPG verification status of commits which should dramatically increase startup times on systems which ship many GPG public keys such as Fedora.
There's an ongoing effort to make use of cap-std and rustix, with some more incremental porting happening in this release.
And of course, many other fixes and minor improvements!
Benno Rice (4):
Replace some uses of "blacklist" with more accurate language.
Add a Treefile option for where to stash the RPM repo metadata.
Wire the repo_metadata Treefile option in to the compose process.
Add tests for the repo_metadata Treefile option.
Colin Walters (20):
treefile: Add `container-cmd`
Port to `once_cell`, drop `lazy_static`
scripts: Use a tmpfs for /run
rust/initramfs: Port to cap-std
Add internal API to expose package variant list to Rust
scripts: Fix tmpfs for `/run`
`db version`: Switch to using SHA-256
Bump to cap-std-ext 0.24.1
cliwrap: Port to cap-std
compose: Print information about target filesystem
fstype: Add license identifier
daemon: Drop unused import
initramfs: Port to cap-std, drop `subprocess` dependency
postprocess: A bit more porting to `cap_std`
composepost: Drop last usage of `subprocess` crate
utils: varsubst: Allocate initial string to around expected capacity
live: A bit of porting to cap-std
countme: Port to cap-std
Bump to ostree-ext 0.6.5
testutils: Drop deprecated openat-ext usage
Jonathan Lebon (18):
daemon: cache GPG commit verification
rust: Oxidize `variant_add_remote_status`
build(deps): bump ostree from 0.13.4 to 0.13.6
rust/daemon: Use `replace_contents_with_perms`
daemon: Fix clippy warnings
treefile: Drop unnecessary collections:: prefixes
treefile: Consistently use kebab-case and drop unnecessary renames
treefile: Move from macro to function for var substitution
treefile: Skip serializing `container-cmd` if None
treefile: Support variables in more fields
treefile: Add `variables` field
treefile: Return String for releasever
treefile: Support `releasever` being a number
treefile: Make `basearch` and `releasever` variables
treefile: Premerge variables during recursive parsing
treefile: Add conditional includes
tests/container-image: Add missing space before !
app/composeutil: Canonicalize empty detached metadata to NULL
Joseph Marrero (1):
src/app/rpmostree-builtin-cleanup: return after cleaning up repo cache
Justin Kinney (1):
Ignore kernel-uek posttrans scripts
Luca BRUNO (3):
compose: move and symlink content under /var/lib
composepost: de-duplicate entries
tests/basic: check iptables setup through alternatives
Matthew Kenigsberg (1):
docs/layering.md: script using next fcos stream
Timothée Ravier (1):
src/daemon: Exhaustively set arg direction for DBus interface
Zbigniew Jędrzejewski-Szmek (1):
scripts: add replacements scripts for /sbin/ldconfig calls in glibc-common
New Contributors
-
@justinkinney made their first contribution in #3419
Full Changelog: v2022.2...v2022.3
Contributors
keszybz, justinkinney, and mkenigs