Releases: coreos/rpm-ostree
v2020.5
This is mostly a bugfix release.
One important fix is adapting to the change in Fedora to transition the rpmdb
to SQLite. This would
result in Fedora 33 composes using the new backend, making it harder for users
with layered packages to rebase (see
bugzilla.redhat.com/show_bug.cgi?id=1876194#c3).
As a result, there is now an rpmdb key in the treefile which can take e.g.,
bdb or sqlite but which defaults to bdb. This means that f33 composes
will for now keep using BDB, allowing for smoother rebases. Content providers
can opt into the new SQLite backend when convenient.
Another fix worth mentioning is a major improvement in how layered packages are
handled: rpm-ostree now correctly picks older versions of layered packages if
needed to satisfy base packages. This will help solve the "split base/layered
package mismatch" in
combination with pending work in Fedora at least to publish older versions of
RPMs. Additionally, when a solution is not possible, the error message prints
exactly what the conflict is.
Otherwise, there is the usual churn around CI. For example, the MSRV is now
1.45.2. There are some preparations for using
ostree-rs more extensively in the future.
Colin Walters (11):
Add testutils generate-synthetic-upgrade
core: Clearly show when no rpm-md repos are enabled
util: Remove an (effectively) unused GCancellable
rust: Fix deprecation warnings
deploy: Don't leak file descriptor passed for local rebases
db-list|version: Remove code to parse `..`
Move the "cbindgen typedefs" to their own file
ci: Use ostree from lockfile
compose: Use user mode checkout for sepolicy
Use ostree-rs, and oxidize more treefile checksumming
compose: Add rpmdb option, default to bdb
Jeff Law (1):
spec: Disable LTO
Jonathan Lebon (9):
app/ex: Drop `reset` alias
libpriv/origin: Factor out helper to set key from hash table
libpriv/kernel: Link initramfs into place earlier
src/{daemon,libpriv}: Better error prefixing
libpriv/kernel: Allow optional initramfs tmpf
ci: bump compose tests timeout to 60 minutes
ci: Bump MSRV to 1.45.2
core: Use SOLVER_LOCK for locking base packages
Release 2020.5
Kelvin Fan (1):
treefile: change `remove-from-packages` implementation
v2020.4
Minor release with some fixes and enhancements for RHCOS.
Server
A symlink from /usr/lib/sysimage/rpm to the rpmdb was added (PR #2154). This
will eventually be the new standard location for the rpmdb on multiple
image-based distros. See this
thread for
details.
Treefiles now support package requests with version requirements again
(PR #2151). Must be quoted, e.g.:
packages:
- foo bar 'baz > 1.0'
- 'boo <= 3.2'Client
Multiple commands learned the --lock-finalization switch which deploy
already understood (PR #2158). This is used in FCOS and may end up being used in
RHCOS as well.
Fix a potential segfault when upgrading from a local repo, i.e. via rebase /path/to/repo:$rev (PR #2178).
Colin Walters (1):
postprocess: Add a symlink /usr/lib/sysimage/rpm to the rpmdb
Jonathan Lebon (10):
Move release instructions to RELEASE.md
ci/installdeps: add distribution-gpg-keys
app: Add --lock-finalization switch to other commands
ci: pull Fedora image from Quay.io
ci: request 2G of RAM for compilation
ci: Constrain parallel build jobs
vmcheck/rojig: Don't use ci.centos.org
ci: Bump MSRV to 1.43.1
daemon/deploy: Finish OstreeAsyncProgress after pull
Release 2020.4
Kelvin Fan (1):
treefile: Allow greater/less than versions for pkgs
Tom Stellard (1):
spec: Use make macros
v2020.3
Release 2020.3
This is a thin release overall, with mostly bugfixes and minor tweaks.
-
rpm-ostree compose treewill now print a warning and incur a 5s delay when not using--unified-core. This is part of our push to eventually making it the default. If you cannot make use of--unified-coreright now and want to avoid the delay, there is an undocumented environment variable you can find. Please follow up to #729 if you need assistance! PR #2098 -
rpm-ostree rebase /path/to/local/repo:refis no longer considered experimental. This has been actively used by RHCOS on OCP4 for a while now. PR #2110 -
Fix a bug in the upgrader where downgrade protection would mistakenly kick in if deploying to a new version that was older than whatever the latest version was last pulled. PR #2096
-
Work around the latest f32
crypto-policiesusing a Lua scriptlet, which we do not yet support, and leaking FIPS mode from the server into composes. PR #2136 -
Fix building on platforms without zchunk support, like RHEL8. PR #2092
Colin Walters (9):
build-sys: Disable zchunk for libdnf if we don't have it
compose: Remove --output-repodata-dir
compose: Add a "warn and sleep" if --unified-core is not provided
tests/kola: Move into tests/kolainst, run installed
rojig-build: Just expand %_isa
test-override-kernel: Support f32
daemon: Add an error prefix in local repo pulls
rebase: Remove requirement for --experimental with local rebases
ffiutil: Format full errors from anyhow
Doug Hellmann (1):
docs/background: Fix benefits and drawbacks formatting
Jonathan Lebon (8):
upgrader: Add more error-prefixing
upgrader: Reset ref before fetching commit by override
spec: Bump version to 2020.2
tests: Make more resistant to releasever changes
app/status: Print missing newline for AutomaticUpdates
libpriv/scripts: Replace crypto-policies lua script
ci: Adapt to workspace being HOME
Release 2020.3
Stephen Gallagher (1):
spec: Fix up conditionals for ELN
2020.2
Various improvements to lockfile handling have been made in this release to accommodate Fedora CoreOS builds. The compose tree command learned a new --ex-lockfile-strict switch which enhances the semantics of --ex-lockfile to ensure that all the packages in the compose are defined in the input lockfiles. Also, there is now a new experimental lockfile-repos treefile entry which ensures that rpm-ostree never picks packages from those repos without a lockfile.
There were a few fixes related to client-side initramfs regeneration. In some situations, rpm-ostree would ignore files from the local /etc. Additionally, dracut is now executed with the same base arguments as those used on the compose server.
As usual, there were a slew of improvements to CI. We now moved to CoreOS CI for PR testing. Additionally, we've started converting some of our vmcheck tests to a new model which uses kola to run the test scripts directly on the host instead of being instrumented from outside the host.
There is a new readonly-executables treefile entry which will automatically strip the writable bits from all executable files in the spirit of W^X.
Support was added to replace the kernel using packages named other than kernel, as long as they have the expected Provides:.
A cliwrap flag was added (not enabled by default) that wraps existing binaries, intending to aid transitioning to rpm-ostree based systems.
PR: #1789
Colin Walters (27):
core,kernel: Set up /etc/passwd for dracut
ci: Pull Fedora from api.ci
rust: Bump to glib 0.8
build-sys: Hard require libostree 2020.1
history: Avoid erroring if no history database to clean
syscore: Add some error prefixing
core: Add error prefixing in import path
importer: Quote filenames with spaces for tmpfiles.d
rust: Start porting from failure to anyhow
rust: Fully remove failure crate
rust/libdnf_sys: Use uninstantiable type rather than wrapper struct
rust: rustfmt(*) and (re)add a CI check for it
core: Add error prefixing when we fail to fetch an rpm-md repo
tests: Start converting some bits into kola ext framework
Add support for wrapping binaries (rpm, dracut, grubby)
ci: Actually run kola tests
ci: Explicitly fetch before build
status: Don't output AutomaticUpdates: disabled by default
tests: Drain more readonly tests into nondestructive/misc
tests/runkola: New script
build-sys: Ignore cosa/kola artifacts
s/RPM-OSTree/rpm-ostree/
tests: Trim out dead code from libtest.sh, rework SRCDIR
tests: Move more code to kola
treefile: Add readonly-executables
build-sys: Remove --enable-new-name
Release 2020.2
Jonathan Lebon (32):
spec: Bump libmodulemd version requirement
ci/msrv.sh: Use SKIP_INSTALLDEPS=1 before building
ci: Move `cargo test` into `ci/msrv.sh`
ci/installdeps: Only builddep from spec file
app/main: Tell libdnf not to look for `dnf.conf` upfront
core: Simplify check for kernel package name
libpriv/kernel: Fix minor comment typo
status: Quote initramfs args if necessary
initramfs: Fix using local /etc when also replacing kernel
tests/compose: Stop freezing on specific FCOS commit
tests/libvm.sh: Bump container run to use f31
compose: Include base dracut args in commitmeta
initramfs: Use dracut args from commitmeta if available
ci: migrate to new coreos-ci project
ci: drop FAHC repo in favour of f31-coreos-continuous
vmcheck: Run vm_kola_spawn separately from if-statement
vmcheck: Work around read-only /sysroot
app/dbus: Suggest `journalctl -xe` if bus owner changes
rust: move libdnf-sys module to its own crate
app/compose: Rename lockfile variables
core: Factor out functions to enable/disable repos
tests/compose: Don't use lockfiles by default
tests/compose: Go back to freezing FCOS commit
core: Use `hy_query_run_set()` for excludes
compose: Add --ex-lockfile-strict
manifest: Add `lockfile-repos` field
app/compose: Fix help string for --ex-lockfile-strict
compose: Allow specifying lockfile-repos only
composeutil: Return NULL instead of FALSE
ci: Download the latest ostree even if from stable repos
ci-commitmessage-submodules: Ignore empty merge commits
Makefile.am: Link with --enable-new-dtags
Luke Blevins (1):
Recognize other kernel packages with provides
v2020.1
New year, new release!
Client
The package diffs that rpm-ostree would previously sometimes label downgrades as
upgrades. This was fixed.
Server
When converting RPM entries under /run to tmpfiles.d entries, rpm-ostree now
automatically changes all references of /var/run to /run to appease
systemd-tmpfiles.
compose tree now supports multiple --add-metadata-from-json arguments.
compose tree no longer requires passing an OSTree repo when requested to
simply print the flattened treefile via --print-only.
The treefile now supports a new exclude-packages field. This has a similar
effect to specifying exclude= in all the input yum repos. This is useful to
make sure that certain packages never enter the compose, even if recommended via
Recommends. If dependencies are not met because of excluded packages, the
compose fails.
Development
The minimum supported Rust version was bumped to 1.39. This matches the latest
toolset available in RHEL8.
The repo was hooked up to Dependabot, which will help us stay on top of latest
Rust crate fixes and libdnf changes.
A whole lot more work went into our CI system; among other things, both the
vmcheck and compose testsuites now target Fedora CoreOS, the system has a public
interface, and is based on a much faster and more reliable infrastructure. This
should greatly aid speed of future development, and we are working to extend
this to more Fedora CoreOS
projects.
Colin Walters (3):
treefile: Use ref_from_raw_ptr
importer: Use /run instead of /var/run
treefile: Add exclude-packages
Jonathan Lebon (19):
rust: Wrap parent directory handling for Path
libpriv/rojig: Fix unref'ing using wrong function
app/compose: Support multiple --add-metadata-from-json
app: Print help messages on stderr
app/rojig: Explicitly check a `rojig` section was provided
app/tree: Drop "YAML" from error message
app/compose: Skip bwrap self-test if --download-only[-rpms]
Don't require an OSTree repo for --print-only
ci: Bump MSRV to 1.39.0
ci: Run Rust unit tests
tests/compose: Move files around
tests/compose: Target FCOS 31, move off of PAPR
ci: Re-org stages and parallelize tests
core: Mark all repos as "modular hotfixes"
libpriv/util: Fix human diff printing for upgrades/downgrades
rust: cargo update
ci: Bump compose tests timeout to 45m
ci: Allow submodule bumps from Dependabot
Release 2020.1
dependabot-preview[bot] (11):
build(deps): bump libglnx from `470af87` to `5f3d352`
build(deps): bump indicatif from 0.11.0 to 0.13.0 in /rust
build(deps): bump libdnf from `cc36cb7` to `367cf8a`
build(deps): bump nix from 0.15.0 to 0.16.1 in /rust
build(deps): bump clap from 2.32.0 to 2.33.0 in /rust
build(deps): bump structopt from 0.2.18 to 0.3.8 in /rust
build(deps): bump indicatif from 0.13.0 to 0.14.0 in /rust
build(deps): bump structopt from 0.3.8 to 0.3.9 in /rust
build(deps): bump serde_json from 1.0.45 to 1.0.46 in /rust
build(deps): bump nix from 0.16.1 to 0.17.0 in /rust
build(deps): bump libdnf from `367cf8a` to `4a7ab08`
v2019.7
One final release before the new decade! 🎉
No major game-changing features in this release. Just a lot of enablement for Fedora CoreOS and RHEL CoreOS.
We've also started tackling our CI debt more seriously, refreshing our vmcheck testsuite to target Fedora CoreOS 31 (we were previously still targeting Fedora Atomic Host 29). Work is underway to also rework the compose tests.
Client
The biggest change client-side is support for read-only /sysroot. This works on top of the enablement that happened in libostree. It is currently not enabled by default; one must explcitly set the sysroot.readonly to true in the sysroot OSTree repo config. We are now making use of this in FCOS.
Server
Lockfiles can now be written in YAML. This is useful in e.g. FCOS, where we want to be able to annotate why an override is in place.
Some work went into FIPS enablement for RHCOS. For example, we now tweak the vmlinuz HMAC file to contain a relative path to the image. This works in tandem with a change in dracut to support relative paths in that file. We also now always bake in the /dev/[u]random device nodes in the initramfs, which is needed for FIPS mode.
There is now a automatic-version-suffix treefile key which allows customizing the character to use to separate the build counter (which previously was always .). This can be useful when trying to make your versioning scheme respect semver.
Development
We've made the zchunk repo metadata support a build-time conditional since RHEL8 currently does not support it.
Some tweaks were made across the codebase to satisfy clang's scan-build tool, but no critical issues were found.
As mentioned higher up, the vmcheck testsuite has had an overhaul. More specifically, it now leverages kola to bring up a VM per test rather than sharing between subsequent tests. This should provide much more testing reliability and flexibility in the future.
Look ahead to more changes in our testing and CI story!
Colin Walters (17):
Bump minimum rust to 1.37
rust: cargo update
OWNERS: New file for Prow integration
ci/prow: Use build-check.sh
ci/prow: Use cosa buildroot
ci/papr: Drop cosa build
Add hidden `coreos-rootfs seal` command
unpacker: Build with older libarchive without zstd
HACKING.md: Document libdnf vendoring rationale
Detect whether zchunk (zck) is available at build time
tree-wide: [scan-build] Initialize some variables
tree-wide: [scan-build] Add some not-null assertions
kargs: Support --append and --delete simultaneously
kernel: Append /dev/{u,}random to initrd instead of dracut caps
daemon: Use MountFlags=slave and opt-in to OSTree read-only /sysroot
compose: Add an `automatic-version-suffix` key
tests: Misc tweaks
Jonathan Lebon (21):
app/status: Fix printf format string for 32-bit
ci: Also bump MSRV to 1.37.0 for CCI Jenkins
app/reset: Fix argc range check
ci/jenkins: don't pass `GIT_COMMIT` to ci-commitmessage-submodules.sh
ci/papr: Drop f29-codestyle and rust-min-version-check
tests/vmcheck: Fix test-misc-1.sh syntax
ci/papr: Drop `required` commit status context
core: Filter locked packages by checksums before depsolving
libpriv/kernel: Use g_build_filename instead of g_strconcat
libpriv/kernel: Hack around vmlinuz path in HMAC file
core: Split out function to get enabled rpmmd repos
rust/lockfile: Add more metadata to generated lockfiles
libpriv/kernel: add cap_mknod to dracut run
ci: re-use variable for container images
ci: Archive built RPMs
ci: Add the built RPMs as cosa overrides
tests: Add hidden `testutils` subcommand
app/override: Don't include rpmostree-ex-builtins.h
Rework vmcheck to use `kola spawn`, move off of PAPR
libdnf: Bump to cc36cb7492275e34c10148176824a35a3a67a461
Release 2019.7
Rafael Fonseca (2):
rust/lockfile: Add YAML support
rust/utils: move common code to a function
v2019.6
Time for a new release! In fact, the last one was exactly two months ago.
The first thing you may have noticed if you're reading these notes is that
rpm-ostree is now part of the github.com/coreos organization. There are
multiple reasons for this; the main one being that projectatomic is being
sunset. The focus of most rpm-ostree development is on Fedora CoreOS (and
derivatives like RHEL CoreOS); including the new build tool
coreos-assembler. However, it
does not imply less commitment towards other variants (or distributions)
such as Fedora Silverblue and Fedora IoT that aren't "CoreOS based" currently.
For example, the rpm-ostree compose tree CLI/interface has and will remain
100% compatible, and we continue to support Anaconda.
However, with the project focusing on Fedora CoreOS, moving to the coreos org
will allow us to have better team management and consistent CI across all
coreos repos.
As for the release itself, there are mostly some minor bugfixes and enhancements
relevant to Fedora CoreOS integration. One new feature is the addition of the
experimental ex history command. A lot of work has also gone into our CI
system. See below for details.
Client
The deploy and rebase commands now support a --disallow-downgrade switch
to enable the same downgrade protection that upgrade enjoys. This is relevant
for FCOS, where the update driver (Zincati)
will make use of this.
The deploy command no longer exits with code 77 if the target version is
already deployed. Instead, this behaviour is now gated behind a
--unchanged-exit-77. This was done to harmonize the UX across the different
commands when the invocation turns out to be a no-op. Now both deploy and
upgrade behave the same in this respect (as well as install --idempotent,
which supports the same switch).
There is a new experimental command: ex history. The idea is similar to dnf history; it provides an exact account of all the deployments into which the
system was rebooted. The logging is tied to the systemd journal, such that old
entries are naturally garbage-collected. As usual, the behaviour and UX are
subject to change as we refine this feature.
Server
The treefile now supports an arch-include key to make an include directive
conditional on the basearch of the system. This is used for example in
fedora-coreos-config, where a
lot of multi-arch enablement is happening.
There were multiple fixes surrounding merge semantics of multiple treefiles via
the include mechanism. For example, the etc-group-members is now correctly
merged.
Development
Our CI is currently undergoing some revamping. We're experimenting with various
approaches with the hopes of moving away from
PAPR towards something more reliable
and which fits better with the rest of our CoreOS and OpenShift CI ecosystems.
Related to the above, an important change to highlight is that the canonical RPM
spec file for rpm-ostree is now part of the repository itself (at
packaging/rpm-ostree.spec.in). The main purpose is tighter CI integration with
systems that consume RPMs (such as
coreos-assembler).
Colin Walters (12):
cli: Add RPMOSTREE_CLIENT_ID environment variable
treefile: Support `arch-include` (#1886)
Move openat_utils to its own crate
ci: Just use cosa as a buildroot too
importer: Add some error prefixing
ci: More fixes for cosa build
ci: Add prow Dockerfile
rust: Add nix as a dependency
README.md: Add a "why" section, update background.md
Clarify license situation to include GPLv2, relicense Rust code
ci: Remove papr ex-container check
postprocess: Ensure dirs are 0755 regardless of umask
Jonathan Lebon (17):
app/deploy: Add --disallow-downgrade switch
daemon: Tweak default flag handling logic
ci: Some more el7 path pruning
ci: Allow passing HEAD commit to ci-commitmessage-submodules.sh
ci/installdeps.sh: Nuke temporary libdnf dep workaround
ci/installdeps.sh: Pull ostree from rdgo on f30 too
packaging: Drop support for dist-snapshot w/o compose
packaging: Fix repomanage usage
packaging: Move canonical spec file here
packaging: Adapt to cargo vendor now being built-in
vmcheck: Adapt test-override-kernel.sh
spec: Fix documentation files
ci: Add Jenkins pipeline
rust/treefile: Various treefile merging tweaks
app/deploy: Gate 77 exit behind --unchanged-exit-77
Add new `ex history` command
Release 2019.6
Rafael Fonseca (1):
app,daemon: Use public libostree's kargs API
Timothée Ravier (1):
postprocess: Quote OSTREE_VERSION value
worldofpeace (1):
Move D-Bus conf file to $(datadir)/dbus-1/system.d
v2019.5
A lot of work in this release was focused on enablement for Fedora CoreOS,
especially on the compose server side. Though many of these features are of
course useful on their own.
On another note, the oxidation process throughout the tree is slowly coming
along, with Rust code now also calling into C code to enable it to reach new
areas of the codebase.
Client
The deploy command now also supports the --lock-finalization switch just
like upgrade. This will be used by
Zincati to accurately control host
upgrades in Fedora CoreOS.
PR #1846
Package layering is now supported for RPMs compressed with zstd.
PR #1866
The db diff command now supports a --json flag for machine-friendly output
format.
PR #1844
Server
The treefile now supports two new related fields: ostree-layers and
ostree-override-layers. These can be used to add OSTree content directly on
top of the final compose. This is useful in workflows where host content is
managed by both RPMs and regular file trees. It's also likely at some point
the client side will use this to make it convenient and easy to layer non-RPM
content.
PR #1830
The treefile also supports a new add-commit-metadata key, which allows for
injecting arbitrary commit metadata just like --add-metadata-from-json.
PR #1865
The ${releasever} variable is now accepted in more places in the treefile,
such as in ref, automatic-version-prefix, and mutate-os-release.
PR #1848
The treefile include key now supports a list of filenames, rather than just a
single one. This essentially allows "multiple inheritance" of treefiles.
PR #1870
The compose tree command now supports new experimental support for lockfiles
using the --ex-lockfile and --ex-write-lockfile-to switches. The semantics
are very similar to e.g. Cargo.lock or glide.lock. This will be used in
Fedora CoreOS to have better control over the input RPMs. As expected from an
experimental feature, it's possible that the exact behaviours will change as we
gain more experience from it.
PRs #1745 #1849 #1851 #1867
Another new switch to compose tree is --parent which allows overriding the
parent commit of the final resulting OSTree commit. This is useful in workflows
where one wants to maintain OSTree history at a higher-level than on the "build
master" stream.
PR #1871
Development
As prep for moving our CI to target Fedora CoreOS, the vmcheck testsuite no
longer requires Python 3 to be installed on the targeted host.
PR #1850
Special thanks to first-time contributor Rafael Fonseca, who added the initial
support for lockfiles!
Colin Walters (7 PRs, 7 commits)
compose: Add ostree-layers and ostree-override-layers (#1830)
composeutil: Add error prefixing to legacy mkdev path (#1845)
daemon: Remove unused pkgcache method (#1853)
daemon: Ensure dict is initialized in refresh_md impl (#1856)
Add InitiatingClientDescription property to transactions (#1859)
scripts: Ignore new glibc lua %post (#1869)
treefile: Support multiple includes (#1870)
Jonathan Lebon (11 PRs, 28 commits)
app/deploy: Add --lock-finalization switch (#1846)
tests/vmcheck: Fully drop python 3 requirement (#1850)
app/composeutil: Document lockfile format in codeblock (#1854)
core: Check if cached pkg is in partial state (#1860)
unpacker: Add support for zstd (#1866)
Release 2019.5 (#1875)
PR: #1844
app/db-diff: Rename "old" -> "from" and "new" -> "to"
app/db-diff: Check upfront for invalid format arg
daemon/package-variants: Fix docstring arguments
app/db-diff: Add --format=json output
PR: #1849
core: Strengthen how we enforce lockfiles
core: Fix outdated misleading comment
core: Use variable for sack higher up
PR: #1865
compose: Hash all treefile externals and flattened manifest
bindgen: Also track Cargo.lock
tests/compose: Fix unified rev-parse test
treefile: Add new `add-commit-metadata` key
app/compose: Reorder logic around treefile parsing
app/composeutil: Split out JSON metadata reading
app/composeutil: Refactor reading JSON metadata from file
PR: #1867
rust: Move open_file test to utils module
lockfile: Allow omitting the digest
lockfile: Allow specifying multiple lockfiles
lockfile: Switch packages JSON spec to an object
lockfile: Switch to writing it from Rust
lockfile: Rename function to ror_lockfile_read
PR: #1871
composeutil: Add cancellable arg to write_composejson
compose: Add --parent option
Rafael Fonseca (4 PRs, 5 commits)
compose: Add --ex-lockfile and --ex-write-lockfile-to (#1745)
treefile: allow ${releasever} in more keys (#1848)
app/status: Group EVRs for RemovedBasePackages if possible (#1852)
PR: #1851
compose: Move json lockfile parsing to Rust
rust: Move open_file to utils.rs
William Caban (1 PR, 1 commit)
core: Update to recognize kernel-rt as kernel packages (#1872)
v2019.4
There are no major new features in this release. The focus has mostly been on
bugfixes and enabling Fedora and Red Hat CoreOS assembly (performed by the aptly
named https://github.com/coreos/coreos-assembler) and runtime.
There are some preparatory patches that landed for a new history command,
analogous to dnf history, which will allow one to inspect the OSTree history
of the system. You can see a snapshot of how this will look in:
#1813
Client
There is now a new API to allow external agents driving RPM-OSTree to have more
precise control over the update process. This will be the case for Fedora
CoreOS, which will be controlled by
Zincati. This new API essentially allows
separating the deploying stage from setting it as the default one on reboot.
PR: #1814
The rebase command now supports changing just the custom origin/description by
allowing the same checksum refspec to be provided.
PR: #1807
The kargs command now simply prints the current kargs without any preamble to
make it cleaner and easier to consume by scripts.
PR: #1833
Relatedly, the kargs --delete command is now capable of deleting duplicate
kargs.
PR: #1835
The notorious "Some base packages would be replaced" error now includes a
suggestion to upgrade first. At least for Silverblue, which has daily
composes, this should work around the base/split issue the majority of the time.
PR: #1818
Layering packages signed by a GPG subkey should now work. This is the case for
the Brave browser.
PR: #1819
The status --json command now outputs JSON in pretty format to be nicer to
humans who sometimes directly use it.
PR: #1828
Relatedly, if the daemon is busy servicing a transaction, status will now show
the exact command-line that was used. This is part of the prep patches for the
history command.
PR: #1824
Server
Add a workaround for packages which expect /etc/selinux/config to exist early
in the compose.
PR: #1806
Unified composes (which happen on both servers and clients) now explicitly print
out the stage at which posttrans scriptlets are executed.
PR: #1836
compose tree now supports a --no-parent option. This is used in
coreos-assembler to take advantage of all the niceties that a previous commit
implies (e.g. change detection, and SELinux optimizations), while still having
final OSTree commits that do not maintain history.
PR: #1829
compose tree --write-composejson-to=FILE now also includes the OSTree content
checksum of the commit. This is useful for tracking content across a pipeline
while the checksum itself might change as it is "grafted" onto different
branches.
PR: #1822
For more background information on the use case around the two previous
features, see discussions in:
coreos/coreos-assembler#159
Development
Docs for a container/VM workflow using Vagrant have been updated to use the
latest Vagrant box for Fedora Atomic Host, however it is noted that future
development targets Fedora CoreOS primarily.
PR: #1831
The Rust part of the codebase has now been updated to edition 2018. We're
excited to be increasing the proportion of Rust in the tree! This is mostly
happening through the addition of new code, though we do also sometimes port C
code to Rust in the process.
PR: #1812
Now that we no longer support el7 platforms, we have completely dropped the use
of Python 2 in our test harness. This is somewhat prep for rebasing our CI to
Fedora CoreOS, which in fact completely dropped Python support.
PR: #1828
Colin Walters (5 PRs, 5 commits)
core: Add a hack for /etc/selinux/config and %pre (#1806)
rebase: Support identical checksum rebases (#1807)
scripts: Update fedora-release-workstation lua override (#1808)
kargs: Just print args, don't add additional text (#1833)
core: Split posttrans into separate output status (#1836)
Jonathan Lebon (15 PRs, 30 commits)
Add new D-Bus APIs for deployment finalization (#1814)
core: Also suggest `upgrade` for base/layered split (#1818)
libdnf: Bump for GPG subkeys fix (#1819)
app/compose: Add ostree-content-checksum to composejson (#1822)
libpriv/kargs: Tweak delete restrictions (#1835)
Release 2019.4 (#1841)
daemon: Bump sysroot mtime to force reload (#1842)
PR: #1810
tests/vmcheck: Adapt to kernel v5.0
rust: Bump dependencies
PR: #1812
rust: Stop using `extern crate` and `#[macro_use]`
rust: Reduce visibility of items
rust: Update to 2018 edition
PR: #1816
daemon: Carry option GVariant into transaction type
app: Simplify option variant creation
app: Drop `ex reset` prototype
app/main: Make rpmostree_subcommand_parse local
PR: #1823
libpriv/util: Factor out function to get version
daemon/utils: Allow unfiltered deployment variant
app/status: Strengthen deployment printing
PR: #1824
Copy used command-line and set as transaction title
libpriv/util: Expand set of safe shell chars
PR: #1825
daemon/deploy: Set transaction title earlier
daemon: Rework kargs transaction
libpriv/util: Factor out shell quoting function
PR: #1828
app/status: Make --json output pretty JSON
tests: Bump to Python 3 only
vmcheck/overlay: Drop dependency on host Python
PR: #1829
tests/compose: Add RPMOSTREE_TMPDIR_LOCATION
compose: Add --no-parent option
tests/compose: Fix subtest scoping
Robert Fairley (2 PRs, 2 commits)
libvm: Use shared memory for SSH control socket instead of /var/tmp (#1827)
vagrant: Add header noting coreos-assembler (#1831)
Robert Fairley (1 PR, 2 commits)
PR: #1826
vagrant: Use a Fedora 29 container
HACKING: Add link to tests README
v2019.3
v2019.3
This is the first release that officially drops support for el7 platforms. We're
focusing now on el8 and Fedora platforms. This will allow us to drop a lot of
legacy code and reduce friction as we implement new features. As such, the last
supported version on el7 is v2019.2. We may backport patches to that release if
anyone encounters issues.
Note if you're a user of Red Hat Enterprise Linux Atomic Host (or derivatives
such as CentOS Atomic Host) - don't worry, if any important issues arise
(particularly any security-related ones) we will fix them. That said the
development focus is on Fedora CoreOS and Red Hat Enterprise Linux CoreOS.
PR: #1785
There were a few other significant backend changes in this release. Notably,
our libdnf submodule has been updated to point to the latest version available.
In other words, we are now using the same version of the backend library that
dnf itself uses. This should fix a few bugs and also unblock further work such
as adding support for modules.
PR: #1404
And finally, though late in the cycle, we've bumped our CI testing to Fedora 29.
Fortunately, there were no nasty surprises there, though you can expect that we
will be more timely in the future for Fedora 30.
PR: #1787
Client
Alex Larsson added support for layering some packages that own files in /opt.
Notably, layering Google Chrome should now work. Packages that need to write
data at runtime in /opt may still not work.
PR: #1795
We now have bash completions for the rpm-ostree CLI! Thanks to our new
contributor Chris Weeks!
PR: #1499
The rpm-ostree client will now close the client side monitoring connection for
completed transactions after 30s. This should mitigate issues with clients such
as GNOME Software holding on to the transaction, and thus blocking any other
transaction from starting.
PR: #1755
A new remove alias has been added for the uninstall command for better CLI
compatibility with dnf.
PR: #1783
The status command will now always show a diff of the booted to the pending
deployment. Previously this was only the case after upgrade commands. This is
prep for further UX enhancements around package diffs.
PR: #1760
Kalev Lember added a new D-Bus API for enabling and disabling yum repositories
from GNOME Software.
PR: #1780
The kargs command now correctly supports KEYWORD-style kernel arguments
which do not have an associated value.
PR: #1796
Server
compose tree gained a new option --download-only-rpms which can be used to
conveniently mirror the RPMs for a given treefile.
PR: #1798
There is a new boot-location: modules key which you can use to have the kernel
end up in just one location. To be used by Fedora CoreOS.
PR: #1773
Every key in a treefile now supports - for consistency, where _ was used.
This should make YAML treefiles more pleasing to write.
PR: #1749
The treefile now accepts a new basearch member. This can be used to assert
that the treefile is being composed on the right base architecture. But it can
also be useful as an easy way to determine the basearch of a host by reading
/usr/share/rpm-ostree/treefile.json.
PR: #1766
Alexander Larsson (1 PR, 2 commits)
PR: #1795
Test that /opt layering works
Support layering rpms with files in /opt
Chris Weeks (1 PR, 1 commit)
Add support for bash completion (#1499)
Colin Walters (11 PRs, 20 commits)
daemon: Time out client txn connections after 30s (#1755)
cli/cancel: Close txn bus connection after cancelling (#1759)
rust: Bump crate dependencies (#1765)
compose: Make initramfs.img world-readable (#1767)
ci: Add a f29 FCOS build (#1774)
compose: Add --download-only-rpms (#1798)
PR: #1763
tests: Don't make system user with differently-named group
main: Move cancellable creation later
bwrap: Add an API to take a file descriptor
compose: Support RPMOSTREE_PRESERVE_TMPDIR=on-fail
PR: #1764
compose: Pass treefile directly to core
rust/openat: Add helper to retrieve file type
rust: Add clap
PR: #1773
compose: Add `boot-location: modules`
compose: Remove support for boot-location: both
PR: #1790
compose: Add treefile as arg to postprocess
postprocess: Handle etc vs usr/etc
PR: #1794
Always enable dfd-over-dbus
build-sys: Always enable compose tooling
build-sys: Drop support for ancient librpm
Jonathan Lebon (15 PRs, 44 commits)
Rebase to latest libdnf (#1404)
daemon/sysroot: Fix ActiveTransaction property (#1769)
rust: Bump dependencies (#1770)
build: Hook up bash completions (#1772)
ci: Stop testing on CentOS 7 (#1785)
build: Move completions to /usr/share (#1786)
core: Don't exclude modular packages (#1797)
Release 2019.3 (#1801)
PR: #1749
rust: Pass through rustfmt
rust/treefile: Support dash convention for all options
rust/treefile: Don't hardcode list of architectures
rust/treefile: Use HashMap to collect extra fields
PR: #1760
app/status: Always print pending deployment diff
libpriv: Teach diff printer different formats
app/libbuiltin: Tweak print_treepkg_diff logic
app: Drop rpmostree_print_treepkg_diff()
app: Factor out function to generate diff summary
PR: #1766
rust/treefile: Add basearch key
rust/treefile: Rename arch -> basearch
tests/libtest.sh: Lift assert_jq from libvm.sh
PR: #1778
ci: Build the whole tree, not just rust bits
rust: Freeze rand crate to v0.6.1
PR: #1783
app: Alias `remove` -> `uninstall`
core: Add all packages to the sack upfront
core: Fix leak of a DnfPackage
daemon/deployment-utils: Specify array element type
upgrader: Add missing check for error
app/status: Fix spacing in function call
PR: #1787
vmcheck/test-rojig-client.sh: Don't check full rojig NEVRA
importer: Filter out /var/lib/rpm from rpm
Makefile-libs.am: Work around `g-ir-scanner` issues with clang
libpriv: Add more error-prefixing in sanity checks
ci: Fix ex-container LOGDIR
app: Drop unused variables
ci: Bump minimum Rust version to v1.31.0
tests/check: Tweak /usr/bin/sh path
ci: Fix repo editing in installdeps.sh
ci: Drop c7 support for installdeps.sh
ci: Bump to f29
PR: #1796
build: Bump minimum glib2 version to 2.56
libpriv/kargs: Copy libostree patch to support KEYWORD kargs
libpriv/kargs: Strengthen and simplify new kargs APIs
tests/test-kargs: Check for no error first
libpriv/kargs: Use `const char*` for delete API
Kalev Lember (1 PR, 1 commit)
daemon: Add new ModifyYumRepo DBus API (#1780)