rpm-ostree is the hybrid image/package system that provides transactional upgrades on Atomic Host. Here are some highlights from version v2017.8, including better PolicyKit integration and support for RPM file triggers.
Better PolicyKit integration
In this release, we built upon the PolicyKit support added
in the previous release to allow authentication directly
from the terminal. This means that users can now run
rpm-ostree operations as non-root and only authenticate for
the operation requested instead of resorting to
[cloud-user@f26-tmp ~]$ rpm-ostree status State: idle Deployments: * fedora-atomic:fedora/26/x86_64/atomic-host Version: 26.120 (2017-09-05 00:05:09) Commit: 0b0127864022dd6ffad1a183241fbd5482ef5a1642ff3c8751c2e6cae6070b1a GPGSignature: Valid signature by E641850B77DF435378D1D7E2812A6B4B64DAB85D [cloud-user@f26-tmp ~]$ rpm-ostree install cowsay ==== AUTHENTICATING FOR org.projectatomic.rpmostree1.install-uninstall-packages === Authentication is required to install and remove software Authenticating as: Fedora (cloud-user) Password: ==== AUTHENTICATION COMPLETE === Checking out tree 0b01278... done ...
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/894.
Support for RPM file triggers
When layering packages, rpm-ostree essentially re-implements
parts of the functionality of
rpm. For example, RPM
scriptlets are run in a locked down environment to ensure
minimal exposure. In this release, rpm-ostree added support
for running file trigger scriptlets.
This is necessary for successfully layering some packages,
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/869.
Upgrade command also upgrades layered packages
upgrade command only layered a new
deployment if a new ostree commit was available, regardless
of whether new versions were available for layered packages.
This was fixed in this release so that
checks for outdated layered packages even if there are no
Upstream issue: https://github.com/projectatomic/rpm-ostree/issues/391
Better help output
For commands that take subcommands, the help output now outputs a description of each subcommand. This is especially useful on Atomic Host, where man pages are not readily available.
[cloud-user@f26-tmp ~]$ rpm-ostree --help Usage: rpm-ostree [OPTION?] COMMAND Builtin Commands: compose Commands to compose a tree cleanup Clear cached/pending data db Commands to query the RPM database deploy Deploy a specific commit rebase Switch to a different tree rollback Revert to the previously booted tree status Get the version of the booted system upgrade Perform a system upgrade reload Reload configuration initramfs Enable or disable local initramfs regeneration install Download and install layered RPM packages uninstall Remove one or more overlay packages Help Options: -h, --help Show help options Application Options: --version Print version information and exit
Upstream issue: https://github.com/projectatomic/rpm-ostree/issues/806
Other minor fixes and improvements
There are many other small improvements, here are a few:
- rpm-ostree learned about the
ostree.endoflifemetadata key, which displays an informative message when an OS stream (branch) reaches end-of-life. This will likely be used for Fedora Atomic Host.
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/889
- rpm-ostree was submitted to Coverity and received many fixes detected in the scan. No major issues were uncovered.
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/918