Releases: coreos/rpm-ostree
v2019.2
This is a bugfix release, mostly centered around compatibility with
SELinux.
The client is now able to rebase from a locally specified
repo. The syntax for this is:
rpm-ostree rebase /path/to/repo:ref-or-checksum
This essentially avoids a preemptive ostree pull-local, though in some
cases, one cannot rely on it due to SELinux. This is useful in Red Hat
CoreOS, where we rebase from a repo inside a mounted oscontainer
(ostree-repo-in-container).
PR #1732
The db diff --changelogs learned to group changelog printing by SRPM
rather than rewriting it each time.
PR #1738
One minor addition here is that scriptlets from layered packages can now
rely on /run/ostree-booted to detect OSTree systems. This will be
notably used for akmods support in Fedora Silverblue. For more
information, see https://bugzilla.redhat.com/show_bug.cgi?id=1667014
PR #1750
There are two follow-ups to the recent move to change the home root
directory to /var/home (#1726). First, the permissions for
/usr/etc/default/useradd were wrong. This is now fixed. Secondly, the
SELinux policy needed to be recompiled in order for some of its dynamic
rules to pick up on the changes. Additionally, the /var/home -> /home
alias was being problematic with the new changes. This release removes
that alias, as well as inserts a /home -> /var/home alias. For more
information, see https://bugzilla.redhat.com/show_bug.cgi?id=1669982.
PRs #1753 #1754
This release fixes rpm-ostree compose install --unified-core , which was
previously broken.
PR #1743
Colin Walters (4 PRs, 4 commits)
rust: Split openat helpers into module (#1737)
compose: Fix `install --unified-core` (#1743)
composepost: Fix permissions on /usr/etc/default/useradd (#1753)
treefile: Fix octal mode for rojig spec too (#1756)
Jonathan Lebon (7 PRs, 9 commits)
app/rebase: Support local repo remotes (#1732)
libpriv/rpm-util: Group by SRPMs when printing changelogs (#1738)
libpriv/scripts: Add /run/ostree-booted for scriptlets (#1750)
docs/treefile: Add some more details to mutate-os-release (#1751)
Release 2019.2 (#1757)
PR: #1735
rust/treefile: Include filename in more error msgs
rust/treefile: Convert more functions to Fallible
PR: #1754
postprocess: Add /home -> /var/home SELinux substitution
libpriv: Rebuild policy during postprocessing
v2019.1
New year, new rpm-ostree! But don't let the new major version fool you;
this is mostly a bugfix release.
Client
There was a bug which caused the client to fetch rpm-md twice during
update and layering operations. This has been fixed now.
PR: #1723
One of the most common issues hit by users is
#415. In this
release, the error message was tweaked slightly to give better context.
PR: #1717
Server
The automatic_version_prefix manifest field now has support for date
tags. For example, one can now use a value like 30.<date:%Y> and
rpm-ostree will generate values like 30.2019.0 then 30.2019.1,
etc... The date format is mostly identical to strftime. See the
treefile documentation for details.
PR: #1721
rpm-ostree will now also fix /etc/default/useradd so that newly
created users will have their homes pointing at /var/home/$USER. This
is mostly a cosmetic fix so that e.g. shells correctly show ~ when in
the home directory. There's more work to do in e.g. Anaconda so that
this bug is fully fixed though.
PR: #1726
Development
The minimum supported Rust version was bumped to 1.29.2. This matches
the latest release of the Red Hat Developer Toolset.
PR: #1716
Colin Walters (4 PRs, 6 commits)
core: Fix rpm-md repo caching (#1723)
PR: #1716
compose: Use dracut tmpdir under target root
(and 2 commits from other authors)
PR: #1726
compose: Change /etc/default/useradd to use HOME=/var/home
compose: Add a stub "postprocess" entrypoint in Rust
PR: #1727
Add rayon dependency, do postprocessing in parallel
compose: Minor further oxidation of postprocessing
Jonathan Lebon (7 PRs, 8 commits)
packaging: Don't include checksums for ltmain.sh (#1715)
core: Explain a bit the base/layered split mismatch issue (#1717)
rust: Add Cargo.lock (#1719)
rust: Bump dependencies (#1720)
packaging: Don't include checksums for libtool.m4 and configure (#1731)
Release 2019.1 (#1736)
PR: #1716
rust: Drop backtrace lock
ci: Bump minimum Rust version to 1.29.2
(and 1 commit from other author)
rfairley (1 PR, 1 commit)
libpriv/util: Add date field in auto-versioning (#1721)
v2018.10
After almost 2 months of development, v2018.10 is out! This is likely
the last release of the year, barring hiccups requiring a respin. We're
trying something new this time by splitting changes into those affecting
the client-side, the compose server, and rpm-ostree development itself.
Note also that releases are now published as GitHub releases. The
motivation for this is so that tarballs can be uploaded containing the
vendored Rust sources.
Client
rpm-ostree gained much nicer progress bars courtesy of the Rust
https://crates.io/crates/indicatif crate.
PR: #1661
There is a new rpm-ostree-bootstatus.service systemd unit (which isn't
yet enabled by default for Fedora globally) that should aid in debugging
exactly when a given upgrade was completed.
PR: #1693
The reset command is no longer an experimental command. As such it has
been hoisted to the top level of the command line.
PR: #1682
The AvailableUpdate section in the status -a/-v output now includes
any CVEs attached to packages in the update. This allows one to better
gauge the severity of the advisories and urgency of the next reboot.
PR: #1695
The db diff --changelogs output has been tweaked to make it easier to
tell which changelog entries correspond to which packages.
PR: #1687
The status command now also prints a clearer error message if the GPG
key used to sign the commit is missing.
PR: #1650
Server
Work continues on fleshing out "rojig" as an additional mechanism to
transport and manage rpm-ostree builds. The functionality now lives in
rpm-ostree compose rojig, although it is still classified as
experimental.
PR: #1512
This release includes a lot of improvements to the compose workflow in
the new unified mode, which is now in use in both Fedora CoreOS and Red
Hat CoreOS. For example, it is now possible to directly compose into an
archive repo. Additionally, composing into an existing branch no longer
requires the full previous commit.
PR: #1657, #1704
Although it is not yet the default for compatibility reasons, a future
version will eventually deprecate the legacy non-unified mode. If you
compose your own OSTrees, please give it a try; you can specify
--unified-core directly, or try out coreos-assembler which uses this
by default.
Development
The indicatif work required some under-the-hood refactoring in making it
easier for us to "oxidize" by bridging the C and Rust sides. Other
software which is using Rust and C together might be interested in some
of the work here. See for example: #1688 and #1691
Improvements to the development/testing workflow were made by syncing
libsolv from the build container to the virtual machine running the
make vmcheck tests. This helps avoid library dependency errors when
running tests locally.
PR: #1676
As always, thanks to all the contributors, especially to first-time
contributor Marcel Lambacher!
Colin Walters (24 PRs, 34 commits)
Add `compose rojig` command (#1512)
compose: Factor out helper for writing composejson (#1636)
Use autocleanup for task output (#1640)
rust: Move FFI bits into `ffi` submodule for each file (#1646)
core: Disable librpm SELinux plugin when writing rpmdb (#1647)
compose: Make --print-only happen earlier and be quiet (#1648)
rust: Remove `pub` from modules (#1649)
Move varsubst code into Rust, use it in treefile parsing (#1655)
build-sys: Turn Rust LTO off by default, add --enable-lto flag (#1664)
core: Typo in indicatif commit: `metdata` → `metadata` (#1673)
rust: Use `failure` crate for errors (#1675)
scripts: Add a hack to handle RHEL7's glibc-common.post (#1678)
rust/ffi: Change dfd handling to unwrap, create naming convention (#1685)
rust: Use Fallible<> more (#1690)
compose: Add a CUtf8Buf copy of rojig_name (#1691)
Add rpm-ostree-bootstatus.service (#1693)
daemon: Drop unused mutex (#1699)
rust/treefile: Add container key (#1702)
PR: #1641
rust: Create generic ref_from_raw_ptr function
rust: Merge glibutils with utility FFI helpers
PR: #1661
Use indicatif for progress
daemon/transaction: Clear out libostree progress consistently
PR: #1665
libvm: Don't sync rust target/
build-sys: With external cbindgen, drop Rust lib dependency
PR: #1674
ci: Verify rustfmt
rust: Rerun rustfmt
PR: #1676
vmcheck/multitest: Print when we're waiting
build-sys: Add bindgen bits to .gitignore
build-sys: Fix uid check when we don't have /usr/bin/cbindgen
vmcheck/multitest: Time execution of each test
vmcheck: Sync over libsolv and zchunk-libs too
(and 3 commits from other authors)
PR: #1688
rust/ffi: Convert String creation API, extend docs
rust/ffi: More "view" changes, for bytestrings
rust/ffi: Convert str func to new "view" naming convention
Jonathan Lebon (24 PRs, 47 commits)
rust: Drop crates-io patch and use 0.4.0 (#1639)
man: Fix references to automatic timer and service (#1652)
app: Wrap `Version` in `--version` in quotes (#1654)
compose: Don't require SELinux policy in legacy path (#1656)
compose: Use previous sepolicy if available (#1659)
compose: Print devino cache hits on commit (#1660)
compose: Allow --print-only without bwrap support (#1666)
compose: Drop 'ex' prefix for --unified-core in msg (#1668)
compose: Initialize out_changed var before --print-only (#1669)
core: Tweak "Importing" messages (#1681)
configure.ac: Add "GitHub release" step to release workflow (#1684)
compose: Fix EBADF in unified core mode without cachedir (#1698)
daemon/deploy: Fix free() of override replace pkgs (#1709)
PR: #1643
libpriv: Sanity check that paths are OSTree compatible
compose: Check that add-files are compatible after parsing
docs/treefile: Add info about paths for add-files
PR: #1657
compose: Support all target repos in unified mode
compose: Always put workdir on same filesystem as pkgcache
PR: #1658
compose: Check for error when opening policy
postprocess: Minor glnx_console interaction fixes
app/tree: Check upfront if repo is writable
passwd-util: Drop unnecessary OstreeRepo arg
postprocess: Rename xattr callback
core: use DEVINO_CANONICAL regardless of repo type
app/compose: Minor comment tweak
app/compose: Use g_printerr for note
app/compose: Check conflicting opts earlier
app/compose: Drop helper cachedir_dfd() function
PR: #1676
daemon/utils: Finish OstreeAsyncProgress after pull
daemon/transaction: Emit progress end signal
ci: Go back to centos/7/atomic/smoketested
(and 5 commits from other authors)
PR: #1682
Move `reset` out of experimental
app/ex: Nuke `ex kargs` compatibilty alias
PR: #1686
daemon/transaction-types: Fix dnf cache override
daemon/transaction-types: Drop unneeded arg
PR: #1687
libpriv/rpm-util: Tweak changelog entry indentation
libpriv/rpm-util: Use g_print instead of printf
PR: #1695
Print CVEs fixed in available updates
tests/utils/updateinfo: Rename function
tests/utils/updateinfo: Assuage flake8
PR: #1704
compose: Don't require full previous commit
compose: Factor out SELinux policy checkout
libpriv/passwd-util: Rework error-handling
PR: #1708
daemon: Perform kargs in cache-only mode
daemon/kargs: Fix handling of staged deployments
PR: #1713
Release 2018.10
Cargo.toml: Fix backtrace crate to compatibile version
Marcel-Lambacher (1 PR, 1 commit)
app/status: Output corresponding status message if GPG key is missing (#1650)
2018.9
https://github.com/projectatomic/rpm-ostree/releases/tag/v2018.9
This is the first release which hard-requires the new staging feature.
We consider the feature to be stable now, though some users have
encountered issues on slower disks during deployment finalization. This
should be alleviated in the latest OSTree release (v2018.9) which
increased the service timeout. See:
#1568
PR #1546
Related to the above, failures that occurred during finalization of
staged deployments will now be prominently displayed in the output of
rpm-ostree status on reboot.
PR #1601
And related to rpm-ostree status, note that the JSON output provided
by --json should now be much less spammy as the package list is now
filtered out.
PR #1577
While rpm-ostree hard depends on Rust, we are only slowly rewriting
code. There are a few reasons for this; one is that any rewrite entails
risk. However, the "treefile" parsing code is among the ugliest, and
hence was a good candidate for oxidation. The new Rust treefile parsing
code (for composes) much better handles inheritance between treefiles,
among other things.
(According to tokei, the percentage of Rust code increased from 1.7% in
v2018.8 to 2.6%)
One additional note about our oxidation process: we now enforce
compatibility at a specific rustc version. That version for now is
1.26.1 to match the current version in the Red Hat Developer Toolset.
PR #1606
A lot of internal preparatory cleanup landed for adding a new
compose rojig command dedicated to that:
#1081 The
compose tree --ex-output-rojig-set option has been removed. If you
want to play with rojig in the current release, use compose tree and
then ex commit2rojig.
We now override the %post scripts for a few packages in CentOS/RHEL7; at
least an Atomic Host-like package set can be built using
--unified-core which brings faster build speeds.
PR #1612
The layering logic learned to be smarter about re-using the rpmdb in
current deployments to avoid checking out the whole tree upfront. This
should allow some rpm-ostree layering operations to be much
lighterweight that before.
PR #1502
Related to layering, rpm-ostree now no longer overrides the
metadata_expire option of repositories. In practice, this should mean
that e.g. the Fedora stable repository will be refreshed less often than
necessary.
PRs #1562, #1587
There have been more reports of the ex livefs feature potentially
corrupting the bootloader symlinks, rendering the system unbootable. As
such, the feature is now gated behind an explicit --i-like-danger
switch until we investigate the issue further.
PR #1622
The db diff command now learned to automatically diff against the
rollback deployment if there is no pending deployment. This is useful to
see the package diff after rebooting into an update.
PR #1565
Micah Abbott contributed fixes to our vmcheck testsuite to make it
easier to run it against an existing host without overlaying the built
rpm-ostree binary.
PR #1555
Special thanks as well to our first-time contributors Christian Glombek,
Michael Nguyen, and Robert Fairley!
Christian Glombek (1 PR, 1 commit)
compose: Print version number (#1637)
Colin Walters (43 PRs, 63 commits)
rust: Use debug=true for release builds (#1550)
ci: Stop installing python-{sphinx,devel} (#1551)
compose: Remove support for `ex-rojig-spec` in treefile (#1558)
core: Stop overriding metadata_expire (#1562)
compose: Split off composeutil.[ch] (#1564)
compose: Add the timestamp to JSON metadata as ISO8601 (#1569)
compose: Drop combined ostree+rojig compose tree (#1570)
postprocess: Make autovar.conf world-readable (#1571)
Split cbindgen to separate build, support external version (#1573)
compose: Have first-one-wins semantics for rojig parsing (#1576)
core: Fix segfault if no selinux-policy package (#1578)
rust/treefile: Fix the type of `add-files`. (#1581)
build-sys: Propagate Automake verbose mode to Rust/cargo (#1583)
build-sys: Inject Automake's default CXXFLAGS to libdnf by default (#1586)
Fix cache_age handling for compose and client-side (#1587)
rust/treefile: Use the c_utf8 crate (#1588)
bwrap: Add APIs to set up bind mounts (#1590)
core: Maintain /usr/etc as /etc when running scripts (#1592)
bwrap: Also drop constructor direct bwrap arguments (#1593)
compose-tests: Use yaml.safe_dump (#1597)
compose: Support not specifying a ref (#1603)
composeutil: Test for ability to open new /dev/null (#1604)
rust/treefile: Include filename in error when parsing (#1607)
compose: Also port one passwd bit to using Rust treefile (#1610)
postprocess: Add missing newline to os-release message (#1611)
scripts: Fully neuter microcode_ctl scripts everywhere (#1623)
Switch to ISO8601 timestamps in more places (#1624)
rust/treefile: Use macros to reduce redundancy in treefile merging (#1631)
build-sys: Fix `make rustfmt`, and run it (#1635)
PR: #1552
compose: Fix double-parsing of first included treefile
compose: Update to decl-and-init coding style
PR: #1559
rust/bindgen: Add an autoptr cleanup for our struct
build: Regenerate rpmostree-rust.h if cbindgen.toml changes
PR: #1561
commit2rojig: Take a (YAML) manifest, not a spec file
tests: Add rojig spec into base config
PR: #1563
treefile: Redo rojig_spec to be Box<CStr>
build-sys: Rework Rust --frozen logic
PR: #1574
compose+rust: Parse includes via Rust too
tests: Add a test for inheritance order of `postprocess`
PR: #1580
rust/treefile: Add support for parsing JSON too
rust: Run rustfmt
PR: #1585
rust/bindgen: Use #pragma once
build-sys: Add a `rust-test` target
rust: Make io::Read a generic again
(and 3 commits from other authors)
PR: #1591
core,scripts: When no cachedir+unified-core, disable rofiles-fuse
core: Apply s{u,g}id consistently on checkout
importer: Don't import libselinux .LOCK files
PR: #1600
rust/lib: Rework fd helpers to consistently lseek()
compose: Move opening passwd/group files into Rust
tests: Add validation for provided passwd/group files
lib/rust: Add a helper to convert the raw pointer
compose: Move "serialized treefile" into Rust ownership
PR: #1601
build-sys: Just error out if building with multiple uids
rust/lib: Remove unnecessary integer casts
(and 4 commits from other authors)
PR: #1612
scripts: Correctly override RHEL7 glibc-common.post
scripts: Neuter RHEL7 pam and microcode_ctl
PR: #1616
compose: Add a helper to convert treefile → treespec
compose: Drop duplicate addition of arch- and bootstrap pkgs
PR: #1618
compose: Lower metadata logic for read/generate into a helper
compose; Lower `add-files` read into composeutil
compose: Clean up passwd/group injection API a bit
PR: #1630
Lower initial SELinux policy load from compose to core
tests/compose: Use workdir in tmpdir
Jonathan Lebon (17 PRs, 34 commits)
Hard require staging (#1546)
daemon/utils: Filter out rpmostree.rpmdb.pkglist (#1577)
libpriv/scripts: Add rpmdb query sanity checks (#1584)
libpriv/postprocess: Handle ENOTEMPTY from renameat (#1589)
postprocess: Add ostree-finalize-staged.path (#1617)
app/livefs: Require --i-like-danger switch (#1622)
Release 2018.9 (#1633)
PR: #1502
tests/vmcheck: Create correct base commits from layered
upgrader: Reuse existing rpmdb checkout if available
PR: #1554
packaging: Don't vendor bundled libcurl
packaging: Use standard strict mode header
PR: #1560
libpriv/util: Add getter for layer version
libpriv: Add simpler base layer getter
postprocess: Don't copy base rpmdb when layering
PR: #1565
app/db-diff: Diff against rollback if no pending
app/db-diff: Factor out helper printing function
app/db-diff: Drop redundant check
PR: #1585
ci: Use continuous image instead of rebasing to it
ci/compose: Use host repos for building rpm-ostree too
ci: Stop rebasing FAH on updates branch
(and 3 commits from other authors)
PR: #1594
upgrader: Output msg when staging deployment
app/start-daemon: Drop unused callbacks
PR: #1601
rust/journal: Adapt for el7 platforms
status: Print systemd or ostree staged failure msg
packaging: Nuke more vendored sources
status: Detect if staging failed in previous boot
(and 2 commits from other authors)
PR: #1606
ci: Add rust-min-version-check
ci: Split out script to install deps
ci/build.sh: Drop unnecessary `pkg_install cargo`
PR: #1620
libpriv/passwd-util: Fix leaks on error path
core: Fix NULL pointer dereference
daemon: Check if outvar is provided before assigning
PR: #1621
ci: Make `adduser` invocation idempotent
ci: Drop CI_PKGS and epel-release in `.papr.yml`
Micah Abbott (2 PRs, 2 commits)
vmcheck/misc-1: skip the overlay check when needed (#1555)
man: add note about pinned deployments when using cleanup (#1599)
Michael Nguyen (1 PR, 1 commit)
app/status: line wrap RemovedBasePackages (#1632)
Robert Fairley (1 PR, 2 commits)
PR: #1548
initramfs: Return error when --arg specified without --enable
initramfs: Print regeneration status for pending deployment
Git-EVTag-v0-SHA512: ba6c33a74f83b9173d1723fbb929633ea3162bb70cd2c38f9f880618025e10854badd35dceb5ada219020ec23b93f3d539377ad5c8b107d713d9d8493bed35f5