Release 2020.4

By far the biggest change in this release is new ed25519 signing support, powered by libsodium.
See: https://github.com/ostreedev/ostree/issues/1233

`ostree commit` [gained a new `--base` argument](https://github.com/ostreedev/ostree/pull/2059/commits/329a82c57e954392a2b33e60bcb8163892064205), which significantly simplifies constructing "derived" commits, particularly for systems using SELinux.

Handling of the [read-only sysroot was reimplemented](https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077) to run in the initramfs and be more reliable.  Enabling the `readonly=true` flag in the repo config is recommended.

Several bugs were fixed in locking for the temporary "staging" directories OSTree creates, particularly on NFS.

[lib: Coerce flags enums to GIR bitfields](https://github.com/ostreedev/ostree/pull/2089/commits/dc69f56de6dab66f7bb4fe66aa203e84efa9676c) changed some values to be (correctly) flags - this may show up as incompatible for GObject Introspection consumers (but not C).

A new [timestamp-check-from-rev](https://github.com/ostreedev/ostree/pull/2099/commits/c8efce06564b7adef83994dddb41cd61a030207d) option was added for pulls, which makes downgrade protection more reliable and will be used by Fedora CoreOS.

Several fixes and enhancements were [made for "collection" pulls](https://github.com/ostreedev/ostree/pull/1973/commits) including a new `--mirror` option.

The `ostree commit` command learned a new [`--mode-ro-executables`](https://github.com/ostreedev/ostree/pull/2091) which enforces [W^R](https://en.wikipedia.org/wiki/W%5EX) semantics on all executables.

A new commit metadata key ([`OSTREE_COMMIT_META_KEY_ARCHITECTURE`](https://github.com/ostreedev/ostree/pull/2121)) was added to help standardize the architecture of the OSTree commit. This could be used on the client side for example to sanity-check that the commit matches the architecture of the machine before deploying.

Some [new tests are being written in Rust](https://github.com/ostreedev/ostree/pull/2048/commits/1f637bf34103746ab07f359d5488224134a16a08), and ostree now itself uses the Rust ostree bindings for tests; work on this is ongoing.

The `pull` command learned a new `--per-object-fsync` which restores the original libostree behaviour of `fsync`ing each object as they are written. This makes the overall operation take much longer, but exhibits an I/O latency profile friendlier to neighbouring processes (such as databases) that also invoke `fsync`. This will be used in OpenShift for example, where etcd latency is crucial.

There's a lot in the pipeline, including better handling of the `/boot = /` case, static delta inline signatures, more CI work, etc.

```
AJ Jordan (1):
      Fix typo

Colin Walters (62):
      main/pin: Fix usage of GError
      tests: Rework tests/installed → tests/kola
      tests/kola: Two test fixes
      main/commit: Rework control flow to use --tree=X path
      tests/pull-repeated: Bump up retries to match max fails
      repo/commit: Add support for --selinux-policy-from-base
      build-sys: Print libsodium status at end of configure
      sign-ed25519: Convert some functions to new style
      sign-dummy: Convert to current code style
      signing: Remove g_debug(__FUNCTION__)
      lib: Add error prefixing for sysroot load and repo open
      sysroot: Reorganize sysroot load code a bit
      lib: Squash two gtk-doc warnings
      tests/pull-sizes: Disable xattrs everywhere
      pull: Update key loading function to match error style
      commit: Add --base argument
      OWNERS: add d4s to reviewers
      Only enable "dummy" signature type with opt-in env variable
      lib/pull: Two cosmetic internal function renames
      Change signature opts to include type, cleanup error handling
      ci: Build minimal without libsodium too
      Use `sign-ed25519` for the feature name
      travis: Add some libsodium coverage
      lib: Move internal binding verification API to repo.c
      lib: Move pull struct definition into repo-pull-private.h
      lib: Move gpg/signapi bits into ostree-repo-pull-verify.c
      deploy: Add --no-merge
      finalize-staged: Add ProtectHome=yes and ReadOnlyPaths=/etc
      tests/staged-deploy: Cleanup initial state
      signing: Add #define OSTREE_SIGN_NAME_ED25519
      commit: Add --mode-ro-executables option
      ostree-prepare-root: Requires=sysroot.mount
      remote-add: Add --sign-verify=KEYTYPE=[inline|file]:PUBKEYREF
      signing: Change API to create instances directly
      tests/staged-delay.sh: New test
      pull: Further cleanup signapi verification
      finalize: Add RequiresMountsFor=/boot too
      ci: Install kola tests
      pull: Only have API to disable signapi for local pulls
      ci: Test for clock skew
      admin-test: Show err.txt on unexpected failure
      pull: Add support for sign-verify=<list>
      Move ro /sysroot bind mount of /etc into initramfs
      tests/kola: Move to tests/kolainst
      Add new Rust-based tests
      remote-add: Default to explicit sign-verify backends
      pull: Add error prefixing with specific object when parsing
      bupsplit: rustfmt(*)
      tests/rust: Extract a with_webserver_in helper wrapper
      commit: Note in help that --base takes an argument
      core: Add OSTREE_COMMIT_META_KEY_ARCHITECTURE
      tests: Add a pre-signed-pull.sh test
      sign/ed25519: Output failed signatures in error message
      signapi: Change API to also return a success message
      libostree-devel.sym: Remove nonexistent stub symbol
      core: Add documentation for ostree_commit_get_timestamp()
      sysroot: Remove unimplemented ostree_sysroot_lock_with_mount_namespace
      tests: Port to Debian autopkgtest reboot API
      tests: Add needs-internet tag for webserver bits
      pull: Also append bytes written
      pull: Add --per-object-fsync
      Release 2020.4

Dan Nicholson (1):
      lib: Coerce flags enums to GIR bitfields

Denis Pynkin (80):
      Add libsodium dependency
      lib/sign: initial implementation
      sign: add new builtin for signing
      sign: allow to sign commits from CLI
      lib/sign: enable verification for pulling
      tests: add test for commits sign/verification
      sign: API changes for public keys and CLI keys format
      builtin/sign: allow to provide the file with public keys
      tests/sign: check public keys load from file
      builtin/sign: remove libsodium-specific code
      sign: fix unneeded objects creation
      sign: fix error return for dummy module
      builtin/sign: remove libsodium dependency
      sign: fixes for ed25519 for loading public keys from files
      sign: check signatures for pulled commits
      tests/sign: add initial test for pulling
      lib/sign: disable mandatory signature check
      lib/sign: add support of file with valid keys for remote
      lib/sign: read ed25519 public keys from well known places
      builtin/sign: allow to sign with keys from secret file
      tests/gpg: skip test in JS if GPG is not supported
      sign: fix memory leaks and code cleanup
      builtin/sign: allow to use multiple public keys for verification
      lib/sign-ed25519: cleanup unneeded code
      lib/sign: public API optimisation
      lib/sign: allow to add keys as base64 string for ed25519
      sign: use common function for loading public keys during pulling
      lib/sign: minor optimisation for ed25519
      lib/sign: add ostree_seign_clear_keys function
      lib/sign: add revoking mechanism for ed25519 keys
      builtin/sign: add option 'keys-dir'
      tests/sign: check system-wide config and revoked keys
      man: document `ostree sign`
      bash-completion: add completion for `ostree sign`
      apidoc: add API documentation for signing interface
      man: document commit signing
      bin/pull-local: add --sign-verify
      tests/libtest: add functions for ed25519 tests
      tests/sign: use library functions for ed25519 keys
      tests/local-pull: test "--sign-verify" option
      bin/remote-add: added "--no-sign-verify" option
      tests: use option "--no-sign-verify" for adding remote
      tests/sign: disable GPG for alternatively signed pull
      lib/sign: allow to build with glib version less than 2.44
      lib/sign: use separate public and secret keys for 'dummy'
      tests/sign: add verification key for pulling with dummy
      lib/sign: fix the false failure while loading keys
      tests/sign: allow to start pull test without libsodium
      lib/sign: new function for summary file signing
      bin/summary: add signing with alternative mechanism
      lib/repo-pull: verify signature on summary pull
      tests/sign: new test for summary file verification
      man: add signature options for ostree summary
      gpg: do not fail GPG-related configuration get for remote
      lib/repo-pull: change sign supporting functions
      lib/repo-pull: set default for sign-verify-summary
      lib/repo-pull: add signature check while fetching summary
      bin/pull-local: add --sign-verify-summary
      lib/sign: make dummy engine non-public
      lib/sign: make ed25519 engine non-public
      lib/sign: better error handling of ed25519 initialization
      lib/repo-pull: return error from signing engine
      lib/repo-pull: return errors from signature engines
      tests/sign: added check with file and single key on pull
      sign-ed25519: Convert functions to new style
      sign-dummy: optimize ostree_sign_dummy_data_verify
      lib/sign: convert ostree_sign_summary to new style
      tests/sign: check pull failure with invalid remote options
      lib/sign: return false for non-implemented functions
      sign-pull: improve error handling
      ostree-repo: improve error handling
      lib/repo-pull: fix GPG check while pulling remote
      Add ci_pkgs to travis-install.sh
      Fix the lost line separator
      Add the same config options for distcheck
      tests/signed-commit: fix the test of well-known places
      sign: rename option for enabling ed25519
      signapi: expose metadata format and key
      sign/ed25519: fix the abort in case of incorrect public key
      sign/ed25519: fix return value if no correct keys in file

Felix Krull (1):
      lib: fix typo in function docs

Frédéric Danis (1):
      lib/deltas: convert ostree_repo_static_delta_generate to new style

Javier Martinez Canillas (1):
      grub2: Don't add menu entries if GRUB supports parsing BLS snippets

Jonathan Lebon (17):
      Post-release version bump
      bin/diff: Clarify documentation around REV and DIR syntax
      lib/pull: Don't leave commits pulled by depth as partial
      ci: Adapt to use new fcosKola semantics
      lib/commit: Add more error prefixing
      lib: Rename function for staging dir check
      lib/commit: Check that dirent is a directory before cleaning
      lib/pull: Add `timestamp-check-from-rev`
      lib/upgrader: Pull with `timestamp-check-from-rev`
      tests/admin-test: Ensure that commits are 1s apart
      switchroot/remount: Neuter sysroot.readonly for now
      tests/admin-test: Fix --allow-downgrade check
      libglnx: Bump to latest
      ci: Import latest ci-commitmessage-submodules from rpm-ostree
      ci: Remove libpaprci/ directory
      lib/repo: Handle EACCES for POSIX locking
      ci: Constrain parallel build jobs

Matthew Leeds (4):
      lib/fetcher-util: retry download on G_IO_ERROR_PARTIAL_INPUT
      find-remotes: Add a --mirror option
      Don't copy summary for collection-ref mirror subset pulls
      tests: Check that example symbol isn't released

NEPO (1):
      README.md: Fix link to CONTRIBUTING.md

Stefan Agner (7):
      docs: clarify archive repo type
      docs: extend object type documentation
      docs: extend repository types
      deploy: support devicetree directory
      man/checkout: fix short name option of --user-mode
      checkout: use FILE as option argument string for --skip-list
      man/checkout: document missing options

William Manley (1):
      OWNERS: Uncomment @wmanley

```

Git-EVTag-v0-SHA512: b65a23ebc1de1b33d886657720c84cffdf9a67e4a154e732693a986a8b2f781c36574e509acf329b835354116bcdabde55a96084f06e5abcb77f6e02e09779f4
-----BEGIN PGP SIGNATURE-----

iQFHBAABCgAxFiEEq5KKnPjdBikJw3u93EX9WSHBPwsFAl8YoyITHHdhbHRlcnNA
dmVyYnVtLm9yZwAKCRDcRf1ZIcE/C6aZB/4qFXYVI3UYUb9WIPhaQNxLUQM9EvJS
JtttupK1t9Cwb1s0Vxu0wfvlybLR0hXyx36DAn286fhxWaOShnZvFvfbViocT1sq
ud0YdTz3DMJ1fS6dsF81B6qUbHYtfOZ4xAFfL1CgwWQ7/KzDe/prTo7oX8sHkAXQ
kKWW6hMAphuye3mKU1T2sYUPpsXZ8bir+0Bk5GtIgXwkqgghXK1QFf7Ucjc1QvqJ
itAM1bQJJHYNql8d2skQTqe7YLtlOLgFresfhJ7X8OYUaFXf6I0xEC3rLhUfEMTh
RIaFzgyvYnyuNB6kvSwGvUIX+5yDHItqYjB9FIsLN69POGOp55yYz/Zv
=Fd1/
-----END PGP SIGNATURE-----