OSTree v2015.7 (critical update from v2015.4 on)

From: Colin Walters <walters verbum org>
To: ostree-list gnome org
Subject: OSTree v2015.7 (critical update from v2015.4 on)
Date: Tue, 02 Jun 2015 13:49:55 -0400
A new release of OSTree is now available via this GPG signed tag:

https://git.gnome.org/browse/ostree/tag/?id=v2015.7

This is a critical update if you are using v2015.4, as a bug was introduced in that release
that caused unpredictable ordering of generated syslinux/uboot/grub2 bootloader entries.
If you are using a bootloader like gummiboot that directly reads the BLS, you should
be unaffected.

More details on this are available in:
https://github.com/GNOME/ostree/pull/116
If you want to backport the fix, it is:
https://git.gnome.org/browse/ostree/commit/?id=3300ee6259d191199f96b5f4e04ccfded3d11b86

If you have an affected system, likely the easiest course of action is to
edit the generated syslinux/grub2 bootloader configuration.  Scripts have
been developed to verify them:
https://git.gnome.org/browse/ostree/tree/tests/grub2-entries-crosscheck.py?id=v2015.7
https://git.gnome.org/browse/ostree/tree/tests/syslinux-entries-crosscheck.py?id=v2015.7
and we will investigate enhancing them to actively fix the configuration.

If your operating system has an application mechanism (Docker, xdg-app, etc.), then
it should be possible to design a privileged application to address this.

Other changes in this release:
 - Performance enhancement for deployments; we now rely on syncfs() rather
   than individual fsync() calls.  In some storage scenarios the performance improvement
   can be dramatic.
- GPG: Always retrieve detached metadata, so we'll find newly added signatures
- GPG: Support for keys specific to remotes, rather than relying on the global /usr/share/ostree/trusted.gpg.d
- A new locking API (used for the commandline) so that concurrent invocations of e.g.
  `ostree admin upgrade` are safe.
- Other enhancements targeted for the Cockpit program and rpm-ostree
- The summary file can now be GPG signed as well, although this should be taken
  as a preview.  We have not yet decided how this interacts with the `gpgverify` boolean,
  and whether we should introduce a `gpgverify_summary`.
- Other changes to static deltas, which continue to evolve.  We aim to have GPG signed
  summary files in the next release, which will make static deltas more secure.

Colin Walters (29):
      libglnx: Update from master
      sysroot: Close sysroot fd in finalize
      status: Don't crash if we deployed a local refspec
      deploy: Use syncfs() in addition to sync()
      deploy: Drop fsync of modified config files
      deploy: Drop a fsync, use fd-relative APIs
      sysroot: Add an API to lock
      core: Cleanup commitpartial file with fd-relative lookups
      Teach fsck about partial commits
      repo: Stop creating "transaction" symlink
      sysroot: Add a try_lock() API
      admin: Use locking for most sysroot commands
      tests: Fix writable repo test
      test-basic: Always chown back before doing assertion
      repo: Bump mtime any time we write a ref
      admin: Ensure instutil commands and usage help don't grab lock
      sysroot: Sort returned boot loader configs
      tests: Add a test script to cross-check loader config vs GRUB2
      tests: Add a crosscheck for syslinux bootloader config generation
      tests: Run all tests through a randomized readdir()
      pull: Ensure console state for multiple GPG verification messages
      pull: Validate delta checksums more strongly
      tests: Add a commented out test for mirroring with deltas
      repo: Don't crash when creating a summary if we have --empty deltas
      tests: Add a test-pull-summary-sigs
      Revert "tests: Run all tests through a randomized readdir()"
      tests: Run all tests through a randomized readdir()
      tests/remote-gpg-import: Only commit workdir
      Release 2015.7

Giuseppe Scrivano (30):
      README.md: fix typo
      test-auto-summary.sh properly quote arguments to assert_streq
      g_output_stream_splice: check correctly the error code
      gpg: do not use secring.gpg
      show: add option --gpg-homedir
      pull: the commit size in the summary is not for the detached metadata
      libglnx: fix reference to commit
      doc: remove unknown parameter from inline documentation
      trivial-httpd: fix indentation
      trivial-httpd: add option to specify the port
      summary: list the available static deltas
      core: new function _ostree_parse_delta_name
      core: store information about delta files checksums
      pull: check that the superblock checksum is the same as in the summary
      pull: get rid of detached metadata for deltas
      ostree-repo: add new API to sign the summary file
      summary: add new command line arguments to sign the summary file
      pull: verify signature for the summary file
      tests: add a test for signed summary file
      summary: delete summary.sig on an update
      ot-fs-utils: remove empty line at EOF
      ostree-repo-pull: add option to disable static-deltas
      pull: add new switch option --disable-static-deltas
      doc: add missing options block for pull
      tests: add new test for pull --disable-static-deltas
      syntax-check: add syntactic rule to prohibit gs_unref_*
      syntax-check: add syntactic rule to prohibit gs_strfreev
      maint.mk: Remove GNU releases specific bits
      ostree-repo: replace more gs_unref_(variant|bytes) with g_autoptr
      ostree-repo: document OSTREE_REPO_COMMIT_MODIFIER_FLAGS_GENERATE_SIZES

Jeff Ortel (1):
      Fix annotations on ostree_repo_remote_gpg_import().

Matthew Barnes (34):
      pull: Always request detached metadata for commits
      libotutil: Establish a place for GPG utilities
      libotutil: Add ot_gpgme_ctx_tmp_home_dir()
      repo: Initialize GPGME in instance init()
      ostree: Split up "remote" subcommands
      gpg: Fix _ostree_gpg_verifier_add_keyring()
      Fix build when using GLib < 2.44
      repo: Fix an obvious typo
      libglnx: Pick up bugfix and backports
      gpg: Add ostree_gpg_verify_result_describe_variant()
      Juggling libglnx.h includes
      Use g_autofree instead of gs_free
      Use g_autoptr() for GIO object types
      Use glnx_unref_object instead of gs_unref_object
      Use g_autoptr(GChecksum) instead of gs_free_checksum
      Use g_autoptr(GBytes) instead of gs_unref_bytes
      Use g_autoptr(GHashTable) instead of gs_unref_hashtable
      Use g_autoptr(GPtrArray) instead of gs_unref_ptrarray
      Use g_autoptr(GVariant) instead of gs_unref_variant
      Use g_autoptr(GKeyFile) instead of gs_unref_keyfile
      Use g_autoptr(GVariantBuilder) instead of gs_unref_variant_builder
      Use g_auto(GStrv) instead of gs_strfreev
      Remove unnecessary #include "libgsystem.h"
      gpg: Fix ot_gpgme_error_to_gio_error()
      gpg: Add custom data buffers to wrapper GIO streams
      repo: Simplify sign_data() a little
      repo: Stash keyring name in OstreeRemote
      repo: Delete a remote's keyring when deleting a remote
      repo: Add ostree_repo_remote_gpg_import()
      repo: Add remote's keyring during GPG verification
      ostree: Add a "remote gpg-import" command
      ostree: Add --gpg-import to the "remote add" command
      tests: Add test-remote-gpg-import.sh
      repo: Prevent GPG keys from being imported to keybox format

Micah Abbott (1):
      reset: update help output
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]