| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
This should help with code readability.
Fixes https://github.com/ostreedev/ostree/issues/2194
|
| |
|
|
|
|
| |
Let's get the /var mount fix out at least.
|
|
|
|
| |
We missed this during the post-release version bump.
|
| |
|
|
|
|
| |
Mainly to get https://github.com/ostreedev/ostree/pull/2160 out.
|
| |
|
|
|
|
|
| |
A lot of stuff here, new signing API is the biggest. Let's
get a release out.
|
|
|
|
|
|
|
|
|
|
| |
Use option `--with-ed25519-libsodium` instead of
`--with-libsodium` to enable ed25519 signature engine.
This allows to use later different implementations of ed25519
signing/verification. For instance, based on openssl.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
|
|
|
|
|
|
|
| |
`libsodium` is an implementation detail. In particular, I'd like
to consider using OpenSSL for ed25519 (if libsodium isn't configured
and openssl is).
So switch the name of the exposed feature and adjust the tests.
|
|
|
|
| |
Like we do with other features.
|
|
|
|
|
|
| |
Allow to configure with libsodium flag.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
|
| |
|
|
|
|
|
| |
Let's do another release to get the `sysroot.readonly` fixes into FCOS
and unpin ostree and rpm-ostree there.
|
| |
|
|
|
|
|
|
| |
"Brown paper bag" release that actually sets the
`is_release_build=yes` flag and also fixes the
`Since:` on a few new functions.
|
| |
|
|
|
|
| |
New year, new release!
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Using fs-verity is natural for OSTree because it's file-based,
as opposed to block based (like dm-verity). This only covers
files - not symlinks or directories. And we clearly need to
have integrity for the deployment directories at least.
Also, what we likely need is an API that supports signing files
as they're committed.
So making this truly secure would need a lot more work. Nevertheless,
I think it's time to start experimenting with it. Among other things,
it does *finally* add an API that makes files immutable, which will
help against some accidental damage.
This is basic enablement work that is being driven by
Fedora CoreOS; see also https://github.com/coreos/coreos-assembler/pull/876
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
17db0f15a798 ("configure: add option for libsystemd") exposed
--without-libsystemd to allow systemd to be disabled even if the systemd
pkgconfig script was present, introducing a new variable
with_libsystemd; there are now three, almost identical variables:
- with_libsystemd [yes, no, maybe] - controlled by --without-libsystemd,
resolved into yes/no by the initial checks
- have_libsystemd [yes, no, <undefined>] - only set if with_libsystemd
is yes/maybe, otherwise undefined
- with_systemd [yes, <undefined>] - yes if have_systemd is yes,
otherwise undefined
with_systemd is the earliest variable and was previously set by a set of
checks for dracut and mkinitcpio. These checks were changed for a
systemd check in 9e2763106be0 ("lib: Use sd_journal directly
(optionally)"). This commit also introduced BUILDOPT_LIBSYSTEMD, which
will always match BUILDOPT_SYSTEMD.
Fix the confusion by removing with_systemd which will always be yes when
with_libsystemd=yes, or undefined if with_libsystemd=no. We can ignore
the with_libsystemd=maybe case because it will always be resolved into
yes/no before with_systemd is set.
And replace all uses of BUILDOPT_SYSTEMD with BUILDOPT_LIBSYSTEMD, since
they again always match.
This fixes both the advertised features and the summary output when
systemd is disabled by using with_libsystemd which is always defined.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Fixes: 5c62a7e4d0a5 ("build: Expose systemd in OSTREE_FEATURES")
Fixes: 17db0f15a798 ("configure: add option for libsystemd")
Supersedes: #1992
|
|
|
|
| |
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
|
| |
|
|
|
|
|
|
| |
Nothing really big here, but let's get a release out
so some bigger things like ro-sysroot, signing, sizes can
bake in master for a bit.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
This way it's clearer this bit is only about the CLI entrypoint
also living in `ostree trivial-httpd`, not the underlying
`ostree-trivial-httpd` binary that's separate now.
Delete the automake conditional for this, and make the manpage
conditional use `if USE_LIBSOUP` the same way the C build does.
Suggested-by: Jonathan Lebon <jonathan@jlebon.com>
|
|
|
|
| |
This reverts commit 83d44ac20ae80d74e05d89744fd1fbd4f45b7fba.
|
|
|
|
|
|
|
| |
When building without --enable-trivial-httpd-cmdline, don't build or install
the ostree-trivial-httpd binary.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
|
|
|
|
|
| |
Closes: #1928
Approved by: cgwalters
|
|
|
|
|
| |
Closes: #1927
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
| |
Tiny release. Just want to get out the important bugfixes instead of
backporting patches (notably the gpg-agent stuff and
`ostree-finalize-staged.service` ordering).
Closes: #1927
Approved by: cgwalters
|
|
|
|
|
| |
Closes: #1902
Approved by: rfairley
|
|
|
|
|
|
|
| |
It's been a while, and we need the new kargs API for rpm-ostree.
Closes: #1902
Approved by: rfairley
|
|
|
|
|
|
|
|
|
|
| |
Allow to disable GPGME support with option "--without-gpgme" for
configure.
Signed-off-by: Denis Pynkin <denis.pynkin@collabora.com>
Closes: #1889
Approved by: cgwalters
|
|
|
|
|
|
|
|
| |
This way projects can dispatch at run-time based on ostree's
build time options, e.g. detect the availability of GPG.
Closes: #1890
Approved by: jlebon
|
|
|
|
|
| |
Closes: #1844
Approved by: rfairley
|
|
|
|
|
|
|
|
| |
Also add `ostree_repo_get_bootloader` to the public API, which was
missed when it was initially merged.
Closes: #1844
Approved by: rfairley
|
|
|
|
|
| |
Closes: #1800
Approved by: jlebon
|
|
|
|
|
| |
Closes: #1800
Approved by: jlebon
|
| |
|
|
|
|
|
| |
Closes: #1761
Approved by: cgwalters
|
|
|
|
|
| |
Closes: #1761
Approved by: cgwalters
|
|
|
|
|
| |
Closes: #1705
Approved by: jlebon
|
|
|
|
|
| |
Closes: #1705
Approved by: jlebon
|
|
|
|
|
| |
Closes: #1683
Approved by: cgwalters
|
|
|
|
|
|
|
| |
Request via flatpak: mainly to port min-free-space-size
Closes: #1683
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some downstreams — namely, the Yocto Project — ship gpg-error with a
pkg-config file, and modify gpg-error-config to error out when you try
using it instead of pkg-config.
We can check for gpg-error via pkg-config, and if it's not available,
fall back to gpg-error-config.
Signed-off-by: Emmanuele Bassi <ebassi@gnome.org>
Closes: #1682
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
| |
We use the API, and not linking breaks the build with e.g.
`-fuse-ld=gold` in a Fedora 28 buildroot as gold doesn't do the
"search indirect dependencies" thing.
Closes: #1679
Approved by: jlebon
|
| |
|
| |
|