Commit Graph

381 Commits

Author SHA1 Message Date
Colin Walters
14a5746d05 Post-release version bump 2024-02-23 13:45:37 -05:00
Colin Walters
2d2e0bddf3 Release 2024.4 2024-02-23 13:45:21 -05:00
Colin Walters
b2e97c08d0 Post-release version bump 2024-02-13 17:56:15 -05:00
Colin Walters
d43386f15d Release 2024.3 2024-02-13 17:56:15 -05:00
Rogerio Guerra Borin
cdfdfed27d configure: Expose MOUNT_ATTR_IDMAP detection result to C code
This is to allow compiling composefs on machines having somewhat old
Linux kernel headers.

Signed-off-by: Rogerio Guerra Borin <rogerio.borin@toradex.com>
2024-02-12 14:52:26 -03:00
Colin Walters
f81b9fa166 sysroot: Rework /var handling to act like Docker VOLUME /var
We've long struggled with semantics for `/var`.  Our stance of
"/var should start out empty and be managed by the OS" is a strict
one, that pushes things closer to the original systemd upstream
ideal of the "OS state is in /usr".

However...well, a few things.  First, we had some legacy bits
here which were always populating the deployment `/var`.  I don't
think we need that if systemd is in use, so detect if the tree
has `usr/lib/tmpfiles.d`, and don't create that stuff at
`ostree admin stateroot-init` time if so.

Building on that then, we have the stateroot `var` starting out
actually empty.

When we do a deployment, if the stateroot `var` is empty,
make a copy (reflink if possible of course) of the commit's `/var`
into it.

This matches the semantics that Docker created with volumes,
and this is sufficiently simple and easy to explain that I think
it's closer to the right thing to do.

Crucially...it's just really handy to have some pre-existing
directories in `/var` in container images, because Docker (and podman/kube/etc)
don't run systemd and hence don't run `tmpfiles.d` on startup.

I really hit on the fact that we need `/var/tmp` in our container
images by default for example.

So there's still some overlap here with e.g. `/usr/lib/tmpfiles.d/var.conf`
as shipped by systemd, but that's fine - they don't actually conflict
per se.
2024-02-09 17:46:12 -05:00
Colin Walters
c09abec9af configure: post-release version bump 2024-02-08 13:11:03 -05:00
Colin Walters
9b30c946a1 Release 2024.2 2024-02-08 13:11:03 -05:00
Alexander Larsson
0d9dc2b25d Update submodule: composefs
This updates composefs to 1.0.3 which has support for the
new overlay nesting format.
2024-01-31 12:09:20 +01:00
Colin Walters
0ce6656add configure: post-release version bump 2024-01-19 17:27:09 -05:00
Colin Walters
3b4f5e36ee Release 2024.1 2024-01-19 17:26:26 -05:00
Colin Walters
56b268dd66 configure: post-release version bump 2023-12-05 14:03:56 -05:00
Colin Walters
5b23804a1a Release 2023.8 2023-12-05 13:37:04 -05:00
Colin Walters
ce2a33e813 build-sys: Enable libsoup3 by default if installed
In f39 we switched to libsoup3 by default; this ensures our CI
picks that up automatically so we still have ostree-trivial-httpd.
2023-11-09 09:28:57 -05:00
Colin Walters
36d96931dd configure: post-release version bump 2023-10-20 09:36:20 -04:00
Colin Walters
a87e90691e Release 2023.7 2023-10-20 09:36:20 -04:00
Colin Walters
97d83e6225 configure: post-release version bump 2023-08-24 21:18:02 -04:00
Colin Walters
dab8051fd8 Release 2023.6 2023-08-24 21:18:02 -04:00
Colin Walters
3648c5ae29 build-sys: Really fix composefs check
The ordering of the includes apparently matters...and I didn't
actually check that the previous change enables composefs on c9s.
But I did now.  For reals.

While we have the patient open, I switched to `AC_LANG_PROGRAM`
because I originally thought the bug had something to do with that.
As far as I understand, more cleanly separating the includes
from the injected body text is a useful thing in `AC_LANG_PROGRAM`.
2023-08-24 19:58:20 -04:00
Colin Walters
33ef4ae620 build-sys: Look for both linux/mount.h and sys/mount.h
Since that's what composefs uses.
2023-08-24 17:25:14 -04:00
Colin Walters
90e54619df build-sys: Disable composefs on too-old Linux headers
This should fix the build with Google OSS-fuzz which currently
uses an old Ubuntu.
2023-08-22 12:48:06 -04:00
Colin Walters
8ce7bbe199 Add an always-on inode64 feature
As I (and others) will be backporting the fix in
de6fddc6ad
pretty far, I want a way for sysadmins and OS builders to
be able to reliably see when their version of ostree has this fix
(Because comparing version numbers isn't portable).
2023-07-20 13:50:25 -04:00
Colin Walters
592351d1b0 build-sys: Enable composefs at *build time* by default
There's no additional dependencies, and it's a small amount
of new code.

The riskiest thing is the changes to ostree-prepare-root, but
I believe that things are in a good state now there.

Again, this just enables it at *build time* - it's still
off at runtime by default.
2023-07-14 10:34:46 -04:00
Colin Walters
265cf7d786 build-sys: Add libsodium to OT_DEP_CRYPTO
There's no reason to have these distinct really.  If we're using
libsodium, we want it in the same places we're using openssl.

Prep for further refactoring.
2023-07-08 15:42:12 -04:00
Alexander Larsson
7b85adfbbd sign-ed25519: Implement sign and verify using openssl
libsodium is used if configured to keep the old behaviour, but if
it is not enabled, and openssl is used, then ed25519 is now supported.
2023-07-07 17:16:30 +02:00
Colin Walters
6172018090
Merge pull request #1633 from cgwalters/pkglibexec-tests
Drop "ostree trivial-httpd" CLI, move to tests directory
2023-07-05 04:51:29 -04:00
Colin Walters
0c36e8143d Drop "ostree trivial-httpd" CLI, move to tests directory
See https://github.com/ostreedev/ostree/issues/1593

Basically this makes it easier for people packaging, as the trivial-httpd
is only for tests, and this way the binary will live with the tests.

Also at this point nothing should depend on `ostree trivial-httpd`.
2023-07-04 08:18:24 -04:00
Colin Walters
5aadb6ec26 configure: post-release version bump 2023-06-30 11:10:25 -04:00
Colin Walters
26b833e90a Release 2023.5 2023-06-30 11:07:18 -04:00
Colin Walters
a6035125d5 configure: post-release version bump 2023-06-20 09:39:43 -04:00
Colin Walters
0c35149c7e Release 2023.4 2023-06-20 09:39:04 -04:00
Khem Raj
c3bd439d3e libostree: Link with libgpg-error for gpg_strerror_r API
With f461c02bb5 use of gpg_strerror_r
was added this symbol comes from libgpg-error however, therefore its
needed to add -lgpg-error to cmdline to resolve this symbol especially
with gold and lld linker. Fixes

aarch64-yoe-linux-ld.lld: error: undefined reference due to --no-allow-shlib-undefined: gpg_strerror_r
>>> referenced by ./.libs/libostree-1.so
2023-06-14 09:39:34 -07:00
Alexander Larsson
e3be4ee52a Update submodule: composefs
Instead of using pkg-config, etc we just include composefs.
In the end the library is just 5 c source files, and it is set up
to be easy to use as a submodule.

For now, composefs support is disabled by default.
2023-05-31 10:57:37 +02:00
Alexander Larsson
e2956e2c08 lib: Add (private) API for checking out commits into a composefs image
This supports checking out a commit into a tree which is then
converted into a composefs image containing fs-verity digests for all
the regular files, and payloads that are relative to a the
`repo/objects` directory of a bare ostree repo.

Some specal files are always created in the image. This ensures that
various directories (usr, etc, boot, var, sysroot) exists in the
created image, even if they were not in the source commit. These are
needed (as bindmount targets) if you want to boot from the image. In
the non-composefs case these are just created as needed in the checked
out deploydir, but we can't do that here.

This is all controlled by the new ex-integrity config section, which
has the following layout:

```
[ex-integrity]
fsverity=yes/no/maybe
composefs=yes/no/maybe
composefs-apply-sig=yes/no
composefs-add-metadata=yes/no
composefs-keyfiile=/a/path
composefs-certfile=/a/path
```

The `fsverity` key overrides the old `ex-fsverity` section if
specified.  The default for all these is for the new behaviour to be
disabled. Additionally, enabling composefs implies fsverity defaults
to `maybe`, to avoid having to set both.
2023-05-31 10:55:14 +02:00
Joseph Marrero
88fe600ff8 configure: post-release version bump 2023-05-17 16:32:43 -04:00
Joseph Marrero
bf3495dbbf Release 2023.3 2023-05-17 16:29:04 -04:00
Daniel Kolesa
d0ea2db430 fetcher: add libsoup3 backend
The default is still soup2, you can use --with-soup3 to enable
the soup3 backend instead.
2023-04-12 22:33:08 -06:00
Colin Walters
61dc678cb3 configure: post-release version bump 2023-03-22 09:58:54 -04:00
Colin Walters
29106eb939 Release 2023.2 2023-03-22 09:57:57 -04:00
Colin Walters
d49632faa6
Merge pull request #2812 from tintou/tintou/g-ir-fix
build: Do not include private headers in the introspection
2023-03-17 11:36:22 -04:00
Colin Walters
15b2c4f45c configure: post-release version bump 2023-02-17 11:31:27 -05:00
Colin Walters
cd100df413 Release 2023.1 2023-02-17 11:31:27 -05:00
Corentin Noël
518c5977e9 build: Do not include private headers in the introspection
This leads to private symbols being exported.

Also specify the single C header, this relies on the gir_C_INCLUDES make variable,
which was introduced in gobject-introspection 1.51.5.
2023-02-09 11:41:43 +01:00
Luca BRUNO
dd98a2a4cf
configure: use pkg-config with newer gpgme and gpg-error
This tweaks autoconf logic in order to use pkg-config for gpgme
and gpg-error when available.
Recent versions of gpgme directly provide threaded support, and
gpg-error started shipping a .pc file. Thus on recent distributions
it is possible to directly use pkg-config for both. On older
environments, the legacy logic is kept in place.
2022-11-29 08:51:52 +00:00
Colin Walters
1d1aaec899 configure: post-release version bump 2022-11-23 10:42:45 -05:00
Colin Walters
e2f8ea6957 Release 2022.7 2022-11-23 09:02:52 -05:00
Luca BRUNO
b147166d06
configure: post-release version bump 2022-10-07 07:56:24 +00:00
Luca BRUNO
eee649d902
Release 2022.6 2022-10-07 07:54:09 +00:00
Colin Walters
d7c25a2062 configure: post-release version bump 2022-07-22 15:20:05 -04:00
Colin Walters
15740d042c Release 2022.5 2022-07-22 15:08:25 -04:00