@cgwalters cgwalters tagged this Jul 8, 2016 · 1389 commits to master since this tag

Assets 2
I've often observed that building construction seems to go in fits
and starts.  The initial skeleton seems to take a long time, then
all of a sudden there are walls, then not much visible activity,
then suddenly there are windows and doors, etc.

This project has been a bit the same way, although I wish I could say
we'd had periods of constant activity.  It's more that we had layers
of technological bases to cross to enable the headlining feature of
this release, which is package layering.

You might have observed that it's been discussed for a long time, with
several previous prototypes.  Now it's finally here in a fairly robust
form.  You can try it out with e.g.:

```
rpm-ostree pkg-add strace
```

This feature fits into a larger story of software management
in Project Atomic:

https://fedorapeople.org/~walters/2016.06-rhsummit-systemcontainers/#/

Package layering is intended for code which runs purely in the host
context, but doesn't make sense to ship everywhere.  Examples include
PAM modules and `NetworkManager-team` (+ `teamd`).

This initial version is (as the command line will warn you) a preview.
However, we will endeavor to continue to support upgrades from systems
with layered packages from this point forwards.

Note that to enable this, rpm-ostree now requires
[bubblewrap](https://github.com/projectatomic/bubblewrap) which is
used to run `%post` scripts and the like.

This is currently a "soft" dependency in that the system will function
without it, but in the longer term it will likely be a hard dependency
as the treecompose functionality moves over to it, and we investigate
using `bwrap` to isolate http fetches, for example.

Don't hesitate to file Github issues with any problems you encounter
while trying out package layering.

Thanks to all contributors!

```
Colin Walters (48):
      README/docs: A few more links around composes
      pkg-add: New builtin to layer additional packages
      core: Dedup hardlink/tempfile code
      daemon: Fix regression in --preview/--check
      core: Checksum package checksums, not just NEVRA for change detection
      tests: Introduce "vmcheck"
      vmcheck: Experiment with the name `nxs`
      status: Import systemd bits to use UTF-8 circle
      status: Move current status display into function
      status: Replace status with key-value output
      daemon: Insert unlocked state into deployment dict
      status: Print unlocked state
      daemon: Cleanup error handling in rpmostreed_os_load_internals()
      daemon: More error handling cleanup for loading deployment metadata
      daemon: Add base-commit to deployment metadata
      Vagrantfile: Bump RAM to 2048, update comment
      daemon: Use `memory` GSettings backend explicitly
      core: Set a useragent
      status: Support --json option
      compose: Explicitly clear out context object before removing rootfs
      core: Verify no %posts for imported packages
      daemon: Convert internal pkg ops booleans into flags
      Add --noscripts concept for pkg-add/delete
      daemon/upgrader: Remove hotfix from origin on upgrades
      core: Go back to not verifying %post
      compose: Support RPMOSTREE_RPM_VERBOSITY
      compose: With --cachedir, retain packages too
      status: Make JSON an object with "deployments" subkey
      status: Print active transaction
      daemon: Unify PkgAdd/PkgDelete into PkgChange
      core: Make unprivileged case ignore ownership, add "_compose" context
      unpacker: Clean up directory perms override
      app: Rename pkg-delete -> pkg-remove and unify codebase
      daemon: Check for GPG signature on base commit, not layered
      core: Remove a stray _percent_progress_end()
      core: Initial implementation of %posttrans using bwrap+rofiles-fuse
      core: Always refresh cache, rather than never
      main: Distinguish "preview" and "experimental" commands
      scripts: Ignore glibc-headers.prein and vagrant*.prein
      core: Store pkg directly rather than leaking nevras
      core: Fix up more nevra leaks
      build: Remove --enable-usrbin-atomic
      Switch to using libhif as a git submodule
      core: Do not attempt to upgrade (or remove) packages from base
      core: Add /var/lib/vagrant -> /usr/lib/vagrant
      core: Use hif_repo_download_packages()
      Adapt to const hif_package_get_nevra()
      Release 2016.4

Gerard Braad (3):
      Correct location of document link     Closes: #352     Approved by: giuseppe
      Links for more information     Closes: #351     Approved by: cgwalters
      Add links to customization resource     Closes: #375     Approved by: jlebon

Jonathan Lebon (55):
      treecompose: fix crash when "remove-from-packages" used
      package-layering fixups
      unpacker: major rework
      output: support printf type usage
      core: major rework
      package layering: major rework
      Makefile-tests.am: add env var to know when in testenv
      test-basic.sh: make subtests more granular
      man page: reorder, reflow, refresh
      man page: add pkg-add and pkg-delete
      tests: no longer use installed tests
      tests: restructure dirs
      add RPMOSTREE_UNINSTALLED_PKGLIBDIR
      rpm-ostree-1.pc.in: fix cflags
      RpmOstreeSysrootUpgrader: update self on override
      libhif: always prefix include directives
      status: print version string in bold
      vmcheck: create a new deployment instead
      Makefile-tests: add toplevel vm* targets
      testenv: include same vars as real test environment
      test-ucontainer.sh: simplify
      tmpfiles.d: rename and re-order
      rpmostree-core.c: squash -Wunused-function
      vmcheck: clean before building and adapt to new json
      vagrant: move helper files to vagrant/
      docs: fix README.md and add HACKING.md
      vmcheck: add a basic test harness
      tests: refactor rpm building and add package foo
      test-layering.sh: basic package layering test
      vagrant: set up ssh for root user
      setup.yml: cache buildimg container
      RPMOSTreeSysroot: add "booted" entry to deployment variant
      sysroot-upgrader: remove csum override on rebase
      daemon: don't try to resolve rev
      buildimg: add new prereqs
      vmcheck: add timeout option for vm_ssh_wait
      Makefile-tests.am: more cleanups and add pkg bar
      hacking: add `make vmoverlay` for faster hacking
      vagrant: use new 'booted' key to get current csum
      vmcheck: strengthen test harness
      test-basic.sh: fix jq filter for new json output
      tests: use our self-built libhif library
      docs: add section about package layering
      daemon: only add base-checksum if pkgs layered
      configure.ac: exit if libhif's cmake fails
      daemon: make deploy work for local branches
      rebase: allow local refs
      vmcheck/test.sh: make more silent and add some bling
      vmcheck: add more pkg layering tests
      Dockerfile.builder: update for building libhif
      vagrant: use sync after deploying
      Makefile-hif.am: link by force and add clean hook
      unpacker: make error prefix a proper prefix
      vagrant/Makefile: add some convenience targets
      postprocess: fix typo in error msg
```

Git-EVTag-v0-SHA512: 85c0a55af8e51a6fe9ed3729bdba8dbce8854f951c863424d408efdccadc27b056b5897097f63e7d33dea9d5ab1aa08250b8a39ee906a220b2cb5a0c3d105b17