Simon McVittie [Tue, 26 Mar 2024 16:15:22 +0000 (16:15 +0000)]
Make fast forward from 2024.4-1
[dgit --quilt=unapplied]
Simon McVittie [Thu, 26 Oct 2023 10:26:04 +0000 (11:26 +0100)]
Skip test-admin-deploy-uboot.sh on s390x
It fails on a porterbox. ostree hard-codes zipl to be used on s390x,
so it's reasonable that tests for other bootloaders might not work.
Bug: https://github.com/ostreedev/ostree/issues/3086
Forwarded: no
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-test-admin-deploy-uboot.sh-on-s390x.patch
Simon McVittie [Tue, 6 Dec 2022 10:59:33 +0000 (10:59 +0000)]
test-sysroot: Skip on s390x by default
This test regularly fails on the buildds, but I cannot reproduce the
failure on a porterbox.
Bug: https://github.com/ostreedev/ostree/issues/2527
Bug-Debian: https://bugs.debian.org/
1025532
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name test-sysroot-Skip-on-s390x-by-default.patch
Simon McVittie [Mon, 30 Jul 2018 15:51:01 +0000 (16:51 +0100)]
Skip test-pull-repeated during CI
This test is expected to fail a small proportion of the time. During
the build of ostree 2018.7-1 in Debian, it seems we were unlucky on
s390x. Non-deterministic tests are also problematic for autopkgtest,
where they can gate migration of our dependencies like GLib, so skip
this test unless the caller has opted-in to non-deterministic tests.
It would be appropriate to enable this test in environments where
failures can easily be retried and are not disruptive to other
packages.
Signed-off-by: Simon McVittie <smcv@debian.org>
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-test-pull-repeated-during-CI.patch
Simon McVittie [Tue, 26 Mar 2024 16:15:29 +0000 (16:15 +0000)]
Release to unstable
Simon McVittie [Sun, 24 Mar 2024 14:14:36 +0000 (14:14 +0000)]
New upstream release
Simon McVittie [Sun, 24 Mar 2024 14:12:22 +0000 (14:12 +0000)]
Update upstream source from tag 'upstream/2024.5'
Update to upstream version '2024.5'
with Debian dir
5af8e83a565e95da9d0bc4a1e29070e1b166e942
Simon McVittie [Sun, 24 Mar 2024 14:12:10 +0000 (14:12 +0000)]
New upstream version 2024.5
Colin Walters [Thu, 14 Mar 2024 13:46:17 +0000 (09:46 -0400)]
Release 2024.5
Colin Walters [Wed, 13 Mar 2024 20:05:23 +0000 (16:05 -0400)]
Merge pull request #3214 from cgwalters/checkout-overwrite-force
checkout: Always replace existing content with overlay mode
Colin Walters [Wed, 13 Mar 2024 16:50:28 +0000 (12:50 -0400)]
checkout: Always replace existing content in overlay mode
The combination of the "honor whiteout" and "union" flags
are intended to basically be "merge trees like overlayfs does".
But we were missing this case in order to support e.g. replacing
a symlink with a directory.
Jonathan Lebon [Wed, 13 Mar 2024 17:24:27 +0000 (13:24 -0400)]
Merge pull request #3213 from rborn-tx/fix-early-prune
Rogerio Guerra Borin [Tue, 12 Mar 2024 20:02:58 +0000 (17:02 -0300)]
deploy: Ensure boot directory is open before accessing it
This fixes a bug in the (early) deployment pruning function which before
tried to access the boot directory without opening it first.
Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Huijing Hei [Mon, 11 Mar 2024 01:59:43 +0000 (09:59 +0800)]
Merge pull request #3208 from HuijingHei/split-whitespace
kargs: parse spaces in kargs input and keep quotes
HuijingHei [Mon, 4 Mar 2024 02:44:42 +0000 (10:44 +0800)]
kargs: parse spaces in kargs input and keep quotes
According to Jonathan's suggestion, should fix the code from
ostree repo.
With this patch:
- kargs input like "init_on_alloc=1 init_on_free=1", will be
parsed as 2 seperated args `init_on_alloc=1` and `init_on_free=1`,
instead of whole;
- According to https://www.kernel.org/doc/html/v4.14/admin-guide/kernel-parameters.html,
need to keep spaces in double-quotes, like `param="spaces in here"`
will be parsed as whole instead of 3.
Fixes https://github.com/coreos/rpm-ostree/issues/4821
Simon McVittie [Thu, 7 Mar 2024 10:54:39 +0000 (10:54 +0000)]
Release to unstable
Simon McVittie [Thu, 7 Mar 2024 10:54:27 +0000 (10:54 +0000)]
Make fast forward from 2024.3-1
[dgit --quilt=unapplied]
Simon McVittie [Thu, 26 Oct 2023 10:26:04 +0000 (11:26 +0100)]
Skip test-admin-deploy-uboot.sh on s390x
It fails on a porterbox. ostree hard-codes zipl to be used on s390x,
so it's reasonable that tests for other bootloaders might not work.
Bug: https://github.com/ostreedev/ostree/issues/3086
Forwarded: no
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-test-admin-deploy-uboot.sh-on-s390x.patch
Simon McVittie [Tue, 6 Dec 2022 10:59:33 +0000 (10:59 +0000)]
test-sysroot: Skip on s390x by default
This test regularly fails on the buildds, but I cannot reproduce the
failure on a porterbox.
Bug: https://github.com/ostreedev/ostree/issues/2527
Bug-Debian: https://bugs.debian.org/
1025532
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name test-sysroot-Skip-on-s390x-by-default.patch
Simon McVittie [Mon, 30 Jul 2018 15:51:01 +0000 (16:51 +0100)]
Skip test-pull-repeated during CI
This test is expected to fail a small proportion of the time. During
the build of ostree 2018.7-1 in Debian, it seems we were unlucky on
s390x. Non-deterministic tests are also problematic for autopkgtest,
where they can gate migration of our dependencies like GLib, so skip
this test unless the caller has opted-in to non-deterministic tests.
It would be appropriate to enable this test in environments where
failures can easily be retried and are not disruptive to other
packages.
Signed-off-by: Simon McVittie <smcv@debian.org>
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-test-pull-repeated-during-CI.patch
Simon McVittie [Thu, 7 Mar 2024 10:54:24 +0000 (10:54 +0000)]
Drop non-Debian-specific patches, applied upstream
Eric Curtin [Thu, 7 Mar 2024 10:53:56 +0000 (10:53 +0000)]
Merge pull request #3206 from cgwalters/enable-new-naming
sysroot: Turn on bootloader-naming-2 by default
Simon McVittie [Thu, 7 Mar 2024 10:53:43 +0000 (10:53 +0000)]
New upstream release
Simon McVittie [Thu, 7 Mar 2024 10:20:07 +0000 (10:20 +0000)]
Update upstream source from tag 'upstream/2024.4'
Update to upstream version '2024.4'
with Debian dir
b9e25d3c7dffe9b8ede2740a65ae4be2c3fe0679
Simon McVittie [Thu, 7 Mar 2024 10:19:59 +0000 (10:19 +0000)]
New upstream version 2024.4
Colin Walters [Wed, 28 Feb 2024 14:40:34 +0000 (09:40 -0500)]
sysroot: Turn on bootloader-naming-2 by default
I think it's about time we flipped this on by default;
like the bootprefix I was a bit too chicken. We still have
a `bootloader-naming-1` that can be flipped on in case of
some regression.
Closes: https://github.com/ostreedev/ostree/issues/2961
Colin Walters [Tue, 27 Feb 2024 21:00:29 +0000 (16:00 -0500)]
Merge pull request #3205 from cgwalters/fix-grub-probing
bootloader/grub2: Don't do anything if we have static configs
Colin Walters [Tue, 27 Feb 2024 18:14:16 +0000 (13:14 -0500)]
bootloader/grub2: Don't do anything if we have static configs
This builds on top of https://github.com/coreos/bootupd/pull/609/commits/
fa9924e4fe403c3751392c041cd98614a2cc3611
(But in a very hacky way because we don't currently link to a JSON library)
Basically, bootupd supports injecting static configs, and this
is the currently least hacky way for us to detect this and understand
that we shouldn't try to run `grub2-mkconfig`.
A further patch I'd like to do here is also change the probing
logic to gracefully no-op if `grub2-mkconfig` doesn't exist,
but that has a bit more risk and involvement.
Colin Walters [Tue, 27 Feb 2024 18:03:45 +0000 (13:03 -0500)]
Merge pull request #3204 from cgwalters/quiet-config-load
otcore: Drop config load print
Colin Walters [Tue, 27 Feb 2024 17:24:35 +0000 (12:24 -0500)]
Merge pull request #3203 from dbnicholson/version-sigpipe
main: Ignore SIGPIPE when printing version
Colin Walters [Tue, 27 Feb 2024 15:59:02 +0000 (10:59 -0500)]
otcore: Drop config load print
Now that we're using `otcore_load_config` from the deploy
path we end up printing to stdout even for API callers (e.g.
our own CLI tools, and rpm-ostree/bootc/etc) which is wrong.
We don't need this print, so just drop it.
Dan Nicholson [Tue, 27 Feb 2024 15:41:46 +0000 (08:41 -0700)]
main: Ignore SIGPIPE when printing version
In order to do a runtime feature check, `ostree --version` can be piped
to `grep` or similar. However, if the read end of the pipe doesn't read
all of the output, `ostree` will receive `SIGPIPE` when trying to write
output. Ignore it so that `ostree` still exits successfully in that
case.
Colin Walters [Sun, 25 Feb 2024 15:45:12 +0000 (10:45 -0500)]
Merge pull request #3196 from cgwalters/fix-sepolicy-public
sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled
Timothée Ravier [Sat, 24 Feb 2024 15:45:37 +0000 (16:45 +0100)]
Merge pull request #3199 from travier/docs-fix
docs: Move SPDX identifiers under first title
Timothée Ravier [Sat, 24 Feb 2024 15:37:48 +0000 (16:37 +0100)]
docs: Cleanup title for historical OSTree README
Timothée Ravier [Sat, 24 Feb 2024 15:36:23 +0000 (16:36 +0100)]
docs: Move SPDX identifiers under first title
Having a comment right before the first title apparently confuses
Jekyll.
Fixes: https://github.com/ostreedev/ostree/pull/3185
Colin Walters [Fri, 23 Feb 2024 21:21:11 +0000 (16:21 -0500)]
Merge pull request #3197 from cgwalters/release
Release 2024.4
Colin Walters [Fri, 23 Feb 2024 18:02:42 +0000 (13:02 -0500)]
sepolicy: Fix publicity mismatch for ostree_sepolicy_host_enabled
As this is only used by internal code, just drop the `_OSTREE_PUBLIC`
marker for now. If we have a reason to export it we can do that
later.
Closes: https://github.com/ostreedev/ostree/issues/3182
Colin Walters [Fri, 23 Feb 2024 18:45:37 +0000 (13:45 -0500)]
Post-release version bump
Colin Walters [Fri, 23 Feb 2024 18:45:21 +0000 (13:45 -0500)]
Release 2024.4
Jonathan Lebon [Fri, 23 Feb 2024 16:30:00 +0000 (11:30 -0500)]
Merge pull request #3195 from ericcurtin/pr3192_comments
Eric Curtin [Thu, 22 Feb 2024 18:15:09 +0000 (18:15 +0000)]
sysroot: Reword comment and use gboolean over bool, error handling
Be more explicit in the comment, and use gboolean over bool. Less header
inclusions when we use gboolean. Although bool is used in some places.
Write a separate _ostree_sysroot_parse_bootlink_aboot function for
aboot. Make is_aboot optional. Handle invalid androidboot karg and no
ostree and androidboot kargs differently.
Co-authored-by: Jonathan Lebon <jonathan@jlebon.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Eric Curtin [Thu, 22 Feb 2024 17:06:19 +0000 (17:06 +0000)]
Merge pull request #3192 from ericcurtin/ostree-impl-system-generator-aboot
generator: Fixes for Android Boot environment
Joseph Marrero Corchado [Thu, 22 Feb 2024 16:25:41 +0000 (11:25 -0500)]
Merge pull request #3194 from alexlarsson/composefs-no-hotfix
prepare-root: Disallow hotfixes if using signed composefs images
Huijing Hei [Thu, 22 Feb 2024 13:44:57 +0000 (21:44 +0800)]
Merge pull request #3185 from travier/main-docs-spdx-fixes
Docs fixes & SPDX identifiers uniformisation
Alexander Larsson [Thu, 22 Feb 2024 11:10:41 +0000 (12:10 +0100)]
prepare-root: Disallow hotfixes if using signed composefs images
As mentioned in https://github.com/ostreedev/ostree/issues/3187, we
can't allow a hotfix overlay of /usr when using signed composefs
images as that would allow an attacker to persist something used
across boots.
Eric Curtin [Wed, 21 Feb 2024 16:02:08 +0000 (16:02 +0000)]
generator: Fixes for Android Boot environment
In Android Boot environment we do not parse ostree= karg to determine
what directory to boot into, alternatively we do this based on the
androidboot.slot_suffix= karg. But we do set ostree=true karg to denote
that we are indeed booting an ostree environment (required for some
systemd unit files). This change accounts for this approach in the
systemd generator. In this case androidboot.slot_suffix= points you to
/ostree/root.[a|b] and then that points you to the directory to boot
into in /ostree/deploy... Here is what a cmdline may look like in this
type of environment:
androidboot.slot_suffix=_a androidboot.bootdevice=*.ufshc root=PARTLABEL=system_a root=UUID=
76a22bf4-f153-4541-b6c7-
0332c0dfaeac rw ostree=true loglevel=4 acpi=off console=ttyAMA0 systemd.show_status=auto libahci.ignore_sss=1 slub_debug=FPZ fsck.mode=skip rcupdate.rcu_normal_after_boot=0 rcupdate.rcu_expedited=1
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Joseph Marrero Corchado [Wed, 21 Feb 2024 12:53:32 +0000 (07:53 -0500)]
Merge pull request #3186 from rborn-tx/amend-ms-shared-comment
ostree-prepare-root: Amend comment about shared mounts
Eric Curtin [Wed, 21 Feb 2024 12:34:09 +0000 (12:34 +0000)]
Merge pull request #3189 from alexlarsson/composefs-config-with-no-key
deploy: Don't fail if loading composefs configuration fails due to mi…
Alexander Larsson [Wed, 21 Feb 2024 09:16:31 +0000 (10:16 +0100)]
deploy: Don't fail if loading composefs configuration fails due to missing keys
When we load the configuration during deploy we don't need to actually
use the keys, so avoid loading them. This fixes an issue we had where
this broke the initial deploy becasue of a failure to load the key. In
our case it fails because the code looks for the config file in the
deploy dir, but then for the binding key in the real root.
However, even if it were to look for the key in the deploy dir I don't
think it necessarily has to be in the rootfs, it could be only in the
initrd.
This fixes https://github.com/ostreedev/ostree/issues/3188
Jonathan Lebon [Wed, 21 Feb 2024 03:29:56 +0000 (22:29 -0500)]
Merge pull request #3184 from smcv/issue3183
Rogerio Guerra Borin [Tue, 20 Feb 2024 17:50:35 +0000 (14:50 -0300)]
ostree-prepare-root: Amend comment about shared mounts
Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
Timothée Ravier [Tue, 20 Feb 2024 16:08:24 +0000 (17:08 +0100)]
README & docs: Sync README and docs index page
Timothée Ravier [Tue, 20 Feb 2024 16:04:44 +0000 (17:04 +0100)]
docs: Misc whitespace fixes
Timothée Ravier [Tue, 20 Feb 2024 16:04:01 +0000 (17:04 +0100)]
docs: Consistently use SPDX identifiers
Standardize on a single SPDX identifier in a comment at the top.
Simon McVittie [Mon, 19 Feb 2024 16:13:10 +0000 (16:13 +0000)]
Release to unstable
Simon McVittie [Mon, 19 Feb 2024 21:02:32 +0000 (21:02 +0000)]
Make fast forward from 2024.2-1
[dgit --quilt=unapplied]
Simon McVittie [Thu, 26 Oct 2023 10:26:04 +0000 (11:26 +0100)]
Skip test-admin-deploy-uboot.sh on s390x
It fails on a porterbox. ostree hard-codes zipl to be used on s390x,
so it's reasonable that tests for other bootloaders might not work.
Bug: https://github.com/ostreedev/ostree/issues/3086
Forwarded: no
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-test-admin-deploy-uboot.sh-on-s390x.patch
Simon McVittie [Tue, 6 Dec 2022 10:59:33 +0000 (10:59 +0000)]
test-sysroot: Skip on s390x by default
This test regularly fails on the buildds, but I cannot reproduce the
failure on a porterbox.
Bug: https://github.com/ostreedev/ostree/issues/2527
Bug-Debian: https://bugs.debian.org/
1025532
Forwarded: not-needed
Gbp-Pq: Topic debian
Gbp-Pq: Name test-sysroot-Skip-on-s390x-by-default.patch
Simon McVittie [Mon, 30 Jul 2018 15:51:01 +0000 (16:51 +0100)]
Skip test-pull-repeated during CI
This test is expected to fail a small proportion of the time. During
the build of ostree 2018.7-1 in Debian, it seems we were unlucky on
s390x. Non-deterministic tests are also problematic for autopkgtest,
where they can gate migration of our dependencies like GLib, so skip
this test unless the caller has opted-in to non-deterministic tests.
It would be appropriate to enable this test in environments where
failures can easily be retried and are not disruptive to other
packages.
Signed-off-by: Simon McVittie <smcv@debian.org>
Gbp-Pq: Topic debian
Gbp-Pq: Name Skip-test-pull-repeated-during-CI.patch
Simon McVittie [Mon, 19 Feb 2024 13:04:14 +0000 (13:04 +0000)]
test-admin-deploy-var: Don't rely on OSTREE_FEATURES
This is set during build-time testing, but unset during "as-installed"
tests.
Bug: https://github.com/ostreedev/ostree/issues/3183
Signed-off-by: Simon McVittie <smcv@debian.org>
Forwarded: https://github.com/ostreedev/ostree/pull/3184
Gbp-Pq: Name test-admin-deploy-var-Don-t-rely-on-OSTREE_FEATURES.patch
Simon McVittie [Mon, 19 Feb 2024 16:07:13 +0000 (16:07 +0000)]
tests: Use skip_without_ostree_feature to detect libarchive, composefs
This avoids false negatives from `ostree --version | grep -q ...`
exiting with failure under `set -o pipefail` because `grep -q` can exit
as soon as it sees the desired string, leaving `ostree --version` to be
terminated by `SIGPIPE` next time it writes to stdout.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Forwarded: https://github.com/ostreedev/ostree/pull/3184
Gbp-Pq: Name tests-Use-skip_without_ostree_feature-to-detect-libarchiv.patch
Simon McVittie [Mon, 19 Feb 2024 15:57:51 +0000 (15:57 +0000)]
tests: Generalize has_gpgme, has_sign_ed25519 into has_ostree_feature
Signed-off-by: Simon McVittie <smcv@collabora.com>
Forwarded: https://github.com/ostreedev/ostree/pull/3184
Gbp-Pq: Name tests-Generalize-has_gpgme-has_sign_ed25519-into-has_ostr.patch
Simon McVittie [Mon, 19 Feb 2024 14:06:59 +0000 (14:06 +0000)]
Update changelog
Simon McVittie [Mon, 19 Feb 2024 13:06:20 +0000 (13:06 +0000)]
Add proposed patches to fix an autopkgtest failure
Simon McVittie [Mon, 19 Feb 2024 13:04:14 +0000 (13:04 +0000)]
test-admin-deploy-var: Don't rely on OSTREE_FEATURES
This is set during build-time testing, but unset during "as-installed"
tests.
Resolves: https://github.com/ostreedev/ostree/issues/3183
Signed-off-by: Simon McVittie <smcv@debian.org>
Simon McVittie [Mon, 19 Feb 2024 16:07:13 +0000 (16:07 +0000)]
tests: Use skip_without_ostree_feature to detect libarchive, composefs
This avoids false negatives from `ostree --version | grep -q ...`
exiting with failure under `set -o pipefail` because `grep -q` can exit
as soon as it sees the desired string, leaving `ostree --version` to be
terminated by `SIGPIPE` next time it writes to stdout.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Simon McVittie [Mon, 19 Feb 2024 15:57:51 +0000 (15:57 +0000)]
tests: Generalize has_gpgme, has_sign_ed25519 into has_ostree_feature
Signed-off-by: Simon McVittie <smcv@collabora.com>
Eric Curtin [Mon, 19 Feb 2024 14:37:37 +0000 (14:37 +0000)]
Merge pull request #3176 from travier/docs-dependabot-update
workflow/docs: Update to actions/checkout@v4 & dependabot: Update github-actions weekly
Colin Walters [Mon, 19 Feb 2024 14:36:58 +0000 (09:36 -0500)]
Merge pull request #3181 from ericcurtin/mention-rhivos
README: Add Red Hat In-Vehicle Operating System
Simon McVittie [Mon, 19 Feb 2024 12:09:17 +0000 (12:09 +0000)]
New upstream release
Simon McVittie [Mon, 19 Feb 2024 12:07:11 +0000 (12:07 +0000)]
Update upstream source from tag 'upstream/2024.3'
Update to upstream version '2024.3'
with Debian dir
bb7dc64231828fe3640e3f96f871592718d6a1c8
Simon McVittie [Mon, 19 Feb 2024 12:07:03 +0000 (12:07 +0000)]
New upstream version 2024.3
Eric Curtin [Sat, 17 Feb 2024 17:12:19 +0000 (17:12 +0000)]
README: Add Red Hat In-Vehicle Operating System
RHIVOS is a derivative of CentOS Automotive Stream Distribution that
uses OSTree, it's closest Fedora derivative is Fedora IoT although it
was created as it's own distribution.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Colin Walters [Fri, 16 Feb 2024 17:10:09 +0000 (12:10 -0500)]
Merge pull request #3180 from teythoon/justus/long-key-ids
tests: Use long key IDs, I found another one
Colin Walters [Fri, 16 Feb 2024 16:12:03 +0000 (11:12 -0500)]
Merge pull request #3179 from ericcurtin/additional-docs-dependancy
docs: Add webrick dependancy for building site locally
Justus Winter [Fri, 16 Feb 2024 15:23:49 +0000 (16:23 +0100)]
tests: Use long key IDs
Short key IDs are not secure, and may be rejected by OpenPGP
implementations. See https://evil32.com/
Signed-off-by: Justus Winter <justus@sequoia-pgp.org>
Colin Walters [Fri, 16 Feb 2024 14:06:27 +0000 (09:06 -0500)]
Merge pull request #3178 from teythoon/justus/long-key-ids
tests: Use long key IDs
Eric Curtin [Fri, 16 Feb 2024 13:00:10 +0000 (13:00 +0000)]
docs: Add webrick dependancy for building site locally
This mimics the GitHub Pages environment so that you can build and serve
the site locally for testing. It requires webrick these days.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Justus Winter [Fri, 16 Feb 2024 12:33:21 +0000 (13:33 +0100)]
tests: Use long key IDs
Short key IDs are not secure, and may be rejected by OpenPGP
implementations. See https://evil32.com/
Signed-off-by: Justus Winter <justus@sequoia-pgp.org>
Timothée Ravier [Thu, 15 Feb 2024 15:20:33 +0000 (16:20 +0100)]
dependabot: Update github-actions weekly
Timothée Ravier [Thu, 15 Feb 2024 15:18:32 +0000 (16:18 +0100)]
workflow/docs: Update to actions/checkout@v4
Colin Walters [Thu, 15 Feb 2024 14:34:27 +0000 (09:34 -0500)]
Merge pull request #3175 from cgwalters/rofiles-fuse-statx
rofiles-fuse: Check fsverity flag for copyup
Colin Walters [Thu, 15 Feb 2024 13:07:40 +0000 (08:07 -0500)]
rofiles-fuse: Remove unused parameter
The logic simplified, so we don't need it anymore.
Colin Walters [Thu, 15 Feb 2024 01:33:17 +0000 (20:33 -0500)]
rofiles-fuse: Check fsverity flag for copyup
We need to do a copyup if fsverity is enabled.
Sadly to do this we can't just use ostree_break_hardlink
as is.
Colin Walters [Thu, 15 Feb 2024 01:32:55 +0000 (20:32 -0500)]
rofiles-fuse: Port to statx
This allows us to query fsverity efficiently.
Colin Walters [Wed, 14 Feb 2024 00:27:25 +0000 (19:27 -0500)]
Merge pull request #3172 from cgwalters/release
Release 2024.3
Colin Walters [Tue, 13 Feb 2024 17:46:07 +0000 (12:46 -0500)]
Release 2024.3
Colin Walters [Tue, 13 Feb 2024 17:46:49 +0000 (12:46 -0500)]
Post-release version bump
Colin Walters [Tue, 13 Feb 2024 22:25:26 +0000 (17:25 -0500)]
Merge pull request #3173 from cgwalters/transient-root-really-transient
prepare-root: Switch to a tmpfs for transient root
Colin Walters [Tue, 13 Feb 2024 20:41:35 +0000 (15:41 -0500)]
prepare-root: Switch to a tmpfs for transient root
We're debating this over in https://github.com/CentOS/centos-bootc-dev/pull/27
and I have come to the conclusion that having changes to `/`
persist across reboot by default was a bad idea.
- It conflicts with any kind of secure boot scenario
- Having things only go away on upgrades is in some ways even *more* surprising
- The term `transient` implies this
There may be a use case in the future for having something like `root.transient = persistent`,
but this is just a better default.
Signed-off-by: Colin Walters <walters@verbum.org>
Colin Walters [Tue, 13 Feb 2024 17:40:13 +0000 (12:40 -0500)]
Merge pull request #3171 from ericcurtin/docs-alternate-rollbacks
docs/atomic-rollbacks: Add a section on rollbacks
Eric Curtin [Tue, 13 Feb 2024 10:39:20 +0000 (10:39 +0000)]
docs/atomic-rollbacks: Add a section on rollbacks
Describing how different types of rollbacks work.
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
Colin Walters [Tue, 13 Feb 2024 09:21:21 +0000 (04:21 -0500)]
Merge pull request #3170 from cgwalters/prepare-root-fix
prepare-root: Unify root.transient with composefs
Colin Walters [Mon, 12 Feb 2024 23:33:30 +0000 (18:33 -0500)]
Merge pull request #3168 from cgwalters/drop-tmpfiles-var
Drop tmpfiles var
Colin Walters [Mon, 12 Feb 2024 22:24:10 +0000 (17:24 -0500)]
prepare-root: Unify root.transient with composefs
First, I was totally wrong and composefs handles being passed
an upperdir itself, we don't need to stack overlayfs.
Next, there's really no reason to support `root.transient`
*without* a backing composefs. The legacy ostree bind mount
and readonly `/usr` is just that - legacy.
Finally, we actually *must* do this to enable both composefs
and transient root, because the prepare-root flow assumes
that it just needs to `MS_MOVE` a *single* mount for the root,
not a stack.
Colin Walters [Mon, 12 Feb 2024 21:54:09 +0000 (16:54 -0500)]
prepare-root: Add missing newline
This is ugly in the output.
Colin Walters [Mon, 12 Feb 2024 19:27:15 +0000 (14:27 -0500)]
Merge pull request #3169 from rborn-tx/support-older-linux-headers
Expose MOUNT_ATTR_IDMAP detection result to C code
Colin Walters [Mon, 12 Feb 2024 16:59:39 +0000 (11:59 -0500)]
docs/var: Update for latest
This reorients things here around the latest `VOLUME /var` approach.
Colin Walters [Mon, 12 Feb 2024 16:50:50 +0000 (11:50 -0500)]
ostree-tmpfiles.conf: Drop `var` entry
We are backing away from this semantic, and moving towards
`/var` only being initialized at initial provisioning.
projects / ostree.git / log