From 112415e0e9e3da7f67357506030033be18fec197 Mon Sep 17 00:00:00 2001 From: "flowzone-app[bot]" <124931076+flowzone-app[bot]@users.noreply.github.com> Date: Tue, 17 Dec 2024 11:10:42 +0000 Subject: [PATCH] v2024.10.1 --- .versionbot/CHANGELOG.yml | 1107 +++++++++++-------------------------- CHANGELOG.md | 10 + VERSION | 2 +- 3 files changed, 338 insertions(+), 781 deletions(-) diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index 1c424ce82..afc78d755 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,65 @@ +- commits: + - subject: bump yocto-scripts action to v1.25.47 + hash: 14140519b862bef881574133f1423aa53827fd43 + body: "" + footer: + Changelog-entry: bump yocto-scripts action to v1.25.47 + changelog-entry: bump yocto-scripts action to v1.25.47 + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: Allow force-finalize for manual workflow dispatch + hash: bdf57a54d6b8116312bd8a193d304334a0fc604b + body: "" + footer: + Changelog-entry: Allow force-finalize for manual workflow dispatch + changelog-entry: Allow force-finalize for manual workflow dispatch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: remove test_matrix from devices without tests setup + hash: db222b9e5dc20b3feecbd6152b15e9eddc965422 + body: "" + footer: + Changelog-entry: remove test_matrix from devices without tests setup + changelog-entry: remove test_matrix from devices without tests setup + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: cleanup workflow triggers + hash: 31dc670542e3eda8915fdc5e14a418baa4961542 + body: "" + footer: + Changelog-entry: cleanup workflow triggers + changelog-entry: cleanup workflow triggers + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: Update balena-os/balena-yocto-scripts to v1.25.45 + hash: f2039a39b69fa106da772eaabc50113a506eefc5 + body: Update balena-os/balena-yocto-scripts + footer: + Changelog-entry: Update balena-os/balena-yocto-scripts to v1.25.45 + changelog-entry: Update balena-os/balena-yocto-scripts to v1.25.45 + author: balena-renovate[bot] + nested: [] + - subject: Add GHA build test deploy workflows to repository + hash: 0a09ae521704f15c2328d68745507007575dff69 + body: "" + footer: + Changelog-entry: Add GHA build test deploy workflows to repository + changelog-entry: Add GHA build test deploy workflows to repository + Signed-off-by: Vipul Gupta (@vipulgupta2048) + signed-off-by: Vipul Gupta (@vipulgupta2048) + author: Vipul Gupta (@vipulgupta2048) + nested: [] + version: 2024.10.1 + title: "" + date: 2024-12-17T11:10:37.434Z - commits: - subject: Add RevPi udev rules hash: eb654958d643293801f24d831dd30793ff5896d9 @@ -124,23 +186,16 @@ nested: [] - subject: enable USB 2.0 for raspberrypicm4-ioboard-sb hash: 6838519e97b7526e580b6a4e4491cbdec3ac0f7f - body: > + body: | As CM4 and CM4IO don’t include the external USB 3 controller, - RaspberryPi OS sets `otg_mode=1` for better performance. - - See - https://www.raspberrypi.com/documentation/computers/config_txt.html#otg_mode-raspberry-pi-4-only - + See https://www.raspberrypi.com/documentation/computers/config_txt.html#otg_mode-raspberry-pi-4-only However, while testing, the kernel driver oops when the otg cable is - connected at boot (works well if it is connected after boot though). - As this is only needed in the USB provisioning mode, restrict the change - to the raspberrypicm4-ioboard-sb for the time being. footer: Changelog-entry: enable USB 2.0 for raspberrypicm4-ioboard-sb @@ -151,16 +206,12 @@ nested: [] - subject: configure to power off on halt for raspberrypicm4-ioboard-sb hash: 5641da608e1694f2169c87869f96e4dcc27921ab - body: > + body: | This is useful for the use case of a flasher image ran from external - media, like in the traditional flasher workflow that expects the device - to shutdown after programming. - - From - https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#POWER_OFF_ON_HALT + From https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#POWER_OFF_ON_HALT footer: Changelog-entry: configure to power off on halt for raspberrypicm4-ioboard-sb changelog-entry: configure to power off on halt for raspberrypicm4-ioboard-sb @@ -170,46 +221,29 @@ nested: [] - subject: Modify boot order to prioritize USB boot hash: dad87cfcd68052e35adb5efcf916e6d3726540ed - body: > + body: | With this change the device will first attempt to boot from USB and then - boot from the NVME/internal eMMC/SD card. This allows to use USB flasher - images as provisioning tools in preference of usbboot. - 5: USB 2.0 boot from USB type A socket (CM4) or Type C socket (RPI4) - 6: NVME - 1: eMMC / SD Card - 2: Network boot - We place NVME before eMMC/SDcard as there are reports that NVME is not - working if initialized after. - Also, there is no USB mass storage boot to limit this option to using - physical jumper configuration. - - See - https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#BOOT_ORDER - + See https://www.raspberrypi.com/documentation/computers/raspberry-pi.html#BOOT_ORDER Note that trying USB boot first adds a considerable delay to the boot - process as the CM4 has a timeout of 2s (5s if extended via - `program_usb_boot_timeout=1` per USB port enumeration. - As such, this change is only done to the `raspberrypicm4-ioboard-sb` - that requires USB boot for the secure boot provisioning flow. footer: Changelog-entry: Modify boot order to prioritize USB boot @@ -4212,15 +4246,11 @@ nested: [] - subject: "os-helpers-tpm2: specify TCTI backend" hash: c4eb9d7f6ad412bd74d77ece0e534c8dd2dd6fac - body: > - Specify the TCTI backend [0], which also silences error messages - from - + body: | + Specify the TCTI backend [0], which also silences error messages from trying unsupported backends - - [0] - https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md + [0] https://github.com/tpm2-software/tpm2-tools/blob/master/man/common/tcti.md footer: Change-type: patch change-type: patch @@ -4822,38 +4852,21 @@ nested: [] - subject: "os-helpers: compute_pcr7: merge event log digests" hash: e10d67084621e5ce10f14557f2466e91ff684b41 - body: > + body: | The main variables measured into PCR7 to ensure secure boot - - configuration integrity are the state and EFI vars, including - PK, KEK, - + configuration integrity are the state and EFI vars, including PK, KEK, db, dbx, etc. - - However, some systems have firmware that will measure other, - unexpected - - events, such as "DMA Protection Disabled" (related to a Windows - feature - + However, some systems have firmware that will measure other, unexpected + events, such as "DMA Protection Disabled" (related to a Windows feature [0]), or "Unknown event type" with strange data. - - These events can't be predicted, and other devices may have - different - - measured events that aren't compliant with the TCG spec, so - attempt to - - check the TPM event log and extend our digest with any unknown - events - + These events can't be predicted, and other devices may have different + measured events that aren't compliant with the TCG spec, so attempt to + check the TPM event log and extend our digest with any unknown events that fit the bill. - - [0] - https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt + [0] https://learn.microsoft.com/en-us/windows/security/hardware-security/kernel-dma-protection-for-thunderbolt footer: Change-type: patch change-type: patch @@ -5623,15 +5636,9 @@ - commits: - subject: Remove dependency on @balena/happy-eyeballs hash: 08727ed2b5f67c55b2469d3ee5c5e2857119521b - body: > - Node 20 now implements the happy eyeballs algorithm as - part of its core - - `net` module, with the - [autoSelectFamily](https://nodejs.org/docs/latest-v20.x/api/net.html#netgetdefaultautoselectfamily) - option of `socket.connect`. This option defaults to - `true`, meaning that a separate - + body: | + Node 20 now implements the happy eyeballs algorithm as part of its core + `net` module, with the [autoSelectFamily](https://nodejs.org/docs/latest-v20.x/api/net.html#netgetdefaultautoselectfamily) option of `socket.connect`. This option defaults to `true`, meaning that a separate implementation of happy eyeballs is no longer needed. footer: Change-type: patch @@ -5947,15 +5954,10 @@ - subject: "resin-init-flasher: Allow building images for non-flasher devices that have internal storage" hash: 3a887512b343b80208196f6792a48f81d1a8c8f9 - body: > - As per the internal thread: - https://balena.zulipchat.com/#narrow/stream/360838-balena-io.2Fos.2Fdevices/topic/balena-raspberrypi.20jenkins.20build.20failures/near/423970246 - + body: | + As per the internal thread: https://balena.zulipchat.com/#narrow/stream/360838-balena-io.2Fos.2Fdevices/topic/balena-raspberrypi.20jenkins.20build.20failures/near/423970246 - Currently devices with on-board storage fail to build in - jenkins, if they don't provide a flasher image. One example is - the CM4. Since there are multiple devices using this - configuration, let's re-enable builds for all of them. + Currently devices with on-board storage fail to build in jenkins, if they don't provide a flasher image. One example is the CM4. Since there are multiple devices using this configuration, let's re-enable builds for all of them. footer: Change-type: patch change-type: patch @@ -6034,17 +6036,10 @@ - commits: - subject: Fix support for rsync deltas hash: 24e222045ac511cd4fbb3be66e57eb678a29d854 - body: > - Rsync (v2) deltas have been broken since [Supervisor - v14](https://github.com/balena-os/balena-supervisor/commit/460c3ba0aab31d18a02e3f5dda1838691768c494). - While considered legacy, - - they are still used by a few customers with devices - running OS < 2.47.1. - - This should fix v2 delta support for those devices until - we can - + body: | + Rsync (v2) deltas have been broken since [Supervisor v14](https://github.com/balena-os/balena-supervisor/commit/460c3ba0aab31d18a02e3f5dda1838691768c494). While considered legacy, + they are still used by a few customers with devices running OS < 2.47.1. + This should fix v2 delta support for those devices until we can completely remove rsync deltas from the supervisor footer: Change-type: patch @@ -6119,39 +6114,19 @@ - commits: - subject: Add special case for base DTO params on RPI config hash: 6e6a796da5ecc846248eae4c8495bc626964c038 - body: > - While ordering is important in the RPI firmware - configuration file (config.txt), - - some dt params are by default considered part of the - base dt overlay - + body: | + While ordering is important in the RPI firmware configuration file (config.txt), + some dt params are by default considered part of the base dt overlay if they are not used by other overlays. - - Unfortunately the [list of - dtparams](https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README#L133) - - is too long to add all of them as exceptions, but we can - add the params - - used in the default config.txt provided in OS images, to - avoid reboots - - when updating to this new supervisor and correctly - parsing the - + Unfortunately the [list of dtparams](https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README#L133) + is too long to add all of them as exceptions, but we can add the params + used in the default config.txt provided in OS images, to avoid reboots + when updating to this new supervisor and correctly parsing the provisioning config.txt as variables. - - While this addition handles most common scenarios, there - is still a - - chance a user may have use other base overlay dt params - in the initial - - config, in which case those will be interpreted - according to the - + While this addition handles most common scenarios, there is still a + chance a user may have use other base overlay dt params in the initial + config, in which case those will be interpreted according to the relative ordering footer: Change-type: patch @@ -7802,9 +7777,8 @@ - commits: - subject: "automation/balena-deploy: Pin to known working version of balena-img" hash: 927310397896f35bd1921202e8b1f30ba3ef47d8 - body: > - As per internal thread - https://balena.zulipchat.com/#narrow/stream/345890-balena-io/topic/Jenkins.20build.20failures/near/409602914 + body: | + As per internal thread https://balena.zulipchat.com/#narrow/stream/345890-balena-io/topic/Jenkins.20build.20failures/near/409602914 footer: Change-type: patch change-type: patch @@ -9521,16 +9495,12 @@ - commits: - subject: 'Revert "kernel-balena: Remove apparmor support"' hash: ddc94ae58072323cf94ac39d6c2d16c78ff794d8 - body: > - This is no longer needed after the balena_os/balena-engine - commit: - + body: | + This is no longer needed after the balena_os/balena-engine commit: https://github.com/balena-os/balena-engine/commit/ed8ba18e8776a7bf37b3326baeca8196b4ea76b0 - released in balena-engine v20.10.39 - This reverts commit 18cd233a83554b58b3540164afd768fdeda60b03. footer: Change-type: patch @@ -12050,12 +12020,9 @@ - commits: - subject: "linux/kernel-devsrc: Fix aarch64 kernel-headers-test build" hash: 65abb381ec266066b24f53fa3119dd47ec8af1a3 - body: > + body: | This fix has been ported from the following upstream - - change: - https://patchwork.yoctoproject.org/project/oe-core/patch/002c31d6add77e1002fb1ccd4050ce826a654170.1659653543.git.bruce.ashfield@gmail.com/ - + change: https://patchwork.yoctoproject.org/project/oe-core/patch/002c31d6add77e1002fb1ccd4050ce826a654170.1659653543.git.bruce.ashfield@gmail.com/ and fixes the following compilation error on generic-aarch64: make[1]: *** No rule to make target 'arch/arm64/tools/gen-sysreg.awk', @@ -12686,21 +12653,15 @@ - commits: - subject: "kernel-devsrc: fix for v6.1+" hash: 1687110706cbde4a4d968afb04b3abc07e5c7eaa - body: > + body: | Adapted as a bbappend from: - https://git.yoctoproject.org/poky/commit/meta/recipes-kernel/linux/kernel-devsrc.bb?id=2be1b5d7d38d72c35ec593b98366d128fe5ce12c - The 6.1 kernel has a number of Kbuild and architecture changes - that required us to update our devsrc recipe. With these changes - we are once again able to build on target modules for all - supported archectures. - (From OE-Core rev: a3972b3f919400a12bb9a546ae98092cbfdcdbb8) footer: Change-type: patch @@ -14339,10 +14300,8 @@ - commits: - subject: Fix LED support for ISG-503 hash: 8c779e12dbb16892528af17d8749cff1902146ad - body: > - The LED support was incorrectly changed in - https://github.com/balena-io/contracts/commit/4bb6eb1f732957e605f00e47b068199f14ff1765 - + body: | + The LED support was incorrectly changed in https://github.com/balena-io/contracts/commit/4bb6eb1f732957e605f00e47b068199f14ff1765 Let's switch it back to unsupported. footer: Change-type: patch @@ -16189,24 +16148,13 @@ - commits: - subject: Log uncaught promise exceptions on the app entry hash: 676464142690da2e36a810cb35e4ea4d0d751636 - body: > - Node 15 [changed the way it treats unhandled promise - rejections](https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md#throw-on-unhandled-rejections---33021) - from a warning to a throw. - - For this reason errors like a corrupt migration - directory, that happens when trying to - - roll back to a previous supervisor version were no - longer showing a - - message but dumping the full minimized code into the - journal logs. - - - This PR adds a catchall on app.ts to log the exception - and throw an exit + body: | + Node 15 [changed the way it treats unhandled promise rejections](https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md#throw-on-unhandled-rejections---33021) from a warning to a throw. + For this reason errors like a corrupt migration directory, that happens when trying to + roll back to a previous supervisor version were no longer showing a + message but dumping the full minimized code into the journal logs. + This PR adds a catchall on app.ts to log the exception and throw an exit code of 1. footer: Change-type: patch @@ -16219,15 +16167,10 @@ - commits: - subject: Fix assertion error in restart-service hash: b9e1464d96824f5332c71324d753d94ddbdecf90 - body: > - From: - https://github.com/balena-os/balena-supervisor/pull/2153/commits/c0b4fafe842115933b1da9b4d68e601a19c3e4eb - - Restart-service checks that both services have restarted - in its test assertion, which is - - incorrect as restart-service should only restart one - service. + body: | + From: https://github.com/balena-os/balena-supervisor/pull/2153/commits/c0b4fafe842115933b1da9b4d68e601a19c3e4eb + Restart-service checks that both services have restarted in its test assertion, which is + incorrect as restart-service should only restart one service. footer: Change-type: patch change-type: patch @@ -16644,20 +16587,14 @@ nested: [] - subject: Make sure balenaEngine owns the container cgroups hash: 5efa793c5af63ef177de95b8b4251799b0de7f40 - body: > - Setting `Delegate=yes` ensures that systemd will not change - anything on - + body: | + Setting `Delegate=yes` ensures that systemd will not change anything on the cgroups created for running the containers. - This setting is used upstream since this commit: - https://github.com/moby/moby/commit/d16737f971092767c1b9d28302a3f5aedbe2f576 - - And also is recommended by systemd: - https://systemd.io/CGROUP_DELEGATION/ + And also is recommended by systemd: https://systemd.io/CGROUP_DELEGATION/ footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -17220,9 +17157,8 @@ - commits: - subject: "kernel-balena: Include NFS V2, V3 and V4 client and server modules" hash: 54c4090b518bccfdba0b635ead129502572685be - body: > + body: | As per internal discussion thread - https://balena.zulipchat.com/#narrow/stream/345882-_help/topic/.E2.9C.94.20nfs.20.283.20or.204.29.20on.20jetson.20nano/near/342072698 footer: Change-type: patch @@ -17237,23 +17173,15 @@ - commits: - subject: "dunfell+: remove obsolete systemd patch" hash: f649288c2b284cb06081d296e52b4562f512107b - body: > + body: | The patch applied to systemd addressed this upstream moby issue: - https://github.com/moby/moby/issues/27202 - This was fixed in containerd 1.0.2: - https://github.com/containerd/console/pull/10/commits/c358734ec94e72903243bd1c9034874a1de09424 - - This fix is present in balena engine since v17.13.5, which has - been in - - use since commit 53ce147. Drop this patch from - meta-balena-dunfell and - + This fix is present in balena engine since v17.13.5, which has been in + use since commit 53ce147. Drop this patch from meta-balena-dunfell and later. footer: Change-type: patch @@ -17577,15 +17505,11 @@ - commits: - subject: "balena-image-flasher: Default image type to balenaos-img" hash: 36750c1d0e75d82ec096faeff6d61579c075e0c4 - body: > - This avoids device repositories having to specify it, and it can - always - + body: | + This avoids device repositories having to specify it, and it can always be overwritten in append files. - - This change is an extension of - https://github.com/balena-os/meta-balena/commit/a3c276a1058d05e66991871bf167079fc2824843 + This change is an extension of https://github.com/balena-os/meta-balena/commit/a3c276a1058d05e66991871bf167079fc2824843 footer: Change-type: patch change-type: patch @@ -18753,19 +18677,13 @@ nested: [] - subject: trigger deploy builds on multi-digit revisions too hash: 08c57baea5f188f8204c4944ae0bc42360b88547 - body: > + body: | According to github action syntax [1], there is no special character - to denote a match on zero or more of the preceding character, so - replace `[0-9]?` which only matches zero or one of the preceding - characters with a `*`. - - [1] - https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet - + [1] https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet [skip ci] footer: @@ -19344,42 +19262,21 @@ nested: [] - subject: Reference networks by Id instead of by name hash: 180c4ff31ad719fb2b00217548514d42a4b5c4cf - body: > - We have seen a few times devices with duplicated network - names for some - - reason. While we don't know the cause the networks get - duplicates, - - this is disruptive of updates, as the supervisor usually - queries - - resource by name, resulting in a 400 error from the - engine because of - + body: | + We have seen a few times devices with duplicated network names for some + reason. While we don't know the cause the networks get duplicates, + this is disruptive of updates, as the supervisor usually queries + resource by name, resulting in a 400 error from the engine because of the ambiguity. - - This replaces those queries by name to queries by id. - This includes - - network removal. If a `removeNetwork` step is generated, - the supervisor - - opts to remove all instances of the network with the - same name as it - + This replaces those queries by name to queries by id. This includes + network removal. If a `removeNetwork` step is generated, the supervisor + opts to remove all instances of the network with the same name as it cannot easily resolve the ambiguity. - - This doesn't solve the problem of ambiguous networks, - because even if - - networks are referenced by id when creating a container, - the engine will - - throw an error (see - https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871) + This doesn't solve the problem of ambiguous networks, because even if + networks are referenced by id when creating a container, the engine will + throw an error (see https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871) footer: Change-type: patch change-type: patch @@ -19964,9 +19861,8 @@ - commits: - subject: "efitools: backport patch to fix build failure" hash: 4497229d9d3435384564cde802a3d16cbc47300c - body: > + body: | Copied from buildroot mailing list: - http://lists.busybox.net/pipermail/buildroot/2021-April/610255.html footer: Change-type: patch @@ -21413,15 +21309,11 @@ - commits: - subject: "redsocks: Increase maximum number of open files" hash: e90b9159ed5f0dac3d9fe1b1b486201ee85f1161 - body: > - This increases the number of open connections that redsocks can - support - + body: | + This increases the number of open connections that redsocks can support to a new maximum of 2048. - - See - https://github.com/darkk/redsocks/blob/19b822e345f6a291f6cff6b168f1cfdfeeb2cd7d/base.c#L419 + See https://github.com/darkk/redsocks/blob/19b822e345f6a291f6cff6b168f1cfdfeeb2cd7d/base.c#L419 footer: Change-type: patch change-type: patch @@ -22144,35 +22036,22 @@ - commits: - subject: "Engine healthcheck: deal with empty uuid file" hash: 345d1440d34fe042f03884c4ae32f0ba7e7768e8 - body: > - In rare cases (believed to be caused by a non-atomic file - creation and - - writing operation in containerd), we end up with an empty file - at - + body: | + In rare cases (believed to be caused by a non-atomic file creation and + writing operation in containerd), we end up with an empty file at `/mnt/data/docker/containerd/daemon/io.containerd.grpc.v1.introspection/uuid`. - - This causes `ctr version` (and hence the health check) to fail. - See - + This causes `ctr version` (and hence the health check) to fail. See https://github.com/balena-os/balena-engine/issues/322 - This commit addresses this issue in two ways: - - 1. Before running `ctr version`, we check if the uuid file - exists and is + 1. Before running `ctr version`, we check if the uuid file exists and is empty. If so, we remove it. (The subsequent execution of `ctr version` by the healthcheck will create the file again.) - 2. After running `ctr version`, we check if the uuid file was - really + 2. After running `ctr version`, we check if the uuid file was really created and is not empty. - In both cases, when an empty uuid file is detected, we log the - event to - + In both cases, when an empty uuid file is detected, we log the event to help us confirm our hypothesis about the root cause. footer: Signed-off-by: Leandro Motta Barros @@ -23021,21 +22900,14 @@ - subject: "core: Reduce to 30 the retries number when trying to get the IP address of the DUT" hash: 02b270e1c55429c7316a9c65f70362185bbe3aec - body: > - Instead of retrying to get the DUT IP address 120 times - on a 1 seconds interval, - - let's reduce it to 30 times because the - resolveLocalTarget which we call will - + body: | + Instead of retrying to get the DUT IP address 120 times on a 1 seconds interval, + let's reduce it to 30 times because the resolveLocalTarget which we call will timeout too in 15 seconds: - https://github.com/balena-os/leviathan-worker/blob/master/lib/helpers/index.ts#L162 - - So reducing the retries number to 30 will effectly bring - the total combined timeout to a maximum of 8 minutes. + So reducing the retries number to 30 will effectly bring the total combined timeout to a maximum of 8 minutes. footer: Change-type: patch change-type: patch @@ -24243,12 +24115,10 @@ - commits: - subject: "wpa-supplicant: Sync with v2.10 from upstream" hash: 5464be07070bbc4a06a4d432250dd70b2b2e1522 - body: > + body: | Synced from: - http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/wpa-supplicant?id=3a43c2a82881688d85238464db371f695e60b572 - Closes #2838 footer: Change-type: patch @@ -24527,39 +24397,21 @@ - commits: - subject: "ntp: Remove race condition from directory creation" hash: 5fd19e26d35d7160e2531277a9a14e194d0b95c6 - body: > - Chronyd checks that the directory specified as `sourcedir` in - `chrony.conf` - - (in this case `/var/chrony`) is not world accessible if it - exists (chrony - - will create it correctly if it does not exist), and does not - start - + body: | + Chronyd checks that the directory specified as `sourcedir` in `chrony.conf` + (in this case `/var/chrony`) is not world accessible if it exists (chrony + will create it correctly if it does not exist), and does not start if that's the case. - - The way that the `/var/chrony` is created when it does not exist - opens - - the possibility of the directory existing with the wrong - permissions and - + The way that the `/var/chrony` is created when it does not exist opens + the possibility of the directory existing with the wrong permissions and hitting this problem. - - This commit creates the directory with the correct permissions - from the - + This commit creates the directory with the correct permissions from the start to avoid the race condition. - - It also changes the permissiong from 750 to 770 to match what - chrony - + It also changes the permissiong from 750 to 770 to match what chrony does (see - https://github.com/mlichvar/chrony/blob/7b197953e8add5515b7e58c4638dc55aa4bb91b7/conf.c#L1761) footer: Change-type: patch @@ -28072,18 +27924,13 @@ - commits: - subject: "hostapp-update-hooks: Rework bootfiles blacklist" hash: 7b523caa0099530c45b4d9981d31ca6c72a76262 - body: > + body: | We may have cases when for some boards we do not want - to have all these files blacklisted. See for example - https://github.com/balena-os/balena-rockpi/commit/b5eadcfb3a296eea2554dc0cbdd16002d51c5169 - In conclusion, we rework how the blacklist is constructed - - so that users of meta-balena can alter this list as they see - fit. + so that users of meta-balena can alter this list as they see fit. footer: Change-type: patch change-type: patch @@ -30647,15 +30494,10 @@ - subject: Avoid build warning removing trailing slash from source var for sd8887-nxp hash: aeccbdc6bd05e951c6822566985b95dafa3fb648 - body: > + body: | This avoids the following build warning: - - WARNING: - /build/balena-raspberrypi/build/../layers/meta-balena-raspberrypi/recipes-kernel/sd8887-nxp/sd8887-nxp.bb: - Recipe sd8887-nxp sets B variable with trailing slash - '/build/balena-raspberrypi/build/tmp/work/raspberrypi4_64-poky-linux/sd8887-nxp/1.0-r0/git/software/drivers/sd8887/', - remove it + WARNING: /build/balena-raspberrypi/build/../layers/meta-balena-raspberrypi/recipes-kernel/sd8887-nxp/sd8887-nxp.bb: Recipe sd8887-nxp sets B variable with trailing slash '/build/balena-raspberrypi/build/tmp/work/raspberrypi4_64-poky-linux/sd8887-nxp/1.0-r0/git/software/drivers/sd8887/', remove it footer: Changelog-entry: Avoid build warning removing trailing slash from source var for sd8887-nxp @@ -31284,27 +31126,17 @@ - commits: - subject: "kernel-balena: Disable building gcc plugins" hash: bd8d2de9983f47e46ffa0e689be88c5b12e46617 - body: > - Since - https://github.com/raspberrypi/linux/commit/1eee36a5520b5a89fb4d0d6af6f9cb0217a3164f - + body: | + Since https://github.com/raspberrypi/linux/commit/1eee36a5520b5a89fb4d0d6af6f9cb0217a3164f was merged and included in kernel versions after 5.10.84, - building the kernel-modules-headers fails due to various missing - headers from the gmp and mpc packages. This problem is visible - only after upgrading to a newer kernel, because until now the - gcc plugins kernel config was not enabled at all, due to the - failed check in the above mentioned patch. - Since we are not using the functions provided - by the gcc plugins anyway, we can disable this - config. footer: Change-type: patch @@ -31818,22 +31650,12 @@ - commits: - subject: Ignore selinux security opts when comparing services hash: 1b54ce8bfd5dd3d1f14f573a0bfe17ee1dd81630 - body: > - The moby engine v20.x.y adds some selinux [security - configurations](https://docs.docker.com/engine/reference/run/#security-configuration) - - depending on the [container - configuration](https://github.com/moby/moby/blob/master/daemon/create.go#L214). - - This would cause the supervisor to enter a service - restart loop as the - - current and target service configurations will never - match. The - - supervisor now ignores selinux specific security options - since those are - + body: | + The moby engine v20.x.y adds some selinux [security configurations](https://docs.docker.com/engine/reference/run/#security-configuration) + depending on the [container configuration](https://github.com/moby/moby/blob/master/daemon/create.go#L214). + This would cause the supervisor to enter a service restart loop as the + current and target service configurations will never match. The + supervisor now ignores selinux specific security options since those are not supported by balenaOS. footer: Closes: "#1890" @@ -32023,13 +31845,9 @@ nested: [] - subject: Backport platform-detection fixes from containerd hash: 9f71253561b1cd2f262ec0d6e81c5fbd09a7a0a1 - body: > + body: | See https://github.com/containerd/containerd/pull/4530 - - and `git log - ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be - ./platforms/` - + and `git log ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be ./platforms/` in the containerd repo footer: Change-type: patch @@ -32313,12 +32131,9 @@ nested: [] - subject: "hack: Fix CLI versioning" hash: a9d487d0751f7ad293ab66b3d24734505b41f85b - body: > + body: | https://github.com/balena-os/balena-engine-cli/commit/20c19830a95455e8562551aad52c715ad0807cc6 - - moves the versioning variables to a separate package. We - have to adjust - + moves the versioning variables to a separate package. We have to adjust the location in hack/make.sh too footer: Change-type: patch @@ -32464,32 +32279,23 @@ nested: [] - subject: "pkg/authorization: Fix test failures on macOS" hash: 6e9af0514461f1ce3945ed308ef13e3ddbc7dc4f - body: > + body: | On macOS, unit tests where failing with - - root@c4101a75c792:/go/src/github.com/docker/docker/pkg/authorization# - go test . - + root@c4101a75c792:/go/src/github.com/docker/docker/pkg/authorization# go test . --- FAIL: TestAuthZRequestPluginError (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long --- FAIL: TestAuthZRequestPlugin (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long --- FAIL: TestAuthZResponsePlugin (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long - time="2020-04-07T10:07:04Z" level=warning msg="Request - body is larger than: '1048576' skipping body" - + time="2020-04-07T10:07:04Z" level=warning msg="Request body is larger than: '1048576' skipping body" --- FAIL: TestMiddlewareWrapHandler (0.00s) authz_unix_test.go:295: listen unix authz-test-plugin.sock: bind: file name too long FAIL - FAIL github.com/docker/docker/pkg/authorization 0.120s - - This change moves the socket creation from a working - test directory to a tmp directory, - + This change moves the socket creation from a working test directory to a tmp directory, so the path is shorter. footer: Change-type: patch @@ -32717,14 +32523,10 @@ nested: [] - subject: "travis: Use the minimal machine" hash: 1f6ab50f0cc20d21a5719e4a00f5407f231ed6f2 - body: > - Since we build in docker anyway we can save the time it - usually takes to - + body: | + Since we build in docker anyway we can save the time it usually takes to set up the Go environment. - - See - https://docs.travis-ci.com/user/languages/minimal-and-generic/ + See https://docs.travis-ci.com/user/languages/minimal-and-generic/ footer: Change-type: patch change-type: patch @@ -33391,9 +33193,8 @@ - commits: - subject: "conf/layer: Include camera module dtoverlays" hash: 40d8622234d4025577fc3f7d66311f5abbf3a9ef - body: > - Add required dtoverlays for camera modules as per - [documentation](https://www.raspberrypi.com/documentation/accessories/camera.html#getting-started) + body: | + Add required dtoverlays for camera modules as per [documentation](https://www.raspberrypi.com/documentation/accessories/camera.html#getting-started) footer: Changelog-entry: "conf/layer: Include camera module dtoverlays" changelog-entry: "conf/layer: Include camera module dtoverlays" @@ -36421,10 +36222,8 @@ - commits: - subject: Add recipes for TPM2 tools hash: baddbd39fd17d364ebfd69bf139980ca82abc8ba - body: > - Taken from - http://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/meta-tpm/recipes-tpm2 - + body: | + Taken from http://git.yoctoproject.org/cgit/cgit.cgi/meta-security/tree/meta-tpm/recipes-tpm2 Only add the recipes, let DTs pull it as necessary. footer: Change-type: patch @@ -36478,19 +36277,13 @@ - commits: - subject: "dosfstools: selectively apply upstreamed patch" hash: 8f04f1142bcb3074d86e2827dfda6c7d8c87fefd - body: > - This patch was submitted and accepted upstream, and is present - since - + body: | + This patch was submitted and accepted upstream, and is present since v4.2. - https://github.com/dosfstools/dosfstools/commit/87a8f29785bb605350821f1638a42e6cf3e49ce3 - - This fixes a build error applying a patch that's already been - applied - + This fixes a build error applying a patch that's already been applied when building newer versions of dosfstools. footer: Change-type: patch @@ -36610,12 +36403,10 @@ - commits: - subject: Update balena-engine to v19.03.30 hash: abf610e022eeac709c054e4fb672b850ef08a940 - body: > + body: | Fixes EINVAL errors caused by sockets during storage migration, - https://github.com/balena-os/balena-engine/commit/17a198cb53a53da456c848bf303dc3917ca538c5 - Update balena-engine from 19.03.29 to 19.03.30 footer: Changelog-entry: Update balena-engine to v19.03.30 @@ -36880,39 +36671,21 @@ - commits: - subject: "common: conf: create disable-user-ns distro feature" hash: 7dde2133a5b1df710255b8b0471385cca1449c1d - body: > - When user namespacing was enabled in the kernel by default, a - separate - - commit [0] was introduced to disable the feature at runtime, to - allow - + body: | + When user namespacing was enabled in the kernel by default, a separate + commit [0] was introduced to disable the feature at runtime, to allow users/administrators to explicitly choose to enable it, avoiding - potential security implications. - - However, some applications such as Chromium's sandbox, require - either - - SUID or user namespacing to work. Disabling this feature on - boards - - that previously enabled it necessitates container modifications - and - + However, some applications such as Chromium's sandbox, require either + SUID or user namespacing to work. Disabling this feature on boards + that previously enabled it necessitates container modifications and potentially breaks previously working applications. - - Create a distro feature to disable user namespacing by default - in - - meta-balena, while allowing device types to keep it enabled to - maintain - + Create a distro feature to disable user namespacing by default in + meta-balena, while allowing device types to keep it enabled to maintain compatibility with their original behavior. - https://github.com/balena-os/meta-balena/commit/31c3ae8ad5c7ad45e450349b6972524da120e96c footer: Change-type: patch @@ -36980,9 +36753,8 @@ - commits: - subject: "Dockerfile_yocto-build-env: Install Honister host deps" hash: efc069c609431965394912d3ffd34362a1108852 - body: > - See - http://docs.yoctoproject.org/next/migration-guides/migration-3.4.html#new-host-dependencies + body: | + See http://docs.yoctoproject.org/next/migration-guides/migration-3.4.html#new-host-dependencies footer: Change-type: patch change-type: patch @@ -37443,13 +37215,9 @@ - commits: - subject: Backport platform-detection fixes from containerd hash: 9f71253561b1cd2f262ec0d6e81c5fbd09a7a0a1 - body: > + body: | See https://github.com/containerd/containerd/pull/4530 - - and `git log - ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be - ./platforms/` - + and `git log ad25c1a9c34361e4071f508b9a91946b05fce165^..2055e12953bb538228d8d9fe627fa545d7cf82be ./platforms/` in the containerd repo footer: Change-type: patch @@ -37600,22 +37368,13 @@ - commits: - subject: Bump path-parse from 1.0.6 to 1.0.7 hash: 2e38356bf4f5157483017ea2e6670514cbca49c1 - body: > - Bumps - [path-parse](https://github.com/jbgutierrez/path-parse) - from 1.0.6 to 1.0.7. - - - [Release - notes](https://github.com/jbgutierrez/path-parse/releases) - - - - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) - + body: | + Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. + - [Release notes](https://github.com/jbgutierrez/path-parse/releases) + - [Commits](https://github.com/jbgutierrez/path-parse/commits/v1.0.7) --- - updated-dependencies: - - dependency-name: path-parse dependency-type: indirect ... @@ -37631,24 +37390,14 @@ - commits: - subject: Bump tar from 4.4.13 to 4.4.19 hash: b7cb494602fbd050bb9e31b5e8293a080349562c - body: > - Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 - to 4.4.19. - - - [Release - notes](https://github.com/npm/node-tar/releases) - - - - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) - - - - [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19) - + body: | + Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.19. + - [Release notes](https://github.com/npm/node-tar/releases) + - [Changelog](https://github.com/npm/node-tar/blob/main/CHANGELOG.md) + - [Commits](https://github.com/npm/node-tar/compare/v4.4.13...v4.4.19) --- - updated-dependencies: - - dependency-name: tar dependency-type: indirect ... @@ -38213,47 +37962,25 @@ - commits: - subject: Fix regression with local mode push hash: 6f5f3bc2f3aea1bf5e5772533be80c3bfbb4e3a9 - body: > - PR #1749 introduced a bug when pushing local target - state. An update to - - the [image name - normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81) - - failed to consider the local image name format. This - results in mangling - - of image names in the database, i.e. the image - `ubuntu:latest` is stored - - as `/ubuntu:latest`. This causes an exception to be - returned by the - + body: | + PR #1749 introduced a bug when pushing local target state. An update to + the [image name normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81) + failed to consider the local image name format. This results in mangling + of image names in the database, i.e. the image `ubuntu:latest` is stored + as `/ubuntu:latest`. This causes an exception to be returned by the dockerode `getImage('/ubuntu:latest').inspect()` call. - - This sends the supervisor into a crash loop and is shown - on the supervisor - + This sends the supervisor into a crash loop and is shown on the supervisor journal logs as - ``` - getaddrinfo ENOTFOUND images at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:64:26) ``` - - Unfortunately if this happens on a user device, since - the mangled image - - name is already on the database, the easiest way to fix - is to remove the - - supervisor database and let the supervisor recreate it. - Deleting the - + Unfortunately if this happens on a user device, since the mangled image + name is already on the database, the easiest way to fix is to remove the + supervisor database and let the supervisor recreate it. Deleting the database should be side effect free. footer: Change-type: patch @@ -39941,30 +39668,17 @@ - commits: - subject: "balena-engine: refactor systemd service" hash: 8227a61f6bef6d93cc6a5acd0ef93a2012079964 - body: > - This makes it easier to overwrite the arguments passed in the - engine - - unit from drop-in overwrites. See the development image drop-in - unit for - + body: | + This makes it easier to overwrite the arguments passed in the engine + unit from drop-in overwrites. See the development image drop-in unit for reference. - - Using `systemctl edit --runtime balena.service`, which puts - those - - overwrites into `/run/systemd/system/balena.service.d/`, it - would be - - possible to modify the runtime behavior of the engine without - remounting - + Using `systemctl edit --runtime balena.service`, which puts those + overwrites into `/run/systemd/system/balena.service.d/`, it would be + possible to modify the runtime behavior of the engine without remounting the rootfs to be writeable. - - See - https://www.freedesktop.org/software/systemd/man/systemd.unit.html#System%20Unit%20Search%20Path + See https://www.freedesktop.org/software/systemd/man/systemd.unit.html#System%20Unit%20Search%20Path footer: Change-type: patch change-type: patch @@ -40306,12 +40020,10 @@ nested: [] - subject: "semver: Add bash utility for semantic version comparison" hash: 831c494a1bc1f286a9b95f22cc86ade46f336a89 - body: > + body: | From https://github.com/Ariel-Rodriguez/sh-semversion-2 - - MIT licensed: - https://github.com/Ariel-Rodriguez/sh-semversion-2/blob/main/LICENSE + MIT licensed: https://github.com/Ariel-Rodriguez/sh-semversion-2/blob/main/LICENSE footer: Change-type: patch change-type: patch @@ -42430,17 +42142,11 @@ - commits: - subject: Bump ssri from 6.0.1 to 6.0.2 hash: ae8dc8ff227237444ae532cf7e817bfc463fbac5 - body: > - Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to - 6.0.2. - + body: | + Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. - [Release notes](https://github.com/npm/ssri/releases) - - - - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - - - - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) + - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) + - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) footer: Change-type: patch change-type: patch @@ -43688,13 +43394,11 @@ nested: [] - subject: "dnsmasq: update to 2.84 with dnspooq fix" hash: 3afbe8dfbbaf9f73a09048e0350622535befa0a8 - body: > + body: | https://github.com/balena-os/meta-balena/issues/2099 - Copy dnsmasq 2.84 recipe and files from this upstream patch: - http://cgit.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/dnsmasq?id=3e28a31bb479f292b9a052a3d2eee84c49319ee3 footer: Change-type: patch @@ -44224,37 +43928,22 @@ - commits: - subject: replace busybox ps with procps [klutchell] hash: 00556af37cf241e2b95d9b719f1ab58cc9bbddb6 - body: > + body: | Replace busybox ps link with ps.procps without installing - any other procps packages. This will avoid regression and bloat - from swapping existing busybox links with procps variants. - By using procps as docker expects we can properly handle ps args - - such as -e and -o to format output. Busybox is only capable of - this - + such as -e and -o to format output. Busybox is only capable of this when compiled in "desktop" mode. - - This upstream commit to poky has already split the ps binary - into - + This upstream commit to poky has already split the ps binary into a separate procps package: + - https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=507a47a4e5077d5f8f76d9629be6b871dfd8eb90 - - - https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=507a47a4e5077d5f8f76d9629be6b871dfd8eb90 - - - So for now we can copy this recipe at the commit above into - compat branches - - and use that version until we pick up a branch newer than - gatesgarth. + So for now we can copy this recipe at the commit above into compat branches + and use that version until we pick up a branch newer than gatesgarth. footer: Change-type: patch change-type: patch @@ -44360,14 +44049,11 @@ - commits: - subject: "layers: Update device tree overlay list" hash: a0077d4280484aaa890f1563b35495d211a6be66 - body: > + body: | Add new device tree blobs to the list to bring in support for new - hardware such as merus-amp and more. - - From - https://github.com/raspberrypi/linux/tree/rpi-5.4.y/arch/arm/boot/dts/overlays + From https://github.com/raspberrypi/linux/tree/rpi-5.4.y/arch/arm/boot/dts/overlays footer: Changelog-entry: "layers: Update device tree overlay list" changelog-entry: "layers: Update device tree overlay list" @@ -44560,14 +44246,11 @@ nested: [] - subject: "gen_mod_headers: add missing arch headers to tools" hash: 5485f1fbc901a04eedbcc3b72cc95fdfb2d03665 - body: > + body: | Upstream changes to the kernel have switched to a shared x86 - insn decoder required by tools/objtool so we must add those - include and lib components to our target dir. - https://lore.kernel.org/lkml/20190830201021.utzjr6cs5hoxygyi@treble/T/ footer: Change-type: patch @@ -44734,18 +44417,12 @@ nested: [] - subject: "hostapp-update-hooks: Add supervisor database fix" hash: f3e7e164cf095218c1f92f2afecdd186cbbdfadd - body: > + body: | When adding hostapp extension support to mobynit, in: - https://github.com/balena-os/meta-balena/commit/6be3f1153d56c1c0c21e6d84db7be70be96bcd10 - - the supervisor database was relocated by mistake. On this - version the database - - returns to its original place, and these hooks copy the old - database to the - + the supervisor database was relocated by mistake. On this version the database + returns to its original place, and these hooks copy the old database to the new location to avoid data loss. footer: Change-type: patch @@ -44872,12 +44549,10 @@ nested: [] - subject: "systemd: add missing udev rules" hash: 02b48c9523ff5ed36cc2cfd94225ea4234649371 - body: > + body: | https://github.com/balena-os/poky/commit/e3cd4e584239c207e3c82bdf5d7216d26fd28fc7 - - add missing udev rules since systemd began including rules - explicitly + add missing udev rules since systemd began including rules explicitly footer: Change-type: patch change-type: patch @@ -44899,12 +44574,10 @@ nested: [] - subject: "dropbear: prevent conflicts with openssh" hash: 169c1652e46e3a31d4f96bb98cbcf8240f3453ca - body: > + body: | [https://github.com/balena-os/poky/commit/d365948ebd76625f82ef04e77d35bcfeced42fec] - - Dropbear is still required to migrate keys. Avoid the upstream - conflict with openssh. + Dropbear is still required to migrate keys. Avoid the upstream conflict with openssh. footer: Change-type: patch change-type: patch @@ -44963,15 +44636,11 @@ nested: [] - subject: "u-boot: disable u-boot-initial-env" hash: 9346f58cdd73924aec4279861ff43611c125ab5d - body: > + body: | https://github.com/balena-os/poky/commit/d7b8ae3faa9344f2ada22e0402066c2fff5958c6 - - We have no use for u-boot-initial-env and enabling it would - require - - additional changes in do_compile to match the commit linked - above. + We have no use for u-boot-initial-env and enabling it would require + additional changes in do_compile to match the commit linked above. footer: Change-type: patch change-type: patch @@ -44981,9 +44650,8 @@ nested: [] - subject: "dnsmasq: fix build after y2038 changes in glib" hash: fca86497476cf3d275ae3d4f8274d51b6b96a9b8 - body: > + body: | SIOCGSTAMP is defined in linux/sockios.h, not asm/sockios.h - http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3052ce208acf602f0163166dcefb7330d537cedb footer: Change-type: patch @@ -45091,15 +44759,11 @@ - commits: - subject: "zram-swap-init: adjust default to lesser of 50%/4GB" hash: 155af3386029a0e76b74ee60d58c32ba72073a82 - body: > - Copied from Fedora zram defaults [0]. This may be adjusted later - after - + body: | + Copied from Fedora zram defaults [0]. This may be adjusted later after doing our own profiling. - - [0] - https://fedoraproject.org/wiki/Changes/SwapOnZRAM#Default_zram_device_configuration: + [0] https://fedoraproject.org/wiki/Changes/SwapOnZRAM#Default_zram_device_configuration: footer: Change-type: minor change-type: minor @@ -47939,15 +47603,10 @@ - commits: - subject: Bump elliptic from 6.5.2 to 6.5.3 hash: c11004cd24fe66e6af7f16a79c0cc9e8847eb415 - body: > - Bumps [elliptic](https://github.com/indutny/elliptic) - from 6.5.2 to 6.5.3. - - - [Release - notes](https://github.com/indutny/elliptic/releases) - - - - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) + body: | + Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. + - [Release notes](https://github.com/indutny/elliptic/releases) + - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) footer: Change-type: patch change-type: patch @@ -48442,15 +48101,10 @@ - commits: - subject: Bump lodash from 4.17.15 to 4.17.19 hash: 01655b595555ae63ea1b70d623451c9ad3ec03dd - body: > - Bumps [lodash](https://github.com/lodash/lodash) from - 4.17.15 to 4.17.19. - - - [Release - notes](https://github.com/lodash/lodash/releases) - - - - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) + body: | + Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. + - [Release notes](https://github.com/lodash/lodash/releases) + - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) footer: Change-type: patch change-type: patch @@ -48803,19 +48457,13 @@ - subject: Use --mount instead of --volume for bind mounts to the supervisor container. hash: 0fd442943d6b6c802df2f6e35d334ecde0f748e9 - body: > - This makes sure the source path refers to an existing - file/directory on - + body: | + This makes sure the source path refers to an existing file/directory on the host. - https://docs.docker.com/engine/reference/commandline/service_create/#differences-between---mount-and---volume - - This avoids situations where --volume implicitely creates a - directory (see #1748) - + This avoids situations where --volume implicitely creates a directory (see #1748) Fixes #1754 footer: @@ -49703,30 +49351,17 @@ - commits: - subject: Add label to expose gpu to container hash: ae646a07ec6a6c96f7cb91f1d37898a94dbab47a - body: > - In the absence of an upstream implementation of the - DeviceRequest API introduced - - as part of Docker API v1.40 we roll our own using a - feature label. - - - As per my comment in the code, we fall back to the - default behavior of - - docker cli's `--gpu` and request single device with the - `gpu` capabilty. - - The only implementation at the moment is the NVIDIA - driver; here: + body: | + In the absence of an upstream implementation of the DeviceRequest API introduced + as part of Docker API v1.40 we roll our own using a feature label. + As per my comment in the code, we fall back to the default behavior of + docker cli's `--gpu` and request single device with the `gpu` capabilty. + The only implementation at the moment is the NVIDIA driver; here: https://github.com/balena-os/balena-engine/blob/master/daemon/nvidia_linux.go - Background on the composefile implementation: - https://github.com/compose-spec/compose-spec/issues/74 - https://github.com/docker/compose/issues/6691 footer: Change-type: patch @@ -52076,15 +51711,10 @@ - commits: - subject: Bump acorn from 5.7.3 to 5.7.4 hash: f8363fc72b21386cc3561be576d8f21ec0463c89 - body: > - Bumps [acorn](https://github.com/acornjs/acorn) from - 5.7.3 to 5.7.4. - - - [Release - notes](https://github.com/acornjs/acorn/releases) - - - - [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) + body: | + Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4. + - [Release notes](https://github.com/acornjs/acorn/releases) + - [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) footer: Change-type: patch change-type: patch @@ -53295,14 +52925,10 @@ author: Alex Gonzalez - subject: Update openvpn to v2.4.7 hash: 5c7d3ae1296636dae7b0de67a9c0f8c66d996d1c - body: > + body: | Fetched from: - - * - https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn_2.4.7.bb?id=c1c8895609ae70a1b735e8625c19046c25184ee4 - - * - https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn/openvpn?id=910891d722085c56c474ac72788898b94c5ed193 + * https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn_2.4.7.bb?id=c1c8895609ae70a1b735e8625c19046c25184ee4 + * https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn/openvpn?id=910891d722085c56c474ac72788898b94c5ed193 footer: Connects-to: "#1740" connects-to: "#1740" @@ -53457,19 +53083,13 @@ author: Pagan Gazzard - subject: Add leading new line for PACKAGE_INSTALL variable hash: e79c470b3eaa8d6e763103fa20858fbed61ff292 - body: > + body: | Without the leading space, the last package name - of the PACKAGE_INSTALL variable from other recipes, - is concatenated with the one added in this recipe resulting - in the following error - opkg_prepare_url_for_install - Couldn't find anything to satisfy - 'kernel-module-sdhci-pciinitramfs-module-console-null-workaround' footer: Change-type: patch @@ -53548,9 +53168,8 @@ author: Will Boyce - subject: Add wpa-supplicant recipe and update to v2.9 hash: 139f76b73918e12aa8082896a7a017d2ad5df739 - body: > - Fetched from - http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/wpa-supplicant?id=95507898ad6a7b88c83ef376c1cb8b3b3a685c96 + body: | + Fetched from http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-connectivity/wpa-supplicant?id=95507898ad6a7b88c83ef376c1cb8b3b3a685c96 footer: Connects-to: "#1711" connects-to: "#1711" @@ -55377,24 +54996,16 @@ - commits: - subject: Patches for TCP-based remote denial of service vulnerabilities hash: e5d92f9ac7ed96c17680d641f1f7aa034f80eb55 - body: > + body: | Netflix has identified several TCP networking vulnerabilities - in FreeBSD and Linux kernels. The vulnerabilities specifically - relate to the Maximum Segment Size (MSS) and TCP - Selective Acknowledgement (SACK) capabilities. - The most serious, dubbed SACK Panic, allows a - remotely-triggered kernel panic on recent Linux kernels. - These patches address most of these vulnerabilities. - Patch source: - https://github.com/Netflix/security-bulletins/blob/master/advisories/third-party/2019-001.md footer: Changelog-entry: Patches for TCP-based remote denial of service vulnerabilities @@ -55464,17 +55075,12 @@ author: Andrei Gherzan - subject: Fix kernel-devsrc on thud when kernel version < 4.10 hash: c4cd6307ac3ae86a8d34b91d9dc82b6d3310db9b - body: > - Thud breaks when building against kernel version < 4.10. This is - a known - + body: | + Thud breaks when building against kernel version < 4.10. This is a known issue which is fixed in poky warrior[1]. This patch includes a - workaround for thud. - - [1] - http://lists.openembedded.org/pipermail/openembedded-core/2019-February/278695.html + [1] http://lists.openembedded.org/pipermail/openembedded-core/2019-February/278695.html footer: Change-type: patch change-type: patch @@ -55584,31 +55190,17 @@ author: Zubair Lutfullah Kakakhel - subject: Use all.rp_filter=2 as the default value in balenaOS hash: 2fe90f3316a9394db0a060ec976d23fa97d4f00a - body: > - This change backports a PR[1] that is already in systemd and - will come - + body: | + This change backports a PR[1] that is already in systemd and will come included by default from the version in Yocto warrior. - - In summary, with this change we fix newer NM which stopped - handling - - rp_filter when connected to multiple interfaces. See "device: - disable - - rp_filter handling" commit from NM. Without this change, only - the - - default route will me usable and binding to a specific interface - will - - break connectivity if that interface is not also the default - route for - + In summary, with this change we fix newer NM which stopped handling + rp_filter when connected to multiple interfaces. See "device: disable + rp_filter handling" commit from NM. Without this change, only the + default route will me usable and binding to a specific interface will + break connectivity if that interface is not also the default route for the target IP. - [1]https://github.com/systemd/systemd/pull/10971/commits/6caa14f763c11630f28d587b3caa5f0e6dc96165 footer: Change-type: minor @@ -55673,18 +55265,11 @@ author: Zubair Lutfullah Kakakhel - subject: Set both VERSION_ID and VERSION in os-release to host OS version hash: 40347f618b3b70ccc5f40e924990197ae9fa7e6b - body: > - VERSION and VERSION_ID had a slightly different semantics in - balenaOS. - - VERSION was referring to the BalenaOS (host OS) version (which - is coming from - - device repositories) while VERSION_ID was set to the - DISTRO_VERSION. - + body: | + VERSION and VERSION_ID had a slightly different semantics in balenaOS. + VERSION was referring to the BalenaOS (host OS) version (which is coming from + device repositories) while VERSION_ID was set to the DISTRO_VERSION. This brings confusion so we change it to adhere to - https://www.freedesktop.org/software/systemd/man/os-release.html. footer: Change-type: minor @@ -55907,9 +55492,8 @@ author: Andrei Gherzan - subject: Sync ModemManager recipe with upstream hash: e0be8f152c88a5635b5d18249c5f882caf9e31c5 - body: > + body: | We also pushed the latest update we did in BalenaOS to upstream: - http://lists.openembedded.org/pipermail/openembedded-devel/2019-May/199743.html footer: Change-type: patch @@ -55921,12 +55505,10 @@ author: Andrei Gherzan - subject: Update NetworkManager to 1.18.0 hash: 808f6f1790357b4f282a15cbb72c603ee77f63d3 - body: > + body: | Fixes #1492 - Pushed to upstream as well: - http://lists.openembedded.org/pipermail/openembedded-devel/2019-May/199742.html footer: Change-type: minor @@ -56402,44 +55984,22 @@ author: Andrei Gherzan - subject: Make security flags inclusion yocto version specific hash: 9571c572e4abcd1ea5951fa408b1543bc40db8c9 - body: > - Since thud, poky distro file on which balena OS is based, - already - - includes security_flags.inc. Because of this change, this - version throws - + body: | + Since thud, poky distro file on which balena OS is based, already + includes security_flags.inc. Because of this change, this version throws a build warning similar to: + WARNING Duplicate inclusion for /build/../layers/poky/meta/conf/distro/include/security_flags.inc + in /build/../layers/meta-resin/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc - WARNING Duplicate inclusion for - /build/../layers/poky/meta/conf/distro/include/security_flags.inc - - in - /build/../layers/meta-resin/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc - - - This happens because again, we import `poky` and - `security_flags` but - - since thud, poky includes security_flags by default. In order to - avoid - - this warning we import it (security_flags) now using an .inc - file at the - - level of the yocto version meta-balena layer. There is as well a - small - - additional wrinkle here. We switch the include statement from - `require` - - to `include` so new layers (like thud) don't have to carry this - hack in - + This happens because again, we import `poky` and `security_flags` but + since thud, poky includes security_flags by default. In order to avoid + this warning we import it (security_flags) now using an .inc file at the + level of the yocto version meta-balena layer. There is as well a small + additional wrinkle here. We switch the include statement from `require` + to `include` so new layers (like thud) don't have to carry this hack in the future. - This commit prepares meta-balena for thud support. footer: Change-type: patch @@ -57877,9 +57437,8 @@ author: Cameron Diver - subject: Fix for some warnings hash: 1d92f8c3bcc21a7c0b21b12f65f1051616f04b78 - body: > - From - http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-kernel/linux/kernel-devsrc.bb?h=thud&id=fd74848c3c06901a77057ca03f7c01aff08ee34a + body: | + From http://cgit.openembedded.org/openembedded-core/commit/meta/recipes-kernel/linux/kernel-devsrc.bb?h=thud&id=fd74848c3c06901a77057ca03f7c01aff08ee34a footer: Change-type: patch change-type: patch @@ -57972,16 +57531,11 @@ - subject: Add a workaround for a bug where the chronyc online command in network manager hook would get stuck and eat cpu cycles hash: 6fe830882bf8ee62dc6db09b5a8a6f099d64fe41 - body: > - We have noticed devices in support that show high cpu usage - because - + body: | + We have noticed devices in support that show high cpu usage because the process chronyc online seems to be eating up 50% cpu. - - This is probably fixed upstream - https://github.com/mlichvar/chrony/commit/6863e43269fe27ce2744eb643295f31c00ec176d#diff-50898f0cb35139d87132f4732a029213 - + This is probably fixed upstream https://github.com/mlichvar/chrony/commit/6863e43269fe27ce2744eb643295f31c00ec176d#diff-50898f0cb35139d87132f4732a029213 Add a timeout in any case as its a lower risk option footer: @@ -58735,21 +58289,14 @@ author: Florin Sarbu - subject: Include avahi d-bus introspection files in rootfs hash: d98f0d47369135f1c88429aac58b73aced3d4f6c - body: > - Poky removes the dbus introspection description documents for - avahi. - + body: | + Poky removes the dbus introspection description documents for avahi. See: - http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=59a08907eafffde664079b9a2068f47131dd3f5d - - dbus-native node module requires this data to be available to - allow - + dbus-native node module requires this data to be available to allow access to interfaces. - Fixes #1140 footer: Change-type: minor diff --git a/CHANGELOG.md b/CHANGELOG.md index 24f27ef00..464da0dc6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,16 @@ Change log ----------- +# v2024.10.1 +## (2024-12-17) + +* bump yocto-scripts action to v1.25.47 [rcooke-warwick] +* Allow force-finalize for manual workflow dispatch [rcooke-warwick] +* remove test_matrix from devices without tests setup [rcooke-warwick] +* cleanup workflow triggers [rcooke-warwick] +* Update balena-os/balena-yocto-scripts to v1.25.45 [balena-renovate[bot]] +* Add GHA build test deploy workflows to repository [Vipul Gupta (@vipulgupta2048)] + # 2024.10.0 ## (2024-10-25) diff --git a/VERSION b/VERSION index 26337ea22..6b5131d73 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2024.10.0 \ No newline at end of file +2024.10.1 \ No newline at end of file