311 Commits

Author SHA1 Message Date
Luca BRUNO
38c14b3745
Release 2021.3 2021-07-12 08:38:38 +00:00
Colin Walters
73e3ccc401 Use generator to enable ostree-remount.service and ostree-finalize-staged.path
We struggled for a long time with enablement of our "internal units",
trying to follow the philosophy that units should only be enabled
by explicit preset.

See https://bugzilla.redhat.com/show_bug.cgi?id=1451458
and https://github.com/coreos/rpm-ostree/pull/1482
etc.

And I just saw chat (RH internal on a proprietary system sadly) where
someone hit `ostree-remount.service` not being enabled in CentOS8.

Thinking about this more, I realized we've shipped a systemd generator
for a long time and while its only role until now was to generate `var.mount`,
but by using it to force on our internal units, we don't require
people to deal with presets anymore.

Basically we're inverting things so that "if ostree= is on the kernel
cmdline, then enable our units" and not "enable our units, but have
them use ConditionKernelCmdline=ostree to skip".

Drop the weird gyrations we were doing around `ostree-finalize-staged.path`
too; forking `systemctl start` is just asking for bugs.

So after this, hopefully we won't ever again have to think about
distribution presets and our units.
2021-06-16 09:40:28 -04:00
Dan Nicholson
eb09207e1a build-sys: Bump required GLib to 2.44
This will allow usage of `GMutexLocker`. This should be available on
many older distros:

* RHEL 7 - 2.56.1
* RHEL 8 - 2.56.4
* Debian 9 stretch (oldstable) - 2.50.3
* Debian 10 buster (stable) - 2.58.3
* Ubuntu 16.04 xenial - 2.48.2
* Ubuntu 18.04 bionic - 2.56.4
2021-06-05 09:12:14 -06:00
Colin Walters
3595414c86 configure: post-release version bump 2021-04-15 13:02:48 -04:00
Colin Walters
6a72674ec6 Release 2021.2 2021-04-15 13:02:48 -04:00
Colin Walters
a90d59cf2d build-sys: Remove --enable-experimental-api
It was added for the collections bits, but we made that stable.
It's now just cruft and we're very unlikely to reuse the infrastructure
again.

Motivated by a unit test failure when running from a tarball:
https://github.com/ostreedev/ostree/issues/2313
2021-04-07 19:19:05 +00:00
Colin Walters
dafa404606 configure: post-release version bump 2021-03-23 15:23:55 -04:00
Colin Walters
e9e4b91120 Release 2021.1 2021-03-23 15:23:55 -04:00
Jonathan Lebon
a16be7df6e
Merge pull request #2306 from cgwalters/drop-core-rust 2021-03-22 09:59:42 -04:00
Colin Walters
61184163ea Drop minimal rust/ library
This was my first experiment with using Rust in this way; I gained
a lot of knowledge from it.  But, we don't really gain
anything from the code as it is today - while it is "bit fiddling"
code, the C code is well tested.

We have a lot of compile-time options, and trimming them will be
helpful.

We've also gotten pushback on hard requiring Rust client side.

Instead, what I'd like to do is hopefully soon create an `ostree-system`
crate that uses the existing `ostree` library and can contain
code drained from the rpm-ostree Rust and used by other projects perhaps.

So the goal here is really more Rust, but we need to focus our
efforts on where it's most valuable.
2021-03-18 21:54:52 +00:00
Kenneth J. Miller
cfe313afae Add configure option for unsuffixed GRUB2 commands
GRUB starting with version 2.02 permits the use of the linux and
initrd commands for both EFI boot in *-efi installations, as
well as 32-bit BIOS boot in i386-pc installations.

This makes the use of the -16 and -efi suffixes for BIOS and EFI
boot obsolete on systems with a modern GRUB installation.

The --with-modern-grub configure flag makes ostree use the
unsuffixed linux/initrd commands when generating a GRUB
configuration, while defaulting to the previous behaviour for
users not wanted this option.
2021-03-18 14:31:28 +01:00
Colin Walters
d49f3291ad Add --enable-sanitizers, fix make check with it
It's cleaner if this is an build option rather than being
kludged into the CI layer.

Notably we can't use `LD_PRELOAD` anymore with ASAN, so update
our tests to check for `ASAN_OPTIONS`.
2021-02-03 20:33:19 +00:00
Luca BRUNO
8ece70b207
templates: add release-checklist
This collects all release steps in a release-checklist template.
2020-11-18 13:05:07 +00:00
Luca BRUNO
3c3651417c
configure: post-release version bump 2020-11-17 10:50:56 +00:00
Luca BRUNO
3e289b1934
Release 2020.8 2020-11-17 10:32:57 +00:00
Colin Walters
326b8b13c6 Post-release version bump 2020-10-13 17:38:19 -04:00
Colin Walters
32a3a12973 Release 2020.7 2020-10-13 14:31:26 -04:00
Phaedrus Leeds
c4f26bfdc8 Avoid shadowing local variables
This should help with code readability.

Fixes https://github.com/ostreedev/ostree/issues/2194
2020-09-13 10:08:02 -07:00
Colin Walters
4d6e8f2b99 Post-release version bump 2020-09-03 18:00:27 +00:00
Colin Walters
5d2183f63e Release 2020.6
Let's get the /var mount fix out at least.
2020-09-03 18:00:03 +00:00
Jonathan Lebon
0a6a41a63d configure.ac: Set is_release_build=no
We missed this during the post-release version bump.
2020-08-24 14:17:35 -04:00
Colin Walters
b67f029d76 Post-release version bump 2020-08-18 15:55:47 +00:00
Colin Walters
8715989df3 Release 2020.5
Mainly to get https://github.com/ostreedev/ostree/pull/2160 out.
2020-08-18 15:55:21 +00:00
Colin Walters
0d91206a62 Post-release version bump 2020-07-22 14:09:26 +00:00
Colin Walters
901747f985 Release 2020.4
A lot of stuff here, new signing API is the biggest.  Let's
get a release out.
2020-07-21 21:48:51 +00:00
Denis Pynkin
6aeca233f6 sign: rename option for enabling ed25519
Use option `--with-ed25519-libsodium` instead of
`--with-libsodium` to enable ed25519 signature engine.

This allows to use later different implementations of ed25519
signing/verification. For instance, based on openssl.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-04-17 19:26:52 +03:00
Colin Walters
d1e5ed379e Use sign-ed25519 for the feature name
`libsodium` is an implementation detail.  In particular, I'd like
to consider using OpenSSL for ed25519 (if libsodium isn't configured
and openssl is).

So switch the name of the exposed feature and adjust the tests.
2020-04-16 16:43:43 +00:00
Colin Walters
fbc5927d7e build-sys: Print libsodium status at end of configure
Like we do with other features.
2020-03-25 15:23:55 +03:00
Denis Pynkin
84c8164610 Add libsodium dependency
Allow to configure with libsodium flag.

Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
2020-03-25 15:22:41 +03:00
Jonathan Lebon
8f2c240326 Post-release version bump 2020-03-13 21:59:35 -04:00
Jonathan Lebon
6ed48234ba Release 2020.3
Let's do another release to get the `sysroot.readonly` fixes into FCOS
and unpin ostree and rpm-ostree there.
2020-03-13 21:59:05 -04:00
Colin Walters
6bedfcfdc3 Post-release version bump 2020-02-21 14:48:00 +00:00
Colin Walters
c6085ebd5e Release 2020.2
"Brown paper bag" release that actually sets the
`is_release_build=yes` flag and also fixes the
`Since:` on a few new functions.
2020-02-21 14:45:49 +00:00
Colin Walters
7db7cfc407 Post-release version bump 2020-02-20 16:37:07 +00:00
Colin Walters
04c85fa101 Release 2020.1
New year, new release!
2020-02-20 16:35:47 +00:00
Colin Walters
58fa579b1b Initial fs-verity support
Using fs-verity is natural for OSTree because it's file-based,
as opposed to block based (like dm-verity).  This only covers
files - not symlinks or directories.  And we clearly need to
have integrity for the deployment directories at least.

Also, what we likely need is an API that supports signing files
as they're committed.

So making this truly secure would need a lot more work.  Nevertheless,
I think it's time to start experimenting with it.  Among other things,
it does *finally* add an API that makes files immutable, which will
help against some accidental damage.

This is basic enablement work that is being driven by
Fedora CoreOS; see also https://github.com/coreos/coreos-assembler/pull/876
2020-01-27 15:44:16 +00:00
Alex Kiernan
562b60022b build: fix systemd feature advertisement
17db0f15a798 ("configure: add option for libsystemd") exposed
--without-libsystemd to allow systemd to be disabled even if the systemd
pkgconfig script was present, introducing a new variable
with_libsystemd; there are now three, almost identical variables:

- with_libsystemd [yes, no, maybe] - controlled by --without-libsystemd,
  resolved into yes/no by the initial checks
- have_libsystemd [yes, no, <undefined>] - only set if with_libsystemd
  is yes/maybe, otherwise undefined
- with_systemd [yes, <undefined>] - yes if have_systemd is yes,
  otherwise undefined

with_systemd is the earliest variable and was previously set by a set of
checks for dracut and mkinitcpio. These checks were changed for a
systemd check in 9e2763106be0 ("lib: Use sd_journal directly
(optionally)"). This commit also introduced BUILDOPT_LIBSYSTEMD, which
will always match BUILDOPT_SYSTEMD.

Fix the confusion by removing with_systemd which will always be yes when
with_libsystemd=yes, or undefined if with_libsystemd=no. We can ignore
the with_libsystemd=maybe case because it will always be resolved into
yes/no before with_systemd is set.

And replace all uses of BUILDOPT_SYSTEMD with BUILDOPT_LIBSYSTEMD, since
they again always match.

This fixes both the advertised features and the summary output when
systemd is disabled by using with_libsystemd which is always defined.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Fixes: 5c62a7e4d0a5 ("build: Expose systemd in OSTREE_FEATURES")
Fixes: 17db0f15a798 ("configure: add option for libsystemd")
Supersedes: #1992
2020-01-25 13:12:41 +00:00
Alex Kiernan
5c62a7e4d0 build: Expose systemd in OSTREE_FEATURES
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-12-29 13:27:29 +00:00
Colin Walters
c820a6133b Post-release version bump 2019-12-09 16:18:28 +00:00
Colin Walters
978bd19f97 Release 2019.6
Nothing really big here, but let's get a release out
so some bigger things like ro-sysroot, signing, sizes can
bake in master for a bit.
2019-12-09 16:18:01 +00:00
Colin Walters
dc92b09efb Post-release version bump 2019-10-30 17:08:00 +00:00
Colin Walters
980ca07b03 Release 2019.5 2019-10-30 17:08:00 +00:00
Colin Walters
ac4e3ab3e6 build-sys: Cleanup handling for trivial-httpd-cmdline
This way it's clearer this bit is only about the CLI entrypoint
also living in `ostree trivial-httpd`, not the underlying
`ostree-trivial-httpd` binary that's separate now.

Delete the automake conditional for this, and make the manpage
conditional use `if USE_LIBSOUP` the same way the C build does.

Suggested-by: Jonathan Lebon <jonathan@jlebon.com>
2019-10-23 15:05:30 +00:00
Alex Kiernan
8f0b225d60 Revert "Gate ostree-trivial-httpd on BUILDOPT_TRIVIAL_HTTPD"
This reverts commit 83d44ac20ae80d74e05d89744fd1fbd4f45b7fba.
2019-10-19 22:20:25 +01:00
Alex Kiernan
83d44ac20a Gate ostree-trivial-httpd on BUILDOPT_TRIVIAL_HTTPD
When building without --enable-trivial-httpd-cmdline, don't build or install
the ostree-trivial-httpd binary.

Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
2019-10-09 06:04:54 +01:00
Jonathan Lebon
5ea85ba5ac configure.ac: Add more details on how to do a release
Closes: #1928
Approved by: cgwalters
2019-09-25 21:05:32 +00:00
Jonathan Lebon
c6c640f3ae Post-release version bump
Closes: #1927
Approved by: cgwalters
2019-09-25 13:43:28 +00:00
Jonathan Lebon
9d39e7d91e Release 2019.4
Tiny release. Just want to get out the important bugfixes instead of
backporting patches (notably the gpg-agent stuff and
`ostree-finalize-staged.service` ordering).

Closes: #1927
Approved by: cgwalters
2019-09-25 13:43:28 +00:00
Colin Walters
71e1e9d18e Post-release version bump
Closes: #1902
Approved by: rfairley
2019-08-22 18:37:38 +00:00
Colin Walters
b15ed42111 Release 2019.3
It's been a while, and we need the new kargs API for rpm-ostree.

Closes: #1902
Approved by: rfairley
2019-08-22 18:37:38 +00:00