Colin Walters
Colin Walters
Because the config is commonly expected to have secret values, use mode 0600. xref https://github.com/coreos/fedora-coreos-docs/issues/306
xref https://github.com/openshift/machine-config-operator/issues/1720 This also came up in e.g. https://github.com/coreos/fedora-coreos-docs/pull/264/files#diff-089ac9657fd668d3f0f2d3dcb663fe1c75e72aaefac2ff1d78ae70c9cf96e46eR185
cli/rev-parse: Add `--single` option In the current "ostree native container" flow, we're inserting a commit object into the repo but with no refs. We have hacks in a few places...
In RHCOS we're running up against space constraints https://bugzilla.redhat.com/show_bug.cgi?id=2104619 I think we should support something like ``` [sysroot] deployments-max=2 ``` This would tell ostree to auto-prune the rollback deployment (and...
Let's support people who are building with SELinux enabled, but aren't shipping bwrap. (Though, those people probably want this to work)
Add .clang-format file In rpm-ostree we recently did a tree-wide clang-format: https://github.com/coreos/rpm-ostree/pull/3475 This adopts the exact same style. The core motivation here is making it easier for contributors to match...
Today [ostree's IMA signatures](https://ostreedev.github.io/ostree/ima/) supports signing regular file objects. However, there are holes in this model; classically, IMA alone won't detect e.g. swapping two signed binaries, or replacing one signed...
Currently we require `/boot/loader` be a symbolic link, so that we can transactionally replace all of the entries. This causes various problems because it's an OSTree-specific invention. Another approach would...
Proposal: Merge github.com/ostreedev/ostree and github.com/ostreedev/ostree-rs{,-ext} into this repo
This is a followup to https://mail.gnome.org/archives/ostree-list/2021-April/msg00000.html So far I think the model has been pretty successful (at least for us in rpm-ostree land). But...I'm already hitting metal complexity + ergonomic...
I'm trying to solve a few issues with this. First, the current libarchive APIs are not introspectable (https://github.com/ostreedev/ostree/pull/412). But at a higher level, with multiple programs like the atomic command...