diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index 3d819c2d..61178891 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,794 @@ +- commits: + - subject: Update balena-yocto-scripts to 7736d3807540afb6646b435117bffa2377ac0156 + hash: 55d12e09aff99935c86ade8ce5511524cbd9c1cc + body: Update balena-yocto-scripts + footer: + Changelog-entry: Update balena-yocto-scripts to 7736d3807540afb6646b435117bffa2377ac0156 + changelog-entry: Update balena-yocto-scripts to 7736d3807540afb6646b435117bffa2377ac0156 + author: balena-renovate[bot] + nested: + - commits: + - subject: Update docker/login-action action to v3.3.0 + hash: 65a653d66efd1cbfdca1616d62a9387dc47eb50e + body: | + Update docker/login-action from 3.0.0 to 3.3.0 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.16 + title: "" + date: 2024-07-30T03:01:08.144Z + - commits: + - subject: Update actions/upload-artifact action to v4.3.4 + hash: f81cf0f07965cf34d687b76e9ad7befc6f49cf9c + body: | + Update actions/upload-artifact from 4.3.0 to 4.3.4 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.15 + title: "" + date: 2024-07-30T01:00:25.663Z + - commits: + - subject: Update balena-os/leviathan digest to 36aafe0 + hash: e5842524bf70adc29c62f35e0744ee970d232866 + body: | + Update balena-os/leviathan + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.14 + title: "" + date: 2024-07-29T22:37:24.756Z + - commits: + - subject: Update actions/checkout action to v4.1.7 + hash: c9da5d524bbebe7dde5175584589cce5634b7a41 + body: | + Update actions/checkout from 4.1.1 to 4.1.7 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.13 + title: "" + date: 2024-07-29T20:55:15.720Z + - commits: + - subject: Update Pin dependencies + hash: c48f1f984f2f22f49fc9aee3f1cc9883f8ca7ec5 + body: | + Update actions/checkout + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.12 + title: "" + date: 2024-07-29T18:13:01.088Z + - commits: + - subject: "revovate: change config to use balena-io template" + hash: f4d82d9029f39245cf15d2433a783d33787a73d1 + body: > + in this repo we are using "change-type" commits, but renovate is + using the balena-os default which is using "changelog-entry" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.11 + title: "" + date: 2024-07-29T15:14:59.755Z + - commits: + - subject: By default, deploy hostapp on push only + hash: 87763dfc75504522c1dadc698f74576bbf0e9320 + body: > + This is meant to keep the defaults of `deploy-s3` and + `deploy-hostapp` + + consistent. + footer: + Signed-off-by: Leandro Motta Barros + signed-off-by: Leandro Motta Barros + Change-type: patch + change-type: patch + author: Leandro Motta Barros + nested: [] + version: balena-yocto-scripts-1.25.10 + title: "" + date: 2024-07-23T02:23:14.094Z + - commits: + - subject: use token to fetch private contracts + hash: acfc8d20ce8dd4b29eae67679dd1a89ffcc75c7c + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: unroll balena_lib_build_contract function + hash: 82c9e482f3bfb0fcd960c455f2c8ff0c42c98baa + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: unroll balena_api_is_dt_private function + hash: cc3102dbb1348ee563b08dfd3afd37daaa0404ca + body: > + when building + deploying or a private DT , the check to see if + the DT is private fails. This is due to + https://github.com/balena-os/balena-yocto-scripts/blob/master/automation/include/balena-api.inc#L424 + using this function: + https://github.com/balena-os/balena-yocto-scripts/blob/master/automation/include/balena-lib.inc#L191 + - which uses the jenkins deployTo variable to select the correct + api url and token. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.9 + title: "" + date: 2024-07-22T16:18:49.689Z + - commits: + - subject: Use env vars BALENA_HOST and BALENACLOUD_SSH_URL when provided + hash: f04607fc0f50a99bb2fd14370a2e2dae0e3f7094 + body: | + These currently differ between environments, and we will need + to start supporting environment names that are not the same + as the balena host. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.8 + title: "" + date: 2024-07-17T19:56:20.231Z + - commits: + - subject: Fix handling of empty test matrix input + hash: 727d8d275455361d3bc82b5aec392e9aaa08248b + body: | + Previously an empty test matrix would cause + an error in the workflow. + + Added an if condition to check for a valid + test_suite property where applicable. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.7 + title: "" + date: 2024-07-16T20:10:01.990Z + - commits: + - subject: Use App Installation tokens so we can clone private submodules + hash: 9ca32e51938efc3c5cd01b96eecce85665fb9698 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.6 + title: "" + date: 2024-07-15T15:11:37.708Z + - commits: + - subject: only login to s3 if deploying to s3 + hash: a23ed7074fd2af18b952b9d0f6ee2623dd6a76f8 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.5 + title: "" + date: 2024-07-08T16:52:21.474Z + - commits: + - subject: "balena-deploy: deploy secure boot lock artifacts if available" + hash: 01378a49b0b2264afcf6d2dc4d016e2be206fde7 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.25.4 + title: "" + date: 2024-07-06T09:01:53.726Z + - commits: + - subject: use workflow run of PR head instead of statuses to determine test + results + hash: ad06820f4174568383678710fa68b2054da6db57 + body: > + Since we have moved to workflows for tests instead of status + checks, we have to fetch the workflow runs for the appropriate + commit to determine a test pass/fail. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.3 + title: "" + date: 2024-07-05T12:42:09.570Z + - commits: + - subject: Remove dry-run flag from S3 upload + hash: cf0301996022ef58a9c19d40d002d72a1bbcf705 + body: | + We are publishing hostapp releases to staging already, we should + start including the associated S3 files as well. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.2 + title: "" + date: 2024-07-03T21:19:20.964Z + - commits: + - subject: Fix actionlint errors and warnings in shell steps + hash: da910ed9ac6fdd70bd0ebd1beb0dbbd1248517fd + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.1 + title: "" + date: 2024-07-03T18:33:05.802Z + - commits: + - subject: Do not run any tests by default unless provided by calling workflow + hash: d0cfc42cf8a17ef6b5f2ac4eed6f84d1581435e6 + body: > + As there are currently more device types without tests than + with, + + and some of those with tests need to provide overrides anyway, + it's + + simpler to assume an empty test matrix unless provided. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.0 + title: "" + date: 2024-07-03T15:44:25.729Z + - commits: + - subject: "patch: No upload to GH artifacts when PR is closed" + hash: cdee530e227972e251a2c7c06f4a3e97747419ca + body: > + Uploading artifacts to GH artifact storage when PR is merged + + (closed event) is wasterful. Since they are only uploaded for + temporary + + basis so it can be used for testing. Hence, the PR to stop doing + that + + for closed PR event + footer: + Signed-off-by: Vipul Gupta (@vipulgupta2048) + signed-off-by: Vipul Gupta (@vipulgupta2048) + author: Vipul Gupta (@vipulgupta2048) + nested: [] + version: balena-yocto-scripts-1.24.3 + title: "" + date: 2024-07-02T22:05:09.072Z + - commits: + - subject: Fix quoting of $GITHUB_OUTPUT + hash: 5f56f3236d8ee3d764e46e419aa2431dd42d45ff + body: | + We had typos in two cases, in which we missed the opening quote. + footer: + Signed-off-by: Leandro Motta Barros + signed-off-by: Leandro Motta Barros + Change-type: patch + change-type: patch + author: Leandro Motta Barros + nested: [] + version: balena-yocto-scripts-1.24.2 + title: "" + date: 2024-07-02T00:54:39.074Z + - commits: + - subject: Simplify check for secure boot + hash: be189f7e2f6fb26f778f29e1f955a1cdd01bc8a4 + body: > + We were previously introducing a variable that was essentially + + replicating the contents of an input. This commit makes use of + the input + + directly. + + + Incidentally, the previous code also had a small bug/typo, in + which we + + mixed a test for string length with a test for string equality. + footer: + Signed-off-by: Leandro Motta Barros + signed-off-by: Leandro Motta Barros + Change-type: patch + change-type: patch + author: Leandro Motta Barros + nested: [] + version: balena-yocto-scripts-1.24.1 + title: "" + date: 2024-06-27T20:35:29.474Z + - commits: + - subject: Support runner selection in the test matrix + hash: d409cb0fbaa307a179973b60e5faff8cda6bc34b + body: > + Default to self-hosted X64 with KVM for now to align with + Jenkins but in the future + + we should consider using GitHub hosted runners for the testbot + workers. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Allow both combinatorial and include syntax for test_matrix + hash: 2bfc3a0d72830626366cf210f4fe9a0e649688c5 + body: > + The include syntax allows full control over settings used + + in each test job, but the combinatorial is simpler to write + + for basic use cases. + + + Rather than force one, we can allow both and default to the + simple + + syntax. + + + Marking as minor since the input syntax has changed, but isn't + + currently used in production anywhere. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.24.0 + title: "" + date: 2024-06-26T21:26:13.711Z + - commits: + - subject: Refactor secrets and variables to use environments + hash: c46eb9cfa4a272f00af4029c31e355477169802a + body: | + Reduce the required secrets and inputs required by + relying on vars and secrets set in each GitHub Environment. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.23.1 + title: "" + date: 2024-06-26T12:43:22.833Z + - commits: + - subject: "Dockerfiles: update balenaCLI version to 18.2.2" + hash: cd6ff2606e5f7a251c6b03d4cfbea371d00a9db7 + body: | + Update balena CLI from 17.2.2 to 18.2.2. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Joseph Kogut + signed-off-by: Joseph Kogut + author: Joseph Kogut + nested: [] + - subject: "Dockerfile_yocto-build-env: bump base image to 22.04" + hash: e027c512dbcf801a66a4bb4da15639ca67eedd2e + body: > + This brings a new Docker engine version which supports cgroup v2. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Joseph Kogut + signed-off-by: Joseph Kogut + author: Joseph Kogut + nested: [] + version: balena-yocto-scripts-1.23.0 + title: "" + date: 2024-06-19T15:20:58.274Z + - commits: + - subject: Update job conditions to allow non-PR events for internal branches + hash: 2d0f1029d7b5489feb7c98d749ff66c8faf2f1e7 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Hardcode environment paths at the job level + hash: 5dc710c0cc5d8a1c0da97bbb9d39fdb51f5a4497 + body: | + This is easier to read and less likely to break + with unexpected values. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Replace test inputs with a single JSON matrix input + hash: 0d6cb8ac05fec8dd314f12e5335f847ef3f8ab78 + body: | + This allows full control over which test conditions are + used for each test job without combinatorial explosion. + + For example, different environments could be used for + specific test suites, or the cloud suite could be run + twice while the other suites run once. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.4 + title: "" + date: 2024-06-14T15:57:11.418Z + - commits: + - subject: "jenkins_generate_ami: pass yocto scripts version as an env var to + helper container" + hash: af71169b93e855c8ecb378b5de3d4a1c12f44510 + body: > + The ami deploys in jenkins fail at the moment because the + balena-lib.inc script fails to fetch the version of the yocto + scripts when running inside the helper image. Passing the + version to the helper image via an env var helps this + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.22.3 + title: "" + date: 2024-06-13T19:04:31.350Z + - commits: + - subject: Update the triggers on the example test workflow + hash: 1f09e509e09a1a44b62772b9e197fe183c72744d + body: | + We do not need to run the workflow on close/merge, and we + can skip the manual workflow runs on this project as + each device type will have it's own workflow in the device + repos supporting manual triggers. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.2 + title: "" + date: 2024-06-12T17:54:57.718Z + - commits: + - subject: Prevent duplicate workflow runs for multiple triggers + hash: e0132cfba86fcc05527dc4702d6841723752be38 + body: | + This may need to be force merged. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Add catchall job to yocto-build-deploy for merge requirements + hash: 6b023b572a35d18743cf4a5d36b9d2f7443fc744 + body: | + This is a helper job to avoid having to mark all build/test + matrices as required, as this job will always run and return + success or failure. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.1 + title: "" + date: 2024-06-07T13:45:18.699Z + - commits: + - subject: Create workflow to build and deploy balenaOS + hash: 5868caaa3b7bf506381c8d22f7b0b4035f7e2658 + body: "" + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.0 + title: "" + date: 2024-06-06T17:24:03.676Z + - commits: + - subject: "balena-deploy: deploy usbboot if available" + hash: a62a90bcf05fdccc9cdbaa9961d2db823bbeb9b5 + body: | + This is where the RPI family deploys provisioning artifacts. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.21.10 + title: "" + date: 2024-05-02T09:18:16.451Z + - commits: + - subject: "balena-lib: improve base tag detection" + hash: 872bb3b1df920b026b524e041bf4f4f7c422cb2f + body: > + When a ESR release is deployed a tag with the base meta-balena + version + + is created. This is used by the API to check for a valid OS + version + + for updates. + + + The current mechanism to find the base version only provides an + ESR + + version for the first commit after the branch has been created. + + + Using merge-base to find the common ancestor and `tag + --points-at` to + + find the actual tag works for all commits after the branch is + created. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.21.9 + title: "" + date: 2024-04-30T14:17:29.958Z + - commits: + - subject: Support commit tags when extracting version tag from git + hash: 98fec51fae4721224e64cfec52480a5f17b8e271 + body: > + Git describe does not include commit tags by default, and only + annotated tags are shown. + + + This behaviour was fine until a recent CI issue changed the + types of tags used to version the repositories. + + + This commit allows supporting of both types while the CI issue + is investigated. + footer: + Change-type: patch + change-type: patch + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.8 + title: "" + date: 2024-04-29T17:17:30.203Z + - commits: + - subject: Add missing $select for release_asset.asset_key + hash: 4f4f65c0b2cace726eccbea5d5ed8ed0f8302e54 + body: "" + footer: + Change-type: patch + change-type: patch + author: Thodoris Greasidis + nested: [] + version: balena-yocto-scripts-1.21.7 + title: "" + date: 2024-04-19T14:22:55.708Z + - commits: + - subject: 'Revert "balena-build: avoid using device-type as a prefix in yocto + sstate"' + hash: 7a85083784a3225debf2276a978558df5a307ec7 + body: | + This reverts commit f4a9566941083770151ebe3edd78e9866b4856fb. + footer: + Change-type: patch + change-type: patch + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.6 + title: "" + date: 2024-03-25T14:58:37.715Z + - commits: + - subject: Merge AMI publishing dependencies into yocto-build-env + hash: c208a885e849b1b49231de31268a482344220d38 + body: | + This allows us to build and publish fewer helper images. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.5 + title: "" + date: 2024-03-14T19:05:22.682Z + - commits: + - subject: "balena-build: avoid using device-type as a prefix in yocto sstate" + hash: f4a9566941083770151ebe3edd78e9866b4856fb + body: > + Yocto already splits the build sstate by target arch, native + arch, toolchains, and machine where applicable. + + + Keeping the caches separated by device type prevents sharing of + common cache steps between identical toolchains and + architectures. + footer: + Change-type: patch + change-type: patch + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.4 + title: "" + date: 2024-03-13T18:16:12.920Z + - commits: + - subject: Enable S3 Server Side Encryption flags + hash: 93a2a37249c8262662934e4220c1009a8f22c51c + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.3 + title: "" + date: 2024-02-11T13:57:42.525Z + - commits: + - subject: "automation/include: Pass helper image version" + hash: 2a8e25e0d0b46b3249c1c77b0c38219ebcdea1f0 + body: > + This is needed by the balena-push-env helper image that needs + the + + balena-yocto-scripts version but has no way of getting that info + + otherwise. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Florin Sarbu + signed-off-by: Florin Sarbu + author: Florin Sarbu + nested: [] + version: balena-yocto-scripts-1.21.2 + title: "" + date: 2024-02-08T07:44:50.538Z + - commits: + - subject: "balena-deploy: Remove docker.io when pulling image" + hash: bd23b9ad59a1645bce79b0df5ef3879d10774a3a + body: | + This seems to cause docker images --format to fail + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alexandru Costache + signed-off-by: Alexandru Costache + author: Alexandru + nested: [] + version: balena-yocto-scripts-1.21.1 + title: "" + date: 2024-02-07T12:39:41.622Z + - commits: + - subject: Return image id after pulling helper images + hash: f2fb17399ede63ceaada8c8625a250747745d97a + body: | + Also refactor the pull helper image functions to + support a single repository with multiple variant tags. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Build and publish helper images with Flowzone + hash: 8a15692852f38bfd5158b61b5870dffd8f758a64 + body: | + Rather than build helper images on demand, we will + publish them to ghcr.io with every revision of this project. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.0 + title: "" + date: 2024-02-02T18:52:51.154Z + - commits: + - subject: Remove unused block-build functions + hash: 130d7fb70f4a10755731e898e87610547fe44692 + body: "" + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.20.0 + title: "" + date: 2024-02-02T16:29:21.897Z + version: 5.1.19+rev2 + title: "" + date: 2024-07-31T07:49:57.539Z - commits: - subject: pass input parameters to common esr workflow hash: 3824bb1fc8c700fa8c9af2322dccce4af855584a @@ -29,7 +820,8 @@ to be used as the balena bootloader. Device types are expected - to inherit it and perform additional device-specific configuration. + to inherit it and perform additional device-specific + configuration. footer: Change-type: patch change-type: patch @@ -43,9 +835,11 @@ The kexec initrd script currently removes the maxcpus=0 kernel arg - which we use to put the system into non-SMP mode. This however does + which we use to put the system into non-SMP mode. This however + does - not work on all platforms and nr_cpus=1 seems to be a more robust + not work on all platforms and nr_cpus=1 seems to be a more + robust solution, so with this patch nr_cpus will be removed as well. footer: @@ -174,20 +968,26 @@ body: > At this moment there is a race condition between NetworkManager - and the engine when a shared interface is configured. If the interface + and the engine when a shared interface is configured. If the + interface - is configured first and the engine second, the containers are allowed + is configured first and the engine second, the containers are + allowed - to access DHCP hosts behind the shared interface. If the engine comes + to access DHCP hosts behind the shared interface. If the engine + comes up first and the shared interface second, access will be denied. - This patch adds a dispatcher script that always configures the firewall + This patch adds a dispatcher script that always configures the + firewall - rules as if the engine came up last. This does not really address + rules as if the engine came up last. This does not really + address - the underlying issue but it overcomes the race condition and makes + the underlying issue but it overcomes the race condition and + makes the behavior deterministic, which is good enough at this point. footer: @@ -374,7 +1174,8 @@ UEFI firmware in secure boot needs to authenticate the kernel plus - initramfs in the chain of trust. Other firmware implements secure boot + initramfs in the chain of trust. Other firmware implements + secure boot differently and does not need this. footer: @@ -591,12 +1392,14 @@ This is meant to allow users to configure their device to - resolve `.local` queries via dnsmasq by modifying config.json, e.g. `dnsServers": + resolve `.local` queries via dnsmasq by modifying + config.json, e.g. `dnsServers": "/bob.local/172.17.0.33`. - This would fail before as MDNS lookups would always come first + This would fail before as MDNS lookups would always come + first footer: Change-type: minor change-type: minor @@ -638,15 +1441,20 @@ The `updateMetadata` step renames the container to match the target - release when the service doesn't change between releases. We have seen + release when the service doesn't change between + releases. We have seen - this step fail because of an engine bug that seems to relate to the + this step fail because of an engine bug that seems to + relate to the - engine keeping stale references after container restarts. The only way + engine keeping stale references after container + restarts. The only way - around this issue is to remove the old container and create it again. + around this issue is to remove the old container and + create it again. - This implements that workaround during the updateMetadata step to deal + This implements that workaround during the + updateMetadata step to deal with that issue. footer: @@ -996,7 +1804,8 @@ There have been reports of an empty config vars cache file - probably - because of a race condition when the reading of config.json happens just + because of a race condition when the reading of config.json + happens just as the file is being replaced. @@ -1092,7 +1901,8 @@ If update-balena-supervisor runs and finds the image is already downloaded - it will run the specified supervisor but will not check that supervisor.conf + it will run the specified supervisor but will not check that + supervisor.conf is updated so the version will revert on the next update. footer: @@ -1112,12 +1922,14 @@ This provides an easy switch to enable tracing on HUP hooks that works - both on old and new OS hooks as enabling it depends on a config.json + both on old and new OS hooks as enabling it depends on a + config.json setting. - It is meant to debug field issues with HUP failure where all we see is: + It is meant to debug field issues with HUP failure where all we + see is: ``` @@ -1237,27 +2049,35 @@ (see https://github.com/systemd/systemd/pull/17917). - Properly detecting this is too cumbersome for a bash logging script, + Properly detecting this is too cumbersome for a bash logging + script, - see https://github.com/systemd/systemd/pull/17902, however, falling + see https://github.com/systemd/systemd/pull/17902, however, + falling - back to the last check, that is, seeing if `/.dockerenv` exists is easy + back to the last check, that is, seeing if `/.dockerenv` exists + is easy enough and works for our use case. - This script will only be called from the hostOS, and the only case it is + This script will only be called from the hostOS, and the only + case it is - called from a container is during HUP and the container is always a hostOS + called from a container is during HUP and the container is + always a hostOS - image. So even though the interface chosen by moby, a file under /, + image. So even though the interface chosen by moby, a file under + /, - is a bad interface in general, it works fine for the specific limitations + is a bad interface in general, it works fine for the specific + limitations of balenaOS. - Also, check for `/run/.containerenv` which is the equivalent interface + Also, check for `/run/.containerenv` which is the equivalent + interface for podman for future proofing. footer: @@ -1362,13 +2182,17 @@ Whenever the Supervisor reports current state, it diffs the current state - with its last reported current state. However, when the Supervisor starts + with its last reported current state. However, when the + Supervisor starts - up, there is no last reported state, since that last report is stored in + up, there is no last reported state, since that last + report is stored in - process memory. Caching the last report in a location that survives + process memory. Caching the last report in a location + that survives - Supervisor restarts will reduce the current report bandwidth used on startup. + Supervisor restarts will reduce the current report + bandwidth used on startup. footer: Change-type: patch change-type: patch @@ -1407,11 +2231,14 @@ We previously tried to use a single time limit for the execution of the - healthcheck test on all device types. This was causing occasional false + healthcheck test on all device types. This was causing + occasional false - positives in our Continuous Integration pipeline, though -- especially + positives in our Continuous Integration pipeline, though -- + especially - on slow devices like Pi Zeros and the generic-aarch64, which runs on + on slow devices like Pi Zeros and the generic-aarch64, which + runs on emulated hardware. @@ -1419,7 +2246,8 @@ This commit addresses this issue, this commit: - 1. Limits execution for device types for which we have collected enough + 1. Limits execution for device types for which we have collected + enough data to have a good idea of how long the test should take. 2. Uses time limits specific for each device type. footer: @@ -1449,11 +2277,14 @@ PR #2217 removed the expose configuration but also caused a regresion - where ports set via the `ports` configuration would no longer get + where ports set via the `ports` configuration would no + longer get - exposed to the host, despite portmappings being set. This fixes that + exposed to the host, despite portmappings being set. + This fixes that - issue by exposing only those ports comming from port mappings. + issue by exposing only those ports comming from port + mappings. footer: Change-type: patch change-type: patch @@ -1469,33 +2300,44 @@ The docker EXPOSE directive and corresponding docker-compose `expose` - service configuration serves as documentation/metadata that a container + service configuration serves as documentation/metadata + that a container - listens on a certain port that may be used for service discovery but it doesn't + listens on a certain port that may be used for service + discovery but it doesn't have any real impact on the ability for - other containers on the same network to access the exposed service via + other containers on the same network to access the + exposed service via - the port. In newer engine implementations, this property may conflict + the port. In newer engine implementations, this property + may conflict - with other network configurations, and prevent the container from being + with other network configurations, and prevent the + container from being started by the docker engine (see #2211). - This PR removes code that would manage the expose property and takes the + This PR removes code that would manage the expose + property and takes the - property out of the whitelist. A composition with the `expose` property + property out of the whitelist. A composition with the + `expose` property - will result in the log message `Ignoring unsupported or unknown compose fields: expose`. + will result in the log message `Ignoring unsupported or + unknown compose fields: expose`. - While this change should not have operational impact, it still removes + While this change should not have operational impact, it + still removes - a previously supported configuration and as such there is a chance of it + a previously supported configuration and as such there + is a chance of it - being a breaking change for some applications. For this reason it is + being a breaking change for some applications. For this + reason it is being published as a new major version. footer: @@ -1634,17 +2476,21 @@ The code moved from meta-balena-kirkstone was not really specific to - kirkstone so let's move it here so that future branches for newer yocto + kirkstone so let's move it here so that future branches for + newer yocto - releases which we'll base off kirkstone don't continue to add this + releases which we'll base off kirkstone don't continue to add + this unneeded duplication. There are other meta-balena-* directories that still contain the - duplication we moved from meta-balena-kirkstone but we're not really + duplication we moved from meta-balena-kirkstone but we're not + really - concerned with that because going forward those old directories will + concerned with that because going forward those old directories + will naturally get deprecated. footer: @@ -1726,12 +2572,14 @@ body: > If the target supervisor image is already cached but there is no - container running with it, the update script would just exit without + container running with it, the update script would just exit + without actually running the target supervisor. - This commit checks whether there is a running container using the + This commit checks whether there is a running container using + the target image and restarts the supervisor if there is none. footer: @@ -2060,7 +2908,8 @@ This check is now done in the cryptsetup initramfs hook rather than - during installation, which obviates the need to perform it during setup. + during installation, which obviates the need to perform it + during setup. Remove it. footer: @@ -2076,14 +2925,17 @@ During installation, some firmwares may allow keys to be enrolled but - fail to tip the system into user mode until the system is rebooted. We + fail to tip the system into user mode until the system is + rebooted. We - don't want to mislead users with only full-disk encryption into thinking + don't want to mislead users with only full-disk encryption into + thinking their system also has secure boot enabled when it doesn't. - Disable the hook to unlock encrypted partitions if the firmware fails to + Disable the hook to unlock encrypted partitions if the firmware + fails to boot into user mode. footer: @@ -2099,7 +2951,8 @@ We now have several places where secure boot specific configuration is - checked. Create an os-helpers-secureboot package to consolidate and + checked. Create an os-helpers-secureboot package to consolidate + and reuse this code. footer: @@ -2332,7 +3185,8 @@ This script is used by balenaHup to report provisioning failures to - the cloud. Adding retries, return status code check and error output + the cloud. Adding retries, return status code check and error + output should make it more resilient and easier to debug. footer: @@ -2577,13 +3431,17 @@ This reverts commit 0c7bad779291e15e419166a2c66c2a21dd06aa83, as that - change causes a service restart loop. The supervisor cannot distinguish + change causes a service restart loop. The supervisor + cannot distinguish - between ports exposed via the `EXPOSE` directive and the docker-compose + between ports exposed via the `EXPOSE` directive and the + docker-compose - `expose` property. Because of this, in the case of `network-mode: + `expose` property. Because of this, in the case of + `network-mode: - service:<...>` the current state and target state never match, leading + service:<...>` the current state and target state never + match, leading to a service restart loop. footer: @@ -2625,13 +3483,17 @@ The supervisor exposes ports configured using the `EXPOSE` directive in - the dockerfile when configuring the container for runtime. This can + the dockerfile when configuring the container for + runtime. This can - cause issues if using `network_mode: service:` as the + cause issues if using `network_mode: service:` as the - expose configuration is not compatible with that network mode. This + expose configuration is not compatible with that network + mode. This - fix now skips image exposed ports for that particular network mode. + fix now skips image exposed ports for that particular + network mode. footer: Change-type: patch change-type: patch @@ -2682,7 +3544,8 @@ devDependencies are tree-shaked, while dependencies are stored in the - image. We reserve dependencies just for those that contain binary + image. We reserve dependencies just for those that + contain binary bindings footer: @@ -2953,12 +3816,15 @@ body: > When searching for devices matching the glob list in - get_internal_device(), a glob match breaks from a nested loop rather + get_internal_device(), a glob match breaks from a nested loop + rather - than the parent loop, allowing the function to output multiple matches. + than the parent loop, allowing the function to output multiple + matches. - When running the flasher, this results in the script failing with an + When running the flasher, this results in the script failing + with an incorrect path to the internal disk. @@ -3157,7 +4023,8 @@ Alpine allows the `~=` syntax to match a part of the package version - when installing. In this case we want to use it to specify node and + when installing. In this case we want to use it to + specify node and npm major versions footer: @@ -3227,7 +4094,8 @@ security reasons. - This new balenaOS ESR bot has contents:write and workflows:write permissions + This new balenaOS ESR bot has contents:write and workflows:write + permissions but is only available on balenaOS repositories. footer: @@ -3331,16 +4199,19 @@ This is done by the bootloader (uboot/grub) at this moment but as we - are moving towards the balena 2nd stage bootloader, it needs to be + are moving towards the balena 2nd stage bootloader, it needs to + be moved into the initramfs. - This adds a standalone recipe - by default yocto tries to build all + This adds a standalone recipe - by default yocto tries to build + all modules defined in the initramfs-framework recipe, which breaks - on armv7 when abroot is defined there. This is because it depends + on armv7 when abroot is defined there. This is because it + depends on grub-editenv which is not supported on armv7. footer: @@ -3369,9 +4240,11 @@ body: > The rootfs script uses both os-helpers-fs and os-helpers-logging - though the package depends on neither. This seems to work now because + though the package depends on neither. This seems to work now + because - in most cases something else pulls in the dependencies or the code + in most cases something else pulls in the dependencies or the + code on a particular device does not fall under the branches that use @@ -3684,10 +4557,12 @@ This commit updates balena-containerd to a new version in which we - cherry-picked the change from here: https://github.com/containerd/containerd/pull/8086 + cherry-picked the change from here: + https://github.com/containerd/containerd/pull/8086 - This change avoids enabling AppArmor if the `/sbin/apparmor_parser` + This change avoids enabling AppArmor if the + `/sbin/apparmor_parser` binary is not found in the system. footer: @@ -3795,7 +4670,8 @@ to allow for newer kernels provided by Kirkstone to boot with the old u-boot - without toggling the hardware boot switch. This is useful for Automated testing + without toggling the hardware boot switch. This is useful for Automated + testing in Autokit. footer: @@ -3947,7 +4823,9 @@ body: > On other devices we noticed that the mnt-sysroot-inactive.mount - unit cannot activate during first boot after provisioning, unless it is restarted. The automount hangs only during the first boot, upon reboot starts working normally. + unit cannot activate during first boot after provisioning, unless it is + restarted. The automount hangs only during the first boot, upon reboot + starts working normally. We add back the migrate module to avoid potential cases like this. @@ -4002,7 +4880,8 @@ The meta-balena version of modemmanager is no longer compatible with - Yocto Pyro, so stop trying to apply bbappend to it from meta-balena. + Yocto Pyro, so stop trying to apply bbappend to it from + meta-balena. footer: Change-type: patch change-type: patch @@ -4631,7 +5510,8 @@ The node-dbus module is unmaintained and a blocker for the update to - Node 18. Switching to our own node bindings for systemd solves this + Node 18. Switching to our own node bindings for systemd + solves this issue footer: @@ -4684,7 +5564,8 @@ mobile-broadband-provider-info 'master' branch was renamed to 'main', - causing do_fetch() to fail before it was changes in Yocto Kirkstone + causing do_fetch() to fail before it was changes in Yocto + Kirkstone commit e4795393c4882cf38273521539cc255a4ffcb34a. footer: @@ -4866,7 +5747,8 @@ Verify kernel lockdown prohibits loading of unsigned modules, and still - loads modules with a signature that validates against a trusted key. + loads modules with a signature that validates against a trusted + key. footer: Change-type: patch change-type: patch @@ -5024,24 +5906,31 @@ 314047e and b5c5214 made flasher block until the resin-device-register - service exits and made resin-device-register give up after 6 seconds + service exits and made resin-device-register give up after 6 + seconds - not to block infinitely when no network is available. This effectively + not to block infinitely when no network is available. This + effectively - means that if the device fails to register within first 6 seconds, + means that if the device fails to register within first 6 + seconds, - it will never retry, flasher will not report status to the dashboard + it will never retry, flasher will not report status to the + dashboard and the device will only register on first boot. - This patch changes the logic back to resin-device-register trying + This patch changes the logic back to resin-device-register + trying - in the background in an infinite loop and moves the "give the device + in the background in an infinite loop and moves the "give the + device a chance to register" delay to flasher itself. It also extends - the wait to openvpn as flasher already does that and wants VPN to run + the wait to openvpn as flasher already does that and wants VPN + to run to be debuggable - in case flashing fails, it would be possible @@ -5119,32 +6008,40 @@ CONIFG_SECURITY=n - which is mispelled and not being applied. The commit where this was + which is mispelled and not being applied. The commit where this + was - introduced claims it's needed to completely disable the audit logs, and + introduced claims it's needed to completely disable the audit + logs, and also that the security framework is unused. - I disagree in that it's unused - the hostOS is not using any security + I disagree in that it's unused - the hostOS is not using any + security - framework, but applications may, so luckily the security framework was + framework, but applications may, so luckily the security + framework was never disabled. - Removing this mispelled entry should have no functional effect. Whether + Removing this mispelled entry should have no functional effect. + Whether the audit subsystem is disabled will depend on the final kernel - configuration. Definitely we have not seen a need to disable it recently, + configuration. Definitely we have not seen a need to disable it + recently, and we have not seen the kernel log flooded with messages. - I'd argue the disabling of the audit subsystem in meta-balena serves no + I'd argue the disabling of the audit subsystem in meta-balena + serves no - need but I also have no specific reason to remove it at the moment. + need but I also have no specific reason to remove it at the + moment. Fixes #2947 @@ -5178,7 +6075,8 @@ The flasher/installer image can be configured by the user and that - configuration finishes up in the installed image. Add the dispatcher + configuration finishes up in the installed image. Add the + dispatcher scripts to this existing mechanim. footer: @@ -5194,7 +6092,8 @@ On boot, the dispatcher script are copied from the boot partition where - the user has configured them, to the bind mount used by the running + the user has configured them, to the bind mount used by the + running applications. footer: @@ -5240,18 +6139,23 @@ At this moment grub.cfg sources /grub/grub_extraenv which works fine - on MBR systems, however on EFI systems this does not work because GRUB + on MBR systems, however on EFI systems this does not work + because GRUB is installed in /EFI/BOOT/ rather than /grub/. - This patch replaces the hardcoded /grub with ${prefix} which should + This patch replaces the hardcoded /grub with ${prefix} which + should - expand to the appropriate directory regardless of the platform. It also + expand to the appropriate directory regardless of the platform. + It also - removes the loading of grub_extraenv from the secure boot variant + removes the loading of grub_extraenv from the secure boot + variant - of the GRUB config since this would not load without a signature anyway. + of the GRUB config since this would not load without a signature + anyway. footer: Change-type: patch change-type: patch @@ -5280,7 +6184,8 @@ body: > This fix has been ported from the following upstream - change: https://patchwork.yoctoproject.org/project/oe-core/patch/002c31d6add77e1002fb1ccd4050ce826a654170.1659653543.git.bruce.ashfield@gmail.com/ + change: + https://patchwork.yoctoproject.org/project/oe-core/patch/002c31d6add77e1002fb1ccd4050ce826a654170.1659653543.git.bruce.ashfield@gmail.com/ and fixes the following compilation error on generic-aarch64: @@ -5335,7 +6240,8 @@ body: > Repackage iwlwifi-cc-a0 to include all firmware versions shipped - upstream, rather than only an older version (48) that's no longer + upstream, rather than only an older version (48) that's no + longer shipped as of 20230404. footer: @@ -5364,7 +6270,8 @@ body: > Replace older versioned iwlwifi packages with - linux-firmware-iwlwifi-3160 package that includes all versions shipped + linux-firmware-iwlwifi-3160 package that includes all versions + shipped in linux-firmware. footer: @@ -5395,7 +6302,8 @@ body: > Some board BSPs may define UBOOT_MACHINE, others UBOOT_CONFIG, - let's make sure we include the extra_uEnv.txt file in the non-flasher + let's make sure we include the extra_uEnv.txt file in the + non-flasher image for both cases. footer: @@ -5746,7 +6654,8 @@ `libgcc_s.so.1 must be installed for pthread_exit to work` - which panics the kernel and triggers a reboot loop indistinguishable + which panics the kernel and triggers a reboot loop + indistinguishable from a "device has been tampered with" state on regular builds @@ -5886,7 +6795,8 @@ deprecation. This allows to just remove the coffee file from the - device repository when a device is deprecated so there will be no + device repository when a device is deprecated so there will be + no more releases and no need for checks on a discontinued state. footer: @@ -5903,7 +6813,8 @@ deprecation. This allows to just remove the coffee file from the - device repository when a device is deprecated so there will be no + device repository when a device is deprecated so there will be + no more releases and no need for checks on a discontinued state. footer: @@ -5920,7 +6831,8 @@ deprecation. This allows to just remove the coffee file from the - device repository when a device is deprecated so there will be no + device repository when a device is deprecated so there will be + no more releases and no need for checks on a discontinued state. footer: @@ -5980,7 +6892,8 @@ systems with secure boot and full-disk encryption. - If kexec fails, we don't want to continue with the rest of the boot + If kexec fails, we don't want to continue with the rest of the + boot process in the first stage kernel, so bail out on failure. footer: @@ -6149,11 +7062,14 @@ It's not an official status from container inspects, and the Supervisor - doesn't set it internally anywhere. It's better to remove it entirely as the + doesn't set it internally anywhere. It's better to + remove it entirely as the - method by which Supervisor sets internal service statuses is by using a global + method by which Supervisor sets internal service + statuses is by using a global - event emitter (reportNewStatus) which makes things difficult to test. + event emitter (reportNewStatus) which makes things + difficult to test. footer: Change-type: patch change-type: patch @@ -6260,7 +7176,8 @@ Explain that balenaOS does not take control of the TPM and that it - is possible to fill all the key slots with enough provisioning cycles. + is possible to fill all the key slots with enough provisioning + cycles. footer: Change-type: patch change-type: patch @@ -6274,13 +7191,16 @@ We have seen devices that won't change PCR1 hash when a temporary boot - order override was applied or secure boot was disabled via BIOS setup. + order override was applied or secure boot was disabled via BIOS + setup. The implementation of what PCR1 actually measures is very - device-specific, but many of the risks can be mitigated by setting up + device-specific, but many of the risks can be mitigated by + setting up - a BIOS password and disabling F-key shortcuts for interacting with + a BIOS password and disabling F-key shortcuts for interacting + with the firmware. @@ -6372,32 +7292,41 @@ Both `kernel-modules-headers` and `kernel-devsrc` provide kernel headers - since Yocto Thud switched `kernel-devsrc` from full source to just + since Yocto Thud switched `kernel-devsrc` from full source to + just kernel headers. - The only difference between them is that `kernel-modules-headers` builds + The only difference between them is that + `kernel-modules-headers` builds - some target binaries which need to be built with `make modules_prepare` + some target binaries which need to be built with `make + modules_prepare` - when using `kernel-devsrc` headers. These binaries depend on libc version + when using `kernel-devsrc` headers. These binaries depend on + libc version matching though so they have shown to be problematic. - This commit removes the `kernel-modules-headers` recipe and modifies + This commit removes the `kernel-modules-headers` recipe and + modifies - `kernel-devsrc` to replace it. The deployed artifact remains named as + `kernel-devsrc` to replace it. The deployed artifact remains + named as `kernel-modules-headers` as it's a more descriptive name. - This introduces a breaking change in the balenaOS API as customers that + This introduces a breaking change in the balenaOS API as + customers that - are using `kernel-modules-headers` to build external kernel modules will + are using `kernel-modules-headers` to build external kernel + modules will - now need to issue a `make modules_prepare` as part of their build scripts. + now need to issue a `make modules_prepare` as part of their + build scripts. Fixes #1822 @@ -6491,9 +7420,11 @@ This variable accepts the base64 encoded public key of a kernel module - signing keypair and appends it to the list of trusted keys the kernel + signing keypair and appends it to the list of trusted keys the + kernel - will use to validate signed modules. Multiple keys may be appended, + will use to validate signed modules. Multiple keys may be + appended, delimited with a semicolon. @@ -6501,7 +7432,8 @@ A PEM file can be used like so: - SIGN_KMOD_KEY_APPEND="$( sed -e '/-----BEGIN CERTIFICATE-----/d' \ + SIGN_KMOD_KEY_APPEND="$( sed -e '/-----BEGIN CERTIFICATE-----/d' + \ -e 's/-----END CERTIFICATE-----/;/g' \ -e '$d' signing_key.pem \ | tr -d '\n' )" @@ -6548,22 +7480,30 @@ The previous implementation in #2170 of parsing the container status was too general, - because it relied on the mistaken assumption that a container would have a status of + because it relied on the mistaken assumption that a + container would have a status of - `Stopped` if it was manually stopped. This turned out to be untrue, as manually stopped + `Stopped` if it was manually stopped. This turned out to + be untrue, as manually stopped - containers were also getting restarted by the Supervisor due to their inspect status of + containers were also getting restarted by the Supervisor + due to their inspect status of - `exited`. With this, parsing the exit message became unavoidable as there are no other + `exited`. With this, parsing the exit message became + unavoidable as there are no other - clear ways to discern a container that has been manually stopped and shouldn't be started + clear ways to discern a container that has been manually + stopped and shouldn't be started - from a container experiencing the Engine-host race condition issue (again, see #2170). + from a container experiencing the Engine-host race + condition issue (again, see #2170). - Since we're just parsing the exit error message, we don't need to worry about different behaviors + Since we're just parsing the exit error message, we + don't need to worry about different behaviors - amongst restart policies, as any container with the error message on exit should be started. + amongst restart policies, as any container with the + error message on exit should be started. footer: Change-type: patch change-type: patch @@ -6596,7 +7536,8 @@ Previously, `concatReadSeekCloser.Read()` would incorrectly return - an `io.ErrUnexpectedEOF` if the last read from the second concatenated + an `io.ErrUnexpectedEOF` if the last read from the + second concatenated `Reader` didn't completely fill the passed buffer. @@ -6612,60 +7553,79 @@ ``` - In this example, we have a `concatReadSeekCloser` that concatenates two + In this example, we have a `concatReadSeekCloser` that + concatenates two - `Reader`s (`aaa...` and `bbb...`). The last `Read()` used a buffer + `Reader`s (`aaa...` and `bbb...`). The last `Read()` + used a buffer - larger than the yet-to-be-read portion of the `bbb...`. So, it would + larger than the yet-to-be-read portion of the `bbb...`. + So, it would incorrectly return an `io.ErrUnexpectedEOF`. - This commit makes sure that last `Read()` returns all the remaining data + This commit makes sure that last `Read()` returns all + the remaining data without an error. It also adds various test cases for - `concatReadSeekCloser.Read()`, many of which would fail before this + `concatReadSeekCloser.Read()`, many of which would fail + before this correction. - Interestingly, this bug was silently affecting us. Not in a fatal way, + Interestingly, this bug was silently affecting us. Not + in a fatal way, - but causing deltas to be larger than necessary. Indeed, running + but causing deltas to be larger than necessary. Indeed, + running - `TestDeltaSize` after this commit shows that some test cases are + `TestDeltaSize` after this commit shows that some test + cases are - producing deltas smaller than what we expected before. For posterity, + producing deltas smaller than what we expected before. + For posterity, see all the details below. - We use `concatReadSeekCloser`s to concatenate all layers of the basis + We use `concatReadSeekCloser`s to concatenate all layers + of the basis - image when creating the "signature" of the basis image. In this process, + image when creating the "signature" of the basis image. + In this process, - the `concatReadSeekCloser`s are wrapped around by a buffered reader with + the `concatReadSeekCloser`s are wrapped around by a + buffered reader with a buffer of 65kB. - If, in any read, part of this 65kB buffer was beyond the second + If, in any read, part of this 65kB buffer was beyond the + second - concatenated reader, it would result in an `io.ErrUnexpectedEOF`. This + concatenated reader, it would result in an + `io.ErrUnexpectedEOF`. This - would not cause the whole process to fail, but would prematurely end the + would not cause the whole process to fail, but would + prematurely end the - signature generation: some of the final blocks in the basis image would + signature generation: some of the final blocks in the + basis image would - not be added to the signature. Therefore, if those blocks appeared in + not be added to the signature. Therefore, if those + blocks appeared in - the target image, they'd result in (larger) LITERAL, instead of + the target image, they'd result in (larger) LITERAL, + instead of (smaller) COPY operations. - For illustration, here's the delta generated for the `delta-006-008` + For illustration, here's the delta generated for the + `delta-006-008` test case. First before this commit: @@ -6718,7 +7678,8 @@ ``` - That 21kB LITERAL is the difference in size we saw in the test results. + That 21kB LITERAL is the difference in size we saw in + the test results. footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -6732,7 +7693,8 @@ Using `defer` for the sake of being more idiomatic (and maybe slightly - more reliable); plus, using the proper doc comment standards. + more reliable); plus, using the proper doc comment + standards. footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -6860,16 +7822,21 @@ This is necessary since the builder no longer passes the platform flag - to the build. This would lead to dockerfiles that are mixing multi and single + to the build. This would lead to dockerfiles that are + mixing multi and single - arch stages to pull the wrong architecture images, particularly when + arch stages to pull the wrong architecture images, + particularly when - trying to build images in emulated builds (e.g. armv7hf built on aarch64). + trying to build images in emulated builds (e.g. armv7hf + built on aarch64). - Moving the full build to multi-arch solves this as the docker engine is + Moving the full build to multi-arch solves this as the + docker engine is - capable of chosing the right architecture from the manifest. + capable of chosing the right architecture from the + manifest. footer: Relatest-to: balena-io/balena-builder#1010 relatest-to: balena-io/balena-builder#1010 @@ -7019,7 +7986,8 @@ This should be the default but with no explicit argument we still - end up with LUKS1 partitions. This patch adds the parameter to enforce + end up with LUKS1 partitions. This patch adds the parameter to + enforce LUKS2 formatting and adds conversion to LUKS2 to the cryptsetup @@ -7256,9 +8224,11 @@ The unsafe-perm config option has been dropped in npm 9, trying to set it - ends with an error and therefore fails the build. With this patch + ends with an error and therefore fails the build. With this + patch - the build script parses the major version from `npm --version` and only + the build script parses the major version from `npm --version` + and only sets unsafe-perm on npm 8 and older. footer: @@ -7342,12 +8312,14 @@ Comply with AWS public AMI quota, taking into account we have two - architectures that publish AMI images and we need free slots for custom + architectures that publish AMI images and we need free slots for + custom version request. - Make the oldest public image back to private before publishing a new image. + Make the oldest public image back to private before publishing a + new image. footer: Change-type: patch change-type: patch @@ -7365,7 +8337,8 @@ When building signed images, add the secureBoot feature flag into the - OS contract. This is needed for other components to identify secureBoot + OS contract. This is needed for other components to identify + secureBoot compatible software releases. footer: @@ -7399,13 +8372,16 @@ When parsing additional variables to be passed to the bitbake build, - keys and values are split using equals as a delimiter. However, the + keys and values are split using equals as a delimiter. However, + the - splitting process does not split only on the first occurrence, which + splitting process does not split only on the first occurrence, + which results in removing equals signs from the value as well. This is - problematic with base64 encoded strings, which are padded with equals + problematic with base64 encoded strings, which are padded with + equals signs. @@ -7476,7 +8452,8 @@ Removing the pull_request_target run for ESR branches fixes this, but - also removes the possibility of external pull requests into ESR branches, + also removes the possibility of external pull requests into ESR + branches, which we don't actually need. @@ -7559,7 +8536,8 @@ characters with a `*`. - [1] https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet + [1] + https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet [skip ci] @@ -7589,9 +8567,11 @@ There is nothing in `balena-config-vars` itself that needs `fatrw`, so - change it so scripts don't exit if it is not available. For example, + change it so scripts don't exit if it is not available. For + example, - `balena-config-vars` gets used in the initramfs but `fatrw` is not + `balena-config-vars` gets used in the initramfs but `fatrw` is + not required (and it is quite heavy). footer: @@ -7609,7 +8589,8 @@ balena-config scripts and not unit configuration dependencies. - This allows to include only the balena-config scripts in the initramfs. + This allows to include only the balena-config scripts in the + initramfs. footer: Change-type: patch change-type: patch @@ -7626,7 +8607,8 @@ the images size significantly. - This commit introduces a `raid` machine feature that device types need + This commit introduces a `raid` machine feature that device + types need to define if RAID support is required. footer: @@ -7644,7 +8626,8 @@ will also be used from the initramfs, move the dependency to - packagegroup-resin so that resin-device-progress is still included in + packagegroup-resin so that resin-device-progress is still + included in the flasher image. footer: @@ -7664,9 +8647,11 @@ flasher is not running from initramfs. - These dependencies are already part of the corresponding packagegroups, + These dependencies are already part of the corresponding + packagegroups, - so listing them here is redundant and wrong as it increases the size of + so listing them here is redundant and wrong as it increases the + size of the initramfs with no reason. footer: @@ -7717,7 +8702,8 @@ it is only used in the installer script. - Also, make the resin-init-flasher script check for it's existance before using + Also, make the resin-init-flasher script check for it's + existance before using it. footer: @@ -7736,7 +8722,8 @@ in disk encryption). - Adding a loop that waits for the links to be available adds robustness + Adding a loop that waits for the links to be available adds + robustness in case there are device specific delays. footer: @@ -7811,7 +8798,8 @@ - The Radxa CM3 on RPI CM4 IOBoard as well as the Radxa zero use rockchip software tools in order to put the eMMC in mass-storage mode - - The CM4 module comes in two flavors: one with eMMC and the Lite version + - The CM4 module comes in two flavors: one with eMMC and the + Lite version which uses the carrier board sd-card slot to load the image. Both use the same balenaOS image. I switched the storage to internal for this DT because it *may* have @@ -7849,16 +8837,19 @@ saving the entire uboot environment in any device specific - partitions. This because it relies on the default environment being + partitions. This because it relies on the default environment + being stored in the u-boot binary. Let's disable the saveenv command and avoid potential incorrect - usage which may overwrite the partition table, resin-boot filesystem + usage which may overwrite the partition table, resin-boot + filesystem - or other areas of the eMMC that may be pre-configured by the BSP. + or other areas of the eMMC that may be pre-configured by the + BSP. footer: Change-type: patch change-type: patch @@ -7933,9 +8924,11 @@ Block device nodes are sometimes created without attached media. These - devices can neither be read from, nor written to. In this case, the + devices can neither be read from, nor written to. In this case, + the - flasher will attempt to install to the invalid disk and fail. Detect + flasher will attempt to install to the invalid disk and + fail. Detect this case and skip the disk to allow flashing to continue. footer: @@ -8006,7 +8999,8 @@ Secure boot is now opt-in, even in the case where the image is signed, - and it's supported in firmware. Skip the secure boot tests when it's not + and it's supported in firmware. Skip the secure boot tests when + it's not enabled at runtime. footer: @@ -8065,7 +9059,8 @@ exceptions, and makes debugging and log messages worse. - When we don't have a valid way to handle an exception, just throw it. + When we don't have a valid way to handle an exception, + just throw it. The traceback is more useful than the handler. footer: @@ -8269,7 +9264,8 @@ body: > This is used to support falling back into the original OS when - performing a brownfield migration into balenaOS from a flasher image. + performing a brownfield migration into balenaOS from a flasher + image. footer: Change-type: patch change-type: patch @@ -8337,7 +9333,8 @@ It's not clear how the feature to skip tests work, so modify the commit - message to be of type patch to avoid balenaCI errors on type none. + message to be of type patch to avoid balenaCI errors on type + none. footer: Change-type: patch change-type: patch @@ -8425,25 +9422,32 @@ We have seen a few times devices with duplicated network names for some - reason. While we don't know the cause the networks get duplicates, this + reason. While we don't know the cause the networks get + duplicates, this - can be disruptive for updates as trying to create a container referencing a duplicate + can be disruptive for updates as trying to create a + container referencing a duplicate network results in a 400 error from the engine. - This commit finds and removes duplicate networks via the state engine, + This commit finds and removes duplicate networks via the + state engine, - this means that even if somehow a container could be referencing a + this means that even if somehow a container could be + referencing a - network that has been duplicated later somehow, this will remove the + network that has been duplicated later somehow, this + will remove the container first. - While thies doesn't solve the problem of duplicate networks being + While thies doesn't solve the problem of duplicate + networks being - created in the first place, it will fix the state of the system to + created in the first place, it will fix the state of the + system to correct the inconsistency. footer: @@ -8459,29 +9463,38 @@ We have seen a few times devices with duplicated network names for some - reason. While we don't know the cause the networks get duplicates, + reason. While we don't know the cause the networks get + duplicates, - this is disruptive of updates, as the supervisor usually queries + this is disruptive of updates, as the supervisor usually + queries - resource by name, resulting in a 400 error from the engine because of + resource by name, resulting in a 400 error from the + engine because of the ambiguity. - This replaces those queries by name to queries by id. This includes + This replaces those queries by name to queries by id. + This includes - network removal. If a `removeNetwork` step is generated, the supervisor + network removal. If a `removeNetwork` step is generated, + the supervisor - opts to remove all instances of the network with the same name as it + opts to remove all instances of the network with the + same name as it cannot easily resolve the ambiguity. - This doesn't solve the problem of ambiguous networks, because even if + This doesn't solve the problem of ambiguous networks, + because even if - networks are referenced by id when creating a container, the engine will + networks are referenced by id when creating a container, + the engine will - throw an error (see https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871) + throw an error (see + https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871) footer: Change-type: patch change-type: patch @@ -8676,12 +9689,14 @@ - references in docs - - references device-state, api-binder, compose modules, API + - references device-state, api-binder, compose modules, + API - references in tests - The commit also adds a migration to remove the 4 dependent device tables from the DB. + The commit also adds a migration to remove the 4 + dependent device tables from the DB. footer: Change-type: minor change-type: minor @@ -8752,7 +9767,8 @@ body: > Drop support for Fedora 34 35. - Fedora 36 will be the last version for armv7 as it is no longer supported. + Fedora 36 will be the last version for armv7 as it is no longer + supported. footer: Change-type: patch change-type: patch @@ -8794,9 +9810,11 @@ executed. When sourced, the shebang should be ignored. - However, we have seen instances where a bash script sourcing a sh + However, we have seen instances where a bash script sourcing a + sh - os-helper scripts triggers POSIX behaviour, specifically glob parsing + os-helper scripts triggers POSIX behaviour, specifically glob + parsing failures. footer: @@ -9293,7 +10311,8 @@ body: > iptables takes a file lock at /run/xtables.lock. By default, if - the file is locked, iptables will fail with error. When that happens, + the file is locked, iptables will fail with error. When that + happens, the iptables rules won't be configured, and the shared mode @@ -9361,10 +10380,12 @@ This EFI image contains the secure boot certificates and when executed it - is supposed to load the keys into the respective secure boot slots. + is supposed to load the keys into the respective secure boot + slots. - We don't use this binary in our secure boot implementation, but currently + We don't use this binary in our secure boot implementation, but + currently the build breaks as the binary is installed but not packaged. footer: @@ -9403,7 +10424,8 @@ to a new maximum of 2048. - See https://github.com/darkk/redsocks/blob/19b822e345f6a291f6cff6b168f1cfdfeeb2cd7d/base.c#L419 + See + https://github.com/darkk/redsocks/blob/19b822e345f6a291f6cff6b168f1cfdfeeb2cd7d/base.c#L419 footer: Change-type: patch change-type: patch @@ -9573,14 +10595,17 @@ body: > The previous method of disabling NTP by stopping the nameserver - (dnsmasq) relied on the dnsmasq unit not being reactivated before the + (dnsmasq) relied on the dnsmasq unit not being reactivated + before the test completed. - Instead, disable NTP by blocking ntp.org in the local dnsmasq instance + Instead, disable NTP by blocking ntp.org in the local dnsmasq + instance - using a dbus method call. NTP is re-enabled as before, by restarting + using a dbus method call. NTP is re-enabled as before, by + restarting dnsmasq. footer: @@ -9736,7 +10761,8 @@ Custom actions can only use certain secrets and single-dimension - run matrices. By running an entirely separate job after Flowzone + run matrices. By running an entirely separate job after + Flowzone is successful we have a lot more options. footer: @@ -9889,11 +10915,13 @@ In rare cases (believed to be caused by a non-atomic file creation and - writing operation in containerd), we end up with an empty file at + writing operation in containerd), we end up with an empty file + at `/mnt/data/docker/containerd/daemon/io.containerd.grpc.v1.introspection/uuid`. - This causes `ctr version` (and hence the health check) to fail. See + This causes `ctr version` (and hence the health check) to fail. + See https://github.com/balena-os/balena-engine/issues/322 @@ -9901,13 +10929,16 @@ This commit addresses this issue in two ways: - 1. Before running `ctr version`, we check if the uuid file exists and is + 1. Before running `ctr version`, we check if the uuid file + exists and is empty. If so, we remove it. (The subsequent execution of `ctr version` by the healthcheck will create the file again.) - 2. After running `ctr version`, we check if the uuid file was really + 2. After running `ctr version`, we check if the uuid file was + really created and is not empty. - In both cases, when an empty uuid file is detected, we log the event to + In both cases, when an empty uuid file is detected, we log the + event to help us confirm our hypothesis about the root cause. footer: @@ -10011,16 +11042,19 @@ If the signing server's response is anything other than successful, such - as with an authentication failure or bad request, the HTTP status code + as with an authentication failure or bad request, the HTTP + status code and response are hidden due to the --silent flag passed to cURL. - Drop the stdio redirect to the output file along with the --silent flag, + Drop the stdio redirect to the output file along with the + --silent flag, and instead use the -o parameter to output the response to the - appropriate file on success. This allows the status code and response to + appropriate file on success. This allows the status code and + response to be shown in the logs upon failure. footer: @@ -10042,12 +11076,14 @@ meta-openembedded, so that all improvements are merged now. - Excluded from it are `iwd` and `dhcpcd` daemon configurations that are + Excluded from it are `iwd` and `dhcpcd` daemon configurations + that are not used by us. - Default NM firewall in meta-openembedded is `nftables` where we are still + Default NM firewall in meta-openembedded is `nftables` where we + are still using `iptables`. @@ -10055,11 +11091,14 @@ The new recipe relies on `meson` as a build system now. - The .bbapend file that contains modifications specific to balena is preserved. + The .bbapend file that contains modifications specific to balena + is preserved. - Only `balena-client-id.patch` is removed as it references code that no longer + Only `balena-client-id.patch` is removed as it references code + that no longer - exists. This is because the internal systemd DHCPv4 client code that NM used + exists. This is because the internal systemd DHCPv4 client code + that NM used is now replaced by nettools' n-dhcp4 implementation. @@ -10087,7 +11126,8 @@ so we reuse the fixed version from upstream. - The symptom is that DNS servers provided by DHCP are not being used. + The symptom is that DNS servers provided by DHCP are not being + used. Closes #2907 @@ -10271,7 +11311,8 @@ a unique subnet that is not in use. - The DinD daemon in the core service will also start with a non-default + The DinD daemon in the core service will also start with + a non-default subnet. footer: @@ -10307,11 +11348,14 @@ When unlocking LUKS devices, udev events initializing the DM devices are still - generated in the background even after cryptsetup luksOpen returns. We need to + generated in the background even after cryptsetup luksOpen + returns. We need to - wait for the udev processing to finish before killing udev and cleaning up + wait for the udev processing to finish before killing udev and + cleaning up - the udev database to avoid having to deal with partially initialized devices + the udev database to avoid having to deal with partially + initialized devices or corrupted udev database in the target OS. footer: @@ -10416,9 +11460,11 @@ Our initramfs is built into the kernel, which is always compressed. - Disable redundant initramfs compression, which should save some CPU + Disable redundant initramfs compression, which should save some + CPU - cycles during build and boot, as well as improving compression ratio. + cycles during build and boot, as well as improving compression + ratio. footer: Change-type: patch change-type: patch @@ -10436,16 +11482,21 @@ In the current state the cryptsetup initrd script tries to unlock all - LUKS volumes in the system using the TPM. This includes user-defined LUKS + LUKS volumes in the system using the TPM. This includes + user-defined LUKS - volumes that, if present, fail to unlock and make the system unbootable. + volumes that, if present, fail to unlock and make the system + unbootable. - We should also not touch user-defined volumes in the first place. + We should also not touch user-defined volumes in the first + place. - This patch modifies the cryptsetup script to only unlock LUKS volumes + This patch modifies the cryptsetup script to only unlock LUKS + volumes - that are on the OS drive (same block device as the EFI partition). + that are on the OS drive (same block device as the EFI + partition). footer: Change-type: patch change-type: patch @@ -10503,12 +11554,16 @@ ``` - /dev/sdd2: LABEL="flash-rootA" UUID="5585296a-c183-4b10-89ae-20607e5604be" TYPE="ext4" PARTLABEL="resin-rootA" PARTUUID="582478f2-be4b-4279-9124-536385c9551d" + /dev/sdd2: LABEL="flash-rootA" + UUID="5585296a-c183-4b10-89ae-20607e5604be" TYPE="ext4" + PARTLABEL="resin-rootA" + PARTUUID="582478f2-be4b-4279-9124-536385c9551d" ``` - This commit fixes the inconsistency as the PARTLABEL is used as a fallback + This commit fixes the inconsistency as the PARTLABEL is used as + a fallback method to identify devices. footer: @@ -10567,11 +11622,14 @@ Not all the boards we support have the redsocks uid as 995 in their rootfs so let's - fetch the actual redsocks uid from the DUT before running the proxy tests and + fetch the actual redsocks uid from the DUT before running the + proxy tests and - update that in the docker-compose.yml. We do so because the REDSOCKS_UID value + update that in the docker-compose.yml. We do so because the + REDSOCKS_UID value - isn't substituted in the compose if the variable, even if it is passed trough + isn't substituted in the compose if the variable, even if it is + passed trough the cli. footer: @@ -10591,19 +11649,23 @@ Enabling CONFIG_KERNEL_ZSTD=y improves the compression ratio compared - to gzip while being faster to decompress. With kernel 5.15 in balenaOS + to gzip while being faster to decompress. With kernel 5.15 in + balenaOS v2.105, we see the 24 MB kernel compress to approximately 19 MB. - Zstd support was added in commit 48f7ddf, first introduced in kernel + Zstd support was added in commit 48f7ddf, first introduced in + kernel v5.9. Enable this config unconditionally in supported kernels. - Note that not every architecture and device support this option, but in + Note that not every architecture and device support this option, + but in - those cases, Kconfig will automatically disable it as HAVE_ZSTD is also + those cases, Kconfig will automatically disable it as HAVE_ZSTD + is also missing. footer: @@ -10623,7 +11685,8 @@ Generate a bmap file from the sparse image to allow for punching holes - in the disk image ranges that were unmapped after building. This data is + in the disk image ranges that were unmapped after building. This + data is lost during compression, and the bmapfile allows for recreating, @@ -10681,12 +11744,14 @@ eb69ff445fe0cac4f2060e67fa6994e61c3ca4b9. - Hardcoding the bridge address like this results in conflicts + Hardcoding the bridge address like this results in + conflicts when multiple instances are running on one jenkins node. - A new solution for local workstation testing will have to be + A new solution for local workstation testing will have + to be considered. footer: @@ -10727,7 +11792,8 @@ Instead of retrying to get the DUT IP address 120 times on a 1 seconds interval, - let's reduce it to 30 times because the resolveLocalTarget which we call will + let's reduce it to 30 times because the + resolveLocalTarget which we call will timeout too in 15 seconds: @@ -10735,7 +11801,8 @@ https://github.com/balena-os/leviathan-worker/blob/master/lib/helpers/index.ts#L162 - So reducing the retries number to 30 will effectly bring the total combined timeout to a maximum of 8 minutes. + So reducing the retries number to 30 will effectly bring + the total combined timeout to a maximum of 8 minutes. footer: Change-type: patch change-type: patch @@ -10772,7 +11839,8 @@ The testbot AP is visible and is discovered during a scan. - Let's remove the hidden attribute as it may cause problems + Let's remove the hidden attribute as it may cause + problems for the 243390-rpi wireless tests. footer: @@ -10927,7 +11995,8 @@ body: > The machine configurations in meta-variscite-fslc all define - a fixed ROOTFS_SIZE, which should be autogenerated based on the actual rootfs + a fixed ROOTFS_SIZE, which should be autogenerated based on the actual + rootfs size. @@ -11404,9 +12473,11 @@ There are two GRUB config variants - one for regular devices and one - for devices with FDE enabled. This commit makes flasher include the latter + for devices with FDE enabled. This commit makes flasher include + the latter - in the boot partition when secure boot and FDE is included in the image. + in the boot partition when secure boot and FDE is included in + the image. footer: Change-type: patch change-type: patch @@ -11542,7 +12613,8 @@ get_part_number_by_label expects the block device name without the /dev/ - prefix, flasher uses this correctly in all but one place, this patch fixes it. + prefix, flasher uses this correctly in all but one place, this + patch fixes it. footer: Change-type: patch change-type: patch @@ -11555,7 +12627,8 @@ body: > On most device types rootA and rootB are partitions 2 and 3 - but with LUKS encryption and boot/EFI split they are shifted to 3 and 4 + but with LUKS encryption and boot/EFI split they are shifted to + 3 and 4 footer: Change-type: patch change-type: patch @@ -11581,7 +12654,8 @@ We are using two variants of GRUB configs - one for LUKS-encrypted OS - and the other one for the rest. HUP needs to acknowledge this and use + and the other one for the rest. HUP needs to acknowledge this + and use the correct one based on the system being updated. footer: @@ -11608,7 +12682,8 @@ On full disk encrypted devices the EFI partition is a soft link in the - boot partition. This commit fixes detecting files in the EFI partition + boot partition. This commit fixes detecting files in the EFI + partition from the boot partition. footer: @@ -11624,7 +12699,8 @@ On full disk encrypted devices the EFI partition is a soft link in the - boot partition. This commit fixes detecting files in the EFI partition + boot partition. This commit fixes detecting files in the EFI + partition from the boot partition. footer: @@ -11644,9 +12720,11 @@ |-sda2 8:2 0 42M 0 part | `-luks-a91cd125-9e4c-45e6-b3f4-1e9b4ec9e5b9 250:0 0 40M 0 crypt /mnt/boot - This commit allows extracting the physical device (sdaN) whic is needed + This commit allows extracting the physical device (sdaN) whic is + needed - to extract the partition index using sysfs both for luks or standard + to extract the partition index using sysfs both for luks or + standard devices. footer: @@ -11724,7 +12802,8 @@ container and the DUT does not allow to ssh as a non-root user. - Run ssh from the worker to test local SSH authentication with a cloud + Run ssh from the worker to test local SSH authentication with a + cloud user. footer: @@ -11740,14 +12819,17 @@ Given that testbot devices use a tunnel to specific ports to communicate - with the DUT that is established with the suite-generated keys, using + with the DUT that is established with the suite-generated keys, + using - a different keypair for the ssh-auth test would require to tear down and + a different keypair for the ssh-auth test would require to tear + down and re-establish the tunnel. - It's easier to just use the existing key pair in the ssh-auth test. + It's easier to just use the existing key pair in the ssh-auth + test. footer: Change-type: patch change-type: patch @@ -11761,7 +12843,8 @@ Using two set of keys, the one created by the suite to authenticate by - the proxy and a new custom key, is tricky as when running on testbot the + the proxy and a new custom key, is tricky as when running on + testbot the key is used to establish the tunnel between core and DUT. @@ -11873,12 +12956,14 @@ When adding a kernel configuration conditional in a provided kernel - version, make the check include the provided kernel version as that is + version, make the check include the provided kernel version as + that is the intuitive way to understand it. - The two places that use this function already used it in this way. + The two places that use this function already used it in this + way. footer: Change-type: patch change-type: patch @@ -11907,7 +12992,8 @@ body: > chrony 4.2 introduces security hardening in the - service definition that removes the CAP_SYS_ADMIN permission, affecting + service definition that removes the CAP_SYS_ADMIN permission, + affecting the way healthdog uses execve to become chronyd. @@ -11915,7 +13001,8 @@ commit 83f96efdfd2d (examples: harden systemd services) - This commits works around it by allowing all members of the service's + This commits works around it by allowing all members of the + service's control group to send notification messages. footer: @@ -12007,7 +13094,8 @@ Add the wireguard module by default so it is included in all device - types. This is a frequently requested by customers and will avoid having + types. This is a frequently requested by customers and will + avoid having to patch individual device repositories. footer: @@ -12039,12 +13127,15 @@ There are two sets of keys used in this test, one stored in `/root/id` - which is created by the cloud suite to SSH via the proxy server, and + which is created by the cloud suite to SSH via the proxy server, + and - a custom key stored in `/root/test_id` used in some of the subtests. + a custom key stored in `/root/test_id` used in some of the + subtests. - Fix the test cases using the custom key to use the correct private key. + Fix the test cases using the custom key to use the correct + private key. footer: Change-type: patch change-type: patch @@ -12132,7 +13223,8 @@ configuration and starting the `openvpn` service unit. - As the `openvpn` service units stops `os-config`, it might not get to + As the `openvpn` service units stops `os-config`, it might not + get to restart the supervisor. @@ -12200,12 +13292,15 @@ The sshd daemon is configured to fetch keys from the API for local - user connections. The script that fetches the keys, cloud-public-sshkeys, + user connections. The script that fetches the keys, + cloud-public-sshkeys, - sources balena-config-vars and is run as an exclusive non-root user. + sources balena-config-vars and is run as an exclusive non-root + user. - Let's set the correct permissions for this file to allow not to break + Let's set the correct permissions for this file to allow not to + break the above. @@ -12236,12 +13331,14 @@ database and files modified outside of the pseudo context [0]. - This will occasionally cause builds to fail in the do_deploy step of the + This will occasionally cause builds to fail in the do_deploy + step of the kernel-devsrc recipe. [1] - Fix this by not removing the kernel_source tarball in the do_deploy + Fix this by not removing the kernel_source tarball in the + do_deploy step. @@ -12291,7 +13388,8 @@ The old test no longer matches on full disk paths including /dev, which - can potentially result in the installation disk not being excluded from + can potentially result in the installation disk not being + excluded from the pool of installation targets. @@ -12312,9 +13410,11 @@ Previously, globs such as 'md/balena{,_*}' and 'mmcblk?' weren't being - properly expanded, resulting in the old behavior of explicit lists of + properly expanded, resulting in the old behavior of explicit + lists of - disks continuing to work, but consolidated globs matching multiple disks + disks continuing to work, but consolidated globs matching + multiple disks would not. @@ -12387,7 +13487,8 @@ Since kirkstone tasks have network access disabled by default so we need - to enable it explicitly for tasks that talk to the signing service. + to enable it explicitly for tasks that talk to the signing + service. footer: Change-type: patch change-type: patch @@ -12693,7 +13794,8 @@ Handle ENOENT ErrnoException when attempting to unwrap a non-flasher - image in HUP tests. This mirrors a similar change made in ce2d33ad8. + image in HUP tests. This mirrors a similar change made in + ce2d33ad8. footer: Change-type: patch change-type: patch @@ -12857,7 +13959,8 @@ ``` - ERROR: libical-2.0.0-r0 do_package: QA Issue: libical: Files/directories were installed but not shipped in any package: + ERROR: libical-2.0.0-r0 do_package: QA Issue: libical: + Files/directories were installed but not shipped in any package: /usr/lib/cmake @@ -12900,7 +14003,8 @@ body: > Newer versions fail on the configuration step with: - Requested 'libcrypto >= 1.1.0' but version of OpenSSL-libcrypto is 1.0.2o + Requested 'libcrypto >= 1.1.0' but version of OpenSSL-libcrypto + is 1.0.2o footer: Change-type: patch change-type: patch @@ -13094,14 +14198,17 @@ This config file hasn't been used since commit 2db88c2, which unified - how managed and unmanaged images operate. Since that commit, openvpn + how managed and unmanaged images operate. Since that commit, + openvpn - starts up if the config file at /etc/openvpn/openvpn.conf is found, and + starts up if the config file at /etc/openvpn/openvpn.conf is + found, and otherwise remains inactive. This file is populated by os-config. - Remove the old config to prevent misdirection and cleanup the layer. + Remove the old config to prevent misdirection and cleanup the + layer. footer: Change-type: patch change-type: patch @@ -13189,26 +14296,32 @@ Chronyd checks that the directory specified as `sourcedir` in `chrony.conf` - (in this case `/var/chrony`) is not world accessible if it exists (chrony + (in this case `/var/chrony`) is not world accessible if it + exists (chrony - will create it correctly if it does not exist), and does not start + will create it correctly if it does not exist), and does not + start if that's the case. - The way that the `/var/chrony` is created when it does not exist opens + The way that the `/var/chrony` is created when it does not exist + opens - the possibility of the directory existing with the wrong permissions and + the possibility of the directory existing with the wrong + permissions and hitting this problem. - This commit creates the directory with the correct permissions from the + This commit creates the directory with the correct permissions + from the start to avoid the race condition. - It also changes the permissiong from 750 to 770 to match what chrony + It also changes the permissiong from 750 to 770 to match what + chrony does (see @@ -13301,7 +14414,8 @@ hostOS updates between aufs and overlay2 balenaOS versions. - This commit adds support for 5.15 kernels and improves the branch + This commit adds support for 5.15 kernels and improves the + branch selection logic to cover some corner cases. @@ -13579,7 +14693,8 @@ body: > This fixes the following error when building mkfs-hostapp-native - with Honister for a Variscite iMX8MM which only has Hardknott support: + with Honister for a Variscite iMX8MM which only has Hardknott + support: mkfs-hostapp-native-1.0-r0 do_prepare_recipe_sysroot: @@ -13621,7 +14736,8 @@ body: > This fixes the following error when building mkfs-hostapp-native - with Honister for a Variscite iMX8MM which only has Hardknott support: + with Honister for a Variscite iMX8MM which only has Hardknott + support: mkfs-hostapp-native-1.0-r0 do_prepare_recipe_sysroot: @@ -13656,7 +14772,8 @@ If a block device specified in resin-init-flasher.conf is part of an - array, but that assembled array name wasn't specified, skip it to avoid + array, but that assembled array name wasn't specified, skip it + to avoid data loss. footer: @@ -13672,18 +14789,23 @@ Instead of querying devices w/ `fdisk -l`, glob match patterns specified - in resin-init-flasher.conf with devices present in `/dev`. This allows us to + in resin-init-flasher.conf with devices present in `/dev`. This + allows us to - specify devices like `hd? sd? mmcblk?` instead of individual device + specify devices like `hd? sd? mmcblk?` instead of individual + device numbers, which don't consistently map to any particular disk. - This also allows RAID arrays to be matched with the array name and a + This also allows RAID arrays to be matched with the array name + and a - pattern that glob matches even arrays assembled automatically on a + pattern that glob matches even arrays assembled automatically on + a - non-matching host, such as `md/balena?(_?)` matching an array named + non-matching host, such as `md/balena?(_?)` matching an array + named `balena` and assembled on-device at `/dev/md/balena_0`. footer: @@ -13830,7 +14952,8 @@ Before kirkstone, the way to not include the kernel image was to - override the `RDEPENDS:${KERNEL_PACKAGE_NAME}-base` not to include + override the `RDEPENDS:${KERNEL_PACKAGE_NAME}-base` not to + include `kernel-image`, as was done in the `kernel-resin-noimage` class. @@ -13840,7 +14963,8 @@ Poky's commit f6d963fa6d0e64d53f7ef56fd2c12d67f5811829 - Now excluding the kernel image needs to `PACKAGE_EXCLUDE = "kernel-image-*"` + Now excluding the kernel image needs to `PACKAGE_EXCLUDE = + "kernel-image-*"` footer: Change-type: patch change-type: patch @@ -13940,7 +15064,9 @@ Yocto kirkstone complains with: - ERROR: packagegroup-resin-1.0-r1 do_package_write_ipk: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libnss-ato to libnss-ato2) + ERROR: packagegroup-resin-1.0-r1 do_package_write_ipk: An + allarch packagegroup shouldn't depend on packages which are + dynamically renamed (libnss-ato to libnss-ato2) For lack of a better place, move to the balena-image recipe. @@ -14307,7 +15433,8 @@ Run the resin-update-state rules that create the by-state links after md - arrays are assembled. This fixes state link creation when running on a + arrays are assembled. This fixes state link creation when + running on a RAID array. footer: @@ -14377,7 +15504,8 @@ The latest meta-balena includes `util-linux-findmnt` as a kexec module - dependency and this package has not yet been split from `util-linux` in + dependency and this package has not yet been split from + `util-linux` in thud. footer: @@ -14435,9 +15563,11 @@ In order to use the same rust toolchain across all supported Yocto - versions this commit updates the cmake version on all integration layers + versions this commit updates the cmake version on all + integration layers - below Zeus to 3.13.4, which is the minimum version to compile the rust + below Zeus to 3.13.4, which is the minimum version to compile + the rust 1.62 toolchain. @@ -14474,7 +15604,8 @@ it was living in meta-rust. - We want to use the balena-rust layer across a wide variety of Yocto + We want to use the balena-rust layer across a wide variety of + Yocto versions so include the fetcher conditionally. footer: @@ -14494,11 +15625,14 @@ systems and is not present in older Yocto releases. - This commit reverts to the previous way of setting the rust architecture. + This commit reverts to the previous way of setting the rust + architecture. - It will not work for ppc64le and if we would need to support such an + It will not work for ppc64le and if we would need to support + such an - architecture the arch_to_rust_arch() function will still be called if it + architecture the arch_to_rust_arch() function will still be + called if it exists in Kirkstone or newer Yocto versions. footer: @@ -14515,14 +15649,17 @@ With Kirkstone and the support of openSSL 3.0 it's not possible to find - a set of dependencies that work for all of our rust applications across + a set of dependencies that work for all of our rust applications + across - the 1.32 to 1.62 toolchain versions that are supported across all the + the 1.32 to 1.62 toolchain versions that are supported across + all the Yocto versions we keep compatibility with. - This layer allows to set a preferred version as a distro setting that can + This layer allows to set a preferred version as a distro setting + that can be used across all Yocto versions. @@ -14788,18 +15925,23 @@ container. This had two downsides: - 1. It was relatively heavyweight. In devices under heavy load, it would + 1. It was relatively heavyweight. In devices under heavy load, + it would sometimes take so long to run that the Engine was killed by the watchdog. - 2. It wrote to the storage media. Creating a container involves writing + 2. It wrote to the storage media. Creating a container involves + writing some data to persistent storage, therefore the healthcheck was wearing the storage media. - This new healthcheck simply pings both `balenad` and `containerd`, which + This new healthcheck simply pings both `balenad` and + `containerd`, which - is much faster than starting a new container and doesn't write to disk. + is much faster than starting a new container and doesn't write + to disk. - The step of pinging `containerd` is important because we have seen at + The step of pinging `containerd` is important because we have + seen at least one case in the past in which `balenad` was working but @@ -14817,11 +15959,13 @@ With `WatchdogSignal=SIGTERM` systemd will send a SIGTERM and give the - Engine 90 seconds to gracefully shutdown before sending a SIGKILL. We + Engine 90 seconds to gracefully shutdown before sending a + SIGKILL. We had cases of Engine metadata on disk getting corrupted after the - watchdog sent it a SIGKILL directly. This change shall minimize this + watchdog sent it a SIGKILL directly. This change shall minimize + this issue. footer: @@ -14911,7 +16055,8 @@ This is a temporary way that will allow to update the bblayers.conf of - device type repositories to include meta-balena/meta-balena-rust while + device type repositories to include meta-balena/meta-balena-rust + while still building. @@ -14946,7 +16091,8 @@ Recent versions of meta-balena include a balena-rust layer used to - specify a distro-set Rust version across all supported Yocto versions + specify a distro-set Rust version across all supported Yocto + versions As such, the syntax of this layer also needs to be converted. @@ -15126,7 +16272,8 @@ Our tests perform two HUPs (into and out of the release under test), and - the code for both of these HUPs were duplicated. This commit factors + the code for both of these HUPs were duplicated. This commit + factors this code out to a common function. footer: @@ -15142,7 +16289,8 @@ This is a small improvement over our previous test: in addition to - checking that the volumes themselves are preserved over HUPs, we now + checking that the volumes themselves are preserved over HUPs, we + now check if the contents of these volumes is preserved. @@ -15370,9 +16518,11 @@ The boot partition is currently a FAT filesystem that does not support - atomic writes. To prevent corruption, this commit introduces a fatrw + atomic writes. To prevent corruption, this commit introduces a + fatrw - application that needs to be used both when reading and writing files + application that needs to be used both when reading and writing + files to the boot partition to provide safe accesses. footer: @@ -15446,7 +16596,8 @@ Including the 2min systemd watchdog timer, plus 60 attempts to sync - the time via chronyc waitsync, it may take longer than expected to + the time via chronyc waitsync, it may take longer than expected + to trigger the healthcheck condition. footer: @@ -15742,7 +16893,8 @@ 87a741fd22a78c190bec59fa6628de921ac2809f. - This change didn't actually help to resolve the original ETIMEDOUT + This change didn't actually help to resolve the original + ETIMEDOUT issues so it can be reverted. footer: @@ -15852,13 +17004,17 @@ The executeCommand family of methods default to retrying on failure. In - some cases, such as in the ssh-auth test in the cloud test suite, we + some cases, such as in the ssh-auth test in the cloud + test suite, we - expect failures to happen, and want them to be raised immediately. Other + expect failures to happen, and want them to be raised + immediately. Other - situations might demand adjusting the number of retries and interval to + situations might demand adjusting the number of retries + and interval to - fit specific tests. Add a retryOptions object to these methods to allow + fit specific tests. Add a retryOptions object to these + methods to allow for this behavior to be configured. footer: @@ -15893,7 +17049,8 @@ This test was broken previously, and would fail with "All configured - authentication methods failed" after a long delay caused by excessive + authentication methods failed" after a long delay caused by + excessive retries. @@ -15926,9 +17083,11 @@ By creating empty configuration units when no configuratin is applied to - a service instead we avoid regenerating them at boot if stored in + a service instead we avoid regenerating them at boot if stored + in - persistent memory helping with boot times in less powerful devices. + persistent memory helping with boot times in less powerful + devices. footer: Change-type: patch change-type: patch @@ -15942,12 +17101,14 @@ This allows for specific devices to override the defaults, which is to - store configuration units on volatile memory re-generating them every + store configuration units on volatile memory re-generating them + every boot and avoiding storage media writes. - Changing this to permanent storage trades boot times with media life + Changing this to permanent storage trades boot times with media + life expectancy. footer: @@ -16001,14 +17162,16 @@ Currently `os-config-json` is also parsing `units-conf.json` at runtime. - This is expensive to do for smaller devices, so this commit performs the + This is expensive to do for smaller devices, so this commit + performs the processing at build time. For this, it also splits the configuration units processing in - balena-config-vars into its own recipe to allow for task ordering. + balena-config-vars into its own recipe to allow for task + ordering. footer: Change-type: patch change-type: patch @@ -16034,7 +17197,8 @@ This makes it more general and allows it to be expanded. - Also, allow its native use so it can be included in recipe tests. + Also, allow its native use so it can be included in recipe + tests. footer: Change-type: patch change-type: patch @@ -16088,9 +17252,11 @@ example a RaspberryPi Zero. - This commit introduces a cached memory file with the configuration + This commit introduces a cached memory file with the + configuration - environment that is recreated when `config.json` changes and will be + environment that is recreated when `config.json` changes and + will be used if present. @@ -16454,12 +17620,14 @@ body: > When parallelizing fingerprint checks with Promise.any(), the - unsuccessful command would continue retrying in the background, causing + unsuccessful command would continue retrying in the background, + causing spurious error messages. - With mDNS resolution memoization, this optimization no longer saves us + With mDNS resolution memoization, this optimization no longer + saves us time, so remove it. footer: @@ -16508,7 +17676,8 @@ The resin-img is no longer maintained and the deployment of raw images - as well as flasher requires features only available in balena-img. + as well as flasher requires features only available in + balena-img. footer: Change-type: patch change-type: patch @@ -16622,7 +17791,8 @@ BOOT_MOUNTPOINT is used in 5. - This commit replaces BOOT_MOUNTPOINT with BALENA_BOOT_MOUNTPOINT to + This commit replaces BOOT_MOUNTPOINT with BALENA_BOOT_MOUNTPOINT + to remove the duplication. footer: @@ -16669,16 +17839,20 @@ When accessing a test device as part of a fleet, a cloud API key is - required in order to generate an SSH key and access the device through + required in order to generate an SSH key and access the device + through - the VPN. However, when accessing a device locally, such as a QEMU + the VPN. However, when accessing a device locally, such as a + QEMU - instance running on the workstation itself, we have a direct path, and + instance running on the workstation itself, we have a direct + path, and no VPN is necessary. - Make the apiKey optional, and don't login when it's not specified. This + Make the apiKey optional, and don't login when it's not + specified. This allows direct connections to work without it. footer: @@ -16805,7 +17979,8 @@ Reduce the interval between scans as well as the maximum number of scans - for modems, reducing the time spent waiting when no modem is present + for modems, reducing the time spent waiting when no modem is + present from ~50s to ~5s. footer: @@ -16834,11 +18009,14 @@ worker.rebootDut() contains retry logic using utils.waitUntil() wrapping - this.executeCommandInHostOS(). The latter contains its own retry logic, + this.executeCommandInHostOS(). The latter contains its + own retry logic, - which will try to execute a given command for up to five minutes before + which will try to execute a given command for up to five + minutes before - timing out. Remove the retry logic from worker.rebootDut(), as it's + timing out. Remove the retry logic from + worker.rebootDut(), as it's redundant and adds latency. footer: @@ -16854,9 +18032,11 @@ The default interval for retrying this command is 5s, with a total - timeout of 2m30s. Reduce the timeout to 1s to reduce latency for the + timeout of 2m30s. Reduce the timeout to 1s to reduce + latency for the - successful case, while increasing the total timeout to 5m. + successful case, while increasing the total timeout to + 5m. footer: Change-type: patch change-type: patch @@ -16898,9 +18078,11 @@ Certain chrony tests require the ability to block NTP requests. Switch - from blocking these requests using iptables rules to simply stopping the + from blocking these requests using iptables rules to simply + stopping the - local DNS server, which is faster and simpler, and doesn't conflict with + local DNS server, which is faster and simpler, and doesn't + conflict with the supervisor firewall. footer: @@ -16980,7 +18162,8 @@ In conclusion, we rework how the blacklist is constructed - so that users of meta-balena can alter this list as they see fit. + so that users of meta-balena can alter this list as they see + fit. footer: Change-type: patch change-type: patch @@ -17048,24 +18231,32 @@ This changes the condition in the unit file from checking whether - /dev/disk/by-state/balena-efi exists to checking whether /mnt/boot/EFI + /dev/disk/by-state/balena-efi exists to checking whether + /mnt/boot/EFI - is a symlink. The original approach has a race condition populating + is a symlink. The original approach has a race condition + populating - the by-state symlink - it is depending on udev and if the link is + the by-state symlink - it is depending on udev and if the link + is - not present when the service is started (after the boot partition is mounted), + not present when the service is started (after the boot + partition is mounted), the service fails and the EFI partition is never mounted. - The new approach does the trick pretty well - /mnt/boot/EFI is a symlink + The new approach does the trick pretty well - /mnt/boot/EFI is a + symlink - if the EFI partition is split and a regular directory in case there is a single + if the EFI partition is split and a regular directory in case + there is a single - boot partition. That said the service is only started when necessary + boot partition. That said the service is only started when + necessary - and the waiting for udev is implemented as a part of the mount script. + and the waiting for udev is implemented as a part of the mount + script. footer: Change-type: patch change-type: patch @@ -17083,7 +18274,8 @@ Recent versions of GRUB default to use shim_lock when in secure boot mode. - We do not use shim and do not build the shim_lock module into GRUB EFI binary + We do not use shim and do not build the shim_lock module into + GRUB EFI binary therefore this needs to be disabled. footer: @@ -17136,9 +18328,11 @@ Create a directConnect variable that indicates whether we're connecting - to a local instance of the worker server, including if the connection is + to a local instance of the worker server, including if + the connection is - over a unix domain socket. This allows the suite to skip steps that + over a unix domain socket. This allows the suite to skip + steps that don't pertain to local runs. footer: @@ -17329,9 +18523,11 @@ and the system time does not skew. - The healthcheck will command a burst sync if there is no selected + The healthcheck will command a burst sync if there is no + selected - reachable source, and will restart chronyd if the system clock skews. + reachable source, and will restart chronyd if the system clock + skews. Fixes #2314 @@ -17351,7 +18547,8 @@ body: > Test context is now accessible from self, remove verbose - this.context.get() syntax when calling worker.executeCommandInHostOS. + this.context.get() syntax when calling + worker.executeCommandInHostOS. footer: Change-type: patch change-type: patch @@ -17365,7 +18562,8 @@ When calling waitUntil(), reduce calling intervals and the total number - of retries. This effectively halves the runtime for these tests, as the + of retries. This effectively halves the runtime for these tests, + as the latency for detecting success is much lower. footer: @@ -17497,7 +18695,8 @@ When the promise called in waitUntil fails, the function defaults to a - 30s interval before trying again. Reduce this to a 5s interval w/ + 30s interval before trying again. Reduce this to a 5s interval + w/ maximum 5m retry window in the cloud suite. footer: @@ -17574,7 +18773,8 @@ utils.waitUntil expects rejectionFail before _times and _delay, include - this argument to ensure the later arguments have the intended effect + this argument to ensure the later arguments have the intended + effect footer: Change-type: patch change-type: patch @@ -17603,7 +18803,8 @@ Use systemd.waitForServiceState instead of waitUntil. This improves - readability, and reduces the time taken in the case that the test fails + readability, and reduces the time taken in the case that the + test fails and the default interval of waitUntil causes an excessive wait. footer: @@ -17632,7 +18833,8 @@ Log statements for powerOn/powerOff were added for debugging when - refactoring the QEMU worker to operate w/out libvirt. Remove these. + refactoring the QEMU worker to operate w/out libvirt. + Remove these. footer: Change-type: patch change-type: patch @@ -17664,7 +18866,8 @@ Device addresses likely won't change during a single test run, and mDNS - queries can be time consuming. Memoize the result of the query to save + queries can be time consuming. Memoize the result of the + query to save some time. footer: @@ -17741,9 +18944,11 @@ When tests execute quicker, a race condition can occur where config.json - is edited to remove the dnsServers property, but /run/dnsmasq.servers is + is edited to remove the dnsServers property, but + /run/dnsmasq.servers is - not changed yet. This causes the test to fail, as the file is not empty. + not changed yet. This causes the test to fail, as the file is + not empty. not ok 1 - We should have an empty /run/dnsmasq.servers file. --- @@ -17757,7 +18962,8 @@ -/^\s?$/ +"server=1.1.1.1\nserver=1.1.1.1" - Fix this by waiting until the InvocationID of dnsmasq.service changes. + Fix this by waiting until the InvocationID of dnsmasq.service + changes. footer: Change-type: patch change-type: patch @@ -17826,18 +19032,23 @@ The root cause of this issue was an integer overflow in 32-bit platforms - -- specifically, when explicitly converting `io.Reader` offsets + -- specifically, when explicitly converting `io.Reader` + offsets - (`int64`) to slice indices (`int`, which is only 32-bit long on 32-bit + (`int64`) to slice indices (`int`, which is only 32-bit + long on 32-bit platforms). - We already had in place the checks supposed to ensure slice bounds where + We already had in place the checks supposed to ensure + slice bounds where - always within the expected bounds. So, in a way, this commit just + always within the expected bounds. So, in a way, this + commit just - re-organizes the code so that we perform safely this required `int64` to + re-organizes the code so that we perform safely this + required `int64` to `int` type conversion. footer: @@ -17903,7 +19114,8 @@ When KVM is not used we can easily emulate generic-aarch64 - on x86_64 hosts so avoid tying the host and target architectures + on x86_64 hosts so avoid tying the host and target + architectures together in the Makefile. footer: @@ -18002,7 +19214,8 @@ body: > Add a missing asterisk to FILES for iwlwifi-quz-a0-hr-b0 - and iwlwifi-quz-a0-jf-b0 to include compressed firmware files. Without it + and iwlwifi-quz-a0-jf-b0 to include compressed firmware files. + Without it the packages end up empty as we have compression enabled. footer: @@ -18176,7 +19389,8 @@ Splash image backend would throw if the image is not a valid png during - the write step. This could prevent the device from provisioning if some + the write step. This could prevent the device from + provisioning if some corruption happens at some point. footer: @@ -18194,12 +19408,14 @@ This commit updates all backends that write to /mnt/boot to do it - through a new `lib/host-utils` module. Writes are now done using write + + through a new `lib/host-utils` module. Writes are now + done using write + sync as rename is not an atomic operation in vfat. - The change also applies for writes through the `/v1/host-config` + The change also applies for writes through the + `/v1/host-config` endpoint. @@ -18319,10 +19535,12 @@ The status field does not indicate the current state of the Engine on the device. - Rather, it only indicates whether the HTTP response returned successfully or not. + Rather, it only indicates whether the HTTP response + returned successfully or not. - To get the current state of the device, i.e. whether it has applied target state or not, + To get the current state of the device, i.e. whether it + has applied target state or not, use the `appState` field in the response. footer: @@ -18354,18 +19572,24 @@ The linked issue describes the Supervisor not cleaning up locks it creates due - to crashing at just the wrong time. After internal discussion we decided to + to crashing at just the wrong time. After internal + discussion we decided to - differentiate Supervisor-created lockfiles from user-created lockfiles by using + differentiate Supervisor-created lockfiles from + user-created lockfiles by using - the `nobody` UID (65534) for Supervisor-created lockfiles. + the `nobody` UID (65534) for Supervisor-created + lockfiles. - As the existing NPM lockfile lib does not allow creating lockfiles atomically + As the existing NPM lockfile lib does not allow creating + lockfiles atomically - with different UIDs, we move to using the lockfile binary, which is part of the + with different UIDs, we move to using the lockfile + binary, which is part of the - procmail package. To allow nonroot users to write to lock directories, permissions + procmail package. To allow nonroot users to write to + lock directories, permissions are changed to allow write access by nonroot users. footer: @@ -18426,19 +19650,22 @@ Migration `M00008` had a bug with the check for legacy apps, which - resulted in devices that had at some point been updated from a single + resulted in devices that had at some point been updated + from a single container supervisor to get the error ``` - Undefined binding(s) detected when compiling UPDATE. Undefined column(s): [appUuid] query + Undefined binding(s) detected when compiling UPDATE. + Undefined column(s): [appUuid] query ``` - This adds a new migration with the fix to ensure broken fix the + This adds a new migration with the fix to ensure broken + fix the inconsistent database state. footer: @@ -18458,12 +19685,14 @@ This change updates types and database format in order to allow - receiving the new format of the target state from the cloud and allow + receiving the new format of the target state from the + cloud and allow applications to keep working. - This change also updates metadata in the containers, meaning services + This change also updates metadata in the containers, + meaning services will need to be restarted on supervisor update footer: @@ -18480,7 +19709,8 @@ body: > It seems that in some cases the supervisor can report - an image without a `status` field leading to a cloud side 401 response. + an image without a `status` field leading to a cloud + side 401 response. See #1905 for more details. footer: @@ -18601,7 +19831,8 @@ When we patch an ESR branch, for example from v2022.1.0 to v2022.1.1, - do not update the next, current, sunset ESR phases as they remain the + do not update the next, current, sunset ESR phases as they + remain the same. footer: @@ -18635,7 +19866,8 @@ Otherwise patch updates of ESR branches move the ESR phase when they - should not. For example, if 2022.1.1 is current, 2022.1.2 is also + should not. For example, if 2022.1.1 is current, 2022.1.2 is + also current and should not move 2022.1.1 to sunset. footer: @@ -18861,9 +20093,11 @@ jq returns null by default when a given key isn't found, ensure that - when getting the value of deployRawArtifact, we get an empty variable + when getting the value of deployRawArtifact, we get an empty + variable - instead, which is checked later on to determine if that file should be + instead, which is checked later on to determine if that file + should be deployed footer: @@ -18922,15 +20156,18 @@ * the CLI prompts for input during preload - Alternatively, the --pin-device-to-release flag may be used to pin only the + Alternatively, the --pin-device-to-release flag may be used to + pin only the preloaded device to the selected release. - Would you like to disable automatic updates for this fleet now? No + Would you like to disable automatic updates for this fleet now? + No - * we do not want to set the suggested flag and we do not want to touch the fleet release policy for this use case + * we do not want to set the suggested flag and we do not want to + touch the fleet release policy for this use case footer: Change-type: patch change-type: patch @@ -18990,7 +20227,8 @@ Surface the preloaded app commit as a variable that can be overridden in - the build job. Default to "current" to maintain existing behavior when + the build job. Default to "current" to maintain existing + behavior when the variable isn't set. footer: @@ -19025,7 +20263,8 @@ This will allow us to make changes to config.js in meta-balena without - breaking the deploy steps. If additional changes are needed at runtime + breaking the deploy steps. If additional changes are needed at + runtime the substitutions can be made by the leviathan Jenkins job. footer: @@ -19044,7 +20283,8 @@ body: > If the submodule was recently added to meta-balena, the checkout - command will not initialize it without a separate submodule update + command will not initialize it without a separate submodule + update command. footer: @@ -19197,7 +20437,8 @@ This is used by the OS builders to deploy releases. This contract contains - details related to the balena-image artifact generated in the balenaOS + details related to the balena-image artifact generated in the + balenaOS build. footer: @@ -19454,22 +20695,29 @@ This was originally introduced in combination with a kernel patch backported - from Red Hat kernel that would enable kernel lockdown when secure boot + from Red Hat kernel that would enable kernel lockdown when + secure boot - is enabled. We have since changed the approach, dropped the kernel patch + is enabled. We have since changed the approach, dropped the + kernel patch - and when in secure boot mode use a different GRUB config file that enables + and when in secure boot mode use a different GRUB config file + that enables lockdown on kernel command line unconditionally. - That said, while the patch works fine, we do not really need it and it adds + That said, while the patch works fine, we do not really need it + and it adds - extra overhead porting it to newer yocto versions so there is no point keeping + extra overhead porting it to newer yocto versions so there is no + point keeping - it at this moment. If in the future there is need for the kernel to know + it at this moment. If in the future there is need for the kernel + to know - whether it is in secure boot mode or not, we can roll this back and rebase. + whether it is in secure boot mode or not, we can roll this back + and rebase. footer: Change-type: patch change-type: patch @@ -19491,7 +20739,8 @@ is on the same partition. - This uses a data mount to ensure temporary extracted files of the + This uses a data mount to ensure temporary extracted files of + the compressed image will not fill the target sysroot. footer: @@ -19553,7 +20802,8 @@ preventing the device from booting. - Should this happen, we use sgdisk to check and recover the end gpt + Should this happen, we use sgdisk to check and recover the end + gpt from the main one. footer: @@ -19574,9 +20824,11 @@ A legacy development image will update to development mode enabled - independently of whether the newOS is configured for development mode or + independently of whether the newOS is configured for development + mode or - not. The only case when a hostapp has developmentMode set is when locally + not. The only case when a hostapp has developmentMode set is + when locally building with `OS_DEVELOPMENT`. footer: @@ -19596,9 +20848,11 @@ body: > This caters for the use case of custom device types that are not - registered in balena-cloud but still need to fetch the supervisor from + registered in balena-cloud but still need to fetch the + supervisor from - balena-cloud's registry by querying the `supervisor_version` endpoint, + balena-cloud's registry by querying the `supervisor_version` + endpoint, for example when using openBalena. footer: @@ -19617,9 +20871,11 @@ by the API. - Providing the image name in the command line provides an update path + Providing the image name in the command line provides an update + path - for unmanaged devices, manual updates on ESR devices (which currently + for unmanaged devices, manual updates on ESR devices (which + currently do not allow dashboard based updates) and openBalena use cases. footer: @@ -19643,7 +20899,8 @@ 4.9, the test will not pass. - Let's run this test on kernel versions where the issue was present. + Let's run this test on kernel versions where the issue was + present. footer: Change-type: patch change-type: patch @@ -19840,12 +21097,15 @@ is not generated for two reasons: - - 60-resin-update-state.rules only react to resin-* partition names + - 60-resin-update-state.rules only react to resin-* partition + names - - the root device is not identified correctly in resin_update_state_probe + - the root device is not identified correctly in + resin_update_state_probe for LUKS devices - This patch fixes both the issues and makes use of the by-state symlink + This patch fixes both the issues and makes use of the by-state + symlink instead of by-label. footer: @@ -19883,19 +21143,25 @@ - 3 - Expansion card firmware configs - The full protection is only applied on first boot after provisioning, + The full protection is only applied on first boot after + provisioning, flasher only locks against PCRs 0, 2 and 3. - This is because when using flasher, the environment is not in the same + This is because when using flasher, the environment is not in + the same - state as the one we want to lock to. In particular the boot order is + state as the one we want to lock to. In particular the boot + order is - different (flasher is booted from a different drive than the resulting OS). + different (flasher is booted from a different drive than the + resulting OS). - As for now we were not able to find a better solution than fully locking + As for now we were not able to find a better solution than fully + locking - only on first boot. This means the device must be booted in a secure + only on first boot. This means the device must be booted in a + secure environment at least once after provisioning. footer: @@ -19993,7 +21259,8 @@ Update balena-supervisor from 12.11.32 to 12.11.36 - Includes a fix for https://github.com/balena-os/balena-supervisor/issues/1890 + Includes a fix for + https://github.com/balena-os/balena-supervisor/issues/1890 footer: Change-type: patch change-type: patch @@ -20010,13 +21277,17 @@ The moby engine v20.x.y adds some selinux [security configurations](https://docs.docker.com/engine/reference/run/#security-configuration) - depending on the [container configuration](https://github.com/moby/moby/blob/master/daemon/create.go#L214). + depending on the [container + configuration](https://github.com/moby/moby/blob/master/daemon/create.go#L214). - This would cause the supervisor to enter a service restart loop as the + This would cause the supervisor to enter a service + restart loop as the - current and target service configurations will never match. The + current and target service configurations will never + match. The - supervisor now ignores selinux specific security options since those are + supervisor now ignores selinux specific security options + since those are not supported by balenaOS. footer: @@ -20060,7 +21331,8 @@ This is necessary with the changes as of balenaOS 2.82.6, which watches config.json - and will restart balena-hostname and some other services automatically on file change. + and will restart balena-hostname and some other services + automatically on file change. footer: Change-type: patch change-type: patch @@ -20080,7 +21352,8 @@ With more and more devices in ipv6 only networks, this ensures the - local addresses are reported to the cloud as part of the state patch. + local addresses are reported to the cloud as part of the + state patch. footer: Change-type: patch change-type: patch @@ -20144,7 +21417,8 @@ the only hard error is if rollback (failcleanup) fails, in all other - scenarios we want the daemon to continue starting with the new + scenarios we want the daemon to continue starting with + the new graphdriver footer: @@ -20160,12 +21434,14 @@ previously switch would treat S_IFIFO and S_IFSOCK as the same, passing - both of the to mkfifo, which lead to EINVAL errors when trying to create + both of the to mkfifo, which lead to EINVAL errors when + trying to create the socket, we instead handle socket separately. - Also adds cases for this to the unit and integration tests of the + Also adds cases for this to the unit and integration + tests of the migrator. footer: @@ -20205,7 +21481,9 @@ body: > See https://github.com/containerd/containerd/pull/4530 - and `git log ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be ./platforms/` + and `git log + ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be + ./platforms/` in the containerd repo footer: @@ -20221,7 +21499,8 @@ reorder the defer statements in the migrate function to only teardown - the logger after the failcleanup function ran. otherwise errors logged + the logger after the failcleanup function ran. otherwise + errors logged there won't show up in the logfile footer: @@ -20237,9 +21516,11 @@ This brings all migration logic into a single call into the - storagemigration package, which should make future maintenance easier + storagemigration package, which should make future + maintenance easier - and fixes the cleanup logic bug, where the old aufs root would never be + and fixes the cleanup logic bug, where the old aufs root + would never be cleaned up. footer: @@ -20263,7 +21544,8 @@ This commit changes the way we retry layer downloads after failures with - the goal of making it more resilient, especially for cases involving + the goal of making it more resilient, especially for + cases involving large layers and unreliable network connections. @@ -20271,15 +21553,18 @@ These are the changes: - * Make sure we also retry after failures in `v2LayerDescriptor.reset()`. + * Make sure we also retry after failures in + `v2LayerDescriptor.reset()`. This method creates a new HTTP request to resume a failed download, and therefore depends on a working network to succeed. - * Wait exponentially longer times between retries (instead of retrying + * Wait exponentially longer times between retries + (instead of retrying immediately as before). This shall increase of success in case of network issues that take longer to get resolved. * Increase the number of retries to 10. - * Reset retry count whenever we successfully download anything at all. + * Reset retry count whenever we successfully download + anything at all. The idea is that we want to give up downloading only after a long continuous period of failures. Combined with the exponential back-off strategy and increased number of retries described above, a layer pull @@ -20317,7 +21602,8 @@ body: > This can be used to keep a record of failed migrations. - Only runs if BALENA_MIGRATE_OVERLAY_LOGFILE is set to a path on disk. + Only runs if BALENA_MIGRATE_OVERLAY_LOGFILE is set to a + path on disk. The log file will be deleted if there are no errors. footer: @@ -20333,7 +21619,8 @@ With this change the aufs data is kept around until the next time we - start. If we find both an aufs AND an overlay2 storage root, we cleanup + start. If we find both an aufs AND an overlay2 storage + root, we cleanup the aufs data. footer: @@ -20349,13 +21636,16 @@ During fingerpinting of the source image the destination layers are not - exepmt from being released (e.g. when `balena image rm `) is run + exepmt from being released (e.g. when `balena image rm + `) is run simultaneously. - Similarly when processing the destination layers to generate deltas we + Similarly when processing the destination layers to + generate deltas we - only hold one reference at a time, leaving the subsequent layers + only hold one reference at a time, leaving the + subsequent layers vulnerable to the same issues. footer: @@ -20416,9 +21706,11 @@ Busybox in balenaOS is compiled with desktop mode disabled, - so features like `-ef` and providing pids via `-q` are not + so features like `-ef` and providing pids via `-q` are + not - supported. Add a 3rd condition to try ps with no args and allow + supported. Add a 3rd condition to try ps with no args + and allow parsePSOutput to filter by pid. @@ -20479,7 +21771,8 @@ body: > https://github.com/balena-os/balena-engine-cli/commit/20c19830a95455e8562551aad52c715ad0807cc6 - moves the versioning variables to a separate package. We have to adjust + moves the versioning variables to a separate package. We + have to adjust the location in hack/make.sh too footer: @@ -20555,12 +21848,15 @@ Earlier engine versions were not properly persisting cacheID - in layer metadata. As a result, because of abruptly terminated transactions, + in layer metadata. As a result, because of abruptly + terminated transactions, - a lot of devices have unreferenced graphdriver layers on disk. + a lot of devices have unreferenced graphdriver layers on + disk. - With this change, the engine will be able to clean up such unreferenced layers. + With this change, the engine will be able to clean up + such unreferenced layers. footer: Change-type: patch change-type: patch @@ -20574,11 +21870,14 @@ When layer store is created, its tmp directory may contain information - about transactions that were abruptly treminated during the previous process run. + about transactions that were abruptly treminated during + the previous process run. - Such data is now identified before any new transactions can be created, + Such data is now identified before any new transactions + can be created, - and a background process is started to delete both meta data and graph driver layeres. + and a background process is started to delete both meta + data and graph driver layeres. footer: Change-type: patch change-type: patch @@ -20592,19 +21891,25 @@ If the engine process is terminated during the layer extraction transaction, - before Commit or Cancel is called on the transaction, a new FS layer can be created + before Commit or Cancel is called on the transaction, a + new FS layer can be created - by the graph driver without any link to the layers metadata. + by the graph driver without any link to the layers + metadata. - This change ensures we don't perform any actions on the graph driver storage until + This change ensures we don't perform any actions on the + graph driver storage until - the FS layer ID (the cacheID) is persisted as a part of the transaction data. + the FS layer ID (the cacheID) is persisted as a part of + the transaction data. - We can use this data to clean up the graph driver storage on next process start + We can use this data to clean up the graph driver + storage on next process start - deleting all data associated with the transactions terminated abruptly. + deleting all data associated with the transactions + terminated abruptly. footer: Change-type: patch change-type: patch @@ -20618,7 +21923,8 @@ On macOS, unit tests where failing with - root@c4101a75c792:/go/src/github.com/docker/docker/pkg/authorization# go test . + root@c4101a75c792:/go/src/github.com/docker/docker/pkg/authorization# + go test . --- FAIL: TestAuthZRequestPluginError (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long @@ -20626,7 +21932,8 @@ authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long --- FAIL: TestAuthZResponsePlugin (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long - time="2020-04-07T10:07:04Z" level=warning msg="Request body is larger than: '1048576' skipping body" + time="2020-04-07T10:07:04Z" level=warning msg="Request + body is larger than: '1048576' skipping body" --- FAIL: TestMiddlewareWrapHandler (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long @@ -20635,7 +21942,8 @@ FAIL github.com/docker/docker/pkg/authorization 0.120s - This change moves the socket creation from a working test directory to a tmp directory, + This change moves the socket creation from a working + test directory to a tmp directory, so the path is shorter. footer: @@ -20675,7 +21983,8 @@ We don't support these on balenaOS anyway and we are planning to drop - support for them once we move to the new balenaCI-based pipeline. + support for them once we move to the new balenaCI-based + pipeline. footer: Change-type: patch change-type: patch @@ -20713,7 +22022,8 @@ This adds a new ContainerIDEnv field to HostConfig that can pass an - environment variable name, which will be set to the container ID and + environment variable name, which will be set to the + container ID and passed to the container environment. footer: @@ -20731,7 +22041,8 @@ First warn the user that balena-engine-daemon needs to be started. - Including instructions on how to make the system ready for that: + Including instructions on how to make the system ready + for that: - service files @@ -20799,7 +22110,8 @@ 684d8ba6109c853b355bf11ca3733c4099f14b92. - The default is still to sync all currently mounted filesystems before + The default is still to sync all currently mounted + filesystems before reporting an ApplyDiff as successful. footer: @@ -20828,16 +22140,19 @@ The only test from integration/ that covers any resource constrained - container scenarios is the OomKilled check in integration/container/kill_test.go + container scenarios is the OomKilled check in + integration/container/kill_test.go - This adds two addional checks that try to create, startk, stop and + This adds two addional checks that try to create, + startk, stop and inspect a busybox container with: a) a memory constraint like: balena-engine run -m 32m .. - b) a memory constraint like: balena-engine run -cpus ".5" .. + b) a memory constraint like: balena-engine run -cpus + ".5" .. footer: Change-type: patch change-type: patch @@ -20863,7 +22178,8 @@ set up the Go environment. - See https://docs.travis-ci.com/user/languages/minimal-and-generic/ + See + https://docs.travis-ci.com/user/languages/minimal-and-generic/ footer: Change-type: patch change-type: patch @@ -20955,14 +22271,17 @@ The prepare-openvpn service needs to be restarted to regenerate the - VPN keys when provisioning is finished and the `apiKey` is removed. + VPN keys when provisioning is finished and the `apiKey` is + removed. - Note that flasher images make changes to `/mnt/boottmp/config.json` so + Note that flasher images make changes to + `/mnt/boottmp/config.json` so we still need to manually kick `prepare-openvpn` in - `resin-device-register`, which is preferable to modifying services to + `resin-device-register`, which is preferable to modifying + services to watch multiple paths. footer: @@ -20983,7 +22302,8 @@ device ID. - This might also resolve a race condition that has been difficult to + This might also resolve a race condition that has been difficult + to track down. footer: @@ -21003,7 +22323,8 @@ This is just a name change that reflects the wider change that the - supervisor is no longer fetched from dockerhub but from Balena's registry. + supervisor is no longer fetched from dockerhub but from Balena's + registry. footer: Change-type: minor change-type: minor @@ -21057,7 +22378,8 @@ Before registration the VPN credentials use the `apiKey`, once the - device is registered we need to regenerate the credentials to use the + device is registered we need to regenerate the credentials to + use the `deviceApiKey` instead. footer: @@ -21116,20 +22438,26 @@ is not reachable. - The rationale for adding the dependency in the first place was that + The rationale for adding the dependency in the first place was + that - without an initial timesync certificate checks may fail. This can still + without an initial timesync certificate checks may fail. This + can still - happen, but the VPN will retry continuously and eventually succeed once + happen, but the VPN will retry continuously and eventually + succeed once the time is synched. - What happens now is that the VPN is delayed until the http sync, so if + What happens now is that the VPN is delayed until the http sync, + so if - the connectivity URL is blocked or unreachable, but the internet is + the connectivity URL is blocked or unreachable, but the internet + is - accessible, VPN will not even launch and no remote debugging is possible. + accessible, VPN will not even launch and no remote debugging is + possible. Fixes #2508 @@ -21276,9 +22604,11 @@ per-unit configuration files extracts. - These will then be monitored by the respective service units to trigger + These will then be monitored by the respective service units to + trigger - restarts, so that service units will only be restarted when there are + restarts, so that service units will only be restarted when + there are configuration changes that apply to them. footer: @@ -21297,14 +22627,17 @@ on config.json changes are part of this target. - This causes a burst of service restarts each time config.json changes, + This causes a burst of service restarts each time config.json + changes, - independently of whether the configuration changes applies to the unit + independently of whether the configuration changes applies to + the unit or not. - This commit removes all config-json.target instances in preparation for + This commit removes all config-json.target instances in + preparation for the introduction of a better, more fine grained mechanism. footer: @@ -21347,11 +22680,14 @@ In order to avoid the need to unlock encrypted partitions in GRUB we want - to use a custom stage2 bootloader. Since that is not ready yet, emulate that + to use a custom stage2 bootloader. Since that is not ready yet, + emulate that - by copying flasher kernel to the EFI partition, start it from GRUB, have it + by copying flasher kernel to the EFI partition, start it from + GRUB, have it - unlock all the partitions, find the real kernel and kexec into it. + unlock all the partitions, find the real kernel and kexec into + it. footer: Change-type: patch change-type: patch @@ -21368,7 +22704,8 @@ - Split resin-boot into EFI and linux boot - - LUKS-format the partitions, copy image contents after unlocking + - LUKS-format the partitions, copy image contents after + unlocking - Propagate signatures for secure boot @@ -21468,7 +22805,8 @@ After moving the partition resizing code to execute on each boot, - we made it unreachable on first boot. We must not exit the script + we made it unreachable on first boot. We must not exit the + script after resizing the partition only because that way the resizing @@ -21506,7 +22844,8 @@ This will allow us to refer to the supervisor image by the repo name - in docker commands, like docker inspect, and prevent re-downloading the + in docker commands, like docker inspect, and prevent + re-downloading the image even though it already exists as an untagged digest. footer: @@ -21528,14 +22867,17 @@ it because it's dirty, the partition gets resized, but not the - filesystem. The script will not attempt to resize the filesystem again, + filesystem. The script will not attempt to resize the filesystem + again, as it detects the partition has already been resized. - Split these actions apart, so that the filesystem resize is always + Split these actions apart, so that the filesystem resize is + always - attempted. If resize2fs detects that the filesystem is already filling + attempted. If resize2fs detects that the filesystem is already + filling available space, it will exit with no action taken. footer: @@ -21554,7 +22896,8 @@ body: > Some BSPs might only make use of UBOOT_MACHINE so let's consider - this case in addition to UBOOT_CONFIG when setting dependency for + this case in addition to UBOOT_CONFIG when setting dependency + for u-boot's do_deploy task. footer: @@ -21971,22 +23314,29 @@ body: > The chrony driftfile is not being updated at shutdown due to an - incorrect mount service dependency in the systemd chronyd.service + incorrect mount service dependency in the systemd + chronyd.service - file. The current dependency on 'var-volatile-lib' does not cover the + file. The current dependency on 'var-volatile-lib' does not + cover the - subsequent bind mounting of the '/var/lib/chrony' sub-directory, so + subsequent bind mounting of the '/var/lib/chrony' sub-directory, + so - the chrony directory gets unmounted at shutdown before the drift file + the chrony directory gets unmounted at shutdown before the drift + file has been updated. - This issue is solved by changing the mount service dependency from + This issue is solved by changing the mount service dependency + from - 'var-volatile-lib' to 'bind-var-lib-chrony' (which is similar to the + 'var-volatile-lib' to 'bind-var-lib-chrony' (which is similar to + the - way bind mount dependencies are already handled for the NetworkManager + way bind mount dependencies are already handled for the + NetworkManager and bluetooth services). footer: @@ -22009,7 +23359,8 @@ Chain operations using Promise.then(), and run commands in parallel - using Promise.map(). This reduces the time taken for fsck tests to about + using Promise.map(). This reduces the time taken for fsck tests + to about half. @@ -22052,7 +23403,8 @@ occur when updating a freshly provisioned device, - which has unitialized timestamps for files in the boot partition, + which has unitialized timestamps for files in the boot + partition, to a newer release based on Honister with glibc-2.34. footer: @@ -22107,7 +23459,8 @@ As resin-rootA is used to decide whether to re-run the generation, leave it - last. As it stands, if resin-rootA is regenerated by any other fail, the + last. As it stands, if resin-rootA is regenerated by any other + fail, the UUID generation is not retried. footer: @@ -22126,7 +23479,8 @@ cleanedup as the rules between initramfs and rootfs might defer. - However, dm devices are flagged not to be re-processed, so we need to + However, dm devices are flagged not to be re-processed, so we + need to set a sticky bit on them so they persist the cleanup. footer: @@ -22144,7 +23498,8 @@ different than the one in the initramfs. - Devices that need to persist, like dm devices, need to be flagged with + Devices that need to persist, like dm devices, need to be + flagged with the `db_persist` option. footer: @@ -22160,30 +23515,37 @@ From v2.49, the hostapp-update utility creates the /run directory in the - root filesystem, however when huping from previous versions /run is not + root filesystem, however when huping from previous versions /run + is not there. - Commit bab3cd7f50022127bfef50fde9cd445b6b55a7b2 switches to use /tmp + Commit bab3cd7f50022127bfef50fde9cd445b6b55a7b2 switches to use + /tmp to store the new UUID for the root partition on first boot after generating new UUIDs as this is backwards compatible. - However, this means that the udev database in the initramfs is recreated + However, this means that the udev database in the initramfs is + recreated - on the final system instead of reused. This becomes a problems for DM + on the final system instead of reused. This becomes a problems + for DM - devices (used in luks based disk encryption), as they are not re-processed + devices (used in luks based disk encryption), as they are not + re-processed by udevd. - This change will use /run if available, so new releases that may implement + This change will use /run if available, so new releases that may + implement - disk encryption work, or /tmp if not so it still remains backwards + disk encryption work, or /tmp if not so it still remains + backwards compatible for HUP from older releases. footer: @@ -22210,7 +23572,8 @@ Some BIOS configuration, like TianoCore used in QEMU, needs DER keys for - secure boot setup. Also, der, auth and esl keys are served base64 encoded + secure boot setup. Also, der, auth and esl keys are served + base64 encoded and need to be decoded before they can be used. footer: @@ -22242,12 +23605,14 @@ When updating from a legacy development image which has no developmentMode - set in config.json to an image configured with development mode, the hooks + set in config.json to an image configured with development mode, + the hooks need to set developmentMode accordingly in config.json. - Updating to a development mode image from a production image will not + Updating to a development mode image from a production image + will not set developmentMode. footer: @@ -22269,7 +23634,8 @@ field is missing from the returned HTTPS header. - When the date field is not present the script will now exit with a + When the date field is not present the script will now exit with + a warning rather than blocking indefinitely. footer: @@ -22498,7 +23864,8 @@ base meta-balena version. - Replace it with searching down the git tree for the commit before the + Replace it with searching down the git tree for the commit + before the branch. footer: @@ -22600,9 +23967,11 @@ last meta-balena tag. - For example, when we branch an ESR release, the meta-balena branch is + For example, when we branch an ESR release, the meta-balena + branch is - tagged with the ESR name, like 2.83.x, while the last meta-balena version + tagged with the ESR name, like 2.83.x, while the last + meta-balena version will be a proper semver. footer: @@ -22667,7 +24036,8 @@ body: > This is required to allow building against cloud instances with - different names for the balenaOS organization and private device types. + different names for the balenaOS organization and private device + types. footer: Change-type: patch change-type: patch @@ -22758,7 +24128,8 @@ When discontinuing a device type, there are no artifacts apart from - device-type.json, so check that the logo is there before deploying. + device-type.json, so check that the logo is there before + deploying. footer: Change-type: patch change-type: patch @@ -22813,10 +24184,12 @@ setting a release semver. - For the time being we are still using a version label in the hostapp. + For the time being we are still using a version label in the + hostapp. - This commit will be reverted once we get rid of the version label. + This commit will be reverted once we get rid of the version + label. footer: Change-type: patch change-type: patch @@ -22932,7 +24305,8 @@ block release. - Also, pass a flag to specify whether the block should be deployed as final + Also, pass a flag to specify whether the block should be + deployed as final release. footer: @@ -23001,14 +24375,16 @@ * Convert balena_deploy_build_block to balena_build_block, and deploy with balena_deploy_block - * Remove balena_deploy_hostapp and replace with balena_deploy_block + * Remove balena_deploy_hostapp and replace with + balena_deploy_block * Modify balena_deploy_hostos to use balena_deploy_block * Modify balena_deploy_block to use release versioning - By deafult image deployments happen as draft versions, and only become + By deafult image deployments happen as draft versions, and only + become final when passing validation. footer: @@ -23036,7 +24412,8 @@ When fetching images for blocks, use a given release revision. - Also, add token autentication to the API calls that miss it so that they work + Also, add token autentication to the API calls that miss it so + that they work with private device types. @@ -23058,7 +24435,8 @@ reject deployments for an existing release. - On the new versioning model, deployments increment a revision field so + On the new versioning model, deployments increment a revision + field so there is no need to check for uniqueness. footer: @@ -23091,7 +24469,8 @@ use of release_version. - Introduce a new balena_lib_release() function that utilises a balena + Introduce a new balena_lib_release() function that utilises a + balena contract and the CLI to set the release version. footer: @@ -23207,9 +24586,11 @@ do_deploy:append replaces the original file with its signed counterpart, - the signature just gets ignored for non secure boot setups. The .signed + the signature just gets ignored for non secure boot setups. The + .signed - symlink was in place for backwards compatibility but nothing is using it + symlink was in place for backwards compatibility but nothing is + using it anymore therefore we can safely remove it. footer: @@ -23243,12 +24624,15 @@ This patch replaces the kernel being shipped with the one that we eventually - sign for EFI - without signing the original file used would be identical + sign for EFI - without signing the original file used would be + identical - but after applying signature, the signed version is the one we want to ship. + but after applying signature, the signed version is the one we + want to ship. - It also fixes the file name for the detached signature, which must match + It also fixes the file name for the detached signature, which + must match the name of the associated file. footer: @@ -23299,46 +24683,61 @@ Add a new timesync-https systemd service to synchronise the system - time at boot using an HTTPS header. The service uses curl to request + time at boot using an HTTPS header. The service uses curl to + request - an HTTPS header from either $API_ENDPOINT/connectivity-check (default) + an HTTPS header from either $API_ENDPOINT/connectivity-check + (default) or the URL defined by the os.network.connectivity.uri field in - config.json. The URL used *must* return HTTP code 204 (No Content) + config.json. The URL used *must* return HTTP code 204 (No + Content) - in response to a request so that we can determine that we have full + in response to a request so that we can determine that we have + full - network connectivity and are not operating behind a captive portal. + network connectivity and are not operating behind a captive + portal. - The date field returned by a valid header is used to set the current + The date field returned by a valid header is used to set the + current - system time. The date/time derived from the header is assumed to be a + system time. The date/time derived from the header is assumed to + be a - reasonable source of 'truth' such that it can be used to adjust the + reasonable source of 'truth' such that it can be used to adjust + the - system time both backwards and forwards. This will compensate for any + system time both backwards and forwards. This will compensate + for any erroneous timestamps saved via fake-hwclock or any invalid data read from an RTC. - The service will exit when a valid response has been received. Poll + The service will exit when a valid response has been received. + Poll - attempts will be made at an increasing interval starting at 2s and + attempts will be made at an increasing interval starting at 2s + and - doubling up to a maximum of 64s. Polling will continue at the maximum + doubling up to a maximum of 64s. Polling will continue at the + maximum interval until a valid response has been received. - This service will provide initial time synchronisation for devices + This service will provide initial time synchronisation for + devices - where NTP ports have been blocked. For devices where NTP access is + where NTP ports have been blocked. For devices where NTP access + is - available it should ensure that any system 'time jump' is only a few + available it should ensure that any system 'time jump' is only a + few seconds when NTP synchronisation is eventually achieved. It also @@ -23349,9 +24748,11 @@ complete. - Services that are ordered after the new time-sync-https-wait target + Services that are ordered after the new time-sync-https-wait + target - can be sure that full network connectivity has been achieved and that + can be sure that full network connectivity has been achieved and + that time has been synchronised with an accuracy of a few seconds. footer: @@ -23385,11 +24786,14 @@ When udev runs resin_update_state_probe for a non-balena partition - and ENV{ID_PART_ENTRY_NAME} is undefined it still gets expanded to random + and ENV{ID_PART_ENTRY_NAME} is undefined it still gets expanded + to random - garbage accidentally lying at the eventual memory address. This can create + garbage accidentally lying at the eventual memory address. This + can create - a mess in /dev/disk/by-state e.g. when external devices are connected. + a mess in /dev/disk/by-state e.g. when external devices are + connected. footer: Change-type: patch change-type: patch @@ -23500,14 +24904,17 @@ The interface test uses a simple ping to ensure a specific interface - works. It sends ten packets, and expects ten packets back. However, the + works. It sends ten packets, and expects ten packets back. + However, the - default interval is one second, which increases the time taken for the + default interval is one second, which increases the time taken + for the test while not adding anything of value. - Reduce the timeout to the minimum non-privileged interval of 2ms. + Reduce the timeout to the minimum non-privileged interval of + 2ms. footer: Change-type: patch change-type: patch @@ -23524,7 +24931,8 @@ One of the test was making sure we were NOT using the default 8.8.8.8 - server even though that may be a valid upstream server provided by DHCP/PPP. + server even though that may be a valid upstream server provided + by DHCP/PPP. footer: Change-type: patch change-type: patch @@ -23541,14 +24949,17 @@ The hook tries to read EFI variables from efivarfs but this is not always - mounted within the container. We have already validated that we are running + mounted within the container. We have already validated that we + are running - in EFI mode therefore we can just check whether it is already mounted + in EFI mode therefore we can just check whether it is already + mounted and eventually mount with no further checks. - This also adds graceful handling of nonexistent variables since not all + This also adds graceful handling of nonexistent variables since + not all UEFI implementations come with secure boot support. footer: @@ -23566,12 +24977,14 @@ body: > At this moment GRUB drops to rescue shell if config is invalid - or if signatures are missing/wrong. This lets the user disable the signature + or if signatures are missing/wrong. This lets the user disable + the signature checks altogether. - With this patch GRUB outputs nothing and accepts no user input if signing + With this patch GRUB outputs nothing and accepts no user input + if signing is configured. footer: @@ -23840,7 +25253,8 @@ This reverts commit 853656e6bcfed0b0206d031c32cd1cde811b8146. - The change overwrites build files, though that is what we need, it is a hacky + The change overwrites build files, though that is what we need, + it is a hacky approach and we will look for a clean solution. footer: @@ -23873,11 +25287,14 @@ GRUB can not use the TPM easily to unlock the volumes and find the kernel - on an encrypted partition. Instead, we choose to store a linux kernel + on an encrypted partition. Instead, we choose to store a linux + kernel - and use it as 2nd stage bootloader to unlock the partition, load the actual + and use it as 2nd stage bootloader to unlock the partition, load + the actual - kernel and kexec into it. This should eventually be replaced by a proper + kernel and kexec into it. This should eventually be replaced by + a proper 2nd stage bootloader that is being worked on. footer: @@ -23929,7 +25346,8 @@ body: > Add a recipe to deploy the signing keys to the deploy directory. - Device types that use them should copy them into the boot partition. + Device types that use them should copy them into the boot + partition. footer: Change-type: patch change-type: patch @@ -23947,13 +25365,17 @@ Currently the two classes would keep the original files untouched and store - the signed versions as .signed. This patch reverses the logic - the signed + the signed versions as .signed. This patch reverses the logic - + the signed - files replace the original ones and the unsigned version is stored as .unsigned. + files replace the original ones and the unsigned version is + stored as .unsigned. - This is because there is no real use-case for the unsigned files, we always + This is because there is no real use-case for the unsigned + files, we always - want to ship the signed version, even if the particular DT does not require it, + want to ship the signed version, even if the particular DT does + not require it, this causes no harm. footer: @@ -23969,7 +25391,8 @@ Add classes for GPG, KMOD and EFI artifact signing. Inheriting these classes - won't run the signing tasks, they have to be manually added to recipes. + won't run the signing tasks, they have to be manually added to + recipes. footer: Change-type: patch change-type: patch @@ -23987,11 +25410,14 @@ When a device is running in secure boot mode, it must not be possible to HUP - to an unsigned version of the OS because UEFI would refuse to boot it before + to an unsigned version of the OS because UEFI would refuse to + boot it before - any of our self-recovering rollback mechanisms can be triggered. This would + any of our self-recovering rollback mechanisms can be triggered. + This would - effectively brick the device, needing physical access to recover. + effectively brick the device, needing physical access to + recover. footer: Change-type: patch change-type: patch @@ -24034,20 +25460,25 @@ Previously, the core service exposed a /proxy endpoint that would start - up a proxy remotely, which would be used by a test in the connectivity + up a proxy remotely, which would be used by a test in the + connectivity - module. However, the endpoint returned the address for the testbot to be + module. However, the endpoint returned the address for the + testbot to be used as the proxy in the response, and this required manual - configuration of the interface. Additionally, it requires the worker + configuration of the interface. Additionally, it requires the + worker service to install and provide glider for forward proxying. - Move the proxy (glider) to a container on the device being tested, + Move the proxy (glider) to a container on the device being + tested, - which simplifies configuration, and reduces the complexity and size of + which simplifies configuration, and reduces the complexity and + size of the interface of Leviathan. footer: @@ -24175,7 +25606,8 @@ https://github.com/dosfstools/dosfstools/commit/87a8f29785bb605350821f1638a42e6cf3e49ce3 - This fixes a build error applying a patch that's already been applied + This fixes a build error applying a patch that's already been + applied when building newer versions of dosfstools. footer: @@ -24198,7 +25630,8 @@ instantly available at boot time. With the addition of the new - HTTPS time synchronisation service the starting of chronyd can be + HTTPS time synchronisation service the starting of chronyd can + be delayed by a few seconds so we need to ensure that the service @@ -24292,7 +25725,8 @@ the only hard error is if rollback (failcleanup) fails, in all other - scenarios we want the daemon to continue starting with the new + scenarios we want the daemon to continue starting with + the new graphdriver footer: @@ -24308,12 +25742,14 @@ previously switch would treat S_IFIFO and S_IFSOCK as the same, passing - both of the to mkfifo, which lead to EINVAL errors when trying to create + both of the to mkfifo, which lead to EINVAL errors when + trying to create the socket, we instead handle socket separately. - Also adds cases for this to the unit and integration tests of the + Also adds cases for this to the unit and integration + tests of the migrator. footer: @@ -24407,7 +25843,8 @@ but is not part of the root filesystem generation. - The decoupling allows to build just the docker rootfs image without + The decoupling allows to build just the docker rootfs image + without having to build the balenaos-img target. footer: @@ -24466,7 +25903,8 @@ In situations with limited resources the info and ps commands can take - an unecessarily long time when we really only need to know that a + an unecessarily long time when we really only need to know that + a container can be started. footer: @@ -24518,7 +25956,8 @@ body: > This prevents downstream linux-firmware fakeroot tasks, such as - firmware compression, from encountering Pseudo Abort due to files + firmware compression, from encountering Pseudo Abort due to + files changing outside the fakeroot context. footer: @@ -24537,25 +25976,31 @@ When user namespacing was enabled in the kernel by default, a separate - commit [0] was introduced to disable the feature at runtime, to allow + commit [0] was introduced to disable the feature at runtime, to + allow users/administrators to explicitly choose to enable it, avoiding potential security implications. - However, some applications such as Chromium's sandbox, require either + However, some applications such as Chromium's sandbox, require + either - SUID or user namespacing to work. Disabling this feature on boards + SUID or user namespacing to work. Disabling this feature on + boards - that previously enabled it necessitates container modifications and + that previously enabled it necessitates container modifications + and potentially breaks previously working applications. - Create a distro feature to disable user namespacing by default in + Create a distro feature to disable user namespacing by default + in - meta-balena, while allowing device types to keep it enabled to maintain + meta-balena, while allowing device types to keep it enabled to + maintain compatibility with their original behavior. @@ -24701,7 +26146,9 @@ body: > See https://github.com/containerd/containerd/pull/4530 - and `git log ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be ./platforms/` + and `git log + ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be + ./platforms/` in the containerd repo footer: @@ -24784,7 +26231,8 @@ The current code authenticates unmanaged production devices which makes - no sense. Unmanaged devices do not need to authenticate with the API. + no sense. Unmanaged devices do not need to authenticate + with the API. footer: Change-type: patch change-type: patch @@ -24799,9 +26247,11 @@ Newer BalenaOS releases have replaced OS variants for a developmentMode - configuration setting. This commit uses this variable to set the OS + configuration setting. This commit uses this variable to + set the OS - variant in the absence of `VARIANT_ID` from the os-release file. + variant in the absence of `VARIANT_ID` from the + os-release file. footer: Change-type: patch change-type: patch @@ -24815,7 +26265,8 @@ Add a `developmentMode` configuration variable to the schema. Do not expose - this on the device target state until local key-based authentication is + this on the device target state until local key-based + authentication is sorted. footer: @@ -24835,7 +26286,8 @@ body: > Use a GitHub permalink that includes the commit in - case the file changes and the reference becomes out-of-date. + case the file changes and the reference becomes + out-of-date. footer: Change-type: patch change-type: patch @@ -24853,9 +26305,11 @@ [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. - - [Release notes](https://github.com/jbgutierrez/path-parse/releases) + - [Release + notes](https://github.com/jbgutierrez/path-parse/releases) - - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) + - + [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- @@ -24881,11 +26335,14 @@ Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.19. - - [Release notes](https://github.com/npm/node-tar/releases) + - [Release + notes](https://github.com/npm/node-tar/releases) - - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) + - + [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - - [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19) + - + [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19) --- @@ -24949,7 +26406,8 @@ At runtime we can now enable development features that were previously - configured using the development-image feature. That feature also + configured using the development-image feature. That feature + also configured U-Boot for OS development. @@ -24957,16 +26415,19 @@ Now we have two distinct functionalities: - * A runtime development configuration variable that configures the + * A runtime development configuration variable that configures + the device to facilitate application development - * A build time osdev-image feature that configures the OS for BSP and OS + * A build time osdev-image feature that configures the OS for + BSP and OS development - This allows us to merge the current production/development images into + This allows us to merge the current production/development + images into a single image. footer: @@ -24993,7 +26454,8 @@ The images now can be configured for application development mode at runtime. - This commit introduces a built time option to configure them for BSP or + This commit introduces a built time option to configure them for + BSP or other OS development like board bringup. footer: @@ -25009,7 +26471,8 @@ The ssh development configurations are now applied at runtime. The only - feature that has been left out is the postinst logging. Customers that + feature that has been left out is the postinst logging. + Customers that need to develop the OS can configure this themselves. footer: @@ -25027,7 +26490,8 @@ authentication and empty passwords, as well as root logins. - In production mode, disable password authentication to allow only + In production mode, disable password authentication to allow + only SSH access. footer: @@ -25068,7 +26532,8 @@ Even without debug-tweaks, allow passwordless root logins. For production - builds there is no console available so this setting does not change current + builds there is no console available so this setting does not + change current functionality. footer: @@ -25133,7 +26598,8 @@ BalenaHUP won't need to transfer the isolcpus setting to - the new OS anymore. This is necessary only when updating from older + the new OS anymore. This is necessary only when updating from + older OS versions in which the supervisor adds the isolcpus @@ -25240,7 +26706,8 @@ %%BALENA_ARCH%% for better compatibility - Device types lacking matching tags in the balenalib Docker Hub account + Device types lacking matching tags in the balenalib Docker Hub + account will fail tests when a matching image is not found. Switch to @@ -25285,7 +26752,8 @@ reorder the defer statements in the migrate function to only teardown - the logger after the failcleanup function ran. otherwise errors logged + the logger after the failcleanup function ran. otherwise + errors logged there won't show up in the logfile footer: @@ -25304,9 +26772,11 @@ This brings all migration logic into a single call into the - storagemigration package, which should make future maintenance easier + storagemigration package, which should make future + maintenance easier - and fixes the cleanup logic bug, where the old aufs root would never be + and fixes the cleanup logic bug, where the old aufs root + would never be cleaned up. footer: @@ -25398,10 +26868,12 @@ Some recent changes to the OS allowed some services to restart - automatically when the associated config files are changed. + automatically when the associated config files are + changed. - In these cases we want to avoid restarting the same services + In these cases we want to avoid restarting the same + services manually from the supervisor. footer: @@ -25431,18 +26903,23 @@ PR #1749 introduced a bug when pushing local target state. An update to - the [image name normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81) + the [image name + normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81) - failed to consider the local image name format. This results in mangling + failed to consider the local image name format. This + results in mangling - of image names in the database, i.e. the image `ubuntu:latest` is stored + of image names in the database, i.e. the image + `ubuntu:latest` is stored - as `/ubuntu:latest`. This causes an exception to be returned by the + as `/ubuntu:latest`. This causes an exception to be + returned by the dockerode `getImage('/ubuntu:latest').inspect()` call. - This sends the supervisor into a crash loop and is shown on the supervisor + This sends the supervisor into a crash loop and is shown + on the supervisor journal logs as @@ -25454,11 +26931,14 @@ ``` - Unfortunately if this happens on a user device, since the mangled image + Unfortunately if this happens on a user device, since + the mangled image - name is already on the database, the easiest way to fix is to remove the + name is already on the database, the easiest way to fix + is to remove the - supervisor database and let the supervisor recreate it. Deleting the + supervisor database and let the supervisor recreate it. + Deleting the database should be side effect free. footer: @@ -25475,9 +26955,11 @@ Preparing for the new v3 target state, where the supervisor will make environment - dependent ids optional and rely on using general UUIDs and user known identifiers + dependent ids optional and rely on using general UUIDs + and user known identifiers - for comparison. This PR moves forward in that direction by removing some of those + for comparison. This PR moves forward in that direction + by removing some of those comparisons for v2 target state. @@ -25486,14 +26968,18 @@ - serviceId to be replace by serviceName - - releaseId to be replaced by commit (future release_uuid) + - releaseId to be replaced by commit (future + release_uuid) - This is a backwards compatible change, meaning it doesn't completely get rid of + This is a backwards compatible change, meaning it + doesn't completely get rid of - these identifiers (which are still being used by supervisor API and for state + these identifiers (which are still being used by + supervisor API and for state - patch), but will not depend on those identifiers for calculating steps to target state. + patch), but will not depend on those identifiers for + calculating steps to target state. footer: Change-type: minor change-type: minor @@ -25508,27 +26994,37 @@ The image manager module now uses tags instead of docker IDs as the main - way to identify docker images on the engine. That is, if the target + way to identify docker images on the engine. That is, if + the target - state image has a name `imageName:tag@digest`, the supervisor will always use + state image has a name `imageName:tag@digest`, the + supervisor will always use - the given `imageName` and `tag` (which may be empty) to tag the image on + the given `imageName` and `tag` (which may be empty) to + tag the image on - the engine after fetching. This PR also adds checkups to ensure + the engine after fetching. This PR also adds checkups to + ensure - consistency is maintained between the database and the engine. + consistency is maintained between the database and the + engine. - Using tags allows to simplify query and removal operations, since now + Using tags allows to simplify query and removal + operations, since now - removing the image now means removing tags matching the image name. + removing the image now means removing tags matching the + image name. - Before this change the supervisor relied only on information in the + Before this change the supervisor relied only on + information in the - supervisor database, and used that to remove images by docker ID. However, the docker + supervisor database, and used that to remove images by + docker ID. However, the docker - id is not a reliable identifier, since images retain the same id between + id is not a reliable identifier, since images retain the + same id between releases or between services in the same release. @@ -25573,9 +27069,11 @@ The previous module was using `rewire` to get the knex instance from the - db module but that was leading to issues when running tests using `test:fast`. + db module but that was leading to issues when running + tests using `test:fast`. - This provides a fix for the test module that just removes the destroy + This provides a fix for the test module that just + removes the destroy call entirely (it turns out it is not necessary). footer: @@ -25609,12 +27107,14 @@ Since kernel v5.10 this file is generated when using modules_prepare. As - the kernel-modules-headers contains pre-built target binaries, we also + the kernel-modules-headers contains pre-built target binaries, + we also need to include this file in the package. - This is not a problem when using kernel-source as a modules_prepare is + This is not a problem when using kernel-source as a + modules_prepare is always required. footer: @@ -25637,7 +27137,8 @@ The kernel-balena class contains a global blacklist of btrfs that - disables this filesystem for all device types, regardless of them + disables this filesystem for all device types, regardless of + them explicitly enabling it. @@ -25675,7 +27176,8 @@ Since adding the 'config-json' systemd target the 'balena-ntp-config' - and 'prepare-openvpn' services have stopped running automatically + and 'prepare-openvpn' services have stopped running + automatically when config.json is updated. This is fixed by adding @@ -25699,9 +27201,11 @@ body: > Fix a race condition that can occur when setting the hostname at - boot by disabling NetworkManager's ability to modify the hostname. + boot by disabling NetworkManager's ability to modify the + hostname. - The static and transient system hostnames are now managed exclusively + The static and transient system hostnames are now managed + exclusively by the 'balena-hostname' service. footer: @@ -25724,7 +27228,8 @@ We no longer require reboots when changing hostname in config.json. - The contents of '/etc/hostname' and the avahi mDNS broadcast hostname + The contents of '/etc/hostname' and the avahi mDNS broadcast + hostname are updated automatically without requiring a reboot. footer: @@ -25743,11 +27248,13 @@ changes. - Changes to 'config.json' will trigger the 'balena-hostname' service + Changes to 'config.json' will trigger the 'balena-hostname' + service to update the static and transient hostnames and the 'avahi' - service to ensure that any hostname changes are broadcast via mDNS. + service to ensure that any hostname changes are broadcast via + mDNS. footer: Change-type: patch change-type: patch @@ -25780,7 +27287,8 @@ This commit adds a FIRMWARE_COMPRESSION distro configuration that - performs the compression of linux-firmware files. Only kernel versions + performs the compression of linux-firmware files. Only kernel + versions above 5.3 support loading compressed firmware. footer: @@ -25814,7 +27322,8 @@ Some kernel configuration are only applicable from specific kernel - versions. This commit adds a function that allows to add a specific + versions. This commit adds a function that allows to add a + specific configuration set only from a given kernel version. footer: @@ -25830,11 +27339,14 @@ This allows to re-use this functionality. Note that the `KERNEL_VERSION` - variable is only available after the kernel has been built as it relies + variable is only available after the kernel has been built as it + relies - on get_kernelversion_headers() poky function and utsrelease.h being + on get_kernelversion_headers() poky function and utsrelease.h + being - generated. This function parses the Makefile so only needs the source. + generated. This function parses the Makefile so only needs the + source. footer: Change-type: patch change-type: patch @@ -25873,7 +27385,8 @@ body: > Change the NetworkManager NTP dispatcher script to update the - on/offline status of the NTP sources on 'connectivity-change' events + on/offline status of the NTP sources on 'connectivity-change' + events instead of 'up/down' events. @@ -25882,7 +27395,8 @@ network interface. It makes more sense to run it for - 'connectivity-change' events as we are really interested in whether + 'connectivity-change' events as we are really interested in + whether the internet is there or not rather than whether an interface is @@ -25932,7 +27446,8 @@ Remove ${bindir} from FILES_grub-common, ensuring grub utilities aren't - installed to /usr/bin, in addition to a previous similar commit that + installed to /usr/bin, in addition to a previous similar commit + that removed sbin utils. This frees approximately 5.5M. footer: @@ -25951,41 +27466,51 @@ Most major distributions now ship kernels with user namespacing enabled - in the kernel config. Some distributions, such as Arch and Ubuntu, + in the kernel config. Some distributions, such as Arch and + Ubuntu, default to the upstream behavior of allowing unprivileged user - namespacing, regardless of potential attack surfaces exposed in the + namespacing, regardless of potential attack surfaces exposed in + the kernel. - Other distributions, such as Debian, are slightly more conservative, + Other distributions, such as Debian, are slightly more + conservative, disabling the feature at runtime behind a sysctl tunable. Debian - maintains its own patch to add the kernel.unprivileged_userns_clone + maintains its own patch to add the + kernel.unprivileged_userns_clone tunable. - The Debian patch was rejected by upstream over fears of application + The Debian patch was rejected by upstream over fears of + application - developers not using this feature due to it being generally unavailable + developers not using this feature due to it being generally + unavailable in systems, as well as fears of bugs going undiscovered. - RHEL uses a newer tunable introduced upstream to set the max number of + RHEL uses a newer tunable introduced upstream to set the max + number of - user namespaces to zero, which accomplishes the same thing, but without + user namespaces to zero, which accomplishes the same thing, but + without an out of tree patch. - Disable user namespacing at runtime using the same method as RHEL, in + Disable user namespacing at runtime using the same method as + RHEL, in - the same manner as the hardened kernels and distributions have chosen. + the same manner as the hardened kernels and distributions have + chosen. https://lwn.net/Articles/673597/ @@ -26021,7 +27546,8 @@ There is at least a case in a board where the puts function in u-boot's - common/console.c is #ifdef'ed and defined twice. Let's accomodate for + common/console.c is #ifdef'ed and defined twice. Let's + accomodate for such cases by correctly looping through more than one function @@ -26083,9 +27609,11 @@ made it to production. - We can now use a runtime drop-in unit placed under /run/systemd/ to + We can now use a runtime drop-in unit placed under /run/systemd/ + to - configure the balena-host service, which doesn't require us to remount + configure the balena-host service, which doesn't require us to + remount the rootfs. footer: @@ -26137,9 +27665,11 @@ Triggered by a failue in the VPN test - the bash binary is bigger than - the openvpn binary and on devices with limitted rootfs space the copying + the openvpn binary and on devices with limitted rootfs space the + copying - is not possible. Symlinking /dev/null will break the services as well. + is not possible. Symlinking /dev/null will break the services as + well. footer: Change-type: patch change-type: patch @@ -26295,7 +27825,8 @@ 596b0474d3d9b1242eab713f84d8873f9887d980 for details. - Hence we use in meta-balena-dunfell the upstream kernel-devsrc from the + Hence we use in meta-balena-dunfell the upstream kernel-devsrc + from the hardknott-3.3.1 Poky release which handles this module.lds move. footer: @@ -26314,7 +27845,8 @@ Update balena-engine from 19.03.18 to 19.03.23 - Which brings more resilient layer download (allows proper resuming after + Which brings more resilient layer download (allows proper + resuming after network failures). footer: @@ -26333,7 +27865,8 @@ This commit changes the way we retry layer downloads after failures with - the goal of making it more resilient, especially for cases involving + the goal of making it more resilient, especially for + cases involving large layers and unreliable network connections. @@ -26341,15 +27874,18 @@ These are the changes: - * Make sure we also retry after failures in `v2LayerDescriptor.reset()`. + * Make sure we also retry after failures in + `v2LayerDescriptor.reset()`. This method creates a new HTTP request to resume a failed download, and therefore depends on a working network to succeed. - * Wait exponentially longer times between retries (instead of retrying + * Wait exponentially longer times between retries + (instead of retrying immediately as before). This shall increase of success in case of network issues that take longer to get resolved. * Increase the number of retries to 10. - * Reset retry count whenever we successfully download anything at all. + * Reset retry count whenever we successfully download + anything at all. The idea is that we want to give up downloading only after a long continuous period of failures. Combined with the exponential back-off strategy and increased number of retries described above, a layer pull @@ -26384,13 +27920,16 @@ During fingerpinting of the source image the destination layers are not - exepmt from being released (e.g. when `balena image rm `) is run + exepmt from being released (e.g. when `balena image rm + `) is run simultaneously. - Similarly when processing the destination layers to generate deltas we + Similarly when processing the destination layers to + generate deltas we - only hold one reference at a time, leaving the subsequent layers + only hold one reference at a time, leaving the + subsequent layers vulnerable to the same issues. footer: @@ -26421,7 +27960,8 @@ body: > This can be used to keep a record of failed migrations. - Only runs if BALENA_MIGRATE_OVERLAY_LOGFILE is set to a path on disk. + Only runs if BALENA_MIGRATE_OVERLAY_LOGFILE is set to a + path on disk. The log file will be deleted if there are no errors. footer: @@ -26437,7 +27977,8 @@ With this change the aufs data is kept around until the next time we - start. If we find both an aufs AND an overlay2 storage root, we cleanup + start. If we find both an aufs AND an overlay2 storage + root, we cleanup the aufs data. footer: @@ -26519,17 +28060,21 @@ Since we don't have devices using older 3.x kernels we update to a newer - base image so that we don't have problems compiling this test kernel + base image so that we don't have problems compiling this test + kernel module on newer kernels. This avoids a compile error on kernel 5.10.31 on arm64 - raspberrypicm4-ioboard for example where it would complain _mcount is + raspberrypicm4-ioboard for example where it would complain + _mcount is - undefined because the older gcc in the intel-nuc-debian:stretch-20190717 + undefined because the older gcc in the + intel-nuc-debian:stretch-20190717 - base image would not create the _mcount symbol when compiling against + base image would not create the _mcount symbol when compiling + against the newer 5.10.31 kernel. footer: @@ -26551,11 +28096,13 @@ Resolve `latest` to dev variant - If we want the serial logs of the DUT the image that is flashed needs to + If we want the serial logs of the DUT the image that is flashed + needs to be the development variant. The `latest` shortcut however always - resolves to the production image. We manually resolve the version to fix + resolves to the production image. We manually resolve the + version to fix this. @@ -26580,9 +28127,11 @@ hup due to a lack of space on the inactive partition. - Add a task to check the docker image space against the available space on + Add a task to check the docker image space against the available + space on - the root filesystem partition and fail the build if it's too big. + the root filesystem partition and fail the build if it's too + big. footer: Change-type: patch change-type: patch @@ -26601,9 +28150,11 @@ hup due to a lack of space on the inactive partition. - Add a task to check the docker image space against the available space on + Add a task to check the docker image space against the available + space on - the root filesystem partition and fail the build if it's too big. + the root filesystem partition and fail the build if it's too + big. footer: Change-type: patch change-type: patch @@ -26620,11 +28171,14 @@ the partition sizes on the balena image classes. - The rootfs size is calculated with the assumption of a total BalenaOS + The rootfs size is calculated with the assumption of a total + BalenaOS - size of 700M. This includes boot, state, rootA and rootB partitions. The + size of 700M. This includes boot, state, rootA and rootB + partitions. The - data partition will then grow to occupy the rest of the storage media. + data partition will then grow to occupy the rest of the storage + media. Device integration layers can override this value if needed. @@ -26641,7 +28195,8 @@ Instead of hardcoding the requested root filesystem value, let's explain - how the calculation is made with a python function that will adjust based + how the calculation is made with a python function that will + adjust based on the sizes of other partitions. footer: @@ -26772,33 +28327,42 @@ connectivity checker doesn't differentiate between the - CONNECTED_LOCAL, CONNECTED_SITE and CONNECTED_GLOBAL states. This + CONNECTED_LOCAL, CONNECTED_SITE and CONNECTED_GLOBAL states. + This - service checks for the CONNECTED_GLOBAL state only and can be used + service checks for the CONNECTED_GLOBAL state only and can be + used to delay the start of other services which require full network - access to be available. This can help to avoid startup problems on + access to be available. This can help to avoid startup problems + on networks with slow DNS access or that utilise a captive portal. - The script does an initial oneshot check of the NM state to make sure + The script does an initial oneshot check of the NM state to make + sure that we don't wait for an event that doesn't come. This check is - redundant at boot time due to the fact that the service is started + redundant at boot time due to the fact that the service is + started - before NM to ensure that no NM DBus events are missed. The initial + before NM to ensure that no NM DBus events are missed. The + initial - check is useful in circumstances where you want to run the script + check is useful in circumstances where you want to run the + script standalone or post-boot. - Other services that wish to make use of this service and wait for + Other services that wish to make use of this service and wait + for - full network connectivity should add the following entries to their + full network connectivity should add the following entries to + their systemd unit definition: @@ -26880,21 +28444,26 @@ This makes it easier to overwrite the arguments passed in the engine - unit from drop-in overwrites. See the development image drop-in unit for + unit from drop-in overwrites. See the development image drop-in + unit for reference. - Using `systemctl edit --runtime balena.service`, which puts those + Using `systemctl edit --runtime balena.service`, which puts + those - overwrites into `/run/systemd/system/balena.service.d/`, it would be + overwrites into `/run/systemd/system/balena.service.d/`, it + would be - possible to modify the runtime behavior of the engine without remounting + possible to modify the runtime behavior of the engine without + remounting the rootfs to be writeable. - See https://www.freedesktop.org/software/systemd/man/systemd.unit.html#System%20Unit%20Search%20Path + See + https://www.freedesktop.org/software/systemd/man/systemd.unit.html#System%20Unit%20Search%20Path footer: Change-type: patch change-type: patch @@ -27083,14 +28652,17 @@ Currently we are reading a package list from the contracts that mixes - recipe and package names, and we run bitbake with the `-k` flag not to + recipe and package names, and we run bitbake with the `-k` flag + not to stop the build when a package name fails to match a recipe. - The contracts have now been modified to specify either a `sw.recipe.yocto` + The contracts have now been modified to specify either a + `sw.recipe.yocto` - or a `sw.package.yocto` so we can distinguish between them and use + or a `sw.package.yocto` so we can distinguish between them and + use recipe names to build and package names to install. @@ -27124,7 +28696,8 @@ The installation directory is currently "/yocto/resin-board". This is - too long for the creation of per-task balena-engine sockets which have + too long for the creation of per-task balena-engine sockets + which have a maximum path length of 104 characters. @@ -27182,7 +28755,8 @@ From https://github.com/Ariel-Rodriguez/sh-semversion-2 - MIT licensed: https://github.com/Ariel-Rodriguez/sh-semversion-2/blob/main/LICENSE + MIT licensed: + https://github.com/Ariel-Rodriguez/sh-semversion-2/blob/main/LICENSE footer: Change-type: patch change-type: patch @@ -27210,14 +28784,17 @@ This file allows other components to uniquely parse the information that - is contained in the changelog. It will be automatically managed by + is contained in the changelog. It will be automatically managed + by - versionist by appending the new commits on top. This is needed to + versionist by appending the new commits on top. This is needed + to provide nested-changelogs. - Generated with product-os/versionist/blob/master/scripts/generate-changelog.sh + Generated with + product-os/versionist/blob/master/scripts/generate-changelog.sh footer: Change-type: patch change-type: patch @@ -27245,7 +28822,8 @@ This container is based on the `balena-push-env` helper container and includes - an opkg application built from source. It is used to build Yocto IPK packaged + an opkg application built from source. It is used to build Yocto + IPK packaged based hostOS blocks. - hash: dcb1ee52f56d4785cc4a6b93d33c2b63f2bcda12 @@ -27349,15 +28927,18 @@ When running multiple daemons, we don't want them to clash managing - iptables so we start redundant daemons with iptables and ipmasq set to + iptables so we start redundant daemons with iptables and ipmasq + set to false. By default we enable both which is the current dockerd default. - When running a single docker daemon without the iptables and ipmasq flags, + When running a single docker daemon without the iptables and + ipmasq flags, - containers on the default bridge network cannot communite with the + containers on the default bridge network cannot communite with + the outside as no iptables rules are set. - version: balena-yocto-scripts-1.12.14 @@ -27506,7 +29087,8 @@ The installation directory is currently "/yocto/resin-board". This is - too long for the creation of per-task balena-engine sockets which have + too long for the creation of per-task balena-engine sockets + which have a maximum path length of 104 characters. @@ -27534,7 +29116,8 @@ Print the details of all submodules so that layers that are not part of - bblayers, like balena-yocto-scripts, also get their sha1s displayed on + bblayers, like balena-yocto-scripts, also get their sha1s + displayed on build. - hash: 562d2120770041a50f7daebbf4660ccace1ee51f @@ -27633,13 +29216,16 @@ A global variable uses git to retrieve a sha1 revision. If this fails - with the errexit option the script exists after sourcing this file. + with the errexit option the script exists after sourcing this + file. - This commit masks the error as it may not be needed in the sourcing + This commit masks the error as it may not be needed in the + sourcing script. - Also, fix the length of the short git release to avoid different git + Also, fix the length of the short git release to avoid different + git clients configuration mismatches. - version: balena-yocto-scripts-1.12.7 @@ -27697,7 +29283,8 @@ The namespace variable can point to an alternative registry and it is - useful for developing. This commit sets the default when not defined. + useful for developing. This commit sets the default when not + defined. - version: balena-yocto-scripts-1.12.5 date: 2021-03-30T08:34:48.000Z commits: @@ -27718,7 +29305,8 @@ This script is called either to deploy a bootable block (hostapp) or to - deploy a standard block. This commit makes the environmental variables + deploy a standard block. This commit makes the environmental + variables match for both use cases. - hash: 8508ea1401107cc5d0a7d3c3026b57bbc5f69bb4 @@ -27861,7 +29449,8 @@ Only fix user and password from environment when in a Jenkins context. - This allows to rebuild and deploy helper images to user repositories for + This allows to rebuild and deploy helper images to user + repositories for local development - hash: 295800c173833e6857258faaf1ace2a09dc7339a @@ -27877,7 +29466,8 @@ This commit extends barys so it accepts a list of bitbake arguments - and/or target images. This will allow the flexibilty needed to build + and/or target images. This will allow the flexibilty needed to + build blocks with barys as frontend. - hash: bc926eecd3d7acb629b3709a3e89e935ae0f18c5 @@ -27919,9 +29509,11 @@ API call. - Production versions have the OS release name and development versions get + Production versions have the OS release name and development + versions get - appended a .dev suffix. Once both image variants are merged only the OS + appended a .dev suffix. Once both image variants are merged only + the OS release name will be used. - hash: f3c8ea277d799ca3c9ae5c263e08db332d40aac6 @@ -27982,7 +29574,8 @@ The current method does not support multiple layers named with names - following `meta-balena-*` so this change will search for the required + following `meta-balena-*` so this change will search for the + required `bblayers.conf.sample` file before assigning the template layer. - version: balena-yocto-scripts-1.11.2 @@ -28021,7 +29614,8 @@ making the code more legible. - Also, remove balena login from `balena_lib_docker_pull_helper_image` function + Also, remove balena login from + `balena_lib_docker_pull_helper_image` function as the login is performed by the container deployment script. - hash: 111843536ad9c951f0850256b8a56d9f4c612816 @@ -28150,7 +29744,8 @@ The example kernel module has some unnecessary variables and targets. - Simplify this makefile by passing the kernel source directory to make, + Simplify this makefile by passing the kernel source directory to + make, and using the M variable to build the module. footer: @@ -28185,14 +29780,16 @@ The hostapp-update hooks would run before the supervisor update step - when using balenahup via the dashboard. This resulted in the balena + when using balenahup via the dashboard. This resulted in the + balena supervisor state conf file being out-of-date. This commit removes the hostapp-update hook and instead uses a - oneshot service to ensure the conf is migrated if it does not exist + oneshot service to ensure the conf is migrated if it does not + exist in the new path before starting the supervisor. footer: @@ -28277,16 +29874,20 @@ balena-engine requires fixes backported from upstream to support a newer - version of Go, and retaining the new recipes while switching back to the + version of Go, and retaining the new recipes while switching + back to the - supported version of Go using the GOVERSION variable is still a work in + supported version of Go using the GOVERSION variable is still a + work in - process. Revert these changes for now. We can merge the new recipes + process. Revert these changes for now. We can merge the new + recipes back in once the build issues are resolved. - This reverts commit f36dbd96684f9adfc5ce6faa57aa26fc4ba8e34e, reversing + This reverts commit f36dbd96684f9adfc5ce6faa57aa26fc4ba8e34e, + reversing changes made to b228aea720fd1536ac6904b1886b2d445a582fc9. footer: @@ -28320,7 +29921,8 @@ mounted from /etc/resin-supervisor in the state cache partition. - Avoid deleting the old supervisor state cache in case of rollback. + Avoid deleting the old supervisor state cache in case of + rollback. footer: Change-type: patch change-type: patch @@ -28364,7 +29966,8 @@ Sync changes to disk once the certificates have been updated. This - minimizes the risk of the custom CA to be committed without having the + minimizes the risk of the custom CA to be committed without + having the certificates updated. footer: @@ -28568,7 +30171,8 @@ Hung tasks are not normally terminal, nor do they affect system - stability, but panicking during an image write forces a device into a + stability, but panicking during an image write forces a device + into a bootloop that requires manual intervention to remedy. @@ -28576,11 +30180,13 @@ See the below stacktrace: - [ 243.565482] INFO: task balenad:4049 blocked for more than 120 seconds. + [ 243.565482] INFO: task balenad:4049 blocked for more than 120 + seconds. [ 243.565737] Not tainted 4.9.140-l4t-r32.4 #1 - [ 243.565853] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. + [ 243.565853] "echo 0 > + /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 243.566032] balenad D 0 4049 1 0x00000008 @@ -28592,7 +30198,8 @@ [ 243.566590] [] schedule+0x40/0xa8 - [ 243.566744] [] rwsem_down_read_failed+0xd4/0x128 + [ 243.566744] [] + rwsem_down_read_failed+0xd4/0x128 [ 243.566872] [] down_read+0x58/0x60 @@ -28602,11 +30209,14 @@ [ 243.567237] [] el0_svc_naked+0x34/0x38 - [ 243.567394] Kernel panic - not syncing: hung_task: blocked tasks + [ 243.567394] Kernel panic - not syncing: hung_task: blocked + tasks - [ 243.567533] CPU: 3 PID: 47 Comm: khungtaskd Not tainted 4.9.140-l4t-r32.4 #1 + [ 243.567533] CPU: 3 PID: 47 Comm: khungtaskd Not tainted + 4.9.140-l4t-r32.4 #1 - [ 243.567819] Hardware name: NVIDIA Jetson Xavier NX Developer Kit (DT) + [ 243.567819] Hardware name: NVIDIA Jetson Xavier NX Developer + Kit (DT) [ 243.568318] Call trace: @@ -28630,7 +30240,8 @@ [ 243.609511] Memory Limit: none - [ 243.612484] trusty-log panic notifier - trusty version Built: 12:18:19 Oct 16 2020 [ 243.636124] Rebooting in 1 seconds.. + [ 243.612484] trusty-log panic notifier - trusty version Built: + 12:18:19 Oct 16 2020 [ 243.636124] Rebooting in 1 seconds.. Disable this config for all platforms. @@ -28667,7 +30278,8 @@ introduced to bootstrap the Go compilation. - Specify to use the go-native recipe and not go-binary-native when + Specify to use the go-native recipe and not go-binary-native + when requiring go-native. footer: @@ -28686,10 +30298,12 @@ balena-engine hasn't transitioned to building with modules yet, and Go - 1.16 enabled them by default. Revert to the old behavior for now to fix + 1.16 enabled them by default. Revert to the old behavior for now + to fix the build. - This option will be removed in Go 1.17, so we'll have to update our + This option will be removed in Go 1.17, so we'll have to update + our build before upgrading further. @@ -28708,7 +30322,8 @@ Hardknott introduces get_linuxloader() to linuxloader.bbclass that - allows for dynamically choosing between different c libraries, which go + allows for dynamically choosing between different c libraries, + which go recipes depend on. @@ -28769,20 +30384,24 @@ rather than having to parse them directly. Some of the default - settings have now been included as part of the jq parsing string. + settings have now been included as part of the jq parsing + string. - The jq command has also been assigned to an interim variable rather + The jq command has also been assigned to an interim variable + rather than being evaluated directly. This allows other scripts which - include balena-config-vars to handle parsing errors correctly when + include balena-config-vars to handle parsing errors correctly + when they are running with 'set -e'. The os-networkmanager script has been updated to make use of the - balena-config-vars script and no longer parses config.json itself. + balena-config-vars script and no longer parses config.json + itself. The logging has been standardised and the simplification of the @@ -28791,7 +30410,8 @@ to 101 lines. - The build time tests have been removed as the os-networkmanager script + The build time tests have been removed as the os-networkmanager + script is unable to access /usr/sbin/balena-config-vars at buildtime. footer: @@ -28990,35 +30610,45 @@ A previous PR (#1656) fixed validation for network ipam config, - checking that both network and subnet are defined for each ipam config entry + checking that both network and subnet are defined for + each ipam config entry (as described in the docker documentation). - After that PR, the validations throws an exception if the network target state is incorrect, + After that PR, the validations throws an exception if + the network target state is incorrect, - but this turns out to be the wrong approach, because that exception is also triggered + but this turns out to be the wrong approach, because + that exception is also triggered when querying target state. - This isn't a problem in normal operation, but it is in local mode, because local + This isn't a problem in normal operation, but it is in + local mode, because local - mode queries the old target state before sending a new one. Since the query fails, + mode queries the old target state before sending a new + one. Since the query fails, the CLI can never push the new target state. - This PR replaces the exception with a warning on the logs, since a + This PR replaces the exception with a warning on the + logs, since a - misconfigured network won't cause any engine failures, it will just + misconfigured network won't cause any engine failures, + it will just - prevent containers to communicate through the provided network. + prevent containers to communicate through the provided + network. - A future improvement should move this validation to an earlier point in the process, + A future improvement should move this validation to an + earlier point in the process, - so the target state can get rejected before it even gets to a point it + so the target state can get rejected before it even gets + to a point it can be used. footer: @@ -29063,11 +30693,14 @@ This extra info will mean the API is able to immediately set default - config vars based on the os/supervisor version so that they are + config vars based on the os/supervisor version so that + they are - available on the first target state fetch rather than having a delay + available on the first target state fetch rather than + having a delay - whilst waiting for the supervisor to report them as part of a state + whilst waiting for the supervisor to report them as part + of a state patch @@ -29206,12 +30839,14 @@ The `start-resin-supervisor` script in newer OS version no longer uses the - SUPERVISOR_TAG environment variable setup on supervisor.conf and + SUPERVISOR_TAG environment variable setup on + supervisor.conf and update-supervisor.conf. - This change removes the need for that variable with livepush supervisor + This change removes the need for that variable with + livepush supervisor to make it compatible with older and newer OS versions footer: @@ -29251,7 +30886,8 @@ for custom composer types for network. - This commit also modifies network tests to use the new types + This commit also modifies network tests to use the new + types footer: Change-type: minor change-type: minor @@ -29291,7 +30927,8 @@ body: > Replace all references to the 'resin-vars' script with - 'balena-config-vars' as it has been renamed. Add a conditional + 'balena-config-vars' as it has been renamed. Add a + conditional test for compatibility with legacy systems. footer: @@ -29325,9 +30962,11 @@ - [Release notes](https://github.com/npm/ssri/releases) - - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) + - + [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) + - + [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) footer: Change-type: patch change-type: patch @@ -29394,9 +31033,11 @@ This is needed in preparation for storage migration from aufs to overlayfs. - When running hostapp-update, we need to create the target hostapp on + When running hostapp-update, we need to create the target + hostapp on - overlayfs, which implies the OS we update from can support both drivers + overlayfs, which implies the OS we update from can support both + drivers footer: Change-type: minor change-type: minor @@ -29504,14 +31145,16 @@ This brings in the aufs-to-overlay migrator. Which won't run until we - configure the engine service to include an `BALENA_MIGRATE_OVERLAY=1` + configure the engine service to include an + `BALENA_MIGRATE_OVERLAY=1` env var. The other notable change is the fix for - https://github.com/balena-os/balena-engine/issues/236 which allows + https://github.com/balena-os/balena-engine/issues/236 which + allows `balena top` to work as expected on balenaOS footer: @@ -29531,18 +31174,23 @@ We need to make sure the modem is completely initialized before sending - the AT commands that do the switch to ECM mode. To achieve this we + the AT commands that do the switch to ECM mode. To achieve this + we - change the systemd service dependency to depend on ModemManager.service + change the systemd service dependency to depend on + ModemManager.service - and then we determine the modem state by using mmcli and querying the + and then we determine the modem state by using mmcli and + querying the modem power-state property. - This procedure will only be done once. After the modem is placed in ECM + This procedure will only be done once. After the modem is placed + in ECM - mode, it will stay in this mode for future reboots so there will be no + mode, it will stay in this mode for future reboots so there will + be no other delays in bringing up the modem connection. footer: @@ -29629,7 +31277,8 @@ The balena-supervisor repository has been moved to balena-os so the - repo.yml file needs to be corrected for nested changelogs to work again. + repo.yml file needs to be corrected for nested changelogs to + work again. footer: Change-type: patch change-type: patch @@ -29664,30 +31313,40 @@ to etc-fake-hwclock.mount. - On initial boot after flashing a device the resin-state-reset.service + On initial boot after flashing a device the + resin-state-reset.service - was running after etc-fake-hwclock.mount causing the bind mount point + was running after etc-fake-hwclock.mount causing the bind mount + point - /mnt/state/root-overlay/etc/fake-hwclock to be deleted after it had + /mnt/state/root-overlay/etc/fake-hwclock to be deleted after it + had - been mounted. This resulted in a failure to save the date/time at + been mounted. This resulted in a failure to save the date/time + at - shutdown which caused problems with persistent logging at next boot. + shutdown which caused problems with persistent logging at next + boot. - Subsequent boots are unaffected as resin-state-reset does not run. + Subsequent boots are unaffected as resin-state-reset does not + run. Adding a dependency on the resin-state services ensures that the - bind mount point is created after the state reset has been performed. + bind mount point is created after the state reset has been + performed. - This issue was noticed when running the testbot unmanaged OS image + This issue was noticed when running the testbot unmanaged OS + image - persistent logging test. When running a managed OS image the device + persistent logging test. When running a managed OS image the + device normally reboots fairly immediately after connecting to the - balena-cloud host and receiving parameter updates, so this issue is + balena-cloud host and receiving parameter updates, so this issue + is not usually noticeable. footer: @@ -29755,11 +31414,14 @@ At this moment resin_update_state_probe is scanning pretty much every - block device for rootfs. This include ramdisks, zram and loop devices + block device for rootfs. This include ramdisks, zram and loop + devices - which, when scanned, even spam warnings in logs. This patch updates + which, when scanned, even spam warnings in logs. This patch + updates - the udev rule to skip such devices and only trigger on add or change + the udev rule to skip such devices and only trigger on add or + change events. footer: @@ -29924,9 +31586,11 @@ Remove assumptions about root fstype. Rename create to create.ext4, - mkfs.hostapp-ext4 to mkfs.hostapp, and add an argument to mkfs.hostapp + mkfs.hostapp-ext4 to mkfs.hostapp, and add an argument to + mkfs.hostapp - for fstype. Remove CMD from Dockerfile in favor of passing it as an + for fstype. Remove CMD from Dockerfile in favor of passing it as + an argument to docker run. footer: @@ -29947,27 +31611,35 @@ that was previously made `PartOf=` the balena.service. - This was done in an attempt to help get the system unstuck when the + This was done in an attempt to help get the system unstuck when + the - image is removed (like through manual pruning), which would cause the + image is removed (like through manual pruning), which would + cause the - healthcheck to trigger the engine to reboot until the load service was + healthcheck to trigger the engine to reboot until the load + service was restarted by hand. - Further investigation found a race between the first execution of the + Further investigation found a race between the first execution + of the - engine healthcheck script (which needs the image to be loaded) and the + engine healthcheck script (which needs the image to be loaded) + and the - loader service itself, which would lead to a similar state, requireing + loader service itself, which would lead to a similar state, + requireing manual intervention. - This change moves the loading into the healthcheck script itself, + This change moves the loading into the healthcheck script + itself, - allowing us to remove the loader script and service entirely, skipping + allowing us to remove the loader script and service entirely, + skipping the whole service ordering issue. footer: @@ -29990,7 +31662,8 @@ This option depends on FW_LOADER_USER_HELPER which will be enabled if - _FALLBACK is set to 'y', which is the default in the arm64 defconfig + _FALLBACK is set to 'y', which is the default in the arm64 + defconfig since Linux 5.4+. footer: @@ -30061,7 +31734,8 @@ As part of a full rename away from legacy resin namespaces the - following os-config compatibility changes are required to align + following os-config compatibility changes are required + to align with meta-balena changes. @@ -30127,9 +31801,11 @@ resin-image installs them from ${DEPLOYDIR}. - A normal grub installation installs those modules to ${PREFIX}/${libdir} + A normal grub installation installs those modules to + ${PREFIX}/${libdir} - to allow grub tooling to install them at runtime, but we're building the + to allow grub tooling to install them at runtime, but we're + building the image with GRUB baked in, so we don't need those in the sysroot. @@ -30138,18 +31814,23 @@ constraints by copying the modules from ${D}/${libdir}/grub/ to - ${DEPLOYDIR} in do_deploy(), then removing ${D}${prefix}. This had the + ${DEPLOYDIR} in do_deploy(), then removing ${D}${prefix}. This + had the - unfortunate side effect of breaking the build in certain cases, such as + unfortunate side effect of breaking the build in certain cases, + such as - clean builds or reexecuting do_deploy() without the other steps of the + clean builds or reexecuting do_deploy() without the other steps + of the build. - Instead, remove the unwanted files in do_install(), and append the + Instead, remove the unwanted files in do_install(), and append + the - required modules to GRUB_BUILDIN to create a standalone grub image + required modules to GRUB_BUILDIN to create a standalone grub + image without any external modules at all. footer: @@ -30168,11 +31849,14 @@ If the device with flasher rootfs is slow to bring up and rootfs is defined - as UUID=xxx the waiting loop in rootfs initrd script would assume UUIDs have + as UUID=xxx the waiting loop in rootfs initrd script would + assume UUIDs have - just been regenerated and wait for a by-state symlink instead. This only works + just been regenerated and wait for a by-state symlink instead. + This only works - for the OS - flasher does not use the dynamically generated UUIDs + for the OS - flasher does not use the dynamically generated + UUIDs therefore we always want to use the by-uuid link for it. footer: @@ -30285,7 +31969,8 @@ and *.mod extensions respectively. - Install only the release modules in do_deploy() to avoid balooning the + Install only the release modules in do_deploy() to avoid + balooning the size of the boot partition. footer: @@ -30363,15 +32048,20 @@ unit (etc-fake\x2dhwclock.mount). - Using a systemd service to bind mount the /etc/fake-hwclock directory + Using a systemd service to bind mount the /etc/fake-hwclock + directory - results in systemd generating an internal mount unit for the same + results in systemd generating an internal mount unit for the + same - directory. This causes problems at shutdown when both methods try to + directory. This causes problems at shutdown when both methods + try to - unmount the directory. This frequently leads to the directory being + unmount the directory. This frequently leads to the directory + being - unmounted before the fake-hwclock service has managed to save the + unmounted before the fake-hwclock service has managed to save + the system time. This results in an inaccurate fake-hwclock time @@ -30412,7 +32102,8 @@ body: > Running resin-ntp-config from openvpn upscript.sh is no longer - necessary as it is now run automatically when config.json changes. + necessary as it is now run automatically when config.json + changes. footer: Change-type: patch change-type: patch @@ -30455,9 +32146,11 @@ using the chrony-helper script. - A systemd service has been added to run the resin-ntp-config script + A systemd service has been added to run the resin-ntp-config + script - once at boot. Previously the script was being run up to 8 times at + once at boot. Previously the script was being run up to 8 times + at boot via a NetworkManager dispatcher script. footer: @@ -30477,15 +32170,19 @@ Update the existing DHCP dispatcher script for adding NTP sources to - make use of dynamic chrony source configuration. Any DHCP configured + make use of dynamic chrony source configuration. Any DHCP + configured - NTP sources for a particular interface are added to a sources file on + NTP sources for a particular interface are added to a sources + file on - network 'up' or DHCP lease renewal events. Any DHCP configured NTP + network 'up' or DHCP lease renewal events. Any DHCP configured + NTP sources for a particular interface are deleted on network 'down' - events. Changes to the sources file are picked up by chrony either + events. Changes to the sources file are picked up by chrony + either when it starts up or at runtime using the chrony-helper script. @@ -30494,7 +32191,8 @@ status on network 'up' and 'down' events. This will make chrony - re-run an iburst for sources when the appropriate network interface + re-run an iburst for sources when the appropriate network + interface comes back up. footer: @@ -30516,9 +32214,11 @@ Add the 'sourcedir' parameter to the chrony configuration to support - dynamic source configuration files. Any NTP source files that are + dynamic source configuration files. Any NTP source files that + are - created in 'sourcedir' (/run/chrony) can be used to update the chrony + created in 'sourcedir' (/run/chrony) can be used to update the + chrony source configuration at runtime. @@ -30545,7 +32245,8 @@ body: > We need to make sure the firmware cleanup function runs before - do_populate_sysroot otherwise do_populate_sysroot will race with it and + do_populate_sysroot otherwise do_populate_sysroot will race with + it and will fail complaining about the missing firmware that @@ -30568,38 +32269,49 @@ Fixes #2075 - Needed were a number of various changes to make the package compile properly: + Needed were a number of various changes to make the package + compile properly: - Removed is 0001-wwan-Set-MTU-based-on-what-ModemManager-exposes.patch that is now + Removed is + 0001-wwan-Set-MTU-based-on-what-ModemManager-exposes.patch that + is now included upstream. - Our patch for removing HTTPS connectivity checking warning is reworked for ease of + Our patch for removing HTTPS connectivity checking warning is + reworked for ease of - maintainance. It now keeps the log entry, but changes it to debug level. + maintainance. It now keeps the log entry, but changes it to + debug level. - Fixed are UPSTREAM_CHECK_* definitions as they referenced a wrong version number. + Fixed are UPSTREAM_CHECK_* definitions as they referenced a + wrong version number. - The following additional configuration options were added/removed: + The following additional configuration options were + added/removed: - *. Introspection is disabled through `--enable-introspection=no`. Other services do + *. Introspection is disabled through + `--enable-introspection=no`. Other services do - not depend on it, so it is safe to remove it. A related patch is no longer needed + not depend on it, so it is safe to remove it. A related patch is + no longer needed 0002-Do-not-create-settings-settings-property-documentati.patch - *. A new option for using firewalld zone for shared mode is disabled as we do not + *. A new option for using firewalld zone for shared mode is + disabled as we do not use firewalld. - *. The polkit agent option no longer is available, so `--enable-polkit-agent` and + *. The polkit agent option no longer is available, so + `--enable-polkit-agent` and `--disable-polkit-agent` are no longer defined. footer: @@ -30641,22 +32353,27 @@ By using procps as docker expects we can properly handle ps args - such as -e and -o to format output. Busybox is only capable of this + such as -e and -o to format output. Busybox is only capable of + this when compiled in "desktop" mode. - This upstream commit to poky has already split the ps binary into + This upstream commit to poky has already split the ps binary + into a separate procps package: - - https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=507a47a4e5077d5f8f76d9629be6b871dfd8eb90 + - + https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=507a47a4e5077d5f8f76d9629be6b871dfd8eb90 - So for now we can copy this recipe at the commit above into compat branches + So for now we can copy this recipe at the commit above into + compat branches - and use that version until we pick up a branch newer than gatesgarth. + and use that version until we pick up a branch newer than + gatesgarth. footer: Change-type: patch change-type: patch @@ -30712,12 +32429,14 @@ UART modems (RaspberryPi HATs) are not working currently under - balenaOS as NetworkManager times out while attempting to establish + balenaOS as NetworkManager times out while attempting to + establish ppp connection. This is not a balenaOS specific issue. - This commits adds a `connect ""` declaration to `/etc/ppp/options` + This commits adds a `connect ""` declaration to + `/etc/ppp/options` to workaround this as the NULL default value causes the timeout. @@ -30726,7 +32445,8 @@ physical link. When using NetworkManager/ModemManager it is - ModemManager that establishes the physical link before passing it + ModemManager that establishes the physical link before passing + it to NetworkManager. Thus `connect` should be empty. footer: @@ -30746,16 +32466,19 @@ body: > Starting with dee971c0dbeb6e8363f3e321af582e99627626e9, flasher - images, which don't contain a supervisor version, try to register + images, which don't contain a supervisor version, try to + register in the API using the parameter supervisor_version='null'. - However, the API expects this parameter to be unset completely if + However, the API expects this parameter to be unset completely + if there's no version to be reported during registration, otherwise - the call fails and the device doesn't show up in dashboard during + the call fails and the device doesn't show up in dashboard + during flashing or report the post-provisioning state. footer: @@ -30789,9 +32512,11 @@ This is necessary because node has its own built-in CA bundle and ignores - the system-wide bundle. Bind-mount the system-wide bundle to the supervisor + the system-wide bundle. Bind-mount the system-wide bundle to the + supervisor - container as well to keep the previous behavior. Make it read-only though, + container as well to keep the previous behavior. Make it + read-only though, any modifications should be performed by the host OS. footer: @@ -30945,7 +32670,8 @@ This reverts commit dc6cfa2e90b29b0fdcfc05c1b85e2196de4f950b. - Once the core problem with the resin-data mount has been fixed this + Once the core problem with the resin-data mount has been fixed + this commit is no longer needed. footer: @@ -30963,9 +32689,11 @@ https://github.com/balena-os/meta-balena/commit/6be3f1153d56c1c0c21e6d84db7be70be96bcd10 - the supervisor database was relocated by mistake. On this version the database + the supervisor database was relocated by mistake. On this + version the database - returns to its original place, and these hooks copy the old database to the + returns to its original place, and these hooks copy the old + database to the new location to avoid data loss. footer: @@ -30984,7 +32712,8 @@ able to start. - This commit checks the directory existence and creates it if required + This commit checks the directory existence and creates it if + required independently of whether the supervisor container is present. footer: @@ -31056,7 +32785,8 @@ https://github.com/meta-rust/meta-rust/pull/242 - The fix for TUNE_FEATURES parsing has been merged in meta-rust master + The fix for TUNE_FEATURES parsing has been merged in meta-rust + master and should be present when they fork for dunfell. footer: @@ -31072,14 +32802,16 @@ The content applied by the patches has not changed, just the context - in order to properly inject changes without fuzzy matching since the source + in order to properly inject changes without fuzzy matching since + the source files have changed upstream. `devtool modify systemd` - `devtool finish --force-patch-refresh systemd ../layers/meta-balena/meta-balena-dunfell/` + `devtool finish --force-patch-refresh systemd + ../layers/meta-balena/meta-balena-dunfell/` footer: Change-type: patch change-type: patch @@ -31093,7 +32825,8 @@ https://github.com/balena-os/poky/commit/e3cd4e584239c207e3c82bdf5d7216d26fd28fc7 - add missing udev rules since systemd began including rules explicitly + add missing udev rules since systemd began including rules + explicitly footer: Change-type: patch change-type: patch @@ -31119,7 +32852,8 @@ [https://github.com/balena-os/poky/commit/d365948ebd76625f82ef04e77d35bcfeced42fec] - Dropbear is still required to migrate keys. Avoid the upstream conflict with openssh. + Dropbear is still required to migrate keys. Avoid the upstream + conflict with openssh. footer: Change-type: patch change-type: patch @@ -31182,9 +32916,11 @@ https://github.com/balena-os/poky/commit/d7b8ae3faa9344f2ada22e0402066c2fff5958c6 - We have no use for u-boot-initial-env and enabling it would require + We have no use for u-boot-initial-env and enabling it would + require - additional changes in do_compile to match the commit linked above. + additional changes in do_compile to match the commit linked + above. footer: Change-type: patch change-type: patch @@ -31210,7 +32946,8 @@ body: > In dunfell, rather than patching the bluetooth.service.in file, - we will just override the ExecStart value via bluetooth.conf.systemd + we will just override the ExecStart value via + bluetooth.conf.systemd footer: Change-type: patch change-type: patch @@ -31258,9 +32995,11 @@ 'runSupervisor'. - Updates to the 'start-resin-supervisor' script in v2.62.1 removed + Updates to the 'start-resin-supervisor' script in v2.62.1 + removed - the check for updates to the REGISTRY_ENDPOINT variable. Previously + the check for updates to the REGISTRY_ENDPOINT variable. + Previously this had been detected as changing every time the script was run @@ -31268,17 +33007,21 @@ 'start-resin-supervisor' script always running through the - 'runSupervisor' path. With this variable check removed, and no config + 'runSupervisor' path. With this variable check removed, and no + config updates being detected, the script was trying to run 'balena start --attach resin_supervisor' and failing due to the - absence of the /var/log/supervisor-log directory. To fix this problem we + absence of the /var/log/supervisor-log directory. To fix this + problem we - unconditionally test for and create this directory (if necessary) so + unconditionally test for and create this directory (if + necessary) so - that it is available regardless of the path taken through the script. + that it is available regardless of the path taken through the + script. footer: Change-type: patch change-type: patch @@ -31304,7 +33047,8 @@ doing our own profiling. - [0] https://fedoraproject.org/wiki/Changes/SwapOnZRAM#Default_zram_device_configuration: + [0] + https://fedoraproject.org/wiki/Changes/SwapOnZRAM#Default_zram_device_configuration: footer: Change-type: minor change-type: minor @@ -31323,15 +33067,20 @@ 1234 (non-privileged). - Previous issues with Phicomm routers had required the use of a fixed + Previous issues with Phicomm routers had required the use of a + fixed - UDP source port, so port 123 was chosen as this is used by both ntpd + UDP source port, so port 123 was chosen as this is used by both + ntpd - and ntpdate. However recent testing has shown that using a privileged + and ntpdate. However recent testing has shown that using a + privileged - port such as 123 can cause issues on other networks. By changing the + port such as 123 can cause issues on other networks. By changing + the - port to be non-privileged (i.e. 1234) we can satisfy both network + port to be non-privileged (i.e. 1234) we can satisfy both + network requirements. footer: @@ -31368,7 +33117,8 @@ follows: - 1) A 'timeinit-rtc.sh' script has been added to improve logging of + 1) A 'timeinit-rtc.sh' script has been added to improve logging + of system time updates from the RTC and to prevent system time being set when RTC time is behind system time. If RTC time is found to be behind system time a warning is issued regarding @@ -31584,11 +33334,14 @@ ``` - Will lead to the supervisor creating multiple image database entries + Will lead to the supervisor creating multiple image + database entries - with the same dockerId (this is because of how the engine handles this + with the same dockerId (this is because of how the + engine handles this - particular case). This case is not handled by the removal process + particular case). This case is not handled by the + removal process leading to image pile up and increased disk usage. footer: @@ -31609,22 +33362,29 @@ The memory information reported by the supervisor currently - estimates the value of used memory as `MemTotal - MemFree`. + estimates the value of used memory as `MemTotal - + MemFree`. - However, linux systems will try to cache and buffer as much + However, linux systems will try to cache and buffer as + much - memory as possible, which will affect the output of `MemFree` + memory as possible, which will affect the output of + `MemFree` - (from /proc/meminfo) and in consequence the memory usage seen + (from /proc/meminfo) and in consequence the memory usage + seen - by the user on the dashboard, which will appear much greater than + by the user on the dashboard, which will appear much + greater than it is. - The correct calculation should be `MemTotal - MemFree - Buffers - Cached`, + The correct calculation should be `MemTotal - MemFree - + Buffers - Cached`, - which the calculation performed by `htop` and the `free` commands. + which the calculation performed by `htop` and the `free` + commands. footer: Change-type: patch change-type: patch @@ -31679,13 +33439,17 @@ With the addition of the system information feature (CPU temp) etc if - there wasn't any changes in the docker or config state of the device, + there wasn't any changes in the docker or config state + of the device, - updates in system information would not be sent to the API. Now we + updates in system information would not be sent to the + API. Now we - attempt to send data once every maxReportFrequency (although this does + attempt to send data once every maxReportFrequency + (although this does - not mean that we will be sending data that often, we still only send the + not mean that we will be sending data that often, we + still only send the delta, if one exists) footer: @@ -31729,9 +33493,11 @@ In order to make supervisor upgrades more transparent, lets move away - from this env var since it requires a container restart any time the supervisor + from this env var since it requires a container restart + any time the supervisor - is upgraded. We should ultimately move towards providing the supervisors + is upgraded. We should ultimately move towards providing + the supervisors set of capabilities, but that can come later footer: @@ -31752,7 +33518,8 @@ Due to the singleton work, when performing migration M00005 and there - are apps with services created in the database, a deadlock occurs + are apps with services created in the database, a + deadlock occurs during database initialization due to a circular @@ -31790,12 +33557,15 @@ When trying to apply SSDT overlays in Up Board, the supervisor currently - gets stuck in a loop trying to apply target state. See #1465 + gets stuck in a loop trying to apply target state. See + #1465 - This was due to a bug in parsing the configuration, which lead to + This was due to a bug in parsing the configuration, + which lead to - the method bootConfigChangeRequired returning true when no change was + the method bootConfigChangeRequired returning true when + no change was needed. footer: @@ -31829,14 +33599,17 @@ Each service, when requesting access to the Supervisor API, will - now get an individual key which can be scoped to specific resources. + now get an individual key which can be scoped to + specific resources. - In this iteration the default scope will be to the application that + In this iteration the default scope will be to the + application that the service belongs to. - We also have a `global` scope which is used by the cloud API when in + We also have a `global` scope which is used by the cloud + API when in managed mode. footer: @@ -31984,14 +33757,17 @@ By default chrony uses a random UDP source port for each NTP request. - This can cause problems with particular routers/firewalls (issues have + This can cause problems with particular routers/firewalls + (issues have been reported for the Phicomm KE 2P). - The chrony `acquisitionport` configuration setting has been added + The chrony `acquisitionport` configuration setting has been + added - to the chrony.conf file to change the UDP source port for NTP requests + to the chrony.conf file to change the UDP source port for NTP + requests to 123 (this is the same as the default source port used by both @@ -32013,11 +33789,13 @@ body: > Drop the '-s' command line parameter from chronyd as: - a) restoring time from the drift file is no longer necessary due to + a) restoring time from the drift file is no longer necessary due + to the fake-hwclock service, and - b) restoring time from the RTC is already covered by the timeinit-rtc + b) restoring time from the RTC is already covered by the + timeinit-rtc service. footer: @@ -32034,43 +33812,52 @@ In order to produce sensible timestamps for journald log messages: - a) the system time needs to be maintained correctly over a reboot, and + a) the system time needs to be maintained correctly over a + reboot, and b) the system time needs to be set before journald is started. Currently the system time is maintained over reboots on systems - without an RTC using the last modified time of the chrony drift file. + without an RTC using the last modified time of the chrony drift + file. However there are a couple of issues with this approach: - a) /var/lib/chrony/ is not mounted early enough in the boot process + a) /var/lib/chrony/ is not mounted early enough in the boot + process to be available for setting the time before journald is started. - b) there is an issue with the current systemd dependencies that result + b) there is an issue with the current systemd dependencies that + result - in the last modified time of the drift file not being updated when the + in the last modified time of the drift file not being updated + when the system is shutdown or rebooted (see #1995). - The Debian fake-hwclock service (as used by Raspberry Pi OS) has been + The Debian fake-hwclock service (as used by Raspberry Pi OS) has + been added to overcome these issues. - The fake-hwclock service will save and restore the system time from + The fake-hwclock service will save and restore the system time + from - the fake-hwclock.data file (in /etc/fake-hwclock/). The system time + the fake-hwclock.data file (in /etc/fake-hwclock/). The system + time is loaded from this file at boot and saved to it on shutdown. An additional timer service has been added to update the file on an - hourly basis to cater for unexpected shutdown scenarios, e.g. power + hourly basis to cater for unexpected shutdown scenarios, e.g. + power failure. @@ -32100,7 +33887,8 @@ Add a persistent r/w location (root-overlay/etc/fake-hwclock/) to - the resin-state partition for storage of the fake-hwclock.data file. + the resin-state partition for storage of the fake-hwclock.data + file. This file is used by the fake-hwclock service to load the system @@ -32157,9 +33945,11 @@ in the system. - The list of hostapp extensions to install can either be passed to the + The list of hostapp extensions to install can either be passed + to the - script or it will use the ones set in config.json or hostapp-extensions.conf + script or it will use the ones set in config.json or + hostapp-extensions.conf in that order. footer: @@ -32192,11 +33982,14 @@ root filesystem at boot. - This commits adds the default host extensions to the data partition + This commits adds the default host extensions to the data + partition - image, stores their repository tags in the /etc directory, and creates + image, stores their repository tags in the /etc directory, and + creates - the containers so that mobynit can mount the container filesystems on + the containers so that mobynit can mount the container + filesystems on boot. footer: @@ -32241,7 +34034,8 @@ Now that the data partition will be mounted from the initramfs for host - extensions support, this script will only run if something went wrong. + extensions support, this script will only run if something went + wrong. footer: Change-type: patch change-type: patch @@ -32269,7 +34063,8 @@ The resin-data partition will be mounted in the initramfs for the host - extension support so the UUID generation needs to happen before that. + extension support so the UUID generation needs to happen before + that. footer: Change-type: patch change-type: patch @@ -32283,12 +34078,14 @@ With the data partition being mounted in the initramfs to support host - extensions, the runtime systemd-udev no longer sees the resin-data mount + extensions, the runtime systemd-udev no longer sees the + resin-data mount event and this mount is blocked. - This is resolved by not adding the default dependency on the block device. + This is resolved by not adding the default dependency on the + block device. footer: Change-type: patch change-type: patch @@ -32393,12 +34190,14 @@ The hostapp update process should not overwrite the supervisor configuration - backend files to avoid the supervisor being forced to set the target state + backend files to avoid the supervisor being forced to set the + target state after HUP and reboot the device during the rollback period. - This only applies to the host configuration files which are the only ones + This only applies to the host configuration files which are the + only ones that force a reboot. footer: @@ -32433,9 +34232,11 @@ body: > If the rootfs is on a slow-to-bring-up device (e.g. RPi4 + USB) - the fsuuidsinit_enabled() function may return before the balena symlinks + the fsuuidsinit_enabled() function may return before the balena + symlinks - are created. This gets wrongly interpreted as missing UUIDs leading to + are created. This gets wrongly interpreted as missing UUIDs + leading to a chain of failures in the subsequent scripts. @@ -32460,9 +34261,11 @@ We allow the user to specify a custom CA in the .balenaRootCA key - of config.json but at this moment each tool has to implement support + of config.json but at this moment each tool has to implement + support - if it wants to use it. This commit adds it to the system-wide CA bundle + if it wants to use it. This commit adds it to the system-wide CA + bundle so that the CA is respected everywhere. @@ -32806,9 +34609,11 @@ The change type is considered 'major' because, by default, errors are - now thrown for relatively common occurrences such as authentication + now thrown for relatively common occurrences + such as authentication - failures when pulling from private registries, and library users may + failures when pulling from private registries, + and library users may have to adapt. footers: @@ -33013,7 +34818,8 @@ * Switch to `export ...` syntax (from `export = ...`) - * Fix invalid export of class inheriting non-exported class + * Fix invalid export of class inheriting + non-exported class footers: change-type: major hash: a6307b8c04d3456ad7d8a6ac19035b5e718c4311 @@ -33266,7 +35072,8 @@ For the updated 5.4 kernel on RPI4, kernel-headers-test fails with - arch/arm64/kernel/vdso/Makefile lib/vdso/Makefile No such file or directory + arch/arm64/kernel/vdso/Makefile lib/vdso/Makefile No such file + or directory make[1] *** No rule to make target 'lib/vdso/Makefile'. Stop. @@ -33561,9 +35368,11 @@ This is very similar to the cache class they use by default, with the - difference that it has a limit and won't grow indefinitely, causing + difference that it has a limit and won't + grow indefinitely, causing - memory leaks on long running applications like Jellyfish. + memory leaks on long running + applications like Jellyfish. footers: change-type: patch signed-off-by: Juan Cruz Viotti @@ -33753,11 +35562,14 @@ This is a hack, and should be reverted once we get to the bottom of it. - It will impact performance, but right now there are things that should + It will impact performance, but right + now there are things that should - be filtered and are not, so lets get this merged for security purposes. + be filtered and are not, so lets get + this merged for security purposes. - Hopefully this library will be re-written soon. + Hopefully this library will be + re-written soon. footers: change-type: patch see: https://github.com/balena-io/jellyfish/pull/878 @@ -33825,11 +35637,14 @@ Handlebars supports very basic if condition checking, but it only checks for - existence of a field. There are times when we want to combine conditions in order + existence of a field. There are times when we + want to combine conditions in order - to generate something as part of a blueprint, without defining a completely separate + to generate something as part of a blueprint, + without defining a completely separate - blueprint for it (like generating network config schema if a dt has a wifi chip or + blueprint for it (like generating network config + schema if a dt has a wifi chip or a usb port to which we can connect a dongle). footers: @@ -33848,9 +35663,11 @@ Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. - - [Release notes](https://github.com/indutny/elliptic/releases) + - [Release + notes](https://github.com/indutny/elliptic/releases) - - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) + - + [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) footer: Change-type: patch change-type: patch @@ -33894,9 +35711,11 @@ This allows consumers like pinejs-client-supertest - to have all the methods returning different Promise + to have all the methods returning + different Promise - types based solely on the implementation of the + types based solely on the implementation + of the request() method. footer: @@ -34064,11 +35883,14 @@ In b791055f3f6ffd6cc5796569a7321c5060129eea I attempted to have flasher - images report their preconfigured supervisor version without a good + images report their preconfigured supervisor version without a + good - understanding of how flasher images work. As it turns out no supervisor + understanding of how flasher images work. As it turns out no + supervisor - information is maintained in the flasher image itself, so until that is + information is maintained in the flasher image itself, so until + that is sorted stop reporting a blank string for the supervisor version. footer: @@ -34136,7 +35958,8 @@ like the older branches do. Let's move this setting in the - balena-os-sysctl file to avoid issues where some device integration + balena-os-sysctl file to avoid issues where some device + integration layers set the rp_filter mode to strict and break connectivity. footer: @@ -34199,12 +36022,14 @@ Recently the supervisor added a codepath that assumes no files underneath it will change during runtime. - OS update hooks can trigger a condition whereby the supervisor reboots the device during a HUP, + OS update hooks can trigger a condition whereby the supervisor + reboots the device during a HUP, which in turn bricks the device. - Additionally, since unknown args cause this update to fail-closed, + Additionally, since unknown args cause this update to + fail-closed, remove that barrier to future-proof more flag expansion. footer: @@ -34307,17 +36132,21 @@ On commit a4ce26caadabcb1e87d944d78218cc32c579914e the supervisor moved - from using --volume to using --mount to avoid the implicit creation of + from using --volume to using --mount to avoid the implicit + creation of directories instead of files. - However, in the case where the mount referred to a directory, these have + However, in the case where the mount referred to a directory, + these have - to exist in the rootfs beforehand as --mount will not create them. + to exist in the rootfs beforehand as --mount will not create + them. - This commit checks for the existence of the /var/log/supervisor-log + This commit checks for the existence of the + /var/log/supervisor-log directory and creates it if required. footer: @@ -34350,9 +36179,11 @@ Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - - [Release notes](https://github.com/lodash/lodash/releases) + - [Release + notes](https://github.com/lodash/lodash/releases) - - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) + - + [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) footer: Change-type: patch change-type: patch @@ -34479,9 +36310,11 @@ Otherwise, as util-linux has a higher default alternative priority, the - version in util-linux is chosen. It would seem they are exchangeable, but + version in util-linux is chosen. It would seem they are + exchangeable, but - the busybox version reportedly works even if the RTC interrupt line is not + the busybox version reportedly works even if the RTC interrupt + line is not connected. @@ -34505,9 +36338,11 @@ In order to get closer to formally requiring a target supervisor release - in the model, we should expand our provisioning process to provide the + in the model, we should expand our provisioning process to + provide the - initial supervisor_version metadata. This connects back to tri-app. + initial supervisor_version metadata. This connects back to + tri-app. footer: Depends-on: https://github.com/balena-io/open-balena-api/pull/394 depends-on: https://github.com/balena-io/open-balena-api/pull/394 @@ -34557,17 +36392,21 @@ On commit a4ce26caadabcb1e87d944d78218cc32c579914e the supervisor moved - from using --volume to using --mount to avoid the implicit creation of + from using --volume to using --mount to avoid the implicit + creation of directories instead of files. - However, in the case where the mount referred to a directory, these have + However, in the case where the mount referred to a directory, + these have - to exist in the rootfs beforehand as --mount will not create them. + to exist in the rootfs beforehand as --mount will not create + them. - This commit checks for the existence of the /resin-data/resin-supervisor + This commit checks for the existence of the + /resin-data/resin-supervisor directory and creates it if required. footer: @@ -34587,9 +36426,11 @@ This commits renames it to the newly branded balena-logo.png - If the resin-logo.png was unmodified, it will forcefully replace to + If the resin-logo.png was unmodified, it will forcefully replace + to - balena-logo.png to force rebranding of older resin branded release. + balena-logo.png to force rebranding of older resin branded + release. Fixes #1801 @@ -34629,26 +36470,33 @@ The `docker` Docker Hub repository lists what versions of the image - are supported and 18.6 is not among them at all. Use the current stable + are supported and 18.6 is not among them at all. Use the current + stable - line of 18.09 instead, to stay on supported versions. See more info at: + line of 18.09 instead, to stay on supported versions. See more + info at: https://hub.docker.com/_/docker - For more reproducability, we are also including the patch level version + For more reproducability, we are also including the patch level + version - of the container, which will give us more responsibility to update more + of the container, which will give us more responsibility to + update more frequently, but fewer surprises. - Also explicitly set `DOCKER_HOST` for the daemon being started, otherwise + Also explicitly set `DOCKER_HOST` for the daemon being started, + otherwise - the base image's setting might silently take over, and modify this. + the base image's setting might silently take over, and modify + this. - Replace deprecated `-g` (graph driver) with `--data-root` as well. + Replace deprecated `-g` (graph driver) with `--data-root` as + well. footer: Change-type: minor change-type: minor @@ -34663,10 +36511,12 @@ on wlan0. This commit moves the logic to udev rule as there is - no guarantee wlan0 is the only or default wlan adapter in the system. + no guarantee wlan0 is the only or default wlan adapter in the + system. - There seems to be no better way to identify a wlan device in udev + There seems to be no better way to identify a wlan device in + udev than KERNEL=="wl*" which should match both net.ifnames=0 (wlanX) @@ -34696,7 +36546,8 @@ https://docs.docker.com/engine/reference/commandline/service_create/#differences-between---mount-and---volume - This avoids situations where --volume implicitely creates a directory (see #1748) + This avoids situations where --volume implicitely creates a + directory (see #1748) Fixes #1754 @@ -34861,9 +36712,11 @@ The host config variable HOST_DISCOVERABILITY can be set to - true or false, controlling the state of the avahi service. This + true or false, controlling the state of the avahi + service. This - determines if the device advertises it's presence over mDNS. + determines if the device advertises it's presence over + mDNS. footer: Change-type: patch change-type: patch @@ -34884,7 +36737,8 @@ - In the 'off' state, all traffic is allowed. - - In the 'on' state, only traffic for the core services provided + - In the 'on' state, only traffic for the core services + provided by Balena is allowed. footer: Change-type: patch @@ -34913,7 +36767,8 @@ When reporting device information, send the MAC address of any - interfaces on the system. Also expose in the Supervisor API at + interfaces on the system. Also expose in the Supervisor + API at the route GET /v1/device. footer: @@ -35295,7 +37150,8 @@ Detects unique constrain errors by 409 statusCodes. - Because of this, the upsert() method is only + Because of this, the upsert() method is + only supported when Pinejs ^10.19.0 is used. footer: @@ -35569,14 +37425,18 @@ In the absence of an upstream implementation of the DeviceRequest API introduced - as part of Docker API v1.40 we roll our own using a feature label. + as part of Docker API v1.40 we roll our own using a + feature label. - As per my comment in the code, we fall back to the default behavior of + As per my comment in the code, we fall back to the + default behavior of - docker cli's `--gpu` and request single device with the `gpu` capabilty. + docker cli's `--gpu` and request single device with the + `gpu` capabilty. - The only implementation at the moment is the NVIDIA driver; here: + The only implementation at the moment is the NVIDIA + driver; here: https://github.com/balena-os/balena-engine/blob/master/daemon/nvidia_linux.go @@ -35603,7 +37463,8 @@ This is part of the work to make the application-manager module much - less monolithic, in preperation for system apps and more generally + less monolithic, in preperation for system apps and more + generally multi-app. footer: @@ -35808,7 +37669,8 @@ We were treating the database class as a singleton, but still having to pass - around the db instance. Now we can simply require the db module and have + around the db instance. Now we can simply require the db + module and have access to the database handle. footer: @@ -35891,7 +37753,8 @@ Before=swap.target - Causes randomly appearing ordering cycles that leave the system in not + Causes randomly appearing ordering cycles that leave the system + in not functioning states. footer: @@ -35935,7 +37798,8 @@ Also, move configuration that will not be present in newer kernels to - RESIN_CONFIGS_DEP so the kernel check task does not complain when not + RESIN_CONFIGS_DEP so the kernel check task does not complain + when not present. footer: @@ -35986,24 +37850,32 @@ whichever smallest. - Upstream Yocto has a zram implementation that's broken in warrior, and a + Upstream Yocto has a zram implementation that's broken in + warrior, and a - new implementation introduced in Zeus that does not work in BalenaOS as + new implementation introduced in Zeus that does not work in + BalenaOS as - we run two udevs, one in the initramfs and one in the main OS. The + we run two udevs, one in the initramfs and one in the main OS. + The - mkswap needs to happen in the initramfs udev otherwise the udev database + mkswap needs to happen in the initramfs udev otherwise the udev + database - is not updated with the swap device and the zram0 device is not detected + is not updated with the swap device and the zram0 device is not + detected by systemd. - This implementation is simpler than the one upstream and common to all + This implementation is simpler than the one upstream and common + to all - the supported Yocto versions. It uses a udev rule in the initramfs that + the supported Yocto versions. It uses a udev rule in the + initramfs that - creates the swap drive, and a swap unit in the main OS that enables it. + creates the swap drive, and a swap unit in the main OS that + enables it. footer: Change-type: patch change-type: patch @@ -36133,21 +38005,25 @@ pool URL the 'burst' command may fail. This occurs when the pool - URL resolves to a different IP addresses for the 'add server' and + URL resolves to a different IP addresses for the 'add server' + and 'burst' commands. - To avoid this issue we can combine the burst functionality into the + To avoid this issue we can combine the burst functionality into + the 'add server' command by using the 'iburst' option. Although this - option is not documented by the chronyc man page it has been present + option is not documented by the chronyc man page it has been + present since v1.25 released in 2011. - This fix has been tested via the balenaOS (2.51.1+rev1) command line + This fix has been tested via the balenaOS (2.51.1+rev1) command + line running on a RPi3. footer: @@ -36209,10 +38085,14 @@ the `maxsources` directive is simply to maintain the current behavior of - resolving four servers for synchronization. as noted in chrony's docs: + resolving four servers for synchronization. as noted in chrony's + docs: - > When a pool source is unreachable, marked as a falseticker, or has a distance larger than the limit set by the maxdistance directive, chronyd will try to replace the source with a newly resolved address from the pool. + > When a pool source is unreachable, marked as a falseticker, or + has a distance larger than the limit set by the maxdistance + directive, chronyd will try to replace the source with a newly + resolved address from the pool. footer: Connects-to: "#1852" connects-to: "#1852" @@ -36243,11 +38123,14 @@ body: > The change this commit reverts allowed to update with a locally - available image - but it also has the side effect of restarting the + available image - but it also has the side effect of restarting + the - supervisor even if no update is required and that has unintentional + supervisor even if no update is required and that has + unintentional - consequences as https://github.com/balena-io/balena-supervisor/issues/1358 + consequences as + https://github.com/balena-io/balena-supervisor/issues/1358 This commit reverts 646e4ae809375f4abf35c55cd580e2c62a8812e2 @@ -36323,7 +38206,8 @@ The dependency is introduced by the upstream.sh and downstream.sh scripts. - Bash is also a dependency not only for internal packages but for external + Bash is also a dependency not only for internal packages but for + external scripts too. footer: @@ -36381,7 +38265,8 @@ Devices with closed source bootloaders that cannot be made to pass the UUID - of the booting device (like smartphones, Jetson NX and Xabier), need to + of the booting device (like smartphones, Jetson NX and Xabier), + need to fallback to passing a label in the kernel command line. @@ -36403,9 +38288,11 @@ Devices with custom HUPs, like Jetson devices that run BSP partition update - scripts, do not have state symlinks when updating from legacy pre state + scripts, do not have state symlinks when updating from legacy + pre state - symlinks OS versions, so they need to fallback to legacy label/partname + symlinks OS versions, so they need to fallback to legacy + label/partname resolution. footer: @@ -36496,7 +38383,8 @@ All logging is handled by journald so remove the default dependency on - busybox-syslog. It is still available to be explicitely included in + busybox-syslog. It is still available to be explicitely included + in images that might need it like initramfs images. footer: @@ -36672,10 +38560,12 @@ From v2.49, the hostapp-update utility creates the /run directory in the - root filesystem, however when huping from previous versions /run is not there. + root filesystem, however when huping from previous versions /run + is not there. - This commit switches to use /tmp to store the new UUID for the root partition on + This commit switches to use /tmp to store the new UUID for the + root partition on first boot after generating new UUIDs. footer: @@ -36705,9 +38595,11 @@ e.g. os-config, healthdog, bindmount, some others maybe - At the moment, we haven't syncronized on one rust version and device + At the moment, we haven't syncronized on one rust version and + device - integration layers can pick any meta-rust version. Which probably uses + integration layers can pick any meta-rust version. Which + probably uses the latest rust version in the layer. @@ -36761,9 +38653,11 @@ This file allows other components to uniquely parse the information that - is contained in the changelog. It will be automatically managed by + is contained in the changelog. It will be automatically + managed by - versionist by appending the new commits on top. This is needed to + versionist by appending the new commits on top. This is + needed to provide nested-changelogs. footer: @@ -36975,12 +38869,15 @@ This allows a response to an input with dport=`supevisor api port` and - is required when the host OS is doing stateful firewalling. + is required when the host OS is doing stateful + firewalling. - This should not affect things when stateful firewalling is not in + This should not affect things when stateful firewalling + is not in - effect, as the standard OUTPUT chain policy is ACCEPT, so we're just + effect, as the standard OUTPUT chain policy is ACCEPT, + so we're just being explicit about it. footer: @@ -37348,7 +39245,8 @@ sync-debug.js. - We add a command `npm run sync`, which starts a livepush process + We add a command `npm run sync`, which starts a livepush + process with the supervisor on a device. footer: @@ -37363,12 +39261,15 @@ We also remove the Makefile to go to a simpler build system, as long with - the retry_docker_push.sh file. We remove the rest of the automation tools + the retry_docker_push.sh file. We remove the rest of the + automation tools - as they're no longer used and update the circle.yml file. + as they're no longer used and update the circle.yml + file. - We also remove debug builds, as these aren't needed moving forward, and were + We also remove debug builds, as these aren't needed + moving forward, and were only to enable livepush builds. footer: @@ -37514,7 +39415,8 @@ ``` - could not initialize thread_rng: All entropy sources failed (permanently unavailable); + could not initialize thread_rng: All entropy sources + failed (permanently unavailable); cause: getrandom not ready (not ready yet); @@ -37522,7 +39424,8 @@ ``` - This change makes sure we are cycling until a random sequence is populated successfully. + This change makes sure we are cycling until a random + sequence is populated successfully. - hash: 14a19bf24e258c01a294bd7adfa808fddee59096 author: Zubair Lutfullah Kakakhel footers: @@ -37633,14 +39536,17 @@ When a partition filesystem label is detected, udev checks whether the - device belongs to the same disk as the root partitition passed in the + device belongs to the same disk as the root partitition passed + in the - kernel command line by the bootloader. Only if it does, it creates a by-state + kernel command line by the bootloader. Only if it does, it + creates a by-state link to it. - By using this by-state links we avoid filesystem label clashes as the + By using this by-state links we avoid filesystem label clashes + as the system will always use partitions in the same drive as root (as @@ -37678,7 +39584,8 @@ When running fsck, the tool will complain when needed gconv modules are - missing. Include them in the initramfs where we fsck the boot partition. + missing. Include them in the initramfs where we fsck the boot + partition. footer: Change-type: patch change-type: patch @@ -37693,9 +39600,11 @@ balenaOS uses FAT as a fs type for the boot/first partition. This is - currently hardcoded so let's have the related kernel configs built in + currently hardcoded so let's have the related kernel configs + built in - the kernel image. In this way we don't have to handle kernel modules in + the kernel image. In this way we don't have to handle kernel + modules in the initramfs (when needed). footer: @@ -37921,9 +39830,11 @@ Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4. - - [Release notes](https://github.com/acornjs/acorn/releases) + - [Release + notes](https://github.com/acornjs/acorn/releases) - - [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) + - + [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) footer: Change-type: patch change-type: patch @@ -37949,7 +39860,8 @@ We add an implicit .0 to the end of l4t versions which do not fulfill - semver, which allows us to always match using comparison operators, such + semver, which allows us to always match using comparison + operators, such as < and <=. footer: @@ -38108,7 +40020,8 @@ We also package separately the firmware for Intel Wireless-AC 9260 - cards and also package separetely the wifi and bluetooth firmware for + cards and also package separetely the wifi and bluetooth + firmware for Intel Wireless-AX MAC which is found in the Intel NUC10I7FNH. footer: @@ -38128,7 +40041,8 @@ body: > This package adds to rootfs the regulatory database into - /lib/firmware/regulatory.db which can be loaded by kernel versions + /lib/firmware/regulatory.db which can be loaded by kernel + versions >= v4.15 for Poky Thud and Warrior based boards. footer: @@ -38150,7 +40064,8 @@ We need to allow user containers to do some clean-up if they wish to on - reboot / shutdown through systemctl so let's add KillMode set to process + reboot / shutdown through systemctl so let's add KillMode set to + process so that systemd won't directly kill the user containers first. @@ -38207,9 +40122,11 @@ Lets pass it here to keep it correct. - Should not have any actual affect. NM plugin was built with reference + Should not have any actual affect. NM plugin was built with + reference - to the 2.4.7 headers. Just the directoy path would say 2.4.5 misleading + to the 2.4.7 headers. Just the directoy path would say 2.4.5 + misleading some debug effort footer: @@ -38226,7 +40143,8 @@ This is an old version of openvpn. Devices still on pyro should be using - the openvpn version from meta-balena-common and not this one. Removing + the openvpn version from meta-balena-common and not this one. + Removing this to prevent any accidents even and some cleanup. footer: @@ -38424,12 +40342,14 @@ e.g. Jetson family have tegra-firmware-xusb etc. - IMAGE_ROOTFS_MAXSIZE triggers an error if the rootfs goes beyond this + IMAGE_ROOTFS_MAXSIZE triggers an error if the rootfs goes beyond + this limit. This does not force the rootfs to an empty fixed size. - We can comfortably increase the max size to 32MB to reduce unnecessary + We can comfortably increase the max size to 32MB to reduce + unnecessary patches in the device integration layers. @@ -38496,16 +40416,20 @@ The DNS clients (applications) resolver libraries use the timeout value in - /etc/resolv.conf to set the time between DNS attempts. The default is 5 + /etc/resolv.conf to set the time between DNS attempts. The + default is 5 - secs which for slow networks like cellular mean lots of DNS requests on + secs which for slow networks like cellular mean lots of DNS + requests on a bandwidth sensitive channel. - This change modifies the default to 15 secs. This timeout only applies + This change modifies the default to 15 secs. This timeout only + applies - when DNS servers are unresponsive so it will not affect the normal + when DNS servers are unresponsive so it will not affect the + normal functionality. @@ -38611,7 +40535,8 @@ We do not want by default that any OS variants allow for stopping the - autoboot in any way and letting users enter the u-boot shell. This can + autoboot in any way and letting users enter the u-boot shell. + This can be overwritten by setting OS_DEV_UBOOT_DELAY to 1. footer: @@ -38631,19 +40556,23 @@ hours. - BalenaOS uses chronyd for time synchronization, and it allows to specify + BalenaOS uses chronyd for time synchronization, and it allows to + specify - a minpoll and maxpoll values per server with a power of two number of + a minpoll and maxpoll values per server with a power of two + number of seconds for the minimum and maximum polling time respectively. - With those constraints, the change set both limits to 2^14s (4.55h) for + With those constraints, the change set both limits to 2^14s + (4.55h) for all servers. - An architectural decision has been made not to make this configurable. + An architectural decision has been made not to make this + configurable. Fixes #1780. @@ -38661,7 +40590,8 @@ body: > We do not want that production OS variants allow for stopping - the autoboot in any way and letting users enter the u-boot shell. + the autoboot in any way and letting users enter the u-boot + shell. footer: Change-type: patch change-type: patch @@ -38749,10 +40679,12 @@ Reports indicate that NetworkManager can leave stale temporary files on - the state partition that over time can affect the device's operability. + the state partition that over time can affect the device's + operability. - This commit removes the timestamps.XXXXXX and seen-bssids.XXXXXX files on + This commit removes the timestamps.XXXXXX and seen-bssids.XXXXXX + files on startup to avoid this situation. @@ -38781,9 +40713,11 @@ body: > Fetched from: - * https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn_2.4.7.bb?id=c1c8895609ae70a1b735e8625c19046c25184ee4 + * + https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn_2.4.7.bb?id=c1c8895609ae70a1b735e8625c19046c25184ee4 - * https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn/openvpn?id=910891d722085c56c474ac72788898b94c5ed193 + * + https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn/openvpn?id=910891d722085c56c474ac72788898b94c5ed193 footer: Connects-to: "#1740" connects-to: "#1740" @@ -38816,21 +40750,27 @@ which includes DATETIME - DATETIME changes between runs so we can sometimes get into a state + DATETIME changes between runs so we can sometimes get into a + state where the do_populate_lic_deploy task has its stamp file set. - But when our subsequent deploy_image_license_manifest task runs, the + But when our subsequent deploy_image_license_manifest task runs, + the - DATETIME is different. Hence we get into a state where we have to + DATETIME is different. Hence we get into a state where we have + to - run cleanall on the resin-image-flasher recipe to clean up directories. + run cleanall on the resin-image-flasher recipe to clean up + directories. - Lets mark do_populate_lic_deploy with nostamp. This should make it + Lets mark do_populate_lic_deploy with nostamp. This should make + it - run every time we need to run deploy_image_license_manifest with the + run every time we need to run deploy_image_license_manifest with + the most up to date DATETIME variable to prevent any hiccups footer: @@ -38847,12 +40787,14 @@ Need to make the script go in the background in ExecStartPost=. - Otherwise, the service status never gets to active/running resulting + Otherwise, the service status never gets to active/running + resulting it in remaining stuck in an endless loop. - If the health-check load fails for whatever reason, the subsequent + If the health-check load fails for whatever reason, the + subsequent engine healthcheck will fail retriggering the healthcheck load. footer: @@ -38980,7 +40922,8 @@ b0e0c77a26f3fad51e2923ab416fdd2af2a5a033 - Lets use META_BALENA_VERSION if available for our os version checks. + Lets use META_BALENA_VERSION if available for our os version + checks. footer: Change-type: patch change-type: patch @@ -39239,7 +41182,8 @@ This version fixes the use of wrong fixdep binary (the bug makes it use - target fixdep binary instead of cross fixdep binary) used for compiling + target fixdep binary instead of cross fixdep binary) used for + compiling the target objtool binary on kernel version 5.0.3. footer: @@ -39412,7 +41356,8 @@ Fix the ordering of the conditional check when starting the supervisor container; - only check that the values being passed into the environment match the ones held + only check that the values being passed into the environment + match the ones held in the config IF the container already exists. footer: diff --git a/CHANGELOG.md b/CHANGELOG.md index 0fc69d43..1041e2e2 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,224 @@ Change log ----------- +# v5.1.19+rev2 +## (2024-07-31) + + +
+ Update balena-yocto-scripts to 7736d3807540afb6646b435117bffa2377ac0156 [balena-renovate[bot]] + +> ## balena-yocto-scripts-1.25.16 +> ### (Invalid date) +> +> * Update docker/login-action action to v3.3.0 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.15 +> ### (Invalid date) +> +> * Update actions/upload-artifact action to v4.3.4 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.14 +> ### (2024-07-29) +> +> * Update balena-os/leviathan digest to 36aafe0 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.13 +> ### (2024-07-29) +> +> * Update actions/checkout action to v4.1.7 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.12 +> ### (2024-07-29) +> +> * Update Pin dependencies [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.11 +> ### (2024-07-29) +> +> * revovate: change config to use balena-io template [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.10 +> ### (2024-07-23) +> +> * By default, deploy hostapp on push only [Leandro Motta Barros] +> +> ## balena-yocto-scripts-1.25.9 +> ### (2024-07-22) +> +> * use token to fetch private contracts [rcooke-warwick] +> * unroll balena_lib_build_contract function [rcooke-warwick] +> * unroll balena_api_is_dt_private function [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.8 +> ### (2024-07-17) +> +> * Use env vars BALENA_HOST and BALENACLOUD_SSH_URL when provided [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.7 +> ### (2024-07-16) +> +> * Fix handling of empty test matrix input [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.6 +> ### (2024-07-15) +> +> * Use App Installation tokens so we can clone private submodules [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.5 +> ### (2024-07-08) +> +> * only login to s3 if deploying to s3 [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.4 +> ### (2024-07-06) +> +> * balena-deploy: deploy secure boot lock artifacts if available [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.25.3 +> ### (2024-07-05) +> +> * use workflow run of PR head instead of statuses to determine test results [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.2 +> ### (2024-07-03) +> +> * Remove dry-run flag from S3 upload [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.1 +> ### (2024-07-03) +> +> * Fix actionlint errors and warnings in shell steps [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.0 +> ### (2024-07-03) +> +> * Do not run any tests by default unless provided by calling workflow [Kyle Harding] +> +> ## balena-yocto-scripts-1.24.3 +> ### (2024-07-02) +> +> * patch: No upload to GH artifacts when PR is closed [Vipul Gupta (@vipulgupta2048)] +> +> ## balena-yocto-scripts-1.24.2 +> ### (2024-07-02) +> +> * Fix quoting of $GITHUB_OUTPUT [Leandro Motta Barros] +> +> ## balena-yocto-scripts-1.24.1 +> ### (2024-06-27) +> +> * Simplify check for secure boot [Leandro Motta Barros] +> +> ## balena-yocto-scripts-1.24.0 +> ### (2024-06-26) +> +> * Support runner selection in the test matrix [Kyle Harding] +> * Allow both combinatorial and include syntax for test_matrix [Kyle Harding] +> +> ## balena-yocto-scripts-1.23.1 +> ### (2024-06-26) +> +> * Refactor secrets and variables to use environments [Kyle Harding] +> +> ## balena-yocto-scripts-1.23.0 +> ### (2024-06-19) +> +> * Dockerfiles: update balenaCLI version to 18.2.2 [Joseph Kogut] +> * Dockerfile_yocto-build-env: bump base image to 22.04 [Joseph Kogut] +> +> ## balena-yocto-scripts-1.22.4 +> ### (2024-06-14) +> +> * Update job conditions to allow non-PR events for internal branches [Kyle Harding] +> * Hardcode environment paths at the job level [Kyle Harding] +> * Replace test inputs with a single JSON matrix input [Kyle Harding] +> +> ## balena-yocto-scripts-1.22.3 +> ### (2024-06-13) +> +> * jenkins_generate_ami: pass yocto scripts version as an env var to helper container [rcooke-warwick] +> +> ## balena-yocto-scripts-1.22.2 +> ### (2024-06-12) +> +> * Update the triggers on the example test workflow [Kyle Harding] +> +> ## balena-yocto-scripts-1.22.1 +> ### (2024-06-07) +> +> * Prevent duplicate workflow runs for multiple triggers [Kyle Harding] +> * Add catchall job to yocto-build-deploy for merge requirements [Kyle Harding] +> +> ## balena-yocto-scripts-1.22.0 +> ### (2024-06-06) +> +> * Create workflow to build and deploy balenaOS [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.10 +> ### (2024-05-02) +> +> * balena-deploy: deploy usbboot if available [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.21.9 +> ### (Invalid date) +> +> * balena-lib: improve base tag detection [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.21.8 +> ### (2024-04-29) +> +> * Support commit tags when extracting version tag from git [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.7 +> ### (2024-04-19) +> +> * Add missing $select for release_asset.asset_key [Thodoris Greasidis] +> +> ## balena-yocto-scripts-1.21.6 +> ### (2024-03-25) +> +> * Revert "balena-build: avoid using device-type as a prefix in yocto sstate" [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.5 +> ### (2024-03-14) +> +> * Merge AMI publishing dependencies into yocto-build-env [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.4 +> ### (2024-03-13) +> +> * balena-build: avoid using device-type as a prefix in yocto sstate [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.3 +> ### (2024-02-11) +> +> * Enable S3 Server Side Encryption flags [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.2 +> ### (2024-02-08) +> +> * automation/include: Pass helper image version [Florin Sarbu] +> +> ## balena-yocto-scripts-1.21.1 +> ### (2024-02-07) +> +> * balena-deploy: Remove docker.io when pulling image [Alexandru] +> +> ## balena-yocto-scripts-1.21.0 +> ### (2024-02-02) +> +> * Return image id after pulling helper images [Kyle Harding] +> * Build and publish helper images with Flowzone [Kyle Harding] +> +> ## balena-yocto-scripts-1.20.0 +> ### (2024-02-02) +> +> * Remove unused block-build functions [Kyle Harding] +> + +
+ # v5.1.19+rev1 ## (2024-03-06) diff --git a/VERSION b/VERSION index 5d88feea..88b1d096 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.1.19+rev1 \ No newline at end of file +5.1.19+rev2 \ No newline at end of file