Releases: ostreedev/ostree
v2024.5
What's Changed
- Release 2024.4 by @cgwalters in #3197
- docs: Move SPDX identifiers under first title by @travier in #3199
- sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled by @cgwalters in #3196
- main: Ignore SIGPIPE when printing version by @dbnicholson in #3203
- otcore: Drop config load print by @cgwalters in #3204
- bootloader/grub2: Don't do anything if we have static configs by @cgwalters in #3205
- sysroot: Turn on bootloader-naming-2 by default by @cgwalters in #3206
- kargs: parse spaces in kargs input and keep quotes by @HuijingHei in #3208
- Ensure boot directory is open before accessing it for early pruning by @rborn-tx in #3213
- checkout: Always replace existing content with overlay mode by @cgwalters in #3214
Full Changelog: v2024.4...v2024.5
v2024.4
What's Changed
- Release 2024.3 by @cgwalters in #3172
- rofiles-fuse: Check fsverity flag for copyup by @cgwalters in #3175
- tests: Use long key IDs by @teythoon in #3178
- docs: Add webrick dependancy for building site locally by @ericcurtin in #3179
- tests: Use long key IDs, I found another one by @teythoon in #3180
- README: Add Red Hat In-Vehicle Operating System by @ericcurtin in #3181
- workflow/docs: Update to actions/checkout@v4 & dependabot: Update github-actions weekly by @travier in #3176
- test-admin-deploy-var: Don't rely on OSTREE_FEATURES by @smcv in #3184
- deploy: Don't fail if loading composefs configuration fails due to mi… by @alexlarsson in #3189
- ostree-prepare-root: Amend comment about shared mounts by @rborn-tx in #3186
- Docs fixes & SPDX identifiers uniformisation by @travier in #3185
- prepare-root: Disallow hotfixes if using signed composefs images by @alexlarsson in #3194
- generator: Fixes for Android Boot environment by @ericcurtin in #3192
- sysroot: Reword comment and use gboolean over bool, error handling by @ericcurtin in #3195
New Contributors
Full Changelog: v2024.3...v2024.4
v2024.3
New features and notable changes
This release changes how /var
works (again):
- sysroot: Rework /var handling to act like Docker
VOLUME /var
by @cgwalters in #3166 - Drop tmpfiles var by @cgwalters in #3168
The mount setup also had a semantic change for those enabling root.transient
:
- prepare-root: Switch to a tmpfs for transient root by @cgwalters in #3173
Also related to prepare-root, it is now recommend to enable composefs by simply configuring ostree-prepare-root.conf
and not the ex-integrity.composefs
variable:
- deploy: Honor prepare-root.conf at deploy time for composefs by @cgwalters in #3165
Other changes
- prepare-root: Unify root.transient with composefs by @cgwalters in #3170
- Release by @cgwalters in #3160
- libostree: write selinux xattr when on non-selinux systems by @mvo5 in #3151
- ostree.repo-config(5): Fix a typo by @smcv in #3167
- Expose MOUNT_ATTR_IDMAP detection result to C code by @rborn-tx in #3169
- docs/atomic-rollbacks: Add a section on rollbacks by @ericcurtin in #3171
- Release 2024.3 by @cgwalters in #3172
New Contributors
Full Changelog: v2024.2...v2024.3
2024.2
What's Changed
New features
The ostree admin pin
command learned more human-consumable verbs:
- admin/pin: Add commands to pin booted, pending and rollbacks deployments by @ericcurtin in #3146
- generator: Exit if there's no
/run/ostree
by @cgwalters in #3147
Bugfixes
- deploy: Ignore sockets, fifos in /etc/ during merge by @yummypeng in #3143
- grub2-15_ostree: Graceful exit if /etc/default/grub doesn't exist by @travier in #3150
- Track deployment root/inode from prepare root by @cgwalters in #3164
Other changes
- Release 2024.1 by @cgwalters in #3141
- tests: Skip composefs test if /var/tmp does not support user xattrs by @smcv in #3145
- composefs: Bump composefs max version to 1 by @alexlarsson in #3149
- ci: Add a bootc/c9s workflow by @cgwalters in #3152
- syslinux: Avoid double
/boot
if bootprefix is enabled by @cgwalters in #3157 - admin/state-overlay: Require root and don't lock sysroot by @jlebon in #3158
- Enable
sysroot.bootprefix
by default by @cgwalters in #3156 - Revert "Enable
sysroot.bootprefix
by default" by @cgwalters in #3159
New Contributors
- @yummypeng made their first contribution in #3143
Full Changelog: v2024.1...v2024.2
2024.1
New features
There are two major new APIs around configuring mutability and persistence of the root filesystem.
First, OSTree gained support for a new root.transient
flag that makes /
an overlayfs
that is persistent across reboots but not across upgrades. This makes the system behave a bit more similarly to e.g. Docker and following tools such as podman and Kubernetes.
- prepare-root: Add support for root.transient by @cgwalters in #3114
- Doc root transient by @cgwalters in #3117
There is a different approach in the (still classified as experimental) ostree-state-overlay@.service
unit:
This approach instead allows operating systems or downstream builders to choose to apply persistent merge semantics to specific targeted directories (e.g. /opt
).
Notable bugfixes
- prepare-root: Fix composefs + ostree admin unlock --hotfix compat by @cgwalters in #3129
- lib/deploy: Round to block size in early prune space check by @jlebon in #3130
-
- status: Pass correct remote name when verifying by @cgwalters in #3131
Other misc changes
-
Release 2023.8 by @cgwalters in #3111
-
Update Torizon information by @leonheldattoradex in #3112
-
doc: Add section about ostree and bootloaders by @jmarrero in #3116
-
Link to gardenlinux/ostree-image-builder in README by @fwilhe in #3121
-
deploy: Log calculated needed space by @cgwalters in #3123
-
rust: Add missing feature versions by @cgwalters in #3124
-
switchroot: Be explicit about what could cause /sysroot to be ro by @ericcurtin in #3125
-
zipl: A few fixes by @cgwalters in #3119
-
docs/composefs: Add note about toplevel dirs by @cgwalters in #3127
-
switchroot: use shared constant for unlock --hotfix by @cgwalters in #3128
-
status: Fix build without GPGME by @ericcurtin in #3132
-
systemd/ostree-boot-complete: Start earlier by @cgwalters in #3133
-
status: Introduce tool to quickly check if we are booted as default by @ericcurtin in #3134
-
status: Rename query-booted to is-default by @ericcurtin in #3136
-
doc: Add section about ostree and aboot by @ericcurtin in #3135
New Contributors
- @leonheldattoradex made their first contribution in #3112
- @fwilhe made their first contribution in #3121
Full Changelog: v2023.8...v2024.1
2023.8
This release stabilizes "deployment finalization locking" which
is very useful for automatic update workflows.
- sysroot: Stabilize deployment finalization, add API by @cgwalters in #3090
There's a new post-copy
command which may be useful for build
systems that generate a filesystem tree outside of ostree:
- Add
ostree admin post-copy
command by @alexlarsson in #309
The commit logic started using reflinks (if available) which
can be a big speedup.
- commit: Try reflinks for local commits by default by @cgwalters in #3106
System root and bootloader:
- bootloader/zipl: Run in target deployment as container if needed by @cgwalters in #3104
- bootloader/zipl: No-op if run as non-root by @cgwalters in #3085
- lib/bootloader-zipl: Check for Secure Boot before zipl by @nikita-dubrovskii in #3080
Finally, ostree now ships a tmpfiles.d
fragment which copies from /usr/share/factory/var
to /var
by default:
- tmpfiles: Copy
/usr/share/factory/var
to/var
by @cgwalters in #3103
v2023.7
A variety of things here. I think the new support for a "transient etc"
will be appreciated in many places. Note that to work with SELinux
the build system side needs to ensure the labels on /usr/etc
match /etc
.
Another important change is that the ostree HTTP layer now retries requests
by default; this closes a very longstanding RFE.
Also on the pull side, a longstanding bug was fixed where we'd still
try to fetch "loose" objects even when we were doing a delta pull.
There's a variety of clang-analyzer fixes (some false positives, some real
memory leaks, etc).
Even more in the below log; thanks to all contributors!
What's Changed
- Release by @cgwalters in #3005
- Misc c99 style 5 by @cgwalters in #3006
- 2023.6 coverity minor fixes by @cgwalters in #3013
- Refactor composefs warnings by @cgwalters in #2994
- More analyzer fixes 2 by @cgwalters in #3016
- More analyzer fixes 3 by @cgwalters in #3017
- mutable-tree: Quiet clang-analyzer warning by @cgwalters in #3019
- mutable-tree: Change some
g_return_if_fail
tog_assert()
by @cgwalters in #3020 - build(deps): bump libglnx from
c02eb59
to54ad67d
by @dependabot in #3023 - Clang analyzer fixes 5 by @cgwalters in #3024
- deploy: Remove global
sync
by default by @cgwalters in #2968 - sysroot: Promote the "early prune" behavior to default by @cgwalters in #3012
- build(deps): bump composefs from
1aed878
to597a766
by @dependabot in #3018 - Drop cap-std from our public APIs by @cgwalters in #3027
- rust: Port to glib 0.18 by @cgwalters in #3029
- build(deps): bump composefs from
597a766
tod085fbf
by @dependabot in #3028 - build(deps): bump composefs from
d085fbf
toaf86742
by @dependabot in #3030 - rust/sys: Also bump semver for this by @cgwalters in #3035
- ci: Add an automatic labeler action by @cgwalters in #3037
- rust: Drop composefs from crate by @cgwalters in #3038
- lib/pull: Don't scan commit objects we fetch via deltas by @jlebon in #2054
- rust: Switch to using
include
by @cgwalters in #3039 - build(deps): bump libglnx from
54ad67d
toaff1eea
by @dependabot in #3047 - gitmodules: Use github GNOME mirror by @cgwalters in #3052
- rust/tests: Adjust for new ostree by @cgwalters in #3051
- boot/dracut: Add erofs and overlayfs kernel modules by @ericcurtin in #3053
- tests: Add an integration test for composefs signatures by @cgwalters in #3021
- docs: Add authenticated-repos.md by @cgwalters in #3058
- build(deps): bump composefs from
af86742
tocca8be4
by @dependabot in #3046 - repo: Default bootloader to zipl on s390x by @cgwalters in #3059
- Revert "ci: Run cosa unprivileged" by @jlebon in #3049
- When exporting, use hardlinks for duplicated files by @owtaylor in #3060
- ci: Ensure composefs is enabled on Fedora by @cgwalters in #3067
- repo: Add an option to label /usr/etc as /etc by @cgwalters in #3063
- tests: Fix whiteout test by @alexlarsson in #3072
- Support transient /etc by @alexlarsson in #3062
- deploy: Improve error message for nonexistent stateroot by @cgwalters in #3073
- composefs: Add more error prefixing by @cgwalters in #3074
- deploy: Remove lock when re-staging by @cgwalters in #3077
- tests: Use ext4, re-enable composefs test by @cgwalters in #3075
- karg-delete: support multiple times by @HuijingHei in #3078
- ostree-fetcher-curl: handle non 404 errors as G_IO_ERROR_TIMED_OUT by @jmarrero in #2843
- lib/deploy: Log SELinux policy refresh by @jlebon in #3081
New Contributors
Full Changelog: v2023.6...v2023.7
2023.6
signing: ed25519 can now be backed by openssl
If ostree is compiled with OpenSSL support (as it is on e.g. Fedora derivatives), this also enables an OpenSSL-backed implementation of the ed25519 signature support. Previously, this required libsodium - which can still be used if desired instead of openssl.
composefs changes
Now enabled at build time (but disabled at runtime) by default
On systems with sufficiently new glibc and fsverity, ostree enables support for composefs at build time. It continues to be disabled by default at runtime.
composefs now supports signature verification
There is support for an "initramfs root binding key" that can be injected into the initramfs, and used to verify the ostree commit (including its embedded composefs checksum). One suggested model is to follow how e.g. Fedora signs kernel modules with a transient throwaway key. For more, please see the ostree/composefs doc.
Note that composefs continues to be classified as experimental.
Configuration format has changed
The old ot-composefs
kernel argument is no longer honored in favor of a configuration file that should be present in the initramfs.
ostree-prepare-root other changes
- A new configuration file in the initramfs is honored:
/etc/ostree/prepare-root.conf
- This configuration file can also specify the readonly-sysroot default, which is now recommended
- Improved Android Boot support
- The
sysroot.readonly
flag can now also be configured from here, and this is recommended /run/ostree-booted
is now non-empty, and contains serialized state (this is an implementation detail)- Several preparatory code cleanups for other changes
ostree-prepare-root
has a new man page which documents the previous state, along with the above
ostree admin set-default
A long-overdue CLI verb to change the default deployment for the next boot.
sysroot other bugfixes and changes
- It is now supported to have
/usr/etc
with an empty/etc
. This is preparatory for supporting a transient/etc
. - Finally fixed the global
sync
timeout at shutdown - Increased verbosity of changes
ostree admin deploy
now honors--stateroot
as we prefer that term over--os
trivial-httpd
The remnants of the deprecated ostree trivial-httpd
CLI are now completely gone.
Alexander Larsson (8):
tests: Fix composefs test
sign-ed25519: Drop some uses of libsodium
sign-ed25519: Implement sign and verify using openssl
CI: Enable --with-crypto=openssl on debian testing to test openssl signatures
libotutil: Link to crypto libs
ostree-prepare-root: Validate ed25519 signatures when requested
Read composefs configuration from initrd instead of commandline
prepare-root: Only support base64 formated public key files
Colin Walters (84):
tests/transactionality: Port a bit to xshell
tests: Drop unused alias
tests: Enable mtime test
docs: Update user and group section
Separate prepare-root static path
prepare-root: Link to glib
configure: post-release version bump
Drop "ostree trivial-httpd" CLI, move to tests directory
fetcher: Always open tmpfiles in repo (except on FUSE)
show: Add --print-hex
build-sys: Add libsodium to OT_DEP_CRYPTO
Factor out a libotcore
build: Drop `make syntax-check`
Add an internal constant for the composefs image name
prepare-root: Use otutil and g_print
prepare-root: Drop unused verity flag querying
sysroot: Add some error prefixing for bootversion
prepare-root: Use constant for ed25519 signature
prepare-root: Add metadata for composefs to `/run/ostree-booted`
remount: Don't overwrite /run/ostree-booted
remount: Use new metadata in `/run/ostree-booted` for composefs
prepare-root: Drop dead `pivot_root` code
Use /run/ostree-booted metadata for sysroot-ro state passing
man: Add ostree-prepare-root
mount: Fix gcc -fanalyzer warning for parsing androidboot.slot_suffix
build-sys: Enable composefs at *build time* by default
prepare-root: Refactor composefs config handling
commit: Add `--sign-from-file`
tests: Remove dead references to "SEED"
sign-ed25519: More verbose errors for invalid length
sign-ed25519: Add some comments for data structure
sign-ed25519: Don't set sk unless we've validated it
generator: Deduplicate ostree= karg parsing
prepare-root: Drop code mounting `/proc`
prepare-root: Drop more dead code
Add an always-on `inode64` feature
composefs: Use lowerdir in /run
generator: Stop creating `/run/ostree-booted`
src/generator: Move all logic into libostree-1.so
kernel-args: Move private functions out of public header
sysroot: Add a bit more error prefixing
repo: Clarify when we fail to parse a remote
prepare-root: Introduce `ostree/prepare-root.conf`
prepare-root: Default sysroot.readonly=true if composefs
prepare-root: Don't parse target root when composefs enabled
tree-wide: Consistently `(void)g_variant_lookup()`
core, switchroot: Harden a bit against `g_variant_get_data() == NULL`
checksum-utils: Add an assertion that `buf != NULL`
deploy: Be way more verbose about what we're doing
tests/destructive: Turn off global sync()
deploy: Support an empty `/etc` and populated `/usr/etc`
composefs: Only call `_get_symlink_target()` on symlinks
os-init: Create a mount namespace
Add `admin set-default`
More fully drop `trivial-httpd` entrypoint
deploy: Fix mutex locking for global sync timeout
README.md: Drop dead mailing list, link to GH discussions
prepare-root: Use declare-and-initialize
prepare-root: Check for empty string, not strlen > 0
prepare-root: Use ptrarray, not linked list
switchroot,generator: Only read /proc/cmdline once
deploy: Add some error prefixing
prepare-root: Minor clarifications
repo: Bump lock timeout to 5 minutes
Add `ostree admin stateroot-init` as alias for `os-init`
admin-deploy: Add `--stateroot` as alias for `--os`
admin: Port to c99 style
remote-add: Port to c99 style
lzma: Port to C99 style
checkout: Port to C99 style
cli/set-origin: Port to C99 style
tests/destructive: Port more to xshell
build-sys: Disable composefs on too-old Linux headers
tests: Add otcore unit tests
tests/inst: Update to latest ostree-ext
cmd/init: Port to C99 style
cmd/grub2-generate: Port to C99 style
Move prepare-root karg helpers into otcore, add unit tests
deploy: Add bootloader-naming-2 opt-init
ci: Add c9s build
build-sys: Look for both linux/mount.h and sys/mount.h
build-sys: Really fix composefs check
Release 2023.6
configure: post-release version bump
Eric Curtin (6):
android-boot: Remove dependency on ostree= karg, use androidboot.slot_suffix=
Remove steal_pointer and steal_pointer_impl as we link in glib now
bootloader: fold all Android Bootloader specific logic into prepare-root
prepare-root: On a non-A/B androidboot system, boot system slot a
prepare-root: Changes made to find_proc_cmdline_key
prepare-root: If composefs is configured as "maybe" don't fail
dependabot[bot] (5):
build(deps): bump composefs from `412cb5e` to `ac729b5`
build(deps): bump composefs from `ac729b5` to `1704f82`
build(deps): bump libglnx from `07e3e49` to `c02eb59`
build(deps): bump composefs from `1704f82` to `a6e827d`
build(deps): bump composefs from `a6e827d` to `1aed878`
samcday (1):
docs: update boot loader spec link
2023.5
This is a bugfix release for the recent 2023.4.
Key bugs fixed
- Revert "fetcher: Always open tmpfiles in repo location" by @cgwalters in #2901
- Fix return value of generator on non-ostree systems by @cgwalters in #2911
Other changes
- build(deps): bump composefs from
c9188cd
to08bdb03
by @dependabot in #2892 - ci: Add some composefs testing by @cgwalters in #2893
- Release 2023.4 by @cgwalters in #2895
- lib/deploy: Use off_t not __off_t by @akiernan in #2896
- prepare-root: Adjust to composefs mount struct changes by @dbnicholson in #2903
- bootloader: Pass "options" to aboot bootloader backend by @ericcurtin in #2902
- ci: Add "it compiles" coverage for --with-static-compiler by @cgwalters in #2906
- ci/prow: Build tests before trying to install by @cgwalters in #2904
- tests: Source libtest before exiting by @cgwalters in #2907
- ci: Fix executability by @cgwalters in #2910
- build(deps): bump composefs from
08bdb03
to412cb5e
by @dependabot in #2899
Full Changelog: v2023.4...v2023.5
2023.4
Notable bugfixes
This is a simple patch that is a candidate for backporting to e.g. stable distribution/OS versions of ostree.
New features
composefs
See the documentation.
- Add initial composefs integration by @alexlarsson in #2640
- Composefs followups by @cgwalters in #2872
- composefs: Add some basic docs by @cgwalters in #2885
- composefs: Avoid double unref by @cgwalters in #2890
- lib: Rework composefs metadata, drop custom signatures by @cgwalters in #2891
- composefs: Change how we do signatures by @alexlarsson in #2879
ostree=aboot for Android Boot
- Add ostree=aboot for signed Android Boot Images by @ericcurtin in #2877
HTTP/pull fixes
- ostree-fetcher-curl: explicitly use HTTP1.1 when HTTP2 is disabled by @daissi in #2886
- Increase the metadata size limit to 128MB by @barthalion in #2865
- fetcher: Always open tmpfiles in repo location by @cgwalters in #2875
Other changes
- tests: A bit more xshell porting by @cgwalters in #2860
- lib/deploy: Use
fallocate
for early prune space check by @jlebon in #2866 - prepare-root: Move sysroot.tmp creation earlier by @cgwalters in #2864
- lib/deploy: Disambiguate error messages for early prune space check by @dustymabe in #2870
- lib/deploy: skip fallocate call when requested size is 0 by @dustymabe in #2871
- test-concurrency: Don't lower timeout by @cgwalters in #2882
- build(deps): bump composefs from
af8e1a7
toc9188cd
by @dependabot in #2881 - pull: Add error prefixing for corrupt checksums by @cgwalters in #2884
- fix build with lld linker by @kraj in #2880
- Add more error prefixing when parsing commit objects by @cgwalters in #2888
New Contributors
- @dustymabe made their first contribution in #2870
- @aospan made their first contribution in #2874
- @barthalion made their first contribution in #2865
- @kraj made their first contribution in #2880
- @daissi made their first contribution in #2886
Full Changelog: v2023.3...v2023.4