ostree v2014.5
- From: Colin Walters <walters verbum org>
- To: ostree-list gnome org
- Subject: ostree v2014.5
- Date: Mon, 09 Jun 2014 15:52:34 -0700
Hello world,
It's about time for a new OSTree release:
https://git.gnome.org/browse/ostree/tag/?id=v2014.5
This one is a bit of a grab-bag; a few new features, some minor bugfixes
like memory leaks in pull, and some performance and hardening work.
On the features side, ostree now supports client-side TLS certificates,
which are useful for OS vendors providing content behind a subscription
or other payment mechanism, among other things. You need a bleeding
edge version of libsoup for this.
Also on features, we now read /etc/ostree/remotes.d, the first use
of /etc/ostree. "ostree remote add" is taught to write remote
configuration
there.
In the performance area, we now use posix_fallocate() which improved
the speed of fsync() for me; and on that topic, we now also support
disabling fsync entirely. You may see *dramatic* speedups at compose
time from this, of course at a potential safety cost.
On the hardening side, two things. First, metadata objects are now
limited to 10MiB. This is part of hardening against DoS attacks,
which is a work in progress. Secondly, the deployment root is now made
immutable via EXT2_IMMUTABLE_FL. This prevents anyone (mainly
system administrators) from creating new toplevel directories. The main
rationale for that is that these directories will *not* be persisted,
and
we want to prevent data loss.
Here's the shortlog, thanks to everyone who contributed!
Colin Walters (37):
build: Remove --enable-embedded-dependencies
core: Use posix_fallocate() when writing objects
libotutil: Fix two bugs in usage of posix_fallocate()
show: Fix segfault if we can't find an object
core: Add _STRING variants of GVariant object formats
otutil: Correctly add ref to bytes when creating GVariant
libostree: Add _finish() API to async progress
deltas: Link to liblzma, add internal API to use it
pull: Stay in mainloop if we're synchronously fetching URI
pull: Correctly handle error state when fetching optional data
pull: Add tls-client-cert-{path,key}
Revert "pull: Add tls-client-cert-{path,key}"
pull: Add tls-client-cert-{path,key} (if we have new enough
libsoup)
Support /etc/ostree/remotes.d
build: Add missing DESTDIR
admin switch: Support switching remotes as well
admin switch: Allow switching just remote names
selinux-ensure-labeled: Support no arguments to just traverse
deployment root
packaging: BR libgsystem
trivial: TODO: Add link for http unprivileged
trivial: TODO: Add link sizes/progress bar
deploy: Remove deployment root print
deploy: Convert remaining g_print() to systemd journal messages
trivial: commit: Fix docstring typos
repo: Only load /etc/ostree/remotes.d for system repo
repo: Don't require a txn for writing
fetcher: Unref pending result when completing
Limit metadata to 10 MiB
Move Makefile.dist-packaging under packaging/
deploy: Set the immutable bit on the deployment root
ostree-remount: Check for / being *mounted* read-only, not
necessarily writable
repo: Support fsync=false configuration
libostree: Make OstreeLibarchiveInputStream explicitly private
libostree: Make OstreeTlsCertInteraction explicitly private
libostree: Make OstreeFetcher explicitly private
libostree: Silently ignore EPERM when setting EXT2_IMMUTABLE_FL
Release 2014.5
Cosimo Cecchi (1):
os-init: don't create /var/log/journal on deploy
James Antill (1):
Add --disable-fsync option to both commit and pull (non-local)
Owen W. Taylor (1):
trivial-httpd: flush after writing the port to stdout
Vadim Rutkovsky (1):
Honor disable_fsync during checkout also
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
