@cgwalters cgwalters tagged this Nov 2, 2017 · 660 commits to master since this tag

Assets 2
… are

new `--download-only` and `--cache-only` options.  There are a
few use cases for this.  First, one can more easily set up e.g. a systemd
timer that runs `rpm-ostree upgrade --download-only`.   The inverse
`--cache-only` can be used to initiate an upgrade from cached data, and
further it is used automatically for e.g. `ex override remove`. Related to
these new flags is the addition of a new `refresh-md` command, which
performs a similar function to yum/dnf's `makecache` command.
PR: https://github.com/projectatomic/rpm-ostree/pull/1049
PR: https://github.com/projectatomic/rpm-ostree/pull/1035

On the compose side, we split up the phases of `compose tree`
into three subcommands of `compose`: `install`, `postprocess`,
and `commit`.   The two primary use cases are doing
more custom postprocessing by combining `install` and `commit`,
as well as skipping `install` entirely and putting whatever you
want into the rootfs.  Consider this as "mostly stable" - please try it out if it
meets your needs, but we do reserve the right to change
things for a few more releases if critical issues appear.  This
isn't yet documented extensively; we plan to post more example
usage of this, but it was prototyped out to do a "build in Dockerfile, commit to ostree"
flow.
PR: https://github.com/projectatomic/rpm-ostree/pull/1039

In this cycle, we also landed a related change for `add-files` which
should be useful if you just needed to do a bit more, without
going to a full "split compose" as above.
PR: https://github.com/projectatomic/rpm-ostree/pull/997

One other feature in the still-experimental `livefs` path is
an implementation of `--replace`.  More information in
PR: https://github.com/projectatomic/rpm-ostree/pull/1028
(This is a huge hammer - use with caution)

Package layering should now also be able to correctly handle
RPMs which install their own SELinux packages.

Finally, besides the usual collection of smaller code files, and
some improvements to `ex container` (expect more on that later),
we also landed preparation for moving the RPM database, as
OpenSUSE plans to do so in their next release.  More information:
http://lists.rpm.org/pipermail/rpm-maint/2017-October/006681.html

```
Colin Walters (58):
      libpriv/passwd: Use GLNX_FILE_COPY_NOXATTRS
      libpriv: Remove unused OSTREE_GIO_FAST_QUERYINFO
      lib/postprocess: Use O_TMPFILE, not O_APPEND for tmpfiles.d writing
      ci: Reduce metadata expiration for rdgo
      libpriv/core: Add some comments (and a bit of style porting)
      lib/compose: Maintain /etc as /usr/etc more consistently
      postprocess: Allow add-files into /etc
      libpriv/core: Check cancellable before/after downloading rpm-md
      daemon: Some misc new style porting
      libpriv/scripts: Only log to journal if uid == 0
      tree-wide: Some more misc libglnx porting
      ex-container: Add --cache-only
      Change ex-container to use BARE_USER_ONLY, update core creation API
      libtest: Squash a race in temp webserver setup
      Add test infra for `ex container`, and one test for bash
      bin/compose: Drop workdir variable
      scripts+bwrap: Make script execution cancellable
      app: Call RegisterClient with well-known name, use retry loop
      daemon: Exit on idle after ~10-15 seconds
      app: Add a more reliable helper for finding active transaction
      app: Unify some cmdline txn processing
      WIP: Implement ex livefs --replace
      tests: Use --parent=none rather than deleting the ref
      bin/compose: (minor) Rename treefile variable for clarity
      compose/postprocess: Unlink files in /var as we go
      compose/postprocess: Fix memleak in error path, minor style update
      compose: Clean up internal final postprocess API
      postprocess: Init rootfs earlier
      tree-wide: Use a #define for /usr/share/rpm location
      ex-container: Make /usr/etc/{,g}shadow user-readable
      tests/vmcheck: Wait for HTTP server to start
      bin/compose: (refactor) Hoist metadata hash into compose data struct
      bin/compose: (refactor) Move rootfs_dfd into compose data struct
      bin/compose: (refactor) Split out a constructor function
      postprocess: (refactor) Split out "init rootfs" from "final postprocess"
      scripts: Fix close() → EBADF
      Update libglnx
      bin/compose: Hide no-op --workdir-tmpfs
      tree-wide: Use glnx_autofd
      bin/compose: Clean up ostree version metadata handling a bit
      Make use of new _CONSUME flag to ostree commit
      ex-container: Use shared helper for download+import+rootfs+commit
      ex-container: Make /etc/shadow 0400 on import, not post-checkout
      ex-container: Always use canonical permissions for commit
      compose: Accept NULL treefile for "use defaults" postprocessing
      postprocess: Deal with an already empty /etc/machine-id
      postprocess: Also move RPM database if not done already
      ci: Update CentOS container to current 7
      daemon: Add commit metadata to deployment properties
      status: Render ostree metadata source-title key
      bin/compose: Expose phases as [install, postprocess, commit] cmds
      lib/unpacker: Add repo.timestamp to metadata
      bin/compose: Fix use of EXIT_FAILURE for error paths
      Inline assemble_commit() wrapper into ex-container, the only user
      bin/compose: Do passwd checking in commit, not install
      bin/compose: Print correct final rootfs path
      postprocess: Use names (not ids) in synthesized tmpfiles.d files
      Release v2017.10

Jonathan Dieter (1):
      compose: Copy in additional files before postprocessing

Jonathan Lebon (32):
      libpriv/core: squash a -Wmaybe-uninitialized
      app/status: cleaner diff output for replaced pkgs
      libpriv/scripts: redirect scriptlet output to journal
      tree: some more glnx_fstatat_allow_noent porting
      tree: add vimrc and editorconfig
      Makefile-tests.am: actually support SKIP_INSTALL
      libvm: don't rsync $VMCHECK_INSTTREE
      tests/vmcheck: turn on strict bash mode
      libpriv/core: use final sepolicy when doing final commit
      vmcheck: add SELinux labeling tests
      ci: run clang build with -Werror
      daemon: fix uint negative comparison
      libpriv/core: teach core to use deployment for yum repos
      libpriv/core: allow NULL for treespec
      ci: don't use CentOS Alpha anymore
      libpriv/core: log repo info when downloading rpmmd
      app: add 'refresh-md' command
      app: add -C flag to always use cached metadata
      tests/libvm: use rsync and add yumrepo mode
      tests/vmcheck: add test for refresh-md and --cache-only
      vmcheck: use systemd-run for running post-that-hangs
      daemon: add RPMOSTREE_DEBUG_DISABLE_DAEMON_IDLE_EXIT
      app/uninstall: remove --cache-only option
      daemon/deploy: remove duplicate call to set_origin
      libvm: factor out helpers to start httpd
      libpriv/core: also checksum package action
      app/status: make deprecated --pretty flag hidden
      app: support full offline operations with --cache-only
      app: imply cache-only mode for pkgs removals and uninstalls
      app: add --download-only option
      libpriv/core: use cached repodata checksum for goal
      tree: pass NULL to glnx_fstatat_allow_noent when needed

Git-EVTag-v0-SHA512: 3fb12a5f073041f42ede687b152383ff09aef143bc6ba45e95839e0c6d7e39783e5732cd3f6753c819a0b7c1f0402b949d46a2de068dad88894a5da735edec4a