ostree v2020.1

["Colin Walters" <walters verbum org>]

https://github.com/ostreedev/ostree/releases/tag/v2020.1

There is now support for making the [`/sysroot` mount point read-only to 
start](https://github.com/ostreedev/ostree/pull/1767), and this is used by Fedora CoreOS today.   This 
protects against a lot of accidental damage, and also generalizes and improves the previous special case 
handling of having `/boot` read-only.  One known issue is that `ostree pull` is broken with this enabled, and 
this will be fixed.

Error-handling around GPG verification has had an overhaul. Specifically, libostree now has more specific 
error codes to distinguish between different verification failures. This should allow apps to have more 
fine-grained control over how to respond to errors. Do note that the error messages themselves have changed, 
and we strongly suggest that anyone relying on a specific error message string to migrate to using the API 
directly.

The original "archive" (split up objects) format didn't make it easy for a client system to know how much 
data it would be downloading.  Later, static deltas were added which addressed this problem, but there are 
situations in which object fetches still occur.  Later then support for optional `sizes` metadata in commit 
objects was added but was never really stabilized/publicized.  There were also some bugs in it.  [That is now 
completed](https://github.com/ostreedev/ostree/pull/1957) - the sizes data is now stable. and new API was 
added to read it.

This release adds [initial fs-verity support](https://github.com/ostreedev/ostree/pull/1959); it doesn't do 
too much today.  Bigger picture it's important to understand that the vision of OSTree is to enable Linux 
systems that feel like they're "image based" (transactional, versioned updates, no dependency resolution 
client side), but also to enable things like doing commits on the client side.  Today rpm-ostree supports 
replacing the kernel client side as a first class operation.  This is crucially important to make it feel 
truly like a Linux system that *you own*.  See also [this 
blog](https://blog.verbum.org/2019/12/23/starting-from-open-and-foss/).  Having a story for how system 
integrity works in this model is more complicated, but we (the CoreOS team at RHT) will be continuing work on 
it.

A small tweak was made to have OSTree create repo structure directories and files (such as `objects/` or 
`.lock`) with group write permissions. This is useful for managing OSTree remote servers from multiple UIDs. 
For systems with the default umask of `0022`, this should have no effect.

We've extensively reworked CI for the upstream repo. In addition to Travis, testing is now done on top of 
Fedora CoreOS. Not all tests have been carried over, but expect to see more coming. This rework will also 
allow us to have more comprehensive tests previously not possible.

Several fixes were made to the test suite to handle the cases of systemd vs no-systemd, and `systemd` is now 
advertised in the list of features in `ostree --version` if present.

Thanks to all contributors!

---

```
$ git shortlog --no-merges v2019.6..
Alex Kiernan (6):
      test-switchroot.sh: Exclude /proc from file list
      build: Expose systemd in OSTREE_FEATURES
      tests: Skip /var test if running with systemd and libmount
      test-switchroot.sh: Find ostree-prepare-root in installed tests
      fixup! test-switchroot.sh: Find ostree-prepare-root in installed tests
      build: fix systemd feature advertisement

Cole Robinson (1):
      docs: Fix 'package layering' rpm-ostree link

Colin Walters (8):
      Post-release version bump
      finalize-staged: Use the core option parsing to load sysroot
      Support mounting /sysroot (and /boot) read-only
      Initial fs-verity support
      Add .cci.jenkinsfile
      travis: Update debian/ubuntu environments
      ci: Replace PAPR with CoreOS CI
      deploy: Avoid trying to change immutable state unnecessarily

Dan Nicholson (26):
      lib/commit: Only set generate_sizes for archive repos
      tests/sizes: Improve metadata validation
      lib/commit: Fix object sizes metadata for multiple commits
      lib/commit: Make size entries for existing objects
      tests/sizes: Test sizes metadata with existing objects
      tests/sizes: Test that sizes metadata is not reused
      tests/sizes: Check duplicate file doesn't add sizes entry
      libarchive: Support commit sizes metadata
      core: Add OstreeCommitSizesEntry type
      core: Add ostree_commit_get_object_sizes API
      bin/show: Add --print-sizes option to show sizes metadata
      tests/core: Really pick C.UTF-8 locale
      ci/rpmostree: Bump to 2019.4
      lib/gpg: Prefer declare-and-initialize style
      tests/libtest: Record long GPG key IDs and fingerprints
      tests/libtest: Make temporary gpghome private
      tests/gpghome: Create revocation certificates for keys
      tests/gpg-verify-data: Split out signature data
      tests/gpg-verify-data: Empty out trustdb.gpg
      tests/test-gpg-verify-result: Allow specifying signature files
      lib/gpg: Add more specific OstreeGpgError codes
      tests/gpg: Test ostree_gpg_verify_result_require_valid_signature
      tests/gpg: Add tests for importing updated remote GPG keys
      ci/flatpak: Patch GPG error assertions from OSTree
      ostree/trivial-httpd: Fix --autoexit with --daemonize and --log-file
      ostree/trivial-httpd: Add log message for autoexit

John Hiesey (1):
      lib/commit: Include object type in sizes metadata

Jonathan Lebon (1):
      lib/repo: Create repo directories as 0775

clime (1):
      Update ostree-pull.xml with info about pulled refs location and access



Git-EVTag-v0-SHA512: 
b3907c7d53696eee789bf9be60df54385a3146347b78752212745b2f84e0429b5d50f8cb7408b2be483757893e1b65dc1eeb5c8fa1f6446efbe81efbd998e249
```