v2025.4

This is a bugfix release with fixes for kernel-install integration and rpmdb cleanup.

When running on package mode systems now we will avoid calling into rpm-ostree kernel-install #5259 and when rpm-ostree kernel-install is called we will check if we are cli wrapping systemctl and unwrap it to allow the initramfs to be created correctly.

When running rpmdb cleanup now we make sure to close any open connection to the rpmdb. #5247

Colin Walters (2):
      container: Do rpmdb cleanup in outer scope
      build-sys: Bump version to 2025.3

Joseph Marrero Corchado (3):
      05-rpmostree.install: check for layout=ostree and install.conf presence
      kernel_install: unwrap systemd if it's wrapped
      packaging/spec: remove kernel_install conditional

Full Changelog: v2025.3...v2025.4

v2025.3

What's Changed

The main goal of this release is to fix #5251

• ci: Run Rust unit tests by @cgwalters in #5245
• compose: Drop rpmdb sqlite journaling files if rpmdb-normalize by @cgwalters in #5244
• tmpfiles: Misc cleanup patches by @cgwalters in #5248
• Update bootc by @cgwalters in #5253
• Release 2025.3 by @cgwalters in #5258

Full Changelog: v2025.2...v2025.3

v2025.2

This release introduces an experimental feature build-chunked-oci which allows composes to output chunked OCI images #5222. Rpm-ostree also now prints OSTree signature verification text when pulling OCI images. #5223 signature. A significant bug was fixed on #5241 which fixes a bug introduced on #5135 which always wrapped kernel-install.

On top of these main changes, this release includes enhancements to packaging and CI.

Colin Walters (7):
      libpriv/rpm: Always copy rpmdb even in user mode checkouts
      Use ostree-ext from bootc
      spec: Add version conditionals
      experimental: Add `build-chunked-oci`
      core/cliwrap: Fix is_ostree_layout() in unit tests
      tests/compose: Canonicalize perms for root
      compose: Move tmpfiles generation into tmpfiles module

Jonathan Lebon (1):
      daemon/upgrader: Print OSTree signature verification text when pulling OCI

Joseph Marrero Corchado (1):
      Release 2025.2

Timothée Ravier (1):
      scripts: Skip kernel-16k posttrans scripts

Xiaofeng Wang (1):
      copr: fix "No matching package to install: 'rust-packaging'" in RHEL and CentOS Stream package building

Full Changelog: v2025.1...v2025.2

v2025.1

This release has multiple enhancements and bug fixes, the bigger change introduced with this release is integration with kernel-install which introduces a way to use DNF and rpm on container builds to install kernel packages #5135.

Alex Haydock (1):
      Update timer to be more in-line with dnf-automatic

Colin Walters (13):
      packaging: Add a bcond without ostree_ext
      tree-wide: `cargo clippy --fix` + a few manual warning fixes
      core: stop wrapping kernel-install when layout=ostree is set
      packaging/Dockerfile: This is long since dead
      cliwrap: use `const` over `static`
      ci: Use `cargo install --locked`
      Add `rpm-ostree experimental`
      tree-wide: Import and use cmdutils from bootc
      core: Create usr/sbin -> bin if we detect merged sbin filesystem
      Cargo.lock: Update(*)
      Fix use of deprecated GString::to_str()
      Cargo.lock: Downgrade cxx to avoid missing cxxbridge-cmd during vendoring
      deny.toml: Update allowed licenses

Joseph Marrero Corchado (3):
      docs: Add debug.md
      src/libpriv: Add kernel-install-integration
      Release 2025.1

Xiaofeng Wang (1):
      ci: fix copr build Unknown argument "builddep" for command "dnf5"

New Contributors

• @alexhaydock made their first contribution in #5183
• @henrywang made their first contribution in #5202

Full Changelog: v2024.9...v2025.1

v2024.9

This release has multiple dependency updates and CI fixes, additionally there are 3 notable changes:

• We deprecated cliwrap #5088
• Add initial kickstart support #5119
• Support custom origins for digested pullspecs #5120

Aashish Radhakrishnan (1):
      packaging/rpm-ostree.spec: Drop rust_arches

Colin Walters (15):
      sysroot: Add total layer count to output
      Deprecate cliwrap
      Move dracut code from cliwrap to initramfs module
      scripts: Ignore filesystem.transfiletriggerin
      Revert "build(deps): bump regex from 1.10.6 to 1.11.0"
      treefile: Add an `edition`
      treefile: Add finalize.d as experimental
      compose: Initial kickstart support
      treefile: Add ignore-devices
      core: Don't add composefs metadata client side
      Update ostree-ext to 0.15.3
      ci: Adapt to dnf5's builddep incompatibility
      tests: Drop layering-fedorainfra
      core: List all other repos when we fail to find a repo
      spec: Drop rust-toolset requires on RHEL

Emmanuel Ferdman (1):
      docs: update `rpm-ostreed.service` reference

Gerard Ryan (1):
      Fix doc wording & typo

HuijingHei (4):
      spec: Do not build on ix86 for fedora
      spec: %autorelease can't be resolved by COPR
      test: update kolet path to `/usr/local/bin`
      Bump ostree-ext to 0.15.1

Jonathan Lebon (11):
      rust/core: Add util function to check for digest pullspec
      daemon/transaction-types: Lookup custom origin options earlier
      daemon/transaction-types: Support custom origins for digested pullspecs
      daemon/deployment-utils: Always add custom origin to deployment variant
      app/status: Print custom origin for digested pullspecs as well
      tests: Check custom origin with digest pullspec
      compose: Allow missing `repos` key
      compose: add `--source-root` option
      docs/administrator: document `status --json` and requested packages
      compose: Print transaction when composing extensions
      treefile: Support variable substitution in metadata

Joseph Marrero Corchado (7):
      packaging/rpm-ostree.spec: Update fuse conditional
      ci: stop building with clang
      test-container: Bump to f41
      packaging: Require bootc
      tests: Updates for f41
      Revert "packaging: Require bootc"
      Release 2024.9

New Contributors

• @aaradhak made their first contribution in #5089
• @emmanuel-ferdman made their first contribution in #5113
• @grdryn made their first contribution in #5099

Full Changelog: v2024.8...v2024.9

v2024.8

Biggest notable thing here is fixing a regression that causes older rpm-ostree to not be able to read deployments generated by the new version:

• core: Continue to write now-empty rpmostree.modules metadata by @cgwalters in #5069

Other changes

• packaging/rpm-ostree.spec: add libzstd-devel BuildRequires by @jmarrero in #5038
• rust/bwrap: log fusermount -u errors to stderr by @jlebon in #5046
• ci: update f40 kernel url by @HuijingHei in #5045
• ci: fix test failing for Duplicate lines in journal by @HuijingHei in #5049
• core: Fix Coverity WRAPPER_ESCAPE by @cgwalters in #5051
• build(deps): bump rust-ini from 0.21.0 to 0.21.1 by @dependabot in #5041
• build(deps): bump regex from 1.10.5 to 1.10.6 by @dependabot in #5043
• build(deps): bump tokio from 1.38.0 to 1.39.2 by @dependabot in #5026
• build(deps): bump serde from 1.0.203 to 1.0.208 by @dependabot in #5052
• build(deps): bump serde_json from 1.0.119 to 1.0.125 by @dependabot in #5050
• build(deps): bump openssl from 0.10.64 to 0.10.66 by @dependabot in #5023
• build(deps): bump tempfile from 3.10.1 to 3.12.0 by @dependabot in #5059
• build(deps): bump cxx from 1.0.124 to 1.0.126 by @dependabot in #5057
• build(deps): bump is-terminal from 0.4.12 to 0.4.13 by @dependabot in #5055
• build(deps): bump camino from 1.1.7 to 1.1.9 by @dependabot in #5060
• build(deps): bump tokio from 1.39.2 to 1.39.3 by @dependabot in #5056
• build(deps): bump serde_json from 1.0.125 to 1.0.127 by @dependabot in #5067
• rust: Squash two minor build warnings by @cgwalters in #5070
• packaging/rpm-ostree.spec: Update to sync with rawhide by @jmarrero in #5047
• Release 2024.8 by @cgwalters in #5073
• build(deps): bump cxx-build from 1.0.124 to 1.0.128 by @dependabot in #5077

Full Changelog: v2024.7...v2024.8

v2024.7

This is mainly a bugfix release and one new feature:

#4974 Add `Recommends=` knob in rpm-ostreed.conf

One notable bugfix comming from ostree-rs-ext is ostreedev/ostree-rs-ext#648 related to hardlinks in /etc.

Other changes

Benno Rice (1):
      packaging: Use git timestamp as mtime for vendored files

Colin Walters (2):
      Remove all modularity support
      ci: Uninstall kexec harder

Jonathan Lebon (3):
      README: reflect development status
      Add `Recommends=` knob in rpm-ostreed.conf
      ci/test-container: Stop using f38 packages

Jordan Webb (2):
      rust/src/scripts.rs: ignore posttrans for ELRepo's kernel-lt and kernel-ml
      Add `arch` as a parameter to `package_meta`

Mike (1):
      Clarify version query syntax usage in treefile doc

Timothée Ravier (1):
      ci: Add SPDX-License-Identifier: Apache-2.0 OR MIT
```

## New Contributors

* @jordemort made their first contribution in https://github.com/coreos/rpm-ostree/pull/4982
* @mtalexan made their first contribution in https://github.com/coreos/rpm-ostree/pull/5028

**Full Changelog**: https://github.com/coreos/rpm-ostree/compare/v2024.6...v2024.7

v2024.6

This is mainly a bugfix release and a couple of new features:

• #4939 daemon: use new finalization APIs.
• #4859 disable downloading filelists by default.
• #4962 container: Add spinner/progress for layer fetches

One notable feature from ostree-rs-ext added with this dependency bump #4946 is initial support for zstd:chunked via ostreedev/ostree-rs-ext#622

Colin Walters (2):
      Remove modularity support entrypoints
      container: Add spinner/progress for layer fetches

HuijingHei (1):
      kargs: keep spaces in double quotes

Jonathan Lebon (5):
      docs/treefile.md: Document postprocess script ordering
      daemon: use new finalization APIs
      ci/test-container: move URL definitions to the top
      core: also wrap `kernel-install` for scriptlets
      packaging: drop `.in` extension on `rpm-ostree.spec.in`

Joseph Marrero (2):
      Release 2024.6
      rpm-ostree-fix-shadow-mode.service: don't run if OS is not installed

Luke Yang (3):
      Various Fedora 40 fixes
      Update to f40 kernel
      Disable downloading filelists by default

Timothée Ravier (6):
      docs/HACKING: Add example for ostree-rs-ext crate development
      update-check: Print unreliability warning on stderr
      deployment_utils: Also add version to cached update
      docs/HACKING: Update crate patching example
      container-update-check: Validate version in manifest diff
      deployment_utils: Fix version for cached container update

Yaakov Selkowitz (1):
      rpm-ostree.spec.in: Update rust macro usage

New Contributors

• @yselkowitz made their first contribution in #4921

Full Changelog: v2024.5...v2024.6

v2024.5

Release 2024.5

This is mainly a bugfix release with two notable PRs for
GHSA-2m76-cwhg-7wv6 which are:

1. #4911
2. #4913

On the compose side, encapsulating an OSTree commit into a container image is now much faster thanks to a more efficient approach. Encapsulating desktop composes in particular should now be much less painful.

On top of those changes there are several updates to the dependencies, error handling fixes and a CI updates.

Colin Walters (6):
      Release 2024.4
      Revert "compose: Inject our static tmpfiles.d dropins earlier"
      Revert "ci: Test `opt-usrlocal-overlays` end-to-end in Prow CI"
      passwd: Don't traverse symlinks when querying metadata
      container: Check that we found packages
      shadow: Adjust all deployments

Fred Tibbitts (1):
      Add kernel-uek-core.posttrans to list of ignored package scripts

HuijingHei (1):
      ci: sync tests with bootloader naming

Jonathan Lebon (1):
      passwd: create `/etc/[g]shadow` with mode 0

Joseph Marrero (1):
      install: specify sub-commands that are container build only.

Tym Lipari (1):
      container-encapsulate: make build_mapping_recurse significantly faster (#4768)

jbtrystram (1):
      unit: chmod /etc/[g]shadow[-] to 0000

New Contributors

• @tymlipari made their first contribution in #4768
• @jbtrystram made their first contribution in #4911
• @fredtibbitts made their first contribution in #4912

Full Changelog: v2024.4...v2024.5

v2024.4

What's Changed

• build(deps): bump cxx from 1.0.115 to 1.0.116 by @dependabot in #4834
• build(deps): bump indicatif from 0.17.7 to 0.17.8 by @dependabot in #4833
• build(deps): bump serde_yaml from 0.9.30 to 0.9.32 by @dependabot in #4832
• build(deps): bump serde_json from 1.0.109 to 1.0.113 by @dependabot in #4825
• packaging: use -p for creating dirs/subdirs by @dougsland in #4836
• cliwrap/rpm: mark --eval/-E as safe by @jlebon in #4835
• build(deps): bump cxx-build from 1.0.115 to 1.0.117 by @dependabot in #4837
• build(deps): bump nix from 0.27.1 to 0.28.0 by @dependabot in #4838
• build(deps): bump anyhow from 1.0.75 to 1.0.80 by @dependabot in #4841
• build(deps): bump rustix from 0.38.28 to 0.38.31 by @dependabot in #4839
• build(deps): bump serde from 1.0.196 to 1.0.197 by @dependabot in #4840
• ci: Test opt-usrlocal-overlays end-to-end in Prow CI by @jlebon in #4810
• docs: replace dead link to osbuild blog by @msehnout in #4847
• cliwrap: make install-to-root idempotent by @jlebon in #4848
• build(deps): bump libglnx from b415d04 to 202b294 by @dependabot in #4826
• build(deps): bump h2 from 0.3.18 to 0.3.24 by @dependabot in #4785
• docs: Add doc about build rpm-ostree+autosd by @dougsland in #4849
• build(deps): bump chrono from 0.4.31 to 0.4.34 by @dependabot in #4858
• build(deps): bump openssl from 0.10.60 to 0.10.64 by @dependabot in #4856
• build(deps): bump cxx from 1.0.116 to 1.0.118 by @dependabot in #4855
• build(deps): bump cxx-build from 1.0.117 to 1.0.118 by @dependabot in #4853
• build(deps): bump cxx from 1.0.116 to 1.0.119 by @dependabot in #4864
• client: [allow(unused_variables)] in one helper by @cgwalters in #4865
• bwrap: Pass mutability flag, not unified core by @cgwalters in #4863
• build(deps): bump clap from 4.4.18 to 4.5.2 by @dependabot in #4868
• build(deps): bump reqwest from 0.11.23 to 0.11.25 by @dependabot in #4867
• build(deps): bump cxx-build from 1.0.118 to 1.0.119 by @dependabot in #4866
• build(deps): bump mio from 0.8.9 to 0.8.11 by @dependabot in #4860
• lib: Bump to ostree-ext 0.13.3 by @cgwalters in #4870
• Change "enable replacement" error text to "allow replacement" to match command-line interface by @ianloic in #4869
• compose: change opt_usrlocal_overlays to be an enum by @cgwalters in #4850
• build(deps): bump serde_json from 1.0.113 to 1.0.114 by @dependabot in #4857
• libpriv/scripts: support files in transfiletriggerin patterns by @jlebon in #4871
• Release 2024.4 by @cgwalters in #4872

New Contributors

• @dougsland made their first contribution in #4836
• @msehnout made their first contribution in #4847
• @ianloic made their first contribution in #4869

Full Changelog: v2024.3...v2024.4