Commit Graph

175 Commits

Author SHA1 Message Date
Jonathan Lebon
71108521f6 Release 2019.5
I think we're in a good position now for FCOS enablement, and there are
a bunch of fixes we should get out, such as the zstd one.

Closes: #1875
Approved by: cgwalters
2019-07-24 16:04:36 +00:00
Jonathan Lebon
1ac29f25b7 Release 2019.4
It's been almost two months!

Closes: #1841
Approved by: cgwalters
2019-05-22 01:17:08 +00:00
Jonathan Lebon
b40e87f628 Release 2019.3
Time to get a new release out; it's been more than a month!

Closes: #1801
Approved by: cgwalters
2019-03-26 19:01:55 +00:00
Colin Walters
468ac72d6f Always enable dfd-over-dbus
Don't care about RHEL7 anymore, newer distributions have the SELinux
policy fix.

Closes: #1794
Approved by: jlebon
2019-03-25 13:46:29 +00:00
Colin Walters
ccc244879c build-sys: Always enable compose tooling
There's no reason to separate it anymore.

Closes: #1794
Approved by: jlebon
2019-03-25 13:46:29 +00:00
Colin Walters
8331e8069a build-sys: Drop support for ancient librpm
Here's where we stop caring about RHEL7's librpm.

Closes: #1794
Approved by: jlebon
2019-03-25 13:46:29 +00:00
Jonathan Lebon
6cdcd474b6 Makefile-libs.am: Work around g-ir-scanner issues with clang
Right now there's an issue in Fedora with `g-ir-scanner` picking up
`-fstack-clash-protection` from the `sysconfig` Python module and
passing it to `clang`, which doesn't understand this flag yet.

Just work around this by (1) not even building GIR bindings for our
bundled libdnf since there's no need, and (2) overridding the compiler
used by `g-ir-scanner` so it's always `gcc`.

See: https://github.com/projectatomic/rpm-ostree/pull/1787#issuecomment-473971585

Closes: #1787
Approved by: cgwalters
2019-03-19 12:19:38 +00:00
Jonathan Lebon
e90d0ed98e build: Move completions to /usr/share
rdgo is choking on this right now because, even though we added
`/usr/share/bash-completion` to the list of dirs to check in the spec
file[1], we don't have `bash-completion` installed in the buildroot, so
the `completionsdir` pkgconfig var isn't defined and we end up
defaulting to `/etc/bash_completion.d`.

el7's bash (not that it matters much now after #1785) is indeed new
enough to know that location. See also
https://github.com/ostreedev/ostree/pull/1083.

[1] https://src.fedoraproject.org/rpms/rpm-ostree/pull-request/30

Closes: #1786
Approved by: rfairley
2019-03-14 21:24:30 +00:00
Jonathan Lebon
b851d9dad2 build: Hook up bash completions
Follow-up to #1499. This is mostly based on
https://github.com/ostreedev/ostree/pull/1077.

Closes: #1772
Approved by: rfairley
2019-03-07 00:47:39 +00:00
Jonathan Lebon
97a60f90bd Release 2019.2
Let's get the SELinux fix out (#1754).

Closes: #1757
Approved by: cgwalters
2019-02-14 18:23:37 +00:00
Jonathan Lebon
7cceb35219 app/rebase: Support local repo remotes
Teach rpm-ostree to interpret rebases where the remote component is a
path to a local repo, e.g.:

    rpm-ostree rebase /mnt/ostree/repo:my/target/ref

Essentially, the local remote in this case is considered "ephemeral".
It's kind of the equivalent of, on traditional systems:

    dnf install --repofrompath repo,/path/to/repodata ...

The use case for this is in OpenShift v4, in which upgrades are done
from containers containing the OSTree commit. There, we want to point
RPM-OSTree directly at the repo in the mounted container and rebase to
the checksum.

For now, the option is marked experimental. One major reason for this is
that the way we pass the repo differs on RHEL7 vs other platforms. (See
comment block in `rpmostree-dbus-helpers.c` for details).

Related: https://github.com/openshift/machine-config-operator/issues/314

Co-authored-by: Colin Walters <walters@verbum.org>

Closes: #1732
Approved by: cgwalters
2019-02-05 18:03:02 +00:00
Jonathan Lebon
d9577618a1 Release 2019.1
Not a lot of changes, but a couple of important bugfixes.

Closes: #1736
Approved by: dustymabe
2019-01-21 17:54:25 +00:00
Jonathan Lebon
b889a51056 Release 2018.10
It's been a while and we have lots of goodies. Likely the last one
before the new year. 🎉

Closes: #1713
Approved by: cgwalters
2018-12-13 16:34:56 +00:00
Jonathan Lebon
2cc06ce89a configure.ac: Add "GitHub release" step to release workflow
Let's make use of the GitHub release feature to make it more prominent
on the "Releases" tab, but more importantly so that we can attach
vendored tarballs for downstreams. E.g. this will allow us to have a
correct `Source0` field in the Fedora spec file.

Related: #1683

Closes: #1684
Approved by: rfairley
2018-11-26 22:59:50 +00:00
Colin Walters
ef587b5c5b build-sys: Turn Rust LTO off by default, add --enable-lto flag
For us, this is primarily right now a size issue.  See:
https://internals.rust-lang.org/t/rust-staticlibs-and-optimizing-for-size/5746

For more information, there are these two issues:
https://github.com/rust-lang/cargo/issues/4349
https://bugzilla.mozilla.org/show_bug.cgi?id=1386371

The basic issue here is that a build with LTO off (and a trivial
change to add a `println!` takes 14s here, and with it on takes 38s.
However, with LTO off the stripped size of `librpmostree_rust.a` is
`6M`, with LTO on it's `1.1M`.

I named this `--enable-lto` as I'd like to investigate doing this
for the C code too.

Closes: #1664
Approved by: jlebon
2018-11-05 18:41:09 +00:00
Jonathan Lebon
537a040b00 Release 2018.9
Closes: #1633
Approved by: cgwalters
2018-10-25 18:12:37 +00:00
Colin Walters
1966167839 build-sys: Inject Automake's default CXXFLAGS to libdnf by default
Today I was trying to use gdb and noticed my libdnf build didn't
have debuginfo.  Now, I thought that's what `-DCMAKE_BUILD_TYPE=RelWithDebugInfo`
was doing but...I have no idea right now where I got that.

I looked at RPM builds, and the way this works is it exports CXXFLAGS.
Now for our C code, our defaults actually come from Autoconf.  Let's
do the beautiful hack of telling Autoconf we're going to use C++ so
it sets `CXXFLAGS` for us.

Closes: #1586
Approved by: jlebon
2018-09-28 16:21:08 +00:00
Colin Walters
f50f9e8d7e Split cbindgen to separate build, support external version
The problem is building bindgen as part of our single run
locks serde to way old versions, and I want to use newer versions.

Since Fedora will now again ship a `cbindgen` package, let's
also support using it if we find it, saving ourselves
the cost of building it.

For distros that don't ship it (e.g. CentOS) for CI purposes
we build it.  For downstream builds that are offline, rather
than vendor the cbindgen sources like we do with our main Rust,
let's just vendor the `rpmostree-rust.h` file as was suggested
in https://bugzilla.redhat.com/show_bug.cgi?id=1608670

Closes: https://github.com/projectatomic/rpm-ostree/issues/1557

Closes: #1573
Approved by: jlebon
2018-09-25 20:29:21 +00:00
Jonathan Lebon
807f21788e Hard require staging
This removes the logic around supporting opting out of the staging
feature. We don't want to support multiple configurations here, and at
this point, staging should be considered stable.

Closes: #1546
Approved by: cgwalters
2018-09-11 20:55:48 +00:00
Jonathan Lebon
772f29282e Release 2018.8
Closes: #1547
Approved by: cgwalters
2018-09-10 17:59:21 +00:00
Colin Walters
884427d948 core: Disable --as-needed for -ldl -lm linkage
https://fedoraproject.org/wiki/Changes/RemoveExcessiveLinking
broke our build, since Rust doesn't yet have a way to express
the fact that the static library has dynamic dependencies.
(AIUI this is actually something libtool can handle with `.la` but eh)

Closes: #1522
Approved by: cgwalters
2018-08-28 21:08:15 +00:00
Jonathan Lebon
53a98445e2 build: Tweak rpm version check for HAVE_NEW_RPM_VERIFY
It seems like `4.14.2-rc1` orders later than `4.14.2`, which is causing
issues in f28 builds.

Also print the version of librpm at configure time.

Closes: #1515
Approved by: cgwalters
2018-08-27 18:19:59 +00:00
Jonathan Lebon
04c0678fa6 app: Add support for passing URLs to RPMs
This teaches the client to fetch packages from URLs directly so that one
doesn't have to `curl` first and then install. Supported anywhere
package filenames are allowed (notably: `install` and
`override replace`).

One neat things about this is that we download the file into an
`O_TMPFILE` and then pass on ownership of that fd directly to the
daemon. So at no point are the packages actually laying visible on the
system. (Assuming the filesystem supports `O_TMPFILE` that is).

This adds direct linking to libcurl and openssl, two libraries which we
were already pulling in indirectly.

Closes: #1508
Approved by: cgwalters
2018-08-23 11:16:15 +00:00
Jonathan Lebon
8c301401af build: Fix building rust in debug mode
When building in `debug` mode, `RUST_DEBUG` was still turned off because
`rust_debug_release` was set to `yes`, not `debug`.

Fix this by tweaking how `--enable-rust-debug` works: when it's *not*
provided, we default to the `$CFLAGS` detection logic. Otherwise, it
overrides it.

Closes: #1514
Approved by: cgwalters
2018-08-23 01:35:57 +00:00
Colin Walters
6a274b831d build-sys: Hard require Rust
As something that manages your base operating system, we care
about reliability, predictability, as well as performance and
low-level access to native operating system facilities.  The
C programming language is great for the latter two, but fails
at providing a truly memory-safe environment.  Rust is fairly
unique in providing a language that doesn't carry a runtime,
so we can gradually "oxidize" and convert our C code without
imposing additional overhead.  It's also got a lot of modern
design niceties, like not having a null pointer.

Let's pull the trigger here and hard require Rust.  It's the
programming language I personally want to be primarily writing in for
years to come.

This is also in line with a recent trend of reducing our
experimental/optional matrix.

Closes: #1509
Approved by: jlebon
2018-08-21 14:49:26 +00:00
Colin Walters
b6d07487d5 Turn staged deployments on by default
We've put a lot of work into staged deployments, it's time
to pull the trigger and turn them on by default.  This is
a key step for enabling `stage` mode automatic updates by
default in e.g. Fedora CoreOS/Silverblue.

We add a new `--disable-staged` build-time option to flip
things back.

Closes: #1430
Approved by: jlebon
2018-08-20 20:32:00 +00:00
Colin Walters
f2a871dfeb build-sys: Stop checking for Python
We don't need it anymore at build time.  The test suite
still uses it, but we detect it dynamically there.

Closes: #1505
Approved by: jlebon
2018-08-14 13:51:09 +00:00
Jonathan Lebon
e2fe8b1cf1 Release 2018.7
Closes: #1496
Approved by: cgwalters
2018-08-09 16:06:24 +00:00
Colin Walters
da27b94b29 core: Use new rpmtsSetVfyLevel() API for writing rpmdb
Newer librpm defaults to doing a full payload checksum, which we can't
do at this point (writing the db) because we imported the RPMs into
ostree commits, saving just the header in metadata - we don't have the
exact original content to provide again.

Ref: https://bugzilla.redhat.com/show_bug.cgi?id=1607223

Closes: #1469
Approved by: jlebon
2018-07-31 19:22:30 +00:00
Colin Walters
261dd99a69 Update libdnf, disable Python bindings
This entirely drops out Sphinx as well as python-devel from our
builds, makes builds faster, and silences a lot of warnings too.

Update submodule: libdnf

Closes: #1480
Approved by: jlebon
2018-07-31 17:13:50 +00:00
Jonathan Lebon
c016509548 libdnf: Bump and disable html and man pages
Skip building man pages and HTML docs for our embedded libdnf to speed
up builds.

This bump also pulls in a fix to ensure we never try to install src
packages from `dnf_context_install()`.

See: https://github.com/projectatomic/libdnf/pull/3

Update submodule: libdnf

Closes: #1463
Approved by: jlebon
2018-07-24 20:15:10 +00:00
Colin Walters
0cc002fd8d build-sys: Use python3 for libdnf by default if available
Probably at some point libdnf will drop py2 support, but the
main reason I'm doing this is avoids a python2 dependency
for rpm-ostree for distributions that don't want that.

Note of course rpm-ostree itself doesn't use python, libdnf does.
And only for the python bindings, which we don't use either.  So
this is mostly just to DTRT automatically for the libdnf bits; down
the line we could probably add a patch to make the python fully
conditional.

Closes: #1460
Approved by: jlebon
2018-07-20 22:27:34 +00:00
Jonathan Lebon
6b79e9c681 Release 2018.6
The tree is in good condition and it's been a while. Let's do this!

Closes: #1436
Approved by: cgwalters
2018-06-29 17:32:57 +00:00
Jonathan Lebon
479406e6a5 Add support for YAML treefiles
Let's modernize and start supporting YAML treefiles. I'll dare make the
sweeping generalization that most people would prefer reading and
writing YAML over JSON.

This takes bits from coreos-assembler[1] that know how to serialize a
YAML file and spit it back out as a JSON and makes it into a shared lib
that we can link against. We could use this eventually for JSON inputs
as well to force a validation check before composing.

If we go this route, we could then turn on `--enable-rust` in FAHC for
now and drop the duplicate code in coreos-assembler.

[1] https://github.com/cgwalters/coreos-assembler

Closes: #1377
Approved by: cgwalters
2018-06-05 13:08:33 +00:00
Jonathan Lebon
bb7b489d17 Release 2018.5
Tree seems sane, tests are passing, and no major outstanding issues.
Let's get all those new goodies out!

Closes: #1367
Approved by: cgwalters
2018-05-15 13:07:37 +00:00
Jonathan Lebon
835c3ad303 Release 2018.4
It's been more than a month, let's get a release out since the tree is
in a fairly good condition now.

Closes: #1313
Approved by: cgwalters
2018-03-26 14:13:35 +00:00
Jonathan Lebon
3496947f8d configure.ac: Also build in debug mode for -Og
I prefer to use `-Og` rather than `-O0` in debug mode. Notably, it shuts
up `_FORTIFY_SOURCE` warnings which require *some* optimizations turned
on.

Closes: #1284
Approved by: cgwalters
2018-03-01 23:29:17 +00:00
Jonathan Lebon
cf6f704ee4 Release 2018.3
Bugfix release to fix minor performance regression from auto-updates
work. Plus a low-risk enhancement to `status` to print only the booted
deployment with `--booted`.

Also minor refresh of release workflow documentation.

Closes: #1262
Approved by: cgwalters
2018-02-18 18:20:34 +00:00
Jonathan Lebon
f54779df20 configure.ac: Bump ostree build dep to v2018.2
We make use of the new `OstreeRepoCheckoutFilterResult` type.

Closes: #1259
Approved by: cgwalters
2018-02-16 22:07:10 +00:00
Jonathan Lebon
b65f696b0b Release 2018.2
We have lots of goodies in the bag worthy of a release. More rojig
improvements, initial auto-updates support, and many fixes.

Closes: #1258
Approved by: cgwalters
2018-02-16 20:28:53 +00:00
Colin Walters
4008bcb27c build-sys: Fix trailing comma causing syntax error
Amazingly things seemed to stumble on from here, but this
started actively breaking when I was trying to change the code below.
It took me a while to realize it wasn't my changes introducing
the error message 😭.

Also indent so it's clearer where the conditional ends.

Closes: #1213
Approved by: jlebon
2018-01-19 14:18:19 +00:00
Colin Walters
cf58640cb3 Switch libdnf to projectatomic branch
We previously added a projectatomic/libdnf fork. I just pushed an
`rpmostree-branch` to there with one PR on top. This is an unfortunate turn but
the C++ thing still needs to be worked out.

Obviously we don't want a permanent fork, but I find it hard to justify spending
a whole lot of time pitching in to help with the libdnf C++ conversion versus
all the other work I could be doing.

Update submodule: libdnf

Closes: #1114
Approved by: jlebon
2018-01-16 14:14:32 +00:00
Colin Walters
e6a65b80df Release 2018.1
Note this runtime-requires libostree 2018.1, but not (AFAIK)
build time.

Closes: #1207
Approved by: jlebon
2018-01-15 19:03:11 +00:00
Colin Walters
937ad1b1fc build-sys: Sync CFLAGS with libostree
In particular this pulls in `-fno-strict-aliasing`.  See
https://github.com/ostreedev/ostree/pull/1384

Closes: #1156
Approved by: jlebon
2017-12-15 16:32:39 +00:00
Colin Walters
6d1918581b build-sys: Bump glib dependency
This matches reality; I picked what's in CentOS 7 mainline today. More
importantly this also fixes a build error with `-Werror=undef` because we had a
trailing underscore `_` at the end and never noticed.

Closes: #1156
Approved by: jlebon
2017-12-15 16:32:39 +00:00
Colin Walters
b4d0254581 build-sys: Fix use of libglnx configure bits
This fixes the build with `-Werror=undef` like we did in libostree.
And man is this obscure black magic.

Closes: #1156
Approved by: jlebon
2017-12-15 16:32:39 +00:00
Colin Walters
d3e50e9a5d jigdo: v2: Use jigdoset in Requires, and commit hash in Provides
Now that we have the jigdoset in `Requires`, let's make a hard
switch to using it and drop the jigdoset from the jigdoRPM data.

One lingering concern here is that the `Requires` are not quite
as strict as what we had before; for example one apparently can't
add a `Requires:` that refers to an architecture (x86_64 vs noarch).
And a lot more strongly than that we had the repodata checksums
in the old format.  I'm still thinking of a way to use those.

But moving on, this allows us to rework the client side to do a lot more
up-front calculation before downloading the jigdoRPM. In the spirit of that, at
the same time let's add a `Provides: rpmostree-jigdo-commit(e7bdb7443d8...)` so
that we can determine ahead of time whether or not we have the actual commit.

A major change we could now take would be to download the jigdoRPM
in parallel with the jigdo set, but doing that would require
driving a lot more of the jigdo logic into the core; it'd need
to know to specially handle the jigdoRPM download.

Closes: #1140
Approved by: jlebon
2017-12-12 19:31:36 +00:00
Colin Walters
b21d0ffc95 Release 2017.11
Time to cut a new one with the jigdo work, perf improvements etc.

Closes: #1129
Approved by: jlebon
2017-12-04 21:20:28 +00:00
Colin Walters
dded5c0fdc core: Use DEVINO_CANONICAL for pkglayer if policy unchanged
There's a lot more details in the libostree PR:
https://github.com/ostreedev/ostree/pull/1357

Basically loading the xattrs is slow; let's only do it if we need to, and "need
to" is defined by "SELinux policy changed". On my test F27AH VM, the difference
between a stat() + hash table lookup versus the full xattr load on my test case
of rpm-ostree install ./tree-1.7.0-10.fc27.x86_64.rpm is absolutely dramatic;
consistently on the order of 10s without this support, and <1s with (800ms).

Closes: #1123
Approved by: jlebon
2017-12-04 20:13:34 +00:00
Colin Walters
cb86194e2c Release v2017.10
Now that there's a new libostree out, let's cut one here too, since we have a
fair bit accumulated, and I think it'd be good to have the oustanding kargs PR
to soak in master for a bit after landing.

Closes: #1080
Approved by: jlebon
2017-11-02 18:01:58 +00:00