Release v2022.13: Release 2022.13 · cgwalters/rpm-ostree

v2022.13
ea5e9b6
Verified

This tag was signed with the committer’s verified signature.

cgwalters Colin Walters

GPG key ID: DC45FD5921C13F0B

Verified
Learn about vigilant mode
Compare

Choose a tag to compare

Loading

View all tags
v2022.13: Release 2022.13
v2022.13
ea5e9b6
Compare

Choose a tag to compare

Loading

View all tags
Verified

This tag was signed with the committer’s verified signature.

cgwalters Colin Walters

GPG key ID: DC45FD5921C13F0B

Verified
Learn about vigilant mode
cgwalters tagged this 27 Aug 17:20
<h3>Client</h3>

A major update in this release is that `rpm-ostree apply-live` is now
a stabilized interface.  There's a lot more to do to enhance this;
among other things, we should (much like `dnf needs-restarting`)
help you find processes and services that should be restarted, but
the basic mechanics can be relied on here.

The `ex module` interface is still experimental, but now may be
used as part of container builds.

We now more cleanly handle the lack of polkit.

Some enhancements to the (not enabled by default) `yum/dnf` "personality"
landed; this is active when `cliwrap: true`.

There is now the first use of privilege separation in the daemon;
we use `DynamicUser=rpm-ostree` in the main `rpm-ostreed.service`,
and this unprivileged userid is used for forking off the
`skopeo` process to perform container image fetches.  This avoids
doing network requests (HTTP) as root.  Much more use of
privilege separation is planned.

There's a notable bugfix for service start speed on systems with
a lot of container mounts in `/var/lib/containers`.

<h3>Build/Compose</h3>

rpm-ostree has gained the ability to intercept and process `useradd`
and `groupadd` invocations run from RPM scripts; this will aid
synthesizing systemd `sysusers.d` fragments automatically.

The branch names of `ostree-layers` are now ignored when computing
the change checksum.

<h3>Internals</h3>

All unnecessary use of `Pin<&mut T>` in the Rust/C++ bridge is gone.
The ongoing conversion to the Rust cap-std crate continues.

```
Colin Walters (49):
      rust: Drop rustix linux_raw backend (and pre-generated `.a` files)
      container: Make `--format-version` properly optional
      dirdiff: Port to cap-std
      tests/encapsulate.sh: Explicitly test chunked encapsulation here
      packaging: Drop `gnome-common`
      ridiculous-rhel-devel-workaround: Try to replace all packages
      Enable `ex module` in a container
      polkit-agent: Don't print a warning if not installed
      cliwrap: Add -y option to yum/dnf
      treefile: `#[derive(Clone)]`
      build-sys: Switch to committing cxx.rs generated code
      Remove last uses of `Pin<&mut someglibtype>`
      lib: Add `deny(clippy::dbg_macro & todo)`
      rust: Fix single-character clippy lint
      rust: Fix clippy unnecessary ref lints
      rust: A few more misc clippy fixes
      rust: A few more misc clippy fixes
      rust: A few more misc clippy fixes
      rust: A few more misc clippy fixes
      rust: A few more misc clippy fixes
      rust/cxx: Fix clippy lint around use of `transmute`
      rust/treefile: Allow a clippy lint
      install: Add `-y/--assumeyes` option, prompt on tty by default
      ci: Add a clippy check
      yumdnf: Remove interception of --help and --version
      yumdnf: Add a `yum image rebase` subcommand
      Deprecate `ex-container` entrypoint (use `ostree container`)
      Move `container-encapsulate` under `compose`
      rust: Bump to ostree-ext 0.8.2
      tests/container-image: Use `--compression-fast`
      docs/container: Talk about `compose container-encapsulate`
      unit: Bump `TimeoutStartSec=5m`
      Stabilize `rpm-ostree apply live`
      scripts: Ignore filesystem.posttrans
      compose: Fix `container` to work again, add a test
      yumdnf: Make `yum install cowsay` just do it and not lecture
      rust/bwrap: Use cap-std
      Use `DynamicUser=yes` for main service, isolate container fetch
      Switch to `BindReadOnlyPaths` for `/var/lib/containers`
      build-sys: Stop generating systemd units
      Add an always-on `container` feature
      rust: Run `cargo clippy --fix`
      core: Ignore subdirectories of `/usr/lib/modules` without a kernel
      Fix tokio panic in legacy `rpm-ostree container-encapsulate` path
      Add `ex deploy-from-self`
      rust: Bump to ostree-ext 0.8.4
      tests: Use `--bootable` when generating derived commits
      treefile: Add generic metadata
      Release 2022.13

Jonathan Lebon (3):
      libpriv/kernel: Run dracut with `DRACUT_NO_MKNOD=1`
      app/status: Fix printing commits without rpmmd-repos metadata
      Add .git-blame-ignore-revs and seed with `clang-format` commit

Luca BRUNO (8):
      libpriv/core: overlay ostree content before running scriptlets
      core: wrap and intercept `groupadd` calls in scriptlets
      libpriv/scripts: inject pkgname in scriptlets environment
      core: wrap and intercept `useradd` calls in scriptlets
      builtins: properly mark a future incompatibility warning
      core: wrap and intercept `usermod` calls in scriptlets
      builtins/scriptlet_intercept: improve error paths
      builtins/scriptlet-intercept: misc tweaks and refinements

RishabhSaini (1):
      treefile: Exclude ostree_layer_names from checksum

dependabot[bot] (45):
      build(deps): bump phf from 0.10.1 to 0.11.0
      build(deps): bump cxx-build from 1.0.71 to 1.0.72
      build(deps): bump cxx from 1.0.71 to 1.0.72
      build(deps): bump serde_yaml from 0.8.25 to 0.8.26
      build(deps): bump tracing-subscriber from 0.3.14 to 0.3.15
      build(deps): bump reqwest from 0.11.4 to 0.11.11
      build(deps): bump clap from 3.2.8 to 3.2.14
      build(deps): bump libdnf from `eff7e68` to `6529773`
      build(deps): bump rustix from 0.35.6 to 0.35.7
      build(deps): bump nix from 0.24.1 to 0.24.2
      build(deps): bump serde from 1.0.138 to 1.0.140
      build(deps): bump serde_yaml from 0.8.26 to 0.9.2
      build(deps): bump tracing from 0.1.35 to 0.1.36
      build(deps): bump indicatif from 0.16.2 to 0.17.0 (+ new API port)
      build(deps): bump libglnx from `c59eb27` to `26375b5`
      build(deps): bump libc from 0.2.126 to 0.2.127
      build(deps): bump serde_json from 1.0.82 to 1.0.83
      build(deps): bump serde_yaml from 0.9.2 to 0.9.4
      build(deps): bump chrono from 0.4.19 to 0.4.20
      build(deps): bump indoc from 1.0.6 to 1.0.7
      build(deps): bump clap from 3.2.14 to 3.2.16
      build(deps): bump anyhow from 1.0.58 to 1.0.60
      build(deps): bump chrono from 0.4.20 to 0.4.21
      build(deps): bump phf from 0.11.0 to 0.11.1
      build(deps): bump cxx from 1.0.72 to 1.0.73
      build(deps): bump paste from 1.0.7 to 1.0.8
      build(deps): bump cxx-build from 1.0.72 to 1.0.73
      build(deps): bump serde from 1.0.140 to 1.0.143
      build(deps): bump camino from 1.0.9 to 1.1.1
      build(deps): bump chrono from 0.4.21 to 0.4.22
      build(deps): bump libdnf from `6529773` to `a361dab`
      build(deps): bump clap from 3.2.16 to 3.2.17
      build(deps): bump nix from 0.24.2 to 0.25.0
      build(deps): bump serde_yaml from 0.9.4 to 0.9.9
      build(deps): bump anyhow from 1.0.60 to 1.0.61
      build(deps): bump libc from 0.2.127 to 0.2.131
      build(deps): bump futures from 0.3.21 to 0.3.23
      build(deps): bump either from 1.7.0 to 1.8.0
      build(deps): bump once_cell from 1.13.0 to 1.13.1
      build(deps): bump anyhow from 1.0.61 to 1.0.62
      build(deps): bump libc from 0.2.131 to 0.2.132
      build(deps): bump serde_json from 1.0.83 to 1.0.85
      build(deps): bump serde from 1.0.143 to 1.0.144
      build(deps): bump libdnf from `a361dab` to `6744080`
      build(deps): bump rustix from 0.35.7 to 0.35.9
```

Git-EVTag-v0-SHA512: eb20de8ec592da61d697c85a9e39181fb02df689adf516988e574f12df94f55945623ecb764064339665bce8f9001b207c22cf8af4e52c4858397fe5c4f1d61a
Assets 2
Provide feedback

Saved searches

Use saved searches to filter your results more quickly
