From 1e7b41d5da4f99eb0b50210037a0c534d201e0bc Mon Sep 17 00:00:00 2001
From: Christian Kellner <christian@kellner.me>
Date: Wed, 10 Jun 2020 15:37:45 +0200
Subject: [PATCH] NEWS.md: update for osbuild version 17

Major feature is the new custom SELinux policy to fix labeling.
Important bug fixes to the files source, the rpm stage. Also
restore Python 3.6 support.
---
 NEWS.md | 39 +++++++++++++++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)

diff --git a/NEWS.md b/NEWS.md
index c0638360..17bc2cb3 100644
--- a/NEWS.md
+++ b/NEWS.md
@@ -1,5 +1,44 @@
 # OSBuild - Build-Pipelines for Operating System Artifacts
 
+## CHANGES WITH 17:
+
+  * SELinux: When osbuild is creating the file system tree it can happen
+    that the security policy of the new tree contains SELinux labels that
+    are unknown to the host. The kernel will prevent writing and reading
+    those labels unless the caller has the `CAP_MAC_ADMIN` capability.
+    A custom SELinux policy was created that ensures that `setfiles` and
+    `ostree` / `rpm-ostree` can execute in the right SELinux domain and
+    therefore have the correct capability. Additionally, the build root
+    container now retains the `CAP_MAC_ADMIN` capability.
+
+  * The `org.osbuild.ostree.commit` assembler will now set the pipeline
+    id as the value for the `rpm-ostree.inputhash` metadata of the commit.
+
+  * The `org.osbuild.files` source is now more conservative by only using
+    four concurrent downloads. It will also not try to fetch the same URL
+    more than once.
+
+  * Take care not to put large content on `/tmp` which is usually backed
+    by a `tmpfs` and thus memory.
+
+  * Allow `check_gpg` to be omitted in the `org.osbuild.rpm` stage.
+
+  * Restore Python 3.6 support: Replace the usage of features that were
+    introduced in later Python versions and add 3.6 specific code where
+    needed.
+
+  * MPP: add pipeline-import support for the pre-processor and use that
+    for the test data.
+
+  * Tests: Move the all remaining test into the correct sub-directory.
+
+  * As always: improvements to the test infrastructure and the CI.
+
+Contributions from: Christian Kellner, David Rheinsberg, Lars Karlitski,
+                    Major Hayden, Tom Gundersen
+
+— Berlin, 202-06-10
+
 ## CHANGES WITH 16:
 
   * Support for ignition: a new `org.osbuild.ignition` stage has been