Skip to content

2021.4
Compare
Choose a tag to compare
@cgwalters cgwalters released this 09 Sep 11:41
· 1917 commits to main since this release
v2021.4
This tag was signed with the committer’s verified signature.
cgwalters Colin Walters
GPG key ID: DC45FD5921C13F0B
Learn about vigilant mode.
09804f7
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

A fair set of minor bugfixes. Many fixes landed for bare-user-only (e.g. unprivileged flatpak) mode, and further work is forthcoming to ensure that ostree fsck for example also does the right thing.

There's a new public API to verify signatures outside of HTTP fetches, intended to be used for cases like the "ostree native container" bits in ostree-rs-ext. Related, there is now an API and CLI to enable "custom remotes".

ostree learned about OpenPGP Web Key Directory and there are more APIs to access remote GPG keys, in preparation for direct support for updating/rotating keys.

Several CI improvements landed, and minor static analyzer warnings were fixed.

The "deployment staging" model is now explicitly stabilized, and is fairly strongly recommended. In a future libostree release it is likely we will make it even easier to opt in to newer defaults such as staging and readonly sysroot.

Benjamin Gilbert (3):
      man: improve statoverride description
      workflows: bump lint toolchain
      workflows: limit permissions to reading repo contents

Buddelmann, Richard RB (1):
      repo-pull: legacy_transaction_resuming flag ignored

Colin Walters (10):
      lib: Change read_commit_detached_metadata to be nullable
      ci: Run main GH action CI build+test as non-root
      checkout: Save errno when re-throwing
      checkout: Also ignore xattrs for union in bare-user-only mode
      Add an API to verify a commit signature explicitly
      tests/basic: Skip --no-xattrs if we have selinux
      upgrade: Stabilize deployment staging
      Add support for "custom remotes"
      Release 2021.4
      configure: post-release version bump

Dan Nicholson (13):
      lib/repo: Factor out GPG verifier key imports
      lib/repo: Factor out GPG verifier preparation
      lib/repo: Allow preparing GPG verifier without global keyrings
      lib/repo: Add ostree_repo_remote_get_gpg_keys()
      bin/remote: Add list-gpg-keys subcommand
      libotutil: Import implementation of zbase32 encoding
      libotutil: Add helper for GPG WKD update URLs
      lib/repo: Include WKD update URLs in GPG key listing
      bin/remote: Include update URLs in list-gpg-keys
      fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys()
      fixup! bin/remote: Add list-gpg-keys subcommand
      fixup! lib/repo: Add ostree_repo_remote_get_gpg_keys()
      bin/remote: Rename list-gpg-keys to gpg-list-keys

Jonathan Lebon (3):
      lib/sign-dummy: Handle incorrect signatures correctly
      lib/sysroot: Fix error message about creating `/var/lib`
      ostree/dump: Fix free'ing a static string

Luca BRUNO (15):
      configure: post-release version bump
      builtins/commit: check for conflicting permissions options
      builtins/commit: move commit modifier to auto-cleanup
      lib/core/checksum: add flag to use canonical permissions
      lib/repo/checkout: use canonical perms in bare-user-only mode
      lib/commit: autofix permissions for bare-user-only
      lib/diff: ignore xattrs if disabled on either repos
      lib/diff: automatically skip xattrs in bare-user-only mode
      builtins/commit: set up relevant flags in bare-user-only mode
      lib/commit: automatically skip xattrs in bare-user-only mode
      tests: update several bare-user-only checks
      lib: improve transactions auto-cleanup logic
      libtest: tweak selinux/relabel message
      tests/basic: avoid changing ownership
      tests: skip a broken fsck case

Simon McVittie (1):
      tests: Unset SOURCE_DATE_EPOCH

刘建强 (1):
      fix: Avoid wild pointers
Assets 3
Loading