What's Changed

• Release 2025.5 by @cgwalters in #3510
• Deduplicate repo+sysroot syncfs logic by @cgwalters in #3509
• libostree: remove OSTREE_SUPPRESS_SYNCFS by @champtar in #3512
• ostree-finalize-staged.service: RequiresMountsFor=/etc by @cgwalters in #3514
• fix: double free in checkout_tree_at_recurse by @HastD in #3515
• Add ostree-shutdown.service: hide /sysroot and make /etc read-only by @cgwalters in #3516
• Move dracut module from 98 ordering to the recommended 50 ordering by @jozzsi in #3517
• Rework mounts to fix sysroot.mount umount by @champtar in #3518

New Contributors

• @HastD made their first contribution in #3515
• @jozzsi made their first contribution in #3517

Full Changelog: v2025.5...v2025.6

Important bug fixes

• deploy: call syncfs() for /ostree instead of / by @champtar in #3504

For people using ostree with composefs on bootable host systems, I suggest also cherry picking this one to earlier releases if you're using them.

Other bug fixes

• soft-reboot: Also handle /boot by @cgwalters in #3487
• deploy: Fix path to aboot.cfg in BLS files by @alexlarsson in #3493

Internal changes

• prepare-root: Log to journal, not stdout by @cgwalters in #3508
• aboot: Use fd and not absolute path by @cgwalters in #3507

Other changes

• rust: Regenerate and release 0.20.4 by @cgwalters in #3482
• tests: Add a test case for etc.transient by @cgwalters in #3479
• Two rust patches by @cgwalters in #3484
• tests: verify /boot mount with prepare root by @cgwalters in #3485
• deploy: Remove some dead aboot code by @alexlarsson in #3494
• ci: Adapt to cosa change by @cgwalters in #3506

Full Changelog: v2025.4...v2025.5

Regression fixes

• ostree-prepare-root: remove duplicate transient directory by @wsabransky in #3477

New features

• Add root.transient-ro by @cgwalters in #3473

Other changes

• build-sys: Always EXTRA_DIST test scripts by @cgwalters in #3470
• Prep patches for rootfs.transient-ro by @cgwalters in #3472
• Release 2025.4 by @cgwalters in #3481

New Contributors

• @wsabransky made their first contribution in #3477

Full Changelog: v2025.3...v2025.4

Procedural note

The original tarball attached to this release was generated incorrectly; a new version has been uploaded. More information:

• #3466 (comment)

What's Changed

• Release 2025.2 by @cgwalters in #3396
• Fix build error with --with-ed25519-libsodium and --with-openssl by @ueno in #3401
• tests: Add backcompat-fsck test by @cgwalters in #3398
• rust: Add support for locked option for SysrootDeployTreeOpts by @cgwalters in #3400
• unlock: Use deployment backing dir by @cgwalters in #3397
• docs: removed unused argument by @ChilloManiac in #3403
• prepare-root: Document that /var is unaffected by root.transient by @cgwalters in #3412
• sysroot: Load bootloader configs via boot_fd by @cgwalters in #3407
• generator: Still create /run/ostree in static prepareroot path by @cgwalters in #3410
• Test fixes by @cgwalters in #3416
• deploy: only set aboot/abootcfg when found by @ricardosalveti in #3413
• sysroot: Detect early on when /boot is on vfat by @cgwalters in #3405
• ci: Drop --fast from buildextend-live by @cgwalters in #3426
• ci: Update deny to v2 by @cgwalters in #3427
• man: Document ostree admin unlock --transient by @evan-goode in #3423
• rust: Update to 2025.2 by @cgwalters in #3422
• rust: Drop MSRV job by @cgwalters in #3429
• rust: Release new minor version by @cgwalters in #3428
• rust: Also add a feature for v2025_2 by @cgwalters in #3430
• tests: remove unused import by @samzeter in #3425
• prep patches for: soft-reboot by @jmarrero in #3435
• docs: Some typo and link fixes by @cgwalters in #3438
• A few buildsystem fixes by @cgwalters in #3437
• ci: Rework Dockerfile, add Justfile and improved testing by @cgwalters in #3439
• rust: Tweaks for README.md by @cgwalters in #3443
• prepare-root: Factor out composefs handling into otcore by @cgwalters in #3445
• prepare-root: Don't hardcode sysroot by @cgwalters in #3447
• prepare-root: Some prep PRs by @cgwalters in #3448
• prepare-root: Fix error overwrite by @cgwalters in #3449
• status: Add --json output by @cgwalters in #3451
• ot-builtin-admin: Add admin prepare-soft-reboot by @jmarrero in #3420
• status: Add soft-reboot-target to JSON by @cgwalters in #3452
• justfile: enhancements by @cgwalters in #3450
• status: Add more tests for json by @cgwalters in #3453
• deploy: Default quiet for forked systemctl by @cgwalters in #3457
• sysroot: Cache deployment device/inode by @cgwalters in #3459
• sysroot: Remove now-spurious assertion change from soft reboot changes by @cgwalters in #3456
• deploy: Don't create deployment object before deploying by @cgwalters in #3461
• soft-reboot: Many changes by @cgwalters in #3460
• docs: Remove by @cgwalters in #3464
• ci: Expand bootc testing to cover c10s by @cgwalters in #3463
• Soft reboot kargs check by @cgwalters in #3465
• repo: Add new API to write config with reload+validation by @cgwalters in #3467
• sysroot: Support boot counting for boot entries by @igoropaniuk in #3310

New Contributors

• @ChilloManiac made their first contribution in #3403
• @evan-goode made their first contribution in #3423
• @samzeter made their first contribution in #3425

Full Changelog: v2025.2...v2025.3

New features

• sign: Support generic "spki" type of commit signatures by @ueno in #3278

The current "ed25519" signing type assumes raw Ed25519 key format for
both public and private keys. This patch generalizes it by adding a
new signature type "spki" which uses the X.509 SubjectPublicKeyInfo
format for public keys. Keys in this format can easily be created with
openssl tools and provide crypto agility[1] as the format embeds
algorithm identifier.

Minor features, bugfixes and other changes

• Release 2025.1 by @jmarrero in #3371
• docs: update Dockerfile by @igoropaniuk in #3370
• libotutil: Remove redundant import of prctl.h by @fossdd in #3375
• Update GIR by @Mstrodl in #3376
• Update gir followup by @cgwalters in #3378
• zipl: remove 'sdboot' image before generating new one by @nikita-dubrovskii in #3379
• prepare-root: Log when we're mounting with verity required by @cgwalters in #3377
• sepolicy: Add ostree_sepolicy_set_null_log by @cgwalters in #3381
• libostree: remove unused libmount include by @alyssais in #3383
• libostree: add private dependencies to pkg-config by @alyssais in #3382
• core: Fix bare-user xattr canonicalization by @cgwalters in #3385
• boot: Drop ostree-finalize-staged.path by @jlebon in #3389
• Use fsfreeze_thaw_cycle(/boot) instead of fsync(/boot) by @champtar in #3393
• Update introduction.md by @vmorris in #3394
• test-gpg-verify-result: Show what the result was before asserting about it by @smcv in #3387
• commit: Clarify that syncfs is of repo/tmp by @cgwalters in #3395

New Contributors

• @igoropaniuk made their first contribution in #3370
• @fossdd made their first contribution in #3375
• @alyssais made their first contribution in #3383
• @champtar made their first contribution in #3393
• @vmorris made their first contribution in #3394

Full Changelog: v2025.1...v2025.2

This Release adds one new feature introduced on: #3362 which adds a new --kexec flag to ostree admin upgrade which will cause the deployment to be loaded into kexec after the upgrade completes.

Other than that it mostly a bugfix and small improement release with the more significant change being #3366 which relates to composefs and notably does:

• If composefs is enabled at build time, we always generate a composefs blob at deplyment time
• Configuring the prepare-root config now mostly only affects the runtime state.

Colin Walters (2):
      tree-wide: Rerun clang-format, update ci
      Always generate composefs blob, don't enable runtime by default

Joseph Marrero Corchado (1):
      Release 2025.1

Mary Strodl (1):
      bin/admin-upgrade: add kexec support

Misaki Kasumi (2):
      chore: Use geteuid() instead of getuid() to check privilege
      chore: Check CAP_SYS_ADMIN in ot_util_process_privileged

New Contributors

• @Mstrodl made their first contribution in #3362

Full Changelog: v2024.10...v2025.1

New features

• prepare-root: Add composefs.enabled=verity by @ruihe774 in #3354

Other changes

• Release 2024.9 by @cgwalters in #3328
• README: Update buildstream URL to new github repo by @dabukalam in #3337
• composefs: Ensure buffer is suitably aligned for struct fsverity_digest by @smcv in #3340
• core: Always sort incoming xattrs by @cgwalters in #3346
• Fix ci by @cgwalters in #3356
• sign-ed25519: Fix error message of validate_length by @ruihe774 in #3357
• rofiles-fuse: when fuse execution fails, rofiles-fuse still returns exit code 0 by @qiuzhiqian in #3348
• libostree/deploy: enable composefs by default by @jlebon in #3353
• man: Note semantics combining root.transient with composefs.enabled by @cgwalters in #3351
• Release 2024.10 by @cgwalters in #3361

New Contributors

• @dabukalam made their first contribution in #3337
• @qiuzhiqian made their first contribution in #3348

Full Changelog: v2024.9...v2024.10

Notable changes

• deploy: Don't recompute verity checksums if not enabled by @cgwalters in #3326

This fixes a huge performance regression where we recomputed the fsverity checksum of all objects at deployment time for systems using composefs but not using fsverity.

• prepare-root: allow sysroot.readonly=true with kernel cmdline ro by @ruihe774 in #3316

Other changes

• Release 2024.8 by @cgwalters in #3309
• rust-bindings: Fix readthedocs.io link by @cgwalters in #3313
• curl: Add more assertions for curl return values by @cgwalters in #3311
• checkout: Add commentary around whiteout "quoting" by @cgwalters in #3317
• commit: Give a better error message for unhandled file type by @cgwalters in #3322
• deploy: Don't copy xattrs for devicetree by @cgwalters in #3323
• tests: Skip checking for immutable bit on composefs by @cgwalters in #3332
• tests: Work around GPG 2.2.45 error behaviour when revoking an expired key by @smcv in #3333
• checkout: Only verify digest if repo requires fsverity by @cgwalters in #3331
• prepare-root: Fix composefs docs by @cgwalters in #3334

New Contributors

• @ruihe774 made their first contribution in #3316

Full Changelog: v2024.8...v2024.9

There are two notable changes in this release.

First, this release adapts to a change in libcurl 8.10.1 that caused ostree to start crashing. There is ongoing debate as to whether the curl change here was right, but in any case the adaption required on our side was trivial and to emphasize - it's quite safe to cherry pick the relevant commit to prior ostree releases too.

Second, for the booted host side, we've changed the mount propagation setup. More details in

• switchroot: Stop making /sysroot mount private by @dbnicholson in #3292

Other than that there are a variety of more minor tweaks and fixes.

What's Changed

• repo: NUL terminate readlinkat result by @cgwalters in #3281
• deploy: Log to journal for boot space, not stderr by @cgwalters in #3282
• commit/payload-link: Ensure we don't overrun target_checksum size by @cgwalters in #3284
• sysroot: Make coverity happy with dirname+strdup by @cgwalters in #3283
• tests: Attempt to update auto-prune test by @cgwalters in #3285
• grub2: Show output when run in systemd by default by @cgwalters in #3290
• lib/traverse: Fix minor memory leak by @cgwalters in #3287
• github/workflows/tests: Update actions/upload-artifact to v4 by @travier in #3301
• Redo pages workflow by @dbnicholson in #3304
• spec: %autorelease can't be resolved by COPR by @HuijingHei in #3302
• bootloader/grub2: Handle empty static configs by @travier in #3300
• workflow/docs: Fix deployments by @dbnicholson in #3305
• curl: Assert that curl_multi_assign worked by @cgwalters in #3306
• curl: Make socket callback during cleanup into no-op by @cgwalters in #3307

Full Changelog: v2024.7...v2024.8

A relatively minor release; this has a bugfix for "transient-etc" users, and a new ostree.prepare-root.composefs kernel option that allows dynamic overrides for the composefs state. There's also a new API to directly create a composefs from an ostree commit.

What's Changed

• docs: make /ostree/root.X clearer as symlinks by @ericcurtin in #3250
• docs: add webOS as users of libostree by @ericcurtin in #3249
• checkout: Add API to directly checkout composefs by @cgwalters in #3252
• prepare-root: Cleanup comments by @cgwalters in #3253
• docs: Describe /boot/ostree by @cgwalters in #3258
• ci: Add buildroot to c9s build by @cgwalters in #3259
• core: Validate that xattr names aren't empty by @cgwalters in #3261
• remount: ignore ENOENT error during SELinux relabeling by @ericcurtin in #3266
• Minor cleanup related to composefs by @ueno in #3268
• ci: Bump bootc e2e to latest ubuntu, drop docker by @cgwalters in #3270
• remount: Drop Before=systemd-sysusers.service by @cgwalters in #3269
• 2023.8-3 coverity scan by @lukewarmtemp in #3265
• sysroot: Use journal rather than printf() by @cgwalters in #3273
• libostree: Remove compatibility code with GLib < 2.44 by @ueno in #3275
• keyfile-utils: Add API to parse tristate strings by @cgwalters in #3276
• prepare-root: Add ostree.prepare-root.composefs by @cgwalters in #3277

New Contributors

• @ueno made their first contribution in #3268
• @lukewarmtemp made their first contribution in #3265

Full Changelog: v2024.6...v2024.7