From: Daan De Meyer Date: Wed, 4 Sep 2024 13:18:37 +0000 (+0200) Subject: Update NEWS.md X-Git-Tag: v25~319 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=508ad85475ade0e6fe8b6151d335e4edcc5aaa6c;p=thirdparty%2Fmkosi.git Update NEWS.md --- diff --git a/NEWS.md b/NEWS.md index 4c0e66c17..2238298c7 100644 --- a/NEWS.md +++ b/NEWS.md @@ -2,6 +2,31 @@ ## v25 +- Instead of using bubblewrap, sandboxing is now done with a new tool + `mkosi-sandbox`. This tool has a public API and can be used + independently of mkosi. +- Image builds are now done in a user namespace with a single user when + running unprivileged instead of using newuidmap/newgidmap. When + running unprivileged, all files and directories in the image will be + owned by the invoking user (and by root inside any produced archives). + Any attemp to chown files to other users in scripts will fail unless + the new environment variable `$MKOSI_CHROOT_SUPPRESS_CHOWN` is set to + a true value. +- `mkosi` does not drop privileges anymore to the invoking user when + running as root for various steps. +- A new `cat-config` verb will show all configuration files that were + included for each configured image. +- Added support for Azure Linux +- Added support for Kali Linux +- If `mkosi.version` is executable, we now execute it and read the + version from stdout. +- Added `--wipe-build-dir` to wipe the build directory before rebuilding + the image. +- Introduced `RepositoryKeyFetch=` to control whether to fetch + distribution GPG keys remotely. This setting is **disabled** by + default for security reasons except when building rpm based + distributions on Ubuntu. +- We now handle `SIGHUP` gracefully - Universal settings that take a collection of values cannot be appended to anymore in subimages. Usage of package manager trees in subimages will have to be moved to the top level image. Similarly,