ostree v2020.4
- From: "Colin Walters" <walters verbum org>
- To: ostree-list <ostree-list gnome org>
- Subject: ostree v2020.4
- Date: Wed, 22 Jul 2020 16:43:42 -0400
https://github.com/ostreedev/ostree/releases/tag/v2020.4
# ostree 2020.4
By far the biggest change in this release is new ed25519 signing support, powered by libsodium.
See: https://github.com/ostreedev/ostree/issues/1233
`ostree commit` [gained a new `--base`
argument](https://github.com/ostreedev/ostree/pull/2059/commits/329a82c57e954392a2b33e60bcb8163892064205),
which significantly simplifies constructing "derived" commits, particularly for systems using SELinux.
Handling of the [read-only sysroot was
reimplemented](https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077)
to run in the initramfs and be more reliable. Enabling the `readonly=true` flag in the repo config is
recommended.
Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on
NFS.
[lib: Coerce flags enums to GIR
bitfields](https://github.com/ostreedev/ostree/pull/2089/commits/dc69f56de6dab66f7bb4fe66aa203e84efa9676c)
changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection
consumers (but not C).
A new
[timestamp-check-from-rev](https://github.com/ostreedev/ostree/pull/2099/commits/c8efce06564b7adef83994dddb41cd61a030207d)
option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS.
Several fixes and enhancements were [made for "collection"
pulls](https://github.com/ostreedev/ostree/pull/1973/commits) including a new `--mirror` option.
The `ostree commit` command learned a new
[`--mode-ro-executables`](https://github.com/ostreedev/ostree/pull/2091) which enforces
[W^R](https://en.wikipedia.org/wiki/W%5EX) semantics on all executables.
A new commit metadata key
([`OSTREE_COMMIT_META_KEY_ARCHITECTURE`](https://github.com/ostreedev/ostree/pull/2121)) was added to help
standardize the architecture of the OSTree commit. This could be used on the client side for example to
sanity-check that the commit matches the architecture of the machine before deploying.
Some [new tests are being written in
Rust](https://github.com/ostreedev/ostree/pull/2048/commits/1f637bf34103746ab07f359d5488224134a16a08), and
ostree now itself uses the Rust ostree bindings for tests; work on this is ongoing.
The `pull` command learned a new `--per-object-fsync` which restores the original libostree behaviour of
`fsync`ing each object as they are written. This makes the overall operation take much longer, but exhibits
an I/O latency profile friendlier to neighbouring processes (such as databases) that also invoke `fsync`.
This will be used in OpenShift for example, where etcd latency is crucial.
### Future work
There's a lot in the pipeline, including better handling of the `/boot = /` case, static delta inline
signatures, more CI work, etc.
### Git shortlog
```
AJ Jordan (1):
Fix typo
Colin Walters (62):
main/pin: Fix usage of GError
tests: Rework tests/installed → tests/kola
tests/kola: Two test fixes
main/commit: Rework control flow to use --tree=X path
tests/pull-repeated: Bump up retries to match max fails
repo/commit: Add support for --selinux-policy-from-base
build-sys: Print libsodium status at end of configure
sign-ed25519: Convert some functions to new style
sign-dummy: Convert to current code style
signing: Remove g_debug(__FUNCTION__)
lib: Add error prefixing for sysroot load and repo open
sysroot: Reorganize sysroot load code a bit
lib: Squash two gtk-doc warnings
tests/pull-sizes: Disable xattrs everywhere
pull: Update key loading function to match error style
commit: Add --base argument
OWNERS: add d4s to reviewers
Only enable "dummy" signature type with opt-in env variable
lib/pull: Two cosmetic internal function renames
Change signature opts to include type, cleanup error handling
ci: Build minimal without libsodium too
Use `sign-ed25519` for the feature name
travis: Add some libsodium coverage
lib: Move internal binding verification API to repo.c
lib: Move pull struct definition into repo-pull-private.h
lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
deploy: Add --no-merge
finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
tests/staged-deploy: Cleanup initial state
signing: Add #define OSTREE_SIGN_NAME_ED25519
commit: Add --mode-ro-executables option
ostree-prepare-root: Requires=sysroot.mount
remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF
signing: Change API to create instances directly
tests/staged-delay.sh: New test
pull: Further cleanup signapi verification
finalize: Add RequiresMountsFor=/boot too
ci: Install kola tests
pull: Only have API to disable signapi for local pulls
ci: Test for clock skew
admin-test: Show err.txt on unexpected failure
pull: Add support for sign-verify=<list>
Move ro /sysroot bind mount of /etc into initramfs
tests/kola: Move to tests/kolainst
Add new Rust-based tests
remote-add: Default to explicit sign-verify backends
pull: Add error prefixing with specific object when parsing
bupsplit: rustfmt(*)
tests/rust: Extract a with_webserver_in helper wrapper
commit: Note in help that --base takes an argument
core: Add OSTREE_COMMIT_META_KEY_ARCHITECTURE
tests: Add a pre-signed-pull.sh test
sign/ed25519: Output failed signatures in error message
signapi: Change API to also return a success message
libostree-devel.sym: Remove nonexistent stub symbol
core: Add documentation for ostree_commit_get_timestamp()
sysroot: Remove unimplemented ostree_sysroot_lock_with_mount_namespace
tests: Port to Debian autopkgtest reboot API
tests: Add needs-internet tag for webserver bits
pull: Also append bytes written
pull: Add --per-object-fsync
Release 2020.4
Dan Nicholson (1):
lib: Coerce flags enums to GIR bitfields
Denis Pynkin (80):
Add libsodium dependency
lib/sign: initial implementation
sign: add new builtin for signing
sign: allow to sign commits from CLI
lib/sign: enable verification for pulling
tests: add test for commits sign/verification
sign: API changes for public keys and CLI keys format
builtin/sign: allow to provide the file with public keys
tests/sign: check public keys load from file
builtin/sign: remove libsodium-specific code
sign: fix unneeded objects creation
sign: fix error return for dummy module
builtin/sign: remove libsodium dependency
sign: fixes for ed25519 for loading public keys from files
sign: check signatures for pulled commits
tests/sign: add initial test for pulling
lib/sign: disable mandatory signature check
lib/sign: add support of file with valid keys for remote
lib/sign: read ed25519 public keys from well known places
builtin/sign: allow to sign with keys from secret file
tests/gpg: skip test in JS if GPG is not supported
sign: fix memory leaks and code cleanup
builtin/sign: allow to use multiple public keys for verification
lib/sign-ed25519: cleanup unneeded code
lib/sign: public API optimisation
lib/sign: allow to add keys as base64 string for ed25519
sign: use common function for loading public keys during pulling
lib/sign: minor optimisation for ed25519
lib/sign: add ostree_seign_clear_keys function
lib/sign: add revoking mechanism for ed25519 keys
builtin/sign: add option 'keys-dir'
tests/sign: check system-wide config and revoked keys
man: document `ostree sign`
bash-completion: add completion for `ostree sign`
apidoc: add API documentation for signing interface
man: document commit signing
bin/pull-local: add --sign-verify
tests/libtest: add functions for ed25519 tests
tests/sign: use library functions for ed25519 keys
tests/local-pull: test "--sign-verify" option
bin/remote-add: added "--no-sign-verify" option
tests: use option "--no-sign-verify" for adding remote
tests/sign: disable GPG for alternatively signed pull
lib/sign: allow to build with glib version less than 2.44
lib/sign: use separate public and secret keys for 'dummy'
tests/sign: add verification key for pulling with dummy
lib/sign: fix the false failure while loading keys
tests/sign: allow to start pull test without libsodium
lib/sign: new function for summary file signing
bin/summary: add signing with alternative mechanism
lib/repo-pull: verify signature on summary pull
tests/sign: new test for summary file verification
man: add signature options for ostree summary
gpg: do not fail GPG-related configuration get for remote
lib/repo-pull: change sign supporting functions
lib/repo-pull: set default for sign-verify-summary
lib/repo-pull: add signature check while fetching summary
bin/pull-local: add --sign-verify-summary
lib/sign: make dummy engine non-public
lib/sign: make ed25519 engine non-public
lib/sign: better error handling of ed25519 initialization
lib/repo-pull: return error from signing engine
lib/repo-pull: return errors from signature engines
tests/sign: added check with file and single key on pull
sign-ed25519: Convert functions to new style
sign-dummy: optimize ostree_sign_dummy_data_verify
lib/sign: convert ostree_sign_summary to new style
tests/sign: check pull failure with invalid remote options
lib/sign: return false for non-implemented functions
sign-pull: improve error handling
ostree-repo: improve error handling
lib/repo-pull: fix GPG check while pulling remote
Add ci_pkgs to travis-install.sh
Fix the lost line separator
Add the same config options for distcheck
tests/signed-commit: fix the test of well-known places
sign: rename option for enabling ed25519
signapi: expose metadata format and key
sign/ed25519: fix the abort in case of incorrect public key
sign/ed25519: fix return value if no correct keys in file
Felix Krull (1):
lib: fix typo in function docs
Frédéric Danis (1):
lib/deltas: convert ostree_repo_static_delta_generate to new style
Javier Martinez Canillas (1):
grub2: Don't add menu entries if GRUB supports parsing BLS snippets
Jonathan Lebon (17):
Post-release version bump
bin/diff: Clarify documentation around REV and DIR syntax
lib/pull: Don't leave commits pulled by depth as partial
ci: Adapt to use new fcosKola semantics
lib/commit: Add more error prefixing
lib: Rename function for staging dir check
lib/commit: Check that dirent is a directory before cleaning
lib/pull: Add `timestamp-check-from-rev`
lib/upgrader: Pull with `timestamp-check-from-rev`
tests/admin-test: Ensure that commits are 1s apart
switchroot/remount: Neuter sysroot.readonly for now
tests/admin-test: Fix --allow-downgrade check
libglnx: Bump to latest
ci: Import latest ci-commitmessage-submodules from rpm-ostree
ci: Remove libpaprci/ directory
lib/repo: Handle EACCES for POSIX locking
ci: Constrain parallel build jobs
Matthew Leeds (4):
lib/fetcher-util: retry download on G_IO_ERROR_PARTIAL_INPUT
find-remotes: Add a --mirror option
Don't copy summary for collection-ref mirror subset pulls
tests: Check that example symbol isn't released
NEPO (1):
README.md: Fix link to CONTRIBUTING.md
Stefan Agner (7):
docs: clarify archive repo type
docs: extend object type documentation
docs: extend repository types
deploy: support devicetree directory
man/checkout: fix short name option of --user-mode
checkout: use FILE as option argument string for --skip-list
man/checkout: document missing options
William Manley (1):
OWNERS: Uncomment @wmanley
```
[
Date Prev][Date Next] [
Thread Prev][Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
