v2023.7

Release 2023.7

This is a bugfix release that includes:

• A bootc-lib fix for bootc-dev/bootc#112 which was breaking our builds.
• The fix for #4508 which caused segfaults when any flag was passed between the rpm-ostree command and usroverlay option.

Colin Walters (3):
      man: Describe GPG key behavior
      main: Move usroverlay parsing back to C++ consistently
      usroverlay: Pass arguments to `ostree admin unlock`

Joseph Marrero (1):
      Update bootc-lib

Full Changelog: v2023.6...v2023.7

v2023.6

v2023.6

Release 2023.6

This version of rpm-ostree contains numerous bug fixes and enhancements. Notable features are:

• rpm-ostree now supports the "search" verb allowing users to use rpm-ostree to search for available packages. An example of this is: rpm-ostree search *kernel

• We now generate composefs metadata if ostree was compiled with support for composefs

• rpm-ostree now vendors bootc, and this functionality can be accessed by creating a symlink ln -sr /usr/bin/rpm-ostree /usr/bin/bootc
  This is an experimental feature for now.

Alexander Larsson (1):
      commit: Always enable generation pf composefs metadata if possible

Colin Walters (9):
      postprocess: Use --refresh now
      container: Clarify error for nonexistent previous manifest file
      client: Add an error prefix in deployment path
      main: Update ostree-ext, add provisional-repair entrypoint
      Bump to ostree-ext 0.11.4
      Revert "main: Drop deprecated `container-encapsulate` entrypoint"
      Use cap-tempfile via cap-std-ext
      status: Fix possibly uninitialized warning
      Bump to ostree-ext 0.11.5

Eric Curtin (1):
      kernel: Specify multiple kernel or initramfs in error message

Felix Yan (1):
      docs: correct a typo in Makefile.am

Huijing Hei (4):
      sysuers: fix error if running `groupadd` with `-f`
      passwd: Rename func `data_from_json` to `write_data_from_treefile` and add comment
      passwd: sync `etc/{,g}shadow` according to `etc/{passwd,group}`
      passwd: add `enum PasswdKind`

Joseph Marrero (4):
      ci/test-container.sh: use f37 ignition for replace test
      rust/src/main.rs: Add bootc entry point
      .cci.jenkinsfile: up build pod memory to 6GB
      scripts: also ignore kernel-debug-modules.posttrans

Luke Yang (2):
      Add a `search` CLI verb and DBus API
      Add `kola` tests and fix `Name & Summary` search

Timothée Ravier (2):
      docs: Document ostree native container URL format
      packaging/spec.in: Enable rpm-ostree-countme.timer following presets

New Contributors

• @ericcurtin made their first contribution in #4494
• @felixonmars made their first contribution in #4520

Full Changelog: v2023.5...v2023.6

v2023.5

New features

rpm-ostree can now directly pull container images from containers-storage (e.g. the result of podman build):
rpm-ostree rebase ostree-unverified-image:containers-storage:localhost/mytestimage

Other changes

Adam0Brien (2):
      Add --force-replacefiles to docs/administrator-handbook.md
      Add --force-replacefile to man page

Colin Walters (13):
      daemon: Never do interactive auth for RegisterClient
      Port to clap v4
      compose: Oxidize bits propagating `core.fsync`
      compose: Also propagate ex-{fsverity,composefs}
      build-sys: Use new `tier = 2` from cargo-vendor-filterer
      compose: Adapt to composefs change with `ex-integrity` group
      tests/container-image: Revert use of automatic upgrade trigger
      core: Error out instead of aborting on reinstalls
      importer: Drop non-root files in CPIO check
      tests: Use `-p qemu` for cosa
      Bump to ostree-ext 0.11.1
      Drop isolation when fetching from containers-storage:
      deploy-from-self: Add some error prefixing

Joseph Marrero (2):
      packaging/rpm-ostree.spec.in: use SPDX license identifier
      Release 2023.5

Luke Yang (2):
      Added more override examples
      Sorted builtin commands alphabetically

RishabhSaini (2):
      Update to ostree-ext 0.20, cap-std-ext 2.0
      container: Add --previous-build-manifest

New Contributors

• @Adam0Brien made their first contribution in #4436
  &
• @lukewarmtemp made their first contribution in #4438

Full Changelog: v2023.4...v2023.5

2023.4

Probably the biggest thing here is a fix for
#4284
which affects Fedora Silverblue users.

User visible changes

• app: Add a global -q/--quiet flag by @cgwalters in #4384
• Add a "apply" (reboot) automatic update strategy by @cgwalters in #4392

Notable bugfixes

• Make output handling thread-local by @cgwalters in #4405

Other changes

• Fix typo in error log if initramfs generation fails by @plata in #4380

• rust/ffiutil: Drop dead GError code by @cgwalters in #4365

• lib: Use re-exported oci-spec from ostree-ext by @cgwalters in #4383

• tests/compose-image: Remove workaround as F38 commit reached stable by @jmarrero in #4376

• kargs: Simplify idempotent append and delete operations by @Razaloc in #4161

• scripts: Ignore kernel-redhat %posttrans scripts by @jlebon in #4386

• rust: Bump various crates && rust: Bump dependabot PR limit to 6 by @cgwalters in #4385

• upgrade: Split output lines for stored versus to-fetch by @cgwalters in #4394

• build(deps): bump serde from 1.0.160 to 1.0.162 by @dependabot in #4396

• build(deps): bump libc from 0.2.142 to 0.2.143 by @dependabot in #4395

• build(deps): bump rust-ini from 0.18.0 to 0.19.0 by @dependabot in #4397

• useradd: Add -M/--no-create-home by @cgwalters in #4399

• output: More daemon-side progress debugging by @cgwalters in #4402

• man/rpm-ostree: Document status switches by @jlebon in #4413

• client: Print when we're attaching to an existing transaction by @cgwalters in #4398

• tests: Drop ex from initramfs-etc by @cgwalters in #4406

• daemon: Add logging for invocations of non-txn methods by @cgwalters in #4404

• build(deps): bump serde from 1.0.162 to 1.0.163 by @dependabot in #4409

• tests/container: Update package fixtures to f38 by @cgwalters in #4414

• Regenerate cxx bindings by @cgwalters in #4416

• Release 2023.4 by @cgwalters in #4418

New Contributors

• @plata made their first contribution in #4380

Full Changelog: v2023.3...v2023.4

v2023.3

Notable changes this release:

Client

• New --enablerepo, --disablerepo, --setreleasever options on the cli. These allow
  users to enable specific repositories and set releasever when installing packages.

Daemon:

• Unconditionally authorize uid 0 first - unconditionally query the credentials via dbus-{daemon,broker} first, this should avoid errors that can occur if polkit isn't installed or running.

Colin Walters (13):
      main: Don't use timestamps and colors in tracing logs when running in systemd
      cached-sigs: Be compatible with `cosa build-fast`
      libtest: Hack around regression in journalctl
      tests/layering-fedorainfra: Bump to newer systemd
      core: Don't try to load rpm IMA sigs client side unless requested
      main: Don't write colors to non-ttys
      Bump tokio to 1.26
      daemon: Unconditionally authorize uid 0 first
      progress: Add more logging/tracing
      console: Also print which task is being overwritten
      build: Allow GLib 2.70, also `-Wno-error=deprecated-declarations`
      Cargo.lock: Bump many dependencies
      deny: Allow Unicode-DFS-2016

Jan Macku (2):
      ci: trigger `differential-shellcheck` workflow on `push`
      ci(fix): add missing permissions - `security-events`

Joseph Marrero (8):
      rust/src/scripts: ignore rt and automotive debug scripts.
      tests/vmcheck/test-override-kernel: account for kernel-modules-core
      treefile: Add enablerepo/disablerepo/setreleasever cli options
      treefile: cleanup enable_repo function
      test-container: Add test for enablerepo,disablerepo and releasever
      ci: Make sure cxx code is clang-formatted
      ci: Update tests for Fedora 38
      Release 2023.3

Timothée Ravier (1):
      docs: Use upstream theme & update to 0.4.1

Full Changelog: v2023.2...v2023.3

v2023.2

Notable changes this release:

Client

• New --compare-with-build option on the cli Uses the ostree container library to compare OCI compliant images.

Compose

• New --copy-retry-times option to specify the amount of times we retry when copying images fails.

Daemon:

• Support LockLayering=true configuration option that provides an easy way for a sysadmin to disable all package layering and initramfs customizations.
• Use a socket in /run, require non-abstract. The new glib changed to use non-abstract sockets by default, which broke us.

Colin Walters (11):
      Update ostree-ext, use version API
      compose/image: Add `--copy-retry-times`
      core: Add some more debugging and error info around repos
      treefile: Return `.` instead of `""` for parent directory
      ci: Stop using Fedora 32
      main: Drop deprecated `container-encapsulate` entrypoint
      Drop `ex-container` entrypoint
      daemon: Use a socket in `/run`, require non-abstract
      ci: Use `cosa kola` to properly set `ARTIFACT_DIR`
      spec: Add `Requires: /usr/bin/setpriv`
      Bump ostree-ext

Jonathan Lebon (1):
      Support `LockLayering=true` config knob

Joseph Marrero (1):
      rust/src/scripts.rs: ignore posttrans for kernel-rt-core

RishabhSaini (1):
      Add --compare-with-build to cli Uses the ostree container library to comapre OCI compliant images

Thorsten Leemhuis (1):
      docs: adjust to new location of kernel-vanilla-repos

Full Changelog: v2023.1...v2023.2

v2023.1

Client

• Log when a client joins an existing transaction.
• Fix local initramfs regeneration on systems composed with
  boot-location: new.
• Fix container flow in Turkish locales ( #4237 )

Compose

• Loosen lockfile semantics so that a missing locked package does not trigger
  an error unless the compose requires it.
• Drop support for locking by source packages.

Internals

• Update workflow actions to Fedora 37.
• Replace unmaintained actions-rs/toolchain with dtolnay/rust-toolchain.
• Add more error-prefixing in passwd, kernel, and cleanup-related paths.
• Add container-based upgrade test via Prow.

Benjamin Gilbert (2):
      workflows: update actions to current major versions
      workflows: replace actions-rs/toolchain with dtolnay/rust-toolchain

Colin Walters (8):
      ci: Add infrastructure for use with Prow upgrade testing
      passwd: Add various error prefixing
      sysroot: Log when client joins an existing transaction
      Update to ostree-ext 0.10.4
      tests/upgrades: Disable zincati
      Add a `try_fail_point!` macro and use it in more places
      kernel: Add some error prefixing
      cleanup: Add some error prefixing

Jonathan Lebon (11):
      core: Disable modules earlier
      core: Allow lockfiles to reference missing package names
      libpriv/kernel: fix kver parsing from vmlinuz in /boot and /usr/lib/ostree-boot
      .gitignore: add clangd-related files
      compose: Drop support for `source-packages` in lockfiles
      core: Further loosen lockfile handling
      Revert ".gitignore: add clangd-related files"
      Release 2023.1

2022.19

What's Changed

• daemon: Add logging of sysroot load and locking times by @cgwalters in #4219
• client: Add some more error prefixing by @cgwalters in #4221
• encapsulate: Add --copymeta-opt by @cgwalters in #4222
• Two minor staticanalysis fixes by @cgwalters in #4225
• docs/rebase: Document rebasing to a container image by @cgwalters in #4223
• client: Bump most dbus method timeouts to 5 minutes by @cgwalters in #4224
• build(deps): bump libdnf from e4452b1 to 82c59ef by @dependabot in #4229
• build(deps): bump serde from 1.0.148 to 1.0.151 by @dependabot in #4231
• build(deps): bump envsubst from 0.2.0 to 0.2.1 by @dependabot in #4232
• sysroot: Fix conflicting authentication options && build: Release 2022.19 by @cgwalters in #4233

Full Changelog: v2022.18...v2022.19

2022.18

What's Changed

• Finish porting to cap-std by @cgwalters in #4212
• packaging: Upgrade skopeo to a requirement by @cgwalters in #4211
• A few CI updates by @cgwalters in #4210
• ci: Verify package layering across upgrades by @cgwalters in #4217
• Print message when rpm-ostree initramfs --disable is run by @kenneth-dsouza in #4216
• Update to cap-std-ext 1.0.2 by @cgwalters in #4218
• Release 2022.18 by @cgwalters in #4220

New Contributors

• @kenneth-dsouza made their first contribution in #4216

Full Changelog: v2022.17...v2022.18

2022.17

This pulls in several notable fixes for the container flow
around image garbage collection.

Aside from that there's some cleanup to the initramfs
and initramfs-etc commands, a few documentation tweaks
and internal improvements.

Alessandro Di Stefano (1):
      Fix the treefiles reference link in ex-rebuild.md

Colin Walters (19):
      container-encapsulate: Format errors correctly
      composepost: Port symlink generation to cap-std
      composepost: Port rpmdb hardlinking to cap-std
      composepost: Handle existing absolute symlinks
      cxxrsutil: Drop use of `&mut` in `gobj_wrap()`
      Prune container image layers during cleanup too
      Update to ostree-ext 0.10, glib 0.16, cap-std 1.0
      sysroot: Centralize layer prune + logging
      lockfile: Port to non-deprecated chrono APIs
      upgrader: Can't currently check-only in container flow
      upgrade: Make image pruning idempotent
      override: Honor `--install` in container case too
      docs: Document registry auth
      composepost: Port selinux timestamp tweaks to cap-std
      README.md: More clearly link to container bits
      Use default `all` rule for bindings
      daemon: Make failure to query base image non-fatal
      Update to ostree-ext 0.10.1
      Release 2022.17

Jonathan Lebon (7):
      packaging/spec: Upstream "Disable LTO on 32 bits"
      packaging/spec: Drop el8-specific block
      docs: Make clearer that `initramfs --enable` involves dracut
      man: drop `ex` prefix on initramfs-etc command
      man: move `initramfs-etc` to right after `initramfs`
      man: mention `initramfs-etc` in `initramfs` docs
      app: Make `initramfs-etc` help string more explicit

Joseph Marrero (1):
      cliwrap/kernel_install: use original systemctl when running dracut

Luca BRUNO (1):
      importer: fix translation of top directories

dependabot[bot] (11):
      build(deps): bump futures from 0.3.24 to 0.3.25
      build(deps): bump cxx from 1.0.79 to 1.0.82
      build(deps): bump libc from 0.2.135 to 0.2.137
      build(deps): bump serde_json from 1.0.87 to 1.0.89
      build(deps): bump rayon from 1.5.3 to 1.6.0
      build(deps): bump serde from 1.0.147 to 1.0.148
      build(deps): bump chrono from 0.4.22 to 0.4.23
      build(deps): bump cxx-build from 1.0.81 to 1.0.83
      build(deps): bump indicatif from 0.17.1 to 0.17.2
      build(deps): bump rustix from 0.36.4 to 0.36.5
      build(deps): bump openssl from 0.10.42 to 0.10.44

-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAg5CRAd4pqfdf6DWMgvDhrcq1x8Q
gQPSQHIoZaiiRTt68AAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQD49w7kXNafZSiQJIcmKNYfvPfme48c/GqcA+unajguEpGUYcmOw41r+G+a5CcsNB8
n6kzgDJKcHL6uL5C9GJgE=
-----END SSH SIGNATURE-----