2020.4
ostree 2020.4
By far the biggest change in this release is new ed25519 signing support, powered by libsodium.
See: #1233
ostree commit
gained a new --base
argument, which significantly simplifies constructing "derived" commits, particularly for systems using SELinux.
Handling of the read-only sysroot was reimplemented to run in the initramfs and be more reliable. Enabling the readonly=true
flag in the repo config is recommended.
Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on NFS.
lib: Coerce flags enums to GIR bitfields changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection consumers (but not C).
A new timestamp-check-from-rev option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS.
Several fixes and enhancements were made for "collection" pulls including a new --mirror
option.
The ostree commit
command learned a new --mode-ro-executables
which enforces W^R semantics on all executables.
A new commit metadata key (OSTREE_COMMIT_META_KEY_ARCHITECTURE
) was added to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying.
Some new tests are being written in Rust, and ostree now itself uses the Rust ostree bindings for tests; work on this is ongoing.
The pull
command learned a new --per-object-fsync
which restores the original libostree behaviour of fsync
ing each object as they are written. This makes the overall operation take much longer, but exhibits an I/O latency profile friendlier to neighbouring processes (such as databases) that also invoke fsync
. This will be used in OpenShift for example, where etcd latency is crucial.
Future work
There's a lot in the pipeline, including better handling of the /boot = /
case, static delta inline signatures, more CI work, etc.
Git shortlog
AJ Jordan (1):
Fix typo
Colin Walters (62):
main/pin: Fix usage of GError
tests: Rework tests/installed → tests/kola
tests/kola: Two test fixes
main/commit: Rework control flow to use --tree=X path
tests/pull-repeated: Bump up retries to match max fails
repo/commit: Add support for --selinux-policy-from-base
build-sys: Print libsodium status at end of configure
sign-ed25519: Convert some functions to new style
sign-dummy: Convert to current code style
signing: Remove g_debug(__FUNCTION__)
lib: Add error prefixing for sysroot load and repo open
sysroot: Reorganize sysroot load code a bit
lib: Squash two gtk-doc warnings
tests/pull-sizes: Disable xattrs everywhere
pull: Update key loading function to match error style
commit: Add --base argument
OWNERS: add d4s to reviewers
Only enable "dummy" signature type with opt-in env variable
lib/pull: Two cosmetic internal function renames
Change signature opts to include type, cleanup error handling
ci: Build minimal without libsodium too
Use `sign-ed25519` for the feature name
travis: Add some libsodium coverage
lib: Move internal binding verification API to repo.c
lib: Move pull struct definition into repo-pull-private.h
lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
deploy: Add --no-merge
finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
tests/staged-deploy: Cleanup initial state
signing: Add #define OSTREE_SIGN_NAME_ED25519
commit: Add --mode-ro-executables option
ostree-prepare-root: Requires=sysroot.mount
remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF
signing: Change API to create instances directly
tests/staged-delay.sh: New test
pull: Further cleanup signapi verification
finalize: Add RequiresMountsFor=/boot too
ci: Install kola tests
pull: Only have API to disable signapi for local pulls
ci: Test for clock skew
admin-test: Show err.txt on unexpected failure
pull: Add support for sign-verify=<list>
Move ro /sysroot bind mount of /etc into initramfs
tests/kola: Move to tests/kolainst
Add new Rust-based tests
remote-add: Default to explicit sign-verify backends
pull: Add error prefixing with specific object when parsing
bupsplit: rustfmt(*)
tests/rust: Extract a with_webserver_in helper wrapper
commit: Note in help that --base takes an argument
core: Add OSTREE_COMMIT_META_KEY_ARCHITECTURE
tests: Add a pre-signed-pull.sh test
sign/ed25519: Output failed signatures in error message
signapi: Change API to also return a success message
libostree-devel.sym: Remove nonexistent stub symbol
core: Add documentation for ostree_commit_get_timestamp()
sysroot: Remove unimplemented ostree_sysroot_lock_with_mount_namespace
tests: Port to Debian autopkgtest reboot API
tests: Add needs-internet tag for webserver bits
pull: Also append bytes written
pull: Add --per-object-fsync
Release 2020.4
Dan Nicholson (1):
lib: Coerce flags enums to GIR bitfields
Denis Pynkin (80):
Add libsodium dependency
lib/sign: initial implementation
sign: add new builtin for signing
sign: allow to sign commits from CLI
lib/sign: enable verification for pulling
tests: add test for commits sign/verification
sign: API changes for public keys and CLI keys format
builtin/sign: allow to provide the file with public keys
tests/sign: check public keys load from file
builtin/sign: remove libsodium-specific code
sign: fix unneeded objects creation
sign: fix error return for dummy module
builtin/sign: remove libsodium dependency
sign: fixes for ed25519 for loading public keys from files
sign: check signatures for pulled commits
tests/sign: add initial test for pulling
lib/sign: disable mandatory signature check
lib/sign: add support of file with valid keys for remote
lib/sign: read ed25519 public keys from well known places
builtin/sign: allow to sign with keys from secret file
tests/gpg: skip test in JS if GPG is not supported
sign: fix memory leaks and code cleanup
builtin/sign: allow to use multiple public keys for verification
lib/sign-ed25519: cleanup unneeded code
lib/sign: public API optimisation
lib/sign: allow to add keys as base64 string for ed25519
sign: use common function for loading public keys during pulling
lib/sign: minor optimisation for ed25519
lib/sign: add ostree_seign_clear_keys function
lib/sign: add revoking mechanism for ed25519 keys
builtin/sign: add option 'keys-dir'
tests/sign: check system-wide config and revoked keys
man: document `ostree sign`
bash-completion: add completion for `ostree sign`
apidoc: add API documentation for signing interface
man: document commit signing
bin/pull-local: add --sign-verify
tests/libtest: add functions for ed25519 tests
tests/sign: use library functions for ed25519 keys
tests/local-pull: test "--sign-verify" option
bin/remote-add: added "--no-sign-verify" option
tests: use option "--no-sign-verify" for adding remote
tests/sign: disable GPG for alternatively signed pull
lib/sign: allow to build with glib version less than 2.44
lib/sign: use separate public and secret keys for 'dummy'
tests/sign: add verification key for pulling with dummy
lib/sign: fix the false failure while loading keys
tests/sign: allow to start pull test without libsodium
lib/sign: new function for summary file signing
bin/summary: add signing with alternative mechanism
lib/repo-pull: verify signature on summary pull
tests/sign: new test for summary file verification
man: add signature options for ostree summary
gpg: do not fail GPG-related configuration get for remote
lib/repo-pull: change sign supporting functions
lib/repo-pull: set default for sign-verify-summary
lib/repo-pull: add signature check while fetching summary
bin/pull-local: add --sign-verify-summary
lib/sign: make dummy engine non-public
lib/sign: make ed25519 engine non-public
lib/sign: better error handling of ed25519 initialization
lib/repo-pull: return error from signing engine
lib/repo-pull: return errors from signature engines
tests/sign: added check with file and single key on pull
sign-ed25519: Convert functions to new style
sign-dummy: optimize ostree_sign_dummy_data_verify
lib/sign: convert ostree_sign_summary to new style
tests/sign: check pull failure with invalid remote options
lib/sign: return false for non-implemented functions
sign-pull: improve error handling
ostree-repo: improve error handling
lib/repo-pull: fix GPG check while pulling remote
Add ci_pkgs to travis-install.sh
Fix the lost line separator
Add the same config options for distcheck
tests/signed-commit: fix the test of well-known places
sign: rename option for enabling ed25519
signapi: expose metadata format and key
sign/ed25519: fix the abort in case of incorrect public key
sign/ed25519: fix return value if no correct keys in file
Felix Krull (1):
lib: fix typo in function docs
Frédéric Danis (1):
lib/deltas: convert ostree_repo_static_delta_generate to new style
Javier Martinez Canillas (1):
grub2: Don't add menu entries if GRUB supports parsing BLS snippets
Jonathan Lebon (17):
Post-release version bump
bin/diff: Clarify documentation around REV and DIR syntax
lib/pull: Don't leave commits pulled by depth as partial
ci: Adapt to use new fcosKola semantics
lib/commit: Add more error prefixing
lib: Rename function for staging dir check
lib/commit: Check that dirent is a directory before cleaning
lib/pull: Add `timestamp-check-from-rev`
lib/upgrader: Pull with `timestamp-check-from-rev`
tests/admin-test: Ensure that commits are 1s apart
switchroot/remount: Neuter sysroot.readonly for now
tests/admin-test: Fix --allow-downgrade check
libglnx: Bump to latest
ci: Import latest ci-commitmessage-submodules from rpm-ostree
ci: Remove libpaprci/ directory
lib/repo: Handle EACCES for POSIX locking
ci: Constrain parallel build jobs
Matthew Leeds (4):
lib/fetcher-util: retry download on G_IO_ERROR_PARTIAL_INPUT
find-remotes: Add a --mirror option
Don't copy summary for collection-ref mirror subset pulls
tests: Check that example symbol isn't released
NEPO (1):
README.md: Fix link to CONTRIBUTING.md
Stefan Agner (7):
docs: clarify archive repo type
docs: extend object type documentation
docs: extend repository types
deploy: support devicetree directory
man/checkout: fix short name option of --user-mode
checkout: use FILE as option argument string for --skip-list
man/checkout: document missing options
William Manley (1):
OWNERS: Uncomment @wmanley
Git-EVTag-v0-SHA512: b65a23ebc1de1b33d886657720c84cffdf9a67e4a154e732693a986a8b2f781c36574e509acf329b835354116bcdabde55a96084f06e5abcb77f6e02e09779f4