diff --git a/.packit.yaml b/.packit.yaml
index e775624..6213a78 100644
--- a/.packit.yaml
+++ b/.packit.yaml
@@ -1,7 +1,8 @@
 jobs:
 - job: copr_build
   metadata:
-    targets: &id001 [centos-stream-x86_64]
+    targets: &id001
+    - centos-stream-x86_64
   trigger: pull_request
 - job: tests
   metadata:
diff --git a/Makefile-tests.am b/Makefile-tests.am
index 3fbc94b..a417937 100644
--- a/Makefile-tests.am
+++ b/Makefile-tests.am
@@ -105,7 +105,6 @@ _installed_or_uninstalled_test_scripts = \
 	tests/test-admin-deploy-nomerge.sh \
 	tests/test-admin-deploy-none.sh \
 	tests/test-admin-deploy-bootid-gc.sh \
-	tests/test-osupdate-dtb.sh \
 	tests/test-admin-instutil-set-kargs.sh \
 	tests/test-admin-upgrade-not-backwards.sh \
 	tests/test-admin-pull-deploy-commit.sh \
@@ -115,8 +114,6 @@ _installed_or_uninstalled_test_scripts = \
 	tests/test-reset-nonlinear.sh \
 	tests/test-oldstyle-partial.sh \
 	tests/test-delta.sh \
-	tests/test-delta-sign.sh \
-	tests/test-delta-ed25519.sh \
 	tests/test-xattrs.sh \
 	tests/test-auto-summary.sh \
 	tests/test-prune.sh \
diff --git a/Makefile.am b/Makefile.am
index 87a705c..cd04a05 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -43,9 +43,6 @@ AM_DISTCHECK_CONFIGURE_FLAGS += \
 
 GITIGNOREFILES = aclocal.m4 build-aux/ buildutil/*.m4 config.h.in gtk-doc.make
 
-# Generated by coreos-assembler build-fast and kola
-GITIGNOREFILES += fastbuild-*.qcow2 _kola_temp/
-
 SUBDIRS += .
 
 if ENABLE_GTK_DOC
diff --git a/Makefile.in b/Makefile.in
index e90c219..541e5d4 100644
--- a/Makefile.in
+++ b/Makefile.in
@@ -2056,15 +2056,13 @@ am__EXEEXT_25 = tests/test-basic.sh tests/test-basic-user.sh \
 	tests/test-admin-deploy-nomerge.sh \
 	tests/test-admin-deploy-none.sh \
 	tests/test-admin-deploy-bootid-gc.sh \
-	tests/test-osupdate-dtb.sh \
 	tests/test-admin-instutil-set-kargs.sh \
 	tests/test-admin-upgrade-not-backwards.sh \
 	tests/test-admin-pull-deploy-commit.sh \
 	tests/test-admin-pull-deploy-split.sh \
 	tests/test-admin-locking.sh tests/test-admin-deploy-clean.sh \
 	tests/test-reset-nonlinear.sh tests/test-oldstyle-partial.sh \
-	tests/test-delta.sh tests/test-delta-sign.sh \
-	tests/test-delta-ed25519.sh tests/test-xattrs.sh \
+	tests/test-delta.sh tests/test-xattrs.sh \
 	tests/test-auto-summary.sh tests/test-prune.sh \
 	tests/test-concurrency.py tests/test-refs.sh \
 	tests/test-demo-buildsystem.sh tests/test-switchroot.sh \
@@ -2506,10 +2504,8 @@ ALL_LOCAL_RULES = tests/libreaddir-rand.so
 shortened_sysconfdir = $$(echo "$(sysconfdir)" | sed -e 's|^$(prefix)||' -e 's|^/||')
 OSTREE_GITREV = $(shell cd $(srcdir) && if command -v git >/dev/null 2>&1 && test -d .git; then git describe --abbrev=42 --tags --always HEAD; fi)
 ACLOCAL_AMFLAGS = -I buildutil -I libglnx ${ACLOCAL_FLAGS}
-
-# Generated by coreos-assembler build-fast and kola
 GITIGNOREFILES = aclocal.m4 build-aux/ buildutil/*.m4 config.h.in \
-	gtk-doc.make fastbuild-*.qcow2 _kola_temp/ $(am__append_72)
+	gtk-doc.make $(am__append_72)
 OT_INTERNAL_GIO_UNIX_CFLAGS = $(OT_DEP_GIO_UNIX_CFLAGS)
 OT_INTERNAL_GIO_UNIX_LIBS = $(OT_DEP_GIO_UNIX_LIBS)
 OT_INTERNAL_SOUP_CFLAGS = $(OT_DEP_SOUP_CFLAGS)
@@ -2913,15 +2909,13 @@ _installed_or_uninstalled_test_scripts = tests/test-basic.sh \
 	tests/test-admin-deploy-nomerge.sh \
 	tests/test-admin-deploy-none.sh \
 	tests/test-admin-deploy-bootid-gc.sh \
-	tests/test-osupdate-dtb.sh \
 	tests/test-admin-instutil-set-kargs.sh \
 	tests/test-admin-upgrade-not-backwards.sh \
 	tests/test-admin-pull-deploy-commit.sh \
 	tests/test-admin-pull-deploy-split.sh \
 	tests/test-admin-locking.sh tests/test-admin-deploy-clean.sh \
 	tests/test-reset-nonlinear.sh tests/test-oldstyle-partial.sh \
-	tests/test-delta.sh tests/test-delta-sign.sh \
-	tests/test-delta-ed25519.sh tests/test-xattrs.sh \
+	tests/test-delta.sh tests/test-xattrs.sh \
 	tests/test-auto-summary.sh tests/test-prune.sh \
 	tests/test-concurrency.py tests/test-refs.sh \
 	tests/test-demo-buildsystem.sh tests/test-switchroot.sh \
@@ -8363,13 +8357,6 @@ tests/test-admin-deploy-bootid-gc.sh.log: tests/test-admin-deploy-bootid-gc.sh
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
-tests/test-osupdate-dtb.sh.log: tests/test-osupdate-dtb.sh
-	@p='tests/test-osupdate-dtb.sh'; \
-	b='tests/test-osupdate-dtb.sh'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
 tests/test-admin-instutil-set-kargs.sh.log: tests/test-admin-instutil-set-kargs.sh
 	@p='tests/test-admin-instutil-set-kargs.sh'; \
 	b='tests/test-admin-instutil-set-kargs.sh'; \
@@ -8433,20 +8420,6 @@ tests/test-delta.sh.log: tests/test-delta.sh
 	--log-file $$b.log --trs-file $$b.trs \
 	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
 	"$$tst" $(AM_TESTS_FD_REDIRECT)
-tests/test-delta-sign.sh.log: tests/test-delta-sign.sh
-	@p='tests/test-delta-sign.sh'; \
-	b='tests/test-delta-sign.sh'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
-tests/test-delta-ed25519.sh.log: tests/test-delta-ed25519.sh
-	@p='tests/test-delta-ed25519.sh'; \
-	b='tests/test-delta-ed25519.sh'; \
-	$(am__check_pre) $(LOG_DRIVER) --test-name "$$f" \
-	--log-file $$b.log --trs-file $$b.trs \
-	$(am__common_driver_flags) $(AM_LOG_DRIVER_FLAGS) $(LOG_DRIVER_FLAGS) -- $(LOG_COMPILE) \
-	"$$tst" $(AM_TESTS_FD_REDIRECT)
 tests/test-xattrs.sh.log: tests/test-xattrs.sh
 	@p='tests/test-xattrs.sh'; \
 	b='tests/test-xattrs.sh'; \
diff --git a/README.md b/README.md
index be6f645..1ef8e30 100644
--- a/README.md
+++ b/README.md
@@ -1,4 +1,9 @@
-# libostree
+libostree
+---------
+
+New! See the docs online at [Read The Docs (OSTree)](https://ostree.readthedocs.org/en/latest/ )
+
+-----
 
 This project is now known as "libostree", though it is still appropriate to use
 the previous name: "OSTree" (or "ostree"). The focus is on projects which use
@@ -31,12 +36,8 @@ version of
    projects like [flatpak](https://github.com/flatpak/flatpak) which
    use libostree for applications, rather than hosts.
 
-## Documentation
-
-For more information, see the [project documentation](docs/index.md) or the
-[project documentation website](https://ostreedev.github.io/ostree).
-
-## Operating systems and distributions using OSTree
+Operating systems and distributions using OSTree
+---------------------
 
 [Endless OS](https://endlessos.com/) uses libostree for their host system as
 well as flatpak. See
@@ -62,7 +63,8 @@ system for GNOME.
 [Liri OS](https://liri.io/download/silverblue/) has the option to install
 their distribution using ostree.
 
-## Distribution build tools
+Distribution build tools
+------------------------
 
 [meta-updater](https://github.com/advancedtelematic/meta-updater) is
 a layer available for [OpenEmbedded](http://www.openembedded.org/wiki/Main_Page)
@@ -77,7 +79,8 @@ integration tool supports importing and exporting from libostree repos.
 Fedora [coreos-assembler](https://github.com/coreos/coreos-assembler) is
 the build tool used to generate Fedora CoreOS derivatives.
 
-## Projects linking to libostree
+Projects linking to libostree
+-----------------------------
 
 [rpm-ostree](https://github.com/projectatomic/rpm-ostree) is used by the
 Fedora-derived operating systems listed above.  It is a full hybrid
@@ -95,7 +98,8 @@ use the "libostree host system" aspects (e.g. bootloader management), just the
 "git-like hardlink dedup". For example, flatpak supports a per-user OSTree
 repository.
 
-## Language bindings
+Language bindings
+----
 
 libostree is accessible via [GObject Introspection](https://gi.readthedocs.io/en/latest/);
 any language which has implemented the GI binding model should work.
@@ -110,7 +114,8 @@ for statically compiled languages.  Here's a list of such bindings:
  - [ostree-go](https://github.com/ostreedev/ostree-go/)
  - [ostree-rs](https://gitlab.com/fkrull/ostree-rs/)
 
-## Building
+Building
+--------
 
 Releases are available as GPG signed git tags, and most recent
 versions support extended validation using
@@ -134,11 +139,19 @@ make
 make install DESTDIR=/path/to/dest
 ```
 
-## Contributing
+More documentation
+------------------
+
+New! See the docs online at [Read The Docs (OSTree)](https://ostree.readthedocs.org/en/latest/ )
+
+Contributing
+------------
 
 See [Contributing](docs/CONTRIBUTING.md).
 
-## Licensing
+
+Licensing
+-------
 
 The licensing for the *code* of libostree can be canonically found in the individual files;
 and the overall status in the [COPYING](https://github.com/ostreedev/ostree/blob/master/COPYING)
diff --git a/SPECS/libostree-2020.7.tar.xz b/SPECS/libostree-2020.7.tar.xz
deleted file mode 100644
index d964f0d..0000000
Binary files a/SPECS/libostree-2020.7.tar.xz and /dev/null differ
diff --git a/SPECS/ostree.spec b/SPECS/ostree.spec
index e2d625d..19e2ea9 100644
--- a/SPECS/ostree.spec
+++ b/SPECS/ostree.spec
@@ -7,15 +7,12 @@
 
 Summary: Tool for managing bootable, immutable filesystem trees
 Name: ostree
-Version: 2020.7
+Version: 2020.4
 Release: 1%{?dist}
 Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libostree-%{version}.tar.xz
 License: LGPLv2+
 URL: https://ostree.readthedocs.io/en/latest/
 
-Patch0: 0001-ostree-prepare-root-print-st_dev-and-st_ino-as-64-bi.patch
-Patch1: 0001-gcc11.patch
-
 BuildRequires: git
 # We always run autogen.sh
 BuildRequires: autoconf automake libtool
@@ -165,24 +162,6 @@ find %{buildroot} -name '*.la' -delete
 %endif
 
 %changelog
-* Tue Nov  3 15:04:48 UTC 2020 Colin Walters <walters@verbum.org> - 2020.7-1
-- Update to 2020.7
-  Resolves: #1894062
-
-* Wed Sep 09 2020 Colin Walters <walters@verbum.org> - 2020.5-4
-- Backport patches for https://bugzilla.redhat.com/show_bug.cgi?id=1875567
-
-* Mon Aug 24 2020 Colin Walters <walters@verbum.org> - 2020.5-3
-- Backport
-  https://github.com/ostreedev/ostree/pull/2179/commits/06ed04a816141914adb9bd3e32392801fce5bc8e
-  Resolves: #1867601
-
-* Tue Aug 18 2020 Colin Walters <walters@verbum.org> - 2020.5-2
-- Update to https://github.com/ostreedev/ostree/releases/tag/v2020.5
-  Specifically to fix readonly-sysroot for e.g. RHEL Edge and
-  older RHCOS versions
-- Related: #1861507
-
 * Tue Jul 28 2020 Colin Walters <walters@verbum.org> - 2020.4-1
 - https://github.com/ostreedev/ostree/releases/tag/v2020.4
 - We plan to use per-object-fsync for etcd in OpenShift 4
diff --git a/apidoc/html/ostree-OstreeRepo.html b/apidoc/html/ostree-OstreeRepo.html
index efccacd..c9a2783 100644
--- a/apidoc/html/ostree-OstreeRepo.html
+++ b/apidoc/html/ostree-OstreeRepo.html
@@ -914,27 +914,11 @@
 <span class="returnvalue">gboolean</span>
 </td>
 <td class="function_name">
-<a class="link" href="ostree-OstreeRepo.html#ostree-repo-static-delta-execute-offline-with-signature" title="ostree_repo_static_delta_execute_offline_with_signature ()">ostree_repo_static_delta_execute_offline_with_signature</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
-<tr>
-<td class="function_type">
-<span class="returnvalue">gboolean</span>
-</td>
-<td class="function_name">
 <a class="link" href="ostree-OstreeRepo.html#ostree-repo-static-delta-execute-offline" title="ostree_repo_static_delta_execute_offline ()">ostree_repo_static_delta_execute_offline</a> <span class="c_punctuation">()</span>
 </td>
 </tr>
 <tr>
 <td class="function_type">
-<span class="returnvalue">gboolean</span>
-</td>
-<td class="function_name">
-<a class="link" href="ostree-OstreeRepo.html#ostree-repo-static-delta-verify-signature" title="ostree_repo_static_delta_verify_signature ()">ostree_repo_static_delta_verify_signature</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
-<tr>
-<td class="function_type">
 <span class="returnvalue">GHashTable</span> *
 </td>
 <td class="function_name">
@@ -5295,7 +5279,6 @@ one to easily set up SELinux labeling from a base commit.</p>
 </tbody>
 </table></div>
 </div>
-<p class="since">Since: 2020.4</p>
 </div>
 <hr>
 <div class="refsect2">
@@ -6488,8 +6471,6 @@ for input files</p></li>
 <li class="listitem"><p>verbose: b: Print diagnostic messages.  Default FALSE.</p></li>
 <li class="listitem"><p>endianness: b: Deltas use host byte order by default; this option allows choosing (G_BIG_ENDIAN or G_LITTLE_ENDIAN)</p></li>
 <li class="listitem"><p>filename: ay: Save delta superblock to this filename, and parts in the same directory.  Default saves to repository.</p></li>
-<li class="listitem"><p>sign-name: ay: Signature type to use.</p></li>
-<li class="listitem"><p>sign-key-ids: as: Array of keys used to sign delta superblock.</p></li>
 </ul></div>
 <div class="refsect3">
 <a name="ostree-repo-static-delta-generate.parameters"></a><h4>Parameters</h4>
@@ -6546,69 +6527,6 @@ for input files</p></li>
 </div>
 <hr>
 <div class="refsect2">
-<a name="ostree-repo-static-delta-execute-offline-with-signature"></a><h3>ostree_repo_static_delta_execute_offline_with_signature ()</h3>
-<pre class="programlisting"><span class="returnvalue">gboolean</span>
-ostree_repo_static_delta_execute_offline_with_signature
-                               (<em class="parameter"><code><a class="link" href="ostree-OstreeRepo.html#OstreeRepo" title="OstreeRepo"><span class="type">OstreeRepo</span></a> *self</code></em>,
-                                <em class="parameter"><code><span class="type">GFile</span> *dir_or_file</code></em>,
-                                <em class="parameter"><code><a class="link" href="ostree-Signature-management.html#OstreeSign" title="OstreeSign"><span class="type">OstreeSign</span></a> *sign</code></em>,
-                                <em class="parameter"><code><span class="type">gboolean</span> skip_validation</code></em>,
-                                <em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
-                                <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
-<p>Given a directory representing an already-downloaded static delta
-on disk, apply it, generating a new commit.
-If sign is passed, the static delta signature is verified.
-If sign-verify-deltas configuration option is set and static delta is signed,
-signature verification will be mandatory before apply the static delta.
-The directory must be named with the form "FROM-TO", where both are
-checksums, and it must contain a file named "superblock", along with at least
-one part.</p>
-<div class="refsect3">
-<a name="ostree-repo-static-delta-execute-offline-with-signature.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody>
-<tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Repo</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>dir_or_file</p></td>
-<td class="parameter_description"><p>Path to a directory containing static delta data, or directly to the superblock</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>sign</p></td>
-<td class="parameter_description"><p>Signature engine used to check superblock</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>skip_validation</p></td>
-<td class="parameter_description"><p>If <code class="literal">TRUE</code>, assume data integrity</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>cancellable</p></td>
-<td class="parameter_description"><p>Cancellable</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>error</p></td>
-<td class="parameter_description"><p>Error</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-<p class="since">Since: 2020.7</p>
-</div>
-<hr>
-<div class="refsect2">
 <a name="ostree-repo-static-delta-execute-offline"></a><h3>ostree_repo_static_delta_execute_offline ()</h3>
 <pre class="programlisting"><span class="returnvalue">gboolean</span>
 ostree_repo_static_delta_execute_offline
@@ -6661,61 +6579,6 @@ must contain a file named "superblock", along with at least one part.</p>
 </div>
 <hr>
 <div class="refsect2">
-<a name="ostree-repo-static-delta-verify-signature"></a><h3>ostree_repo_static_delta_verify_signature ()</h3>
-<pre class="programlisting"><span class="returnvalue">gboolean</span>
-ostree_repo_static_delta_verify_signature
-                               (<em class="parameter"><code><a class="link" href="ostree-OstreeRepo.html#OstreeRepo" title="OstreeRepo"><span class="type">OstreeRepo</span></a> *self</code></em>,
-                                <em class="parameter"><code>const <span class="type">char</span> *delta_id</code></em>,
-                                <em class="parameter"><code><a class="link" href="ostree-Signature-management.html#OstreeSign" title="OstreeSign"><span class="type">OstreeSign</span></a> *sign</code></em>,
-                                <em class="parameter"><code><span class="type">char</span> **out_success_message</code></em>,
-                                <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
-<p>Verify static delta file signature.</p>
-<div class="refsect3">
-<a name="ostree-repo-static-delta-verify-signature.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody>
-<tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Repo</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>delta_id</p></td>
-<td class="parameter_description"><p>delta path</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>sign</p></td>
-<td class="parameter_description"><p>Signature engine used to check superblock</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>out_success_message</p></td>
-<td class="parameter_description"><p>success message</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>error</p></td>
-<td class="parameter_description"><p>Error</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-<div class="refsect3">
-<a name="ostree-repo-static-delta-verify-signature.returns"></a><h4>Returns</h4>
-<p> TRUE if the signature of static delta file is valid using the
-signature engine provided, FALSE otherwise.</p>
-</div>
-<p class="since">Since: 2020.7</p>
-</div>
-<hr>
-<div class="refsect2">
 <a name="ostree-repo-traverse-new-reachable"></a><h3>ostree_repo_traverse_new_reachable ()</h3>
 <pre class="programlisting"><span class="returnvalue">GHashTable</span> *
 ostree_repo_traverse_new_reachable (<em class="parameter"><code><span class="type">void</span></code></em>);</pre>
@@ -7592,37 +7455,37 @@ ostree_repo_pull_with_options (<em class="parameter"><code><a class="link" href=
 <p>Like <a class="link" href="ostree-OstreeRepo.html#ostree-repo-pull" title="ostree_repo_pull ()"><code class="function">ostree_repo_pull()</code></a>, but supports an extensible set of flags.
 The following are currently defined:</p>
 <div class="itemizedlist"><ul class="itemizedlist" style="list-style-type: disc; ">
-<li class="listitem"><p><code class="literal">refs</code> (<code class="literal">as</code>): Array of string refs</p></li>
-<li class="listitem"><p><code class="literal">collection-refs</code> (<code class="literal">a(sss)</code>): Array of (collection ID, ref name, checksum) tuples to pull;
+<li class="listitem"><p>refs (as): Array of string refs</p></li>
+<li class="listitem"><p>collection-refs (a(sss)): Array of (collection ID, ref name, checksum) tuples to pull;
 mutually exclusive with <code class="literal">refs</code> and <code class="literal">override-commit-ids</code>. Checksums may be the empty
 string to pull the latest commit for that ref</p></li>
-<li class="listitem"><p><code class="literal">flags</code> (<code class="literal">i</code>): An instance of <a class="link" href="ostree-OstreeRepo.html#OstreeRepoPullFlags" title="enum OstreeRepoPullFlags"><span class="type">OstreeRepoPullFlags</span></a></p></li>
-<li class="listitem"><p><code class="literal">subdir</code> (<code class="literal">s</code>): Pull just this subdirectory</p></li>
-<li class="listitem"><p><code class="literal">subdirs</code> (<code class="literal">as</code>): Pull just these subdirectories</p></li>
-<li class="listitem"><p><code class="literal">override-remote-name</code> (<code class="literal">s</code>): If local, add this remote to refspec</p></li>
-<li class="listitem"><p><code class="literal">gpg-verify</code> (<code class="literal">b</code>): GPG verify commits</p></li>
-<li class="listitem"><p><code class="literal">gpg-verify-summary</code> (<code class="literal">b</code>): GPG verify summary</p></li>
-<li class="listitem"><p><code class="literal">disable-sign-verify</code> (<code class="literal">b</code>): Disable signapi verification of commits</p></li>
-<li class="listitem"><p><code class="literal">disable-sign-verify-summary</code> (<code class="literal">b</code>): Disable signapi verification of the summary</p></li>
-<li class="listitem"><p><code class="literal">depth</code> (<code class="literal">i</code>): How far in the history to traverse; default is 0, -1 means infinite</p></li>
-<li class="listitem"><p><code class="literal">per-object-fsync</code> (<code class="literal">b</code>): Perform disk writes more slowly, avoiding a single large I/O sync</p></li>
-<li class="listitem"><p><code class="literal">disable-static-deltas</code> (<code class="literal">b</code>): Do not use static deltas</p></li>
-<li class="listitem"><p><code class="literal">require-static-deltas</code> (<code class="literal">b</code>): Require static deltas</p></li>
-<li class="listitem"><p><code class="literal">override-commit-ids</code> (<code class="literal">as</code>): Array of specific commit IDs to fetch for refs</p></li>
-<li class="listitem"><p><code class="literal">timestamp-check</code> (<code class="literal">b</code>): Verify commit timestamps are newer than current (when pulling via ref); Since: 2017.11</p></li>
-<li class="listitem"><p><code class="literal">timestamp-check-from-rev</code> (<code class="literal">s</code>): Verify that all fetched commit timestamps are newer than timestamp of given rev; Since: 2020.4</p></li>
-<li class="listitem"><p><code class="literal">metadata-size-restriction</code> (<code class="literal">t</code>): Restrict metadata objects to a maximum number of bytes; 0 to disable.  Since: 2018.9</p></li>
-<li class="listitem"><p><code class="literal">dry-run</code> (<code class="literal">b</code>): Only print information on what will be downloaded (requires static deltas)</p></li>
-<li class="listitem"><p><code class="literal">override-url</code> (<code class="literal">s</code>): Fetch objects from this URL if remote specifies no metalink in options</p></li>
-<li class="listitem"><p><code class="literal">inherit-transaction</code> (<code class="literal">b</code>): Don't initiate, finish or abort a transaction, useful to do multiple pulls in one transaction.</p></li>
-<li class="listitem"><p><code class="literal">http-headers</code> (<code class="literal">a(ss)</code>): Additional headers to add to all HTTP requests</p></li>
-<li class="listitem"><p><code class="literal">update-frequency</code> (<code class="literal">u</code>): Frequency to call the async progress callback in milliseconds, if any; only values higher than 0 are valid</p></li>
-<li class="listitem"><p><code class="literal">localcache-repos</code> (<code class="literal">as</code>): File paths for local repos to use as caches when doing remote fetches</p></li>
-<li class="listitem"><p><code class="literal">append-user-agent</code> (<code class="literal">s</code>): Additional string to append to the user agent</p></li>
-<li class="listitem"><p><code class="literal">n-network-retries</code> (<code class="literal">u</code>): Number of times to retry each download on receiving
+<li class="listitem"><p>flags (i): An instance of <a class="link" href="ostree-OstreeRepo.html#OstreeRepoPullFlags" title="enum OstreeRepoPullFlags"><span class="type">OstreeRepoPullFlags</span></a></p></li>
+<li class="listitem"><p>subdir (s): Pull just this subdirectory</p></li>
+<li class="listitem"><p>subdirs (as): Pull just these subdirectories</p></li>
+<li class="listitem"><p>override-remote-name (s): If local, add this remote to refspec</p></li>
+<li class="listitem"><p>gpg-verify (b): GPG verify commits</p></li>
+<li class="listitem"><p>gpg-verify-summary (b): GPG verify summary</p></li>
+<li class="listitem"><p>disable-sign-verify (b): Disable signapi verification of commits</p></li>
+<li class="listitem"><p>disable-sign-verify-summary (b): Disable signapi verification of the summary</p></li>
+<li class="listitem"><p>depth (i): How far in the history to traverse; default is 0, -1 means infinite</p></li>
+<li class="listitem"><p>per-object-fsync (b): Perform disk writes more slowly, avoiding a single large I/O sync</p></li>
+<li class="listitem"><p>disable-static-deltas (b): Do not use static deltas</p></li>
+<li class="listitem"><p>require-static-deltas (b): Require static deltas</p></li>
+<li class="listitem"><p>override-commit-ids (as): Array of specific commit IDs to fetch for refs</p></li>
+<li class="listitem"><p>timestamp-check (b): Verify commit timestamps are newer than current (when pulling via ref); Since: 2017.11</p></li>
+<li class="listitem"><p>timestamp-check-from-rev (s): Verify that all fetched commit timestamps are newer than timestamp of given rev; Since: 2020.4</p></li>
+<li class="listitem"><p>metadata-size-restriction (t): Restrict metadata objects to a maximum number of bytes; 0 to disable.  Since: 2018.9</p></li>
+<li class="listitem"><p>dry-run (b): Only print information on what will be downloaded (requires static deltas)</p></li>
+<li class="listitem"><p>override-url (s): Fetch objects from this URL if remote specifies no metalink in options</p></li>
+<li class="listitem"><p>inherit-transaction (b): Don't initiate, finish or abort a transaction, useful to do multiple pulls in one transaction.</p></li>
+<li class="listitem"><p>http-headers (a(ss)): Additional headers to add to all HTTP requests</p></li>
+<li class="listitem"><p>update-frequency (u): Frequency to call the async progress callback in milliseconds, if any; only values higher than 0 are valid</p></li>
+<li class="listitem"><p>localcache-repos (as): File paths for local repos to use as caches when doing remote fetches</p></li>
+<li class="listitem"><p>append-user-agent (s): Additional string to append to the user agent</p></li>
+<li class="listitem"><p>n-network-retries (u): Number of times to retry each download on receiving
 a transient network error, such as a socket timeout; default is 5, 0
 means return errors without retrying. Since: 2018.6</p></li>
-<li class="listitem"><p><code class="literal">ref-keyring-map</code> (<code class="literal">a(sss)</code>): Array of (collection ID, ref name, keyring
+<li class="listitem"><p>ref-keyring-map (a(sss)): Array of (collection ID, ref name, keyring
 remote name) tuples specifying which remote's keyring should be used when
 doing GPG verification of each collection-ref. This is useful to prevent a
 remote from serving malicious updates to refs which did not originate from
diff --git a/apidoc/html/ostree-Root-partition-mount-point.html b/apidoc/html/ostree-Root-partition-mount-point.html
index 91c0d6b..3b1b106 100644
--- a/apidoc/html/ostree-Root-partition-mount-point.html
+++ b/apidoc/html/ostree-Root-partition-mount-point.html
@@ -348,35 +348,11 @@
 <span class="returnvalue">gboolean</span>
 </td>
 <td class="function_name">
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree-with-options" title="ostree_sysroot_stage_tree_with_options ()">ostree_sysroot_stage_tree_with_options</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
-<tr>
-<td class="function_type">
-<span class="returnvalue">gboolean</span>
-</td>
-<td class="function_name">
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-overlay-initrd" title="ostree_sysroot_stage_overlay_initrd ()">ostree_sysroot_stage_overlay_initrd</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
-<tr>
-<td class="function_type">
-<span class="returnvalue">gboolean</span>
-</td>
-<td class="function_name">
 <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree" title="ostree_sysroot_deploy_tree ()">ostree_sysroot_deploy_tree</a> <span class="c_punctuation">()</span>
 </td>
 </tr>
 <tr>
 <td class="function_type">
-<span class="returnvalue">gboolean</span>
-</td>
-<td class="function_name">
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree-with-options" title="ostree_sysroot_deploy_tree_with_options ()">ostree_sysroot_deploy_tree_with_options</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
-<tr>
-<td class="function_type">
 <a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="returnvalue">OstreeDeployment</span></a> *
 </td>
 <td class="function_name">
@@ -1752,7 +1728,8 @@ ostree_sysroot_stage_tree (<em class="parameter"><code><a class="link" href="ost
                            <em class="parameter"><code><a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="type">OstreeDeployment</span></a> **out_new_deployment</code></em>,
                            <em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
                            <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
-<p>Older version of <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree-with-options" title="ostree_sysroot_stage_tree_with_options ()"><code class="function">ostree_sysroot_stage_tree_with_options()</code></a>.</p>
+<p>Like <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree" title="ostree_sysroot_deploy_tree ()"><code class="function">ostree_sysroot_deploy_tree()</code></a>, but "finalization" only occurs at OS
+shutdown time.</p>
 <div class="refsect3">
 <a name="ostree-sysroot-stage-tree.parameters"></a><h4>Parameters</h4>
 <div class="informaltable"><table class="informaltable" width="100%" border="0">
@@ -1814,132 +1791,6 @@ ostree_sysroot_stage_tree (<em class="parameter"><code><a class="link" href="ost
 </div>
 <hr>
 <div class="refsect2">
-<a name="ostree-sysroot-stage-tree-with-options"></a><h3>ostree_sysroot_stage_tree_with_options ()</h3>
-<pre class="programlisting"><span class="returnvalue">gboolean</span>
-ostree_sysroot_stage_tree_with_options
-                               (<em class="parameter"><code><a class="link" href="ostree-Root-partition-mount-point.html#OstreeSysroot" title="OstreeSysroot"><span class="type">OstreeSysroot</span></a> *self</code></em>,
-                                <em class="parameter"><code>const <span class="type">char</span> *osname</code></em>,
-                                <em class="parameter"><code>const <span class="type">char</span> *revision</code></em>,
-                                <em class="parameter"><code><span class="type">GKeyFile</span> *origin</code></em>,
-                                <em class="parameter"><code><a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="type">OstreeDeployment</span></a> *merge_deployment</code></em>,
-                                <em class="parameter"><code><span class="type">OstreeSysrootDeployTreeOpts</span> *opts</code></em>,
-                                <em class="parameter"><code><a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="type">OstreeDeployment</span></a> **out_new_deployment</code></em>,
-                                <em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
-                                <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
-<p>Like <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree" title="ostree_sysroot_deploy_tree ()"><code class="function">ostree_sysroot_deploy_tree()</code></a>, but "finalization" only occurs at OS
-shutdown time.</p>
-<div class="refsect3">
-<a name="ostree-sysroot-stage-tree-with-options.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody>
-<tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Sysroot</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>osname</p></td>
-<td class="parameter_description"><p>osname to use for merge deployment. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>revision</p></td>
-<td class="parameter_description"><p>Checksum to add</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>origin</p></td>
-<td class="parameter_description"><p>Origin to use for upgrades. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>merge_deployment</p></td>
-<td class="parameter_description"><p>Use this deployment for merge path. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>opts</p></td>
-<td class="parameter_description"><p>Options</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>out_new_deployment</p></td>
-<td class="parameter_description"><p>The new deployment path. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>cancellable</p></td>
-<td class="parameter_description"><p>Cancellable</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>error</p></td>
-<td class="parameter_description"><p>Error</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-<p class="since">Since: 2020.7</p>
-</div>
-<hr>
-<div class="refsect2">
-<a name="ostree-sysroot-stage-overlay-initrd"></a><h3>ostree_sysroot_stage_overlay_initrd ()</h3>
-<pre class="programlisting"><span class="returnvalue">gboolean</span>
-ostree_sysroot_stage_overlay_initrd (<em class="parameter"><code><a class="link" href="ostree-Root-partition-mount-point.html#OstreeSysroot" title="OstreeSysroot"><span class="type">OstreeSysroot</span></a> *self</code></em>,
-                                     <em class="parameter"><code><span class="type">int</span> fd</code></em>,
-                                     <em class="parameter"><code><span class="type">char</span> **out_checksum</code></em>,
-                                     <em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
-                                     <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
-<p>Stage an overlay initrd to be used in an upcoming deployment. Returns a checksum which
-can be passed to <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree-with-options" title="ostree_sysroot_deploy_tree_with_options ()"><code class="function">ostree_sysroot_deploy_tree_with_options()</code></a> or
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree-with-options" title="ostree_sysroot_stage_tree_with_options ()"><code class="function">ostree_sysroot_stage_tree_with_options()</code></a> via the <code class="literal">overlay_initrds</code> array option.</p>
-<div class="refsect3">
-<a name="ostree-sysroot-stage-overlay-initrd.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody>
-<tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Sysroot</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>fd</p></td>
-<td class="parameter_description"><p>File descriptor to overlay initrd. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/transfer%20none"><span class="acronym">transfer none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>out_checksum</p></td>
-<td class="parameter_description"><p>Overlay initrd checksum. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>][<a href="http://foldoc.org/transfer%20full"><span class="acronym">transfer full</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>cancellable</p></td>
-<td class="parameter_description"><p>Cancellable</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>error</p></td>
-<td class="parameter_description"><p>Error</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-<p class="since">Since: 2020.7</p>
-</div>
-<hr>
-<div class="refsect2">
 <a name="ostree-sysroot-deploy-tree"></a><h3>ostree_sysroot_deploy_tree ()</h3>
 <pre class="programlisting"><span class="returnvalue">gboolean</span>
 ostree_sysroot_deploy_tree (<em class="parameter"><code><a class="link" href="ostree-Root-partition-mount-point.html#OstreeSysroot" title="OstreeSysroot"><span class="type">OstreeSysroot</span></a> *self</code></em>,
@@ -1951,88 +1802,14 @@ ostree_sysroot_deploy_tree (<em class="parameter"><code><a class="link" href="os
                             <em class="parameter"><code><a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="type">OstreeDeployment</span></a> **out_new_deployment</code></em>,
                             <em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
                             <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
-<p>Older version of <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree-with-options" title="ostree_sysroot_stage_tree_with_options ()"><code class="function">ostree_sysroot_stage_tree_with_options()</code></a>.</p>
-<div class="refsect3">
-<a name="ostree-sysroot-deploy-tree.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody>
-<tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Sysroot</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>osname</p></td>
-<td class="parameter_description"><p>osname to use for merge deployment. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>revision</p></td>
-<td class="parameter_description"><p>Checksum to add</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>origin</p></td>
-<td class="parameter_description"><p>Origin to use for upgrades. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>provided_merge_deployment</p></td>
-<td class="parameter_description"><p>Use this deployment for merge path. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>override_kernel_argv</p></td>
-<td class="parameter_description"><p>Use these as kernel arguments; if <code class="literal">NULL</code>, inherit options from provided_merge_deployment. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>][<a href="http://foldoc.org/array"><span class="acronym">array</span></a> zero-terminated=1][<a href="http://foldoc.org/element-type"><span class="acronym">element-type</span></a> utf8]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>out_new_deployment</p></td>
-<td class="parameter_description"><p>The new deployment path. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>]</span></td>
-</tr>
-<tr>
-<td class="parameter_name"><p>cancellable</p></td>
-<td class="parameter_description"><p>Cancellable</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>error</p></td>
-<td class="parameter_description"><p>Error</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-</tbody>
-</table></div>
-</div>
-<p class="since">Since: 2018.5</p>
-</div>
-<hr>
-<div class="refsect2">
-<a name="ostree-sysroot-deploy-tree-with-options"></a><h3>ostree_sysroot_deploy_tree_with_options ()</h3>
-<pre class="programlisting"><span class="returnvalue">gboolean</span>
-ostree_sysroot_deploy_tree_with_options
-                               (<em class="parameter"><code><a class="link" href="ostree-Root-partition-mount-point.html#OstreeSysroot" title="OstreeSysroot"><span class="type">OstreeSysroot</span></a> *self</code></em>,
-                                <em class="parameter"><code>const <span class="type">char</span> *osname</code></em>,
-                                <em class="parameter"><code>const <span class="type">char</span> *revision</code></em>,
-                                <em class="parameter"><code><span class="type">GKeyFile</span> *origin</code></em>,
-                                <em class="parameter"><code><a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="type">OstreeDeployment</span></a> *provided_merge_deployment</code></em>,
-                                <em class="parameter"><code><span class="type">OstreeSysrootDeployTreeOpts</span> *opts</code></em>,
-                                <em class="parameter"><code><a class="link" href="ostree-ostree-deployment.html#OstreeDeployment" title="OstreeDeployment"><span class="type">OstreeDeployment</span></a> **out_new_deployment</code></em>,
-                                <em class="parameter"><code><span class="type">GCancellable</span> *cancellable</code></em>,
-                                <em class="parameter"><code><span class="type">GError</span> **error</code></em>);</pre>
 <p>Check out deployment tree with revision <em class="parameter"><code>revision</code></em>
 , performing a 3
 way merge with <em class="parameter"><code>provided_merge_deployment</code></em>
  for configuration.</p>
-<p>When booted into the sysroot, you should use the
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree" title="ostree_sysroot_stage_tree ()"><code class="function">ostree_sysroot_stage_tree()</code></a> API instead.</p>
+<p>While this API is not deprecated, you most likely want to use the
+<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree" title="ostree_sysroot_stage_tree ()"><code class="function">ostree_sysroot_stage_tree()</code></a> API.</p>
 <div class="refsect3">
-<a name="ostree-sysroot-deploy-tree-with-options.parameters"></a><h4>Parameters</h4>
+<a name="ostree-sysroot-deploy-tree.parameters"></a><h4>Parameters</h4>
 <div class="informaltable"><table class="informaltable" width="100%" border="0">
 <colgroup>
 <col width="150px" class="parameters_name">
@@ -2066,9 +1843,9 @@ way merge with <em class="parameter"><code>provided_merge_deployment</code></em>
 <td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
 </tr>
 <tr>
-<td class="parameter_name"><p>opts</p></td>
-<td class="parameter_description"><p>Options. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
+<td class="parameter_name"><p>override_kernel_argv</p></td>
+<td class="parameter_description"><p>Use these as kernel arguments; if <code class="literal">NULL</code>, inherit options from provided_merge_deployment. </p></td>
+<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>][<a href="http://foldoc.org/array"><span class="acronym">array</span></a> zero-terminated=1][<a href="http://foldoc.org/element-type"><span class="acronym">element-type</span></a> utf8]</span></td>
 </tr>
 <tr>
 <td class="parameter_name"><p>out_new_deployment</p></td>
@@ -2088,7 +1865,6 @@ way merge with <em class="parameter"><code>provided_merge_deployment</code></em>
 </tbody>
 </table></div>
 </div>
-<p class="since">Since: 2020.7</p>
 </div>
 <hr>
 <div class="refsect2">
diff --git a/apidoc/html/ostree-Signature-management.html b/apidoc/html/ostree-Signature-management.html
index 6ab8d79..dcd6075 100644
--- a/apidoc/html/ostree-Signature-management.html
+++ b/apidoc/html/ostree-Signature-management.html
@@ -290,11 +290,6 @@ the public key(s) for verification with <a class="link" href="ostree-Signature-m
 <td class="parameter_annotations"> </td>
 </tr>
 <tr>
-<td class="parameter_name"><p>out_success_message</p></td>
-<td class="parameter_description"><p>success message returned by the signing engine. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>][<a href="http://foldoc.org/nullable"><span class="acronym">nullable</span></a>][<a href="http://foldoc.org/optional"><span class="acronym">optional</span></a>]</span></td>
-</tr>
-<tr>
 <td class="parameter_name"><p>cancellable</p></td>
 <td class="parameter_description"><p>A <span class="type">GCancellable</span></p></td>
 <td class="parameter_annotations"> </td>
@@ -351,8 +346,8 @@ the secret key with <a class="link" href="ostree-Signature-management.html#ostre
 </tr>
 <tr>
 <td class="parameter_name"><p>signature</p></td>
-<td class="parameter_description"><p>in case of success will contain signature. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>]</span></td>
+<td class="parameter_description"><p>in case of success will contain signature</p></td>
+<td class="parameter_annotations"> </td>
 </tr>
 <tr>
 <td class="parameter_name"><p>cancellable</p></td>
@@ -416,11 +411,6 @@ or <a class="link" href="ostree-Signature-management.html#ostree-sign-load-pk" t
 <td class="parameter_annotations"> </td>
 </tr>
 <tr>
-<td class="parameter_name"><p>out_success_message</p></td>
-<td class="parameter_description"><p>success message returned by the signing engine. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/out"><span class="acronym">out</span></a>][<a href="http://foldoc.org/nullable"><span class="acronym">nullable</span></a>][<a href="http://foldoc.org/optional"><span class="acronym">optional</span></a>]</span></td>
-</tr>
-<tr>
 <td class="parameter_name"><p>error</p></td>
 <td class="parameter_description"><p>a <span class="type">GError</span></p></td>
 <td class="parameter_annotations"> </td>
@@ -859,7 +849,6 @@ Based on ostree_repo_add_gpg_signature_summary implementation.</p>
 <p> <em class="parameter"><code>TRUE</code></em>
 if summary file has been signed with all provided keys</p>
 </div>
-<p class="since">Since: 2020.2</p>
 </div>
 </div>
 <div class="refsect1">
diff --git a/apidoc/html/ostree-ostree-bootconfig-parser.html b/apidoc/html/ostree-ostree-bootconfig-parser.html
index b5b6a77..c9fdc37 100644
--- a/apidoc/html/ostree-ostree-bootconfig-parser.html
+++ b/apidoc/html/ostree-ostree-bootconfig-parser.html
@@ -102,22 +102,6 @@
 <a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-get" title="ostree_bootconfig_parser_get ()">ostree_bootconfig_parser_get</a> <span class="c_punctuation">()</span>
 </td>
 </tr>
-<tr>
-<td class="function_type">
-<span class="returnvalue">void</span>
-</td>
-<td class="function_name">
-<a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-set-overlay-initrds" title="ostree_bootconfig_parser_set_overlay_initrds ()">ostree_bootconfig_parser_set_overlay_initrds</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
-<tr>
-<td class="function_type">
-<span class="returnvalue">char</span> **
-</td>
-<td class="function_name">
-<a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-get-overlay-initrds" title="ostree_bootconfig_parser_get_overlay_initrds ()">ostree_bootconfig_parser_get_overlay_initrds</a> <span class="c_punctuation">()</span>
-</td>
-</tr>
 </tbody>
 </table></div>
 </div>
@@ -262,69 +246,6 @@ ostree_bootconfig_parser_set (<em class="parameter"><code><a class="link" href="
 ostree_bootconfig_parser_get (<em class="parameter"><code><a class="link" href="ostree-ostree-bootconfig-parser.html#OstreeBootconfigParser" title="OstreeBootconfigParser"><span class="type">OstreeBootconfigParser</span></a> *self</code></em>,
                               <em class="parameter"><code>const <span class="type">char</span> *key</code></em>);</pre>
 </div>
-<hr>
-<div class="refsect2">
-<a name="ostree-bootconfig-parser-set-overlay-initrds"></a><h3>ostree_bootconfig_parser_set_overlay_initrds ()</h3>
-<pre class="programlisting"><span class="returnvalue">void</span>
-ostree_bootconfig_parser_set_overlay_initrds
-                               (<em class="parameter"><code><a class="link" href="ostree-ostree-bootconfig-parser.html#OstreeBootconfigParser" title="OstreeBootconfigParser"><span class="type">OstreeBootconfigParser</span></a> *self</code></em>,
-                                <em class="parameter"><code><span class="type">char</span> **initrds</code></em>);</pre>
-<p>These are rendered as additional <code class="literal">initrd</code> keys in the final bootloader configs. The
-base initrd is part of the primary keys.</p>
-<div class="refsect3">
-<a name="ostree-bootconfig-parser-set-overlay-initrds.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody>
-<tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Parser</p></td>
-<td class="parameter_annotations"> </td>
-</tr>
-<tr>
-<td class="parameter_name"><p>initrds</p></td>
-<td class="parameter_description"><p>Array of overlay
-initrds or <code class="literal">NULL</code> to unset. </p></td>
-<td class="parameter_annotations"><span class="annotation">[<a href="http://foldoc.org/array"><span class="acronym">array</span></a> zero-terminated=1][<a href="http://foldoc.org/transfer%20none"><span class="acronym">transfer none</span></a>][<a href="http://foldoc.org/allow-none"><span class="acronym">allow-none</span></a>]</span></td>
-</tr>
-</tbody>
-</table></div>
-</div>
-<p class="since">Since: 2020.7</p>
-</div>
-<hr>
-<div class="refsect2">
-<a name="ostree-bootconfig-parser-get-overlay-initrds"></a><h3>ostree_bootconfig_parser_get_overlay_initrds ()</h3>
-<pre class="programlisting"><span class="returnvalue">char</span> **
-ostree_bootconfig_parser_get_overlay_initrds
-                               (<em class="parameter"><code><a class="link" href="ostree-ostree-bootconfig-parser.html#OstreeBootconfigParser" title="OstreeBootconfigParser"><span class="type">OstreeBootconfigParser</span></a> *self</code></em>);</pre>
-<div class="refsect3">
-<a name="ostree-bootconfig-parser-get-overlay-initrds.parameters"></a><h4>Parameters</h4>
-<div class="informaltable"><table class="informaltable" width="100%" border="0">
-<colgroup>
-<col width="150px" class="parameters_name">
-<col class="parameters_description">
-<col width="200px" class="parameters_annotations">
-</colgroup>
-<tbody><tr>
-<td class="parameter_name"><p>self</p></td>
-<td class="parameter_description"><p>Parser</p></td>
-<td class="parameter_annotations"> </td>
-</tr></tbody>
-</table></div>
-</div>
-<div class="refsect3">
-<a name="ostree-bootconfig-parser-get-overlay-initrds.returns"></a><h4>Returns</h4>
-<p>Array of initrds or <code class="literal">NULL</code>
-if none are set. </p>
-<p><span class="annotation">[<a href="http://foldoc.org/array"><span class="acronym">array</span></a> zero-terminated=1][<a href="http://foldoc.org/transfer%20none"><span class="acronym">transfer none</span></a>][<a href="http://foldoc.org/nullable"><span class="acronym">nullable</span></a>]</span></p>
-</div>
-<p class="since">Since: 2020.7</p>
-</div>
 </div>
 <div class="refsect1">
 <a name="ostree-ostree-bootconfig-parser.other_details"></a><h2>Types and Values</h2>
diff --git a/apidoc/html/ostree-ostree-deployment.html b/apidoc/html/ostree-ostree-deployment.html
index a206f46..bcac84d 100644
--- a/apidoc/html/ostree-ostree-deployment.html
+++ b/apidoc/html/ostree-ostree-deployment.html
@@ -574,8 +574,6 @@ ostree_deployment_unlocked_state_to_string
   GKeyFile *origin;
   OstreeDeploymentUnlockedState unlocked;
   gboolean staged;
-  char **overlay_initrds;
-  char *overlay_initrds_id;
 } OstreeDeployment;
 </pre>
 <div class="refsect3">
@@ -637,16 +635,6 @@ ostree_deployment_unlocked_state_to_string
 <td class="struct_member_description"><p>TRUE iff this deployment is staged</p></td>
 <td class="struct_member_annotations"> </td>
 </tr>
-<tr>
-<td class="struct_member_name"><p><span class="type">char</span> **<em class="structfield"><code><a name="OstreeDeployment.overlay-initrds"></a>overlay_initrds</code></em>;</p></td>
-<td class="struct_member_description"><p>Checksums of staged additional initrds for this deployment</p></td>
-<td class="struct_member_annotations"> </td>
-</tr>
-<tr>
-<td class="struct_member_name"><p><span class="type">char</span> *<em class="structfield"><code><a name="OstreeDeployment.overlay-initrds-id"></a>overlay_initrds_id</code></em>;</p></td>
-<td class="struct_member_description"><p>Unique ID generated from initrd checksums; used to compare deployments</p></td>
-<td class="struct_member_annotations"> </td>
-</tr>
 </tbody>
 </table></div>
 </div>
diff --git a/apidoc/html/ostree.devhelp2 b/apidoc/html/ostree.devhelp2
index 89cd25b..ad15fe0 100644
--- a/apidoc/html/ostree.devhelp2
+++ b/apidoc/html/ostree.devhelp2
@@ -172,7 +172,7 @@
     <keyword type="function" name="OstreeRepoCommitModifierXattrCallback ()" link="ostree-OstreeRepo.html#OstreeRepoCommitModifierXattrCallback"/>
     <keyword type="function" name="ostree_repo_commit_modifier_set_xattr_callback ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-xattr-callback"/>
     <keyword type="function" name="ostree_repo_commit_modifier_set_sepolicy ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-sepolicy"/>
-    <keyword type="function" name="ostree_repo_commit_modifier_set_sepolicy_from_commit ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-sepolicy-from-commit" since="2020.4"/>
+    <keyword type="function" name="ostree_repo_commit_modifier_set_sepolicy_from_commit ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-sepolicy-from-commit"/>
     <keyword type="function" name="ostree_repo_commit_modifier_set_devino_cache ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-set-devino-cache" since="2017.13"/>
     <keyword type="function" name="ostree_repo_commit_modifier_ref ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-ref"/>
     <keyword type="function" name="ostree_repo_commit_modifier_unref ()" link="ostree-OstreeRepo.html#ostree-repo-commit-modifier-unref"/>
@@ -199,9 +199,7 @@
     <keyword type="function" name="ostree_repo_list_commit_objects_starting_with ()" link="ostree-OstreeRepo.html#ostree-repo-list-commit-objects-starting-with"/>
     <keyword type="function" name="ostree_repo_list_static_delta_names ()" link="ostree-OstreeRepo.html#ostree-repo-list-static-delta-names"/>
     <keyword type="function" name="ostree_repo_static_delta_generate ()" link="ostree-OstreeRepo.html#ostree-repo-static-delta-generate"/>
-    <keyword type="function" name="ostree_repo_static_delta_execute_offline_with_signature ()" link="ostree-OstreeRepo.html#ostree-repo-static-delta-execute-offline-with-signature" since="2020.7"/>
     <keyword type="function" name="ostree_repo_static_delta_execute_offline ()" link="ostree-OstreeRepo.html#ostree-repo-static-delta-execute-offline"/>
-    <keyword type="function" name="ostree_repo_static_delta_verify_signature ()" link="ostree-OstreeRepo.html#ostree-repo-static-delta-verify-signature" since="2020.7"/>
     <keyword type="function" name="ostree_repo_traverse_new_reachable ()" link="ostree-OstreeRepo.html#ostree-repo-traverse-new-reachable"/>
     <keyword type="function" name="ostree_repo_traverse_new_parents ()" link="ostree-OstreeRepo.html#ostree-repo-traverse-new-parents" since="2018.5"/>
     <keyword type="function" name="ostree_repo_traverse_parents_get_commits ()" link="ostree-OstreeRepo.html#ostree-repo-traverse-parents-get-commits" since="2018.5"/>
@@ -307,10 +305,7 @@
     <keyword type="function" name="ostree_sysroot_write_deployments_with_options ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-write-deployments-with-options" since="2017.4"/>
     <keyword type="function" name="ostree_sysroot_write_origin_file ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-write-origin-file"/>
     <keyword type="function" name="ostree_sysroot_stage_tree ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree" since="2018.5"/>
-    <keyword type="function" name="ostree_sysroot_stage_tree_with_options ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree-with-options" since="2020.7"/>
-    <keyword type="function" name="ostree_sysroot_stage_overlay_initrd ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-overlay-initrd" since="2020.7"/>
-    <keyword type="function" name="ostree_sysroot_deploy_tree ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree" since="2018.5"/>
-    <keyword type="function" name="ostree_sysroot_deploy_tree_with_options ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree-with-options" since="2020.7"/>
+    <keyword type="function" name="ostree_sysroot_deploy_tree ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree"/>
     <keyword type="function" name="ostree_sysroot_get_merge_deployment ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-get-merge-deployment"/>
     <keyword type="function" name="ostree_sysroot_query_deployments_for ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-query-deployments-for" since="2017.7"/>
     <keyword type="function" name="ostree_sysroot_origin_new_from_refspec ()" link="ostree-Root-partition-mount-point.html#ostree-sysroot-origin-new-from-refspec"/>
@@ -383,7 +378,7 @@
     <keyword type="function" name="ostree_sign_metadata_key ()" link="ostree-Signature-management.html#ostree-sign-metadata-key" since="2020.2"/>
     <keyword type="function" name="ostree_sign_set_pk ()" link="ostree-Signature-management.html#ostree-sign-set-pk" since="2020.2"/>
     <keyword type="function" name="ostree_sign_set_sk ()" link="ostree-Signature-management.html#ostree-sign-set-sk" since="2020.2"/>
-    <keyword type="function" name="ostree_sign_summary ()" link="ostree-Signature-management.html#ostree-sign-summary" since="2020.2"/>
+    <keyword type="function" name="ostree_sign_summary ()" link="ostree-Signature-management.html#ostree-sign-summary"/>
     <keyword type="struct" name="OstreeSign" link="ostree-Signature-management.html#OstreeSign"/>
     <keyword type="function" name="ostree_bootconfig_parser_new ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-new"/>
     <keyword type="function" name="ostree_bootconfig_parser_clone ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-clone"/>
@@ -393,8 +388,6 @@
     <keyword type="function" name="ostree_bootconfig_parser_write_at ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-write-at"/>
     <keyword type="function" name="ostree_bootconfig_parser_set ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-set"/>
     <keyword type="function" name="ostree_bootconfig_parser_get ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-get"/>
-    <keyword type="function" name="ostree_bootconfig_parser_set_overlay_initrds ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-set-overlay-initrds" since="2020.7"/>
-    <keyword type="function" name="ostree_bootconfig_parser_get_overlay_initrds ()" link="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-get-overlay-initrds" since="2020.7"/>
     <keyword type="struct" name="OstreeBootconfigParser" link="ostree-ostree-bootconfig-parser.html#OstreeBootconfigParser"/>
     <keyword type="function" name="ostree_chain_input_stream_new ()" link="ostree-ostree-chain-input-stream.html#ostree-chain-input-stream-new"/>
     <keyword type="struct" name="struct OstreeChainInputStream" link="ostree-ostree-chain-input-stream.html#OstreeChainInputStream"/>
@@ -566,7 +559,5 @@
     <keyword type="member" name="OstreeDeployment.origin" link="ostree-ostree-deployment.html#OstreeDeployment.origin"/>
     <keyword type="member" name="OstreeDeployment.unlocked" link="ostree-ostree-deployment.html#OstreeDeployment.unlocked"/>
     <keyword type="member" name="OstreeDeployment.staged" link="ostree-ostree-deployment.html#OstreeDeployment.staged"/>
-    <keyword type="member" name="OstreeDeployment.overlay-initrds" link="ostree-ostree-deployment.html#OstreeDeployment.overlay-initrds"/>
-    <keyword type="member" name="OstreeDeployment.overlay-initrds-id" link="ostree-ostree-deployment.html#OstreeDeployment.overlay-initrds-id"/>
   </functions>
 </book>
diff --git a/apidoc/html/reference.html b/apidoc/html/reference.html
index 0bf7c27..272075d 100644
--- a/apidoc/html/reference.html
+++ b/apidoc/html/reference.html
@@ -148,10 +148,6 @@
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-get-overlay-initrds" title="ostree_bootconfig_parser_get_overlay_initrds ()">ostree_bootconfig_parser_get_overlay_initrds</a>, function in <a class="link" href="ostree-ostree-bootconfig-parser.html" title="ostree-bootconfig-parser">ostree-bootconfig-parser</a>
-</dt>
-<dd></dd>
-<dt>
 <a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-new" title="ostree_bootconfig_parser_new ()">ostree_bootconfig_parser_new</a>, function in <a class="link" href="ostree-ostree-bootconfig-parser.html" title="ostree-bootconfig-parser">ostree-bootconfig-parser</a>
 </dt>
 <dd></dd>
@@ -168,10 +164,6 @@
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-set-overlay-initrds" title="ostree_bootconfig_parser_set_overlay_initrds ()">ostree_bootconfig_parser_set_overlay_initrds</a>, function in <a class="link" href="ostree-ostree-bootconfig-parser.html" title="ostree-bootconfig-parser">ostree-bootconfig-parser</a>
-</dt>
-<dd></dd>
-<dt>
 <a class="link" href="ostree-ostree-bootconfig-parser.html#ostree-bootconfig-parser-write" title="ostree_bootconfig_parser_write ()">ostree_bootconfig_parser_write</a>, function in <a class="link" href="ostree-ostree-bootconfig-parser.html" title="ostree-bootconfig-parser">ostree-bootconfig-parser</a>
 </dt>
 <dd></dd>
@@ -1470,18 +1462,10 @@ ostree_repo_set_collection_ref_immediate, function in ostree-misc-experimental
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-OstreeRepo.html#ostree-repo-static-delta-execute-offline-with-signature" title="ostree_repo_static_delta_execute_offline_with_signature ()">ostree_repo_static_delta_execute_offline_with_signature</a>, function in <a class="link" href="ostree-OstreeRepo.html" title="OstreeRepo: Content-addressed object store">OstreeRepo</a>
-</dt>
-<dd></dd>
-<dt>
 <a class="link" href="ostree-OstreeRepo.html#ostree-repo-static-delta-generate" title="ostree_repo_static_delta_generate ()">ostree_repo_static_delta_generate</a>, function in <a class="link" href="ostree-OstreeRepo.html" title="OstreeRepo: Content-addressed object store">OstreeRepo</a>
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-OstreeRepo.html#ostree-repo-static-delta-verify-signature" title="ostree_repo_static_delta_verify_signature ()">ostree_repo_static_delta_verify_signature</a>, function in <a class="link" href="ostree-OstreeRepo.html" title="OstreeRepo: Content-addressed object store">OstreeRepo</a>
-</dt>
-<dd></dd>
-<dt>
 ostree_repo_transaction_set_collection_ref, function in ostree-misc-experimental
 </dt>
 <dd></dd>
@@ -1779,10 +1763,6 @@ ostree_repo_transaction_set_collection_ref, function in ostree-misc-experimental
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-deploy-tree-with-options" title="ostree_sysroot_deploy_tree_with_options ()">ostree_sysroot_deploy_tree_with_options</a>, function in <a class="link" href="ostree-Root-partition-mount-point.html" title="Root partition mount point">Root partition mount point</a>
-</dt>
-<dd></dd>
-<dt>
 <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-ensure-initialized" title="ostree_sysroot_ensure_initialized ()">ostree_sysroot_ensure_initialized</a>, function in <a class="link" href="ostree-Root-partition-mount-point.html" title="Root partition mount point">Root partition mount point</a>
 </dt>
 <dd></dd>
@@ -1899,18 +1879,10 @@ ostree_repo_transaction_set_collection_ref, function in ostree-misc-experimental
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-overlay-initrd" title="ostree_sysroot_stage_overlay_initrd ()">ostree_sysroot_stage_overlay_initrd</a>, function in <a class="link" href="ostree-Root-partition-mount-point.html" title="Root partition mount point">Root partition mount point</a>
-</dt>
-<dd></dd>
-<dt>
 <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree" title="ostree_sysroot_stage_tree ()">ostree_sysroot_stage_tree</a>, function in <a class="link" href="ostree-Root-partition-mount-point.html" title="Root partition mount point">Root partition mount point</a>
 </dt>
 <dd></dd>
 <dt>
-<a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-stage-tree-with-options" title="ostree_sysroot_stage_tree_with_options ()">ostree_sysroot_stage_tree_with_options</a>, function in <a class="link" href="ostree-Root-partition-mount-point.html" title="Root partition mount point">Root partition mount point</a>
-</dt>
-<dd></dd>
-<dt>
 <a class="link" href="ostree-Root-partition-mount-point.html#ostree-sysroot-try-lock" title="ostree_sysroot_try_lock ()">ostree_sysroot_try_lock</a>, function in <a class="link" href="ostree-Root-partition-mount-point.html" title="Root partition mount point">Root partition mount point</a>
 </dt>
 <dd></dd>
diff --git a/apidoc/ostree-sections.txt b/apidoc/ostree-sections.txt
index c1d6b35..979c8e9 100644
--- a/apidoc/ostree-sections.txt
+++ b/apidoc/ostree-sections.txt
@@ -37,8 +37,6 @@ ostree_bootconfig_parser_write
 ostree_bootconfig_parser_write_at
 ostree_bootconfig_parser_set
 ostree_bootconfig_parser_get
-ostree_bootconfig_parser_set_overlay_initrds
-ostree_bootconfig_parser_get_overlay_initrds
 <SUBSECTION Standard>
 OSTREE_BOOTCONFIG_PARSER
 OSTREE_IS_BOOTCONFIG_PARSER
@@ -414,9 +412,7 @@ ostree_repo_list_commit_objects_starting_with
 ostree_repo_list_static_delta_names
 OstreeStaticDeltaGenerateOpt
 ostree_repo_static_delta_generate
-ostree_repo_static_delta_execute_offline_with_signature
 ostree_repo_static_delta_execute_offline
-ostree_repo_static_delta_verify_signature
 ostree_repo_traverse_new_reachable
 ostree_repo_traverse_new_parents
 ostree_repo_traverse_parents_get_commits
@@ -547,10 +543,7 @@ ostree_sysroot_write_deployments
 ostree_sysroot_write_deployments_with_options
 ostree_sysroot_write_origin_file
 ostree_sysroot_stage_tree
-ostree_sysroot_stage_tree_with_options
-ostree_sysroot_stage_overlay_initrd
 ostree_sysroot_deploy_tree
-ostree_sysroot_deploy_tree_with_options
 ostree_sysroot_get_merge_deployment
 ostree_sysroot_query_deployments_for
 ostree_sysroot_origin_new_from_refspec
diff --git a/bash/ostree b/bash/ostree
index d00695e..7256e40 100644
--- a/bash/ostree
+++ b/bash/ostree
@@ -1532,9 +1532,6 @@ _ostree_static_delta_apply_offline() {
     "
 
     local options_with_args="
-        --sign-type
-        --keys-file
-        --keys-dir
         --repo
     "
 
@@ -1616,8 +1613,6 @@ _ostree_static_delta_generate() {
         --repo
         --set-endianness
         --to
-        --sign
-        --sign-type
     "
 
     local options_with_args_glob=$( __ostree_to_extglob "$options_with_args" )
@@ -1635,9 +1630,6 @@ _ostree_static_delta_generate() {
             COMPREPLY=( $( compgen -W "l B" -- "$cur" ) )
             return 0
             ;;
-        $options_with_args_glob )
-            return 0
-            ;;
     esac
 
     case "$cur" in
@@ -1712,40 +1704,6 @@ _ostree_static_delta_show() {
     return 0
 }
 
-_ostree_static_delta_verify() {
-    local boolean_options="
-        $main_boolean_options
-    "
-
-    local options_with_args="
-        --sign-type
-        --keys-file
-        --keys-dir
-        --repo
-    "
-
-    local options_with_args_glob=$( __ostree_to_extglob "$options_with_args" )
-
-    case "$prev" in
-        --keys-file|--keys-dir|--repo)
-            __ostree_compreply_dirs_only
-            return 0
-            ;;
-        $options_with_args_glob )
-            return 0
-            ;;
-    esac
-
-    case "$cur" in
-        -*)
-            local all_options="$boolean_options $options_with_args"
-            __ostree_compreply_all_options
-            ;;
-    esac
-
-    return 0
-}
-
 _ostree_static_delta() {
     local subcommands="
         apply-offline
diff --git a/configure b/configure
index 6f5d091..127efaa 100755
--- a/configure
+++ b/configure
@@ -1,6 +1,6 @@
 #! /bin/sh
 # Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for libostree 2020.7.
+# Generated by GNU Autoconf 2.69 for libostree 2020.4.
 #
 # Report bugs to <walters@verbum.org>.
 #
@@ -590,8 +590,8 @@ MAKEFLAGS=
 # Identity of this package.
 PACKAGE_NAME='libostree'
 PACKAGE_TARNAME='libostree'
-PACKAGE_VERSION='2020.7'
-PACKAGE_STRING='libostree 2020.7'
+PACKAGE_VERSION='2020.4'
+PACKAGE_STRING='libostree 2020.4'
 PACKAGE_BUGREPORT='walters@verbum.org'
 PACKAGE_URL=''
 
@@ -1561,7 +1561,7 @@ if test "$ac_init_help" = "long"; then
   # Omit some internal or obsolete options to make the list less imposing.
   # This message is too long to be a string in the A/UX 3.1 sh.
   cat <<_ACEOF
-\`configure' configures libostree 2020.7 to adapt to many kinds of systems.
+\`configure' configures libostree 2020.4 to adapt to many kinds of systems.
 
 Usage: $0 [OPTION]... [VAR=VALUE]...
 
@@ -1631,7 +1631,7 @@ fi
 
 if test -n "$ac_init_help"; then
   case $ac_init_help in
-     short | recursive ) echo "Configuration of libostree 2020.7:";;
+     short | recursive ) echo "Configuration of libostree 2020.4:";;
    esac
   cat <<\_ACEOF
 
@@ -1896,7 +1896,7 @@ fi
 test -n "$ac_init_help" && exit $ac_status
 if $ac_init_version; then
   cat <<\_ACEOF
-libostree configure 2020.7
+libostree configure 2020.4
 generated by GNU Autoconf 2.69
 
 Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2368,7 +2368,7 @@ cat >config.log <<_ACEOF
 This file contains any messages produced by compilers while
 running configure, to aid debugging if configure makes a mistake.
 
-It was created by libostree $as_me 2020.7, which was
+It was created by libostree $as_me 2020.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   $ $0 $@
@@ -3236,7 +3236,7 @@ fi
 
 # Define the identity of the package.
  PACKAGE='libostree'
- VERSION='2020.7'
+ VERSION='2020.4'
 
 
 # Some tools Automake needs.
@@ -5970,9 +5970,9 @@ test -n "$YACC" || YACC="yacc"
 
 YEAR_VERSION=2020
 
-RELEASE_VERSION=7
+RELEASE_VERSION=4
 
-PACKAGE_VERSION=2020.7
+PACKAGE_VERSION=2020.4
 
 
 if echo "$CFLAGS" | grep -q -E -e '-Werror($| )'; then :
@@ -5983,7 +5983,6 @@ else
   for flag in \
   -pipe \
   -Wall \
-  -Werror=shadow \
   -Werror=empty-body \
   -Werror=strict-prototypes \
   -Werror=missing-prototypes \
@@ -19026,7 +19025,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
 # report actual input values of CONFIG_FILES etc. instead of their
 # values after options handling.
 ac_log="
-This file was extended by libostree $as_me 2020.7, which was
+This file was extended by libostree $as_me 2020.4, which was
 generated by GNU Autoconf 2.69.  Invocation command line was
 
   CONFIG_FILES    = $CONFIG_FILES
@@ -19092,7 +19091,7 @@ _ACEOF
 cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
 ac_cs_version="\\
-libostree config.status 2020.7
+libostree config.status 2020.4
 configured by $0, generated by GNU Autoconf 2.69,
   with options \\"\$ac_cs_config\\"
 
diff --git a/configure.ac b/configure.ac
index 13f5bef..855528c 100644
--- a/configure.ac
+++ b/configure.ac
@@ -7,7 +7,7 @@ dnl Seed the release notes with `git-shortlog-with-prs <previous-release>..`. Th
 dnl `git-evtag` to create the tag and push it. Finally, create a GitHub release and attach
 dnl the tarball from `make dist`.
 m4_define([year_version], [2020])
-m4_define([release_version], [7])
+m4_define([release_version], [4])
 m4_define([package_version], [year_version.release_version])
 AC_INIT([libostree], [package_version], [walters@verbum.org])
 is_release_build=yes
@@ -35,7 +35,6 @@ AS_IF([echo "$CFLAGS" | grep -q -E -e '-Werror($| )'], [], [
 CC_CHECK_FLAGS_APPEND([WARN_CFLAGS], [CFLAGS], [\
   -pipe \
   -Wall \
-  -Werror=shadow \
   -Werror=empty-body \
   -Werror=strict-prototypes \
   -Werror=missing-prototypes \
diff --git a/libglnx/glnx-fdio.c b/libglnx/glnx-fdio.c
index 422bc2d..e537a9b 100644
--- a/libglnx/glnx-fdio.c
+++ b/libglnx/glnx-fdio.c
@@ -303,8 +303,8 @@ glnx_open_anonymous_tmpfile_full (int          flags,
 }
 
 /* A variant of `glnx_open_tmpfile_linkable_at()` which doesn't support linking.
- * Useful for true temporary storage. The fd will be allocated in `$TMPDIR` if
- * set or `/var/tmp` otherwise.
+ * Useful for true temporary storage. The fd will be allocated in /var/tmp to
+ * ensure maximum storage space.
  *
  * If you need the file on a specific filesystem use glnx_open_anonymous_tmpfile_full()
  * which lets you pass a directory.
@@ -314,10 +314,7 @@ glnx_open_anonymous_tmpfile (int          flags,
                              GLnxTmpfile *out_tmpf,
                              GError     **error)
 {
-  return glnx_open_anonymous_tmpfile_full (flags,
-                                           getenv("TMPDIR") ?: "/var/tmp",
-                                           out_tmpf,
-                                           error);
+  return glnx_open_anonymous_tmpfile_full (flags, "/var/tmp", out_tmpf, error);
 }
 
 /* Use this after calling glnx_open_tmpfile_linkable_at() to give
diff --git a/libglnx/glnx-xattrs.c b/libglnx/glnx-xattrs.c
index 892d534..79a14cd 100644
--- a/libglnx/glnx-xattrs.c
+++ b/libglnx/glnx-xattrs.c
@@ -283,7 +283,7 @@ set_all_xattrs_for_path (const char    *path,
       const guint8* value_data = g_variant_get_fixed_array (value, &value_len, 1);
 
       if (lsetxattr (path, (char*)name, (char*)value_data, value_len, 0) < 0)
-        return glnx_throw_errno_prefix (error, "lsetxattr(%s)", name);
+        return glnx_throw_errno_prefix (error, "lsetxattr");
     }
 
   return TRUE;
@@ -351,7 +351,7 @@ glnx_fd_set_all_xattrs (int            fd,
       const guint8* value_data = g_variant_get_fixed_array (value, &value_len, 1);
 
       if (TEMP_FAILURE_RETRY (fsetxattr (fd, (char*)name, (char*)value_data, value_len, 0)) < 0)
-        return glnx_throw_errno_prefix (error, "Setting xattrs: fsetxattr(%s)", name);
+        return glnx_throw_errno_prefix (error, "fsetxattr");
     }
 
   return TRUE;
@@ -378,11 +378,11 @@ glnx_lgetxattrat (int            dfd,
 
   ssize_t bytes_read, real_size;
   if (TEMP_FAILURE_RETRY (bytes_read = lgetxattr (pathbuf, attribute, NULL, 0)) < 0)
-    return glnx_null_throw_errno_prefix (error, "lgetxattr(%s)", attribute);
+    return glnx_null_throw_errno_prefix (error, "lgetxattr");
 
   g_autofree guint8 *buf = g_malloc (bytes_read);
   if (TEMP_FAILURE_RETRY (real_size = lgetxattr (pathbuf, attribute, buf, bytes_read)) < 0)
-    return glnx_null_throw_errno_prefix (error, "lgetxattr(%s)", attribute);
+    return glnx_null_throw_errno_prefix (error, "lgetxattr");
 
   return g_bytes_new_take (g_steal_pointer (&buf), real_size);
 }
@@ -403,11 +403,11 @@ glnx_fgetxattr_bytes (int            fd,
   ssize_t bytes_read, real_size;
 
   if (TEMP_FAILURE_RETRY (bytes_read = fgetxattr (fd, attribute, NULL, 0)) < 0)
-    return glnx_null_throw_errno_prefix (error, "fgetxattr(%s)", attribute);
+    return glnx_null_throw_errno_prefix (error, "fgetxattr");
 
   g_autofree guint8 *buf = g_malloc (bytes_read);
   if (TEMP_FAILURE_RETRY (real_size = fgetxattr (fd, attribute, buf, bytes_read)) < 0)
-    return glnx_null_throw_errno_prefix (error, "fgetxattr(%s)", attribute);
+    return glnx_null_throw_errno_prefix (error, "fgetxattr");
 
   return g_bytes_new_take (g_steal_pointer (&buf), real_size);
 }
@@ -437,7 +437,7 @@ glnx_lsetxattrat (int            dfd,
   snprintf (pathbuf, sizeof (pathbuf), "/proc/self/fd/%d/%s", dfd, subpath);
 
   if (TEMP_FAILURE_RETRY (lsetxattr (subpath, attribute, value, len, flags)) < 0)
-    return glnx_throw_errno_prefix (error, "lsetxattr(%s)", attribute);
+    return glnx_throw_errno_prefix (error, "lsetxattr");
 
   return TRUE;
 }
diff --git a/man/ostree-checkout.xml b/man/ostree-checkout.xml
index dfa2ce1..3956e34 100644
--- a/man/ostree-checkout.xml
+++ b/man/ostree-checkout.xml
@@ -163,7 +163,7 @@ Boston, MA 02111-1307, USA.
                 <option>-z</option></term>
 
                 <listitem><para>
-                    This option does nothing; the functionality is now always on by default.
+                    Do not hardlink zero-sized files.
                 </para></listitem>
             </varlistentry>
 
diff --git a/man/ostree-commit.xml b/man/ostree-commit.xml
index ab5d341..b0c5b33 100644
--- a/man/ostree-commit.xml
+++ b/man/ostree-commit.xml
@@ -83,14 +83,6 @@ Boston, MA 02111-1307, USA.
             </varlistentry>
 
             <varlistentry>
-                <term><option>--body-file</option>, <option>-F</option>="FILE"</term>
-
-                <listitem><para>
-                    Full commit description from a file. (optional)
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
                 <term><option>--editor</option>, <option>-e</option></term>
 
                 <listitem><para>
@@ -107,14 +99,6 @@ Boston, MA 02111-1307, USA.
             </varlistentry>
 
             <varlistentry>
-                <term><option>--parent</option>="COMMIT"</term>
-
-                <listitem><para>
-                    Parent checksum or "none" to explicitly use no parent.  If not specified, <literal>BRANCH</literal> is used as parent (no parent in case <literal>BRANCH</literal> does not exist).
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
                 <term><option>--tree</option>="dir=PATH" or "tar=TARFILE" or "ref=COMMIT"</term>
 
                 <listitem><para>
@@ -135,23 +119,7 @@ Boston, MA 02111-1307, USA.
                 <term><option>--add-metadata-string</option>="KEY=VALUE"</term>
 
                 <listitem><para>
-                    Add a key/value pair to metadata. Can be specified multiple times.
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
-                <term><option>--add-metadata</option>="KEY=VALUE"</term>
-
-                <listitem><para>
-                    Add a key/value pair to metadata, where the KEY is a string, and VALUE is g_variant_parse() formatted. Can be specified multiple times.
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
-                <term><option>--keep-metadata</option>="KEY"</term>
-
-                <listitem><para>
-                    Keep metadata KEY and its associated VALUE from parent. Can be specified multiple times.
+                    Add a key/value pair to metadata.
                 </para></listitem>
             </varlistentry>
 
diff --git a/man/ostree-static-delta.xml b/man/ostree-static-delta.xml
index 440ada4..dfeef28 100644
--- a/man/ostree-static-delta.xml
+++ b/man/ostree-static-delta.xml
@@ -63,10 +63,7 @@ Boston, MA 02111-1307, USA.
                 <command>ostree static-delta generate</command> <arg choice="req">--to=REV</arg> <arg choice="opt" rep="repeat">OPTIONS</arg>
             </cmdsynopsis>
             <cmdsynopsis>
-                <command>ostree static-delta apply-offline</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">PATH</arg> <arg choice="opt" rep="repeat">KEY-ID</arg>
-            </cmdsynopsis>
-            <cmdsynopsis>
-                <command>ostree static-delta verify</command> <arg choice="opt" rep="repeat">OPTIONS</arg> <arg choice="req">STATIC-DELTA</arg> <arg choice="opt" rep="repeat">KEY-ID</arg>
+                <command>ostree static-delta apply-offline</command> <arg choice="req">PATH</arg>
             </cmdsynopsis>
     </refsynopsisdiv>
 
@@ -116,159 +113,6 @@ Boston, MA 02111-1307, USA.
                 </para></listitem>
             </varlistentry>
 
-            <varlistentry>
-                <term><option>--sign-type</option>=ENGINE</term>
-
-                <listitem><para>
-                    Use particular signature engine. Currently
-                    available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
-                    signature types.
-
-                    The default is <arg choice="plain">ed25519</arg>.
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
-                <term><option>--sign</option>="KEY-ID"</term>
-                <listitem><para>
-                        There <literal>KEY-ID</literal> is:
-                        <variablelist>
-                            <varlistentry>
-                                <term><option>for ed25519:</option></term>
-                                <listitem><para>
-                                        <literal>base64</literal>-encoded secret key for signing.
-                                </para></listitem>
-                            </varlistentry>
-
-                            <varlistentry>
-                                <term><option>for dummy:</option></term>
-                                <listitem><para>
-                                            ASCII-string used as secret key.
-                                </para></listitem>
-                            </varlistentry>
-                        </variablelist>
-                </para></listitem>
-            </varlistentry>
-        </variablelist>
-    </refsect1>
-
-        <refsect1>
-            <title>'Apply-offline' Options</title>
-
-            <variablelist>
-                <varlistentry>
-                    <term><option>KEY-ID</option></term>
-
-                    <listitem><para>
-                        <variablelist>
-                            <varlistentry>
-                                <term><option>for ed25519:</option></term>
-                                <listitem><para>
-                                        <literal>base64</literal>-encoded public key for verifying.
-                                </para></listitem>
-                            </varlistentry>
-
-                            <varlistentry>
-                                <term><option>for dummy:</option></term>
-                                <listitem><para>
-                                            ASCII-string used as public key.
-                                </para></listitem>
-                            </varlistentry>
-                        </variablelist>
-                    </para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                    <term><option>--sign-type</option>=ENGINE</term>
-
-                    <listitem><para>
-                        Use particular signature engine. Currently
-                        available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
-                        signature types.
-                    </para></listitem>
-                </varlistentry>
-
-                <varlistentry>
-                     <term><option>--keys-file</option></term>
-                     <listitem><para>
-                         Read key(s) from file <filename>filename</filename>.
-                     </para></listitem>
-
-                     <listitem><para>
-                         Valid for <literal>ed25519</literal> signature type.
-                         For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
-                         public key(s) per line for verifying.
-                     </para></listitem>
-                 </varlistentry>
-
-                 <varlistentry>
-                     <term><option>--keys-dir</option></term>
-                     <listitem><para>
-                         Redefine the system path, where to search files and subdirectories with
-                         well-known and revoked keys.
-                     </para></listitem>
-                 </varlistentry>
-            </variablelist>
-        </refsect1>
-
-    <refsect1>
-        <title>'Verify' Options</title>
-
-        <variablelist>
-            <varlistentry>
-                <term><option>KEY-ID</option></term>
-
-                <listitem><para>
-                    <variablelist>
-                        <varlistentry>
-                            <term><option>for ed25519:</option></term>
-                            <listitem><para>
-                                    <literal>base64</literal>-encoded public key for verifying.
-                            </para></listitem>
-                        </varlistentry>
-
-                        <varlistentry>
-                            <term><option>for dummy:</option></term>
-                            <listitem><para>
-                                        ASCII-string used as public key.
-                            </para></listitem>
-                        </varlistentry>
-                    </variablelist>
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
-                <term><option>--sign-type</option>=ENGINE</term>
-
-                <listitem><para>
-                    Use particular signature engine. Currently
-                    available <arg choice="plain">ed25519</arg> and <arg choice="plain">dummy</arg>
-                    signature types.
-
-                    The default is <arg choice="plain">ed25519</arg>.
-                </para></listitem>
-            </varlistentry>
-
-            <varlistentry>
-                 <term><option>--keys-file</option></term>
-                 <listitem><para>
-                     Read key(s) from file <filename>filename</filename>.
-                 </para></listitem>
-
-                 <listitem><para>
-                     Valid for <literal>ed25519</literal> signature type.
-                     For <literal>ed25519</literal> this file must contain <literal>base64</literal>-encoded
-                     public key(s) per line for verifying.
-                 </para></listitem>
-             </varlistentry>
-
-             <varlistentry>
-                 <term><option>--keys-dir</option></term>
-                 <listitem><para>
-                     Redefine the system path, where to search files and subdirectories with
-                     well-known and revoked keys.
-                 </para></listitem>
-             </varlistentry>
         </variablelist>
     </refsect1>
 
diff --git a/man/ostree.xml b/man/ostree.xml
index e280a02..8c08bae 100644
--- a/man/ostree.xml
+++ b/man/ostree.xml
@@ -484,70 +484,6 @@ Boston, MA 02111-1307, USA.
     </refsect1>
 
     <refsect1>
-        <title>Terminology</title>
-        <para>
-            The following terms are commonly used throughout the man pages. Terms in upper case letters
-            are literals used in command line arguments.
-        </para>
-        <glosslist>
-            <glossentry><glossterm><literal>BRANCH</literal></glossterm>
-                <glossdef>
-                    <para>
-                        Branch name. Part of a <glossterm><literal>REF</literal></glossterm>.
-                    </para>
-                </glossdef>
-            </glossentry>
-            <glossentry><glossterm><literal>CHECKSUM</literal></glossterm>
-                <glossdef>
-                    <para>
-                        A SHA256 hash of a object stored in the OSTree repository. This can be a content,
-                        a dirtree, a dirmeta or a commit object. If the SHA256 hash of a commit object is
-                        meant, the term <glossterm><literal>COMMIT</literal></glossterm> is used.
-                    </para>
-                </glossdef>
-            </glossentry>
-            <glossentry><glossterm><literal>COMMIT</literal></glossterm>
-                <glossdef>
-                    <para>
-                        A SHA256 hash of a commit object.
-                    </para>
-                </glossdef>
-            </glossentry>
-            <glossentry><glossterm><literal>REF</literal></glossterm>
-                <glossdef>
-                    <para>
-                        A reference to a particular commit. References are text files stored in
-                        <filename>refs/</filename> that name (refer to) a particular commit. A
-                        reference can only be the branch name part, in which case a local reference
-                        is used (e.g. <literal>mybranch/stable</literal>). If a remote branch
-                        is referred to, the remote name followed by a colon and the branch name
-                        needs to be used (e.g. <literal>myremote:mybranch/stable</literal>).
-                    </para>
-                </glossdef>
-            </glossentry>
-            <glossentry><glossterm><literal>REV</literal></glossterm> <glossterm><literal>REFSPEC</literal></glossterm>
-                <glossdef>
-                    <para>
-                        A specific revision, a commit. This can be anything which can be resolved to a
-                        commit, e.g. a <glossterm><literal>REF</literal></glossterm> or a
-                        <glossterm><literal>COMMIT</literal></glossterm>.
-                    </para>
-                </glossdef>
-            </glossentry>
-            <glossentry><glossterm>SHA256</glossterm>
-                <glossdef>
-                    <para>
-                        A cryptographic hash function used to store objects in the OSTree
-                        repository. The hashes have a length of 256 bites and are typically
-                        shown and passed to ostree in its 64 ASCII character long hexadecimal
-                        representation
-                        (e.g. 0fc70ed33cfd7d26fe99ae29afb7682ddd0e2157a4898bd8cfcdc8a03565b870).
-                    </para>
-                </glossdef>
-            </glossentry>
-        </glosslist>
-    </refsect1>
-    <refsect1>
         <title>See Also</title>
         <para>
             <citerefentry><refentrytitle>ostree.repo</refentrytitle><manvolnum>5</manvolnum></citerefentry>
diff --git a/src/boot/dracut/ostree.conf b/src/boot/dracut/ostree.conf
index ac70494..612bb43 100755
--- a/src/boot/dracut/ostree.conf
+++ b/src/boot/dracut/ostree.conf
@@ -16,4 +16,3 @@
 # Boston, MA 02111-1307, USA.
 
 add_dracutmodules+=" ostree systemd "
-reproducible=yes
diff --git a/src/boot/mkinitcpio/ostree b/src/boot/mkinitcpio/ostree
index 3aa0659..7f21cac 100644
--- a/src/boot/mkinitcpio/ostree
+++ b/src/boot/mkinitcpio/ostree
@@ -5,6 +5,6 @@ build() {
     add_binary /usr/lib/ostree/ostree-remount
 
     add_file /usr/lib/systemd/system/ostree-prepare-root.service
-    add_symlink /usr/lib/systemd/system/initrd-root-fs.target.wants/ostree-prepare-root.service \
+    add_symlink /usr/lib/systemd/system/initrd-switch-root.target.wants/ostree-prepare-root.service \
         /usr/lib/systemd/system/ostree-prepare-root.service
 }
diff --git a/src/boot/ostree-prepare-root.service b/src/boot/ostree-prepare-root.service
index 250ffe7..9169220 100644
--- a/src/boot/ostree-prepare-root.service
+++ b/src/boot/ostree-prepare-root.service
@@ -30,6 +30,6 @@ Before=initrd-root-fs.target
 Type=oneshot
 ExecStart=/usr/lib/ostree/ostree-prepare-root /sysroot
 StandardInput=null
-StandardOutput=journal
-StandardError=journal+console
+StandardOutput=syslog
+StandardError=syslog+console
 RemainAfterExit=yes
diff --git a/src/boot/ostree-remount.service b/src/boot/ostree-remount.service
index af40453..4c3ed94 100644
--- a/src/boot/ostree-remount.service
+++ b/src/boot/ostree-remount.service
@@ -35,8 +35,8 @@ Type=oneshot
 RemainAfterExit=yes
 ExecStart=/usr/lib/ostree/ostree-remount
 StandardInput=null
-StandardOutput=journal
-StandardError=journal+console
+StandardOutput=syslog
+StandardError=syslog+console
 
 [Install]
 WantedBy=local-fs.target
diff --git a/src/libostree/libostree-released.sym b/src/libostree/libostree-released.sym
index c154d8c..5c63f78 100644
--- a/src/libostree/libostree-released.sym
+++ b/src/libostree/libostree-released.sym
@@ -593,9 +593,6 @@ global:
   ostree_sysroot_set_mount_namespace_in_use;
 } LIBOSTREE_2019.6;
 
-/* No new symbols in 2020.2 */
-/* No new symbols in 2020.3 */
-
 /* Add new symbols here.  Release commits should copy this section into -released.sym. */
 LIBOSTREE_2020.4 {
 global:
@@ -618,23 +615,7 @@ global:
   ostree_sign_summary;
 } LIBOSTREE_2020.1;
 
-/* No new symbols in 2020.5 */
-
-/* No new symbols in 2020.6 */
-
-LIBOSTREE_2020.7 {
-global:
-  /* Add symbols here, and uncomment the bits in
-   * Makefile-libostree.am to enable this too.
-   */
-  ostree_repo_static_delta_execute_offline_with_signature;
-  ostree_repo_static_delta_verify_signature;
-  ostree_bootconfig_parser_get_overlay_initrds;
-  ostree_bootconfig_parser_set_overlay_initrds;
-  ostree_sysroot_deploy_tree_with_options;
-  ostree_sysroot_stage_tree_with_options;
-  ostree_sysroot_stage_overlay_initrd;
-} LIBOSTREE_2020.4;
+/* No new symbols in 2020.2 */
 
 /* NOTE: Only add more content here in release commits!  See the
  * comments at the top of this file.
diff --git a/src/libostree/ostree-bootconfig-parser.c b/src/libostree/ostree-bootconfig-parser.c
index a36a411..67f9fb5 100644
--- a/src/libostree/ostree-bootconfig-parser.c
+++ b/src/libostree/ostree-bootconfig-parser.c
@@ -30,9 +30,6 @@ struct _OstreeBootconfigParser
   const char   *separators;
 
   GHashTable   *options;
-
-  /* Additional initrds; the primary initrd is in options. */
-  char        **overlay_initrds;
 };
 
 typedef GObjectClass OstreeBootconfigParserClass;
@@ -53,8 +50,6 @@ ostree_bootconfig_parser_clone (OstreeBootconfigParser *self)
   GLNX_HASH_TABLE_FOREACH_KV (self->options, const char*, k, const char*, v)
     g_hash_table_replace (parser->options, g_strdup (k), g_strdup (v));
 
-  parser->overlay_initrds = g_strdupv (self->overlay_initrds);
-
   return parser;
 }
 
@@ -81,8 +76,6 @@ ostree_bootconfig_parser_parse_at (OstreeBootconfigParser  *self,
   if (!contents)
     return FALSE;
 
-  g_autoptr(GPtrArray) overlay_initrds = NULL;
-
   g_auto(GStrv) lines = g_strsplit (contents, "\n", -1);
   for (char **iter = lines; *iter; iter++)
     {
@@ -94,19 +87,8 @@ ostree_bootconfig_parser_parse_at (OstreeBootconfigParser  *self,
           items = g_strsplit_set (line, self->separators, 2);
           if (g_strv_length (items) == 2 && items[0][0] != '\0')
             {
-              if (g_str_equal (items[0], "initrd") &&
-                  g_hash_table_contains (self->options, "initrd"))
-                {
-                  if (!overlay_initrds)
-                    overlay_initrds = g_ptr_array_new_with_free_func (g_free);
-                  g_ptr_array_add (overlay_initrds, items[1]);
-                  g_free (items[0]);
-                }
-              else
-                {
-                  g_hash_table_insert (self->options, items[0], items[1]);
-                }
-              g_free (items); /* Free container; we stole the elements */
+              g_hash_table_insert (self->options, items[0], items[1]);
+              g_free (items); /* Transfer ownership */
             }
           else
             {
@@ -115,12 +97,6 @@ ostree_bootconfig_parser_parse_at (OstreeBootconfigParser  *self,
         }
     }
 
-  if (overlay_initrds)
-    {
-      g_ptr_array_add (overlay_initrds, NULL);
-      self->overlay_initrds = (char**)g_ptr_array_free (g_steal_pointer (&overlay_initrds), FALSE);
-    }
-
   self->parsed = TRUE;
 
   return TRUE;
@@ -151,41 +127,6 @@ ostree_bootconfig_parser_get (OstreeBootconfigParser  *self,
   return g_hash_table_lookup (self->options, key);
 }
 
-/**
- * ostree_bootconfig_parser_set_overlay_initrds:
- * @self: Parser
- * @initrds: (array zero-terminated=1) (transfer none) (allow-none): Array of overlay
- *    initrds or %NULL to unset.
- *
- * These are rendered as additional `initrd` keys in the final bootloader configs. The
- * base initrd is part of the primary keys.
- *
- * Since: 2020.7
- */
-void
-ostree_bootconfig_parser_set_overlay_initrds (OstreeBootconfigParser  *self,
-                                              char                   **initrds)
-{
-  g_assert (g_hash_table_contains (self->options, "initrd"));
-  g_strfreev (self->overlay_initrds);
-  self->overlay_initrds = g_strdupv (initrds);
-}
-
-/**
- * ostree_bootconfig_parser_get_overlay_initrds:
- * @self: Parser
- *
- * Returns: (array zero-terminated=1) (transfer none) (nullable): Array of initrds or %NULL
- * if none are set.
- *
- * Since: 2020.7
- */
-char**
-ostree_bootconfig_parser_get_overlay_initrds (OstreeBootconfigParser  *self)
-{
-  return self->overlay_initrds;
-}
-
 static void
 write_key (OstreeBootconfigParser    *self,
            GString                   *buf,
@@ -224,15 +165,6 @@ ostree_bootconfig_parser_write_at (OstreeBootconfigParser   *self,
         }
     }
 
-  /* Write overlay initrds */
-  if (self->overlay_initrds && (g_strv_length (self->overlay_initrds) > 0))
-    {
-      /* we should've written the primary initrd already */
-      g_assert (g_hash_table_contains (keys_written, "initrd"));
-      for (char **it = self->overlay_initrds; it && *it; it++)
-        write_key (self, buf, "initrd", *it);
-    }
-
   /* Write unknown fields */
   GLNX_HASH_TABLE_FOREACH_KV (self->options, const char*, k, const char*, v)
     {
@@ -265,7 +197,6 @@ ostree_bootconfig_parser_finalize (GObject *object)
 {
   OstreeBootconfigParser *self = OSTREE_BOOTCONFIG_PARSER (object);
 
-  g_strfreev (self->overlay_initrds);
   g_hash_table_unref (self->options);
 
   G_OBJECT_CLASS (ostree_bootconfig_parser_parent_class)->finalize (object);
diff --git a/src/libostree/ostree-bootconfig-parser.h b/src/libostree/ostree-bootconfig-parser.h
index d03c931..aec0753 100644
--- a/src/libostree/ostree-bootconfig-parser.h
+++ b/src/libostree/ostree-bootconfig-parser.h
@@ -73,11 +73,5 @@ _OSTREE_PUBLIC
 const char *ostree_bootconfig_parser_get (OstreeBootconfigParser  *self,
                                           const char      *key);
 
-_OSTREE_PUBLIC
-void ostree_bootconfig_parser_set_overlay_initrds (OstreeBootconfigParser  *self,
-                                                   char                   **initrds);
-
-_OSTREE_PUBLIC
-char** ostree_bootconfig_parser_get_overlay_initrds (OstreeBootconfigParser  *self);
 
 G_END_DECLS
diff --git a/src/libostree/ostree-bootloader-syslinux.c b/src/libostree/ostree-bootloader-syslinux.c
index 0055896..5fb8a1d 100644
--- a/src/libostree/ostree-bootloader-syslinux.c
+++ b/src/libostree/ostree-bootloader-syslinux.c
@@ -89,15 +89,15 @@ append_config_from_loader_entries (OstreeBootloaderSyslinux  *self,
       val = ostree_bootconfig_parser_get (config, "linux");
       if (!val)
         return glnx_throw (error, "No \"linux\" key in bootloader config");
-      g_ptr_array_add (new_lines, g_strdup_printf ("\tKERNEL /boot%s", val));
+      g_ptr_array_add (new_lines, g_strdup_printf ("\tKERNEL %s", val));
 
       val = ostree_bootconfig_parser_get (config, "initrd");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("\tINITRD /boot%s", val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("\tINITRD %s", val));
 
       val = ostree_bootconfig_parser_get (config, "devicetree");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("\tDEVICETREE /boot%s", val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("\tDEVICETREE %s", val));
 
       val = ostree_bootconfig_parser_get (config, "options");
       if (val)
@@ -150,13 +150,10 @@ _ostree_bootloader_syslinux_write_config (OstreeBootloader  *bootloader,
           if (kernel_arg == NULL)
             return glnx_throw (error, "No KERNEL argument found after LABEL");
 
-          /* If this is a non-ostree kernel, just emit the lines we saw.
-           *
-           * We check for /ostree (without /boot prefix) as well to support
-           * upgrading ostree from <v2020.4.
+          /* If this is a non-ostree kernel, just emit the lines
+           * we saw.
            */
-          if (!g_str_has_prefix (kernel_arg, "/ostree/") &&
-              !g_str_has_prefix (kernel_arg, "/boot/ostree/"))
+          if (!g_str_has_prefix (kernel_arg, "/ostree/"))
             {
               for (guint i = 0; i < tmp_lines->len; i++)
                 {
diff --git a/src/libostree/ostree-bootloader-uboot.c b/src/libostree/ostree-bootloader-uboot.c
index 7e23001..1e1f037 100644
--- a/src/libostree/ostree-bootloader-uboot.c
+++ b/src/libostree/ostree-bootloader-uboot.c
@@ -134,19 +134,19 @@ create_config_from_boot_loader_entries (OstreeBootloaderUboot     *self,
                        "No \"linux\" key in bootloader config");
           return FALSE;
         }
-      g_ptr_array_add (new_lines, g_strdup_printf ("kernel_image%s=/boot%s", index_suffix, val));
+      g_ptr_array_add (new_lines, g_strdup_printf ("kernel_image%s=%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "initrd");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("ramdisk_image%s=/boot%s", index_suffix, val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("ramdisk_image%s=%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "devicetree");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("fdt_file%s=/boot%s", index_suffix, val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("fdt_file%s=%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "fdtdir");
       if (val)
-        g_ptr_array_add (new_lines, g_strdup_printf ("fdtdir%s=/boot%s", index_suffix, val));
+        g_ptr_array_add (new_lines, g_strdup_printf ("fdtdir%s=%s", index_suffix, val));
 
       val = ostree_bootconfig_parser_get (config, "options");
       if (val)
diff --git a/src/libostree/ostree-core.c b/src/libostree/ostree-core.c
index 29528fa..523f57c 100644
--- a/src/libostree/ostree-core.c
+++ b/src/libostree/ostree-core.c
@@ -2675,7 +2675,7 @@ _ostree_detached_metadata_append_gpg_sig (GVariant   *existing_metadata,
                                _OSTREE_METADATA_GPGSIGS_NAME,
                                g_variant_builder_end (signature_builder));
 
-  return g_variant_ref_sink (g_variant_dict_end (&metadata_dict));
+  return g_variant_dict_end (&metadata_dict);
 }
 #endif /* OSTREE_DISABLE_GPGME */
 
diff --git a/src/libostree/ostree-deployment-private.h b/src/libostree/ostree-deployment-private.h
index b339ae2..ad77317 100644
--- a/src/libostree/ostree-deployment-private.h
+++ b/src/libostree/ostree-deployment-private.h
@@ -37,8 +37,6 @@ G_BEGIN_DECLS
  * @origin: How to construct an upgraded version of this tree
  * @unlocked: The unlocked state
  * @staged: TRUE iff this deployment is staged
- * @overlay_initrds: Checksums of staged additional initrds for this deployment
- * @overlay_initrds_id: Unique ID generated from initrd checksums; used to compare deployments
  */
 struct _OstreeDeployment
 {
@@ -54,15 +52,8 @@ struct _OstreeDeployment
   GKeyFile *origin;
   OstreeDeploymentUnlockedState unlocked;
   gboolean staged;
-  char **overlay_initrds;
-  char *overlay_initrds_id;
 };
 
 void _ostree_deployment_set_bootcsum (OstreeDeployment *self, const char *bootcsum);
 
-void _ostree_deployment_set_overlay_initrds (OstreeDeployment *self,
-                                             char **overlay_initrds);
-
-char** _ostree_deployment_get_overlay_initrds (OstreeDeployment *self);
-
 G_END_DECLS
diff --git a/src/libostree/ostree-deployment.c b/src/libostree/ostree-deployment.c
index 182bcee..6532a97 100644
--- a/src/libostree/ostree-deployment.c
+++ b/src/libostree/ostree-deployment.c
@@ -158,34 +158,6 @@ _ostree_deployment_set_bootcsum (OstreeDeployment *self,
   self->bootcsum = g_strdup (bootcsum);
 }
 
-void
-_ostree_deployment_set_overlay_initrds (OstreeDeployment *self,
-                                        char            **overlay_initrds)
-{
-  g_clear_pointer (&self->overlay_initrds, g_strfreev);
-  g_clear_pointer (&self->overlay_initrds_id, g_free);
-
-  if (!overlay_initrds || g_strv_length (overlay_initrds) == 0)
-    return;
-
-  /* Generate a unique ID representing this combination of overlay initrds. This is so that
-   * ostree_sysroot_write_deployments_with_options() can easily compare initrds when
-   * comparing deployments for whether a bootswap is necessary. We could be fancier here but
-   * meh... this works. */
-  g_autoptr(GString) id = g_string_new (NULL);
-  for (char **it = overlay_initrds; it && *it; it++)
-    g_string_append (id, *it);
-
-  self->overlay_initrds = g_strdupv (overlay_initrds);
-  self->overlay_initrds_id = g_string_free (g_steal_pointer (&id), FALSE);
-}
-
-char**
-_ostree_deployment_get_overlay_initrds (OstreeDeployment *self)
-{
-  return self->overlay_initrds;
-}
-
 /**
  * ostree_deployment_clone:
  * @self: Deployment
@@ -203,8 +175,6 @@ ostree_deployment_clone (OstreeDeployment *self)
   new_bootconfig = ostree_bootconfig_parser_clone (self->bootconfig);
   ostree_deployment_set_bootconfig (ret, new_bootconfig);
 
-  _ostree_deployment_set_overlay_initrds (ret, self->overlay_initrds);
-
   if (self->origin)
     {
       g_autoptr(GKeyFile) new_origin = NULL;
@@ -268,8 +238,6 @@ ostree_deployment_finalize (GObject *object)
   g_free (self->bootcsum);
   g_clear_object (&self->bootconfig);
   g_clear_pointer (&self->origin, g_key_file_unref);
-  g_strfreev (self->overlay_initrds);
-  g_free (self->overlay_initrds_id);
 
   G_OBJECT_CLASS (ostree_deployment_parent_class)->finalize (object);
 }
@@ -350,8 +318,6 @@ ostree_deployment_unlocked_state_to_string (OstreeDeploymentUnlockedState state)
       return "hotfix";
     case OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT:
       return "development";
-    case OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT:
-      return "transient";
     }
   g_assert_not_reached ();
 }
diff --git a/src/libostree/ostree-deployment.h b/src/libostree/ostree-deployment.h
index dcfa25e..756e39d 100644
--- a/src/libostree/ostree-deployment.h
+++ b/src/libostree/ostree-deployment.h
@@ -99,8 +99,7 @@ char *ostree_deployment_get_origin_relpath (OstreeDeployment *self);
 typedef enum {
   OSTREE_DEPLOYMENT_UNLOCKED_NONE,
   OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT,
-  OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX,
-  OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT,
+  OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX
 } OstreeDeploymentUnlockedState;
 
 _OSTREE_PUBLIC
diff --git a/src/libostree/ostree-enumtypes.c.template b/src/libostree/ostree-enumtypes.c.template
index 89ad32a..751c458 100644
--- a/src/libostree/ostree-enumtypes.c.template
+++ b/src/libostree/ostree-enumtypes.c.template
@@ -36,7 +36,7 @@
 GType
 _@enum_name@_get_type (void)
 {
-  static gsize the_type__volatile = 0;
+  static volatile gsize the_type__volatile = 0;
 
   if (g_once_init_enter (&the_type__volatile))
     {
diff --git a/src/libostree/ostree-fetcher-curl.c b/src/libostree/ostree-fetcher-curl.c
index 0ce3ff0..fdf8a2e 100644
--- a/src/libostree/ostree-fetcher-curl.c
+++ b/src/libostree/ostree-fetcher-curl.c
@@ -341,14 +341,14 @@ check_multi_info (OstreeFetcher *fetcher)
 
               if (req->idx + 1 == req->mirrorlist->len)
                 {
-                  g_autofree char *response_msg = g_strdup_printf ("Server returned HTTP %lu", response);
+                  g_autofree char *msg = g_strdup_printf ("Server returned HTTP %lu", response);
                   g_task_return_new_error (task, G_IO_ERROR, giocode,
-                                           "%s", response_msg);
+                                           "%s", msg);
                   if (req->fetcher->remote_name &&
                       !((req->flags & OSTREE_FETCHER_REQUEST_OPTIONAL_CONTENT) > 0 &&
                         giocode == G_IO_ERROR_NOT_FOUND))
                     _ostree_fetcher_journal_failure (req->fetcher->remote_name,
-                                                     eff_url, response_msg);
+                                                     eff_url, msg);
 
                 }
               else
diff --git a/src/libostree/ostree-linuxfsutil.c b/src/libostree/ostree-linuxfsutil.c
index cb778de..231ecf7 100644
--- a/src/libostree/ostree-linuxfsutil.c
+++ b/src/libostree/ostree-linuxfsutil.c
@@ -55,7 +55,7 @@ _ostree_linuxfs_fd_alter_immutable_flag (int            fd,
   if (g_atomic_int_get (&no_alter_immutable))
     return TRUE;
 
-  int flags = 0;
+  unsigned long flags;
   int r = ioctl (fd, EXT2_IOC_GETFLAGS, &flags);
   if (r == -1)
     {
diff --git a/src/libostree/ostree-repo-checkout.c b/src/libostree/ostree-repo-checkout.c
index 00c6a77..dc36370 100644
--- a/src/libostree/ostree-repo-checkout.c
+++ b/src/libostree/ostree-repo-checkout.c
@@ -613,12 +613,9 @@ checkout_one_file_at (OstreeRepo                        *repo,
     }
 
   const gboolean is_symlink = (g_file_info_get_file_type (source_info) == G_FILE_TYPE_SYMBOLIC_LINK);
-  const guint32 source_mode = g_file_info_get_attribute_uint32 (source_info, "unix::mode");
-  const gboolean is_unreadable = (!is_symlink && (source_mode & S_IRUSR) == 0);
   const gboolean is_whiteout = (!is_symlink && options->process_whiteouts &&
                                 g_str_has_prefix (destination_name, WHITEOUT_PREFIX));
   const gboolean is_reg_zerosized = (!is_symlink && g_file_info_get_size (source_info) == 0);
-  const gboolean override_user_unreadable = (options->mode == OSTREE_REPO_CHECKOUT_MODE_USER && is_unreadable);
 
   /* First, see if it's a Docker whiteout,
    * https://github.com/docker/docker/blob/1a714e76a2cb9008cd19609059e9988ff1660b78/pkg/archive/whiteouts.go
@@ -637,12 +634,8 @@ checkout_one_file_at (OstreeRepo                        *repo,
 
       need_copy = FALSE;
     }
-  else if (is_reg_zerosized || override_user_unreadable)
+  else if (options->force_copy_zerosized && is_reg_zerosized)
     {
-      /* In https://github.com/ostreedev/ostree/commit/673cacd633f9d6b653cdea530657d3e780a41bbd we
-       * made this an option, but in order to avoid hitting EMLINK, we now force copy zerosized
-       * files unconditionally.
-       */
       need_copy = TRUE;
     }
   else if (!options->force_copy)
@@ -742,7 +735,7 @@ checkout_one_file_at (OstreeRepo                        *repo,
   if (can_cache
       && !is_whiteout
       && !is_symlink
-      && !(is_reg_zerosized || override_user_unreadable)
+      && !is_reg_zerosized
       && need_copy
       && repo->mode == OSTREE_REPO_MODE_ARCHIVE
       && options->mode == OSTREE_REPO_CHECKOUT_MODE_USER)
@@ -806,21 +799,12 @@ checkout_one_file_at (OstreeRepo                        *repo,
        * succeeded at hardlinking above.
        */
       if (options->no_copy_fallback)
-        g_assert (is_bare_user_symlink || is_reg_zerosized || override_user_unreadable);
+        g_assert (is_bare_user_symlink || is_reg_zerosized);
       if (!ostree_repo_load_file (repo, checksum, &input, NULL, &xattrs,
                                   cancellable, error))
         return FALSE;
 
-      GFileInfo *copy_source_info = source_info;
-      g_autoptr(GFileInfo) modified_info = NULL;
-      if (override_user_unreadable)
-        {
-          modified_info = g_file_info_dup (source_info);
-          g_file_info_set_attribute_uint32 (modified_info, "unix::mode", (source_mode | S_IRUSR));
-          copy_source_info = modified_info;
-        }
-
-      if (!create_file_copy_from_input_at (repo, options, state, checksum, copy_source_info, xattrs, input,
+      if (!create_file_copy_from_input_at (repo, options, state, checksum, source_info, xattrs, input,
                                            destination_dfd, destination_name,
                                            cancellable, error))
         return glnx_prefix_error (error, "Copy checkout of %s to %s", checksum, destination_name);
diff --git a/src/libostree/ostree-repo-commit.c b/src/libostree/ostree-repo-commit.c
index 690075e..0c9de23 100644
--- a/src/libostree/ostree-repo-commit.c
+++ b/src/libostree/ostree-repo-commit.c
@@ -3943,9 +3943,11 @@ write_dfd_iter_to_mtree_internal (OstreeRepo                  *self,
                                   GCancellable                *cancellable,
                                   GError                     **error)
 {
+  g_autoptr(GFileInfo) child_info = NULL;
   g_autoptr(GFileInfo) modified_info = NULL;
   g_autoptr(GVariant) xattrs = NULL;
   g_autofree guchar *child_file_csum = NULL;
+  g_autofree char *tmp_checksum = NULL;
   g_autofree char *relpath = NULL;
   OstreeRepoCommitFilterResult filter_result;
   struct stat dir_stbuf;
@@ -3953,19 +3955,19 @@ write_dfd_iter_to_mtree_internal (OstreeRepo                  *self,
   if (!glnx_fstat (src_dfd_iter->fd, &dir_stbuf, error))
     return FALSE;
 
-  {
-    g_autoptr(GFileInfo) child_info = _ostree_stbuf_to_gfileinfo (&dir_stbuf);
-    if (modifier != NULL)
-      {
-        relpath = ptrarray_path_join (path);
-        filter_result = _ostree_repo_commit_modifier_apply (self, modifier, relpath, child_info, &modified_info);
-      }
-    else
-      {
-        filter_result = OSTREE_REPO_COMMIT_FILTER_ALLOW;
-        modified_info = g_object_ref (child_info);
-      }
-  }
+  child_info = _ostree_stbuf_to_gfileinfo (&dir_stbuf);
+
+  if (modifier != NULL)
+    {
+      relpath = ptrarray_path_join (path);
+
+      filter_result = _ostree_repo_commit_modifier_apply (self, modifier, relpath, child_info, &modified_info);
+    }
+  else
+    {
+      filter_result = OSTREE_REPO_COMMIT_FILTER_ALLOW;
+      modified_info = g_object_ref (child_info);
+    }
 
   if (filter_result == OSTREE_REPO_COMMIT_FILTER_ALLOW)
     {
@@ -3977,7 +3979,8 @@ write_dfd_iter_to_mtree_internal (OstreeRepo                  *self,
                                               cancellable, error))
         return FALSE;
 
-      g_autofree char *tmp_checksum = ostree_checksum_from_bytes (child_file_csum);
+      g_free (tmp_checksum);
+      tmp_checksum = ostree_checksum_from_bytes (child_file_csum);
       ostree_mutable_tree_set_metadata_checksum (mtree, tmp_checksum);
     }
 
@@ -4329,8 +4332,6 @@ ostree_repo_commit_modifier_set_sepolicy (OstreeRepoCommitModifier              
  * In many cases, one wants to create a "derived" commit from base commit.
  * SELinux policy labels are part of that base commit.  This API allows
  * one to easily set up SELinux labeling from a base commit.
- *
- * Since: 2020.4
  */
 gboolean 
 ostree_repo_commit_modifier_set_sepolicy_from_commit (OstreeRepoCommitModifier              *modifier,
diff --git a/src/libostree/ostree-repo-finder-avahi-parser.c b/src/libostree/ostree-repo-finder-avahi-parser.c
index 1cf4a11..afc9790 100644
--- a/src/libostree/ostree-repo-finder-avahi-parser.c
+++ b/src/libostree/ostree-repo-finder-avahi-parser.c
@@ -91,14 +91,14 @@ parse_txt_record (const guint8  *txt,
 
 /* TODO: Docs. Return value is only valid as long as @txt is. Reference: RFC 6763, §6. */
 GHashTable *
-_ostree_txt_records_parse (AvahiStringList *txt_list)
+_ostree_txt_records_parse (AvahiStringList *txt)
 {
   AvahiStringList *l;
   g_autoptr(GHashTable) out = NULL;
 
   out = g_hash_table_new_full (g_str_hash, g_str_equal, g_free, (GDestroyNotify) g_bytes_unref);
 
-  for (l = txt_list; l != NULL; l = avahi_string_list_get_next (l))
+  for (l = txt; l != NULL; l = avahi_string_list_get_next (l))
     {
       const guint8 *txt;
       gsize txt_len;
diff --git a/src/libostree/ostree-repo-finder-mount.c b/src/libostree/ostree-repo-finder-mount.c
index 5c8ab1f..c259f3e 100644
--- a/src/libostree/ostree-repo-finder-mount.c
+++ b/src/libostree/ostree-repo-finder-mount.c
@@ -336,6 +336,7 @@ ostree_repo_finder_mount_resolve_async (OstreeRepoFinder                  *finde
       g_autoptr(GHashTable) repo_to_refs = NULL;  /* (element-type UriAndKeyring GHashTable) */
       GHashTable *supported_ref_to_checksum;  /* (element-type OstreeCollectionRef utf8) */
       GHashTableIter iter;
+      UriAndKeyring *repo;
       g_autoptr(GError) local_error = NULL;
 
       mount_name = g_mount_get_name (mount);
@@ -524,7 +525,6 @@ G_GNUC_END_IGNORE_DEPRECATIONS
       /* Aggregate the results. */
       g_hash_table_iter_init (&iter, repo_to_refs);
 
-      UriAndKeyring *repo;
       while (g_hash_table_iter_next (&iter, (gpointer *) &repo, (gpointer *) &supported_ref_to_checksum))
         {
           g_autoptr(OstreeRemote) remote = NULL;
diff --git a/src/libostree/ostree-repo-finder-override.c b/src/libostree/ostree-repo-finder-override.c
index d6fb5a9..3219954 100644
--- a/src/libostree/ostree-repo-finder-override.c
+++ b/src/libostree/ostree-repo-finder-override.c
@@ -151,6 +151,7 @@ ostree_repo_finder_override_resolve_async (OstreeRepoFinder                  *fi
   GHashTable *supported_ref_to_checksum;  /* (element-type OstreeCollectionRef utf8) */
   GHashTableIter iter;
   const gchar *remote_uri;
+  OstreeRemote *remote;
 
   task = g_task_new (finder, cancellable, callback, user_data);
   g_task_set_source_tag (task, ostree_repo_finder_override_resolve_async);
@@ -241,7 +242,6 @@ ostree_repo_finder_override_resolve_async (OstreeRepoFinder                  *fi
   /* Aggregate the results. */
   g_hash_table_iter_init (&iter, repo_remote_to_refs);
 
-  OstreeRemote *remote;
   while (g_hash_table_iter_next (&iter, (gpointer *) &remote, (gpointer *) &supported_ref_to_checksum))
     g_ptr_array_add (results, ostree_repo_finder_result_new (remote, finder, priority, supported_ref_to_checksum, NULL, 0));
 
diff --git a/src/libostree/ostree-repo-libarchive.c b/src/libostree/ostree-repo-libarchive.c
index ef7252e..d55459f 100644
--- a/src/libostree/ostree-repo-libarchive.c
+++ b/src/libostree/ostree-repo-libarchive.c
@@ -1161,16 +1161,16 @@ write_directory_to_libarchive_recurse (OstreeRepo               *self,
           {
             guint8 buf[8192];
             g_autoptr(GInputStream) file_in = NULL;
-            g_autoptr(GFileInfo) regular_file_info = NULL;
+            g_autoptr(GFileInfo) file_info = NULL;
             const char *checksum;
 
             checksum = ostree_repo_file_get_checksum ((OstreeRepoFile*)path);
 
-            if (!ostree_repo_load_file (self, checksum, &file_in, &regular_file_info, NULL,
+            if (!ostree_repo_load_file (self, checksum, &file_in, &file_info, NULL,
                                         cancellable, error))
               goto out;
 
-            archive_entry_set_size (entry, g_file_info_get_size (regular_file_info));
+            archive_entry_set_size (entry, g_file_info_get_size (file_info));
 
             if (archive_write_header (a, entry) != ARCHIVE_OK)
               {
diff --git a/src/libostree/ostree-repo-private.h b/src/libostree/ostree-repo-private.h
index a48feca..8c1f507 100644
--- a/src/libostree/ostree-repo-private.h
+++ b/src/libostree/ostree-repo-private.h
@@ -55,8 +55,6 @@ G_BEGIN_DECLS
 #define OSTREE_SUMMARY_EXPIRES "ostree.summary.expires"
 #define OSTREE_SUMMARY_COLLECTION_ID "ostree.summary.collection-id"
 #define OSTREE_SUMMARY_COLLECTION_MAP "ostree.summary.collection-map"
-#define OSTREE_SUMMARY_MODE "ostree.summary.mode"
-#define OSTREE_SUMMARY_TOMBSTONE_COMMITS "ostree.summary.tombstone-commits"
 
 #define _OSTREE_PAYLOAD_LINK_PREFIX "../"
 #define _OSTREE_PAYLOAD_LINK_PREFIX_LEN (sizeof (_OSTREE_PAYLOAD_LINK_PREFIX) - 1)
diff --git a/src/libostree/ostree-repo-pull.c b/src/libostree/ostree-repo-pull.c
index 58c8054..5fdbeab 100644
--- a/src/libostree/ostree-repo-pull.c
+++ b/src/libostree/ostree-repo-pull.c
@@ -436,9 +436,8 @@ ensure_idle_queued (OtPullData *pull_data)
   idle_src = g_idle_source_new ();
   g_source_set_callback (idle_src, idle_worker, pull_data, NULL);
   g_source_attach (idle_src, pull_data->main_context);
-  pull_data->idle_src = idle_src;
-  /* Ownership is transferred to pull_data */
   g_source_unref (idle_src);
+  pull_data->idle_src = idle_src;
 }
 
 typedef struct {
@@ -1625,13 +1624,13 @@ scan_commit_object (OtPullData                 *pull_data,
     }
   if (pull_data->timestamp_check_from_rev)
     {
-      g_autoptr(GVariant) timestamp_commit = NULL;
+      g_autoptr(GVariant) commit = NULL;
       if (!ostree_repo_load_commit (pull_data->repo, pull_data->timestamp_check_from_rev,
-                                    &timestamp_commit, NULL, error))
+                                    &commit, NULL, error))
         return glnx_prefix_error (error, "Reading %s for timestamp-check-from-rev",
                                   pull_data->timestamp_check_from_rev);
 
-      guint64 ts = ostree_commit_get_timestamp (timestamp_commit);
+      guint64 ts = ostree_commit_get_timestamp (commit);
       if (!_ostree_compare_timestamps (pull_data->timestamp_check_from_rev, ts, checksum, new_ts, error))
         return FALSE;
     }
@@ -2001,8 +2000,6 @@ start_fetch (OtPullData *pull_data,
                                       is_meta ? meta_fetch_on_complete : content_fetch_on_complete, fetch);
 }
 
-/* Deprecated: code should load options from the `summary` file rather than
- * downloading the remote’s `config` file, to save on network round trips. */
 static gboolean
 load_remote_repo_config (OtPullData    *pull_data,
                          GKeyFile     **out_keyfile,
@@ -2515,7 +2512,10 @@ on_superblock_fetched (GObject   *src,
       const guchar *expected_summary_digest = g_hash_table_lookup (pull_data->summary_deltas_checksums, delta);
       guint8 actual_summary_digest[OSTREE_SHA256_DIGEST_LEN];
 
-      ot_checksum_bytes (delta_superblock_data, actual_summary_digest);
+      g_auto(OtChecksum) hasher = { 0, };
+      ot_checksum_init (&hasher);
+      ot_checksum_update_bytes (&hasher, delta_superblock_data);
+      ot_checksum_get_digest (&hasher, actual_summary_digest, sizeof (actual_summary_digest));
 
 #ifndef OSTREE_DISABLE_GPGME
       /* At this point we've GPG verified the data, so in theory
@@ -2625,198 +2625,88 @@ validate_variant_is_csum (GVariant       *csum,
   return ostree_validate_structureof_csum_v (csum, error);
 }
 
-static gboolean
-_ostree_repo_verify_summary (OstreeRepo   *self,
-                             const char   *name,
-                             gboolean      gpg_verify_summary,
-                             GPtrArray    *signapi_summary_verifiers,
-                             GBytes       *summary,
-                             GBytes       *signatures,
-                             GCancellable *cancellable,
-                             GError      **error)
-{
-  if (gpg_verify_summary)
-    {
-      if (summary == NULL)
-        {
-          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
-                       "GPG verification enabled, but no summary found (check that the configured URL in remote config is correct)");
-          return FALSE;
-        }
-
-      if (signatures == NULL)
-        {
-          g_set_error (error, OSTREE_GPG_ERROR, OSTREE_GPG_ERROR_NO_SIGNATURE,
-                       "GPG verification enabled, but no summary signatures found (use gpg-verify-summary=false in remote config to disable)");
-          return FALSE;
-        }
-
-      /* Verify any summary signatures. */
-      if (summary != NULL && signatures != NULL)
-        {
-          g_autoptr(OstreeGpgVerifyResult) result = NULL;
-
-          result = ostree_repo_verify_summary (self,
-                                               name,
-                                               summary,
-                                               signatures,
-                                               cancellable,
-                                               error);
-          if (!ostree_gpg_verify_result_require_valid_signature (result, error))
-            return FALSE;
-        }
-    }
-
-  if (signapi_summary_verifiers)
-    {
-      if (summary == NULL)
-        {
-          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
-                       "Signature verification enabled, but no summary found (check that the configured URL in remote config is correct)");
-          return FALSE;
-        }
-
-      if (signatures == NULL)
-        {
-          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
-                       "Signature verification enabled, but no summary signatures found (use sign-verify-summary=false in remote config to disable)");
-          return FALSE;
-        }
-
-      /* Verify any summary signatures. */
-      if (summary != NULL && signatures != NULL)
-        {
-          g_autoptr(GVariant) sig_variant = NULL;
-
-          sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
-                                                  signatures, FALSE);
-
-          if (!_sign_verify_for_remote (signapi_summary_verifiers, summary, sig_variant, NULL, error))
-            return FALSE;
-        }
-    }
-
-  return TRUE;
-}
-
-static gboolean
-_ostree_repo_load_cache_summary_file (OstreeRepo        *self,
-                                      const char        *filename,
-                                      const char        *extension,
-                                      GBytes           **out_data,
-                                      GCancellable      *cancellable,
-                                      GError           **error)
-{
-  const char *file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", filename, extension);
-  glnx_autofd int fd = -1;
-  g_autoptr(GBytes) data = NULL;
-
-  *out_data = NULL;
-
-  if (self->cache_dir_fd == -1)
-    return TRUE;
-
-  fd = openat (self->cache_dir_fd, file, O_CLOEXEC | O_RDONLY);
-  if (fd < 0)
-    {
-      if (errno == ENOENT)
-        return TRUE;
-      return glnx_throw_errno_prefix (error, "openat(%s)", file);
-    }
-
-  data = ot_fd_readall_or_mmap (fd, 0, error);
-  if (!data)
-    return FALSE;
-
-  *out_data =g_steal_pointer (&data);
-  return TRUE;
-}
-
 /* Load the summary from the cache if the provided .sig file is the same as the
    cached version.  */
 static gboolean
 _ostree_repo_load_cache_summary_if_same_sig (OstreeRepo        *self,
                                              const char        *remote,
                                              GBytes            *summary_sig,
-                                             GBytes           **out_summary,
+                                             GBytes            **summary,
                                              GCancellable      *cancellable,
                                              GError           **error)
 {
-  g_autoptr(GBytes) old_sig_contents = NULL;
+  if (self->cache_dir_fd == -1)
+    return TRUE;
 
-  *out_summary = NULL;
+  const char *summary_cache_sig_file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", remote, ".sig");
+  glnx_autofd int prev_fd = -1;
+  if (!ot_openat_ignore_enoent (self->cache_dir_fd, summary_cache_sig_file, &prev_fd, error))
+    return FALSE;
+  if (prev_fd < 0)
+    return TRUE; /* Note early return */
 
-  if (!_ostree_repo_load_cache_summary_file (self, remote, ".sig",
-                                             &old_sig_contents,
-                                             cancellable, error))
+  g_autoptr(GBytes) old_sig_contents = ot_fd_readall_or_mmap (prev_fd, 0, error);
+  if (!old_sig_contents)
     return FALSE;
 
-  if (old_sig_contents != NULL &&
-      g_bytes_compare (old_sig_contents, summary_sig) == 0)
+  if (g_bytes_compare (old_sig_contents, summary_sig) == 0)
     {
-      g_autoptr(GBytes) summary_data = NULL;
+      const char *summary_cache_file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", remote);
+      glnx_autofd int summary_fd = -1;
+      GBytes *summary_data;
 
-      if (!_ostree_repo_load_cache_summary_file (self, remote, NULL,
-                                                 &summary_data,
-                                                 cancellable, error))
-        return FALSE;
 
-      if (summary_data == NULL)
+      summary_fd = openat (self->cache_dir_fd, summary_cache_file, O_CLOEXEC | O_RDONLY);
+      if (summary_fd < 0)
         {
-          /* Cached signature without cached summary, remove the signature */
-          const char *summary_cache_sig_file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", remote, ".sig");
-          (void) unlinkat (self->cache_dir_fd, summary_cache_sig_file, 0);
+          if (errno == ENOENT)
+            {
+              (void) unlinkat (self->cache_dir_fd, summary_cache_sig_file, 0);
+              return TRUE; /* Note early return */
+            }
+
+          return glnx_throw_errno_prefix (error, "openat(%s)", summary_cache_file);
         }
-      else
-        *out_summary = g_steal_pointer (&summary_data);
-    }
 
+      summary_data = glnx_fd_readall_bytes (summary_fd, cancellable, error);
+      if (!summary_data)
+        return FALSE;
+      *summary = summary_data;
+    }
   return TRUE;
 }
 
+/* Replace the current summary+signature with new versions */
 static gboolean
-_ostree_repo_save_cache_summary_file (OstreeRepo        *self,
-                                      const char        *filename,
-                                      const char        *extension,
-                                      GBytes            *data,
-                                      GCancellable      *cancellable,
-                                      GError           **error)
+_ostree_repo_cache_summary (OstreeRepo        *self,
+                            const char        *remote,
+                            GBytes            *summary,
+                            GBytes            *summary_sig,
+                            GCancellable      *cancellable,
+                            GError           **error)
 {
-  const char *file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", filename, extension);
-  glnx_autofd int fd = -1;
-
   if (self->cache_dir_fd == -1)
     return TRUE;
 
   if (!glnx_shutil_mkdir_p_at (self->cache_dir_fd, _OSTREE_SUMMARY_CACHE_DIR, DEFAULT_DIRECTORY_MODE, cancellable, error))
     return FALSE;
 
+  const char *summary_cache_file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", remote);
   if (!glnx_file_replace_contents_at (self->cache_dir_fd,
-                                      file,
-                                      g_bytes_get_data (data, NULL),
-                                      g_bytes_get_size (data),
+                                      summary_cache_file,
+                                      g_bytes_get_data (summary, NULL),
+                                      g_bytes_get_size (summary),
                                       self->disable_fsync ? GLNX_FILE_REPLACE_NODATASYNC : GLNX_FILE_REPLACE_DATASYNC_NEW,
                                       cancellable, error))
     return FALSE;
 
-  return TRUE;
-}
-
-/* Replace the current summary+signature with new versions */
-static gboolean
-_ostree_repo_cache_summary (OstreeRepo        *self,
-                            const char        *remote,
-                            GBytes            *summary,
-                            GBytes            *summary_sig,
-                            GCancellable      *cancellable,
-                            GError           **error)
-{
-  if (!_ostree_repo_save_cache_summary_file (self, remote, NULL,
-                                             summary, cancellable, error))
-    return FALSE;
-
-  if (!_ostree_repo_save_cache_summary_file (self, remote, ".sig",
-                                             summary_sig, cancellable, error))
+  const char *summary_cache_sig_file = glnx_strjoina (_OSTREE_SUMMARY_CACHE_DIR, "/", remote, ".sig");
+  if (!glnx_file_replace_contents_at (self->cache_dir_fd,
+                                      summary_cache_sig_file,
+                                      g_bytes_get_data (summary_sig, NULL),
+                                      g_bytes_get_size (summary_sig),
+                                      self->disable_fsync ? GLNX_FILE_REPLACE_NODATASYNC : GLNX_FILE_REPLACE_DATASYNC_NEW,
+                                      cancellable, error))
     return FALSE;
 
   return TRUE;
@@ -2826,8 +2716,6 @@ static OstreeFetcher *
 _ostree_repo_remote_new_fetcher (OstreeRepo  *self,
                                  const char  *remote_name,
                                  gboolean     gzip,
-                                 GVariant    *extra_headers,
-                                 const char  *append_user_agent,
                                  OstreeFetcherSecurityState *out_state,
                                  GError     **error)
 {
@@ -2941,12 +2829,6 @@ _ostree_repo_remote_new_fetcher (OstreeRepo  *self,
         _ostree_fetcher_set_cookie_jar (fetcher, jar_path);
     }
 
-  if (extra_headers)
-    _ostree_fetcher_set_extra_headers (fetcher, extra_headers);
-
-  if (append_user_agent)
-    _ostree_fetcher_set_extra_user_agent (fetcher, append_user_agent);
-
   success = TRUE;
 
 out:
@@ -3094,43 +2976,127 @@ fetch_mirrorlist (OstreeFetcher  *fetcher,
 }
 
 static gboolean
-compute_effective_mirrorlist (OstreeRepo    *self,
-                              const char    *remote_name_or_baseurl,
-                              const char    *url_override,
-                              OstreeFetcher *fetcher,
-                              guint          n_network_retries,
-                              GPtrArray    **out_mirrorlist,
-                              GCancellable *cancellable,
-                              GError      **error)
+repo_remote_fetch_summary (OstreeRepo    *self,
+                           const char    *name,
+                           const char    *metalink_url_string,
+                           GVariant      *options,
+                           GBytes       **out_summary,
+                           GBytes       **out_signatures,
+                           gboolean      *out_from_cache,
+                           GCancellable  *cancellable,
+                           GError       **error)
 {
-  g_autofree char *baseurl = NULL;
+  g_autoptr(OstreeFetcher) fetcher = NULL;
+  g_autoptr(GMainContext) mainctx = NULL;
+  gboolean ret = FALSE;
+  gboolean from_cache = FALSE;
+  const char *url_override = NULL;
+  g_autoptr(GVariant) extra_headers = NULL;
+  g_autoptr(GPtrArray) mirrorlist = NULL;
+  const char *append_user_agent = NULL;
+  guint n_network_retries = DEFAULT_N_NETWORK_RETRIES;
 
-  if (url_override != NULL)
-    baseurl = g_strdup (url_override);
-  else if (!ostree_repo_remote_get_url (self, remote_name_or_baseurl, &baseurl, error))
-    return FALSE;
+  if (options)
+    {
+      (void) g_variant_lookup (options, "override-url", "&s", &url_override);
+      (void) g_variant_lookup (options, "http-headers", "@a(ss)", &extra_headers);
+      (void) g_variant_lookup (options, "append-user-agent", "&s", &append_user_agent);
+      (void) g_variant_lookup (options, "n-network-retries", "&u", &n_network_retries);
+    }
+
+  mainctx = g_main_context_new ();
+  g_main_context_push_thread_default (mainctx);
+
+  fetcher = _ostree_repo_remote_new_fetcher (self, name, TRUE, NULL, error);
+  if (fetcher == NULL)
+    goto out;
+
+  if (extra_headers)
+    _ostree_fetcher_set_extra_headers (fetcher, extra_headers);
+
+  if (append_user_agent)
+    _ostree_fetcher_set_extra_user_agent (fetcher, append_user_agent);
+
+  {
+    g_autofree char *url_string = NULL;
+    if (metalink_url_string)
+      url_string = g_strdup (metalink_url_string);
+    else if (url_override)
+      url_string = g_strdup (url_override);
+    else if (!ostree_repo_remote_get_url (self, name, &url_string, error))
+      goto out;
+
+    if (metalink_url_string == NULL &&
+        g_str_has_prefix (url_string, "mirrorlist="))
+      {
+        if (!fetch_mirrorlist (fetcher, url_string + strlen ("mirrorlist="),
+                               n_network_retries, &mirrorlist, cancellable, error))
+          goto out;
+      }
+    else
+      {
+        g_autoptr(OstreeFetcherURI) uri = _ostree_fetcher_uri_parse (url_string, error);
+
+        if (!uri)
+          goto out;
+
+        mirrorlist =
+          g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free);
+        g_ptr_array_add (mirrorlist, g_steal_pointer (&uri));
+      }
+  }
 
-  if (g_str_has_prefix (baseurl, "mirrorlist="))
+  /* FIXME: Send the ETag from the cache with the request for summary.sig to
+   * avoid downloading summary.sig unnecessarily. This won’t normally provide
+   * any benefits (but won’t do any harm) since summary.sig is typically 500B
+   * in size. But if a repository has multiple keys, the signature file will
+   * grow and this optimisation may be useful. */
+  if (!_ostree_preload_metadata_file (self,
+                                      fetcher,
+                                      mirrorlist,
+                                      "summary.sig",
+                                      metalink_url_string ? TRUE : FALSE,
+                                      n_network_retries,
+                                      out_signatures,
+                                      cancellable,
+                                      error))
+    goto out;
+
+  if (*out_signatures)
     {
-      if (!fetch_mirrorlist (fetcher,
-                             baseurl + strlen ("mirrorlist="),
-                             n_network_retries,
-                             out_mirrorlist,
-                             cancellable, error))
-        return FALSE;
+      if (!_ostree_repo_load_cache_summary_if_same_sig (self,
+                                                        name,
+                                                        *out_signatures,
+                                                        out_summary,
+                                                        cancellable,
+                                                        error))
+        goto out;
     }
+
+  if (*out_summary)
+    from_cache = TRUE;
   else
     {
-      g_autoptr(OstreeFetcherURI) baseuri = _ostree_fetcher_uri_parse (baseurl, error);
+      if (!_ostree_preload_metadata_file (self,
+                                          fetcher,
+                                          mirrorlist,
+                                          "summary",
+                                          metalink_url_string ? TRUE : FALSE,
+                                          n_network_retries,
+                                          out_summary,
+                                          cancellable,
+                                          error))
+        goto out;
+    }
 
-      if (!baseuri)
-        return FALSE;
+  ret = TRUE;
 
-      *out_mirrorlist =
-        g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free);
-      g_ptr_array_add (*out_mirrorlist, g_steal_pointer (&baseuri));
-    }
-  return TRUE;
+ out:
+  if (mainctx)
+    g_main_context_pop_thread_default (mainctx);
+
+  *out_from_cache = from_cache;
+  return ret;
 }
 
 /* Create the fetcher by unioning options from the remote config, plus
@@ -3142,13 +3108,17 @@ reinitialize_fetcher (OtPullData *pull_data, const char *remote_name,
 {
   g_clear_object (&pull_data->fetcher);
   pull_data->fetcher = _ostree_repo_remote_new_fetcher (pull_data->repo, remote_name, FALSE,
-                                                        pull_data->extra_headers,
-                                                        pull_data->append_user_agent,
                                                         &pull_data->fetcher_security_state,
                                                         error);
   if (pull_data->fetcher == NULL)
     return FALSE;
 
+  if (pull_data->extra_headers)
+    _ostree_fetcher_set_extra_headers (pull_data->fetcher, pull_data->extra_headers);
+
+  if (pull_data->append_user_agent)
+    _ostree_fetcher_set_extra_user_agent (pull_data->fetcher, pull_data->append_user_agent);
+
   return TRUE;
 }
 
@@ -3303,37 +3273,37 @@ initiate_request (OtPullData                 *pull_data,
  * Like ostree_repo_pull(), but supports an extensible set of flags.
  * The following are currently defined:
  *
- *   * `refs` (`as`): Array of string refs
- *   * `collection-refs` (`a(sss)`): Array of (collection ID, ref name, checksum) tuples to pull;
+ *   * refs (as): Array of string refs
+ *   * collection-refs (a(sss)): Array of (collection ID, ref name, checksum) tuples to pull;
  *     mutually exclusive with `refs` and `override-commit-ids`. Checksums may be the empty
  *     string to pull the latest commit for that ref
- *   * `flags` (`i`): An instance of #OstreeRepoPullFlags
- *   * `subdir` (`s`): Pull just this subdirectory
- *   * `subdirs` (`as`): Pull just these subdirectories
- *   * `override-remote-name` (`s`): If local, add this remote to refspec
- *   * `gpg-verify` (`b`): GPG verify commits
- *   * `gpg-verify-summary` (`b`): GPG verify summary
- *   * `disable-sign-verify` (`b`): Disable signapi verification of commits
- *   * `disable-sign-verify-summary` (`b`): Disable signapi verification of the summary
- *   * `depth` (`i`): How far in the history to traverse; default is 0, -1 means infinite
- *   * `per-object-fsync` (`b`): Perform disk writes more slowly, avoiding a single large I/O sync
- *   * `disable-static-deltas` (`b`): Do not use static deltas
- *   * `require-static-deltas` (`b`): Require static deltas
- *   * `override-commit-ids` (`as`): Array of specific commit IDs to fetch for refs
- *   * `timestamp-check` (`b`): Verify commit timestamps are newer than current (when pulling via ref); Since: 2017.11
- *   * `timestamp-check-from-rev` (`s`): Verify that all fetched commit timestamps are newer than timestamp of given rev; Since: 2020.4
- *   * `metadata-size-restriction` (`t`): Restrict metadata objects to a maximum number of bytes; 0 to disable.  Since: 2018.9
- *   * `dry-run` (`b`): Only print information on what will be downloaded (requires static deltas)
- *   * `override-url` (`s`): Fetch objects from this URL if remote specifies no metalink in options
- *   * `inherit-transaction` (`b`): Don't initiate, finish or abort a transaction, useful to do multiple pulls in one transaction.
- *   * `http-headers` (`a(ss)`): Additional headers to add to all HTTP requests
- *   * `update-frequency` (`u`): Frequency to call the async progress callback in milliseconds, if any; only values higher than 0 are valid
- *   * `localcache-repos` (`as`): File paths for local repos to use as caches when doing remote fetches
- *   * `append-user-agent` (`s`): Additional string to append to the user agent
- *   * `n-network-retries` (`u`): Number of times to retry each download on receiving
+ *   * flags (i): An instance of #OstreeRepoPullFlags
+ *   * subdir (s): Pull just this subdirectory
+ *   * subdirs (as): Pull just these subdirectories
+ *   * override-remote-name (s): If local, add this remote to refspec
+ *   * gpg-verify (b): GPG verify commits
+ *   * gpg-verify-summary (b): GPG verify summary
+ *   * disable-sign-verify (b): Disable signapi verification of commits
+ *   * disable-sign-verify-summary (b): Disable signapi verification of the summary
+ *   * depth (i): How far in the history to traverse; default is 0, -1 means infinite
+ *   * per-object-fsync (b): Perform disk writes more slowly, avoiding a single large I/O sync
+ *   * disable-static-deltas (b): Do not use static deltas
+ *   * require-static-deltas (b): Require static deltas
+ *   * override-commit-ids (as): Array of specific commit IDs to fetch for refs
+ *   * timestamp-check (b): Verify commit timestamps are newer than current (when pulling via ref); Since: 2017.11
+ *   * timestamp-check-from-rev (s): Verify that all fetched commit timestamps are newer than timestamp of given rev; Since: 2020.4
+ *   * metadata-size-restriction (t): Restrict metadata objects to a maximum number of bytes; 0 to disable.  Since: 2018.9
+ *   * dry-run (b): Only print information on what will be downloaded (requires static deltas)
+ *   * override-url (s): Fetch objects from this URL if remote specifies no metalink in options
+ *   * inherit-transaction (b): Don't initiate, finish or abort a transaction, useful to do multiple pulls in one transaction.
+ *   * http-headers (a(ss)): Additional headers to add to all HTTP requests
+ *   * update-frequency (u): Frequency to call the async progress callback in milliseconds, if any; only values higher than 0 are valid
+ *   * localcache-repos (as): File paths for local repos to use as caches when doing remote fetches
+ *   * append-user-agent (s): Additional string to append to the user agent
+ *   * n-network-retries (u): Number of times to retry each download on receiving
  *     a transient network error, such as a socket timeout; default is 5, 0
  *     means return errors without retrying. Since: 2018.6
- *   * `ref-keyring-map` (`a(sss)`): Array of (collection ID, ref name, keyring
+ *   * ref-keyring-map (a(sss)): Array of (collection ID, ref name, keyring
  *     remote name) tuples specifying which remote's keyring should be used when
  *     doing GPG verification of each collection-ref. This is useful to prevent a
  *     remote from serving malicious updates to refs which did not originate from
@@ -3341,14 +3311,6 @@ initiate_request (OtPullData                 *pull_data,
  *     not being pulled will be ignored and any ref without a keyring remote
  *     will be verified with the keyring of the remote being pulled from.
  *     Since: 2019.2
- *   * `summary-bytes` (`ay'): Contents of the `summary` file to use. If this is
- *     specified, `summary-sig-bytes` must also be specified. This is
- *     useful if doing multiple pull operations in a transaction, using
- *     ostree_repo_remote_fetch_summary_with_options() beforehand to download
- *     the `summary` and `summary.sig` once for the entire transaction. If not
- *     specified, the `summary` will be downloaded from the remote. Since: 2020.5
- *   * `summary-sig-bytes` (`ay`): Contents of the `summary.sig` file. If this
- *     is specified, `summary-bytes` must also be specified. Since: 2020.5
  */
 gboolean
 ostree_repo_pull_with_options (OstreeRepo             *self,
@@ -3391,11 +3353,9 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
   const char *url_override = NULL;
   gboolean inherit_transaction = FALSE;
   g_autoptr(GHashTable) updated_requested_refs_to_fetch = NULL;  /* (element-type OstreeCollectionRef utf8) */
-  gsize i;
+  int i;
   g_autofree char **opt_localcache_repos = NULL;
   g_autoptr(GVariantIter) ref_keyring_map_iter = NULL;
-  g_autoptr(GVariant) summary_bytes_v = NULL;
-  g_autoptr(GVariant) summary_sig_bytes_v = NULL;
   /* If refs or collection-refs has exactly one value, this will point to that
    * value, otherwise NULL. Used for logging.
    */
@@ -3442,8 +3402,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
         g_variant_lookup (options, "n-network-retries", "u", &pull_data->n_network_retries);
       opt_ref_keyring_map_set =
 	g_variant_lookup (options, "ref-keyring-map", "a(sss)", &ref_keyring_map_iter);
-      (void) g_variant_lookup (options, "summary-bytes", "@ay", &summary_bytes_v);
-      (void) g_variant_lookup (options, "summary-sig-bytes", "@ay", &summary_sig_bytes_v);
 
       if (pull_data->remote_refspec_name != NULL)
         pull_data->remote_name = g_strdup (pull_data->remote_refspec_name);
@@ -3481,10 +3439,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
    */
   g_return_val_if_fail (!pull_data->dry_run || pull_data->require_static_deltas, FALSE);
 
-  /* summary-bytes and summary-sig-bytes must both be specified, or neither be
-   * specified, so we know they’re consistent */
-  g_return_val_if_fail ((summary_bytes_v == NULL) == (summary_sig_bytes_v == NULL), FALSE);
-
   pull_data->is_mirror = (flags & OSTREE_REPO_PULL_FLAGS_MIRROR) > 0;
   pull_data->is_commit_only = (flags & OSTREE_REPO_PULL_FLAGS_COMMIT_ONLY) > 0;
   /* See our processing of OSTREE_REPO_PULL_FLAGS_UNTRUSTED below */
@@ -3660,13 +3614,33 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
 
   if (!metalink_url_str)
     {
-      if (!compute_effective_mirrorlist (self, remote_name_or_baseurl,
-                                         url_override,
-                                         pull_data->fetcher,
-                                         pull_data->n_network_retries,
-                                         &pull_data->meta_mirrorlist,
-                                         cancellable, error))
+      g_autofree char *baseurl = NULL;
+
+      if (url_override != NULL)
+        baseurl = g_strdup (url_override);
+      else if (!ostree_repo_remote_get_url (self, remote_name_or_baseurl, &baseurl, error))
         goto out;
+
+      if (g_str_has_prefix (baseurl, "mirrorlist="))
+        {
+          if (!fetch_mirrorlist (pull_data->fetcher,
+                                 baseurl + strlen ("mirrorlist="),
+                                 pull_data->n_network_retries,
+                                 &pull_data->meta_mirrorlist,
+                                 cancellable, error))
+            goto out;
+        }
+      else
+        {
+          g_autoptr(OstreeFetcherURI) baseuri = _ostree_fetcher_uri_parse (baseurl, error);
+
+          if (!baseuri)
+            goto out;
+
+          pull_data->meta_mirrorlist =
+            g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free);
+          g_ptr_array_add (pull_data->meta_mirrorlist, g_steal_pointer (&baseuri));
+        }
     }
   else
     {
@@ -3677,10 +3651,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       if (!metalink_uri)
         goto out;
 
-      /* FIXME: Use summary_bytes_v/summary_sig_bytes_v to avoid unnecessary
-       * re-downloads here. Would require additional support for caching the
-       * metalink file or mirror list. */
-
       metalink = _ostree_metalink_new (pull_data->fetcher, "summary",
                                        OSTREE_MAX_METADATA_SIZE, metalink_uri,
                                        pull_data->n_network_retries);
@@ -3725,13 +3695,27 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       }
     else
       {
-        if (!compute_effective_mirrorlist (self, remote_name_or_baseurl,
-                                           contenturl,
-                                           pull_data->fetcher,
-                                           pull_data->n_network_retries,
-                                           &pull_data->content_mirrorlist,
-                                           cancellable, error))
-          goto out;
+        if (g_str_has_prefix (contenturl, "mirrorlist="))
+          {
+            if (!fetch_mirrorlist (pull_data->fetcher,
+                                   contenturl + strlen ("mirrorlist="),
+                                   pull_data->n_network_retries,
+                                   &pull_data->content_mirrorlist,
+                                   cancellable, error))
+              goto out;
+          }
+        else
+          {
+            g_autoptr(OstreeFetcherURI) contenturi = _ostree_fetcher_uri_parse (contenturl, error);
+
+            if (!contenturi)
+              goto out;
+
+            pull_data->content_mirrorlist =
+              g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free);
+            g_ptr_array_add (pull_data->content_mirrorlist,
+                             g_steal_pointer (&contenturi));
+          }
       }
   }
 
@@ -3759,6 +3743,30 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       if (!ostree_repo_open (pull_data->remote_repo_local, cancellable, error))
         goto out;
     }
+  else
+    {
+      if (!load_remote_repo_config (pull_data, &remote_config, cancellable, error))
+        goto out;
+
+      if (!ot_keyfile_get_value_with_default (remote_config, "core", "mode", "bare",
+                                              &remote_mode_str, error))
+        goto out;
+
+      if (!ostree_repo_mode_from_string (remote_mode_str, &pull_data->remote_mode, error))
+        goto out;
+
+      if (!ot_keyfile_get_boolean_with_default (remote_config, "core", "tombstone-commits", FALSE,
+                                                &pull_data->has_tombstone_commits, error))
+        goto out;
+
+      if (pull_data->remote_mode != OSTREE_REPO_MODE_ARCHIVE)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
+                       "Can't pull from archives with mode \"%s\"",
+                       remote_mode_str);
+          goto out;
+        }
+    }
   }
 
   /* Change some option defaults if we're actually pulling from a local
@@ -3827,33 +3835,13 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
 
   {
     g_autoptr(GBytes) bytes_sig = NULL;
-    gsize n;
+    gsize i, n;
     g_autoptr(GVariant) refs = NULL;
     g_autoptr(GVariant) deltas = NULL;
     g_autoptr(GVariant) additional_metadata = NULL;
     gboolean summary_from_cache = FALSE;
-    gboolean remote_mode_loaded = FALSE;
-    gboolean tombstone_commits = FALSE;
 
-    if (summary_sig_bytes_v)
-      {
-        /* Must both be specified */
-        g_assert (summary_bytes_v);
-
-        bytes_sig = g_variant_get_data_as_bytes (summary_sig_bytes_v);
-        bytes_summary = g_variant_get_data_as_bytes (summary_bytes_v);
-
-        if (!bytes_sig || !bytes_summary)
-          {
-            g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                         "summary-bytes or summary-sig-bytes set to invalid value");
-            goto out;
-          }
-
-        g_debug ("Loaded %s summary from options", remote_name_or_baseurl);
-      }
-
-    if (!bytes_sig)
+    if (!pull_data->summary_data_sig)
       {
         if (!_ostree_fetcher_mirrored_request_to_membuf (pull_data->fetcher,
                                                          pull_data->meta_mirrorlist,
@@ -3866,7 +3854,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
       }
 
     if (bytes_sig &&
-        !bytes_summary &&
         !pull_data->remote_repo_local &&
         !_ostree_repo_load_cache_summary_if_same_sig (self,
                                                       remote_name_or_baseurl,
@@ -3876,7 +3863,7 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
                                                       error))
       goto out;
 
-    if (bytes_summary && !summary_bytes_v)
+    if (bytes_summary)
       {
         g_debug ("Loaded %s summary from cache", remote_name_or_baseurl);
         summary_from_cache = TRUE;
@@ -4147,46 +4134,6 @@ ostree_repo_pull_with_options (OstreeRepo             *self,
                                  csum_data);
           }
       }
-
-    if (pull_data->summary &&
-        g_variant_lookup (additional_metadata, OSTREE_SUMMARY_MODE, "s", &remote_mode_str) &&
-        g_variant_lookup (additional_metadata, OSTREE_SUMMARY_TOMBSTONE_COMMITS, "b", &tombstone_commits))
-      {
-        if (!ostree_repo_mode_from_string (remote_mode_str, &pull_data->remote_mode, error))
-          goto out;
-        pull_data->has_tombstone_commits = tombstone_commits;
-        remote_mode_loaded = TRUE;
-      }
-    else if (pull_data->remote_repo_local == NULL)
-      {
-        /* Fall-back path which loads the necessary config from the remote’s
-         * `config` file. Doing so is deprecated since it means an
-         * additional round trip to the remote for each pull. No need to do
-         * it for local pulls. */
-        if (!load_remote_repo_config (pull_data, &remote_config, cancellable, error))
-          goto out;
-
-        if (!ot_keyfile_get_value_with_default (remote_config, "core", "mode", "bare",
-                                                &remote_mode_str, error))
-          goto out;
-
-        if (!ostree_repo_mode_from_string (remote_mode_str, &pull_data->remote_mode, error))
-          goto out;
-
-        if (!ot_keyfile_get_boolean_with_default (remote_config, "core", "tombstone-commits", FALSE,
-                                                  &pull_data->has_tombstone_commits, error))
-          goto out;
-
-        remote_mode_loaded = TRUE;
-      }
-
-    if (remote_mode_loaded && pull_data->remote_repo_local == NULL && pull_data->remote_mode != OSTREE_REPO_MODE_ARCHIVE)
-      {
-        g_set_error (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                     "Can't pull from archives with mode \"%s\"",
-                     remote_mode_str);
-        goto out;
-      }
   }
 
   if (pull_data->is_mirror && !refs_to_fetch && !opt_collection_refs_set && !configured_branches)
@@ -5247,7 +5194,7 @@ find_remotes_process_refs (OstreeRepo                        *self,
 
 static void
 find_remotes_cb (GObject      *obj,
-                 GAsyncResult *async_result,
+                 GAsyncResult *result,
                  gpointer      user_data)
 {
   OstreeRepo *self;
@@ -5279,7 +5226,7 @@ find_remotes_cb (GObject      *obj,
   /* progress = data->progress; */
 
   /* Finish finding the remotes. */
-  results = ostree_repo_finder_resolve_all_finish (async_result, &error);
+  results = ostree_repo_finder_resolve_all_finish (result, &error);
 
   if (results == NULL)
     {
@@ -5372,8 +5319,8 @@ find_remotes_cb (GObject      *obj,
 
       /* Check the metadata in the summary file, especially whether it contains
        * all the @refs we are interested in. */
-      summary_v = g_variant_ref_sink (g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT,
-                                                                summary_bytes, FALSE));
+      summary_v = g_variant_new_from_bytes (OSTREE_SUMMARY_GVARIANT_FORMAT,
+                                            summary_bytes, FALSE);
 
       /* Check the summary’s additional metadata and set up @commit_metadata
        * and @refs_and_remotes_table with the refs listed in the summary file,
@@ -5484,7 +5431,7 @@ find_remotes_cb (GObject      *obj,
                 goto error;
 
               fetcher = _ostree_repo_remote_new_fetcher (self, result->remote->name,
-                                                         TRUE, NULL, NULL, NULL, &error);
+                                                         TRUE, NULL, &error);
               if (fetcher == NULL)
                 goto error;
 
@@ -6106,108 +6053,96 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo    *self,
   g_autoptr(GBytes) signatures = NULL;
   gboolean gpg_verify_summary;
   g_autoptr(GPtrArray) signapi_summary_verifiers = NULL;
-  gboolean summary_is_from_cache = FALSE;
-  g_autoptr(OstreeFetcher) fetcher = NULL;
-  g_autoptr(GMainContextPopDefault) mainctx = NULL;
-  const char *url_override = NULL;
-  g_autoptr(GVariant) extra_headers = NULL;
-  g_autoptr(GPtrArray) mirrorlist = NULL;
-  const char *append_user_agent = NULL;
-  guint n_network_retries = DEFAULT_N_NETWORK_RETRIES;
+  gboolean ret = FALSE;
+  gboolean summary_is_from_cache;
 
   g_return_val_if_fail (OSTREE_REPO (self), FALSE);
   g_return_val_if_fail (name != NULL, FALSE);
 
   if (!ostree_repo_get_remote_option (self, name, "metalink", NULL,
                                       &metalink_url_string, error))
-    return FALSE;
+    goto out;
 
-  if (options)
-    {
-      (void) g_variant_lookup (options, "override-url", "&s", &url_override);
-      (void) g_variant_lookup (options, "http-headers", "@a(ss)", &extra_headers);
-      (void) g_variant_lookup (options, "append-user-agent", "&s", &append_user_agent);
-      (void) g_variant_lookup (options, "n-network-retries", "u", &n_network_retries);
-    }
+  if (!repo_remote_fetch_summary (self,
+                                  name,
+                                  metalink_url_string,
+                                  options,
+                                  &summary,
+                                  &signatures,
+                                  &summary_is_from_cache,
+                                  cancellable,
+                                  error))
+    goto out;
 
   if (!ostree_repo_remote_get_gpg_verify_summary (self, name, &gpg_verify_summary, error))
-    return FALSE;
+    goto out;
+
+  if (gpg_verify_summary)
+    {
+      if (summary == NULL)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
+                       "GPG verification enabled, but no summary found (check that the configured URL in remote config is correct)");
+          goto out;
+        }
+
+      if (signatures == NULL)
+        {
+          g_set_error (error, OSTREE_GPG_ERROR, OSTREE_GPG_ERROR_NO_SIGNATURE,
+                       "GPG verification enabled, but no summary signatures found (use gpg-verify-summary=false in remote config to disable)");
+          goto out;
+        }
+
+      /* Verify any summary signatures. */
+      if (summary != NULL && signatures != NULL)
+        {
+          g_autoptr(OstreeGpgVerifyResult) result = NULL;
+
+          result = ostree_repo_verify_summary (self,
+                                               name,
+                                               summary,
+                                               signatures,
+                                               cancellable,
+                                               error);
+          if (!ostree_gpg_verify_result_require_valid_signature (result, error))
+            goto out;
+        }
+    }
 
   if (!_signapi_init_for_remote (self, name, NULL,
                                  &signapi_summary_verifiers,
                                  error))
-    return FALSE;
-
-  mainctx = _ostree_main_context_new_default ();
-
-  fetcher = _ostree_repo_remote_new_fetcher (self, name, TRUE, extra_headers, append_user_agent, NULL, error);
-  if (fetcher == NULL)
-    return FALSE;
+    goto out;
 
-  if (metalink_url_string)
+  if (signapi_summary_verifiers)
     {
-      g_autoptr(OstreeFetcherURI) uri = _ostree_fetcher_uri_parse (metalink_url_string, error);
-      if (!uri)
-        return FALSE;
+      if (summary == NULL)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
+                       "Signature verification enabled, but no summary found (check that the configured URL in remote config is correct)");
+          goto out;
+        }
 
-      mirrorlist =
-        g_ptr_array_new_with_free_func ((GDestroyNotify) _ostree_fetcher_uri_free);
-      g_ptr_array_add (mirrorlist, g_steal_pointer (&uri));
-    }
-  else if (!compute_effective_mirrorlist (self, name, url_override,
-                                          fetcher, n_network_retries,
-                                          &mirrorlist, cancellable, error))
-    return FALSE;
+      if (signatures == NULL)
+        {
+          g_set_error (error, G_IO_ERROR, G_IO_ERROR_NOT_FOUND,
+                       "Signature verification enabled, but no summary signatures found (use sign-verify-summary=false in remote config to disable)");
+          goto out;
+        }
 
-  /* FIXME: Send the ETag from the cache with the request for summary.sig to
-   * avoid downloading summary.sig unnecessarily. This won’t normally provide
-   * any benefits (but won’t do any harm) since summary.sig is typically 500B
-   * in size. But if a repository has multiple keys, the signature file will
-   * grow and this optimisation may be useful. */
-  if (!_ostree_preload_metadata_file (self,
-                                      fetcher,
-                                      mirrorlist,
-                                      "summary.sig",
-                                      metalink_url_string ? TRUE : FALSE,
-                                      n_network_retries,
-                                      &signatures,
-                                      cancellable,
-                                      error))
-    return FALSE;
+      /* Verify any summary signatures. */
+      if (summary != NULL && signatures != NULL)
+        {
+          g_autoptr(GVariant) sig_variant = NULL;
 
-  if (signatures)
-    {
-      if (!_ostree_repo_load_cache_summary_if_same_sig (self,
-                                                        name,
-                                                        signatures,
-                                                        &summary,
-                                                        cancellable,
-                                                        error))
-        return FALSE;
-    }
+          sig_variant = g_variant_new_from_bytes (OSTREE_SUMMARY_SIG_GVARIANT_FORMAT,
+                                                  signatures, FALSE);
 
-  if (summary)
-    summary_is_from_cache = TRUE;
-  else
-    {
-      if (!_ostree_preload_metadata_file (self,
-                                          fetcher,
-                                          mirrorlist,
-                                          "summary",
-                                          metalink_url_string ? TRUE : FALSE,
-                                          n_network_retries,
-                                          &summary,
-                                          cancellable,
-                                          error))
-        return FALSE;
+          if (!_sign_verify_for_remote (signapi_summary_verifiers, summary, sig_variant, NULL, error))
+            goto out;
+        }
     }
 
-  if (!_ostree_repo_verify_summary (self, name,
-                                    gpg_verify_summary, signapi_summary_verifiers,
-                                    summary, signatures,
-                                    cancellable, error))
-      return FALSE;
-
   if (!summary_is_from_cache && summary && signatures)
     {
       g_autoptr(GError) temp_error = NULL;
@@ -6224,7 +6159,7 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo    *self,
           else
             {
               g_propagate_error (error, g_steal_pointer (&temp_error));
-              return FALSE;
+              goto out;
             }
         }
     }
@@ -6235,7 +6170,10 @@ ostree_repo_remote_fetch_summary_with_options (OstreeRepo    *self,
   if (out_signatures != NULL)
     *out_signatures = g_steal_pointer (&signatures);
 
-  return TRUE;
+  ret = TRUE;
+
+out:
+  return ret;
 }
 
 #else /* HAVE_LIBCURL_OR_LIBSOUP */
diff --git a/src/libostree/ostree-repo-static-delta-compilation.c b/src/libostree/ostree-repo-static-delta-compilation.c
index 753f8ae..3e9a8e3 100644
--- a/src/libostree/ostree-repo-static-delta-compilation.c
+++ b/src/libostree/ostree-repo-static-delta-compilation.c
@@ -36,8 +36,6 @@
 #include "libglnx.h"
 #include "ostree-varint.h"
 #include "bsdiff/bsdiff.h"
-#include "ostree-autocleanups.h"
-#include "ostree-sign.h"
 
 #define CONTENT_SIZE_SIMILARITY_THRESHOLD_PERCENT (30)
 
@@ -1337,8 +1335,6 @@ get_fallback_headers (OstreeRepo               *self,
  *   - verbose: b: Print diagnostic messages.  Default FALSE.
  *   - endianness: b: Deltas use host byte order by default; this option allows choosing (G_BIG_ENDIAN or G_LITTLE_ENDIAN)
  *   - filename: ay: Save delta superblock to this filename, and parts in the same directory.  Default saves to repository.
- *   - sign-name: ay: Signature type to use.
- *   - sign-key-ids: as: Array of keys used to sign delta superblock.
  */
 gboolean
 ostree_repo_static_delta_generate (OstreeRepo                   *self,
@@ -1372,8 +1368,6 @@ ostree_repo_static_delta_generate (OstreeRepo                   *self,
   g_autoptr(GPtrArray) builder_fallback_objects = g_ptr_array_new_with_free_func ((GDestroyNotify)g_variant_unref);
   g_auto(GLnxTmpfile) descriptor_tmpf = { 0, };
   g_autoptr(OtVariantBuilder) descriptor_builder = NULL;
-  const char *opt_sign_name;
-  const char **opt_key_ids;
 
   if (!g_variant_lookup (params, "min-fallback-size", "u", &min_fallback_size))
     min_fallback_size = 4;
@@ -1413,12 +1407,6 @@ ostree_repo_static_delta_generate (OstreeRepo                   *self,
   if (!g_variant_lookup (params, "filename", "^&ay", &opt_filename))
     opt_filename = NULL;
 
-  if (!g_variant_lookup (params, "sign-name", "^&ay", &opt_sign_name))
-    opt_sign_name = NULL;
-
-  if (!g_variant_lookup (params, "sign-key-ids", "^a&s", &opt_key_ids))
-    opt_key_ids = NULL;
-
   if (!ostree_repo_load_variant (self, OSTREE_OBJECT_TYPE_COMMIT, to,
                                  &to_commit, error))
     return FALSE;
@@ -1454,7 +1442,7 @@ ostree_repo_static_delta_generate (OstreeRepo                   *self,
                                   cancellable, error))
     return FALSE;
 
-  if (!glnx_open_tmpfile_linkable_at (descriptor_dfd, ".", O_RDWR | O_CLOEXEC,
+  if (!glnx_open_tmpfile_linkable_at (descriptor_dfd, ".", O_WRONLY | O_CLOEXEC,
                                       &descriptor_tmpf, error))
     return FALSE;
 
@@ -1598,85 +1586,12 @@ ostree_repo_static_delta_generate (OstreeRepo                   *self,
       g_printerr ("bsdiff=%u objects\n", builder.n_bsdiff);
     }
 
-  if (opt_sign_name != NULL && opt_key_ids != NULL)
-    {
-      g_autoptr(GBytes) tmpdata = NULL;
-      g_autoptr(OstreeSign) sign = NULL;
-      const gchar *signature_key = NULL;
-      g_autoptr(GVariantBuilder) signature_builder = NULL;
-      g_auto(GLnxTmpfile) descriptor_sign_tmpf = { 0, };
-      g_autoptr(OtVariantBuilder) descriptor_sign_builder = NULL;
-
-      lseek (descriptor_tmpf.fd, 0, SEEK_SET);
-      tmpdata = glnx_fd_readall_bytes (descriptor_tmpf.fd, cancellable, error);
-      if (!tmpdata)
-        return FALSE;
-
-      sign = ostree_sign_get_by_name (opt_sign_name, error);
-      if (sign == NULL)
-        return FALSE;
-
-      signature_key = ostree_sign_metadata_key (sign);
-      const gchar *signature_format = ostree_sign_metadata_format (sign);
-
-      signature_builder = g_variant_builder_new (G_VARIANT_TYPE (signature_format));
-
-      for (const char **iter = opt_key_ids; iter && *iter; iter++)
-        {
-          const char *keyid = *iter;
-          g_autoptr(GVariant) secret_key = NULL;
-          g_autoptr(GBytes) signature_bytes = NULL;
-
-          secret_key = g_variant_new_string (keyid);
-          if (!ostree_sign_set_sk (sign, secret_key, error))
-              return FALSE;
-
-          if (!ostree_sign_data (sign, tmpdata, &signature_bytes,
-                                 NULL, error))
-            return FALSE;
-
-          g_variant_builder_add (signature_builder, "@ay", ot_gvariant_new_ay_bytes (signature_bytes));
-        }
-
-      if (!glnx_open_tmpfile_linkable_at (descriptor_dfd, ".", O_WRONLY | O_CLOEXEC,
-                                          &descriptor_sign_tmpf, error))
-        return FALSE;
-
-      descriptor_sign_builder = ot_variant_builder_new (G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SIGNED_FORMAT),
-                                                        descriptor_sign_tmpf.fd);
+  if (fchmod (descriptor_tmpf.fd, 0644) < 0)
+    return glnx_throw_errno_prefix (error, "fchmod");
 
-      if (!ot_variant_builder_add (descriptor_sign_builder, error, "t",
-                                   GUINT64_TO_BE (OSTREE_STATIC_DELTA_SIGNED_MAGIC)))
-        return FALSE;
-      if (!ot_variant_builder_add (descriptor_sign_builder, error, "@ay", ot_gvariant_new_ay_bytes (tmpdata)))
-        return FALSE;
-      if (!ot_variant_builder_open (descriptor_sign_builder, G_VARIANT_TYPE ("a{sv}"), error))
-        return FALSE;
-      if (!ot_variant_builder_add (descriptor_sign_builder, error, "{sv}",
-                                   signature_key, g_variant_builder_end(signature_builder)))
-        return FALSE;
-      if (!ot_variant_builder_close (descriptor_sign_builder, error))
-        return FALSE;
-
-      if (!ot_variant_builder_end (descriptor_sign_builder, error))
-        return FALSE;
-
-      if (fchmod (descriptor_sign_tmpf.fd, 0644) < 0)
-        return glnx_throw_errno_prefix (error, "fchmod");
-
-      if (!glnx_link_tmpfile_at (&descriptor_sign_tmpf, GLNX_LINK_TMPFILE_REPLACE,
-                                 descriptor_dfd, descriptor_name, error))
-        return FALSE;
-    }
-  else
-    {
-      if (fchmod (descriptor_tmpf.fd, 0644) < 0)
-        return glnx_throw_errno_prefix (error, "fchmod");
-
-      if (!glnx_link_tmpfile_at (&descriptor_tmpf, GLNX_LINK_TMPFILE_REPLACE,
-                                 descriptor_dfd, descriptor_name, error))
-        return FALSE;
-    }
+  if (!glnx_link_tmpfile_at (&descriptor_tmpf, GLNX_LINK_TMPFILE_REPLACE,
+                             descriptor_dfd, descriptor_name, error))
+    return FALSE;
 
   return TRUE;
 }
diff --git a/src/libostree/ostree-repo-static-delta-core.c b/src/libostree/ostree-repo-static-delta-core.c
index d83ec8c..ade4e9d 100644
--- a/src/libostree/ostree-repo-static-delta-core.c
+++ b/src/libostree/ostree-repo-static-delta-core.c
@@ -54,28 +54,6 @@ _ostree_static_delta_parse_checksum_array (GVariant      *array,
   return TRUE;
 }
 
-GVariant *
-_ostree_repo_static_delta_superblock_digest (OstreeRepo    *repo,
-                                             const char    *from,
-                                             const char    *to,
-                                             GCancellable  *cancellable,
-                                             GError       **error)
-{
-  g_autofree char *superblock = _ostree_get_relative_static_delta_superblock_path ((from && from[0]) ? from : NULL, to);
-  glnx_autofd int superblock_file_fd = -1;
-  guint8 digest[OSTREE_SHA256_DIGEST_LEN];
-
-  if (!glnx_openat_rdonly (repo->repo_dir_fd, superblock, TRUE, &superblock_file_fd, error))
-    return NULL;
-
-  g_autoptr(GBytes) superblock_content = ot_fd_readall_or_mmap (superblock_file_fd, 0, error);
-  if (!superblock_content)
-    return NULL;
-
-  ot_checksum_bytes (superblock_content, digest);
-
-  return ot_gvariant_new_bytearray (digest, sizeof (digest));
-}
 
 /**
  * ostree_repo_list_static_delta_names:
@@ -131,7 +109,7 @@ ostree_repo_list_static_delta_names (OstreeRepo                  *self,
             return FALSE;
           if (sub_dent == NULL)
             break;
-          if (sub_dent->d_type != DT_DIR)
+          if (dent->d_type != DT_DIR)
             continue;
 
           const char *name1 = dent->d_name;
@@ -210,126 +188,27 @@ _ostree_repo_static_delta_part_have_all_objects (OstreeRepo             *repo,
   return TRUE;
 }
 
-static gboolean
-_ostree_repo_static_delta_is_signed (OstreeRepo       *self,
-                                     int               fd,
-                                     GPtrArray       **out_value,
-                                     GError          **error)
-{
-  g_autoptr(GVariant) delta = NULL;
-  g_autoptr(GVariant) delta_sign_magic = NULL;
-  g_autoptr(GVariant) delta_sign = NULL;
-  GVariantIter iter;
-  GVariant *item;
-  g_autoptr(GPtrArray) signatures = NULL;
-  gboolean ret = FALSE;
-
-  if (out_value)
-    *out_value = NULL;
-
-  if (!ot_variant_read_fd (fd, 0, (GVariantType*)OSTREE_STATIC_DELTA_SIGNED_FORMAT, TRUE, &delta, error))
-    return FALSE;
-
-  delta_sign_magic = g_variant_get_child_value (delta, 0);
-  if (delta_sign_magic == NULL)
-    return glnx_throw (error, "no signatures in static-delta");
-
-  if (GUINT64_FROM_BE (g_variant_get_uint64 (delta_sign_magic)) != OSTREE_STATIC_DELTA_SIGNED_MAGIC)
-    return glnx_throw (error, "no signatures in static-delta");
-
-  delta_sign = g_variant_get_child_value (delta, 2);
-  if (delta_sign == NULL)
-    return glnx_throw (error, "no signatures in static-delta");
-
-  if (out_value)
-    signatures = g_ptr_array_new_with_free_func (g_free);
-
-  /* Check if there are signatures in the superblock */
-  g_variant_iter_init (&iter, delta_sign);
-  while ((item = g_variant_iter_next_value (&iter)))
-    {
-      g_autoptr(GVariant) key_v = g_variant_get_child_value (item, 0);
-      const char *str = g_variant_get_string (key_v, NULL);
-      if (g_str_has_prefix (str, "ostree.sign."))
-        {
-          ret = TRUE;
-          if (signatures)
-            g_ptr_array_add (signatures, g_strdup (str + strlen ("ostree.sign.")));
-        }
-      g_variant_unref (item);
-    }
-
-  if (out_value && ret)
-    ot_transfer_out_value (out_value, &signatures);
-
-  return ret;
-}
-
-static gboolean
-_ostree_repo_static_delta_verify_signature (OstreeRepo       *self,
-                                            int               fd,
-                                            OstreeSign       *sign,
-                                            char            **out_success_message,
-                                            GError          **error)
-{
-  g_autoptr(GVariant) delta = NULL;
-
-  if (!ot_variant_read_fd (fd, 0,
-                           (GVariantType*)OSTREE_STATIC_DELTA_SIGNED_FORMAT,
-                           TRUE, &delta, error))
-    return FALSE;
-
-  /* Check if there are signatures for signature engine */
-  const gchar *signature_key = ostree_sign_metadata_key(sign);
-  GVariantType *signature_format = (GVariantType *) ostree_sign_metadata_format(sign);
-  g_autoptr(GVariant) delta_meta = g_variant_get_child_value (delta, 2);
-  if (delta_meta == NULL)
-    return glnx_throw (error, "no metadata in static-delta superblock");
-  g_autoptr(GVariant) signatures = g_variant_lookup_value (delta_meta,
-                                                           signature_key,
-                                                           signature_format);
-  if (!signatures)
-    return glnx_throw (error, "no signature for '%s' in static-delta superblock", signature_key);
-
-  /* Get static delta superblock */
-  g_autoptr(GVariant) child = g_variant_get_child_value (delta, 1);
-  if (child == NULL)
-    return glnx_throw (error, "no metadata in static-delta superblock");
-  g_autoptr(GBytes) signed_data = g_variant_get_data_as_bytes(child);
-
-  return ostree_sign_data_verify (sign, signed_data, signatures, out_success_message, error);
-}
-
 /**
- * ostree_repo_static_delta_execute_offline_with_signature:
+ * ostree_repo_static_delta_execute_offline:
  * @self: Repo
  * @dir_or_file: Path to a directory containing static delta data, or directly to the superblock
- * @sign: Signature engine used to check superblock
  * @skip_validation: If %TRUE, assume data integrity
  * @cancellable: Cancellable
  * @error: Error
  *
  * Given a directory representing an already-downloaded static delta
- * on disk, apply it, generating a new commit.
- * If sign is passed, the static delta signature is verified.
- * If sign-verify-deltas configuration option is set and static delta is signed,
- * signature verification will be mandatory before apply the static delta.
- * The directory must be named with the form "FROM-TO", where both are
- * checksums, and it must contain a file named "superblock", along with at least
- * one part.
- *
- * Since: 2020.7
+ * on disk, apply it, generating a new commit.  The directory must be
+ * named with the form "FROM-TO", where both are checksums, and it
+ * must contain a file named "superblock", along with at least one part.
  */
 gboolean
-ostree_repo_static_delta_execute_offline_with_signature (OstreeRepo   *self,
-                                                         GFile        *dir_or_file,
-                                                         OstreeSign   *sign,
-                                                         gboolean     skip_validation,
-                                                         GCancellable *cancellable,
-                                                         GError       **error)
+ostree_repo_static_delta_execute_offline (OstreeRepo                    *self,
+                                          GFile                         *dir_or_file,
+                                          gboolean                       skip_validation,
+                                          GCancellable                  *cancellable,
+                                          GError                      **error)
 {
   g_autofree char *basename = NULL;
-  g_autoptr(GVariant) meta = NULL;
 
   const char *dir_or_file_path = gs_file_get_path_cached (dir_or_file);
 
@@ -355,44 +234,10 @@ ostree_repo_static_delta_execute_offline_with_signature (OstreeRepo   *self,
   if (meta_fd < 0)
     return glnx_throw_errno_prefix (error, "openat(%s)", basename);
 
-  gboolean is_signed = _ostree_repo_static_delta_is_signed (self, meta_fd, NULL, NULL);
-  if (is_signed)
-    {
-      gboolean verify_deltas;
-      gboolean verified;
-
-      if (!ot_keyfile_get_boolean_with_default (self->config, "core", "sign-verify-deltas",
-                                                FALSE, &verify_deltas, error))
-        return FALSE;
-
-      if (verify_deltas && !sign)
-        return glnx_throw (error, "Key is mandatory to check delta signature");
-
-      if (sign)
-        {
-          verified = _ostree_repo_static_delta_verify_signature (self, meta_fd, sign, NULL, error);
-          if (*error)
-            return FALSE;
-          if (!verified)
-            return glnx_throw (error, "Delta signature verification failed");
-        }
-
-      g_autoptr(GVariant) delta = NULL;
-      if (!ot_variant_read_fd (meta_fd, 0, (GVariantType*)OSTREE_STATIC_DELTA_SIGNED_FORMAT,
-                               TRUE, &delta, error))
-        return FALSE;
-
-      g_autoptr(GVariant) child = g_variant_get_child_value (delta, 1);
-      g_autoptr(GBytes) bytes = g_variant_get_data_as_bytes (child);
-      meta = g_variant_new_from_bytes ((GVariantType*)OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT,
-                                       bytes, FALSE);
-    }
-  else
-    {
-      if (!ot_variant_read_fd (meta_fd, 0, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT),
-                               FALSE, &meta, error))
-        return FALSE;
-    }
+  g_autoptr(GVariant) meta = NULL;
+  if (!ot_variant_read_fd (meta_fd, 0, G_VARIANT_TYPE (OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT),
+                           FALSE, &meta, error))
+    return FALSE;
 
   /* Parsing OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT */
 
@@ -435,8 +280,9 @@ ostree_repo_static_delta_execute_offline_with_signature (OstreeRepo   *self,
     if (!have_to_commit)
       {
         g_autofree char *detached_path = _ostree_get_relative_static_delta_path (from_checksum, to_checksum, "commitmeta");
-        g_autoptr(GVariant) detached_data =
-          g_variant_lookup_value (metadata, detached_path, G_VARIANT_TYPE("a{sv}"));
+        g_autoptr(GVariant) detached_data = NULL;
+
+        detached_data = g_variant_lookup_value (metadata, detached_path, G_VARIANT_TYPE("a{sv}"));
         if (detached_data && !ostree_repo_write_commit_detached_metadata (self,
                                                                           to_checksum,
                                                                           detached_data,
@@ -540,32 +386,6 @@ ostree_repo_static_delta_execute_offline_with_signature (OstreeRepo   *self,
   return TRUE;
 }
 
-/**
- * ostree_repo_static_delta_execute_offline:
- * @self: Repo
- * @dir_or_file: Path to a directory containing static delta data, or directly to the superblock
- * @skip_validation: If %TRUE, assume data integrity
- * @cancellable: Cancellable
- * @error: Error
- *
- * Given a directory representing an already-downloaded static delta
- * on disk, apply it, generating a new commit.  The directory must be
- * named with the form "FROM-TO", where both are checksums, and it
- * must contain a file named "superblock", along with at least one part.
- */
-gboolean
-ostree_repo_static_delta_execute_offline (OstreeRepo                    *self,
-                                          GFile                         *dir_or_file,
-                                          gboolean                       skip_validation,
-                                          GCancellable                  *cancellable,
-                                          GError                      **error)
-{
-  return ostree_repo_static_delta_execute_offline_with_signature(self, dir_or_file, NULL,
-                                                                 skip_validation,
-                                                                 cancellable,
-                                                                 error);
-}
-
 gboolean
 _ostree_static_delta_part_open (GInputStream   *part_in,
                                 GBytes         *inline_part_bytes,
@@ -906,8 +726,6 @@ _ostree_repo_static_delta_dump (OstreeRepo                    *self,
                                 GError                       **error)
 {
   glnx_autofd int superblock_fd = -1;
-  g_autoptr(GVariant) delta = NULL;
-  g_autoptr(GVariant) delta_superblock = NULL;
 
   if (strchr (delta_id, '/'))
     {
@@ -926,28 +744,13 @@ _ostree_repo_static_delta_dump (OstreeRepo                    *self,
         return FALSE;
     }
 
-  gboolean is_signed = _ostree_repo_static_delta_is_signed(self, superblock_fd, NULL, NULL);
-  if (is_signed)
-    {
-      if (!ot_variant_read_fd (superblock_fd, 0, (GVariantType*)OSTREE_STATIC_DELTA_SIGNED_FORMAT,
-                               TRUE, &delta, error))
-        return FALSE;
-
-      g_autoptr(GVariant) child = g_variant_get_child_value (delta, 1);
-      g_autoptr(GBytes) bytes = g_variant_get_data_as_bytes(child);
-      delta_superblock = g_variant_new_from_bytes ((GVariantType*)OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT,
-                                                   bytes, FALSE);
-    }
-  else
-    {
-      if (!ot_variant_read_fd (superblock_fd, 0,
-                               (GVariantType*)OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT,
-                               TRUE, &delta_superblock, error))
-        return FALSE;
-    }
+  g_autoptr(GVariant) delta_superblock = NULL;
+  if (!ot_variant_read_fd (superblock_fd, 0,
+                           (GVariantType*)OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT,
+                           TRUE, &delta_superblock, error))
+    return FALSE;
 
   g_print ("Delta: %s\n", delta_id);
-  g_print ("Signed: %s\n", is_signed ? "yes" : "no");
   g_autoptr(GVariant) from_commit_v = NULL;
   g_variant_get_child (delta_superblock, 2, "@ay", &from_commit_v);
   g_autofree char *from_commit = NULL;
@@ -1070,51 +873,3 @@ _ostree_repo_static_delta_dump (OstreeRepo                    *self,
 
   return TRUE;
 }
-
-/**
- * ostree_repo_static_delta_verify_signature:
- * @self: Repo
- * @delta_id: delta path
- * @sign: Signature engine used to check superblock
- * @out_success_message: success message
- * @error: Error
- *
- * Verify static delta file signature.
- *
- * Returns: TRUE if the signature of static delta file is valid using the
- * signature engine provided, FALSE otherwise.
- *
- * Since: 2020.7
- */
-gboolean
-ostree_repo_static_delta_verify_signature (OstreeRepo       *self,
-                                           const char       *delta_id,
-                                           OstreeSign       *sign,
-                                           char            **out_success_message,
-                                           GError          **error)
-{
-  g_autoptr(GVariant) delta_meta = NULL;
-  glnx_autofd int delta_fd = -1;
-
-  if (strchr (delta_id, '/'))
-    {
-      if (!glnx_openat_rdonly (AT_FDCWD, delta_id, TRUE, &delta_fd, error))
-        return FALSE;
-    }
-  else
-    {
-      g_autofree char *from = NULL;
-      g_autofree char *to = NULL;
-      if (!_ostree_parse_delta_name (delta_id, &from, &to, error))
-        return FALSE;
-
-      g_autofree char *delta_path = _ostree_get_relative_static_delta_superblock_path (from, to);
-      if (!glnx_openat_rdonly (self->repo_dir_fd, delta_path, TRUE, &delta_fd, error))
-        return FALSE;
-    }
-
-  if (!_ostree_repo_static_delta_is_signed (self, delta_fd, NULL, error))
-    return FALSE;
-
-  return _ostree_repo_static_delta_verify_signature (self, delta_fd, sign, out_success_message, error);
-}
diff --git a/src/libostree/ostree-repo-static-delta-private.h b/src/libostree/ostree-repo-static-delta-private.h
index 5a2e687..155acd5 100644
--- a/src/libostree/ostree-repo-static-delta-private.h
+++ b/src/libostree/ostree-repo-static-delta-private.h
@@ -104,25 +104,6 @@ G_BEGIN_DECLS
  */ 
 #define OSTREE_STATIC_DELTA_SUPERBLOCK_FORMAT "(a{sv}tayay" OSTREE_COMMIT_GVARIANT_STRING "aya" OSTREE_STATIC_DELTA_META_ENTRY_FORMAT "a" OSTREE_STATIC_DELTA_FALLBACK_FORMAT ")"
 
-/**
- * OSTREE_STATIC_DELTA_SIGNED_FORMAT
- *
- *   magic: t magic number, 8 bytes for alignment
- *   superblock: ay delta supeblock variant
- *   signatures: a{sv}
- *
- * The signed static delta starts with the 'OSTSGNDT' magic number followed by
- * the array of bytes containing the superblock used for the signature.
- *
- * Then, the signatures array contains the signatures of the superblock. A
- * signature has the following form:
- *  type: signature key
- *  signature: variant depending on type used
- */
-#define OSTREE_STATIC_DELTA_SIGNED_FORMAT "(taya{sv})"
-
-#define OSTREE_STATIC_DELTA_SIGNED_MAGIC  0x4F535453474E4454 /* OSTSGNDT */
-
 typedef enum {
   OSTREE_STATIC_DELTA_OPEN_FLAGS_NONE = 0,
   OSTREE_STATIC_DELTA_OPEN_FLAGS_SKIP_CHECKSUM = (1 << 0),
@@ -209,12 +190,6 @@ _ostree_repo_static_delta_query_exists (OstreeRepo                 *repo,
                                         gboolean                   *out_exists,
                                         GCancellable               *cancellable,
                                         GError                    **error);
-GVariant *
-_ostree_repo_static_delta_superblock_digest (OstreeRepo    *repo,
-                                             const char    *from,
-                                             const char    *to,
-                                             GCancellable  *cancellable,
-                                             GError       **error);
 
 gboolean
 _ostree_repo_static_delta_dump (OstreeRepo                 *repo,
diff --git a/src/libostree/ostree-repo.c b/src/libostree/ostree-repo.c
index ba3e877..95eb0ef 100644
--- a/src/libostree/ostree-repo.c
+++ b/src/libostree/ostree-repo.c
@@ -3782,14 +3782,14 @@ load_metadata_internal (OstreeRepo       *self,
           g_autofree char *commitpartial_path = _ostree_get_commitpartial_path (sha256);
           *out_state = 0;
 
-          glnx_autofd int commitpartial_fd = -1;
-          if (!ot_openat_ignore_enoent (self->repo_dir_fd, commitpartial_path, &commitpartial_fd, error))
+          glnx_autofd int fd = -1;
+          if (!ot_openat_ignore_enoent (self->repo_dir_fd, commitpartial_path, &fd, error))
             return FALSE;
-          if (commitpartial_fd != -1)
+          if (fd != -1)
             {
               *out_state |= OSTREE_REPO_COMMIT_STATE_PARTIAL;
                char reason;
-               if (read (commitpartial_fd, &reason, 1) == 1)
+               if (read (fd, &reason, 1) == 1)
                  {
                    if (reason == 'f')
                      *out_state |= OSTREE_REPO_COMMIT_STATE_FSCK_PARTIAL;
@@ -5793,18 +5793,25 @@ ostree_repo_regenerate_summary (OstreeRepo     *self,
       {
         g_autofree char *from = NULL;
         g_autofree char *to = NULL;
-        GVariant *digest;
-
         if (!_ostree_parse_delta_name (delta_names->pdata[i], &from, &to, error))
           return FALSE;
 
-        digest = _ostree_repo_static_delta_superblock_digest (self,
-                                                              (from && from[0]) ? from : NULL,
-                                                              to, cancellable, error);
-        if (digest == NULL)
+        g_autofree char *superblock = _ostree_get_relative_static_delta_superblock_path ((from && from[0]) ? from : NULL, to);
+        glnx_autofd int superblock_file_fd = -1;
+
+        if (!glnx_openat_rdonly (self->repo_dir_fd, superblock, TRUE, &superblock_file_fd, error))
           return FALSE;
 
-        g_variant_dict_insert_value (&deltas_builder, delta_names->pdata[i], digest);
+        g_autoptr(GBytes) superblock_content = ot_fd_readall_or_mmap (superblock_file_fd, 0, error);
+        if (!superblock_content)
+          return FALSE;
+        g_auto(OtChecksum) hasher = { 0, };
+        ot_checksum_init (&hasher);
+        ot_checksum_update_bytes (&hasher, superblock_content);
+        guint8 digest[OSTREE_SHA256_DIGEST_LEN];
+        ot_checksum_get_digest (&hasher, digest, sizeof (digest));
+
+        g_variant_dict_insert_value (&deltas_builder, delta_names->pdata[i], ot_gvariant_new_bytearray (digest, sizeof (digest)));
       }
 
     if (delta_names->len > 0)
@@ -5816,24 +5823,6 @@ ostree_repo_regenerate_summary (OstreeRepo     *self,
                                  g_variant_new_uint64 (GUINT64_TO_BE (g_get_real_time () / G_USEC_PER_SEC)));
   }
 
-  {
-    g_autofree char *remote_mode_str = NULL;
-    if (!ot_keyfile_get_value_with_default (self->config, "core", "mode", "bare",
-                                            &remote_mode_str, error))
-      return FALSE;
-    g_variant_dict_insert_value (&additional_metadata_builder, OSTREE_SUMMARY_MODE,
-                                 g_variant_new_string (remote_mode_str));
-  }
-
-  {
-    gboolean tombstone_commits = FALSE;
-    if (!ot_keyfile_get_boolean_with_default (self->config, "core", "tombstone-commits", FALSE,
-                                              &tombstone_commits, error))
-      return FALSE;
-    g_variant_dict_insert_value (&additional_metadata_builder, OSTREE_SUMMARY_TOMBSTONE_COMMITS,
-                                 g_variant_new_boolean (tombstone_commits));
-  }
-
   /* Add refs which have a collection specified, which could be in refs/mirrors,
    * refs/heads, and/or refs/remotes. */
   {
@@ -5849,19 +5838,19 @@ ostree_repo_regenerate_summary (OstreeRepo     *self,
     collection_map = g_hash_table_new_full (g_str_hash, g_str_equal, NULL,
                                             (GDestroyNotify) g_hash_table_unref);
 
-    const OstreeCollectionRef *c_ref;
+    const OstreeCollectionRef *ref;
     const char *checksum;
-    while (g_hash_table_iter_next (&iter, (gpointer *) &c_ref, (gpointer *) &checksum))
+    while (g_hash_table_iter_next (&iter, (gpointer *) &ref, (gpointer *) &checksum))
       {
-        GHashTable *ref_map = g_hash_table_lookup (collection_map, c_ref->collection_id);
+        GHashTable *ref_map = g_hash_table_lookup (collection_map, ref->collection_id);
 
         if (ref_map == NULL)
           {
             ref_map = g_hash_table_new_full (g_str_hash, g_str_equal, NULL, NULL);
-            g_hash_table_insert (collection_map, c_ref->collection_id, ref_map);
+            g_hash_table_insert (collection_map, ref->collection_id, ref_map);
           }
 
-        g_hash_table_insert (ref_map, c_ref->ref_name, (gpointer) checksum);
+        g_hash_table_insert (ref_map, ref->ref_name, (gpointer) checksum);
       }
 
     g_autoptr(GVariantBuilder) collection_refs_builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sa(s(taya{sv}))}"));
diff --git a/src/libostree/ostree-repo.h b/src/libostree/ostree-repo.h
index d52fc9c..e28af29 100644
--- a/src/libostree/ostree-repo.h
+++ b/src/libostree/ostree-repo.h
@@ -32,7 +32,6 @@
 #include "ostree-repo-finder.h"
 #include "ostree-sepolicy.h"
 #include "ostree-gpg-verify-result.h"
-#include "ostree-sign.h"
 
 G_BEGIN_DECLS
 
@@ -1069,14 +1068,6 @@ gboolean ostree_repo_static_delta_generate (OstreeRepo                   *self,
                                             GError                      **error);
 
 _OSTREE_PUBLIC
-gboolean ostree_repo_static_delta_execute_offline_with_signature (OstreeRepo   *self,
-                                                                  GFile        *dir_or_file,
-                                                                  OstreeSign   *sign,
-                                                                  gboolean     skip_validation,
-                                                                  GCancellable *cancellable,
-                                                                  GError       **error);
-
-_OSTREE_PUBLIC
 gboolean ostree_repo_static_delta_execute_offline (OstreeRepo                    *self,
                                                    GFile                         *dir_or_file,
                                                    gboolean                       skip_validation,
@@ -1084,13 +1075,6 @@ gboolean ostree_repo_static_delta_execute_offline (OstreeRepo                   
                                                    GError                      **error);
 
 _OSTREE_PUBLIC
-gboolean ostree_repo_static_delta_verify_signature (OstreeRepo       *self,
-                                                    const char       *delta_id,
-                                                    OstreeSign       *sign,
-                                                    char            **out_success_message,
-                                                    GError          **error);
-
-_OSTREE_PUBLIC
 GHashTable *ostree_repo_traverse_new_reachable (void);
 
 _OSTREE_PUBLIC
diff --git a/src/libostree/ostree-sign.c b/src/libostree/ostree-sign.c
index eeef96d..bcb5d0a 100644
--- a/src/libostree/ostree-sign.c
+++ b/src/libostree/ostree-sign.c
@@ -271,7 +271,7 @@ ostree_sign_load_pk (OstreeSign *self,
  * ostree_sign_data:
  * @self: an #OstreeSign object
  * @data: the raw data to be signed with pre-loaded secret key
- * @signature: (out): in case of success will contain signature
+ * @signature: in case of success will contain signature
  * @cancellable: A #GCancellable
  * @error: a #GError
  *
@@ -305,7 +305,6 @@ ostree_sign_data (OstreeSign *self,
  * @self: an #OstreeSign object
  * @data: the raw data to check
  * @signatures: the signatures to be checked
- * @out_success_message: (out) (nullable) (optional): success message returned by the signing engine
  * @error: a #GError
  *
  * Verify given data against signatures with pre-loaded public keys.
@@ -365,7 +364,7 @@ _sign_detached_metadata_append (OstreeSign *self,
                                signature_key,
                                g_variant_builder_end (signature_builder));
 
-  return  g_variant_ref_sink (g_variant_dict_end (&metadata_dict));
+  return  g_variant_dict_end (&metadata_dict);
 }
 
 /**
@@ -373,7 +372,6 @@ _sign_detached_metadata_append (OstreeSign *self,
  * @self: an #OstreeSign object
  * @repo: an #OsreeRepo object
  * @commit_checksum: SHA256 of given commit to verify
- * @out_success_message: (out) (nullable) (optional): success message returned by the signing engine
  * @cancellable: A #GCancellable
  * @error: a #GError
  *
@@ -595,8 +593,6 @@ ostree_sign_get_by_name (const gchar *name, GError **error)
  * Based on ostree_repo_add_gpg_signature_summary implementation.
  *
  * Returns: @TRUE if summary file has been signed with all provided keys
- *
- * Since: 2020.2
  */
 gboolean
 ostree_sign_summary (OstreeSign    *self,
diff --git a/src/libostree/ostree-sign.h b/src/libostree/ostree-sign.h
index 75dd483..0d06905 100644
--- a/src/libostree/ostree-sign.h
+++ b/src/libostree/ostree-sign.h
@@ -52,8 +52,6 @@ G_GNUC_END_IGNORE_DEPRECATIONS
 /**
  * OSTREE_SIGN_NAME_ED25519:
  * The name of the default ed25519 signing type.
- *
- * Since: 2020.4
  */
 #define OSTREE_SIGN_NAME_ED25519 "ed25519"
 
diff --git a/src/libostree/ostree-soup-uri.c b/src/libostree/ostree-soup-uri.c
index ba14e5c..a3fa2ac 100644
--- a/src/libostree/ostree-soup-uri.c
+++ b/src/libostree/ostree-soup-uri.c
@@ -348,7 +348,7 @@ soup_uri_new_with_base (SoupURI *base, const char *uri_string)
 {
 	SoupURI *uri, fixed_base;
 	const char *end, *hash, *colon, *at, *path, *question;
-	const char *c, *hostend;
+	const char *p, *hostend;
 	gboolean remove_dot_segments = TRUE;
 	int len;
 
@@ -402,17 +402,17 @@ soup_uri_new_with_base (SoupURI *base, const char *uri_string)
 	}
 
 	/* Find scheme */
-	c = uri_string;
-	while (c < end && (g_ascii_isalpha (*c) ||
-			   (c > uri_string && (g_ascii_isdigit (*c) ||
-					       *c == '.' ||
-					       *c == '+' ||
-					       *c == '-'))))
-		c++;
-
-	if (c > uri_string && *c == ':') {
-		uri->scheme = soup_uri_parse_scheme (uri_string, c - uri_string);
-		uri_string = c + 1;
+	p = uri_string;
+	while (p < end && (g_ascii_isalpha (*p) ||
+			   (p > uri_string && (g_ascii_isdigit (*p) ||
+					       *p == '.' ||
+					       *p == '+' ||
+					       *p == '-'))))
+		p++;
+
+	if (p > uri_string && *p == ':') {
+		uri->scheme = soup_uri_parse_scheme (uri_string, p - uri_string);
+		uri_string = p + 1;
 	}
 
 	if (uri_string == end && !base && !uri->fragment) {
diff --git a/src/libostree/ostree-sysroot-cleanup.c b/src/libostree/ostree-sysroot-cleanup.c
index 2712283..71d978e 100644
--- a/src/libostree/ostree-sysroot-cleanup.c
+++ b/src/libostree/ostree-sysroot-cleanup.c
@@ -295,11 +295,9 @@ cleanup_old_deployments (OstreeSysroot       *self,
 
   /* Load all active deployments referenced by bootloader configuration. */
   g_autoptr(GHashTable) active_deployment_dirs =
-    g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
+    g_hash_table_new_full (g_str_hash, (GEqualFunc)g_str_equal, g_free, NULL);
   g_autoptr(GHashTable) active_boot_checksums =
-    g_hash_table_new_full (g_str_hash, g_str_equal, g_free, NULL);
-  g_autoptr(GHashTable) active_overlay_initrds =
-    g_hash_table_new (g_str_hash, g_str_equal); /* borrows from deployment's bootconfig */
+    g_hash_table_new_full (g_str_hash, (GEqualFunc)g_str_equal, g_free, NULL);
   for (guint i = 0; i < self->deployments->len; i++)
     {
       OstreeDeployment *deployment = self->deployments->pdata[i];
@@ -308,11 +306,6 @@ cleanup_old_deployments (OstreeSysroot       *self,
       /* Transfer ownership */
       g_hash_table_replace (active_deployment_dirs, deployment_path, deployment_path);
       g_hash_table_replace (active_boot_checksums, bootcsum, bootcsum);
-
-      OstreeBootconfigParser *bootconfig = ostree_deployment_get_bootconfig (deployment);
-      char **initrds = ostree_bootconfig_parser_get_overlay_initrds (bootconfig);
-      for (char **it = initrds; it && *it; it++)
-        g_hash_table_add (active_overlay_initrds, (char*)glnx_basename (*it));
     }
 
   /* Find all deployment directories, both active and inactive */
@@ -356,42 +349,6 @@ cleanup_old_deployments (OstreeSysroot       *self,
         return FALSE;
     }
 
-  /* Clean up overlay initrds */
-  glnx_autofd int overlays_dfd =
-    glnx_opendirat_with_errno (self->sysroot_fd, _OSTREE_SYSROOT_INITRAMFS_OVERLAYS, FALSE);
-  if (overlays_dfd < 0)
-    {
-      if (errno != ENOENT)
-        return glnx_throw_errno_prefix (error, "open(initrd_overlays)");
-    }
-  else
-    {
-      g_autoptr(GPtrArray) initrds_to_delete = g_ptr_array_new_with_free_func (g_free);
-      g_auto(GLnxDirFdIterator) dfd_iter = { 0, };
-      if (!glnx_dirfd_iterator_init_at (overlays_dfd, ".", TRUE, &dfd_iter, error))
-        return FALSE;
-      while (TRUE)
-        {
-          struct dirent *dent;
-          if (!glnx_dirfd_iterator_next_dent_ensure_dtype (&dfd_iter, &dent, cancellable, error))
-            return FALSE;
-          if (dent == NULL)
-            break;
-
-          /* there shouldn't be other file types there, but let's be conservative */
-          if (dent->d_type != DT_REG)
-            continue;
-
-          if (!g_hash_table_lookup (active_overlay_initrds, dent->d_name))
-            g_ptr_array_add (initrds_to_delete, g_strdup (dent->d_name));
-        }
-      for (guint i = 0; i < initrds_to_delete->len; i++)
-        {
-          if (!ot_ensure_unlinked_at (overlays_dfd, initrds_to_delete->pdata[i], error))
-            return FALSE;
-        }
-    }
-
   return TRUE;
 }
 
diff --git a/src/libostree/ostree-sysroot-deploy.c b/src/libostree/ostree-sysroot-deploy.c
index 7b7ba5e..cb59302 100644
--- a/src/libostree/ostree-sysroot-deploy.c
+++ b/src/libostree/ostree-sysroot-deploy.c
@@ -111,6 +111,7 @@ install_into_boot (OstreeRepo *repo,
                    const char *src_subpath,
                    int         dest_dfd,
                    const char *dest_subpath,
+                   OstreeSysrootDebugFlags flags,
                    GCancellable  *cancellable,
                    GError       **error)
 {
@@ -272,13 +273,13 @@ checksum_dir_recurse (int          dfd,
         }
       else
         {
-          glnx_autofd int fd = -1;
+          int fd;
 
           if (!ot_openat_ignore_enoent (dfditer.fd, d_name, &fd, error))
             return FALSE;
           if (fd != -1)
             {
-              g_autoptr(GInputStream) in = g_unix_input_stream_new (glnx_steal_fd (&fd), TRUE);
+              g_autoptr(GInputStream) in = g_unix_input_stream_new (fd, FALSE);
               if (!ot_gio_splice_update_checksum (NULL, in, checksum, cancellable, error))
                 return FALSE;
             }
@@ -313,7 +314,7 @@ copy_dir_recurse (int              src_parent_dfd,
 
   if (!dirfd_copy_attributes_and_xattrs (src_parent_dfd, name, src_dfd_iter.fd, dest_dfd,
                                          flags, cancellable, error))
-    return glnx_prefix_error (error, "Copying attributes of %s", name);
+    return FALSE;
 
   while (TRUE)
     {
@@ -340,7 +341,7 @@ copy_dir_recurse (int              src_parent_dfd,
                                   dest_dfd, dent->d_name,
                                   sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
                                   cancellable, error))
-            return glnx_prefix_error (error, "Copying %s", dent->d_name);
+            return FALSE;
         }
     }
 
@@ -488,7 +489,7 @@ copy_modified_config_file (int                 orig_etc_fd,
                               new_etc_fd, path,
                               sysroot_flags_to_copy_flags (GLNX_FILE_COPY_OVERWRITE, flags),
                               cancellable, error))
-        return glnx_prefix_error (error, "Copying %s", path);
+        return FALSE;
     }
   else
     {
@@ -1028,8 +1029,7 @@ _ostree_kernel_layout_new (void)
 
 /* See get_kernel_from_tree() below */
 static gboolean
-get_kernel_from_tree_usrlib_modules (OstreeSysroot       *sysroot,
-                                     int                  deployment_dfd,
+get_kernel_from_tree_usrlib_modules (int                  deployment_dfd,
                                      OstreeKernelLayout **out_layout,
                                      GCancellable        *cancellable,
                                      GError             **error)
@@ -1138,41 +1138,37 @@ get_kernel_from_tree_usrlib_modules (OstreeSysroot       *sysroot,
   g_clear_object (&in);
   glnx_close_fd (&fd);
 
-  /* Testing aid for https://github.com/ostreedev/ostree/issues/2154 */
-  const gboolean no_dtb = (sysroot->debug_flags & OSTREE_SYSROOT_DEBUG_TEST_NO_DTB) > 0;
-  if (!no_dtb)
+  /* Check for /usr/lib/modules/$kver/devicetree first, if it does not
+   * exist check for /usr/lib/modules/$kver/dtb/ directory.
+   */
+  if (!ot_openat_ignore_enoent (ret_layout->boot_dfd, "devicetree", &fd, error))
+    return FALSE;
+  if (fd != -1)
     {
-      /* Check for /usr/lib/modules/$kver/devicetree first, if it does not
-      * exist check for /usr/lib/modules/$kver/dtb/ directory.
-      */
-      if (!ot_openat_ignore_enoent (ret_layout->boot_dfd, "devicetree", &fd, error))
+      ret_layout->devicetree_srcpath = g_strdup ("devicetree");
+      ret_layout->devicetree_namever = g_strdup_printf ("devicetree-%s", kver);
+      in = g_unix_input_stream_new (fd, FALSE);
+      if (!ot_gio_splice_update_checksum (NULL, in, &checksum, cancellable, error))
+        return FALSE;
+    }
+  else
+    {
+      struct stat stbuf;
+      /* Check for dtb directory */
+      if (!glnx_fstatat_allow_noent (ret_layout->boot_dfd, "dtb", &stbuf, 0, error))
         return FALSE;
-      if (fd != -1)
-        {
-          ret_layout->devicetree_srcpath = g_strdup ("devicetree");
-          ret_layout->devicetree_namever = g_strdup_printf ("devicetree-%s", kver);
-          in = g_unix_input_stream_new (fd, FALSE);
-          if (!ot_gio_splice_update_checksum (NULL, in, &checksum, cancellable, error))
-            return FALSE;
-        }
-      else
-        {
-          struct stat stbuf;
-          /* Check for dtb directory */
-          if (!glnx_fstatat_allow_noent (ret_layout->boot_dfd, "dtb", &stbuf, 0, error))
-            return FALSE;
 
-          if (errno == 0 && S_ISDIR (stbuf.st_mode))
-            {
-              /* devicetree_namever set to NULL indicates a complete directory */
-              ret_layout->devicetree_srcpath = g_strdup ("dtb");
-              ret_layout->devicetree_namever = NULL;
+      if (errno == 0 && S_ISDIR (stbuf.st_mode))
+        {
+          /* devicetree_namever set to NULL indicates a complete directory */
+          ret_layout->devicetree_srcpath = g_strdup ("dtb");
+          ret_layout->devicetree_namever = NULL;
 
-              if (!checksum_dir_recurse(ret_layout->boot_dfd, "dtb", &checksum, cancellable, error))
-                return FALSE;
-            }
+          if (!checksum_dir_recurse(ret_layout->boot_dfd, "dtb", &checksum, cancellable, error))
+            return FALSE;
         }
     }
+
   g_clear_object (&in);
   glnx_close_fd (&fd);
 
@@ -1341,8 +1337,7 @@ get_kernel_from_tree_legacy_layouts (int                  deployment_dfd,
  * initramfs there, so we need to look in /usr/lib/ostree-boot first.
  */
 static gboolean
-get_kernel_from_tree (OstreeSysroot       *sysroot,
-                      int                  deployment_dfd,
+get_kernel_from_tree (int                  deployment_dfd,
                       OstreeKernelLayout **out_layout,
                       GCancellable        *cancellable,
                       GError             **error)
@@ -1351,7 +1346,7 @@ get_kernel_from_tree (OstreeSysroot       *sysroot,
   g_autoptr(OstreeKernelLayout) legacy_layout = NULL;
 
   /* First, gather from usr/lib/modules/$kver if it exists */
-  if (!get_kernel_from_tree_usrlib_modules (sysroot, deployment_dfd, &usrlib_modules_layout, cancellable, error))
+  if (!get_kernel_from_tree_usrlib_modules (deployment_dfd, &usrlib_modules_layout, cancellable, error))
     return FALSE;
 
   /* Gather the legacy layout */
@@ -1767,7 +1762,7 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
 
   /* Find the kernel/initramfs/devicetree in the tree */
   g_autoptr(OstreeKernelLayout) kernel_layout = NULL;
-  if (!get_kernel_from_tree (sysroot, deployment_dfd, &kernel_layout,
+  if (!get_kernel_from_tree (deployment_dfd, &kernel_layout,
                              cancellable, error))
     return FALSE;
 
@@ -1777,6 +1772,7 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
 
   const char *osname = ostree_deployment_get_osname (deployment);
   const char *bootcsum = ostree_deployment_get_bootcsum (deployment);
+  g_assert_cmpstr (kernel_layout->bootcsum, ==, bootcsum);
   g_autofree char *bootcsumdir = g_strdup_printf ("ostree/%s-%s", osname, bootcsum);
   g_autofree char *bootconfdir = g_strdup_printf ("loader.%d/entries", new_bootversion);
   g_autofree char *bootconf_name = g_strdup_printf ("ostree-%d-%s.conf",
@@ -1802,6 +1798,7 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
     {
       if (!install_into_boot (repo, sepolicy, kernel_layout->boot_dfd, kernel_layout->kernel_srcpath,
                               bootcsum_dfd, kernel_layout->kernel_namever,
+                              sysroot->debug_flags,
                               cancellable, error))
         return FALSE;
     }
@@ -1818,6 +1815,7 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
         {
           if (!install_into_boot (repo, sepolicy, kernel_layout->boot_dfd, kernel_layout->initramfs_srcpath,
                                   bootcsum_dfd, kernel_layout->initramfs_namever,
+                                  sysroot->debug_flags,
                                   cancellable, error))
             return FALSE;
         }
@@ -1834,6 +1832,7 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
             {
               if (!install_into_boot (repo, sepolicy, kernel_layout->boot_dfd, kernel_layout->devicetree_srcpath,
                                       bootcsum_dfd, kernel_layout->devicetree_namever,
+                                      sysroot->debug_flags,
                                       cancellable, error))
                 return FALSE;
             }
@@ -1854,52 +1853,12 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
         {
           if (!install_into_boot (repo, sepolicy, kernel_layout->boot_dfd, kernel_layout->kernel_hmac_srcpath,
                                   bootcsum_dfd, kernel_layout->kernel_hmac_namever,
+                                  sysroot->debug_flags,
                                   cancellable, error))
             return FALSE;
         }
     }
 
-  g_autoptr(GPtrArray) overlay_initrds = NULL;
-  for (char **it = _ostree_deployment_get_overlay_initrds (deployment); it && *it; it++)
-    {
-      char *checksum = *it;
-
-      /* Overlay initrds are not part of the bootcsum dir; they're not part of the tree
-       * proper. Instead they're in /boot/ostree/initramfs-overlays/ named by their csum.
-       * Doing it this way allows sharing the same bootcsum dir for multiple deployments
-       * with the only change being in overlay initrds (or conversely, the same overlay
-       * across different boocsums). Eventually, it'd be nice to have an OSTree repo in
-       * /boot itself and drop the boocsum dir concept entirely. */
-
-      g_autofree char *destpath =
-        g_strdup_printf ("/" _OSTREE_SYSROOT_BOOT_INITRAMFS_OVERLAYS "/%s.img", checksum);
-      const char *rel_destpath = destpath + 1;
-
-      /* lazily allocate array and create dir so we don't pollute /boot if not needed */
-      if (overlay_initrds == NULL)
-        {
-          overlay_initrds = g_ptr_array_new_with_free_func (g_free);
-
-          if (!glnx_shutil_mkdir_p_at (boot_dfd, _OSTREE_SYSROOT_BOOT_INITRAMFS_OVERLAYS,
-                                       0755, cancellable, error))
-            return FALSE;
-        }
-
-      if (!glnx_fstatat_allow_noent (boot_dfd, rel_destpath, NULL, 0, error))
-        return FALSE;
-      if (errno == ENOENT)
-        {
-          g_autofree char *srcpath =
-            g_strdup_printf (_OSTREE_SYSROOT_RUNSTATE_STAGED_INITRDS_DIR "/%s", checksum);
-          if (!install_into_boot (repo, sepolicy, AT_FDCWD, srcpath, boot_dfd, rel_destpath,
-                                  cancellable, error))
-            return FALSE;
-        }
-
-      /* these are used lower down to populate the bootconfig */
-      g_ptr_array_add (overlay_initrds, g_steal_pointer (&destpath));
-    }
-
   g_autofree char *contents = NULL;
   if (!glnx_fstatat_allow_noent (deployment_dfd, "usr/lib/os-release", &stbuf, 0, error))
     return FALSE;
@@ -1976,15 +1935,8 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
 
   if (kernel_layout->initramfs_namever)
     {
-      g_autofree char * initrd_boot_relpath =
-        g_strconcat ("/", bootcsumdir, "/", kernel_layout->initramfs_namever, NULL);
-      ostree_bootconfig_parser_set (bootconfig, "initrd", initrd_boot_relpath);
-
-      if (overlay_initrds)
-        {
-          g_ptr_array_add (overlay_initrds, NULL);
-          ostree_bootconfig_parser_set_overlay_initrds (bootconfig, (char**)overlay_initrds->pdata);
-        }
+      g_autofree char * boot_relpath = g_strconcat ("/", bootcsumdir, "/", kernel_layout->initramfs_namever, NULL);
+      ostree_bootconfig_parser_set (bootconfig, "initrd", boot_relpath);
     }
   else
     {
@@ -1997,8 +1949,8 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
 
   if (kernel_layout->devicetree_namever)
     {
-      g_autofree char * dt_boot_relpath = g_strconcat ("/", bootcsumdir, "/", kernel_layout->devicetree_namever, NULL);
-      ostree_bootconfig_parser_set (bootconfig, "devicetree", dt_boot_relpath);
+      g_autofree char * boot_relpath = g_strconcat ("/", bootcsumdir, "/", kernel_layout->devicetree_namever, NULL);
+      ostree_bootconfig_parser_set (bootconfig, "devicetree", boot_relpath);
     }
   else if (kernel_layout->devicetree_srcpath)
     {
@@ -2006,8 +1958,8 @@ install_deployment_kernel (OstreeSysroot   *sysroot,
        * want to point to a whole directory of device trees.
        * See: https://github.com/ostreedev/ostree/issues/1900
        */
-      g_autofree char * dt_boot_relpath = g_strconcat ("/", bootcsumdir, "/", kernel_layout->devicetree_srcpath, NULL);
-      ostree_bootconfig_parser_set (bootconfig, "fdtdir", dt_boot_relpath);
+      g_autofree char * boot_relpath = g_strconcat ("/", bootcsumdir, "/", kernel_layout->devicetree_srcpath, NULL);
+      ostree_bootconfig_parser_set (bootconfig, "fdtdir", boot_relpath);
     }
 
   /* Note this is parsed in ostree-impl-system-generator.c */
@@ -2046,12 +1998,6 @@ prepare_new_bootloader_link (OstreeSysroot  *sysroot,
   g_assert ((current_bootversion == 0 && new_bootversion == 1) ||
             (current_bootversion == 1 && new_bootversion == 0));
 
-  /* This allows us to support both /boot on a seperate filesystem to / as well
-   * as on the same filesystem. */
-  if (TEMP_FAILURE_RETRY (symlinkat (".", sysroot->sysroot_fd, "boot/boot")) < 0)
-    if (errno != EEXIST)
-      return glnx_throw_errno_prefix (error, "symlinkat");
-
   g_autofree char *new_target = g_strdup_printf ("loader.%d", new_bootversion);
 
   /* We shouldn't actually need to replace but it's easier to reuse
@@ -2182,10 +2128,6 @@ deployment_bootconfigs_equal (OstreeRepo       *repo,
   if (strcmp (a_bootcsum, b_bootcsum) != 0)
     return FALSE;
 
-  /* same initrd overlays? */
-  if (g_strcmp0 (a->overlay_initrds_id, b->overlay_initrds_id) != 0)
-    return FALSE;
-
   /* same kargs? */
   g_autofree char *a_boot_options_without_ostree = get_deployment_nonostree_kargs (a);
   g_autofree char *b_boot_options_without_ostree = get_deployment_nonostree_kargs (b);
@@ -2739,7 +2681,7 @@ sysroot_initialize_deployment (OstreeSysroot     *self,
                                const char        *osname,
                                const char        *revision,
                                GKeyFile          *origin,
-                               OstreeSysrootDeployTreeOpts *opts,
+                               char             **override_kernel_argv,
                                OstreeDeployment **out_new_deployment,
                                GCancellable      *cancellable,
                                GError           **error)
@@ -2756,8 +2698,10 @@ sysroot_initialize_deployment (OstreeSysroot     *self,
                               cancellable, error))
     return FALSE;
 
+  g_autofree char *new_bootcsum = NULL;
   g_autoptr(OstreeDeployment) new_deployment =
-    ostree_deployment_new (0, osname, revision, new_deployserial, NULL, -1);
+    ostree_deployment_new (0, osname, revision, new_deployserial,
+                           new_bootcsum, -1);
   ostree_deployment_set_origin (new_deployment, origin);
 
   /* Check out the userspace tree onto the filesystem */
@@ -2767,13 +2711,12 @@ sysroot_initialize_deployment (OstreeSysroot     *self,
     return FALSE;
 
   g_autoptr(OstreeKernelLayout) kernel_layout = NULL;
-  if (!get_kernel_from_tree (self, deployment_dfd, &kernel_layout,
+  if (!get_kernel_from_tree (deployment_dfd, &kernel_layout,
                              cancellable, error))
     return FALSE;
 
   _ostree_deployment_set_bootcsum (new_deployment, kernel_layout->bootcsum);
-  _ostree_deployment_set_bootconfig_from_kargs (new_deployment, opts ? opts->override_kernel_argv : NULL);
-  _ostree_deployment_set_overlay_initrds (new_deployment, opts ? opts->overlay_initrds : NULL);
+  _ostree_deployment_set_bootconfig_from_kargs (new_deployment, override_kernel_argv);
 
   if (!prepare_deployment_etc (self, repo, new_deployment, deployment_dfd,
                                cancellable, error))
@@ -2827,6 +2770,7 @@ get_var_dfd (OstreeSysroot      *self,
 static gboolean
 sysroot_finalize_deployment (OstreeSysroot     *self,
                              OstreeDeployment  *deployment,
+                             char             **override_kernel_argv,
                              OstreeDeployment  *merge_deployment,
                              GCancellable      *cancellable,
                              GError           **error)
@@ -2836,18 +2780,15 @@ sysroot_finalize_deployment (OstreeSysroot     *self,
   if (!glnx_opendirat (self->sysroot_fd, deployment_path, TRUE, &deployment_dfd, error))
     return FALSE;
 
-  OstreeBootconfigParser *bootconfig = ostree_deployment_get_bootconfig (deployment);
-
-  /* If the kargs weren't set yet, then just pick it up from the merge deployment. In the
-   * deploy path, overrides are set as part of sysroot_initialize_deployment(). In the
-   * finalize-staged path, they're set by OstreeSysroot when reading the staged GVariant. */
-  if (merge_deployment && ostree_bootconfig_parser_get (bootconfig, "options") == NULL)
+  /* Only use the merge if we didn't get an override */
+  if (!override_kernel_argv && merge_deployment)
     {
+      /* Override the bootloader arguments */
       OstreeBootconfigParser *merge_bootconfig = ostree_deployment_get_bootconfig (merge_deployment);
       if (merge_bootconfig)
         {
-          const char *kargs = ostree_bootconfig_parser_get (merge_bootconfig, "options");
-          ostree_bootconfig_parser_set (bootconfig, "options", kargs);
+          const char *opts = ostree_bootconfig_parser_get (merge_bootconfig, "options");
+          ostree_bootconfig_parser_set (ostree_deployment_get_bootconfig (deployment), "options", opts);
         }
 
     }
@@ -2905,13 +2846,13 @@ sysroot_finalize_deployment (OstreeSysroot     *self,
 }
 
 /**
- * ostree_sysroot_deploy_tree_with_options:
+ * ostree_sysroot_deploy_tree:
  * @self: Sysroot
  * @osname: (allow-none): osname to use for merge deployment
  * @revision: Checksum to add
  * @origin: (allow-none): Origin to use for upgrades
  * @provided_merge_deployment: (allow-none): Use this deployment for merge path
- * @opts: (allow-none): Options
+ * @override_kernel_argv: (allow-none) (array zero-terminated=1) (element-type utf8): Use these as kernel arguments; if %NULL, inherit options from provided_merge_deployment
  * @out_new_deployment: (out): The new deployment path
  * @cancellable: Cancellable
  * @error: Error
@@ -2919,31 +2860,30 @@ sysroot_finalize_deployment (OstreeSysroot     *self,
  * Check out deployment tree with revision @revision, performing a 3
  * way merge with @provided_merge_deployment for configuration.
  *
- * When booted into the sysroot, you should use the
- * ostree_sysroot_stage_tree() API instead.
- *
- * Since: 2020.7
+ * While this API is not deprecated, you most likely want to use the
+ * ostree_sysroot_stage_tree() API.
  */
 gboolean
-ostree_sysroot_deploy_tree_with_options (OstreeSysroot     *self,
-                                         const char        *osname,
-                                         const char        *revision,
-                                         GKeyFile          *origin,
-                                         OstreeDeployment  *provided_merge_deployment,
-                                         OstreeSysrootDeployTreeOpts *opts,
-                                         OstreeDeployment **out_new_deployment,
-                                         GCancellable      *cancellable,
-                                         GError           **error)
+ostree_sysroot_deploy_tree (OstreeSysroot     *self,
+                            const char        *osname,
+                            const char        *revision,
+                            GKeyFile          *origin,
+                            OstreeDeployment  *provided_merge_deployment,
+                            char             **override_kernel_argv,
+                            OstreeDeployment **out_new_deployment,
+                            GCancellable      *cancellable,
+                            GError           **error)
 {
   if (!_ostree_sysroot_ensure_writable (self, error))
     return FALSE;
 
   g_autoptr(OstreeDeployment) deployment = NULL;
-  if (!sysroot_initialize_deployment (self, osname, revision, origin, opts,
+  if (!sysroot_initialize_deployment (self, osname, revision, origin, override_kernel_argv,
                                       &deployment, cancellable, error))
     return FALSE;
 
-  if (!sysroot_finalize_deployment (self, deployment, provided_merge_deployment,
+  if (!sysroot_finalize_deployment (self, deployment, override_kernel_argv,
+                                    provided_merge_deployment,
                                     cancellable, error))
     return FALSE;
 
@@ -2951,39 +2891,6 @@ ostree_sysroot_deploy_tree_with_options (OstreeSysroot     *self,
   return TRUE;
 }
 
-/**
- * ostree_sysroot_deploy_tree:
- * @self: Sysroot
- * @osname: (allow-none): osname to use for merge deployment
- * @revision: Checksum to add
- * @origin: (allow-none): Origin to use for upgrades
- * @provided_merge_deployment: (allow-none): Use this deployment for merge path
- * @override_kernel_argv: (allow-none) (array zero-terminated=1) (element-type utf8): Use these as kernel arguments; if %NULL, inherit options from provided_merge_deployment
- * @out_new_deployment: (out): The new deployment path
- * @cancellable: Cancellable
- * @error: Error
- *
- * Older version of ostree_sysroot_stage_tree_with_options().
- *
- * Since: 2018.5
- */
-gboolean
-ostree_sysroot_deploy_tree (OstreeSysroot     *self,
-                            const char        *osname,
-                            const char        *revision,
-                            GKeyFile          *origin,
-                            OstreeDeployment  *provided_merge_deployment,
-                            char             **override_kernel_argv,
-                            OstreeDeployment **out_new_deployment,
-                            GCancellable      *cancellable,
-                            GError           **error)
-{
-  OstreeSysrootDeployTreeOpts opts = { .override_kernel_argv = override_kernel_argv };
-  return ostree_sysroot_deploy_tree_with_options (self, osname, revision, origin,
-                                                  provided_merge_deployment, &opts,
-                                                  out_new_deployment, cancellable, error);
-}
-
 /* Serialize information about a deployment to a variant, used by the staging
  * code.
  */
@@ -3044,63 +2951,6 @@ _ostree_sysroot_deserialize_deployment_from_variant (GVariant *v,
 
 
 /**
- * ostree_sysroot_stage_overlay_initrd:
- * @self: Sysroot
- * @fd: (transfer none): File descriptor to overlay initrd
- * @out_checksum: (out) (transfer full): Overlay initrd checksum
- * @cancellable: Cancellable
- * @error: Error
- *
- * Stage an overlay initrd to be used in an upcoming deployment. Returns a checksum which
- * can be passed to ostree_sysroot_deploy_tree_with_options() or
- * ostree_sysroot_stage_tree_with_options() via the `overlay_initrds` array option.
- *
- * Since: 2020.7
- */
-gboolean
-ostree_sysroot_stage_overlay_initrd (OstreeSysroot  *self,
-                                     int             fd,
-                                     char          **out_checksum,
-                                     GCancellable   *cancellable,
-                                     GError        **error)
-{
-  g_return_val_if_fail (fd != -1, FALSE);
-  g_return_val_if_fail (out_checksum != NULL, FALSE);
-
-  if (!glnx_shutil_mkdir_p_at (AT_FDCWD, _OSTREE_SYSROOT_RUNSTATE_STAGED_INITRDS_DIR,
-                               0755, cancellable, error))
-    return FALSE;
-
-  glnx_autofd int staged_initrds_dfd = -1;
-  if (!glnx_opendirat (AT_FDCWD, _OSTREE_SYSROOT_RUNSTATE_STAGED_INITRDS_DIR, FALSE,
-                       &staged_initrds_dfd, error))
-    return FALSE;
-
-  g_auto(GLnxTmpfile) overlay_initrd = { 0, };
-  if (!glnx_open_tmpfile_linkable_at (staged_initrds_dfd, ".", O_WRONLY | O_CLOEXEC,
-                                      &overlay_initrd, error))
-    return FALSE;
-
-  char checksum[_OSTREE_SHA256_STRING_LEN+1];
-  {
-    g_autoptr(GOutputStream) output = g_unix_output_stream_new (overlay_initrd.fd, FALSE);
-    g_autoptr(GInputStream) input = g_unix_input_stream_new (fd, FALSE);
-    g_autofree guchar *digest = NULL;
-    if (!ot_gio_splice_get_checksum (output, input, &digest, cancellable, error))
-      return FALSE;
-    ot_bin2hex (checksum, (guint8*)digest, _OSTREE_SHA256_DIGEST_LEN);
-  }
-
-  if (!glnx_link_tmpfile_at (&overlay_initrd, GLNX_LINK_TMPFILE_REPLACE,
-                             staged_initrds_dfd, checksum, error))
-    return FALSE;
-
-  *out_checksum = g_strdup (checksum);
-  return TRUE;
-}
-
-
-/**
  * ostree_sysroot_stage_tree:
  * @self: Sysroot
  * @osname: (allow-none): osname to use for merge deployment
@@ -3112,7 +2962,8 @@ ostree_sysroot_stage_overlay_initrd (OstreeSysroot  *self,
  * @cancellable: Cancellable
  * @error: Error
  *
- * Older version of ostree_sysroot_stage_tree_with_options().
+ * Like ostree_sysroot_deploy_tree(), but "finalization" only occurs at OS
+ * shutdown time.
  *
  * Since: 2018.5
  */
@@ -3127,41 +2978,6 @@ ostree_sysroot_stage_tree (OstreeSysroot     *self,
                            GCancellable      *cancellable,
                            GError           **error)
 {
-  OstreeSysrootDeployTreeOpts opts = { .override_kernel_argv = override_kernel_argv };
-  return ostree_sysroot_stage_tree_with_options (self, osname, revision, origin,
-                                                 merge_deployment, &opts,
-                                                 out_new_deployment, cancellable, error);
-}
-
-
-/**
- * ostree_sysroot_stage_tree_with_options:
- * @self: Sysroot
- * @osname: (allow-none): osname to use for merge deployment
- * @revision: Checksum to add
- * @origin: (allow-none): Origin to use for upgrades
- * @merge_deployment: (allow-none): Use this deployment for merge path
- * @opts: Options
- * @out_new_deployment: (out): The new deployment path
- * @cancellable: Cancellable
- * @error: Error
- *
- * Like ostree_sysroot_deploy_tree(), but "finalization" only occurs at OS
- * shutdown time.
- *
- * Since: 2020.7
- */
-gboolean
-ostree_sysroot_stage_tree_with_options (OstreeSysroot     *self,
-                                        const char        *osname,
-                                        const char        *revision,
-                                        GKeyFile          *origin,
-                                        OstreeDeployment  *merge_deployment,
-                                        OstreeSysrootDeployTreeOpts *opts,
-                                        OstreeDeployment **out_new_deployment,
-                                        GCancellable      *cancellable,
-                                        GError           **error)
-{
   if (!_ostree_sysroot_ensure_writable (self, error))
     return FALSE;
 
@@ -3192,8 +3008,8 @@ ostree_sysroot_stage_tree_with_options (OstreeSysroot     *self,
     } /* OSTREE_SYSROOT_DEBUG_TEST_STAGED_PATH */
 
   g_autoptr(OstreeDeployment) deployment = NULL;
-  if (!sysroot_initialize_deployment (self, osname, revision, origin, opts, &deployment,
-                                      cancellable, error))
+  if (!sysroot_initialize_deployment (self, osname, revision, origin, override_kernel_argv,
+                                      &deployment, cancellable, error))
     return FALSE;
 
   /* Write out the origin file using the sepolicy from the non-merged root for
@@ -3228,12 +3044,9 @@ ostree_sysroot_stage_tree_with_options (OstreeSysroot     *self,
     g_variant_builder_add (builder, "{sv}", "merge-deployment",
                            serialize_deployment_to_variant (merge_deployment));
 
-  if (opts && opts->override_kernel_argv)
+  if (override_kernel_argv)
     g_variant_builder_add (builder, "{sv}", "kargs",
-                           g_variant_new_strv ((const char *const*)opts->override_kernel_argv, -1));
-  if (opts && opts->overlay_initrds)
-    g_variant_builder_add (builder, "{sv}", "overlay-initrds",
-                           g_variant_new_strv ((const char *const*)opts->overlay_initrds, -1));
+                           g_variant_new_strv ((const char *const*)override_kernel_argv, -1));
 
   const char *parent = dirname (strdupa (_OSTREE_SYSROOT_RUNSTATE_STAGED));
   if (!glnx_shutil_mkdir_p_at (AT_FDCWD, parent, 0755, cancellable, error))
@@ -3336,6 +3149,8 @@ _ostree_sysroot_finalize_staged (OstreeSysroot *self,
                            ostree_deployment_get_csum (merge_deployment_stub),
                            ostree_deployment_get_deployserial (merge_deployment_stub));
     }
+  g_autofree char **kargs = NULL;
+  g_variant_lookup (self->staged_deployment_data, "kargs", "^a&s", &kargs);
 
   /* Unlink the staged state now; if we're interrupted in the middle,
    * we don't want e.g. deal with the partially written /etc merge.
@@ -3343,7 +3158,7 @@ _ostree_sysroot_finalize_staged (OstreeSysroot *self,
   if (!glnx_unlinkat (AT_FDCWD, _OSTREE_SYSROOT_RUNSTATE_STAGED, 0, error))
     return FALSE;
 
-  if (!sysroot_finalize_deployment (self, self->staged_deployment, merge_deployment,
+  if (!sysroot_finalize_deployment (self, self->staged_deployment, kargs, merge_deployment,
                                     cancellable, error))
     return FALSE;
 
diff --git a/src/libostree/ostree-sysroot-private.h b/src/libostree/ostree-sysroot-private.h
index 318b0b1..96670b1 100644
--- a/src/libostree/ostree-sysroot-private.h
+++ b/src/libostree/ostree-sysroot-private.h
@@ -38,7 +38,6 @@ typedef enum {
   /* This is a temporary flag until we fully drop the explicit `systemctl start
    * ostree-finalize-staged.service` so that tests can exercise the new path unit. */
   OSTREE_SYSROOT_DEBUG_TEST_STAGED_PATH = 1 << 3,
-  OSTREE_SYSROOT_DEBUG_TEST_NO_DTB = 1 << 4, /* https://github.com/ostreedev/ostree/issues/2154 */
 } OstreeSysrootDebugFlags;
 
 typedef enum {
@@ -84,13 +83,8 @@ struct OstreeSysroot {
 /* We keep some transient state in /run */
 #define _OSTREE_SYSROOT_RUNSTATE_STAGED "/run/ostree/staged-deployment"
 #define _OSTREE_SYSROOT_RUNSTATE_STAGED_LOCKED "/run/ostree/staged-deployment-locked"
-#define _OSTREE_SYSROOT_RUNSTATE_STAGED_INITRDS_DIR "/run/ostree/staged-initrds/"
 #define _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_DIR "/run/ostree/deployment-state/"
 #define _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_DEVELOPMENT "unlocked-development"
-#define _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_TRANSIENT "unlocked-transient"
-
-#define _OSTREE_SYSROOT_BOOT_INITRAMFS_OVERLAYS "ostree/initramfs-overlays"
-#define _OSTREE_SYSROOT_INITRAMFS_OVERLAYS "boot/" _OSTREE_SYSROOT_BOOT_INITRAMFS_OVERLAYS
 
 gboolean
 _ostree_sysroot_ensure_writable (OstreeSysroot      *self,
diff --git a/src/libostree/ostree-sysroot-upgrader.c b/src/libostree/ostree-sysroot-upgrader.c
index ea68674..4681335 100644
--- a/src/libostree/ostree-sysroot-upgrader.c
+++ b/src/libostree/ostree-sysroot-upgrader.c
@@ -682,7 +682,7 @@ ostree_sysroot_upgrader_deploy (OstreeSysrootUpgrader  *self,
 GType
 ostree_sysroot_upgrader_flags_get_type (void)
 {
-  static gsize g_define_type_id__volatile = 0;
+  static volatile gsize g_define_type_id__volatile = 0;
 
   if (g_once_init_enter (&g_define_type_id__volatile))
     {
diff --git a/src/libostree/ostree-sysroot.c b/src/libostree/ostree-sysroot.c
index e0813b5..0dc7a39 100644
--- a/src/libostree/ostree-sysroot.c
+++ b/src/libostree/ostree-sysroot.c
@@ -190,7 +190,6 @@ ostree_sysroot_init (OstreeSysroot *self)
     { "test-fifreeze", OSTREE_SYSROOT_DEBUG_TEST_FIFREEZE },
     { "no-xattrs", OSTREE_SYSROOT_DEBUG_NO_XATTRS },
     { "test-staged-path", OSTREE_SYSROOT_DEBUG_TEST_STAGED_PATH },
-    { "no-dtb", OSTREE_SYSROOT_DEBUG_TEST_NO_DTB },
   };
 
   self->debug_flags = g_parse_debug_string (g_getenv ("OSTREE_SYSROOT_DEBUG"),
@@ -748,13 +747,9 @@ parse_deployment (OstreeSysroot       *self,
   ret_deployment->unlocked = OSTREE_DEPLOYMENT_UNLOCKED_NONE;
   g_autofree char *unlocked_development_path =
     _ostree_sysroot_get_runstate_path (ret_deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_DEVELOPMENT);
-  g_autofree char *unlocked_transient_path =
-    _ostree_sysroot_get_runstate_path (ret_deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_TRANSIENT);
   struct stat stbuf;
   if (lstat (unlocked_development_path, &stbuf) == 0)
     ret_deployment->unlocked = OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT;
-  else if (lstat (unlocked_transient_path, &stbuf) == 0)
-    ret_deployment->unlocked = OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT;
   else
     {
       GKeyFile *origin = ostree_deployment_get_origin (ret_deployment);
@@ -815,24 +810,6 @@ list_deployments_process_one_boot_entry (OstreeSysroot               *self,
     return FALSE;
 
   ostree_deployment_set_bootconfig (deployment, config);
-  char **overlay_initrds = ostree_bootconfig_parser_get_overlay_initrds (config);
-  g_autoptr(GPtrArray) initrds_chksums = NULL;
-  for (char **it = overlay_initrds; it && *it; it++)
-    {
-      const char *basename = glnx_basename (*it);
-      if (strlen (basename) != (_OSTREE_SHA256_STRING_LEN + strlen (".img")))
-        return glnx_throw (error, "Malformed overlay initrd filename: %s", basename);
-
-      if (!initrds_chksums) /* lazy init */
-        initrds_chksums = g_ptr_array_new_full (g_strv_length (overlay_initrds), g_free);
-      g_ptr_array_add (initrds_chksums, g_strndup (basename, _OSTREE_SHA256_STRING_LEN));
-    }
-
-  if (initrds_chksums)
-    {
-      g_ptr_array_add (initrds_chksums, NULL);
-      _ostree_deployment_set_overlay_initrds (deployment, (char**)initrds_chksums->pdata);
-    }
 
   g_ptr_array_add (inout_deployments, g_object_ref (deployment));
   return TRUE;
@@ -985,10 +962,8 @@ _ostree_sysroot_reload_staged (OstreeSysroot *self,
       /* Parse it */
       g_autoptr(GVariant) target = NULL;
       g_autofree char **kargs = NULL;
-      g_autofree char **overlay_initrds = NULL;
       g_variant_dict_lookup (staged_deployment_dict, "target", "@a{sv}", &target);
       g_variant_dict_lookup (staged_deployment_dict, "kargs", "^a&s", &kargs);
-      g_variant_dict_lookup (staged_deployment_dict, "overlay-initrds", "^a&s", &overlay_initrds);
       if (target)
         {
           g_autoptr(OstreeDeployment) staged =
@@ -1000,8 +975,6 @@ _ostree_sysroot_reload_staged (OstreeSysroot *self,
           if (!load_origin (self, staged, NULL, error))
             return FALSE;
 
-          _ostree_deployment_set_overlay_initrds (staged, overlay_initrds);
-
           self->staged_deployment = g_steal_pointer (&staged);
           self->staged_deployment_data = g_steal_pointer (&staged_deployment_data);
           /* We set this flag for ostree_deployment_is_staged() because that API
@@ -1959,8 +1932,6 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
 
   const char *ovl_options = NULL;
   static const char hotfix_ovl_options[] = "lowerdir=usr,upperdir=.usr-ovl-upper,workdir=.usr-ovl-work";
-  g_autofree char *unlock_ovldir = NULL;
-
   switch (unlocked_state)
     {
     case OSTREE_DEPLOYMENT_UNLOCKED_NONE:
@@ -1980,12 +1951,11 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
       }
       break;
     case OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT:
-    case OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT:
       {
-        unlock_ovldir = g_strdup ("/var/tmp/ostree-unlock-ovl.XXXXXX");
         /* We're just doing transient development/hacking?  Okay,
          * stick the overlayfs bits in /var/tmp.
          */
+        char *development_ovldir = strdupa ("/var/tmp/ostree-unlock-ovl.XXXXXX");
         const char *development_ovl_upper;
         const char *development_ovl_work;
 
@@ -1996,14 +1966,14 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
                                                     "/usr", usr_mode, error))
             return FALSE;
 
-          if (g_mkdtemp_full (unlock_ovldir, 0755) == NULL)
+          if (g_mkdtemp_full (development_ovldir, 0755) == NULL)
             return glnx_throw_errno_prefix (error, "mkdtemp");
         }
 
-        development_ovl_upper = glnx_strjoina (unlock_ovldir, "/upper");
+        development_ovl_upper = glnx_strjoina (development_ovldir, "/upper");
         if (!mkdir_unmasked (AT_FDCWD, development_ovl_upper, usr_mode, cancellable, error))
           return FALSE;
-        development_ovl_work = glnx_strjoina (unlock_ovldir, "/work");
+        development_ovl_work = glnx_strjoina (development_ovldir, "/work");
         if (!mkdir_unmasked (AT_FDCWD, development_ovl_work, usr_mode, cancellable, error))
           return FALSE;
         ovl_options = glnx_strjoina ("lowerdir=usr,upperdir=", development_ovl_upper,
@@ -2026,9 +1996,6 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
       return glnx_throw_errno_prefix (error, "fork");
     else if (mount_child == 0)
       {
-        int mountflags = 0;
-        if (unlocked_state == OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT)
-          mountflags |= MS_RDONLY;
         /* Child process. Do NOT use any GLib API here; it's not generally fork() safe.
          *
          * TODO: report errors across a pipe (or use the journal?) rather than
@@ -2036,7 +2003,7 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
          */
         if (fchdir (deployment_dfd) < 0)
           err (1, "fchdir");
-        if (mount ("overlay", "/usr", "overlay", mountflags, ovl_options) < 0)
+        if (mount ("overlay", "/usr", "overlay", 0, ovl_options) < 0)
           err (1, "mount");
         exit (EXIT_SUCCESS);
       }
@@ -2069,19 +2036,15 @@ ostree_sysroot_deployment_unlock (OstreeSysroot     *self,
         return FALSE;
       break;
     case OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT:
-    case OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT:
       {
         g_autofree char *devpath =
-          unlocked_state == OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT ?
-            _ostree_sysroot_get_runstate_path (deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_DEVELOPMENT)
-          :
-            _ostree_sysroot_get_runstate_path (deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_TRANSIENT);
+          _ostree_sysroot_get_runstate_path (deployment, _OSTREE_SYSROOT_DEPLOYMENT_RUNSTATE_FLAG_DEVELOPMENT);
         g_autofree char *devpath_parent = dirname (g_strdup (devpath));
 
         if (!glnx_shutil_mkdir_p_at (AT_FDCWD, devpath_parent, 0755, cancellable, error))
           return FALSE;
 
-        if (!g_file_set_contents (devpath, unlock_ovldir, -1, error))
+        if (!g_file_set_contents (devpath, "", 0, error))
           return FALSE;
       }
     }
diff --git a/src/libostree/ostree-sysroot.h b/src/libostree/ostree-sysroot.h
index 3a3b6a7..d9f5a54 100644
--- a/src/libostree/ostree-sysroot.h
+++ b/src/libostree/ostree-sysroot.h
@@ -187,21 +187,6 @@ gboolean ostree_sysroot_write_deployments_with_options (OstreeSysroot     *self,
                                                         GError           **error);
 
 _OSTREE_PUBLIC
-gboolean ostree_sysroot_stage_overlay_initrd (OstreeSysroot  *self,
-                                              int             fd,
-                                              char          **out_checksum,
-                                              GCancellable   *cancellable,
-                                              GError        **error);
-
-typedef struct {
-  gboolean unused_bools[8];
-  int unused_ints[8];
-  char **override_kernel_argv;
-  char **overlay_initrds;
-  gpointer unused_ptrs[6];
-} OstreeSysrootDeployTreeOpts;
-
-_OSTREE_PUBLIC
 gboolean ostree_sysroot_deploy_tree (OstreeSysroot     *self,
                                      const char        *osname,
                                      const char        *revision,
@@ -213,17 +198,6 @@ gboolean ostree_sysroot_deploy_tree (OstreeSysroot     *self,
                                      GError           **error);
 
 _OSTREE_PUBLIC
-gboolean ostree_sysroot_deploy_tree_with_options (OstreeSysroot     *self,
-                                                  const char        *osname,
-                                                  const char        *revision,
-                                                  GKeyFile          *origin,
-                                                  OstreeDeployment  *provided_merge_deployment,
-                                                  OstreeSysrootDeployTreeOpts *opts,
-                                                  OstreeDeployment **out_new_deployment,
-                                                  GCancellable      *cancellable,
-                                                  GError           **error);
-
-_OSTREE_PUBLIC
 gboolean ostree_sysroot_stage_tree (OstreeSysroot     *self,
                                     const char        *osname,
                                     const char        *revision,
@@ -235,18 +209,6 @@ gboolean ostree_sysroot_stage_tree (OstreeSysroot     *self,
                                     GError           **error);
 
 _OSTREE_PUBLIC
-gboolean ostree_sysroot_stage_tree_with_options (OstreeSysroot     *self,
-                                                 const char        *osname,
-                                                 const char        *revision,
-                                                 GKeyFile          *origin,
-                                                 OstreeDeployment  *merge_deployment,
-                                                 OstreeSysrootDeployTreeOpts *opts,
-                                                 OstreeDeployment **out_new_deployment,
-                                                 GCancellable      *cancellable,
-                                                 GError           **error);
-
-
-_OSTREE_PUBLIC
 gboolean ostree_sysroot_deployment_set_mutable (OstreeSysroot     *self,
                                                 OstreeDeployment  *deployment,
                                                 gboolean           is_mutable,
diff --git a/src/libostree/ostree-version.h b/src/libostree/ostree-version.h
index 90e96ea..f9c398e 100644
--- a/src/libostree/ostree-version.h
+++ b/src/libostree/ostree-version.h
@@ -43,7 +43,7 @@
  *
  * Since: 2017.4
  */
-#define OSTREE_RELEASE_VERSION (7)
+#define OSTREE_RELEASE_VERSION (4)
 
 /**
  * OSTREE_VERSION
@@ -52,7 +52,7 @@
  *
  * Since: 2017.4
  */
-#define OSTREE_VERSION (2020.7)
+#define OSTREE_VERSION (2020.4)
 
 /**
  * OSTREE_VERSION_S:
@@ -62,7 +62,7 @@
  *
  * Since: 2017.4
  */
-#define OSTREE_VERSION_S "2020.7"
+#define OSTREE_VERSION_S "2020.4"
 
 #define OSTREE_ENCODE_VERSION(year,release) \
         ((year) << 16 | (release))
diff --git a/src/libotutil/ot-checksum-utils.c b/src/libotutil/ot-checksum-utils.c
index 26e0280..6676736 100644
--- a/src/libotutil/ot-checksum-utils.c
+++ b/src/libotutil/ot-checksum-utils.c
@@ -275,13 +275,3 @@ ot_checksum_file_at (int             dfd,
   ot_checksum_get_hexdigest (&checksum, hexdigest, sizeof (hexdigest));
   return g_strdup (hexdigest);
 }
-
-void
-ot_checksum_bytes (GBytes *data,
-                   guint8 out_digest[_OSTREE_SHA256_DIGEST_LEN])
-{
-  g_auto(OtChecksum) hasher = { 0, };
-  ot_checksum_init (&hasher);
-  ot_checksum_update_bytes (&hasher, data);
-  ot_checksum_get_digest (&hasher, out_digest, _OSTREE_SHA256_DIGEST_LEN);
-}
diff --git a/src/libotutil/ot-checksum-utils.h b/src/libotutil/ot-checksum-utils.h
index 5432c81..411ef25 100644
--- a/src/libotutil/ot-checksum-utils.h
+++ b/src/libotutil/ot-checksum-utils.h
@@ -96,7 +96,4 @@ char * ot_checksum_file_at (int             dfd,
                             GCancellable   *cancellable,
                             GError        **error);
 
-void ot_checksum_bytes (GBytes *data,
-                        guint8 out_digest[_OSTREE_SHA256_DIGEST_LEN]);
-
 G_END_DECLS
diff --git a/src/libotutil/otutil.h b/src/libotutil/otutil.h
index 7db7270..cd31236 100644
--- a/src/libotutil/otutil.h
+++ b/src/libotutil/otutil.h
@@ -52,31 +52,6 @@
 #define ot_journal_print(...) {}
 #endif
 
-typedef GMainContext GMainContextPopDefault;
-static inline void
-_ostree_main_context_pop_default_destroy (void *p)
-{
-  GMainContext *main_context = p;
-
-  if (main_context)
-    {
-      g_main_context_pop_thread_default (main_context);
-      g_main_context_unref (main_context);
-    }
-}
-
-static inline GMainContextPopDefault *
-_ostree_main_context_new_default (void)
-{
-  GMainContext *main_context = g_main_context_new ();
-
-  g_main_context_push_thread_default (main_context);
-  return main_context;
-}
-
-G_DEFINE_AUTOPTR_CLEANUP_FUNC (GMainContextPopDefault, _ostree_main_context_pop_default_destroy)
-
-
 #include <ot-keyfile-utils.h>
 #include <ot-gio-utils.h>
 #include <ot-fs-utils.h>
diff --git a/src/ostree/ot-admin-builtin-deploy.c b/src/ostree/ot-admin-builtin-deploy.c
index 8156cc1..bcece3f 100644
--- a/src/ostree/ot-admin-builtin-deploy.c
+++ b/src/ostree/ot-admin-builtin-deploy.c
@@ -44,7 +44,6 @@ static gboolean opt_kernel_proc_cmdline;
 static char *opt_osname;
 static char *opt_origin_path;
 static gboolean opt_kernel_arg_none;
-static char **opt_overlay_initrds;
 
 static GOptionEntry options[] = {
   { "os", 0, 0, G_OPTION_ARG_STRING, &opt_osname, "Use a different operating system root than the current one", "OSNAME" },
@@ -60,7 +59,6 @@ static GOptionEntry options[] = {
   { "karg", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_kernel_argv, "Set kernel argument, like root=/dev/sda1; this overrides any earlier argument with the same name", "NAME=VALUE" },
   { "karg-append", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_kernel_argv_append, "Append kernel argument; useful with e.g. console= that can be used multiple times", "NAME=VALUE" },
   { "karg-none", 0, 0, G_OPTION_ARG_NONE, &opt_kernel_arg_none, "Do not import kernel arguments", NULL },
-  { "overlay-initrd", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_overlay_initrds, "Overlay iniramfs file", "FILE" },
   { NULL }
 };
 
@@ -169,76 +167,24 @@ ot_admin_builtin_deploy (int argc, char **argv, OstreeCommandInvocation *invocat
       ostree_kernel_args_append_argv (kargs, opt_kernel_argv_append);
     }
 
-  g_autoptr(GPtrArray) overlay_initrd_chksums = NULL;
-  for (char **it = opt_overlay_initrds; it && *it; it++)
-    {
-      const char *path = *it;
-
-      glnx_autofd int fd = -1;
-      if (!glnx_openat_rdonly (AT_FDCWD, path, TRUE, &fd, error))
-        return FALSE;
-
-      g_autofree char *chksum = NULL;
-      if (!ostree_sysroot_stage_overlay_initrd (sysroot, fd, &chksum, cancellable, error))
-        return FALSE;
-
-      if (!overlay_initrd_chksums)
-        overlay_initrd_chksums = g_ptr_array_new_full (g_strv_length (opt_overlay_initrds), g_free);
-      g_ptr_array_add (overlay_initrd_chksums, g_steal_pointer (&chksum));
-    }
-
-  if (overlay_initrd_chksums)
-    g_ptr_array_add (overlay_initrd_chksums, NULL);
-
-  g_auto(GStrv) kargs_strv = kargs ? ostree_kernel_args_to_strv (kargs) : NULL;
-
-  OstreeSysrootDeployTreeOpts opts = {
-    .override_kernel_argv = kargs_strv,
-    .overlay_initrds = overlay_initrd_chksums ? (char**)overlay_initrd_chksums->pdata : NULL,
-  };
-
   g_autoptr(OstreeDeployment) new_deployment = NULL;
+  g_auto(GStrv) kargs_strv = kargs ? ostree_kernel_args_to_strv (kargs) : NULL;
   if (opt_stage)
     {
       if (opt_retain_pending || opt_retain_rollback)
         return glnx_throw (error, "--stage cannot currently be combined with --retain arguments");
       if (opt_not_as_default)
         return glnx_throw (error, "--stage cannot currently be combined with --not-as-default");
-      /* use old API if we can to exercise it in CI */
-      if (!overlay_initrd_chksums)
-        {
-          if (!ostree_sysroot_stage_tree (sysroot, opt_osname, revision, origin,
-                                          merge_deployment, kargs_strv, &new_deployment,
-                                          cancellable, error))
-            return FALSE;
-        }
-      else
-        {
-          if (!ostree_sysroot_stage_tree_with_options (sysroot, opt_osname, revision,
-                                                       origin, merge_deployment, &opts,
-                                                       &new_deployment, cancellable, error))
-            return FALSE;
-        }
+      if (!ostree_sysroot_stage_tree (sysroot, opt_osname, revision, origin, merge_deployment,
+                                      kargs_strv, &new_deployment, cancellable, error))
+        return FALSE;
       g_assert (new_deployment);
     }
   else
     {
-      /* use old API if we can to exercise it in CI */
-      if (!overlay_initrd_chksums)
-        {
-          if (!ostree_sysroot_deploy_tree (sysroot, opt_osname, revision, origin,
-                                           merge_deployment, kargs_strv, &new_deployment,
-                                           cancellable, error))
-            return FALSE;
-        }
-      else
-        {
-          if (!ostree_sysroot_deploy_tree_with_options (sysroot, opt_osname, revision,
-                                                        origin, merge_deployment, &opts,
-                                                        &new_deployment, cancellable,
-                                                        error))
-            return FALSE;
-        }
+      if (!ostree_sysroot_deploy_tree (sysroot, opt_osname, revision, origin, merge_deployment,
+                                       kargs_strv, &new_deployment, cancellable, error))
+        return FALSE;
       g_assert (new_deployment);
 
       OstreeSysrootSimpleWriteDeploymentFlags flags = OSTREE_SYSROOT_SIMPLE_WRITE_DEPLOYMENT_FLAGS_NO_CLEAN;
diff --git a/src/ostree/ot-admin-builtin-pin.c b/src/ostree/ot-admin-builtin-pin.c
index 5269dd8..d4337e3 100644
--- a/src/ostree/ot-admin-builtin-pin.c
+++ b/src/ostree/ot-admin-builtin-pin.c
@@ -55,14 +55,7 @@ ot_admin_builtin_pin (int argc, char **argv, OstreeCommandInvocation *invocation
   for (unsigned int i = 1; i < argc; i++)
     {
       const char *deploy_index_str = argv[i];
-      char *endptr = NULL;
-
-      errno = 0;
-      const guint64 deploy_index = g_ascii_strtoull (deploy_index_str, &endptr, 10);
-      if (*endptr != '\0')
-        return glnx_throw (error, "Invalid index: %s", deploy_index_str);
-      if (errno == ERANGE)
-        return glnx_throw (error, "Index too large: %s", deploy_index_str);
+      const int deploy_index = atoi (deploy_index_str);
 
       g_autoptr(OstreeDeployment) target_deployment = ot_admin_get_indexed_deployment (sysroot, deploy_index, error);
       if (!target_deployment)
diff --git a/src/ostree/ot-admin-builtin-set-origin.c b/src/ostree/ot-admin-builtin-set-origin.c
index 4dc68a0..9d96512 100644
--- a/src/ostree/ot-admin-builtin-set-origin.c
+++ b/src/ostree/ot-admin-builtin-set-origin.c
@@ -95,7 +95,7 @@ ot_admin_builtin_set_origin (int argc, char **argv, OstreeCommandInvocation *inv
   { char **iter;
     g_autoptr(GVariantBuilder) optbuilder =
       g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
-    g_autoptr(GVariant) remote_options = NULL;
+    g_autoptr(GVariant) options = NULL;
 
     for (iter = opt_set; iter && *iter; iter++)
       {
@@ -110,12 +110,12 @@ ot_admin_builtin_set_origin (int argc, char **argv, OstreeCommandInvocation *inv
                                subkey, g_variant_new_variant (g_variant_new_string (subvalue)));
       }
 
-    remote_options = g_variant_ref_sink (g_variant_builder_end (optbuilder));
+    options = g_variant_ref_sink (g_variant_builder_end (optbuilder));
 
     if (!ostree_repo_remote_change (repo, NULL,
                                     OSTREE_REPO_REMOTE_CHANGE_ADD_IF_NOT_EXISTS, 
                                     remotename, url,
-                                    remote_options,
+                                    options,
                                     cancellable, error))
       goto out;
   }
diff --git a/src/ostree/ot-admin-builtin-switch.c b/src/ostree/ot-admin-builtin-switch.c
index b94be76..2f12ef1 100644
--- a/src/ostree/ot-admin-builtin-switch.c
+++ b/src/ostree/ot-admin-builtin-switch.c
@@ -44,7 +44,7 @@ gboolean
 ot_admin_builtin_switch (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
 {
   g_autoptr(GOptionContext) context =
-    g_option_context_new ("REFSPEC");
+    g_option_context_new ("REF");
   g_autoptr(OstreeSysroot) sysroot = NULL;
   if (!ostree_admin_option_context_parse (context, options, &argc, &argv,
                                           OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER,
@@ -53,7 +53,7 @@ ot_admin_builtin_switch (int argc, char **argv, OstreeCommandInvocation *invocat
 
   if (argc < 2)
     {
-      ot_util_usage_error (context, "REFSPEC must be specified", error);
+      ot_util_usage_error (context, "REF must be specified", error);
       return FALSE;
     }
 
diff --git a/src/ostree/ot-admin-builtin-unlock.c b/src/ostree/ot-admin-builtin-unlock.c
index 6c265f5..cd46618 100644
--- a/src/ostree/ot-admin-builtin-unlock.c
+++ b/src/ostree/ot-admin-builtin-unlock.c
@@ -31,11 +31,9 @@
 #include <err.h>
 
 static gboolean opt_hotfix;
-static gboolean opt_transient;
 
 static GOptionEntry options[] = {
   { "hotfix", 0, 0, G_OPTION_ARG_NONE, &opt_hotfix, "Retain changes across reboots", NULL },
-  { "transient", 0, 0, G_OPTION_ARG_NONE, &opt_transient, "Mount overlayfs read-only by default", NULL },
   { NULL }
 };
 
@@ -69,17 +67,7 @@ ot_admin_builtin_unlock (int argc, char **argv, OstreeCommandInvocation *invocat
       goto out;
     }
 
-  if (opt_hotfix && opt_transient)
-    {
-      glnx_throw (error, "Cannot specify both --hotfix and --transient");
-      goto out;
-    }
-  else if (opt_hotfix)
-    target_state = OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX;
-  else if (opt_transient)
-    target_state = OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT;
-  else
-    target_state = OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT;
+  target_state = opt_hotfix ? OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX : OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT;
 
   if (!ostree_sysroot_deployment_unlock (sysroot, booted_deployment,
                                          target_state, cancellable, error))
@@ -99,10 +87,6 @@ ot_admin_builtin_unlock (int argc, char **argv, OstreeCommandInvocation *invocat
       g_print ("Development mode enabled.  A writable overlayfs is now mounted on /usr.\n"
                "All changes there will be discarded on reboot.\n");
       break;
-    case OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT:
-      g_print ("A writable overlayfs is prepared for /usr, but is mounted read-only by default.\n"
-               "All changes there will be discarded on reboot.\n");
-      break;
     }
 
   ret = TRUE;
diff --git a/src/ostree/ot-builtin-admin.c b/src/ostree/ot-builtin-admin.c
index 834a271..9f1a615 100644
--- a/src/ostree/ot-builtin-admin.c
+++ b/src/ostree/ot-builtin-admin.c
@@ -65,7 +65,7 @@ static OstreeCommand admin_subcommands[] = {
     "List deployments" },
   { "switch", OSTREE_BUILTIN_FLAG_NO_REPO,
     ot_admin_builtin_switch,
-    "Construct new tree from REFSPEC and deploy it" },
+    "Construct new tree from REF and deploy it" },
   { "undeploy", OSTREE_BUILTIN_FLAG_NO_REPO,
     ot_admin_builtin_undeploy,
     "Delete deployment INDEX" },
diff --git a/src/ostree/ot-builtin-checkout.c b/src/ostree/ot-builtin-checkout.c
index fe9558c..813dbb9 100644
--- a/src/ostree/ot-builtin-checkout.c
+++ b/src/ostree/ot-builtin-checkout.c
@@ -84,7 +84,7 @@ static GOptionEntry options[] = {
   { "from-file", 0, 0, G_OPTION_ARG_STRING, &opt_from_file, "Process many checkouts from input file", "FILE" },
   { "fsync", 0, 0, G_OPTION_ARG_CALLBACK, parse_fsync_cb, "Specify how to invoke fsync()", "POLICY" },
   { "require-hardlinks", 'H', 0, G_OPTION_ARG_NONE, &opt_require_hardlinks, "Do not fall back to full copies if hardlinking fails", NULL },
-  { "force-copy-zerosized", 'z', G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE, &opt_force_copy_zerosized, "Do not hardlink zero-sized files", NULL },
+  { "force-copy-zerosized", 'z', 0, G_OPTION_ARG_NONE, &opt_force_copy_zerosized, "Do not hardlink zero-sized files", NULL },
   { "force-copy", 'C', 0, G_OPTION_ARG_NONE, &opt_force_copy, "Never hardlink (but may reflink if available)", NULL },
   { "bareuseronly-dirs", 'M', 0, G_OPTION_ARG_NONE, &opt_bareuseronly_dirs, "Suppress mode bits outside of 0775 for directories (suid, world writable, etc.)", NULL },
   { "skip-list", 0, 0, G_OPTION_ARG_FILENAME, &opt_skiplist_file, "File containing list of files to skip", "FILE" },
@@ -135,14 +135,14 @@ process_one_checkout (OstreeRepo           *repo,
       opt_bareuseronly_dirs || opt_union_identical ||
       opt_skiplist_file || opt_selinux_policy || opt_selinux_prefix)
     {
-      OstreeRepoCheckoutAtOptions checkout_options = { 0, };
+      OstreeRepoCheckoutAtOptions options = { 0, };
 
       /* do this early so option checking also catches force copy conflicts */
       if (opt_selinux_policy)
         opt_force_copy = TRUE;
 
       if (opt_user_mode)
-        checkout_options.mode = OSTREE_REPO_CHECKOUT_MODE_USER;
+        options.mode = OSTREE_REPO_CHECKOUT_MODE_USER;
       /* Can't union these */
       if (opt_union && opt_union_add)
         {
@@ -173,9 +173,9 @@ process_one_checkout (OstreeRepo           *repo,
           goto out;
         }
       else if (opt_union)
-        checkout_options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_FILES;
+        options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_FILES;
       else if (opt_union_add)
-        checkout_options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_ADD_FILES;
+        options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_ADD_FILES;
       else if (opt_union_identical)
         {
           if (!opt_require_hardlinks)
@@ -184,12 +184,12 @@ process_one_checkout (OstreeRepo           *repo,
                            "--union-identical requires --require-hardlinks");
               goto out;
             }
-          checkout_options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_IDENTICAL;
+          options.overwrite_mode = OSTREE_REPO_CHECKOUT_OVERWRITE_UNION_IDENTICAL;
         }
       if (opt_whiteouts)
-        checkout_options.process_whiteouts = TRUE;
+        options.process_whiteouts = TRUE;
       if (subpath)
-        checkout_options.subpath = subpath;
+        options.subpath = subpath;
 
       g_autoptr(OstreeSePolicy) policy = NULL;
       if (opt_selinux_policy)
@@ -203,8 +203,8 @@ process_one_checkout (OstreeRepo           *repo,
           policy = ostree_sepolicy_new_at (rootfs_dfd, cancellable, error);
           if (!policy)
             goto out;
-          checkout_options.sepolicy = policy;
-          checkout_options.sepolicy_prefix = opt_selinux_prefix;
+          options.sepolicy = policy;
+          options.sepolicy_prefix = opt_selinux_prefix;
         }
 
       g_autoptr(GHashTable) skip_list =
@@ -214,16 +214,16 @@ process_one_checkout (OstreeRepo           *repo,
           if (!ot_parse_file_by_line (opt_skiplist_file, handle_skiplist_line, skip_list,
                                       cancellable, error))
             goto out;
-          checkout_options.filter = checkout_filter;
-          checkout_options.filter_user_data = skip_list;
+          options.filter = checkout_filter;
+          options.filter_user_data = skip_list;
         }
 
-      checkout_options.no_copy_fallback = opt_require_hardlinks;
-      checkout_options.force_copy = opt_force_copy;
-      checkout_options.force_copy_zerosized = opt_force_copy_zerosized;
-      checkout_options.bareuseronly_dirs = opt_bareuseronly_dirs;
+      options.no_copy_fallback = opt_require_hardlinks;
+      options.force_copy = opt_force_copy;
+      options.force_copy_zerosized = opt_force_copy_zerosized;
+      options.bareuseronly_dirs = opt_bareuseronly_dirs;
 
-      if (!ostree_repo_checkout_at (repo, &checkout_options,
+      if (!ostree_repo_checkout_at (repo, &options,
                                     AT_FDCWD, destination,
                                     resolved_commit,
                                     cancellable, error))
diff --git a/src/ostree/ot-builtin-commit.c b/src/ostree/ot-builtin-commit.c
index 48fa292..20409fc 100644
--- a/src/ostree/ot-builtin-commit.c
+++ b/src/ostree/ot-builtin-commit.c
@@ -94,7 +94,7 @@ parse_fsync_cb (const char  *option_name,
  */
 
 static GOptionEntry options[] = {
-  { "parent", 0, 0, G_OPTION_ARG_STRING, &opt_parent, "Parent commit checksum, or \"none\"", "COMMIT" },
+  { "parent", 0, 0, G_OPTION_ARG_STRING, &opt_parent, "Parent ref, or \"none\"", "REF" },
   { "subject", 's', 0, G_OPTION_ARG_STRING, &opt_subject, "One line subject", "SUBJECT" },
   { "body", 'm', 0, G_OPTION_ARG_STRING, &opt_body, "Full description", "BODY" },
   { "body-file", 'F', 0, G_OPTION_ARG_FILENAME, &opt_body_file, "Commit message from FILE path", "FILE" },
@@ -103,7 +103,7 @@ static GOptionEntry options[] = {
   { "orphan", 0, 0, G_OPTION_ARG_NONE, &opt_orphan, "Create a commit without writing a ref", NULL },
   { "no-bindings", 0, 0, G_OPTION_ARG_NONE, &opt_no_bindings, "Do not write any ref bindings", NULL },
   { "bind-ref", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_bind_refs, "Add a ref to ref binding commit metadata", "BRANCH" },
-  { "base", 0, 0, G_OPTION_ARG_STRING, &opt_base, "Start from the given commit as a base (no modifiers apply)", "REV" },
+  { "base", 0, 0, G_OPTION_ARG_STRING, &opt_base, "Start from the given commit as a base (no modifiers apply)", "REF" },
   { "tree", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_trees, "Overlay the given argument as a tree", "dir=PATH or tar=TARFILE or ref=COMMIT" },
   { "add-metadata-string", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_strings, "Add a key/value pair to metadata", "KEY=VALUE" },
   { "add-metadata", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_metadata_variants, "Add a key/value pair to metadata, where the KEY is a string, an VALUE is g_variant_parse() formatted", "KEY=VALUE" },
@@ -614,10 +614,10 @@ ostree_builtin_commit (int argc, char **argv, OstreeCommandInvocation *invocatio
   if (opt_base)
     {
       g_autofree char *base_commit = NULL;
-      g_autoptr(GFile) base_root = NULL;
-      if (!ostree_repo_read_commit (repo, opt_base, &base_root, &base_commit, cancellable, error))
+      g_autoptr(GFile) root = NULL;
+      if (!ostree_repo_read_commit (repo, opt_base, &root, &base_commit, cancellable, error))
         goto out;
-      OstreeRepoFile *rootf = (OstreeRepoFile*) base_root;
+      OstreeRepoFile *rootf = (OstreeRepoFile*) root;
 
       mtree = ostree_mutable_tree_new_from_checksum (repo,
                                                      ostree_repo_file_tree_get_contents_checksum (rootf),
diff --git a/src/ostree/ot-builtin-config.c b/src/ostree/ot-builtin-config.c
index 64e434a..811a838 100644
--- a/src/ostree/ot-builtin-config.c
+++ b/src/ostree/ot-builtin-config.c
@@ -134,7 +134,7 @@ ostree_builtin_config (int argc, char **argv, OstreeCommandInvocation *invocatio
   else if (!strcmp (op, "get"))
     {
       GKeyFile *readonly_config = NULL;
-      g_autofree char *read_value = NULL;
+      g_autofree char *value = NULL;
       if (opt_group)
         {
           if (argc < 3)
@@ -160,11 +160,11 @@ ostree_builtin_config (int argc, char **argv, OstreeCommandInvocation *invocatio
         }
 
       readonly_config = ostree_repo_get_config (repo);
-      read_value = g_key_file_get_string (readonly_config, section, key, error);
-      if (read_value == NULL)
+      value = g_key_file_get_string (readonly_config, section, key, error);
+      if (value == NULL)
         return FALSE;
 
-      g_print ("%s\n", read_value);
+      g_print ("%s\n", value);
     }
   else if (!strcmp (op, "unset"))
     {
diff --git a/src/ostree/ot-builtin-gpg-sign.c b/src/ostree/ot-builtin-gpg-sign.c
index bde9180..6babbf2 100644
--- a/src/ostree/ot-builtin-gpg-sign.c
+++ b/src/ostree/ot-builtin-gpg-sign.c
@@ -171,8 +171,9 @@ delete_signatures (OstreeRepo *repo,
 
       while (!g_queue_is_empty (&signatures))
         {
-          g_autoptr(GVariant) sigchild = g_queue_pop_head (&signatures);
-          g_variant_builder_add_value (&signature_builder, sigchild);
+          GVariant *child = g_queue_pop_head (&signatures);
+          g_variant_builder_add_value (&signature_builder, child);
+          g_variant_unref (child);
         }
 
       g_variant_dict_insert_value (&metadata_dict,
diff --git a/src/ostree/ot-builtin-log.c b/src/ostree/ot-builtin-log.c
index 0a1d408..306f177 100644
--- a/src/ostree/ot-builtin-log.c
+++ b/src/ostree/ot-builtin-log.c
@@ -95,7 +95,7 @@ ostree_builtin_log (int           argc,
   g_autofree char *checksum = NULL;
   OstreeDumpFlags flags = OSTREE_DUMP_NONE;
 
-  context = g_option_context_new ("REV");
+  context = g_option_context_new ("REF");
 
   if (!ostree_option_context_parse (context, options, &argc, &argv, invocation, &repo, cancellable, error))
     goto out;
@@ -105,7 +105,7 @@ ostree_builtin_log (int           argc,
 
   if (argc <= 1)
     {
-      ot_util_usage_error (context, "A rev argument is required", error);
+      ot_util_usage_error (context, "A ref argument is required", error);
       goto out;
     }
   rev = argv[1];
diff --git a/src/ostree/ot-builtin-pull.c b/src/ostree/ot-builtin-pull.c
index ed0ec55..e69d62e 100644
--- a/src/ostree/ot-builtin-pull.c
+++ b/src/ostree/ot-builtin-pull.c
@@ -271,7 +271,7 @@ ostree_builtin_pull (int argc, char **argv, OstreeCommandInvocation *invocation,
 
   {
     GVariantBuilder builder;
-    g_autoptr(GVariant) pull_options = NULL;
+    g_autoptr(GVariant) options = NULL;
     g_auto(GLnxConsoleRef) console = { 0, };
     g_variant_builder_init (&builder, G_VARIANT_TYPE ("a{sv}"));
 
@@ -378,9 +378,9 @@ ostree_builtin_pull (int argc, char **argv, OstreeCommandInvocation *invocation,
 #endif /* OSTREE_DISABLE_GPGME */
       }
 
-    pull_options = g_variant_ref_sink (g_variant_builder_end (&builder));
+    options = g_variant_ref_sink (g_variant_builder_end (&builder));
 
-    if (!ostree_repo_pull_with_options (repo, remote, pull_options,
+    if (!ostree_repo_pull_with_options (repo, remote, options,
                                         progress, cancellable, error))
       goto out;
 
diff --git a/src/ostree/ot-builtin-sign.c b/src/ostree/ot-builtin-sign.c
index 2f90acd..c777748 100644
--- a/src/ostree/ot-builtin-sign.c
+++ b/src/ostree/ot-builtin-sign.c
@@ -167,7 +167,7 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation,
       if ((n_key_ids == 0) || opt_filename)
         {
           g_autoptr (GVariantBuilder) builder = NULL;
-          g_autoptr (GVariant) sign_options = NULL;
+          g_autoptr (GVariant) options = NULL;
 
           builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
           /* Use custom directory with public and revoked keys instead of system-wide directories */
@@ -176,9 +176,9 @@ ostree_builtin_sign (int argc, char **argv, OstreeCommandInvocation *invocation,
           /* The last chance for verification source -- system files */
           if (opt_filename)
             g_variant_builder_add (builder, "{sv}", "filename", g_variant_new_string (opt_filename));
-          sign_options = g_variant_builder_end (builder);
+          options = g_variant_builder_end (builder);
 
-          if (!ostree_sign_load_pk (sign, sign_options, error))
+          if (!ostree_sign_load_pk (sign, options, error))
             goto out;
 
           if (ostree_sign_commit_verify (sign,
diff --git a/src/ostree/ot-builtin-static-delta.c b/src/ostree/ot-builtin-static-delta.c
index 3e0af5b..4f9ff2b 100644
--- a/src/ostree/ot-builtin-static-delta.c
+++ b/src/ostree/ot-builtin-static-delta.c
@@ -40,10 +40,6 @@ static gboolean opt_swap_endianness;
 static gboolean opt_inline;
 static gboolean opt_disable_bsdiff;
 static gboolean opt_if_not_exists;
-static char **opt_key_ids;
-static char *opt_sign_name;
-static char *opt_keysfilename;
-static char *opt_keysdir;
 
 #define BUILTINPROTO(name) static gboolean ot_static_delta_builtin_ ## name (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
 
@@ -52,7 +48,6 @@ BUILTINPROTO(show);
 BUILTINPROTO(delete);
 BUILTINPROTO(generate);
 BUILTINPROTO(apply_offline);
-BUILTINPROTO(verify);
 
 #undef BUILTINPROTO
 
@@ -72,9 +67,6 @@ static OstreeCommand static_delta_subcommands[] = {
   { "apply-offline", OSTREE_BUILTIN_FLAG_NONE,
     ot_static_delta_builtin_apply_offline,
     "Apply static delta file" },
-  { "verify", OSTREE_BUILTIN_FLAG_NONE,
-    ot_static_delta_builtin_verify,
-    "Verify static delta signatures" },
   { NULL, 0, NULL, NULL }
 };
 
@@ -96,20 +88,10 @@ static GOptionEntry generate_options[] = {
   { "max-bsdiff-size", 0, 0, G_OPTION_ARG_STRING, &opt_max_bsdiff_size, "Maximum size in megabytes to consider bsdiff compression for input files", NULL},
   { "max-chunk-size", 0, 0, G_OPTION_ARG_STRING, &opt_max_chunk_size, "Maximum size of delta chunks in megabytes", NULL},
   { "filename", 0, 0, G_OPTION_ARG_FILENAME, &opt_filename, "Write the delta content to PATH (a directory).  If not specified, the OSTree repository is used", "PATH"},
-  { "sign", 0, 0, G_OPTION_ARG_STRING_ARRAY, &opt_key_ids, "Sign the delta with", "KEY_ID"},
-  { "sign-type", 0, 0, G_OPTION_ARG_STRING, &opt_sign_name, "Signature type to use (defaults to 'ed25519')", "NAME"},
-#if defined(HAVE_LIBSODIUM)
-  { "keys-file", 0, 0, G_OPTION_ARG_STRING, &opt_keysfilename, "Read key(s) from file", "NAME"},
-#endif
   { NULL }
 };
 
 static GOptionEntry apply_offline_options[] = {
-  { "sign-type", 0, 0, G_OPTION_ARG_STRING, &opt_sign_name, "Signature type to use (defaults to 'ed25519')", "NAME"},
-#if defined(HAVE_LIBSODIUM)
-  { "keys-file", 0, 0, G_OPTION_ARG_STRING, &opt_keysfilename, "Read key(s) from file", "NAME"},
-  { "keys-dir", 0, 0, G_OPTION_ARG_STRING, &opt_keysdir, "Redefine system-wide directories with public and revoked keys for verification", "NAME"},
-#endif
   { NULL }
 };
 
@@ -117,15 +99,6 @@ static GOptionEntry list_options[] = {
   { NULL }
 };
 
-static GOptionEntry verify_options[] = {
-  { "sign-type", 0, 0, G_OPTION_ARG_STRING, &opt_sign_name, "Signature type to use (defaults to 'ed25519')", "NAME"},
-#if defined(HAVE_LIBSODIUM)
-  { "keys-file", 0, 0, G_OPTION_ARG_STRING, &opt_keysfilename, "Read key(s) from file", "NAME"},
-  { "keys-dir", 0, 0, G_OPTION_ARG_STRING, &opt_keysdir, "Redefine system-wide directories with public and revoked keys for verification", "NAME"},
-#endif
-  { NULL }
-};
-
 static void
 static_delta_usage (char    **argv,
                     gboolean  is_error)
@@ -353,60 +326,6 @@ ot_static_delta_builtin_generate (int argc, char **argv, OstreeCommandInvocation
       if (opt_endianness || opt_swap_endianness)
         g_variant_builder_add (parambuilder, "{sv}", "endianness", g_variant_new_uint32 (endianness));
 
-      if (opt_key_ids || opt_keysfilename)
-        {
-          g_autoptr(GPtrArray) key_ids = g_ptr_array_new ();
-
-          for (char **iter = opt_key_ids; iter != NULL && *iter != NULL; ++iter)
-            g_ptr_array_add (key_ids, *iter);
-
-          if (opt_keysfilename)
-            {
-              g_autoptr (GFile) keyfile = NULL;
-              g_autoptr (GFileInputStream) key_stream_in = NULL;
-              g_autoptr (GDataInputStream) key_data_in = NULL;
-
-              if (!g_file_test (opt_keysfilename, G_FILE_TEST_IS_REGULAR))
-                {
-                  g_warning ("Can't open file '%s' with keys", opt_keysfilename);
-                  return glnx_throw (error, "File object '%s' is not a regular file", opt_keysfilename);
-                }
-
-              keyfile = g_file_new_for_path (opt_keysfilename);
-              key_stream_in = g_file_read (keyfile, NULL, error);
-              if (key_stream_in == NULL)
-                return FALSE;
-
-              key_data_in = g_data_input_stream_new (G_INPUT_STREAM(key_stream_in));
-              g_assert (key_data_in != NULL);
-
-              /* Use simple file format with just a list of base64 public keys per line */
-              while (TRUE)
-                {
-                  gsize len = 0;
-                  g_autofree char *line = g_data_input_stream_read_line (key_data_in, &len, NULL, error);
-                  g_autoptr (GVariant) sk = NULL;
-
-                  if (*error != NULL)
-                    return FALSE;
-
-                  if (line == NULL)
-                    break;
-
-                  // Pass the key as a string
-                  g_ptr_array_add (key_ids, g_strdup (line));
-                }
-            }
-
-          g_autoptr(GVariant) key_ids_v = g_variant_new_strv ((const char *const *)key_ids->pdata,
-                                                              key_ids->len);
-          g_variant_builder_add (parambuilder, "{s@v}", "sign-key-ids",
-                                 g_variant_new_variant (g_steal_pointer (&key_ids_v)));
-        }
-      opt_sign_name = opt_sign_name ?: OSTREE_SIGN_NAME_ED25519;
-      g_variant_builder_add (parambuilder, "{sv}", "sign-name",
-                             g_variant_new_bytestring (opt_sign_name));
-
       g_print ("Generating static delta:\n");
       g_print ("  From: %s\n", from_resolved ? from_resolved : "empty");
       g_print ("  To:   %s\n", to_resolved);
@@ -428,9 +347,6 @@ ot_static_delta_builtin_apply_offline (int argc, char **argv, OstreeCommandInvoc
 {
   g_autoptr(GOptionContext) context = NULL;
   g_autoptr(OstreeRepo) repo = NULL;
-  g_autoptr (OstreeSign) sign = NULL;
-  char **key_ids;
-  int n_key_ids;
 
   context = g_option_context_new ("");
   if (!ostree_option_context_parse (context, apply_offline_options, &argc, &argv, invocation, &repo, cancellable, error))
@@ -446,59 +362,13 @@ ot_static_delta_builtin_apply_offline (int argc, char **argv, OstreeCommandInvoc
       return FALSE;
     }
 
-#if defined(HAVE_LIBSODIUM)
-  /* Initialize crypto system */
-  opt_sign_name = opt_sign_name ?: OSTREE_SIGN_NAME_ED25519;
-#endif
-
-  if (opt_sign_name)
-    {
-      sign = ostree_sign_get_by_name (opt_sign_name, error);
-      if (!sign)
-        return glnx_throw (error, "Signing type %s is not supported", opt_sign_name);
-
-      key_ids = argv + 3;
-      n_key_ids = argc - 3;
-      for (int i = 0; i < n_key_ids; i++)
-        {
-          g_autoptr (GVariant) pk = g_variant_new_string(key_ids[i]);
-          if (!ostree_sign_add_pk(sign, pk, error))
-            return FALSE;
-        }
-      if ((n_key_ids == 0) || opt_keysfilename)
-        {
-          g_autoptr (GVariantBuilder) builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
-          g_autoptr (GVariant) options = NULL;
-
-          /* Use custom directory with public and revoked keys instead of system-wide directories */
-          if (opt_keysdir)
-            g_variant_builder_add (builder, "{sv}", "basedir", g_variant_new_string (opt_keysdir));
-          /* The last chance for verification source -- system files */
-          if (opt_keysfilename)
-            g_variant_builder_add (builder, "{sv}", "filename", g_variant_new_string (opt_keysfilename));
-          options = g_variant_builder_end (builder);
-
-          if (!ostree_sign_load_pk (sign, options, error))
-            {
-              /* If it fails to load system default public keys, consider there no signature engine */
-              if (!opt_keysdir && !opt_keysfilename)
-                {
-                  g_clear_error(error);
-                  g_clear_object(&sign);
-                }
-              else
-                return FALSE;
-            }
-        }
-    }
-
   const char *patharg = argv[2];
   g_autoptr(GFile) path = g_file_new_for_path (patharg);
 
   if (!ostree_repo_prepare_transaction (repo, NULL, cancellable, error))
     return FALSE;
 
-  if (!ostree_repo_static_delta_execute_offline_with_signature (repo, path, sign, FALSE, cancellable, error))
+  if (!ostree_repo_static_delta_execute_offline (repo, path, FALSE, cancellable, error))
     return FALSE;
 
   if (!ostree_repo_commit_transaction (repo, NULL, cancellable, error))
@@ -507,68 +377,6 @@ ot_static_delta_builtin_apply_offline (int argc, char **argv, OstreeCommandInvoc
   return TRUE;
 }
 
-static gboolean
-ot_static_delta_builtin_verify (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
-{
-  g_autoptr (GOptionContext) context = g_option_context_new ("STATIC-DELTA-FILE [KEY-ID...]");
-  g_autoptr (OstreeRepo) repo = NULL;
-  gboolean verified;
-  char **key_ids;
-  int n_key_ids;
-
-  if (!ostree_option_context_parse (context, verify_options, &argc, &argv, invocation, &repo, cancellable, error))
-    return FALSE;
-
-  if (argc < 3)
-    {
-      g_set_error_literal (error, G_IO_ERROR, G_IO_ERROR_FAILED,
-                           "DELTA must be specified");
-      return FALSE;
-    }
-
-  opt_sign_name = opt_sign_name ?: OSTREE_SIGN_NAME_ED25519;
-
-  const char *delta_id = argv[2];
-
-  g_autoptr (OstreeSign) sign = ostree_sign_get_by_name (opt_sign_name, error);
-  if (!sign)
-    {
-      g_print("Sign-type not supported\n");
-      return FALSE;
-    }
-
-  key_ids = argv + 3;
-  n_key_ids = argc - 3;
-  for (int i = 0; i < n_key_ids; i++)
-    {
-      g_autoptr (GVariant) pk = g_variant_new_string(key_ids[i]);
-      if (!ostree_sign_add_pk(sign, pk, error))
-        return FALSE;
-    }
-  if ((n_key_ids == 0) || opt_keysfilename)
-    {
-      g_autoptr (GVariantBuilder) builder = NULL;
-      g_autoptr (GVariant) options = NULL;
-
-      builder = g_variant_builder_new (G_VARIANT_TYPE ("a{sv}"));
-      /* Use custom directory with public and revoked keys instead of system-wide directories */
-      if (opt_keysdir)
-        g_variant_builder_add (builder, "{sv}", "basedir", g_variant_new_string (opt_keysdir));
-      /* The last chance for verification source -- system files */
-      if (opt_keysfilename)
-        g_variant_builder_add (builder, "{sv}", "filename", g_variant_new_string (opt_keysfilename));
-      options = g_variant_builder_end (builder);
-
-      if (!ostree_sign_load_pk (sign, options, error))
-        return FALSE;
-    }
-
-  verified = ostree_repo_static_delta_verify_signature (repo, delta_id, sign, NULL, error);
-  g_print ("Verification %s\n", verified ? "OK" : "fails");
-
-  return verified;
-}
-
 gboolean
 ostree_builtin_static_delta (int argc, char **argv, OstreeCommandInvocation *invocation, GCancellable *cancellable, GError **error)
 {
diff --git a/src/ostree/ot-dump.c b/src/ostree/ot-dump.c
index a8ed54a..38f3730 100644
--- a/src/ostree/ot-dump.c
+++ b/src/ostree/ot-dump.c
@@ -114,7 +114,6 @@ dump_commit (GVariant            *variant,
   const gchar *subject;
   const gchar *body;
   guint64 timestamp;
-  g_autofree char *parent = NULL;
   g_autofree char *str = NULL;
   g_autofree char *version = NULL;
   g_autoptr(GError) local_error = NULL;
@@ -130,12 +129,6 @@ dump_commit (GVariant            *variant,
       g_assert (local_error); /* Pacify static analysis */
       errx (1, "Failed to read commit: %s", local_error->message);
     }
-
-  if ((parent = ostree_commit_get_parent(variant)))
-    {
-      g_print ("Parent:  %s\n", parent);
-    }
-
   g_autofree char *contents = ostree_commit_get_content_checksum (variant) ?: "<invalid commit>";
   g_print ("ContentChecksum:  %s\n", contents);
   g_print ("Date:  %s\n", str);
@@ -322,11 +315,10 @@ ot_dump_summary_bytes (GBytes          *summary_bytes,
   collection_map = g_variant_lookup_value (exts, OSTREE_SUMMARY_COLLECTION_MAP, G_VARIANT_TYPE ("a{sa(s(taya{sv}))}"));
   if (collection_map != NULL)
     {
-      g_autoptr(GVariant) collection_refs = NULL;
       g_variant_iter_init (&iter, collection_map);
 
-      while (g_variant_iter_loop (&iter, "{&s@a(s(taya{sv}))}", &collection_id, &collection_refs))
-        dump_summary_refs (collection_id, collection_refs);
+      while (g_variant_iter_loop (&iter, "{&s@a(s(taya{sv}))}", &collection_id, &refs))
+        dump_summary_refs (collection_id, refs);
     }
 
   /* Print out the additional metadata. */
@@ -362,22 +354,6 @@ ot_dump_summary_bytes (GBytes          *summary_bytes,
           pretty_key = "Collection Map";
           value_str = g_strdup ("(printed above)");
         }
-      else if (g_strcmp0 (key, OSTREE_SUMMARY_MODE) == 0)
-        {
-          OstreeRepoMode repo_mode;
-          const char *repo_mode_str = g_variant_get_string (value, NULL);
-
-          pretty_key = "Repository Mode";
-          if (!ostree_repo_mode_from_string (repo_mode_str, &repo_mode, NULL))
-            value_str = g_strdup_printf ("Invalid (‘%s’)", repo_mode_str);
-          else
-            value_str = g_strdup (repo_mode_str);
-        }
-      else if (g_strcmp0 (key, OSTREE_SUMMARY_TOMBSTONE_COMMITS) == 0)
-        {
-          pretty_key = "Has Tombstone Commits";
-          value_str = g_strdup (g_variant_get_boolean (value) ? "Yes" : "No");
-        }
       else
         {
           value_str = g_variant_print (value, FALSE);
diff --git a/src/ostree/ot-remote-builtin-add.c b/src/ostree/ot-remote-builtin-add.c
index 61539ec..172625d 100644
--- a/src/ostree/ot-remote-builtin-add.c
+++ b/src/ostree/ot-remote-builtin-add.c
@@ -104,6 +104,7 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio
   g_autoptr(GString) sign_verify = NULL;
   const char *remote_name;
   const char *remote_url;
+  char **iter;
   g_autoptr(GVariantBuilder) optbuilder = NULL;
   g_autoptr(GVariant) options = NULL;
   gboolean ret = FALSE;
@@ -160,7 +161,7 @@ ot_remote_builtin_add (int argc, char **argv, OstreeCommandInvocation *invocatio
     g_variant_builder_add (optbuilder, "{s@v}",
                            "contenturl", g_variant_new_variant (g_variant_new_string (opt_contenturl)));
 
-  for (char **iter = opt_set; iter && *iter; iter++)
+  for (iter = opt_set; iter && *iter; iter++)
     {
       const char *keyvalue = *iter;
       g_autofree char *subkey = NULL;
diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c
index 6bc2c37..8a68e1f 100644
--- a/src/switchroot/ostree-prepare-root.c
+++ b/src/switchroot/ostree-prepare-root.c
@@ -101,9 +101,10 @@ sysroot_is_configured_ro (const char *sysroot)
   bool ret = false;
   char *line = NULL;
   size_t len = 0;
+  ssize_t nread;
   /* Note getline() will reuse the previous buffer */
   bool in_sysroot = false;
-  while (getline (&line, &len, f) != -1)
+  while ((nread = getline (&line, &len, f)) != -1)
     {
       /* This is an awful hack to avoid depending on GLib in the
        * initramfs right now.
@@ -152,8 +153,8 @@ resolve_deploy_path (const char * root_mountpoint)
                    "MESSAGE_ID=" SD_ID128_FORMAT_STR,
                    SD_ID128_FORMAT_VAL(OSTREE_PREPARE_ROOT_DEPLOYMENT_MSG),
                    "DEPLOYMENT_PATH=%s", resolved_path,
-                   "DEPLOYMENT_DEVICE=%" PRIu64, (uint64_t) stbuf.st_dev,
-                   "DEPLOYMENT_INODE=%" PRIu64, (uint64_t) stbuf.st_ino,
+                   "DEPLOYMENT_DEVICE=%u", stbuf.st_dev,
+                   "DEPLOYMENT_INODE=%u", stbuf.st_ino,
                    NULL);
 #endif
   return deploy_path;
@@ -251,7 +252,7 @@ main(int argc, char *argv[])
        * sysroot, we still need a writable /etc.  And to avoid race conditions
        * we ensure it's writable in the initramfs, before we switchroot at all.
        */
-      if (mount ("etc", "etc", NULL, MS_BIND, NULL) < 0)
+      if (mount ("/etc", "/etc", NULL, MS_BIND, NULL) < 0)
         err (EXIT_FAILURE, "failed to make /etc a bind mount");
       /* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */
       int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644);
diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
index 3981682..5c313c8 100644
--- a/src/switchroot/ostree-remount.c
+++ b/src/switchroot/ostree-remount.c
@@ -106,16 +106,11 @@ main(int argc, char *argv[])
       exit (EXIT_SUCCESS);
     }
 
-  /* Handle remounting /sysroot; if it's explicitly marked as read-only (opt in)
-   * then ensure it's readonly, otherwise mount writable, the same as /
-   */
-  bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0;
-  do_remount ("/sysroot", !sysroot_configured_readonly);
-
-  /* And also make sure to make /etc rw again. We make this conditional on
-   * sysroot_configured_readonly because only in that case is it a bind-mount. */
-  if (sysroot_configured_readonly)
-    do_remount ("/etc", true);
+  /* Handle remounting /sysroot read-only now */
+  if (unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0)
+    {
+      do_remount ("/sysroot", false);
+    }
 
   /* If /var was created as as an OSTree default bind mount (instead of being a separate filesystem)
     * then remounting the root mount read-only also remounted it.
diff --git a/tests/basic-test.sh b/tests/basic-test.sh
index 9227b0c..fc193f4 100644
--- a/tests/basic-test.sh
+++ b/tests/basic-test.sh
@@ -750,17 +750,15 @@ rm files -rf && mkdir files
 touch files/anemptyfile
 touch files/anotheremptyfile
 $CMD_PREFIX ostree --repo=repo commit --consume -b tree-with-empty-files --tree=dir=files
-$CMD_PREFIX ostree --repo=repo checkout ${CHECKOUT_H_ARGS} tree-with-empty-files tree-with-empty-files
-if files_are_hardlinked tree-with-empty-files/an{,other}emptyfile; then
-    fatal "--force-copy-zerosized failed"
-fi
-# And pass the now-defunct -z option to validate it does nothing
-rm tree-with-empty-files -rf
 $CMD_PREFIX ostree --repo=repo checkout ${CHECKOUT_H_ARGS} -z tree-with-empty-files tree-with-empty-files
 if files_are_hardlinked tree-with-empty-files/an{,other}emptyfile; then
     fatal "--force-copy-zerosized failed"
 fi
-echo "ok checkout zero sized files are not hardlinked"
+rm tree-with-empty-files -rf
+$CMD_PREFIX ostree --repo=repo checkout ${CHECKOUT_H_ARGS} tree-with-empty-files tree-with-empty-files
+assert_files_hardlinked tree-with-empty-files/an{,other}emptyfile
+rm tree-with-empty-files -rf
+echo "ok checkout --force-copy-zerosized"
 
 # These should merge, they're identical
 $CMD_PREFIX ostree --repo=repo checkout ${CHECKOUT_H_ARGS} --union-identical -z tree-with-empty-files tree-with-empty-files
diff --git a/tests/bootloader-entries-crosscheck.py b/tests/bootloader-entries-crosscheck.py
index 605bd08..41f6956 100755
--- a/tests/bootloader-entries-crosscheck.py
+++ b/tests/bootloader-entries-crosscheck.py
@@ -73,56 +73,36 @@ with open(syslinuxpath) as f:
     syslinux_entry = None
     syslinux_default = None
     for line in f:
-        try:
-            k, v = line.strip().split(" ", 1)
-        except ValueError:
-            continue
-        if k == 'DEFAULT':
+        line = line.strip()
+        if line.startswith('DEFAULT '):
             if syslinux_entry is not None:
-                syslinux_default = v
-        elif k == 'LABEL':
+                syslinux_default = line.split(' ', 1)[1]
+        elif line.startswith('LABEL '):
             if syslinux_entry is not None:
                 syslinux_entries.append(syslinux_entry)
             syslinux_entry = {}
-            syslinux_entry['title'] = v
-        elif k == 'KERNEL':
-            syslinux_entry['linux'] = v
-        elif k == 'INITRD':
-            syslinux_entry['initrd'] = v
-        elif k == 'APPEND':
-            syslinux_entry['options'] = v
+            syslinux_entry['title'] = line.split(' ', 1)[1]
+        elif line.startswith('KERNEL '):
+            syslinux_entry['linux'] = line.split(' ', 1)[1]
+        elif line.startswith('INITRD '):
+            syslinux_entry['initrd'] = line.split(' ', 1)[1]
+        elif line.startswith('APPEND '):
+            syslinux_entry['options'] = line.split(' ', 1)[1]
     if syslinux_entry is not None:
         syslinux_entries.append(syslinux_entry)
 
 if len(entries) != len(syslinux_entries):
     fatal("Found {0} loader entries, but {1} SYSLINUX entries\n".format(len(entries), len(syslinux_entries)))
 
-
-def assert_eq(a, b):
-    assert a == b, "%r == %r" % (a, b)
-
-
-def assert_key_same_file(a, b, key):
+def assert_matches_key(a, b, key):
     aval = a[key]
     bval = b[key]
-    sys.stderr.write("aval: %r\nbval: %r\n" % (aval, bval))
-
-    # Paths in entries are always relative to /boot
-    entry = os.stat(sysroot + "/boot" + aval)
-
-    # Syslinux entries can be relative to /boot (if it's on another filesystem)
-    # or relative to / if /boot is on /.
-    s1 = os.stat(sysroot + bval)
-    s2 = os.stat(sysroot + "/boot" + bval)
-
-    # A symlink ensures that no matter what they point at the same file
-    assert_eq(entry, s1)
-    assert_eq(entry, s2)
-
+    if aval != bval:
+        fatal("Mismatch on {0}: {1} != {2}".format(key, aval, bval))
 
 for i,(entry,syslinuxentry) in enumerate(zip(entries, syslinux_entries)):
-    assert_key_same_file(entry, syslinuxentry, 'linux')
-    assert_key_same_file(entry, syslinuxentry, 'initrd')
+    assert_matches_key(entry, syslinuxentry, 'linux')
+    assert_matches_key(entry, syslinuxentry, 'initrd')
     entry_ostree = get_ostree_option(entry['options'])
     syslinux_ostree = get_ostree_option(syslinuxentry['options'])
     if entry_ostree != syslinux_ostree:
diff --git a/tests/libtest.sh b/tests/libtest.sh
index 7c66a5c..ca457fa 100755
--- a/tests/libtest.sh
+++ b/tests/libtest.sh
@@ -700,12 +700,6 @@ has_sign_ed25519 () {
     return ${ret}
 }
 
-skip_without_sign_ed25519() {
-    if ! has_sign_ed25519; then
-        skip "no ed25519 support compiled in"
-    fi
-}
-
 # Keys for ed25519 signing tests
 ED25519PUBLIC=
 ED25519SEED=
diff --git a/tests/repo-finder-mount.c b/tests/repo-finder-mount.c
index 3d068af..2cb1d23 100644
--- a/tests/repo-finder-mount.c
+++ b/tests/repo-finder-mount.c
@@ -93,16 +93,16 @@ main (int argc, char **argv)
 
   g_ptr_array_add (refs, NULL);  /* NULL terminator */
 
-  g_autoptr(GAsyncResult) async_result = NULL;
+  g_autoptr(GAsyncResult) result = NULL;
   ostree_repo_finder_resolve_async (OSTREE_REPO_FINDER (finder),
                                     (const OstreeCollectionRef * const *) refs->pdata,
-                                    parent_repo, NULL, result_cb, &async_result);
+                                    parent_repo, NULL, result_cb, &result);
 
-  while (async_result == NULL)
+  while (result == NULL)
     g_main_context_iteration (context, TRUE);
 
   g_autoptr(GPtrArray) results = ostree_repo_finder_resolve_finish (OSTREE_REPO_FINDER (finder),
-                                                                    async_result, &error);
+                                                                    result, &error);
   g_assert_no_error (error);
 
   /* Check that the results are correct: the invalid refs should have been
diff --git a/tests/test-admin-deploy-2.sh b/tests/test-admin-deploy-2.sh
index 6df4877..0fa2df9 100755
--- a/tests/test-admin-deploy-2.sh
+++ b/tests/test-admin-deploy-2.sh
@@ -26,7 +26,7 @@ set -euo pipefail
 # Exports OSTREE_SYSROOT so --sysroot not needed.
 setup_os_repository "archive" "syslinux"
 
-echo "1..8"
+echo "1..7"
 
 ${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmaster/x86_64-runtime
 rev=$(${CMD_PREFIX} ostree --repo=sysroot/ostree/repo rev-parse testos/buildmaster/x86_64-runtime)
@@ -102,13 +102,6 @@ ${CMD_PREFIX} ostree admin pin -u 0
 assert_n_pinned 0
 echo "ok pin unpin"
 
-for p in medal 0medal '' 5000 9999999999999999999999999999999999999; do
-    if ${CMD_PREFIX} ostree admin pin ${p}; then
-        fatal "created invalid pin ${p}"
-    fi
-done
-echo "ok invalid pin"
-
 ${CMD_PREFIX} ostree admin pin 0 1
 assert_n_pinned 2
 assert_n_deployments 2
diff --git a/tests/test-basic-user.sh b/tests/test-basic-user.sh
index fa17bee..e56f828 100755
--- a/tests/test-basic-user.sh
+++ b/tests/test-basic-user.sh
@@ -75,8 +75,6 @@ $OSTREE fsck
 rm test2-checkout -rf
 $OSTREE checkout -U -H test2-unreadable test2-checkout
 assert_file_has_mode test2-checkout/unreadable 400
-# Should not be hardlinked
-assert_streq $(stat -c "%h" test2-checkout/unreadable) 1
 echo "ok bare-user handled unreadable file"
 
 cd ${test_tmpdir}
diff --git a/tests/test-delta-ed25519.sh b/tests/test-delta-ed25519.sh
deleted file mode 100755
index ef732cf..0000000
--- a/tests/test-delta-ed25519.sh
+++ /dev/null
@@ -1,322 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2011,2013 Colin Walters <walters@verbum.org>
-#
-# SPDX-License-Identifier: LGPL-2.0+
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the
-# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
-set -euo pipefail
-
-. $(dirname $0)/libtest.sh
-
-skip_without_user_xattrs
-
-skip_without_sign_ed25519
-
-bindatafiles="bash true ostree"
-
-echo '1..12'
-
-mkdir repo
-ostree_repo_init repo --mode=archive
-
-mkdir files
-for bin in ${bindatafiles}; do
-    cp $(which ${bin}) files
-done
-
-${CMD_PREFIX} ostree --repo=repo commit -b test -s test --tree=dir=files
-
-function permuteFile() {
-    permutation=$(($1 % 2))
-    output=$2
-    case $permutation in
-	0) dd if=/dev/zero count=40 bs=1 >> $output;;
-	1) echo aheader | cat - $output >> $output.new && mv $output.new $output;;
-    esac
-}
-
-function permuteDirectory() {
-    permutation=$1
-    dir=$2
-    for x in ${dir}/*; do
-	for z in $(seq ${permutation}); do
-	    permuteFile ${z} ${x}
-	done
-    done
-}
-
-get_assert_one_direntry_matching() {
-    local path=$1
-    local r=$2
-    local child=""
-    local bn
-    for p in ${path}/*; do
-	bn=$(basename $p)
-	if ! echo ${bn} | grep -q "$r"; then
-	    continue
-	fi
-	if test -z "${child}"; then
-	    child=${bn}
-	else
-	    assert_not_reached "Expected only one child matching ${r} in ${path}";
-	fi
-    done
-    if test -z "${child}"; then
-	assert_not_reached "Failed to find child matching ${r}"
-    fi
-    echo ${child}
-}
-
-origrev=$(${CMD_PREFIX} ostree --repo=repo rev-parse test)
-
-permuteDirectory 1 files
-${CMD_PREFIX} ostree --repo=repo commit -b test -s test --tree=dir=files
-
-newrev=$(${CMD_PREFIX} ostree --repo=repo rev-parse test)
-
-# Test ostree sign with 'ed25519' module
-gen_ed25519_keys
-PUBLIC=${ED25519PUBLIC}
-SEED=${ED25519SEED}
-SECRET=${ED25519SECRET}
-WRONG_PUBLIC="$(gen_ed25519_random_public)"
-
-SECRETKEYS="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.ed25519)"
-echo ${SECRET} > ${SECRETKEYS}
-
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" > show-ed25519-key-signed-1.txt
-assert_file_has_content show-ed25519-key-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" "${WRONG_PUBLIC}" > show-ed25519-key-signed-2.txt
-assert_file_has_content show-ed25519-key-signed-2.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" "${PUBLIC}" > show-ed25519-key-signed-3.txt
-assert_file_has_content show-ed25519-key-signed-3.txt "Verification OK"
-
-deltaprefix=$(get_assert_one_direntry_matching repo/deltas '.')
-deltadir=$(get_assert_one_direntry_matching repo/deltas/${deltaprefix} '-')
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" > show-ed25519-key-inline-signed-1.txt
-assert_file_has_content show-ed25519-key-inline-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" "${WRONG_PUBLIC}" > show-ed25519-key-inline-signed-2.txt
-assert_file_has_content show-ed25519-key-inline-signed-2.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" "${PUBLIC}" > show-ed25519-key-inline-signed-3.txt
-assert_file_has_content show-ed25519-key-inline-signed-3.txt "Verification OK"
-
-echo 'ok verified with ed25519 (sign - key)'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" > show-ed25519-keyfile-signed-1.txt
-assert_file_has_content show-ed25519-keyfile-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" "${WRONG_PUBLIC}" > show-ed25519-keyfile-signed-2.txt
-assert_file_has_content show-ed25519-keyfile-signed-2.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" "${PUBLIC}" > show-ed25519-keyfile-signed-3.txt
-assert_file_has_content show-ed25519-keyfile-signed-3.txt "Verification OK"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" > show-ed25519-keyfile-inline-signed-1.txt
-assert_file_has_content show-ed25519-keyfile-inline-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" "${WRONG_PUBLIC}" > show-ed25519-keyfile-inline-signed-2.txt
-assert_file_has_content show-ed25519-keyfile-inline-signed-2.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" "${PUBLIC}" > show-ed25519-keyfile-inline-signed-3.txt
-assert_file_has_content show-ed25519-keyfile-inline-signed-3.txt "Verification OK"
-
-echo 'ok verified with ed25519 (keyfile - key)'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" > show-ed25519-key-bad-signed.txt && exit 1
-assert_file_has_content show-ed25519-key-bad-signed.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" > show-ed25519-key-bad-inline-signed.txt && exit 1
-assert_file_has_content show-ed25519-key-bad-inline-signed.txt "Verification fails"
-
-echo 'ok Verification fails with ed25519 (sign - bad key)'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" > show-ed25519-keyfile-bad-signed.txt && exit 1
-assert_file_has_content show-ed25519-keyfile-bad-signed.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" > show-ed25519-keyfile-bad-inline-signed.txt && exit 1
-assert_file_has_content show-ed25519-keyfile-bad-inline-signed.txt "Verification fails"
-
-echo 'ok Verification fails with ed25519 (keyfile - bad key)'
-
-# Prepare files with public ed25519 signatures
-PUBKEYS="$(mktemp -p ${test_tmpdir} ed25519_XXXXXX.ed25519)"
-for((i=0;i<100;i++)); do
-    # Generate a list with some public signatures
-    gen_ed25519_random_public
-done > ${PUBKEYS}
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-bad-signed-1.txt && exit 1
-assert_file_has_content show-ed25519-file-bad-signed-1.txt "Verification fails"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-bad-signed-2.txt && exit 1
-assert_file_has_content show-ed25519-file-bad-signed-2.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-inline-bad-signed-1.txt && exit 1
-assert_file_has_content show-ed25519-file-inline-bad-signed-1.txt "Verification fails"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-inline-bad-signed-2.txt && exit 1
-assert_file_has_content show-ed25519-file-inline-bad-signed-2.txt "Verification fails"
-
-echo 'ok Verification fails with ed25519 (sign - bad keys)'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-bad-signed-3.txt && exit 1
-assert_file_has_content show-ed25519-file-bad-signed-3.txt "Verification fails"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-bad-signed-4.txt && exit 1
-assert_file_has_content show-ed25519-file-bad-signed-4.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-inline-bad-signed-3.txt && exit 1
-assert_file_has_content show-ed25519-file-inline-bad-signed-3.txt "Verification fails"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-inline-bad-signed-4.txt && exit 1
-assert_file_has_content show-ed25519-file-inline-bad-signed-4.txt "Verification fails"
-
-echo 'ok Verification fails with ed25519 (keyfile - bad keys)'
-
-# Add correct key into the list
-echo ${PUBLIC} >> ${PUBKEYS}
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-signed-1.txt
-assert_file_has_content show-ed25519-file-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-signed-2.txt
-assert_file_has_content show-ed25519-file-signed-2.txt "Verification OK"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --sign=${SECRET}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-inline-signed-1.txt
-assert_file_has_content show-ed25519-file-inline-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-inline-signed-2.txt
-assert_file_has_content show-ed25519-file-inline-signed-2.txt "Verification OK"
-
-echo 'ok verified with ed25519 (sign - file)'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-signed-3.txt
-assert_file_has_content show-ed25519-file-signed-3.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-signed-4.txt
-assert_file_has_content show-ed25519-file-signed-4.txt "Verification OK"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-file-inline-signed-3.txt
-assert_file_has_content show-ed25519-file-inline-signed-3.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-file-inline-signed-4.txt
-assert_file_has_content show-ed25519-file-inline-signed-4.txt "Verification OK"
-
-echo 'ok verified with ed25519 (keyfile - file)'
-
-# Test ostree sign with multiple 'ed25519' keys
-gen_ed25519_keys
-PUBLIC2=${ED25519PUBLIC}
-SEED2=${ED25519SEED}
-SECRET2=${ED25519SECRET}
-
-echo ${SECRET2} >> ${SECRETKEYS}
-echo ${PUBLIC2} >> ${PUBKEYS}
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" > show-ed25519-multiplekeys-signed-1.txt
-assert_file_has_content show-ed25519-multiplekeys-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC2}" > show-ed25519-multiplekeys-signed-2.txt
-assert_file_has_content show-ed25519-multiplekeys-signed-2.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" > show-ed25519-multiplekeys-bad-signed.txt && exit 1
-assert_file_has_content show-ed25519-multiplekeys-bad-signed.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-multiplekeys-signed-3.txt
-assert_file_has_content show-ed25519-multiplekeys-signed-3.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-multiplekeys-signed-4.txt
-assert_file_has_content show-ed25519-multiplekeys-signed-4.txt "Verification OK"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC}" > show-ed25519-multiplekeys-inline-signed-1.txt
-assert_file_has_content show-ed25519-multiplekeys-inline-signed-1.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${PUBLIC2}" > show-ed25519-multiplekeys-inline-signed-2.txt
-assert_file_has_content show-ed25519-multiplekeys-inline-signed-2.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} "${WRONG_PUBLIC}" > show-ed25519-multiplekeys-bad-inline-signed.txt && exit 1
-assert_file_has_content show-ed25519-multiplekeys-bad-inline-signed.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=ed25519 --keys-file=${SECRETKEYS}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} > show-ed25519-multiplekeys-inline-signed-3.txt
-assert_file_has_content show-ed25519-multiplekeys-inline-signed-3.txt "Verification OK"
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=ed25519 ${origrev}-${newrev} --keys-file=${PUBKEYS} "${WRONG_PUBLIC}" > show-ed25519-multiplekeys-inline-signed-4.txt
-assert_file_has_content show-ed25519-multiplekeys-inline-signed-4.txt "Verification OK"
-
-echo 'ok verified with ed25519 (multiple keys)'
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=ed25519 --keys-file=${PUBKEYS} repo/deltas/${deltaprefix}/${deltadir}
-${CMD_PREFIX} ostree --repo=repo2 fsck
-${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
-
-echo 'ok apply offline with ed25519 (keyfile)'
-
-mkdir -p ${test_tmpdir}/{trusted,revoked}.ed25519.d
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-echo ${PUBLIC} > ${test_tmpdir}/trusted.ed25519.d/correct
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --keys-dir=${test_tmpdir} repo/deltas/${deltaprefix}/${deltadir}
-${CMD_PREFIX} ostree --repo=repo2 fsck
-${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
-
-echo 'ok apply offline with ed25519 (keydir)'
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-echo ${PUBLIC} > ${test_tmpdir}/revoked.ed25519.d/correct
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-if ${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --keys-dir=${test_tmpdir} repo/deltas/${deltaprefix}/${deltadir}; then
-  exit 1
-fi
-
-rm -rf ${test_tmpdir}/{trusted,revoked}.ed25519.d
-
-echo 'ok apply offline with ed25519 revoking key mechanism (keydir)'
diff --git a/tests/test-delta-sign.sh b/tests/test-delta-sign.sh
deleted file mode 100755
index 86f12f9..0000000
--- a/tests/test-delta-sign.sh
+++ /dev/null
@@ -1,174 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2011,2013 Colin Walters <walters@verbum.org>
-#
-# SPDX-License-Identifier: LGPL-2.0+
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the
-# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
-set -euo pipefail
-
-. $(dirname $0)/libtest.sh
-
-skip_without_user_xattrs
-
-bindatafiles="bash true ostree"
-
-echo '1..7'
-
-# This is explicitly opt in for testing
-export OSTREE_DUMMY_SIGN_ENABLED=1
-
-mkdir repo
-ostree_repo_init repo --mode=archive
-
-mkdir files
-for bin in ${bindatafiles}; do
-    cp $(which ${bin}) files
-done
-
-${CMD_PREFIX} ostree --repo=repo commit -b test -s test --tree=dir=files
-
-function permuteFile() {
-    permutation=$(($1 % 2))
-    output=$2
-    case $permutation in
-	0) dd if=/dev/zero count=40 bs=1 >> $output;;
-	1) echo aheader | cat - $output >> $output.new && mv $output.new $output;;
-    esac
-}
-
-function permuteDirectory() {
-    permutation=$1
-    dir=$2
-    for x in ${dir}/*; do
-	for z in $(seq ${permutation}); do
-	    permuteFile ${z} ${x}
-	done
-    done
-}
-
-get_assert_one_direntry_matching() {
-    local path=$1
-    local r=$2
-    local child=""
-    local bn
-    for p in ${path}/*; do
-	bn=$(basename $p)
-	if ! echo ${bn} | grep -q "$r"; then
-	    continue
-	fi
-	if test -z "${child}"; then
-	    child=${bn}
-	else
-	    assert_not_reached "Expected only one child matching ${r} in ${path}";
-	fi
-    done
-    if test -z "${child}"; then
-	assert_not_reached "Failed to find child matching ${r}"
-    fi
-    echo ${child}
-}
-
-origrev=$(${CMD_PREFIX} ostree --repo=repo rev-parse test)
-
-permuteDirectory 1 files
-${CMD_PREFIX} ostree --repo=repo commit -b test -s test --tree=dir=files
-
-newrev=$(${CMD_PREFIX} ostree --repo=repo rev-parse test)
-
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev}
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev}-${newrev} dummysign > show-not-signed.txt 2>&1 && exit 1
-assert_file_has_content show-not-signed.txt "Verification fails"
-assert_file_has_content show-not-signed.txt "no signatures in static-delta"
-
-deltaprefix=$(get_assert_one_direntry_matching repo/deltas '.')
-deltadir=$(get_assert_one_direntry_matching repo/deltas/${deltaprefix} '-')
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev}-${newrev} dummysign > show-inline-not-signed.txt 2>&1 && exit 1
-assert_file_has_content show-not-signed.txt "Verification fails"
-assert_file_has_content show-not-signed.txt "no signatures in static-delta"
-
-echo 'ok verify ok with unsigned deltas'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=dummy --sign=dummysign
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev}-${newrev} dummysign > show-dummy-signed.txt
-assert_file_has_content show-dummy-signed.txt "Verification OK"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=dummy --sign=dummysign
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev}-${newrev} dummysign > show-dummy-inline-signed.txt
-assert_file_has_content show-dummy-inline-signed.txt "Verification OK"
-
-echo 'ok verified with dummy'
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --sign-type=dummy --sign=dummysign
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev}-${newrev} badsign > show-dummy-bad-signed.txt && exit 1
-assert_file_has_content show-dummy-bad-signed.txt "Verification fails"
-
-rm -rf repo/deltas/${deltaprefix}/${deltadir}/*
-${CMD_PREFIX} ostree --repo=repo static-delta generate --from=${origrev} --to=${newrev} --inline --sign-type=dummy --sign=dummysign
-${CMD_PREFIX} ostree --repo=repo static-delta verify --sign-type=dummy ${origrev}-${newrev} badsign > show-dummy-bad-inline-signed.txt && exit 1
-assert_file_has_content show-dummy-bad-inline-signed.txt "Verification fails"
-
-echo 'ok verification failed with dummy and bad key'
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline repo/deltas/${deltaprefix}/${deltadir}
-${CMD_PREFIX} ostree --repo=repo2 fsck
-${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
-
-echo 'ok apply offline with no signature verification and no key'
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-${CMD_PREFIX} ostree --repo=repo2 config set core.sign-verify-deltas true
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline repo/deltas/${deltaprefix}/${deltadir} 2> apply-offline-verification-no-key.txt && exit 1
-assert_file_has_content apply-offline-verification-no-key.txt "Key is mandatory to check delta signature"
-
-echo 'ok apply offline failed with signature verification forced and no key'
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=dummy repo/deltas/${deltaprefix}/${deltadir} dummysign
-${CMD_PREFIX} ostree --repo=repo2 fsck
-${CMD_PREFIX} ostree --repo=repo2 ls ${newrev} >/dev/null
-
-echo 'ok apply offline with dummy'
-
-rm -rf repo2
-ostree_repo_init repo2 --mode=bare-user
-
-${CMD_PREFIX} ostree --repo=repo2 pull-local repo ${origrev}
-${CMD_PREFIX} ostree --repo=repo2 ls ${origrev} >/dev/null
-${CMD_PREFIX} ostree --repo=repo2 static-delta apply-offline --sign-type=dummy repo/deltas/${deltaprefix}/${deltadir} badsign 2> apply-offline-bad-key.txt && exit 1
-assert_file_has_content apply-offline-bad-key.txt "signature: dummy: incorrect signature"
-
-echo 'ok apply offline failed with dummy and bad key'
diff --git a/tests/test-libarchive.sh b/tests/test-libarchive.sh
index 73a58dd..174be80 100755
--- a/tests/test-libarchive.sh
+++ b/tests/test-libarchive.sh
@@ -37,7 +37,7 @@ mkdir foo
 cd foo
 mkdir -p usr/bin usr/lib
 echo contents > usr/bin/foo
-echo foo0 > usr/bin/foo0
+touch usr/bin/foo0
 ln usr/bin/foo usr/bin/bar
 ln usr/bin/foo0 usr/bin/bar0
 ln -s foo usr/bin/sl
@@ -45,8 +45,8 @@ mkdir -p usr/local/bin
 ln usr/bin/foo usr/local/bin/baz
 ln usr/bin/foo0 usr/local/bin/baz0
 ln usr/bin/sl usr/local/bin/slhl
-echo setuidme > usr/bin/setuidme
-echo skipme > usr/bin/skipme
+touch usr/bin/setuidme
+touch usr/bin/skipme
 echo "a library" > usr/lib/libfoo.so
 echo "another library" > usr/lib/libbar.so
 
@@ -102,9 +102,9 @@ assert_valid_content () {
   assert_file_has_content usr/bin/foo contents
   assert_file_has_content usr/bin/bar contents
   assert_file_has_content usr/local/bin/baz contents
-  assert_file_has_content usr/bin/foo0 foo0
-  assert_file_has_content usr/bin/bar0 foo0
-  assert_file_has_content usr/local/bin/baz0 foo0
+  assert_file_empty usr/bin/foo0
+  assert_file_empty usr/bin/bar0
+  assert_file_empty usr/local/bin/baz0
   assert_file_has_content usr/lib/libfoo.so 'a library'
   assert_file_has_content usr/lib/libbar.so 'another library'
 
@@ -244,7 +244,7 @@ ${CMD_PREFIX} ostree --repo=repo2 commit \
   --generate-sizes \
   --tree=tar=foo.tar.gz
 ${CMD_PREFIX} ostree --repo=repo2 show --print-sizes test-tar > sizes.txt
-assert_file_has_content sizes.txt 'Compressed size (needed/total): 0[  ]bytes/1.2[  ]kB'
-assert_file_has_content sizes.txt 'Unpacked size (needed/total): 0[  ]bytes/921[  ]bytes'
-assert_file_has_content sizes.txt 'Number of objects (needed/total): 0/14'
+assert_file_has_content sizes.txt 'Compressed size (needed/total): 0[  ]bytes/1.1[  ]kB'
+assert_file_has_content sizes.txt 'Unpacked size (needed/total): 0[  ]bytes/900[  ]bytes'
+assert_file_has_content sizes.txt 'Number of objects (needed/total): 0/12'
 echo "ok tar sizes metadata"
diff --git a/tests/test-osupdate-dtb.sh b/tests/test-osupdate-dtb.sh
deleted file mode 100755
index 9e0c468..0000000
--- a/tests/test-osupdate-dtb.sh
+++ /dev/null
@@ -1,62 +0,0 @@
-#!/bin/bash
-#
-# Copyright (C) 2020 Red Hat, Inc.
-#
-# SPDX-License-Identifier: LGPL-2.0+
-#
-# This library is free software; you can redistribute it and/or
-# modify it under the terms of the GNU Lesser General Public
-# License as published by the Free Software Foundation; either
-# version 2 of the License, or (at your option) any later version.
-#
-# This library is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
-# Lesser General Public License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with this library; if not, write to the
-# Free Software Foundation, Inc., 59 Temple Place - Suite 330,
-# Boston, MA 02111-1307, USA.
-
-set -euo pipefail
-
-. $(dirname $0)/libtest.sh
-
-echo "1..1"
-
-# Exports OSTREE_SYSROOT so --sysroot not needed.
-kver="3.6.0"
-modulesdir="usr/lib/modules/${kver}"
-setup_os_repository "archive" "syslinux" ${modulesdir}
-
-cd ${test_tmpdir}
-os_repository_new_commit "test" "test with device tree directory"
-
-devicetree_path=osdata/${modulesdir}/dtb/asoc-board.dtb
-devicetree_overlay_path=osdata/${modulesdir}/dtb/overlays/overlay.dtbo
-
-mkdir -p osdata/${modulesdir}/dtb
-echo "a device tree" > ${devicetree_path}
-mkdir -p osdata/${modulesdir}/dtb/overlays
-echo "a device tree overlay" > ${devicetree_overlay_path}
-
-${CMD_PREFIX} ostree --repo=testos-repo commit --tree=dir=osdata/ -b testos/buildmaster/x86_64-runtime
-${CMD_PREFIX} ostree --repo=sysroot/ostree/repo pull-local --remote=testos testos-repo testos/buildmaster/x86_64-runtime
-${CMD_PREFIX} ostree --repo=sysroot/ostree/repo remote add --set=gpg-verify=false testos file://$(pwd)/testos-repo testos/buildmaster/x86_64-runtime
-${CMD_PREFIX} env OSTREE_SYSROOT_DEBUG=${OSTREE_SYSROOT_DEBUG},no-dtb ostree admin deploy --os=testos testos:testos/buildmaster/x86_64-runtime
-assert_has_file sysroot/boot/ostree/testos-${bootcsum}/vmlinuz-3.6.0
-assert_not_has_file sysroot/boot/ostree/testos-${bootcsum}/dtb/asoc-board.dtb 'a device tree'
-assert_streq $(ls sysroot/boot/ostree | wc -l) 1
-assert_streq $(find sysroot/boot/ostree -name '*.dtb' | wc -l) 0
-${CMD_PREFIX} ostree --repo=testos-repo commit --tree=dir=osdata/ -b testos/buildmaster/x86_64-runtime
-env OSTREE_SYSROOT_DEBUG=${OSTREE_SYSROOT_DEBUG},no-dtb ${CMD_PREFIX} ostree admin upgrade --os=testos
-${CMD_PREFIX} ostree --repo=testos-repo commit --tree=dir=osdata/ -b testos/buildmaster/x86_64-runtime
-${CMD_PREFIX} ostree admin upgrade --os=testos
-assert_streq $(ls sysroot/boot/ostree | wc -l) 2
-# Note that the bootcsum computed by the test suite doesn't include devicetree
-# And currently we end up installing the dtb for the *previous* deployment
-# too which is a bug - in the future this should be fixed to assert 1.
-assert_streq $(find sysroot/boot/ostree -name '*.dtb' | wc -l) 2
-
-echo "ok update with no dtb to dtb"
diff --git a/tests/test-repo-finder-config.c b/tests/test-repo-finder-config.c
index b3e8a26..0a2e9e6 100644
--- a/tests/test-repo-finder-config.c
+++ b/tests/test-repo-finder-config.c
@@ -173,9 +173,6 @@ assert_create_remote (Fixture     *fixture,
   glnx_shutil_mkdir_p_at (fixture->tmpdir.fd, repo_name, 0700, NULL, &error);
   g_assert_no_error (error);
 
-  glnx_shutil_mkdir_p_at (fixture->tmpdir.fd, "empty", 0700, NULL, &error);
-  g_assert_no_error (error);
-
   g_autoptr(GFile) repo_path = g_file_get_child (fixture->working_dir, repo_name);
   g_autoptr(OstreeRepo) repo = ostree_repo_new (repo_path);
   ostree_repo_set_collection_id (repo, collection_id, &error);
@@ -196,7 +193,7 @@ assert_create_remote (Fixture     *fixture,
       g_autoptr(OstreeRepoFile) repo_file = NULL;
 
       mtree = ostree_mutable_tree_new ();
-      ostree_repo_write_dfd_to_mtree (repo, fixture->tmpdir.fd, "empty", mtree, NULL, NULL, &error);
+      ostree_repo_write_dfd_to_mtree (repo, AT_FDCWD, ".", mtree, NULL, NULL, &error);
       g_assert_no_error (error);
       ostree_repo_write_mtree (repo, mtree, (GFile **) &repo_file, NULL, &error);
       g_assert_no_error (error);
@@ -230,7 +227,7 @@ test_repo_finder_config_mixed_configs (Fixture       *fixture,
 {
   g_autoptr(OstreeRepoFinderConfig) finder = NULL;
   g_autoptr(GMainContext) context = NULL;
-  g_autoptr(GAsyncResult) async_result = NULL;
+  g_autoptr(GAsyncResult) result = NULL;
   g_autoptr(GPtrArray) results = NULL;  /* (element-type OstreeRepoFinderResult) */
   g_autoptr(GError) error = NULL;
   gsize i;
@@ -266,13 +263,13 @@ test_repo_finder_config_mixed_configs (Fixture       *fixture,
 
   /* Resolve the refs. */
   ostree_repo_finder_resolve_async (OSTREE_REPO_FINDER (finder), refs,
-                                    fixture->parent_repo, NULL, result_cb, &async_result);
+                                    fixture->parent_repo, NULL, result_cb, &result);
 
-  while (async_result == NULL)
+  while (result == NULL)
     g_main_context_iteration (context, TRUE);
 
   results = ostree_repo_finder_resolve_finish (OSTREE_REPO_FINDER (finder),
-                                               async_result, &error);
+                                               result, &error);
   g_assert_no_error (error);
   g_assert_nonnull (results);
   g_assert_cmpuint (results->len, ==, 3);
diff --git a/tests/test-repo-finder-mount.c b/tests/test-repo-finder-mount.c
index 45e58fa..af2f5e0 100644
--- a/tests/test-repo-finder-mount.c
+++ b/tests/test-repo-finder-mount.c
@@ -190,9 +190,6 @@ assert_create_remote_va (Fixture *fixture,
   ostree_repo_create (repo, OSTREE_REPO_MODE_ARCHIVE, NULL, &error);
   g_assert_no_error (error);
 
-  glnx_shutil_mkdir_p_at (fixture->tmpdir.fd, "empty", 0700, NULL, &error);
-  g_assert_no_error (error);
-
   /* Set up the refs from @.... */
   for (const OstreeCollectionRef *ref = va_arg (args, const OstreeCollectionRef *);
        ref != NULL;
@@ -204,7 +201,7 @@ assert_create_remote_va (Fixture *fixture,
       gchar **out_checksum = va_arg (args, gchar **);
 
       mtree = ostree_mutable_tree_new ();
-      ostree_repo_write_dfd_to_mtree (repo, fixture->tmpdir.fd, "empty", mtree, NULL, NULL, &error);
+      ostree_repo_write_dfd_to_mtree (repo, AT_FDCWD, ".", mtree, NULL, NULL, &error);
       g_assert_no_error (error);
       ostree_repo_write_mtree (repo, mtree, (GFile **) &repo_file, NULL, &error);
       g_assert_no_error (error);
@@ -317,7 +314,7 @@ test_repo_finder_mount_mixed_mounts (Fixture       *fixture,
   g_autoptr(OstreeRepoFinderMount) finder = NULL;
   g_autoptr(GVolumeMonitor) monitor = NULL;
   g_autoptr(GMainContext) context = NULL;
-  g_autoptr(GAsyncResult) async_result = NULL;
+  g_autoptr(GAsyncResult) result = NULL;
   g_autoptr(GPtrArray) results = NULL;  /* (element-type OstreeRepoFinderResult) */
   g_autoptr(GError) error = NULL;
   g_autoptr(GList) mounts = NULL;  /* (element-type OstreeMockMount)  */
@@ -395,13 +392,13 @@ test_repo_finder_mount_mixed_mounts (Fixture       *fixture,
   /* Resolve the refs. */
   ostree_repo_finder_resolve_async (OSTREE_REPO_FINDER (finder), refs,
                                     fixture->parent_repo,
-                                    NULL, result_cb, &async_result);
+                                    NULL, result_cb, &result);
 
-  while (async_result == NULL)
+  while (result == NULL)
     g_main_context_iteration (context, TRUE);
 
   results = ostree_repo_finder_resolve_finish (OSTREE_REPO_FINDER (finder),
-                                               async_result, &error);
+                                               result, &error);
   g_assert_no_error (error);
   g_assert_nonnull (results);
   g_assert_cmpuint (results->len, ==, 4);
@@ -466,7 +463,7 @@ test_repo_finder_mount_well_known (Fixture       *fixture,
   g_autoptr(OstreeRepoFinderMount) finder = NULL;
   g_autoptr(GVolumeMonitor) monitor = NULL;
   g_autoptr(GMainContext) context = NULL;
-  g_autoptr(GAsyncResult) async_result = NULL;
+  g_autoptr(GAsyncResult) result = NULL;
   g_autoptr(GPtrArray) results = NULL;  /* (element-type OstreeRepoFinderResult) */
   g_autoptr(GError) error = NULL;
   g_autoptr(GList) mounts = NULL;  /* (element-type OstreeMockMount)  */
@@ -507,13 +504,13 @@ test_repo_finder_mount_well_known (Fixture       *fixture,
   /* Resolve the refs. */
   ostree_repo_finder_resolve_async (OSTREE_REPO_FINDER (finder), refs,
                                     fixture->parent_repo,
-                                    NULL, result_cb, &async_result);
+                                    NULL, result_cb, &result);
 
-  while (async_result == NULL)
+  while (result == NULL)
     g_main_context_iteration (context, TRUE);
 
   results = ostree_repo_finder_resolve_finish (OSTREE_REPO_FINDER (finder),
-                                               async_result, &error);
+                                               result, &error);
   g_assert_no_error (error);
   g_assert_nonnull (results);
   g_assert_cmpuint (results->len, ==, 2);
diff --git a/tests/test-summary-view.sh b/tests/test-summary-view.sh
index f6278a8..14de029 100755
--- a/tests/test-summary-view.sh
+++ b/tests/test-summary-view.sh
@@ -64,5 +64,5 @@ echo "ok view summary"
 ${OSTREE} summary --raw > raw-summary.txt
 assert_file_has_content_literal raw-summary.txt "('main', ("
 assert_file_has_content_literal raw-summary.txt "('other', ("
-assert_file_has_content_literal raw-summary.txt "'ostree.summary.last-modified': <uint64"
+assert_file_has_content_literal raw-summary.txt "{'ostree.summary.last-modified': <uint64"
 echo "ok view summary raw"
diff --git a/tests/test-symbols.sh b/tests/test-symbols.sh
index e4a0a94..75df37e 100755
--- a/tests/test-symbols.sh
+++ b/tests/test-symbols.sh
@@ -66,7 +66,7 @@ echo 'ok documented symbols'
 
 # ONLY update this checksum in release commits!
 cat > released-sha256.txt <<EOF
-540ee37ff081a8649fd1b1fa3cf1b80f7b8abb01f6ba71eead0b3b828d6cb696  ${released_syms}
+1f83814b9a785f9f612ee8f707dadb86d0dcbdc22603937575b7beefb26b50cc  ${released_syms}
 EOF
 sha256sum -c released-sha256.txt