Releases: coreos/rpm-ostree
2022.4
rpm-ostree v2022.4
This is a bug fix release which includes a bug fix to an issue that prevents building rpm-ostree on some architectures: #3482
Colin Walters (2):
Revert "fstype: Add license identifier"
Revert "compose: Print information about target filesystem"
Full Changelog: v2022.3...v2022.4
2022.3
rpm-ostree v2022.3
On the compose side, a major feature in this release is support for conditional-include and variable keys. This allows include directives to take effect only if some condition is met. See the treefile documentation for more information on this.
There is also a new repo_metadata treefile option that controls whether and how to inject metadata about the input rpm-md repositories.
The ostree-rs-ext stack is updated to 0.6.5.
On the bugfixes side, when RPM scripts are executed, /run is now properly a tmpfs.
On the client-side, the daemon now caches GPG verification status of commits which should dramatically increase startup times on systems which ship many GPG public keys such as Fedora.
There's an ongoing effort to make use of cap-std and rustix, with some more incremental porting happening in this release.
And of course, many other fixes and minor improvements!
Benno Rice (4):
Replace some uses of "blacklist" with more accurate language.
Add a Treefile option for where to stash the RPM repo metadata.
Wire the repo_metadata Treefile option in to the compose process.
Add tests for the repo_metadata Treefile option.
Colin Walters (20):
treefile: Add `container-cmd`
Port to `once_cell`, drop `lazy_static`
scripts: Use a tmpfs for /run
rust/initramfs: Port to cap-std
Add internal API to expose package variant list to Rust
scripts: Fix tmpfs for `/run`
`db version`: Switch to using SHA-256
Bump to cap-std-ext 0.24.1
cliwrap: Port to cap-std
compose: Print information about target filesystem
fstype: Add license identifier
daemon: Drop unused import
initramfs: Port to cap-std, drop `subprocess` dependency
postprocess: A bit more porting to `cap_std`
composepost: Drop last usage of `subprocess` crate
utils: varsubst: Allocate initial string to around expected capacity
live: A bit of porting to cap-std
countme: Port to cap-std
Bump to ostree-ext 0.6.5
testutils: Drop deprecated openat-ext usage
Jonathan Lebon (18):
daemon: cache GPG commit verification
rust: Oxidize `variant_add_remote_status`
build(deps): bump ostree from 0.13.4 to 0.13.6
rust/daemon: Use `replace_contents_with_perms`
daemon: Fix clippy warnings
treefile: Drop unnecessary collections:: prefixes
treefile: Consistently use kebab-case and drop unnecessary renames
treefile: Move from macro to function for var substitution
treefile: Skip serializing `container-cmd` if None
treefile: Support variables in more fields
treefile: Add `variables` field
treefile: Return String for releasever
treefile: Support `releasever` being a number
treefile: Make `basearch` and `releasever` variables
treefile: Premerge variables during recursive parsing
treefile: Add conditional includes
tests/container-image: Add missing space before !
app/composeutil: Canonicalize empty detached metadata to NULL
Joseph Marrero (1):
src/app/rpmostree-builtin-cleanup: return after cleaning up repo cache
Justin Kinney (1):
Ignore kernel-uek posttrans scripts
Luca BRUNO (3):
compose: move and symlink content under /var/lib
composepost: de-duplicate entries
tests/basic: check iptables setup through alternatives
Matthew Kenigsberg (1):
docs/layering.md: script using next fcos stream
Timothée Ravier (1):
src/daemon: Exhaustively set arg direction for DBus interface
Zbigniew Jędrzejewski-Szmek (1):
scripts: add replacements scripts for /sbin/ldconfig calls in glibc-common
New Contributors
-
@justinkinney made their first contribution in #3419
Full Changelog: v2022.2...v2022.3
Contributors
Assets 3
v2022.2
rpm-ostree v2022.2
A major feature in this release is:
This means rpm-ostree now has experimental support for layering packages defined on a tree file under /etc/rpm-ostree/origin.d/ which gives us a more declarative way to add packages on top of the OS. At the current time, this only works when run inside an ostree-based container.
This work is aimed for CoreOS layering/ostree native container.
We also fixed integration with two major changes coming in Fedora 36:
- https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory
- https://fedoraproject.org/wiki/Changes/RelocateRPMDNFToUsr
There is now support for platform-module in treefiles, which can be useful for modularity integration at build time.
There's an ongoing effort to make use of cap-std and rustix, with some more incremental porting happening in this release.
And of course, many other fixes and minor improvements!
Aravindh Puthiyaparambil (1):
docs: clarify layering tutorial
Benno Rice (3):
Allow the platform module to be specified in the Treefile.
Fix platform_module getter.
Document platform-module field.
Colin Walters (30):
Start using cap-std/rustix instead of openat/nix
tree-wide: Replace `nix::get*[ug]id` with rustix equivalents
build-sys: Symlink, not hard link `ostree-container`
scripts: Replace `authselect-libs` prein
composepost: Deal with `/etc/nsswitch.conf` being a symlink to authselect
core: When we fail to find a locked package, also print non-matches
core: Small tweaks for non-matching package output
client: Add context to microdnf failure to exec
ci: Try using next so we pick up `microdnf`
container-image: Test installs in a container
packaging: Add `Recommends: skopeo`
ci: Switch back to `testing-devel`
README.md: Link to ostree native container change
docs: Give a kernel override example too
Bump ostree-ext and cap-std
core: Honor `repo-packages` in treefile on client too
treefile: Don't bail out if `/etc/rpm-ostree` doesn't exist
ex-rebuild: Print something in the case where we found no files
treefile: Fix parsing of derived config fields
docs/container: Update for recent changes
treefile: Use `Deref` trait for something like inheritance
composepost: Do replace `altfiles` in `/etc/authselect/nsswitch.conf`
`ex rebuild`: Drop check gating on `packages` key
Add a `Dockerfile.containerci`
treefile: Also error if derive is nonempty for client side
treefile: Fix naming of `assert_empty()`
Revert "composepost: Do replace `altfiles` in `/etc/authselect/nsswitch.conf`"
Bump to cap-std-ext 0.24
tests/container-image: Support old rhel8 podman
Bump to ostree-ext 0.6.3
Jonathan Lebon (24):
composepost: Add comment re. tmpfiles.d conversion
tests/compose: check for /run/ostree-booted in unified mode
rust: const-ify `OSTREE_BOOTED` path
compose: Support `/run/ostree-booted` also in legacy mode
rust/treefile: Document `extra` struct member a bit more
rust/treefile: Sort compose knobs into "base" and "derivation"
rust/treefile: Simplify `error_if_nonempty`
core: Add new `rpmostree_context_new_container`
rust/treefile: Add client treefile support
Stabilize `initramfs-etc`
rust/treefile: Factor out parsing and postprocess
core: Connect callback to dnf context state changes
rust/treefile: Also validate treefile when creating from string
rust/treefile: Don't support workdir for clients
rust/treefile: Support creating client from /etc dropins
Add `rpm-ostree ex rebuild` command
app/pkg-builtins: Use container backend for installs
Finish dropping microdnf dependency
rust: Fix `cargo clippy` warnings
rust/treefile: Support creating client from /etc dropins
Add `rpm-ostree ex rebuild` command
app/pkg-builtins: Use container backend for installs
Finish dropping microdnf dependency
composepost: Remove /usr/lib/sysimage/rpm dir before symlinking
Joseph Marrero (1):
docs/layering: Tutorial on using the rpm-ostree layering feature
Luca BRUNO (4):
daemon: port revision-string parser to Rust
daemon/donwload-pkgs: fix a wrong error return
libpriv/core: recursively create /var/lib/rpm-state
libpriv/importer: log spurious content for debugging
Timothée Ravier (3):
docs: Match title and link for ex-container page
docs: Add page for `override replace --experimental`
docs/countme: Update doc links and trigger frequency
New Contributors
- @aravindhp made their first contribution in #3345
Full Changelog: v2022.1...v2022.2
Contributors
Assets 3
2022.1
rpm-ostree v2022.1
Client
A major feature in this release is:
This means one can use rpm-ostree install inside e.g. a Dockerfile when building a container. That said, we continue to discuss a possible declarative interface for this in coreos/fedora-coreos-tracker#1054
Overall
An update the ostree 2022.1 stack brings lots of fixes.
A notable change here is:
Specifically one can now invoke ostree container which internally invokes rpm-ostree ex-container because we didn't want to duplicate all the Rust code for ostree into a separate binary. But the user story here is that it's "ostree containers", not rpm-ostree containers.
What's Changed
- docs: Talk about override replace and usroverlay by @cgwalters in #3130
- daemon: Add
InaccessiblePaths=/var/lib/containersby @cgwalters in #3240 - core: Nuke auto-generated tmpfiles.d when removing packages by @jlebon in #3228
- tests/vmcheck: tweak some hackish direct access to /ostree by @lucab in #3246
- docs: fix minor bugs in rpm-ostree manpage by @peberanek in #3247
- Bump to ostree-ext 0.5.1 and containers-image-proxy 0.3.1 by @cgwalters in #3249
- countme: Trigger on boot and bi-weekly with random delay by @travier in #3041
- packaging: Don't use zchunk on RHEL9 either by @cgwalters in #3250
- tests/compose: Add updates-archive repo for glibc-all-langpacks by @jlebon in #3258
- core: Fix memory leak for colorless files by @cgwalters in #3260
- More lints by @cgwalters in #3263
HACKING.md: Document iteration on kola external tests by @cgwalters in #3264- build-sys: Remove
RPM_OSTREE_FEATURESfrom autoconf/C by @cgwalters in #3259 - rust/src/client: detect src.rpms by @jmarrero in #3265
- ci: Only run our own external tests by @jlebon in #3271
- importer: Canonicalize symlink targets by @cgwalters in #3266
- man/rpm-ostree: update docs for kargs and override parameters by @jmarrero in #3272
- override: Add --cache-only flag by @cgwalters in #3153
- Cargo.toml: Update ostree-ext to use main branch code by @jmarrero in #3283
- two build system fixes for bindings by @cgwalters in #3284
- rust: Add some more comments around cxx.rs, particularly
Result<T>by @cgwalters in #3292 - make: install ostree-container as a multicall hardlinked binary by @lucab in #3293
- core: Add an assertion to silence clang-analyzer by @cgwalters in #3295
- rust/src/client: check for ostree structure using ostree_ext api by @jmarrero in #3285
- dbus/live-fs: remove some goto statements by @lucab in #3296
- rust/src/client: rpm-ostree cleanup -m on containers calls microdnf c… by @jmarrero in #3297
- dbus: remove some goto statements by @lucab in #3303
- dbus/download-pkgs: remove some goto statements by @lucab in #3298
- daemon: port the override-source string parser to Rust by @lucab in #3309
- Fix or quiet unused field warnings by @cgwalters in #3312
- rust: Switch to ostree-rs-ext 0.6.0 release by @cgwalters in #3314
New Contributors
- @peberanek made their first contribution in #3247
- @jmarrero made their first contribution in #3265
Full Changelog: v2021.14...v2022.1
Contributors
Assets 3
2021.14
Client
- Move
ostree://parsing to daemon by @jlebon in #3199 - Use ostree-rs-ext 0.5.0 by @cgwalters in #3139
This pulls in a lot of work over the past weeks on "container native ostree" or "CoreOS layering".
See coreos/enhancements#7 for more information. - Fix
rpm-ostree kargs --editby @lucab in #3219 - Fixed a critical bug in
rpm-ostree deploy --ex-cliwrap=trueby @cgwalters in #3200 - Sort and indent packages/package groups in rpm-ostree status by @Mershl in #3201
(New contributor! 🎉)
Build/compose
- Normalise various aspects of the RPM database that vary build-to-build by @jeamland in #3165
This change deserves highlighting - @jeamland did significant work here to help ensure that the BDB-formatted RPM database is reproducible at a binary level. This in turn is a large portion of the work to makerpm-ostree compose treereproducible.
Core/misc
- core: Fix minor regression on colorless arches by @jlebon in #3205
Cargo.toml: Switch tolto = "thin"by @cgwalters in #3218
- DBus description: Add annotations for Qt support by @travier in #3112
- docs: Add docs for
ex-containerby @cgwalters in #3225 - libpriv: Update libsystemd copy of
format_timestamp_relativeby @jlebon in #3220
New Contributors
Full Changelog: v2021.13...v2021.14
Contributors
Assets 3
2021.13
This release contains mostly bugfixes and UX enhancements.
Some changes were made to help with reproducible builds. For example, rpm-ostree now passes the SOURCE_DATE_EPOCH to scripts during composes. Also, the lstchg timestamp field is now scrubbed from shadow files, and the content of generated tmpfiles.d fragments is sorted. #3163 #3174
A notable improvement for users is related to RPM packages with overlapping files color/disposition (i.e. multilib support), which are now properly handled at install time. This used to be a blocker for unixODBC.i686, a dependency of wine. #3125
A new rpm-ostree install --force-replacefiles flag allows overriding files without replacing the package. This may be useful in "quick testing" or hotfix scenarios. #3125
This release now consistently holds the ostree repository locked during a build, even when committing to a remote NFS repository. #3193
Thanks to all contributors!
Benno Rice (5):
compose: pass SOURCE_DATE_EPOCH into bubblewrap environments
nameservice: fix some comments and messages
nameservice: Add data structures and parsers for shadow(5)
compose: remove lstchg values from [/usr]/etc/shadow
compose: make "unified core" arguments common
Colin Walters (1):
make-git-snapshot: Use generated `cargo vendor` config
Jonathan Lebon (15):
core: Inline back add_te_files_to_ht function
core: Track file disposition by NEVRA
core: Compare rpm file coloring within layered packages
core: Free files_skip_add hash table after we're done
core: Handle RPM file colors more efficiently
app/pkg-builtins: Tweak pkgs strv passing to D-Bus
app/pkg-builtins: Account for 'file://' when choosing D-Bus method
daemon/upgrader: Factor out local pkgs handler
libpriv/core: Add rpmprob filter flags one by one
libpriv/origin: Use if-statement rather than ternary operator
Add `install --force-replacefiles`
docs/admin-handbook: Add docs about modularity support
compose: Always commit under a shared repo lock
ci: Remove `install-extra-builddeps.sh`
Make `jq` a `BuildRequires`
Luca BRUNO (1):
composepost: output translated /var entries in lexicographic order
Timothée Ravier (2):
docs: Do not convert -- & --- to en/em-dash
docs: Update links to code, man pages and projects
2021.12
There's a notable new feature in this release from our Outreachy intern, which
is that override replace learned experimental support for fetching from
rpm-md repos. This makes it a bit easier to find newer (or older) packages
from repos.
PR: #3092
A notable bugfix is that rpm-ostree rebase now accepts ostree:// as a
prefix again, which fixes gnome-software:
PR: #3157
Other fixes include kernel overrides with newer depmod, and a docs tweak.
Thanks to all contributors!
Colin Walters (6):
rust: Use `opt-level=1` for default `dev`
extensions: Add support for per-extension repos and modules
main: Remove pointless `async { ... }` + `.await` pair
main: Remove lots of `Some` matching
rebase: Parse `ostree://` prefix again
Release 2021.12
Jonathan Lebon (2):
libpriv/kernel: Handle new modules.builtin.alias.bin depmod file
libpriv/kernel: Point to depmod source of truth
Rafael G. Ruiz (1):
override replace: add experimental options
Zhangyuan Nie (1):
docs: fix hyperlinks in architecture-daemon.md
dependabot[bot] (10):
build(deps): bump tokio from 1.11.0 to 1.12.0
build(deps): bump subprocess from 0.2.7 to 0.2.8
build(deps): bump libc from 0.2.102 to 0.2.103
build(deps): bump cxx from 1.0.54 to 1.0.55
build(deps): bump tracing from 0.1.27 to 0.1.28
build(deps): bump serde_json from 1.0.67 to 1.0.68
build(deps): bump system-deps from 4.0.0 to 5.0.0
build(deps): bump cxx-build from 1.0.54 to 1.0.55
build(deps): bump nix from 0.22.1 to 0.23.0
build(deps): bump curl from 0.4.38 to 0.4.39
Git-EVTag-v0-SHA512: dd71cae4fab04ce0b8e1ab495afb2d3b5ed6620510bf71ce1eb7666d1b50cc873e53da4f1174905985e0b989c7f88159ca82cb9a441f730d04ca98e449a8441b
2021.11
Mainly smaller minor fixes; the main new feature here is support for modularity in extensions.
Support for the still-experimental "ostree native containers" is updated to the latest 0.3 release of https://crates.io/crates/ostree-ext
Colin Walters (12):
rust: Fix some clippy lints
treefile: Fix a clippy lint
rust: Fix clippy lint for extra `&`
Add --enable-bin-unit-tests
rust: Fix misc clippy lints
rust: Fix two clippy errors
rust: Fix more clippy lints
rust: Allow a few clippy lints
rust: Fix a clippy lint about manual `strip_prefix()`
tests/misc: Update regexp to match fixed ostree error
Bump to ostree-rs-ext 0.3
Release 2021.11
Evan Anderson (1):
scripts: Ignore glibc-gconv-extra lua script in %post
Jonathan Lebon (2):
extensions: support enabling/installing modules
tests/kolainst: Check layering of `cri-o:1.20/default`
Timothée Ravier (1):
gitignore: Add /api-doc/Makefile{,.in}
dependabot[bot] (21):
build(deps): bump cxx-build from 1.0.52 to 1.0.54
build(deps): update system-deps requirement in /rust/libdnf-sys
build(deps): bump cxx from 1.0.52 to 1.0.54
build(deps): bump libc from 0.2.100 to 0.2.101
build(deps): bump libdnf from `387bd99` to `c8ccabc`
build(deps): bump system-deps from 3.2.0 to 4.0.0
build(deps): bump serde_json from 1.0.66 to 1.0.67
build(deps): bump tokio from 1.10.0 to 1.11.0
build(deps): bump serde_yaml from 0.8.19 to 0.8.20
build(deps): bump futures from 0.3.16 to 0.3.17
build(deps): bump structopt from 0.3.22 to 0.3.23
build(deps): bump serde from 1.0.128 to 1.0.130
build(deps): bump libdnf from `c8ccabc` to `4c7511c`
build(deps): bump memfd from 0.4.0 to 0.4.1
build(deps): bump anyhow from 1.0.43 to 1.0.44
build(deps): bump tracing-subscriber from 0.2.20 to 0.2.22
build(deps): bump serde_yaml from 0.8.20 to 0.8.21
build(deps): bump tracing from 0.1.26 to 0.1.27
build(deps): bump libdnf from `4c7511c` to `e5ecbc1`
build(deps): bump tracing-subscriber from 0.2.22 to 0.2.24
build(deps): bump libc from 0.2.101 to 0.2.102
2021.10
Release 2021.10
This is a small release mostly to fix a bug in the modularity code. Other
notable changes are:
- container pulls now respect cancellation
systemctl statuswhen called from the client to diagnose daemon failures now
uses--no-pager
Colin Walters (4):
Set up Tokio runtime in main()
upgrader: Make container pulls cancellable
client: Use `--no-pager` for `systemctl status`
rust: Drop use of ostree-rs-ext VariantDictExt, bump glib
Jonathan Lebon (2):
Merge pull request #3093 from coreos/dependabot/submodules/libdnf-387bd99
Release 2021.10
2021.9
Procedural note: We tagged v2021.8, but never made it an official release because it was belatedly noticed that modularity support wasn't flagged sufficiently experimental. So the logical history is now v2021.7..v2021.9.
Client side
The biggest change here is initial support for modularity, both on the compose side (via a new modules: treefile key) and on the client side (via e.g. rpm-ostree ex module install) (#2760). Note that support for modules is still experimental.
The daemon now periodically logs download progress for the base ostree to the systemd journal.
A new experimental rpm-ostree override replace --ex-pin-from-repos $package is now available (new contributor @Razaloc). This makes it easier to pull in packages newer than are in the base image for testing. (#2905)
The daemon now works when polkit is not available (#3019).
Some smaller fixes for "ostree-in-container" integration (#3010, #3011).
Build/compose side
The rpmdb key now supports two new keys: host and target (#3002). The latter causes the rpmdb of the compose to use the native format of the rpm version in the compose itself. In general, one probably always wants target, which is the new default. See documentation for full details.
Internals
Some smaller ongoing oxidation (conversion of C/C++ to Rust) on the order of 500 lines.
The codebase now more consistently uses GError on the C/C++ side instead of exceptions. Related to this, a number of "error prefixing" changes landed which will help debug errors.
Updated to ostree-rs-ext 0.2.2.
Various CI improvements.
Thanks to all contributors!
Benjamin Gilbert (2):
workflows: bump lint toolchain
workflows: limit permissions to reading repo contents
Colin Walters (43):
Directly invoke cliwrap code from Rust
daemon: Move more deployment-variant bits to Rust using treefile
rust/main: Move all real logic into inner_main()
Move all error printing into Rust
main: Add comment noting to use inner_main()
docs: Add experimental/cliwrap
upgrader: Inline the check for local assembly
transactions: Only open up sepolicy once when importing
Support `rpmdb: host` and default to `target`
upgrader: Print messages when we're fetching container bits
Add container image digest and print it in status
compose: Add error prefixing when writing compose JSON
db: Prefix error when we fail to load the rpmdb
os: Minor code style cleanup
daemon: Authorize uid 0 when polkit is not available
Move `usroverlay` code into Rust
compose: Add error prefixing for local pull
ci: Install system deps before cxxbridge
build-sys: Install cxxbridge in target/
Add .copr/Makefile
Update to glib 0.14 + ostree 0.8 + ostree-rs-ext 0.2
postprocess: Oxidize directory size counting
rust: Almost entirely empty out our variant_utils.rs
origin: Change change handling to saturate at `TRUE`
Add some more debugging bits when replacing kernel
deploy: Only hold local variant pointer, not in struct
origin: Make some package/module mutation functions no-ops for NULL
daemon: Move more deploy transaction init into execute()
deploy: Move local_repo_remote_dfd into function scope
deploy: Move install_local_pkgs into function scope
deploy: Move package overrides into function scope
origin: Change add_packages to ignore NULL
Use gobject-sys via re-exported `glib::gobject_ffi`
Use gio-sys via re-exported `gio::ffi`
Use glib-sys via re-exported `glib::ffi`
rust: Update to ostree-ext 0.2.2 (and deps), use unified import
daemon: Inline variable declarations for txn progress
daemon: Inline parsing of ostree progress
daemon: Fix elapsed_secs
Oxidize transaction progress rendering
libdnf-sys: Drop glib dependency
daemon: Emit transaction progress to journal every 15s (if changed)
Release 2021.8
Jonathan Lebon (10):
rust/utils: Mark `:` as shell-safe
rust/utils: Add safe wrapper for print_treepkg_diff_from_sysroot_path
daemon/upgrader: Drop unused variable
core: Drop duplicate querying for enabled repos
tests/kolainst: Nuke `tests/kola` before regenerating
Add support for modules
src: Wrap all throwable CXX calls in try-catch
src: Simplify CXX_TRY_VAL macro
core: Disable all modules upfront
core: Use new API for disabling all modules
Luca BRUNO (7):
builtins/compose: move /dev preparation to Rust
builtins/compose: move basearch and pretty-print logic to Rust
builtins/compose: always return computed input-hash
builtins/compose: drop an automatic-error-prefix macro
compose/commit: decouple JSON summary logic, move stats to Rust
clientlib: add more error contexts
libpriv/diff: allow missing rpmdb
Rafael G. Ruiz (1):
override replace: add experimental option ex-pin-from-repos