rpm-ostree is the hybrid image/package system that provides transactional upgrades on Atomic Host. Here are some highlights from version v2017.8, including better PolicyKit integration and support for RPM file triggers.
You can test it out by rebasing to the latest Fedora Atomic Host release or downloading it.
Better PolicyKit integration
In this release, we built upon the PolicyKit support added
in the previous release to allow authentication directly
from the terminal. This means that users can now run
rpm-ostree operations as non-root and only authenticate for
the operation requested instead of resorting to sudo:
[cloud-user@f26-tmp ~]$ rpm-ostree status
State: idle
Deployments:
* fedora-atomic:fedora/26/x86_64/atomic-host
Version: 26.120 (2017-09-05 00:05:09)
Commit: 0b0127864022dd6ffad1a183241fbd5482ef5a1642ff3c8751c2e6cae6070b1a
GPGSignature: Valid signature by E641850B77DF435378D1D7E2812A6B4B64DAB85D
[cloud-user@f26-tmp ~]$ rpm-ostree install cowsay
==== AUTHENTICATING FOR org.projectatomic.rpmostree1.install-uninstall-packages ===
Authentication is required to install and remove software
Authenticating as: Fedora (cloud-user)
Password:
==== AUTHENTICATION COMPLETE ===
Checking out tree 0b01278... done
...
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/894.
Support for RPM file triggers
When layering packages, rpm-ostree essentially re-implements
parts of the functionality of rpm. For example, RPM
scriptlets are run in a locked down environment to ensure
minimal exposure. In this release, rpm-ostree added support
for running file trigger scriptlets.
This is necessary for successfully layering some packages,
such as vagrant.
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/869.
Upgrade command also upgrades layered packages
Previously, the upgrade command only layered a new
deployment if a new ostree commit was available, regardless
of whether new versions were available for layered packages.
This was fixed in this release so that upgrade always
checks for outdated layered packages even if there are no
new commits.
Upstream issue: https://github.com/projectatomic/rpm-ostree/issues/391
Better help output
For commands that take subcommands, the help output now outputs a description of each subcommand. This is especially useful on Atomic Host, where man pages are not readily available.
[cloud-user@f26-tmp ~]$ rpm-ostree --help
Usage:
rpm-ostree [OPTION?] COMMAND
Builtin Commands:
compose Commands to compose a tree
cleanup Clear cached/pending data
db Commands to query the RPM database
deploy Deploy a specific commit
rebase Switch to a different tree
rollback Revert to the previously booted tree
status Get the version of the booted system
upgrade Perform a system upgrade
reload Reload configuration
initramfs Enable or disable local initramfs regeneration
install Download and install layered RPM packages
uninstall Remove one or more overlay packages
Help Options:
-h, --help Show help options
Application Options:
--version Print version information and exit
Upstream issue: https://github.com/projectatomic/rpm-ostree/issues/806
Other minor fixes and improvements
There are many other small improvements, here are a few:
- rpm-ostree learned about the
ostree.endoflifemetadata key, which displays an informative message when an OS stream (branch) reaches end-of-life. This will likely be used for Fedora Atomic Host.
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/889
- rpm-ostree was submitted to Coverity and received many fixes detected in the scan. No major issues were uncovered.
Upstream patches: https://github.com/projectatomic/rpm-ostree/pull/918