v2023.6

v2023.6

Release 2023.6

This version of rpm-ostree contains numerous bug fixes and enhancements. Notable features are:

• rpm-ostree now supports the "search" verb allowing users to use rpm-ostree to search for available packages. An example of this is: rpm-ostree search *kernel

• We now generate composefs metadata if ostree was compiled with support for composefs

• rpm-ostree now vendors bootc, and this functionality can be accessed by creating a symlink ln -sr /usr/bin/rpm-ostree /usr/bin/bootc
  This is an experimental feature for now.

Alexander Larsson (1):
      commit: Always enable generation pf composefs metadata if possible

Colin Walters (9):
      postprocess: Use --refresh now
      container: Clarify error for nonexistent previous manifest file
      client: Add an error prefix in deployment path
      main: Update ostree-ext, add provisional-repair entrypoint
      Bump to ostree-ext 0.11.4
      Revert "main: Drop deprecated `container-encapsulate` entrypoint"
      Use cap-tempfile via cap-std-ext
      status: Fix possibly uninitialized warning
      Bump to ostree-ext 0.11.5

Eric Curtin (1):
      kernel: Specify multiple kernel or initramfs in error message

Felix Yan (1):
      docs: correct a typo in Makefile.am

Huijing Hei (4):
      sysuers: fix error if running `groupadd` with `-f`
      passwd: Rename func `data_from_json` to `write_data_from_treefile` and add comment
      passwd: sync `etc/{,g}shadow` according to `etc/{passwd,group}`
      passwd: add `enum PasswdKind`

Joseph Marrero (4):
      ci/test-container.sh: use f37 ignition for replace test
      rust/src/main.rs: Add bootc entry point
      .cci.jenkinsfile: up build pod memory to 6GB
      scripts: also ignore kernel-debug-modules.posttrans

Luke Yang (2):
      Add a `search` CLI verb and DBus API
      Add `kola` tests and fix `Name & Summary` search

Timothée Ravier (2):
      docs: Document ostree native container URL format
      packaging/spec.in: Enable rpm-ostree-countme.timer following presets

New Contributors

• @ericcurtin made their first contribution in #4494
• @felixonmars made their first contribution in #4520

Full Changelog: v2023.5...v2023.6

v2023.5

New features

rpm-ostree can now directly pull container images from containers-storage (e.g. the result of podman build):
rpm-ostree rebase ostree-unverified-image:containers-storage:localhost/mytestimage

Other changes

Adam0Brien (2):
      Add --force-replacefiles to docs/administrator-handbook.md
      Add --force-replacefile to man page

Colin Walters (13):
      daemon: Never do interactive auth for RegisterClient
      Port to clap v4
      compose: Oxidize bits propagating `core.fsync`
      compose: Also propagate ex-{fsverity,composefs}
      build-sys: Use new `tier = 2` from cargo-vendor-filterer
      compose: Adapt to composefs change with `ex-integrity` group
      tests/container-image: Revert use of automatic upgrade trigger
      core: Error out instead of aborting on reinstalls
      importer: Drop non-root files in CPIO check
      tests: Use `-p qemu` for cosa
      Bump to ostree-ext 0.11.1
      Drop isolation when fetching from containers-storage:
      deploy-from-self: Add some error prefixing

Joseph Marrero (2):
      packaging/rpm-ostree.spec.in: use SPDX license identifier
      Release 2023.5

Luke Yang (2):
      Added more override examples
      Sorted builtin commands alphabetically

RishabhSaini (2):
      Update to ostree-ext 0.20, cap-std-ext 2.0
      container: Add --previous-build-manifest

New Contributors

• @Adam0Brien made their first contribution in #4436
  &
• @lukewarmtemp made their first contribution in #4438

Full Changelog: v2023.4...v2023.5

2023.4

Probably the biggest thing here is a fix for
#4284
which affects Fedora Silverblue users.

User visible changes

• app: Add a global -q/--quiet flag by @cgwalters in #4384
• Add a "apply" (reboot) automatic update strategy by @cgwalters in #4392

Notable bugfixes

• Make output handling thread-local by @cgwalters in #4405

Other changes

• Fix typo in error log if initramfs generation fails by @plata in #4380

• rust/ffiutil: Drop dead GError code by @cgwalters in #4365

• lib: Use re-exported oci-spec from ostree-ext by @cgwalters in #4383

• tests/compose-image: Remove workaround as F38 commit reached stable by @jmarrero in #4376

• kargs: Simplify idempotent append and delete operations by @Razaloc in #4161

• scripts: Ignore kernel-redhat %posttrans scripts by @jlebon in #4386

• rust: Bump various crates && rust: Bump dependabot PR limit to 6 by @cgwalters in #4385

• upgrade: Split output lines for stored versus to-fetch by @cgwalters in #4394

• build(deps): bump serde from 1.0.160 to 1.0.162 by @dependabot in #4396

• build(deps): bump libc from 0.2.142 to 0.2.143 by @dependabot in #4395

• build(deps): bump rust-ini from 0.18.0 to 0.19.0 by @dependabot in #4397

• useradd: Add -M/--no-create-home by @cgwalters in #4399

• output: More daemon-side progress debugging by @cgwalters in #4402

• man/rpm-ostree: Document status switches by @jlebon in #4413

• client: Print when we're attaching to an existing transaction by @cgwalters in #4398

• tests: Drop ex from initramfs-etc by @cgwalters in #4406

• daemon: Add logging for invocations of non-txn methods by @cgwalters in #4404

• build(deps): bump serde from 1.0.162 to 1.0.163 by @dependabot in #4409

• tests/container: Update package fixtures to f38 by @cgwalters in #4414

• Regenerate cxx bindings by @cgwalters in #4416

• Release 2023.4 by @cgwalters in #4418

New Contributors

• @plata made their first contribution in #4380

Full Changelog: v2023.3...v2023.4

v2023.3

Notable changes this release:

Client

• New --enablerepo, --disablerepo, --setreleasever options on the cli. These allow
  users to enable specific repositories and set releasever when installing packages.

Daemon:

• Unconditionally authorize uid 0 first - unconditionally query the credentials via dbus-{daemon,broker} first, this should avoid errors that can occur if polkit isn't installed or running.

Colin Walters (13):
      main: Don't use timestamps and colors in tracing logs when running in systemd
      cached-sigs: Be compatible with `cosa build-fast`
      libtest: Hack around regression in journalctl
      tests/layering-fedorainfra: Bump to newer systemd
      core: Don't try to load rpm IMA sigs client side unless requested
      main: Don't write colors to non-ttys
      Bump tokio to 1.26
      daemon: Unconditionally authorize uid 0 first
      progress: Add more logging/tracing
      console: Also print which task is being overwritten
      build: Allow GLib 2.70, also `-Wno-error=deprecated-declarations`
      Cargo.lock: Bump many dependencies
      deny: Allow Unicode-DFS-2016

Jan Macku (2):
      ci: trigger `differential-shellcheck` workflow on `push`
      ci(fix): add missing permissions - `security-events`

Joseph Marrero (8):
      rust/src/scripts: ignore rt and automotive debug scripts.
      tests/vmcheck/test-override-kernel: account for kernel-modules-core
      treefile: Add enablerepo/disablerepo/setreleasever cli options
      treefile: cleanup enable_repo function
      test-container: Add test for enablerepo,disablerepo and releasever
      ci: Make sure cxx code is clang-formatted
      ci: Update tests for Fedora 38
      Release 2023.3

Timothée Ravier (1):
      docs: Use upstream theme & update to 0.4.1

Full Changelog: v2023.2...v2023.3

v2023.2

Notable changes this release:

Client

• New --compare-with-build option on the cli Uses the ostree container library to compare OCI compliant images.

Compose

• New --copy-retry-times option to specify the amount of times we retry when copying images fails.

Daemon:

• Support LockLayering=true configuration option that provides an easy way for a sysadmin to disable all package layering and initramfs customizations.
• Use a socket in /run, require non-abstract. The new glib changed to use non-abstract sockets by default, which broke us.

Colin Walters (11):
      Update ostree-ext, use version API
      compose/image: Add `--copy-retry-times`
      core: Add some more debugging and error info around repos
      treefile: Return `.` instead of `""` for parent directory
      ci: Stop using Fedora 32
      main: Drop deprecated `container-encapsulate` entrypoint
      Drop `ex-container` entrypoint
      daemon: Use a socket in `/run`, require non-abstract
      ci: Use `cosa kola` to properly set `ARTIFACT_DIR`
      spec: Add `Requires: /usr/bin/setpriv`
      Bump ostree-ext

Jonathan Lebon (1):
      Support `LockLayering=true` config knob

Joseph Marrero (1):
      rust/src/scripts.rs: ignore posttrans for kernel-rt-core

RishabhSaini (1):
      Add --compare-with-build to cli Uses the ostree container library to comapre OCI compliant images

Thorsten Leemhuis (1):
      docs: adjust to new location of kernel-vanilla-repos

Full Changelog: v2023.1...v2023.2

v2023.1

Client

• Log when a client joins an existing transaction.
• Fix local initramfs regeneration on systems composed with
  boot-location: new.
• Fix container flow in Turkish locales ( #4237 )

Compose

• Loosen lockfile semantics so that a missing locked package does not trigger
  an error unless the compose requires it.
• Drop support for locking by source packages.

Internals

• Update workflow actions to Fedora 37.
• Replace unmaintained actions-rs/toolchain with dtolnay/rust-toolchain.
• Add more error-prefixing in passwd, kernel, and cleanup-related paths.
• Add container-based upgrade test via Prow.

Benjamin Gilbert (2):
      workflows: update actions to current major versions
      workflows: replace actions-rs/toolchain with dtolnay/rust-toolchain

Colin Walters (8):
      ci: Add infrastructure for use with Prow upgrade testing
      passwd: Add various error prefixing
      sysroot: Log when client joins an existing transaction
      Update to ostree-ext 0.10.4
      tests/upgrades: Disable zincati
      Add a `try_fail_point!` macro and use it in more places
      kernel: Add some error prefixing
      cleanup: Add some error prefixing

Jonathan Lebon (11):
      core: Disable modules earlier
      core: Allow lockfiles to reference missing package names
      libpriv/kernel: fix kver parsing from vmlinuz in /boot and /usr/lib/ostree-boot
      .gitignore: add clangd-related files
      compose: Drop support for `source-packages` in lockfiles
      core: Further loosen lockfile handling
      Revert ".gitignore: add clangd-related files"
      Release 2023.1

2022.19

What's Changed

• daemon: Add logging of sysroot load and locking times by @cgwalters in #4219
• client: Add some more error prefixing by @cgwalters in #4221
• encapsulate: Add --copymeta-opt by @cgwalters in #4222
• Two minor staticanalysis fixes by @cgwalters in #4225
• docs/rebase: Document rebasing to a container image by @cgwalters in #4223
• client: Bump most dbus method timeouts to 5 minutes by @cgwalters in #4224
• build(deps): bump libdnf from e4452b1 to 82c59ef by @dependabot in #4229
• build(deps): bump serde from 1.0.148 to 1.0.151 by @dependabot in #4231
• build(deps): bump envsubst from 0.2.0 to 0.2.1 by @dependabot in #4232
• sysroot: Fix conflicting authentication options && build: Release 2022.19 by @cgwalters in #4233

Full Changelog: v2022.18...v2022.19

2022.18

What's Changed

• Finish porting to cap-std by @cgwalters in #4212
• packaging: Upgrade skopeo to a requirement by @cgwalters in #4211
• A few CI updates by @cgwalters in #4210
• ci: Verify package layering across upgrades by @cgwalters in #4217
• Print message when rpm-ostree initramfs --disable is run by @kenneth-dsouza in #4216
• Update to cap-std-ext 1.0.2 by @cgwalters in #4218
• Release 2022.18 by @cgwalters in #4220

New Contributors

• @kenneth-dsouza made their first contribution in #4216

Full Changelog: v2022.17...v2022.18

2022.17

This pulls in several notable fixes for the container flow
around image garbage collection.

Aside from that there's some cleanup to the initramfs
and initramfs-etc commands, a few documentation tweaks
and internal improvements.

Alessandro Di Stefano (1):
      Fix the treefiles reference link in ex-rebuild.md

Colin Walters (19):
      container-encapsulate: Format errors correctly
      composepost: Port symlink generation to cap-std
      composepost: Port rpmdb hardlinking to cap-std
      composepost: Handle existing absolute symlinks
      cxxrsutil: Drop use of `&mut` in `gobj_wrap()`
      Prune container image layers during cleanup too
      Update to ostree-ext 0.10, glib 0.16, cap-std 1.0
      sysroot: Centralize layer prune + logging
      lockfile: Port to non-deprecated chrono APIs
      upgrader: Can't currently check-only in container flow
      upgrade: Make image pruning idempotent
      override: Honor `--install` in container case too
      docs: Document registry auth
      composepost: Port selinux timestamp tweaks to cap-std
      README.md: More clearly link to container bits
      Use default `all` rule for bindings
      daemon: Make failure to query base image non-fatal
      Update to ostree-ext 0.10.1
      Release 2022.17

Jonathan Lebon (7):
      packaging/spec: Upstream "Disable LTO on 32 bits"
      packaging/spec: Drop el8-specific block
      docs: Make clearer that `initramfs --enable` involves dracut
      man: drop `ex` prefix on initramfs-etc command
      man: move `initramfs-etc` to right after `initramfs`
      man: mention `initramfs-etc` in `initramfs` docs
      app: Make `initramfs-etc` help string more explicit

Joseph Marrero (1):
      cliwrap/kernel_install: use original systemctl when running dracut

Luca BRUNO (1):
      importer: fix translation of top directories

dependabot[bot] (11):
      build(deps): bump futures from 0.3.24 to 0.3.25
      build(deps): bump cxx from 1.0.79 to 1.0.82
      build(deps): bump libc from 0.2.135 to 0.2.137
      build(deps): bump serde_json from 1.0.87 to 1.0.89
      build(deps): bump rayon from 1.5.3 to 1.6.0
      build(deps): bump serde from 1.0.147 to 1.0.148
      build(deps): bump chrono from 0.4.22 to 0.4.23
      build(deps): bump cxx-build from 1.0.81 to 1.0.83
      build(deps): bump indicatif from 0.17.1 to 0.17.2
      build(deps): bump rustix from 0.36.4 to 0.36.5
      build(deps): bump openssl from 0.10.42 to 0.10.44

-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg5CRAd4pqfdf6DWMgvDhrcq1x8Q
gQPSQHIoZaiiRTt68AAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQD49w7kXNafZSiQJIcmKNYfvPfme48c/GqcA+unajguEpGUYcmOw41r+G+a5CcsNB8
n6kzgDJKcHL6uL5C9GJgE=
-----END SSH SIGNATURE-----

v2022.16

Client

• Rebasing to a container refspec has now been declared stable and no longer
  requires the --experimental flag.
• Include version in rpm-ostree status output even when deployed from a
  container.
• Improve container-related documentation.
• Prune previous container payloads during rebase.

Compose

• Support a new repovars experimental treefile key. This key feeds into the
  librepo URL variable substitution logic. This is useful for the case where the
  same repo files are used by multiple streams and e.g. the baseurl needs to
  be templated by more than just releasever and basearch.
• Support rpm-ostree compose image --label to directly add labels to the OCI
  image.
• Workaround a recent semanage bug causing the SELinux policy to be recompiled
  on client systems even when unneeded. If you've been using Fedora 37 before
  GA, your system may be unnecessarily carrying a customized SELinux policy.
  This is harmless (base policy updates still take effect) but less efficient.
  You can get back to the original policy by following
  these steps.
• Make container: true imply more appropriate defaults like selinux: false
  and tmp-is-dir: true.

Internals

• Update CI to Fedora 37.
• Fix some new compiler warnings.
• Port more Rust code from openat to cap-std
• Improve error-reporting in importer path.
• Stop using deprecated interrupt safety librpm API on rpm 4.18 and newer.
• Fix a memory leak in the core.

Colin Walters (27):
      tests/override-kernel: Adapt for Linux kernels newer than 5
      ci: Fix references to old FCOS location
      util: Fix `-fpermissive` warning
      Add version to status even for containers
      treefile: Make `container: true` opt-in to saner defaults
      build-sys: Don't delete systemd units in `make clean`
      Update to ostree-ext 0.9
      docs/container: Flesh out a bit more and tweak
      Stabilize container functionality
      docs/container: Explain you can upgrade too
      Always use merge commit for container deployments
      compose/image: Add `--label`
      Update to ostree-ext v0.9.1
      daemon: Query container image commit
      When rebasing, prune previous container by default
      composepost: Port a few bits to cap-std
      composepost: Port default target bits to cap-std
      composepost: Port remove files handling to cap-std
      composepost: Port script function to cap-std
      composepost: Port rpmdb symlinking to cap-std
      composepost: Port os-release handling to cap-std
      composepost: Port outer wrapper function to cap-std
      composepost: Port one test to cap-std
      composepost: Port directory size computation to cap-std
      composepost: Port altfiles mutation to cap-std
      build: Compile with rpm 4.18
      packaging/spec: Add a dummy changelog

Jonathan Lebon (11):
      libpriv/postprocess: work around semanage bug
      ci: Update for Fedora 37
      ci: Run "Build Integration Test Data" GHA privileged
      core: Plug leak in vars dir handling
      rust/extensions: Copy `directory` field to generated treefile
      app/compose: Factor out helper to set repos dir
      app/compose: Clear out vars dir
      treefile: Support `repovars` key
      Release 2022.16

Luca BRUNO (1):
      libpriv/importer: bubble up filepath errors