libostree v2017.9

From: Colin Walters <walters verbum org>
To: "ostree-list" <ostree-list gnome org>
Subject: libostree v2017.9
Date: Thu, 27 Jul 2017 09:16:29 -0400
https://github.com/ostreedev/ostree/releases/tag/v2017.9

A notable new feature in this release is that the pull machinery now interprets
two new metadata keys: `ostree.ref-binding` and `ostree.collection-binding`.
This allows closing a longstanding class of "sidegrade" attacks that Florian
Weimer identified when performing a security audit of libostree years ago:
<https://bugzilla.gnome.org/show_bug.cgi?id=724873>
There was a more recent discussion on this topic on the list:
<https://mail.gnome.org/archives/ostree-list/2017-May/msg00013.html>

For the ostree-as-host case, this only matters if you offer multiple refs. For
flatpak, it's more important as a MITM attacker could actually switch applications;
that's why flatpak implemented this a while ago as `xa.ref`.

I'll note here that it's recommended for content providers to make use of
ostree's support for `tls-ca-path` to implement TLS CA pinning, which protects
all metadata and content in a strong fashion; in this scenario the GPG
signatures act as a secondary layer of defense and make offline verification
easier (for e.g. mirroring).

Otherwise, there's some performance enhancements for local pulls, and a variety
of bugfixes.

Thanks to all contributors!

```
Colin Walters (24):
      build-sys: Post-release version bump
      deploy: Port some functions to new style
      checkout: Don't set dir mtime to 0 when doing a force copy checkout
      tests: Run pull tests for bare/bare-user
      lib/pull: Avoid journaling 404s for optional content
      ci/papr: Update to F26
      lib/pull: Do local content imports async too
      Add a notion of "physical" sysroot, use for remote writing
      bin/cookies: Drop libsoup code, fix fd-relative issues, new style
      lib/pull: Drop direct use of ->repodir
      Update libglnx, port various bits to new API
      core: Sanitize error text validating refs (e.g. against HTML)
      lib/repo: Auto-recreate repo/tmp if it's deleted
      ci/papr: Switch primary to libcurl, add libsoup context
      lib/commit: Fix EBADF with GENERATE_SIZES option for commit
      ci/papr: Add a suite to run introspection-based tests without ASAN
      lib: Add #defines for current well-known metadata keys
      tests: More fixes for gjs tests
      ci: Enable -Werror for clang
      build: Turn off default warnings if we find -Werror specified
      Update libglnx, port some uses to newer APIs
      lib/core: Add #defines for ref/collection binding
      ci: Enable libcurl by default on Fedora
      Release 2017.9

Emmanuele Bassi (1):
      Move the include directive to the enum template

Krzesimir Nowak (4):
      ostree: Add collection and ref bindings to metadata on commit
      lib/pull: Pass the ref together with the request
      lib/pull: Collection and ref bindings verification
      tests: New tests for creating commits with bindings and pulling them

Philip Withnall (4):
      lib/repo-commit: Fix types of content size cache entries
      lib/repo: Add OSTREE_REPO_METADATA_REF as a well-known metadata store
      build: Ensure all .sym files are distributed in tarballs
      build: Ensure all experimental tests are distributed in tarballs

Ruixin (1):
      lib: Add #define for endoflife metadata key

Simon McVittie (1):
      build: Don't distribute generated man pages

Git-EVTag-v0-SHA512: 
d5eff57f587038fcb29ee373db2ecae03908bb1fb0cbbad8d6f30fa8ec618c24b7312b03a4b958a8c10ce1450525382609f6726e837b77a7de8aa26c87a9cf67
```
Follow-Ups:
- Re: libostree v2017.9
  - From: Colin Walters
[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]