Releases: coreos/rpm-ostree
2021.1
rpm-ostree ex apply-live
In this release, the functionality formerly known as rpm-ostree ex livefs is now known as rpm-ostree ex apply-live, and it's been placed on a much firmer technical foundation and is considered much safer to use. It's still under ex because we may make some interface changes, and we hope to gather feedback.
Concretely apply-live now uses a "transient" overlayfs instead of mutating any persistent filesystem. This makes it robust against power loss while the running filesystem is being changed. We no longer push a rollback deployment, etc. Stated a different way: if something goes wrong, all you need to do is reboot.
Countme support
rpm-ostree now ships an rpm-ostree-countme.timer unit which fulfills the same purpose as the DNF countme feature. This will allow Fedora counting of installed systems to include rpm-ostree-based variants like Fedora CoreOS, Fedora Silverblue, and Fedora IoT, while still preserving user privacy.
Note the unit is currently not enabled by default. For more information, including how to disable it, see the docs.
override replace directly from Bodhi/Koji
Another notable feature in this release is support for directly pulling builds from current Fedora testing/build tools Bodhi and Koji.
Now with rpm-ostree v2021.1 you can run e.g.:
$ rpm-ostree override replace https://bodhi.fedoraproject.org/updates/FEDORA-2020-2908628031
to directly pull in a single Bodhi update applied relative to your booted system (presumably a stable stream) without changing anything else. You can also pull in Koji builds (that may or may not be in a Bodhi update):
$ rpm-ostree override replace https://koji.fedoraproject.org/koji/buildinfo?buildID=1625029
This allows you to more directly interact with Bodhi's current model of testing individual updates.
Note that like all usage of override replace, these versions are "pinned" until explicitly removed with a variant of rpm-ostree override reset.
(This does combine with apply-live so you can more easily test out changes)
Default to sqlite in F34+
Fedora 34 rpm-ostree based systems will switch to the sqlite backend by default, silencing a warning about use of the bdb backend.
Shared library "hollowed out"
Quite a while ago rpm-ostree started shipping a shared library librpmostree-1.so.1.0.0; mainly it's used by e.g. gnome-software to display package diffs between ostree commits. However this created a problem later because we duplicated a lot of code between our binary and the shared library, and that in turn caused unnecessary bloat. The build system and implementation of the shared library was reworked to fork off the binary and parse its output. This reduced the size (debug symbols stripped) from ~2.6MB to 320k (-~88%).
Internals: FFI and Rust
Large portions of rpm-ostree have already been ported to the Rust programming language, in order to improve the overall level of safety and resilience of the project.
To further accelerate this transition, since the last release we are using cxx.rs as a code generation helper, which has the compelling feature of supporting fully safe bidirectional calls between C++ and Rust.
This required switching the C code to "C that builds in C++ mode". For the sake of clarity though, the goal here is to accelerate our transition to Rust, not to rewrite rpm-ostree code in modern C++.
Colin Walters (123):
main: Convert to C++
Port rpmostree-sysroot-upgrader to C++
Port rpmostree-sysroot-core to C++
Port rpmostree-deployment-utils to C++
Port rpmostreed-os to C++
Port rpmostreed-transaction-types to C++
Rename `ex livefs` to `ex apply-live`
apply-live: Print a success message
service: Explicitly RequiresMountsFor=/boot
transaction: Also log to journal when processes connect to txn
msrv: Bump to Rust 1.48.0
daemon: Record the agent ID in the journal
spec: Propagate Fedora default rustflags
Port rpmostree-output to C++
Port rpmostree-composeutil to C++
Port rpmostree-passwd-util to C++
shlib: Make basearch APIs call `/usr/bin/rpm-ostree shlib-backend`
lib: Drop dependencies on internal librpmostree-priv
buildsys: Compile daemon code directly with binary
tests: Disable C unit tests
buildsys: Unify build of binary and internal shared library
lib: Make varsubst_basearch propagate errors
More C++ porting, round 6
Port rojig2commit to C++
Port compose-builtin-rojig to C++
Port rpmostree-util to C++
Port rpmostree-libbuiltin to C++
Port rpmostreed-transaction-livefs to C++
Port rpmostree-refts to C++
Port rpmostree-libarchive-input-stream to C++
Port rpmostree-scripts to C++
Port rpmostree-unpacker-core to C++
Port rpmostree-importer to C++
Port rpmostree-rojig-client to C++
Port rpmostree-origin to C++
Port rpmostree-rojig-assembler to C++
Run rustfmt, and fix CI check for it
Port rpmostree-json-parsing to C++
Port rpmostree-editor to C++
Port rpmostree-pkg-builtins to C++
Port rpmostree-builtin-reset to C++
Port rpmostree-builtin-override to C++
Port rpmostree-builtin-usroverlay to C++
Port rpmostree-builtin-refresh-md to C++
Port rpmostree-builtin-livefs to C++
Port rpmostree-builtin-upgrade to C++
Port rpmostree-builtin-rollback to C++
Port rpmostree-builtin-deploy to C++
Port rpmostree-builtin-reload to C++
Port rpmostree-builtin-rebase to C++
Port rpmostree-builtin-cancel to C++
Port rpmostree-builtin-cliwrap to C++
Port rpmostree-builtin-cleanup to C++
Port rpmostree-builtin-initramfs to C++
Port rpmostree-builtin-initramfs-etc to C++
Port rpmostree-builtin-status to C++
Port rpmostree-builtin-ex to C++
Port rpmostree-builtin-testutils to C++
Port rpmostree-builtin-shlib-backend to C++
Port rpmostree-builtin-db to C++
Port rpmostree-builtin-start-daemon to C++
Finish removing `ex container` code
Port rpmostree-builtin-finalize-deployment to C++
Port rpmostree-db-builtin-dif to C++
Port rpmostree-db-builtin-list to C++
Port rpmostree-db-builtin-version to C++
Port rpmostree-override-builtins to C++
Port rpmostree-polkit-agent to C++
Port rpmostree-builtin-kargs to C++
Port rpmostree-builtin-compose to C++
Port rpmostreed-daemon to C++
Port rpmostreed-utils to C++
Port rpmostreed-sysroot to C++
Port rpmostreed-errors to C++
Port rpmostree-package-variants to C++
Port rpmostreed-os-experimental to C++
build-sys: Remove --enable-installed-tests
build-sys: Remove --with-bubblewrap
build-sys: Remove RHEL7 autotools backport
build-sys: Drop autoconf bits to find dbus service directory
apply-live: Print a package diff
buildsys: Make one big rpmostreeinternals.la, enable unit tests again
ci: Introduce install-extra-builddeps.sh
Use cxx-rs for core.rs
Use cxx-rs for utils.rs download_to_fd
Use cxx-rs instead of gresources
Move "ignored script list" to Rust, drop gperf
Rework bindgen/cxx.rs usage and CI build
Makefile.bindings: Use content-based change detection
Add a partial reimplementation of origin parsing in Rust
ci: Don't run autotools twice
Add support for some GObject bridging to cxx-rs
Bump to cxx-rs 1.0.20
Use cxx-rs for live-apply
lib: Cleanup `#include <>`s
Port initramfs Rust code to cxx-rs
util: Remove `#ifdef __cplusplus`
Move some client argument handling to Rust
Complete move to cxx-rs for utils
Port cliwrap FFI to cxx-rs
Port composepost to cxx-rs
tests: Fix rsync of base rpmdb with sqlite
Port Rust journal bits to cxx-rs
Add fedora-integration: Support `override replace https://bodhi/...`
Also print Rust-side features/cfg in `rpm-ostree --version`
With vendored source, use cargo build --offline
configure: Update contact email
Rename livefs → apply-live in more places
journal: Add filters for _UID=0
testutils: Port to cxx-rs
Add a Rust helper to create a sealed memfd, use in shlib backend
scripts: Pass script as a memfd
testutils: Add script-shell, remove shell wrapper
apply-live: Avoid clobbering changes in /etc
rust: Add CxxResult
rust: Update to openat-ext 0.1.10
rust: Fix a pub(crate) warning, add a few doc comments
apply-live: Extend /etc test case
rust: Port progress.rs to cxx-rs
scripts: Use bwrap --ro-bind-data rather than mutating target
scripts: Rework /var/lib/rpm-state creation, port to new style
Release 2021.1
Update configure.ac
Jonathan Lebon (8):
Default to sqlite rpmdb backend on f34
Makefile-rpm-ostree: fix path to cbindgen.toml
spec: Minor tweaks
ci/install-extra-builddeps: Drop --root=/usr arg
ci: Add `~/.cargo/bin` to PATH in Prow path as well
Makefile-rpm-ostree: Link to librt
core: Allow overriding downloaded RPMs target dir
app/compose: Drop rojig-related prototypes
Luca BRUNO (1):
libpriv/passwd: move passwd database to Rust
Timothée Ravier (3):
countme: Add DNF Count Me support
Cargo.lock: Update for DNF Count Me support
Remove now unused mkdocs.yml
dependa...
2020.10
A quick fixup on top of https://github.com/coreos/rpm-ostree/releases/tag/v2020.9
Colin Walters (4):
rust: Add deny(unused_must_use)
Port rpmostree-kernel to C++
Fix and improve support for rpmostree-rust.h being pre-generated
Release 2020.10
2020.9
rpm-ostree v2020.9
Client
The ex livefs command was completely rewritten and moved to a much safer foundation.
Bugfixes:
override replacewith the kernel works again- libdnf plugins are explicitly disabled
- Another 32-bit printf fix
Composing
No real changes.
Internals
- Our CI is now on Fedora (CoreOS) 33 and tests were fixed for that
- Investigating https://cxx.rs/ and moving some code to C++, but the end game is mostly Rust!
- Some further small parts were rewritten in Rust.
Colin Walters (20):
Rewrite livefs
service: Enable ProtectHome=true
livefs: Fix --target, add --reset and print diff
tree-wide: Add extern "C" wrapping to our headers
scripts: Neuter RHEL8 nvme-cli %post
Convert some code to compile in C++ mode
Remove ex-container
compose: Use static enablement for ostree systemd services
bindgen: Bump to 0.15
tests: Add case for running rpm -q in a %post
Add a helper move_nullify
app: Port dbus-helpers to C++
Port rpmostree-postprocess to C++
Port rpmostree-core to C++
Port rpmostreed-transaction to C++
Move bindgen into tooling/, add dependabot
Move the main Rust infra (i.e. Cargo.toml) to the toplevel
upgrader: Inject --no-hostonly again if no initramfs-args
livefs: Fix GVariant refcounting
Release 2020.9
Jonathan Lebon (6):
core: Disable libdnf plugin loading
rust: Move to new systemd journal API for opening
daemon: Drop CreateOSName
app/history: Limit entries to print to 3
history: Use shorthand struct initialization
libpriv/scripts: Fix uint64 printing
Luca BRUNO (4):
tests/jsonutil: update invalid specifier
Revert "ci: Freeze FCOS commit to f32"
tests/override-kernel: support f33
core: add a guard for temporary-etc context and move to Rust
Prajna Sariputra (1):
docs: Update links to the OSTree documentation
Timothée Ravier (1):
rust: Fix various clippy warnings
dependabot[bot] (16):
...omitted...
2020.8
Mainly two compose side fixes that will help coreos-assembler.
Besides that, some smaller code cleanups.
Colin Walters (7):
daemon: Rewrite some core initramfs-overlay logic in Rust
rust/lockfile: Use from_glib_full to avoid manual free
scripts: Link to lua issue on error
treefile: Fix hashing of externals
compose: Add --previous-commit
Remove coreos-rootfs command
Release 2020.8
Jonathan Lebon (2):
Drop use of `volatile`
ci: Freeze FCOS commit to f32
Luca BRUNO (1):
sh: fix bash shebang
dependabot[bot] (2):
build(deps): bump anyhow from 1.0.33 to 1.0.34 in /rust
build(deps): bump libglnx from `1dd01d5` to `493d399`
Git-EVTag-v0-SHA512: 6e4c1d1752195dfdef2c80f0c9d5d7091b6c5abfe0d96bf499a3a7fe717b5ae05ab560341a80e1391a579e36c204299abd8db88c59f847353874836e808c3d02
v2020.7
v2020.6
There is a new ex initramfs-etc command that can be used
to inject local configuration from /etc into an additional initramfs
image. This is still experimental, but we plan to use it
for "complex root devices" for Fedora CoreOS at least, and it can
also be used for cases like dracut LUKS keyboard layouts.
PR: #2170
The "rojig" (embed ostree in RPM) functionality is now
disabled by default.
(If you are using it, please tell us!)
Ensure you're using boot-location: modules, as the current default
boot-location: new is deprecated.
The only reason to use boot-location: new is if you care
about upgrading directly from very old versions of ostree.
At some point it's likely that this configuration option will
be removed entirely.
This release also contains portability bugfixes (for 32bits ARM) and
improvements to the transaction logic, enhancing overall reliability.
Documentation is cleaned up and moved from readthedocs.io to
Github pages, the new site is: https://coreos.github.io/rpm-ostree/
Various CI fixes.
Various Rust cleanups (particularly around FFI).
Colin Walters (18):
tests: Loosen regexp for French date
transaction: Port to declare-and-initialize style
sysroot: Log when forcibly closing a transaction
client: Close DBus connection before calling reload
transaction: Unlock more reliably at txn finish
daemon: Defer reload to an idle
Add --enable-rojig, disable by default
Make /run a directory in scripts
sysroot: Fix usage of sd_journal_send on 32 bit
compose: Print a warning with boot-location: new
Update to openat-ext 0.1.8, use new file writing API
rust: Enable lto by default
Remove ffi_view_str/ffi_new_string functions
composepost: Fix to use write_all()
treefile: Directly write to String
rust: Use Borrow<GString> in a few places
Disable `boot-location: new` test
Release 2020.6
Jonathan Lebon (11):
rust: adapt to new systemd journal API
ci: Run C unit tests too
README.md: Keep it short and sweet
tests/compose: Bump FCOS config commit to test
rust/treefile: Use shorthand initialization for Treefile
tests/compose: Drop FCOS postprocess scripts
tests/compose: Check filecaps of arping instead of ping
dependabot: Drop pull request limit to 3
rust: Update deps
rust/libdnf-sys: Drop Cargo.lock
Add new `ex initramfs-etc` command
Luca BRUNO (2):
daemon: drop an unused sysroot parameter
daemon/syscore: push livefs introspection to Rust
Timothée Ravier (10):
docs: Add Jekyll and theme config
docs: Unify and update README and Index page
docs: Update Contributing page
docs: Update Repo Structure page
docs: Move and update Background page
docs: Move and update Client administration page
docs: Move and update Compose server page
docs: Move and update Treefile page
docs: Import Hacking page
docs: Import Release page
v2020.5
This is mostly a bugfix release.
One important fix is adapting to the change in Fedora to transition the rpmdb
to SQLite. This would
result in Fedora 33 composes using the new backend, making it harder for users
with layered packages to rebase (see
bugzilla.redhat.com/show_bug.cgi?id=1876194#c3).
As a result, there is now an rpmdb key in the treefile which can take e.g.,
bdb or sqlite but which defaults to bdb. This means that f33 composes
will for now keep using BDB, allowing for smoother rebases. Content providers
can opt into the new SQLite backend when convenient.
Another fix worth mentioning is a major improvement in how layered packages are
handled: rpm-ostree now correctly picks older versions of layered packages if
needed to satisfy base packages. This will help solve the "split base/layered
package mismatch" in
combination with pending work in Fedora at least to publish older versions of
RPMs. Additionally, when a solution is not possible, the error message prints
exactly what the conflict is.
Otherwise, there is the usual churn around CI. For example, the MSRV is now
1.45.2. There are some preparations for using
ostree-rs more extensively in the future.
Colin Walters (11):
Add testutils generate-synthetic-upgrade
core: Clearly show when no rpm-md repos are enabled
util: Remove an (effectively) unused GCancellable
rust: Fix deprecation warnings
deploy: Don't leak file descriptor passed for local rebases
db-list|version: Remove code to parse `..`
Move the "cbindgen typedefs" to their own file
ci: Use ostree from lockfile
compose: Use user mode checkout for sepolicy
Use ostree-rs, and oxidize more treefile checksumming
compose: Add rpmdb option, default to bdb
Jeff Law (1):
spec: Disable LTO
Jonathan Lebon (9):
app/ex: Drop `reset` alias
libpriv/origin: Factor out helper to set key from hash table
libpriv/kernel: Link initramfs into place earlier
src/{daemon,libpriv}: Better error prefixing
libpriv/kernel: Allow optional initramfs tmpf
ci: bump compose tests timeout to 60 minutes
ci: Bump MSRV to 1.45.2
core: Use SOLVER_LOCK for locking base packages
Release 2020.5
Kelvin Fan (1):
treefile: change `remove-from-packages` implementation
v2020.4
Minor release with some fixes and enhancements for RHCOS.
Server
A symlink from /usr/lib/sysimage/rpm to the rpmdb was added (PR #2154). This
will eventually be the new standard location for the rpmdb on multiple
image-based distros. See this
thread for
details.
Treefiles now support package requests with version requirements again
(PR #2151). Must be quoted, e.g.:
packages:
- foo bar 'baz > 1.0'
- 'boo <= 3.2'Client
Multiple commands learned the --lock-finalization switch which deploy
already understood (PR #2158). This is used in FCOS and may end up being used in
RHCOS as well.
Fix a potential segfault when upgrading from a local repo, i.e. via rebase /path/to/repo:$rev (PR #2178).
Colin Walters (1):
postprocess: Add a symlink /usr/lib/sysimage/rpm to the rpmdb
Jonathan Lebon (10):
Move release instructions to RELEASE.md
ci/installdeps: add distribution-gpg-keys
app: Add --lock-finalization switch to other commands
ci: pull Fedora image from Quay.io
ci: request 2G of RAM for compilation
ci: Constrain parallel build jobs
vmcheck/rojig: Don't use ci.centos.org
ci: Bump MSRV to 1.43.1
daemon/deploy: Finish OstreeAsyncProgress after pull
Release 2020.4
Kelvin Fan (1):
treefile: Allow greater/less than versions for pkgs
Tom Stellard (1):
spec: Use make macros
v2020.3
Release 2020.3
This is a thin release overall, with mostly bugfixes and minor tweaks.
-
rpm-ostree compose treewill now print a warning and incur a 5s delay when not using--unified-core. This is part of our push to eventually making it the default. If you cannot make use of--unified-coreright now and want to avoid the delay, there is an undocumented environment variable you can find. Please follow up to #729 if you need assistance! PR #2098 -
rpm-ostree rebase /path/to/local/repo:refis no longer considered experimental. This has been actively used by RHCOS on OCP4 for a while now. PR #2110 -
Fix a bug in the upgrader where downgrade protection would mistakenly kick in if deploying to a new version that was older than whatever the latest version was last pulled. PR #2096
-
Work around the latest f32
crypto-policiesusing a Lua scriptlet, which we do not yet support, and leaking FIPS mode from the server into composes. PR #2136 -
Fix building on platforms without zchunk support, like RHEL8. PR #2092
Colin Walters (9):
build-sys: Disable zchunk for libdnf if we don't have it
compose: Remove --output-repodata-dir
compose: Add a "warn and sleep" if --unified-core is not provided
tests/kola: Move into tests/kolainst, run installed
rojig-build: Just expand %_isa
test-override-kernel: Support f32
daemon: Add an error prefix in local repo pulls
rebase: Remove requirement for --experimental with local rebases
ffiutil: Format full errors from anyhow
Doug Hellmann (1):
docs/background: Fix benefits and drawbacks formatting
Jonathan Lebon (8):
upgrader: Add more error-prefixing
upgrader: Reset ref before fetching commit by override
spec: Bump version to 2020.2
tests: Make more resistant to releasever changes
app/status: Print missing newline for AutomaticUpdates
libpriv/scripts: Replace crypto-policies lua script
ci: Adapt to workspace being HOME
Release 2020.3
Stephen Gallagher (1):
spec: Fix up conditionals for ELN
2020.2
Various improvements to lockfile handling have been made in this release to accommodate Fedora CoreOS builds. The compose tree command learned a new --ex-lockfile-strict switch which enhances the semantics of --ex-lockfile to ensure that all the packages in the compose are defined in the input lockfiles. Also, there is now a new experimental lockfile-repos treefile entry which ensures that rpm-ostree never picks packages from those repos without a lockfile.
There were a few fixes related to client-side initramfs regeneration. In some situations, rpm-ostree would ignore files from the local /etc. Additionally, dracut is now executed with the same base arguments as those used on the compose server.
As usual, there were a slew of improvements to CI. We now moved to CoreOS CI for PR testing. Additionally, we've started converting some of our vmcheck tests to a new model which uses kola to run the test scripts directly on the host instead of being instrumented from outside the host.
There is a new readonly-executables treefile entry which will automatically strip the writable bits from all executable files in the spirit of W^X.
Support was added to replace the kernel using packages named other than kernel, as long as they have the expected Provides:.
A cliwrap flag was added (not enabled by default) that wraps existing binaries, intending to aid transitioning to rpm-ostree based systems.
PR: #1789
Colin Walters (27):
core,kernel: Set up /etc/passwd for dracut
ci: Pull Fedora from api.ci
rust: Bump to glib 0.8
build-sys: Hard require libostree 2020.1
history: Avoid erroring if no history database to clean
syscore: Add some error prefixing
core: Add error prefixing in import path
importer: Quote filenames with spaces for tmpfiles.d
rust: Start porting from failure to anyhow
rust: Fully remove failure crate
rust/libdnf_sys: Use uninstantiable type rather than wrapper struct
rust: rustfmt(*) and (re)add a CI check for it
core: Add error prefixing when we fail to fetch an rpm-md repo
tests: Start converting some bits into kola ext framework
Add support for wrapping binaries (rpm, dracut, grubby)
ci: Actually run kola tests
ci: Explicitly fetch before build
status: Don't output AutomaticUpdates: disabled by default
tests: Drain more readonly tests into nondestructive/misc
tests/runkola: New script
build-sys: Ignore cosa/kola artifacts
s/RPM-OSTree/rpm-ostree/
tests: Trim out dead code from libtest.sh, rework SRCDIR
tests: Move more code to kola
treefile: Add readonly-executables
build-sys: Remove --enable-new-name
Release 2020.2
Jonathan Lebon (32):
spec: Bump libmodulemd version requirement
ci/msrv.sh: Use SKIP_INSTALLDEPS=1 before building
ci: Move `cargo test` into `ci/msrv.sh`
ci/installdeps: Only builddep from spec file
app/main: Tell libdnf not to look for `dnf.conf` upfront
core: Simplify check for kernel package name
libpriv/kernel: Fix minor comment typo
status: Quote initramfs args if necessary
initramfs: Fix using local /etc when also replacing kernel
tests/compose: Stop freezing on specific FCOS commit
tests/libvm.sh: Bump container run to use f31
compose: Include base dracut args in commitmeta
initramfs: Use dracut args from commitmeta if available
ci: migrate to new coreos-ci project
ci: drop FAHC repo in favour of f31-coreos-continuous
vmcheck: Run vm_kola_spawn separately from if-statement
vmcheck: Work around read-only /sysroot
app/dbus: Suggest `journalctl -xe` if bus owner changes
rust: move libdnf-sys module to its own crate
app/compose: Rename lockfile variables
core: Factor out functions to enable/disable repos
tests/compose: Don't use lockfiles by default
tests/compose: Go back to freezing FCOS commit
core: Use `hy_query_run_set()` for excludes
compose: Add --ex-lockfile-strict
manifest: Add `lockfile-repos` field
app/compose: Fix help string for --ex-lockfile-strict
compose: Allow specifying lockfile-repos only
composeutil: Return NULL instead of FALSE
ci: Download the latest ostree even if from stable repos
ci-commitmessage-submodules: Ignore empty merge commits
Makefile.am: Link with --enable-new-dtags
Luke Blevins (1):
Recognize other kernel packages with provides