rpm-ostree gained PolicyKit support, contributed by Kalev Lember. This
is a major new feature, as it lays the groundwork for e.g. a gnome-software
frontend. Further, having this support in the core closes a longstanding
architectural gap between the traditional dnf uid 0 commandline-only approach and
PackageKit. Now, there's one consistent authorization policy for host software
installations; we might even start discouraging use of `sudo rpm-ostree`.
Another feature which was added this release is experimental support
for overriding base packages. Traditionally, one was only able to *add* onto
the base layer with package layering. However, there are situations where
mutating the base layer itself is desirable. For example, it is now possible
to update a base package using the new `rpm-ostree ex override replace`
command. A similar `remove` command can be used to drop base packages.
Of course, such modifications should be done with care, since they in
effect "void" the warranty implied by an ostree commit. However, these
powerful semantics enable us to take the image/package hybrid paradigm
to a new level.
We've also cleaned up transaction output; the primary one here is that we
no longer print GPG status during pulls. The status commandline also
condenses GPG verification results.
There's scattered other small work, like logging more information into
the journal, adding a Title to the DBus API to render transaction status,
handling RPM script interpreters correctly, and various CI/testing improvements.
Colin Walters (22):
Bump libglnx, port to new tmpfile API
postprocess: Some porting to new style
Update libglnx
Add human-readable Title to transaction, render in status
daemon: Plug leak of AddMatch rules for RegisterClient
compose: Error out early if treecompose-post isn't executable
upgrader: Remove duplicate #defines
upgrader: Add user-inaccessible private dir for rootfs checkouts
scripts: Unlink our temporary post scripts
tests: Use G_DEBUG=fatal-warnings for daemon
treecompose: Add various g_prefix_error()
daemon: Render txn data a bit more nicely
daemon: Differentiate in logs between "client" and "caller"
Remove all tabs ⭾ in *.[ch] and add a CI check for them
daemon: Log caller uid
postprocess: Style porting
cmdline: Stop printing GPG results during pulls
status: Use more concise GPGSignature without --verbose
libpriv/passwd: Port to new style
scripts: Port some to new style, minor cleanup
lib/scripts: Handle script interpreters
libpriv: Some style porting
Jonathan Lebon (63):
compose: use test env fedora.repo file instead
vmsync: also pull ostree from build container
main: make `rpm` subcommand a proper alias
main: delete duplicate GPG sig printing function
main: deduplicate subcommand handling
app: more conversion to new style
core: absorb RpmOstreeInstall into RpmOstreeContext
core: auto-call download_metadata()
upgrader: factor out sack_has_subject
origin: add helper to check if local assembly needed
upgrader: drop unnecessary malloc for tmprootfs
upgrader: refactor to improve legibility
livefs: fix nested continue bug in optimization
core: drop unused argument to assemble_tmprootfs
origin: drop GCancellable arg and rename function
app: add experimental support for pkg removals
vmcheck: create new test-basic.sh test
vmcheck: add new test for override remove
origin: avoid double lookup on hash table removals
core: don't use rpmfiles if missing
util.h: add helper macro for proper English pluralization
ci: add centos build checker
status: don't use autoptr() on generated objects
deploy transaction: append to txn title in piecemeal
rpmostree-dbus-helpers: generalize pkg sorting
vmoverlay: overlay on default checksum, not booted
deploy: use consistent argument names
postprocess: use glnx_throw helpers to add details
postprocess: stronger handling for sepolicy in /var
postprocess: always nuke /var/run
postprocess: add explanatory comment re. /var/run
core: fix error message construction
rpm-utils: fix pkglist printout
deploy transaction: factor out local RPM importing
upgrader: fix missing goto out
vmcheck: also clear repo metadata between tests
libglnx: bump for GLNX_HASH_TABLE_FOREACH macros
status: rename RequestedPackages to InactiveRequests
override remove: allow inactive removals
postprocess: prefix more errors
tests: merge cache_branch_to_nevra into test-utils
core: factor out pkgcache nevra to branch lookup
unpacker: encode NEVRA info in commit metadata
upgrader: make metadata tmp dir part of upgrader
rpm-util: factor out get_by_pkgname
libdnf: bump for stale cache fix
tap-test: fix typo and actually create .test marker
tap-test: create tmpdir in /var/tmp
check/test-utils.c: assert no error first
tests: add libtest.c for binary tests
tests/check: remove test-compose.sh
libtest: add build_rpm function
tests: transition to build_rpm
build_rpm: print out nevra rather than just name
vmcheck: handle livefs reruns stronger
sysroot-core: minor style updates
core: plug leak from ignore_scripts hash table
core: make cachebranch finder function public
app: support `ex override replace` for local RPMs
ci: make compose test required
ci: start testing on F26
core: only update repos enabled for packages
codebase: partial porting to new style
Kalev Lember (5):
Add polkit support
ci: Install polkit-devel for c7-build
libbuild.sh: Install polkit-devel
Don't use polkit when running on the session bus
daemon: Install dbus introspection files
Git-EVTag-v0-SHA512: 97ae1588c3b7a4bf82a47fa840a47fe4e36417fec767907c7be054c688de325a3f9bd73188eb72719b7b1a406ce9e1980544549bfd1268e5c0755fadbbd2ab0f
