From a851e4a066d3dbcd0044e15097fc6353741dcff2 Mon Sep 17 00:00:00 2001 From: "flowzone-app[bot]" <124931076+flowzone-app[bot]@users.noreply.github.com> Date: Mon, 5 Aug 2024 08:15:08 +0000 Subject: [PATCH] v5.1.34+rev1 --- .versionbot/CHANGELOG.yml | 4584 +++++++++++++++++++++++++++---------- CHANGELOG.md | 267 +++ VERSION | 2 +- 3 files changed, 3650 insertions(+), 1203 deletions(-) diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index c0e14143..f000b0ec 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,969 @@ +- commits: + - subject: Update balena-yocto-scripts to 730286256ce2ff6db73bce2b8289d2199596269e + hash: d44aa95f55bc9f284dcf1aa97678e84e734e1cef + body: Update balena-yocto-scripts + footer: + Changelog-entry: Update balena-yocto-scripts to 730286256ce2ff6db73bce2b8289d2199596269e + changelog-entry: Update balena-yocto-scripts to 730286256ce2ff6db73bce2b8289d2199596269e + author: balena-renovate[bot] + nested: + - commits: + - subject: Update actions/upload-artifact action to v4.3.5 + hash: 47535180af9f0a0dcb35ba6b0edea204e7de3ba7 + body: | + Update actions/upload-artifact from 4.3.4 to 4.3.5 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.18 + title: "" + date: 2024-08-05T04:31:00.525Z + - commits: + - subject: Update Lock file maintenance + hash: bb1923b984c6646d36356f4acf171a30cabdfd3d + body: | + Update + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.17 + title: "" + date: 2024-08-05T02:04:43.860Z + - commits: + - subject: Update docker/login-action action to v3.3.0 + hash: 65a653d66efd1cbfdca1616d62a9387dc47eb50e + body: | + Update docker/login-action from 3.0.0 to 3.3.0 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.16 + title: "" + date: 2024-07-30T03:01:08.144Z + - commits: + - subject: Update actions/upload-artifact action to v4.3.4 + hash: f81cf0f07965cf34d687b76e9ad7befc6f49cf9c + body: | + Update actions/upload-artifact from 4.3.0 to 4.3.4 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.15 + title: "" + date: 2024-07-30T01:00:25.663Z + - commits: + - subject: Update balena-os/leviathan digest to 36aafe0 + hash: e5842524bf70adc29c62f35e0744ee970d232866 + body: | + Update balena-os/leviathan + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.14 + title: "" + date: 2024-07-29T22:37:24.756Z + - commits: + - subject: Update actions/checkout action to v4.1.7 + hash: c9da5d524bbebe7dde5175584589cce5634b7a41 + body: | + Update actions/checkout from 4.1.1 to 4.1.7 + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.13 + title: "" + date: 2024-07-29T20:55:15.720Z + - commits: + - subject: Update Pin dependencies + hash: c48f1f984f2f22f49fc9aee3f1cc9883f8ca7ec5 + body: | + Update actions/checkout + footer: + Change-type: patch + change-type: patch + author: balena-renovate[bot] + nested: [] + version: balena-yocto-scripts-1.25.12 + title: "" + date: 2024-07-29T18:13:01.088Z + - commits: + - subject: "revovate: change config to use balena-io template" + hash: f4d82d9029f39245cf15d2433a783d33787a73d1 + body: > + in this repo we are using "change-type" commits, but renovate is + using the balena-os default which is using "changelog-entry" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.11 + title: "" + date: 2024-07-29T15:14:59.755Z + - commits: + - subject: By default, deploy hostapp on push only + hash: 87763dfc75504522c1dadc698f74576bbf0e9320 + body: > + This is meant to keep the defaults of `deploy-s3` and + `deploy-hostapp` + + consistent. + footer: + Signed-off-by: Leandro Motta Barros + signed-off-by: Leandro Motta Barros + Change-type: patch + change-type: patch + author: Leandro Motta Barros + nested: [] + version: balena-yocto-scripts-1.25.10 + title: "" + date: 2024-07-23T02:23:14.094Z + - commits: + - subject: use token to fetch private contracts + hash: acfc8d20ce8dd4b29eae67679dd1a89ffcc75c7c + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: unroll balena_lib_build_contract function + hash: 82c9e482f3bfb0fcd960c455f2c8ff0c42c98baa + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: unroll balena_api_is_dt_private function + hash: cc3102dbb1348ee563b08dfd3afd37daaa0404ca + body: > + when building + deploying or a private DT , the check to see if + the DT is private fails. This is due to + https://github.com/balena-os/balena-yocto-scripts/blob/master/automation/include/balena-api.inc#L424 + using this function: + https://github.com/balena-os/balena-yocto-scripts/blob/master/automation/include/balena-lib.inc#L191 + - which uses the jenkins deployTo variable to select the correct + api url and token. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.9 + title: "" + date: 2024-07-22T16:18:49.689Z + - commits: + - subject: Use env vars BALENA_HOST and BALENACLOUD_SSH_URL when provided + hash: f04607fc0f50a99bb2fd14370a2e2dae0e3f7094 + body: | + These currently differ between environments, and we will need + to start supporting environment names that are not the same + as the balena host. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.8 + title: "" + date: 2024-07-17T19:56:20.231Z + - commits: + - subject: Fix handling of empty test matrix input + hash: 727d8d275455361d3bc82b5aec392e9aaa08248b + body: | + Previously an empty test matrix would cause + an error in the workflow. + + Added an if condition to check for a valid + test_suite property where applicable. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.7 + title: "" + date: 2024-07-16T20:10:01.990Z + - commits: + - subject: Use App Installation tokens so we can clone private submodules + hash: 9ca32e51938efc3c5cd01b96eecce85665fb9698 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.6 + title: "" + date: 2024-07-15T15:11:37.708Z + - commits: + - subject: only login to s3 if deploying to s3 + hash: a23ed7074fd2af18b952b9d0f6ee2623dd6a76f8 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.5 + title: "" + date: 2024-07-08T16:52:21.474Z + - commits: + - subject: "balena-deploy: deploy secure boot lock artifacts if available" + hash: 01378a49b0b2264afcf6d2dc4d016e2be206fde7 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.25.4 + title: "" + date: 2024-07-06T09:01:53.726Z + - commits: + - subject: use workflow run of PR head instead of statuses to determine test + results + hash: ad06820f4174568383678710fa68b2054da6db57 + body: > + Since we have moved to workflows for tests instead of status + checks, we have to fetch the workflow runs for the appropriate + commit to determine a test pass/fail. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.25.3 + title: "" + date: 2024-07-05T12:42:09.570Z + - commits: + - subject: Remove dry-run flag from S3 upload + hash: cf0301996022ef58a9c19d40d002d72a1bbcf705 + body: | + We are publishing hostapp releases to staging already, we should + start including the associated S3 files as well. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.2 + title: "" + date: 2024-07-03T21:19:20.964Z + - commits: + - subject: Fix actionlint errors and warnings in shell steps + hash: da910ed9ac6fdd70bd0ebd1beb0dbbd1248517fd + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.1 + title: "" + date: 2024-07-03T18:33:05.802Z + - commits: + - subject: Do not run any tests by default unless provided by calling workflow + hash: d0cfc42cf8a17ef6b5f2ac4eed6f84d1581435e6 + body: > + As there are currently more device types without tests than + with, + + and some of those with tests need to provide overrides anyway, + it's + + simpler to assume an empty test matrix unless provided. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.25.0 + title: "" + date: 2024-07-03T15:44:25.729Z + - commits: + - subject: "patch: No upload to GH artifacts when PR is closed" + hash: cdee530e227972e251a2c7c06f4a3e97747419ca + body: > + Uploading artifacts to GH artifact storage when PR is merged + + (closed event) is wasterful. Since they are only uploaded for + temporary + + basis so it can be used for testing. Hence, the PR to stop doing + that + + for closed PR event + footer: + Signed-off-by: Vipul Gupta (@vipulgupta2048) + signed-off-by: Vipul Gupta (@vipulgupta2048) + author: Vipul Gupta (@vipulgupta2048) + nested: [] + version: balena-yocto-scripts-1.24.3 + title: "" + date: 2024-07-02T22:05:09.072Z + - commits: + - subject: Fix quoting of $GITHUB_OUTPUT + hash: 5f56f3236d8ee3d764e46e419aa2431dd42d45ff + body: | + We had typos in two cases, in which we missed the opening quote. + footer: + Signed-off-by: Leandro Motta Barros + signed-off-by: Leandro Motta Barros + Change-type: patch + change-type: patch + author: Leandro Motta Barros + nested: [] + version: balena-yocto-scripts-1.24.2 + title: "" + date: 2024-07-02T00:54:39.074Z + - commits: + - subject: Simplify check for secure boot + hash: be189f7e2f6fb26f778f29e1f955a1cdd01bc8a4 + body: > + We were previously introducing a variable that was essentially + + replicating the contents of an input. This commit makes use of + the input + + directly. + + + Incidentally, the previous code also had a small bug/typo, in + which we + + mixed a test for string length with a test for string equality. + footer: + Signed-off-by: Leandro Motta Barros + signed-off-by: Leandro Motta Barros + Change-type: patch + change-type: patch + author: Leandro Motta Barros + nested: [] + version: balena-yocto-scripts-1.24.1 + title: "" + date: 2024-06-27T20:35:29.474Z + - commits: + - subject: Support runner selection in the test matrix + hash: d409cb0fbaa307a179973b60e5faff8cda6bc34b + body: > + Default to self-hosted X64 with KVM for now to align with + Jenkins but in the future + + we should consider using GitHub hosted runners for the testbot + workers. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Allow both combinatorial and include syntax for test_matrix + hash: 2bfc3a0d72830626366cf210f4fe9a0e649688c5 + body: > + The include syntax allows full control over settings used + + in each test job, but the combinatorial is simpler to write + + for basic use cases. + + + Rather than force one, we can allow both and default to the + simple + + syntax. + + + Marking as minor since the input syntax has changed, but isn't + + currently used in production anywhere. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.24.0 + title: "" + date: 2024-06-26T21:26:13.711Z + - commits: + - subject: Refactor secrets and variables to use environments + hash: c46eb9cfa4a272f00af4029c31e355477169802a + body: | + Reduce the required secrets and inputs required by + relying on vars and secrets set in each GitHub Environment. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.23.1 + title: "" + date: 2024-06-26T12:43:22.833Z + - commits: + - subject: "Dockerfiles: update balenaCLI version to 18.2.2" + hash: cd6ff2606e5f7a251c6b03d4cfbea371d00a9db7 + body: | + Update balena CLI from 17.2.2 to 18.2.2. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Joseph Kogut + signed-off-by: Joseph Kogut + author: Joseph Kogut + nested: [] + - subject: "Dockerfile_yocto-build-env: bump base image to 22.04" + hash: e027c512dbcf801a66a4bb4da15639ca67eedd2e + body: > + This brings a new Docker engine version which supports cgroup v2. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Joseph Kogut + signed-off-by: Joseph Kogut + author: Joseph Kogut + nested: [] + version: balena-yocto-scripts-1.23.0 + title: "" + date: 2024-06-19T15:20:58.274Z + - commits: + - subject: Update job conditions to allow non-PR events for internal branches + hash: 2d0f1029d7b5489feb7c98d749ff66c8faf2f1e7 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Hardcode environment paths at the job level + hash: 5dc710c0cc5d8a1c0da97bbb9d39fdb51f5a4497 + body: | + This is easier to read and less likely to break + with unexpected values. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Replace test inputs with a single JSON matrix input + hash: 0d6cb8ac05fec8dd314f12e5335f847ef3f8ab78 + body: | + This allows full control over which test conditions are + used for each test job without combinatorial explosion. + + For example, different environments could be used for + specific test suites, or the cloud suite could be run + twice while the other suites run once. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.4 + title: "" + date: 2024-06-14T15:57:11.418Z + - commits: + - subject: "jenkins_generate_ami: pass yocto scripts version as an env var to + helper container" + hash: af71169b93e855c8ecb378b5de3d4a1c12f44510 + body: > + The ami deploys in jenkins fail at the moment because the + balena-lib.inc script fails to fetch the version of the yocto + scripts when running inside the helper image. Passing the + version to the helper image via an env var helps this + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.22.3 + title: "" + date: 2024-06-13T19:04:31.350Z + - commits: + - subject: Update the triggers on the example test workflow + hash: 1f09e509e09a1a44b62772b9e197fe183c72744d + body: | + We do not need to run the workflow on close/merge, and we + can skip the manual workflow runs on this project as + each device type will have it's own workflow in the device + repos supporting manual triggers. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.2 + title: "" + date: 2024-06-12T17:54:57.718Z + - commits: + - subject: Prevent duplicate workflow runs for multiple triggers + hash: e0132cfba86fcc05527dc4702d6841723752be38 + body: | + This may need to be force merged. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Add catchall job to yocto-build-deploy for merge requirements + hash: 6b023b572a35d18743cf4a5d36b9d2f7443fc744 + body: | + This is a helper job to avoid having to mark all build/test + matrices as required, as this job will always run and return + success or failure. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.1 + title: "" + date: 2024-06-07T13:45:18.699Z + - commits: + - subject: Create workflow to build and deploy balenaOS + hash: 5868caaa3b7bf506381c8d22f7b0b4035f7e2658 + body: "" + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.22.0 + title: "" + date: 2024-06-06T17:24:03.676Z + - commits: + - subject: "balena-deploy: deploy usbboot if available" + hash: a62a90bcf05fdccc9cdbaa9961d2db823bbeb9b5 + body: | + This is where the RPI family deploys provisioning artifacts. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.21.10 + title: "" + date: 2024-05-02T09:18:16.451Z + - commits: + - subject: "balena-lib: improve base tag detection" + hash: 872bb3b1df920b026b524e041bf4f4f7c422cb2f + body: > + When a ESR release is deployed a tag with the base meta-balena + version + + is created. This is used by the API to check for a valid OS + version + + for updates. + + + The current mechanism to find the base version only provides an + ESR + + version for the first commit after the branch has been created. + + + Using merge-base to find the common ancestor and `tag + --points-at` to + + find the actual tag works for all commits after the branch is + created. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.21.9 + title: "" + date: 2024-04-30T14:17:29.958Z + - commits: + - subject: Support commit tags when extracting version tag from git + hash: 98fec51fae4721224e64cfec52480a5f17b8e271 + body: > + Git describe does not include commit tags by default, and only + annotated tags are shown. + + + This behaviour was fine until a recent CI issue changed the + types of tags used to version the repositories. + + + This commit allows supporting of both types while the CI issue + is investigated. + footer: + Change-type: patch + change-type: patch + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.8 + title: "" + date: 2024-04-29T17:17:30.203Z + - commits: + - subject: Add missing $select for release_asset.asset_key + hash: 4f4f65c0b2cace726eccbea5d5ed8ed0f8302e54 + body: "" + footer: + Change-type: patch + change-type: patch + author: Thodoris Greasidis + nested: [] + version: balena-yocto-scripts-1.21.7 + title: "" + date: 2024-04-19T14:22:55.708Z + - commits: + - subject: 'Revert "balena-build: avoid using device-type as a prefix in yocto + sstate"' + hash: 7a85083784a3225debf2276a978558df5a307ec7 + body: | + This reverts commit f4a9566941083770151ebe3edd78e9866b4856fb. + footer: + Change-type: patch + change-type: patch + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.6 + title: "" + date: 2024-03-25T14:58:37.715Z + - commits: + - subject: Merge AMI publishing dependencies into yocto-build-env + hash: c208a885e849b1b49231de31268a482344220d38 + body: | + This allows us to build and publish fewer helper images. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.5 + title: "" + date: 2024-03-14T19:05:22.682Z + - commits: + - subject: "balena-build: avoid using device-type as a prefix in yocto sstate" + hash: f4a9566941083770151ebe3edd78e9866b4856fb + body: > + Yocto already splits the build sstate by target arch, native + arch, toolchains, and machine where applicable. + + + Keeping the caches separated by device type prevents sharing of + common cache steps between identical toolchains and + architectures. + footer: + Change-type: patch + change-type: patch + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.4 + title: "" + date: 2024-03-13T18:16:12.920Z + - commits: + - subject: Enable S3 Server Side Encryption flags + hash: 93a2a37249c8262662934e4220c1009a8f22c51c + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.3 + title: "" + date: 2024-02-11T13:57:42.525Z + - commits: + - subject: "automation/include: Pass helper image version" + hash: 2a8e25e0d0b46b3249c1c77b0c38219ebcdea1f0 + body: > + This is needed by the balena-push-env helper image that needs + the + + balena-yocto-scripts version but has no way of getting that info + + otherwise. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Florin Sarbu + signed-off-by: Florin Sarbu + author: Florin Sarbu + nested: [] + version: balena-yocto-scripts-1.21.2 + title: "" + date: 2024-02-08T07:44:50.538Z + - commits: + - subject: "balena-deploy: Remove docker.io when pulling image" + hash: bd23b9ad59a1645bce79b0df5ef3879d10774a3a + body: | + This seems to cause docker images --format to fail + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alexandru Costache + signed-off-by: Alexandru Costache + author: Alexandru + nested: [] + version: balena-yocto-scripts-1.21.1 + title: "" + date: 2024-02-07T12:39:41.622Z + - commits: + - subject: Return image id after pulling helper images + hash: f2fb17399ede63ceaada8c8625a250747745d97a + body: | + Also refactor the pull helper image functions to + support a single repository with multiple variant tags. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + - subject: Build and publish helper images with Flowzone + hash: 8a15692852f38bfd5158b61b5870dffd8f758a64 + body: | + Rather than build helper images on demand, we will + publish them to ghcr.io with every revision of this project. + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.21.0 + title: "" + date: 2024-02-02T18:52:51.154Z + - commits: + - subject: Remove unused block-build functions + hash: 130d7fb70f4a10755731e898e87610547fe44692 + body: "" + footer: + Change-type: minor + change-type: minor + Signed-off-by: Kyle Harding + signed-off-by: Kyle Harding + author: Kyle Harding + nested: [] + version: balena-yocto-scripts-1.20.0 + title: "" + date: 2024-02-02T16:29:21.897Z + - commits: + - subject: "automation/balena-deploy: Pin to known working version of balena-img" + hash: 927310397896f35bd1921202e8b1f30ba3ef47d8 + body: > + As per internal thread + https://balena.zulipchat.com/#narrow/stream/345890-balena-io/topic/Jenkins.20build.20failures/near/409602914 + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alexandru Costache + signed-off-by: Alexandru Costache + author: Alexandru Costache + nested: [] + version: balena-yocto-scripts-1.19.41 + title: "" + date: 2023-12-22T16:01:59.872Z + - commits: + - subject: "Dockerfiles: update balenaCLI version to 17.2.2" + hash: 635816960ec1f836433a397a420292462bafd2c5 + body: | + Update balenaCLI from 14.5.15 to 17.2.2 (current latest) + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "balena-deploy-block.sh: deploy licenses and changelog as release + assets" + hash: 173ab9a844e9c77f46bd5f022a62fc9100b83002 + body: > + This will make it possible to surface these build artifacts to + users. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "balena-deploy: Add changelog to deployed artifacts" + hash: 2c55cdc09d5fb38a225b1b11c413de1d5206fb44 + body: > + Deploying the changelog will allow to deploy it as a release + asset. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "balena-api: add release assets helper functions" + hash: bb9c5762ff424a9ae8df77d5dcebafa262fbe264 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.19.40 + title: "" + date: 2023-11-13T10:19:34.115Z + - commits: + - subject: "Dockerfile_yocto-build-env: Install rsync and uudecode host + dependencies" + hash: 20a981f81a47cf86c62efb57838baa4d45776560 + body: | + These are required for the UCM-iMX9 build + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alexnadru Costache + signed-off-by: Alexnadru Costache + author: Alexandru Costache + nested: [] + version: balena-yocto-scripts-1.19.39 + title: "" + date: 2023-10-20T13:47:52.543Z + - commits: + - subject: README.md ChangeType is needed for PR so add to README example + hash: 9f554545b218b3d00af08f1b6971605a1617ed22 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex J Lennon + signed-off-by: Alex J Lennon + author: Alex J Lennon + nested: [] + version: balena-yocto-scripts-1.19.38 + title: "" + date: 2023-10-11T06:39:29.551Z + - commits: + - subject: "Dockerfile_yocto-build-env: Add screen" + hash: 7ca8164eec0ba2903b5a463166fdb2d9370d3ba4 + body: | + To enable us to use `bitbake -c devshell foo` in container + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex J Lennon + signed-off-by: Alex J Lennon + author: Alex J Lennon + nested: [] + version: balena-yocto-scripts-1.19.37 + title: "" + date: 2023-10-10T13:49:21.732Z + - commits: + - subject: "flowzone: allow external contributions" + hash: e44cdd1b12d22ffb6d93408e794defee812436c2 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: balena-yocto-scripts-1.19.36 + title: "" + date: 2023-10-10T12:37:01.374Z + - commits: + - subject: "balena-deploy: fail if device type not found" + hash: 14896d0846e52ce45ed5b14e2b62cb965983c44a + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + - subject: "balena-api: Dont assume private if can't get DT" + hash: ae7c2e15e7ce6ee3588e1026653f0e54ff7c39f8 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Ryan Cooke + signed-off-by: Ryan Cooke + author: rcooke-warwick + nested: [] + version: balena-yocto-scripts-1.19.35 + title: "" + date: 2023-09-28T08:26:37.671Z + version: 5.1.34+rev1 + title: "" + date: 2024-08-05T08:14:59.016Z - commits: - subject: Update layers/meta-balena to b72d2791eb6b8e7a8fbb7b25cc43649a6c5cc281 hash: 4caaf187ae748c8b9bc5d258fb1cc52fddd6f5f6 @@ -113,36 +1079,47 @@ The balena bootloader initramfs contains the rootfs module and that - will get the rootfs mounted but not checked first for errors. This is + will get the rootfs mounted but not checked first for errors. + This is - problematic because at first boot with network connectivity available, + problematic because at first boot with network connectivity + available, - time will sync but the rootfs will still have the last mount time in + time will sync but the rootfs will still have the last mount + time in - 1970. If at that point the rootfs gets corrupted then at next boot + 1970. If at that point the rootfs gets corrupted then at next + boot - the rootfs' initramfs module from balena-bootloader will try to mount + the rootfs' initramfs module from balena-bootloader will try to + mount - the rootfs without checking it first and then after that the filesystem + the rootfs without checking it first and then after that the + filesystem - check triggered by the fsck module from the actual kernel initramfs will + check triggered by the fsck module from the actual kernel + initramfs will fail like this: - [init][INFO] Running filesystem checks on partition resin-rootA (/dev/disk/by-state/resin-rootA) + [init][INFO] Running filesystem checks on partition resin-rootA + (/dev/disk/by-state/resin-rootA) resin-rootA contains a file system with errors, check forced. - resin-rootA: Inodes that were part of a corrupted orphan linked list found. + resin-rootA: Inodes that were part of a corrupted orphan linked + list found. resin-rootA: UNEXPECTED INCONSISTENCY; RUN fsck MANUALLY. (i.e., without -a or -p options) - This commit will add the fsck module to balena bootloader's initramfs + This commit will add the fsck module to balena bootloader's + initramfs - which will trigger filesystem checks before the rootfs module runs. + which will trigger filesystem checks before the rootfs module + runs. footer: Change-type: patch change-type: patch @@ -246,7 +1223,8 @@ Also update containerd component from balena-containerd to also use - runc v1.1.12. Also update dependencies as indicated from balena-runc go.mod. + runc v1.1.12. Also update dependencies as indicated from + balena-runc go.mod. footer: Change-type: patch change-type: patch @@ -395,14 +1373,16 @@ This fixes rollback-health failures for boards like the Jetson Seeeed - J4012, which updates efivars for capsule updates from container hooks + J4012, which updates efivars for capsule updates from container + hooks and not from the current OS hooks. While the actual HUP works because of /sys being bindmounted by - hostapp-update, rollbacks will fail to run the old OS hooks unless + hostapp-update, rollbacks will fail to run the old OS hooks + unless efivarfs is mounted. footer: @@ -496,14 +1476,18 @@ Moby v25 adds the dynamically generated MAC address to the Config field, - which breaks the state engine, preventing the state from settling as the + which breaks the state engine, preventing the state from + settling as the - current state never matches the target state (empty mac address). This + current state never matches the target state (empty mac + address). This - seems to be a bug in Moby that we reported in moby/moby#47228 + seems to be a bug in Moby that we reported in + moby/moby#47228 - The issue won't affect Balena devices until balenaEngine is updated, and this + The issue won't affect Balena devices until balenaEngine + is updated, and this change fixes testing for now. footer: @@ -517,7 +1501,8 @@ From docker 25, the engine will validate IPAM config. This would cause - the docker utils test to fail since the network/subnet configuration was + the docker utils test to fail since the network/subnet + configuration was incorrect. footer: @@ -555,7 +1540,8 @@ The tsserver lsp doesn't seem to work well with .editorconfig. Using - prettierrc will allow formatting to work correctly with editor plugins + prettierrc will allow formatting to work correctly with + editor plugins This also updates editorconfig to work well with json @@ -578,7 +1564,8 @@ to be used as the balena bootloader. Device types are expected - to inherit it and perform additional device-specific configuration. + to inherit it and perform additional device-specific + configuration. footer: Change-type: patch change-type: patch @@ -592,9 +1579,11 @@ The kexec initrd script currently removes the maxcpus=0 kernel arg - which we use to put the system into non-SMP mode. This however does + which we use to put the system into non-SMP mode. This however + does - not work on all platforms and nr_cpus=1 seems to be a more robust + not work on all platforms and nr_cpus=1 seems to be a more + robust solution, so with this patch nr_cpus will be removed as well. footer: @@ -679,20 +1668,26 @@ body: > At this moment there is a race condition between NetworkManager - and the engine when a shared interface is configured. If the interface + and the engine when a shared interface is configured. If the + interface - is configured first and the engine second, the containers are allowed + is configured first and the engine second, the containers are + allowed - to access DHCP hosts behind the shared interface. If the engine comes + to access DHCP hosts behind the shared interface. If the engine + comes up first and the shared interface second, access will be denied. - This patch adds a dispatcher script that always configures the firewall + This patch adds a dispatcher script that always configures the + firewall - rules as if the engine came up last. This does not really address + rules as if the engine came up last. This does not really + address - the underlying issue but it overcomes the race condition and makes + the underlying issue but it overcomes the race condition and + makes the behavior deterministic, which is good enough at this point. footer: @@ -816,7 +1811,8 @@ UEFI firmware in secure boot needs to authenticate the kernel plus - initramfs in the chain of trust. Other firmware implements secure boot + initramfs in the chain of trust. Other firmware implements + secure boot differently and does not need this. footer: @@ -1009,12 +2005,14 @@ This is meant to allow users to configure their device to - resolve `.local` queries via dnsmasq by modifying config.json, e.g. `dnsServers": + resolve `.local` queries via dnsmasq by modifying + config.json, e.g. `dnsServers": "/bob.local/172.17.0.33`. - This would fail before as MDNS lookups would always come first + This would fail before as MDNS lookups would always come + first footer: Change-type: minor change-type: minor @@ -1056,15 +2054,20 @@ The `updateMetadata` step renames the container to match the target - release when the service doesn't change between releases. We have seen + release when the service doesn't change between + releases. We have seen - this step fail because of an engine bug that seems to relate to the + this step fail because of an engine bug that seems to + relate to the - engine keeping stale references after container restarts. The only way + engine keeping stale references after container + restarts. The only way - around this issue is to remove the old container and create it again. + around this issue is to remove the old container and + create it again. - This implements that workaround during the updateMetadata step to deal + This implements that workaround during the + updateMetadata step to deal with that issue. footer: @@ -1265,7 +2268,8 @@ There have been reports of an empty config vars cache file - probably - because of a race condition when the reading of config.json happens just + because of a race condition when the reading of config.json + happens just as the file is being replaced. @@ -1361,7 +2365,8 @@ If update-balena-supervisor runs and finds the image is already downloaded - it will run the specified supervisor but will not check that supervisor.conf + it will run the specified supervisor but will not check that + supervisor.conf is updated so the version will revert on the next update. footer: @@ -1381,12 +2386,14 @@ This provides an easy switch to enable tracing on HUP hooks that works - both on old and new OS hooks as enabling it depends on a config.json + both on old and new OS hooks as enabling it depends on a + config.json setting. - It is meant to debug field issues with HUP failure where all we see is: + It is meant to debug field issues with HUP failure where all we + see is: ``` @@ -1506,27 +2513,35 @@ (see https://github.com/systemd/systemd/pull/17917). - Properly detecting this is too cumbersome for a bash logging script, + Properly detecting this is too cumbersome for a bash logging + script, - see https://github.com/systemd/systemd/pull/17902, however, falling + see https://github.com/systemd/systemd/pull/17902, however, + falling - back to the last check, that is, seeing if `/.dockerenv` exists is easy + back to the last check, that is, seeing if `/.dockerenv` exists + is easy enough and works for our use case. - This script will only be called from the hostOS, and the only case it is + This script will only be called from the hostOS, and the only + case it is - called from a container is during HUP and the container is always a hostOS + called from a container is during HUP and the container is + always a hostOS - image. So even though the interface chosen by moby, a file under /, + image. So even though the interface chosen by moby, a file under + /, - is a bad interface in general, it works fine for the specific limitations + is a bad interface in general, it works fine for the specific + limitations of balenaOS. - Also, check for `/run/.containerenv` which is the equivalent interface + Also, check for `/run/.containerenv` which is the equivalent + interface for podman for future proofing. footer: @@ -1631,13 +2646,17 @@ Whenever the Supervisor reports current state, it diffs the current state - with its last reported current state. However, when the Supervisor starts + with its last reported current state. However, when the + Supervisor starts - up, there is no last reported state, since that last report is stored in + up, there is no last reported state, since that last + report is stored in - process memory. Caching the last report in a location that survives + process memory. Caching the last report in a location + that survives - Supervisor restarts will reduce the current report bandwidth used on startup. + Supervisor restarts will reduce the current report + bandwidth used on startup. footer: Change-type: patch change-type: patch @@ -1676,11 +2695,14 @@ We previously tried to use a single time limit for the execution of the - healthcheck test on all device types. This was causing occasional false + healthcheck test on all device types. This was causing + occasional false - positives in our Continuous Integration pipeline, though -- especially + positives in our Continuous Integration pipeline, though -- + especially - on slow devices like Pi Zeros and the generic-aarch64, which runs on + on slow devices like Pi Zeros and the generic-aarch64, which + runs on emulated hardware. @@ -1688,7 +2710,8 @@ This commit addresses this issue, this commit: - 1. Limits execution for device types for which we have collected enough + 1. Limits execution for device types for which we have collected + enough data to have a good idea of how long the test should take. 2. Uses time limits specific for each device type. footer: @@ -1718,11 +2741,14 @@ PR #2217 removed the expose configuration but also caused a regresion - where ports set via the `ports` configuration would no longer get + where ports set via the `ports` configuration would no + longer get - exposed to the host, despite portmappings being set. This fixes that + exposed to the host, despite portmappings being set. + This fixes that - issue by exposing only those ports comming from port mappings. + issue by exposing only those ports comming from port + mappings. footer: Change-type: patch change-type: patch @@ -1738,33 +2764,44 @@ The docker EXPOSE directive and corresponding docker-compose `expose` - service configuration serves as documentation/metadata that a container + service configuration serves as documentation/metadata + that a container - listens on a certain port that may be used for service discovery but it doesn't + listens on a certain port that may be used for service + discovery but it doesn't have any real impact on the ability for - other containers on the same network to access the exposed service via + other containers on the same network to access the + exposed service via - the port. In newer engine implementations, this property may conflict + the port. In newer engine implementations, this property + may conflict - with other network configurations, and prevent the container from being + with other network configurations, and prevent the + container from being started by the docker engine (see #2211). - This PR removes code that would manage the expose property and takes the + This PR removes code that would manage the expose + property and takes the - property out of the whitelist. A composition with the `expose` property + property out of the whitelist. A composition with the + `expose` property - will result in the log message `Ignoring unsupported or unknown compose fields: expose`. + will result in the log message `Ignoring unsupported or + unknown compose fields: expose`. - While this change should not have operational impact, it still removes + While this change should not have operational impact, it + still removes - a previously supported configuration and as such there is a chance of it + a previously supported configuration and as such there + is a chance of it - being a breaking change for some applications. For this reason it is + being a breaking change for some applications. For this + reason it is being published as a new major version. footer: @@ -1915,17 +2952,21 @@ The code moved from meta-balena-kirkstone was not really specific to - kirkstone so let's move it here so that future branches for newer yocto + kirkstone so let's move it here so that future branches for + newer yocto - releases which we'll base off kirkstone don't continue to add this + releases which we'll base off kirkstone don't continue to add + this unneeded duplication. There are other meta-balena-* directories that still contain the - duplication we moved from meta-balena-kirkstone but we're not really + duplication we moved from meta-balena-kirkstone but we're not + really - concerned with that because going forward those old directories will + concerned with that because going forward those old directories + will naturally get deprecated. footer: @@ -2007,12 +3048,14 @@ body: > If the target supervisor image is already cached but there is no - container running with it, the update script would just exit without + container running with it, the update script would just exit + without actually running the target supervisor. - This commit checks whether there is a running container using the + This commit checks whether there is a running container using + the target image and restarts the supervisor if there is none. footer: @@ -2162,7 +3205,8 @@ This check is now done in the cryptsetup initramfs hook rather than - during installation, which obviates the need to perform it during setup. + during installation, which obviates the need to perform it + during setup. Remove it. footer: @@ -2178,14 +3222,17 @@ During installation, some firmwares may allow keys to be enrolled but - fail to tip the system into user mode until the system is rebooted. We + fail to tip the system into user mode until the system is + rebooted. We - don't want to mislead users with only full-disk encryption into thinking + don't want to mislead users with only full-disk encryption into + thinking their system also has secure boot enabled when it doesn't. - Disable the hook to unlock encrypted partitions if the firmware fails to + Disable the hook to unlock encrypted partitions if the firmware + fails to boot into user mode. footer: @@ -2201,7 +3248,8 @@ We now have several places where secure boot specific configuration is - checked. Create an os-helpers-secureboot package to consolidate and + checked. Create an os-helpers-secureboot package to consolidate + and reuse this code. footer: @@ -2345,7 +3393,8 @@ This script is used by balenaHup to report provisioning failures to - the cloud. Adding retries, return status code check and error output + the cloud. Adding retries, return status code check and error + output should make it more resilient and easier to debug. footer: @@ -2515,13 +3564,17 @@ This reverts commit 0c7bad779291e15e419166a2c66c2a21dd06aa83, as that - change causes a service restart loop. The supervisor cannot distinguish + change causes a service restart loop. The supervisor + cannot distinguish - between ports exposed via the `EXPOSE` directive and the docker-compose + between ports exposed via the `EXPOSE` directive and the + docker-compose - `expose` property. Because of this, in the case of `network-mode: + `expose` property. Because of this, in the case of + `network-mode: - service:<...>` the current state and target state never match, leading + service:<...>` the current state and target state never + match, leading to a service restart loop. footer: @@ -2563,13 +3616,17 @@ The supervisor exposes ports configured using the `EXPOSE` directive in - the dockerfile when configuring the container for runtime. This can + the dockerfile when configuring the container for + runtime. This can - cause issues if using `network_mode: service:` as the + cause issues if using `network_mode: service:` as the - expose configuration is not compatible with that network mode. This + expose configuration is not compatible with that network + mode. This - fix now skips image exposed ports for that particular network mode. + fix now skips image exposed ports for that particular + network mode. footer: Change-type: patch change-type: patch @@ -2620,7 +3677,8 @@ devDependencies are tree-shaked, while dependencies are stored in the - image. We reserve dependencies just for those that contain binary + image. We reserve dependencies just for those that + contain binary bindings footer: @@ -2812,12 +3870,15 @@ body: > When searching for devices matching the glob list in - get_internal_device(), a glob match breaks from a nested loop rather + get_internal_device(), a glob match breaks from a nested loop + rather - than the parent loop, allowing the function to output multiple matches. + than the parent loop, allowing the function to output multiple + matches. - When running the flasher, this results in the script failing with an + When running the flasher, this results in the script failing + with an incorrect path to the internal disk. @@ -2925,7 +3986,8 @@ Alpine allows the `~=` syntax to match a part of the package version - when installing. In this case we want to use it to specify node and + when installing. In this case we want to use it to + specify node and npm major versions footer: @@ -2995,7 +4057,8 @@ security reasons. - This new balenaOS ESR bot has contents:write and workflows:write permissions + This new balenaOS ESR bot has contents:write and workflows:write + permissions but is only available on balenaOS repositories. footer: @@ -3123,16 +4186,19 @@ This is done by the bootloader (uboot/grub) at this moment but as we - are moving towards the balena 2nd stage bootloader, it needs to be + are moving towards the balena 2nd stage bootloader, it needs to + be moved into the initramfs. - This adds a standalone recipe - by default yocto tries to build all + This adds a standalone recipe - by default yocto tries to build + all modules defined in the initramfs-framework recipe, which breaks - on armv7 when abroot is defined there. This is because it depends + on armv7 when abroot is defined there. This is because it + depends on grub-editenv which is not supported on armv7. footer: @@ -3161,9 +4227,11 @@ body: > The rootfs script uses both os-helpers-fs and os-helpers-logging - though the package depends on neither. This seems to work now because + though the package depends on neither. This seems to work now + because - in most cases something else pulls in the dependencies or the code + in most cases something else pulls in the dependencies or the + code on a particular device does not fall under the branches that use @@ -3476,10 +4544,12 @@ This commit updates balena-containerd to a new version in which we - cherry-picked the change from here: https://github.com/containerd/containerd/pull/8086 + cherry-picked the change from here: + https://github.com/containerd/containerd/pull/8086 - This change avoids enabling AppArmor if the `/sbin/apparmor_parser` + This change avoids enabling AppArmor if the + `/sbin/apparmor_parser` binary is not found in the system. footer: @@ -3572,7 +4642,8 @@ The meta-balena version of modemmanager is no longer compatible with - Yocto Pyro, so stop trying to apply bbappend to it from meta-balena. + Yocto Pyro, so stop trying to apply bbappend to it from + meta-balena. footer: Change-type: patch change-type: patch @@ -4016,7 +5087,8 @@ The node-dbus module is unmaintained and a blocker for the update to - Node 18. Switching to our own node bindings for systemd solves this + Node 18. Switching to our own node bindings for systemd + solves this issue footer: @@ -4057,7 +5129,8 @@ mobile-broadband-provider-info 'master' branch was renamed to 'main', - causing do_fetch() to fail before it was changes in Yocto Kirkstone + causing do_fetch() to fail before it was changes in Yocto + Kirkstone commit e4795393c4882cf38273521539cc255a4ffcb34a. footer: @@ -4150,7 +5223,8 @@ Verify kernel lockdown prohibits loading of unsigned modules, and still - loads modules with a signature that validates against a trusted key. + loads modules with a signature that validates against a trusted + key. footer: Change-type: patch change-type: patch @@ -4196,24 +5270,31 @@ 314047e and b5c5214 made flasher block until the resin-device-register - service exits and made resin-device-register give up after 6 seconds + service exits and made resin-device-register give up after 6 + seconds - not to block infinitely when no network is available. This effectively + not to block infinitely when no network is available. This + effectively - means that if the device fails to register within first 6 seconds, + means that if the device fails to register within first 6 + seconds, - it will never retry, flasher will not report status to the dashboard + it will never retry, flasher will not report status to the + dashboard and the device will only register on first boot. - This patch changes the logic back to resin-device-register trying + This patch changes the logic back to resin-device-register + trying - in the background in an infinite loop and moves the "give the device + in the background in an infinite loop and moves the "give the + device a chance to register" delay to flasher itself. It also extends - the wait to openvpn as flasher already does that and wants VPN to run + the wait to openvpn as flasher already does that and wants VPN + to run to be debuggable - in case flashing fails, it would be possible @@ -4255,32 +5336,40 @@ CONIFG_SECURITY=n - which is mispelled and not being applied. The commit where this was + which is mispelled and not being applied. The commit where this + was - introduced claims it's needed to completely disable the audit logs, and + introduced claims it's needed to completely disable the audit + logs, and also that the security framework is unused. - I disagree in that it's unused - the hostOS is not using any security + I disagree in that it's unused - the hostOS is not using any + security - framework, but applications may, so luckily the security framework was + framework, but applications may, so luckily the security + framework was never disabled. - Removing this mispelled entry should have no functional effect. Whether + Removing this mispelled entry should have no functional effect. + Whether the audit subsystem is disabled will depend on the final kernel - configuration. Definitely we have not seen a need to disable it recently, + configuration. Definitely we have not seen a need to disable it + recently, and we have not seen the kernel log flooded with messages. - I'd argue the disabling of the audit subsystem in meta-balena serves no + I'd argue the disabling of the audit subsystem in meta-balena + serves no - need but I also have no specific reason to remove it at the moment. + need but I also have no specific reason to remove it at the + moment. Fixes #2947 @@ -4302,7 +5391,8 @@ The flasher/installer image can be configured by the user and that - configuration finishes up in the installed image. Add the dispatcher + configuration finishes up in the installed image. Add the + dispatcher scripts to this existing mechanim. footer: @@ -4318,7 +5408,8 @@ On boot, the dispatcher script are copied from the boot partition where - the user has configured them, to the bind mount used by the running + the user has configured them, to the bind mount used by the + running applications. footer: @@ -4352,18 +5443,23 @@ At this moment grub.cfg sources /grub/grub_extraenv which works fine - on MBR systems, however on EFI systems this does not work because GRUB + on MBR systems, however on EFI systems this does not work + because GRUB is installed in /EFI/BOOT/ rather than /grub/. - This patch replaces the hardcoded /grub with ${prefix} which should + This patch replaces the hardcoded /grub with ${prefix} which + should - expand to the appropriate directory regardless of the platform. It also + expand to the appropriate directory regardless of the platform. + It also - removes the loading of grub_extraenv from the secure boot variant + removes the loading of grub_extraenv from the secure boot + variant - of the GRUB config since this would not load without a signature anyway. + of the GRUB config since this would not load without a signature + anyway. footer: Change-type: patch change-type: patch @@ -4380,7 +5476,8 @@ body: > This fix has been ported from the following upstream - change: https://patchwork.yoctoproject.org/project/oe-core/patch/002c31d6add77e1002fb1ccd4050ce826a654170.1659653543.git.bruce.ashfield@gmail.com/ + change: + https://patchwork.yoctoproject.org/project/oe-core/patch/002c31d6add77e1002fb1ccd4050ce826a654170.1659653543.git.bruce.ashfield@gmail.com/ and fixes the following compilation error on generic-aarch64: @@ -4423,7 +5520,8 @@ body: > Repackage iwlwifi-cc-a0 to include all firmware versions shipped - upstream, rather than only an older version (48) that's no longer + upstream, rather than only an older version (48) that's no + longer shipped as of 20230404. footer: @@ -4452,7 +5550,8 @@ body: > Replace older versioned iwlwifi packages with - linux-firmware-iwlwifi-3160 package that includes all versions shipped + linux-firmware-iwlwifi-3160 package that includes all versions + shipped in linux-firmware. footer: @@ -4471,7 +5570,8 @@ body: > Some board BSPs may define UBOOT_MACHINE, others UBOOT_CONFIG, - let's make sure we include the extra_uEnv.txt file in the non-flasher + let's make sure we include the extra_uEnv.txt file in the + non-flasher image for both cases. footer: @@ -4699,7 +5799,8 @@ `libgcc_s.so.1 must be installed for pthread_exit to work` - which panics the kernel and triggers a reboot loop indistinguishable + which panics the kernel and triggers a reboot loop + indistinguishable from a "device has been tampered with" state on regular builds @@ -4787,7 +5888,8 @@ systems with secure boot and full-disk encryption. - If kexec fails, we don't want to continue with the rest of the boot + If kexec fails, we don't want to continue with the rest of the + boot process in the first stage kernel, so bail out on failure. footer: @@ -4908,11 +6010,14 @@ It's not an official status from container inspects, and the Supervisor - doesn't set it internally anywhere. It's better to remove it entirely as the + doesn't set it internally anywhere. It's better to + remove it entirely as the - method by which Supervisor sets internal service statuses is by using a global + method by which Supervisor sets internal service + statuses is by using a global - event emitter (reportNewStatus) which makes things difficult to test. + event emitter (reportNewStatus) which makes things + difficult to test. footer: Change-type: patch change-type: patch @@ -4995,7 +6100,8 @@ Explain that balenaOS does not take control of the TPM and that it - is possible to fill all the key slots with enough provisioning cycles. + is possible to fill all the key slots with enough provisioning + cycles. footer: Change-type: patch change-type: patch @@ -5009,13 +6115,16 @@ We have seen devices that won't change PCR1 hash when a temporary boot - order override was applied or secure boot was disabled via BIOS setup. + order override was applied or secure boot was disabled via BIOS + setup. The implementation of what PCR1 actually measures is very - device-specific, but many of the risks can be mitigated by setting up + device-specific, but many of the risks can be mitigated by + setting up - a BIOS password and disabling F-key shortcuts for interacting with + a BIOS password and disabling F-key shortcuts for interacting + with the firmware. @@ -5095,32 +6204,41 @@ Both `kernel-modules-headers` and `kernel-devsrc` provide kernel headers - since Yocto Thud switched `kernel-devsrc` from full source to just + since Yocto Thud switched `kernel-devsrc` from full source to + just kernel headers. - The only difference between them is that `kernel-modules-headers` builds + The only difference between them is that + `kernel-modules-headers` builds - some target binaries which need to be built with `make modules_prepare` + some target binaries which need to be built with `make + modules_prepare` - when using `kernel-devsrc` headers. These binaries depend on libc version + when using `kernel-devsrc` headers. These binaries depend on + libc version matching though so they have shown to be problematic. - This commit removes the `kernel-modules-headers` recipe and modifies + This commit removes the `kernel-modules-headers` recipe and + modifies - `kernel-devsrc` to replace it. The deployed artifact remains named as + `kernel-devsrc` to replace it. The deployed artifact remains + named as `kernel-modules-headers` as it's a more descriptive name. - This introduces a breaking change in the balenaOS API as customers that + This introduces a breaking change in the balenaOS API as + customers that - are using `kernel-modules-headers` to build external kernel modules will + are using `kernel-modules-headers` to build external kernel + modules will - now need to issue a `make modules_prepare` as part of their build scripts. + now need to issue a `make modules_prepare` as part of their + build scripts. Fixes #1822 @@ -5164,9 +6282,11 @@ This variable accepts the base64 encoded public key of a kernel module - signing keypair and appends it to the list of trusted keys the kernel + signing keypair and appends it to the list of trusted keys the + kernel - will use to validate signed modules. Multiple keys may be appended, + will use to validate signed modules. Multiple keys may be + appended, delimited with a semicolon. @@ -5174,7 +6294,8 @@ A PEM file can be used like so: - SIGN_KMOD_KEY_APPEND="$( sed -e '/-----BEGIN CERTIFICATE-----/d' \ + SIGN_KMOD_KEY_APPEND="$( sed -e '/-----BEGIN CERTIFICATE-----/d' + \ -e 's/-----END CERTIFICATE-----/;/g' \ -e '$d' signing_key.pem \ | tr -d '\n' )" @@ -5209,22 +6330,30 @@ The previous implementation in #2170 of parsing the container status was too general, - because it relied on the mistaken assumption that a container would have a status of + because it relied on the mistaken assumption that a + container would have a status of - `Stopped` if it was manually stopped. This turned out to be untrue, as manually stopped + `Stopped` if it was manually stopped. This turned out to + be untrue, as manually stopped - containers were also getting restarted by the Supervisor due to their inspect status of + containers were also getting restarted by the Supervisor + due to their inspect status of - `exited`. With this, parsing the exit message became unavoidable as there are no other + `exited`. With this, parsing the exit message became + unavoidable as there are no other - clear ways to discern a container that has been manually stopped and shouldn't be started + clear ways to discern a container that has been manually + stopped and shouldn't be started - from a container experiencing the Engine-host race condition issue (again, see #2170). + from a container experiencing the Engine-host race + condition issue (again, see #2170). - Since we're just parsing the exit error message, we don't need to worry about different behaviors + Since we're just parsing the exit error message, we + don't need to worry about different behaviors - amongst restart policies, as any container with the error message on exit should be started. + amongst restart policies, as any container with the + error message on exit should be started. footer: Change-type: patch change-type: patch @@ -5257,7 +6386,8 @@ Previously, `concatReadSeekCloser.Read()` would incorrectly return - an `io.ErrUnexpectedEOF` if the last read from the second concatenated + an `io.ErrUnexpectedEOF` if the last read from the + second concatenated `Reader` didn't completely fill the passed buffer. @@ -5273,60 +6403,79 @@ ``` - In this example, we have a `concatReadSeekCloser` that concatenates two + In this example, we have a `concatReadSeekCloser` that + concatenates two - `Reader`s (`aaa...` and `bbb...`). The last `Read()` used a buffer + `Reader`s (`aaa...` and `bbb...`). The last `Read()` + used a buffer - larger than the yet-to-be-read portion of the `bbb...`. So, it would + larger than the yet-to-be-read portion of the `bbb...`. + So, it would incorrectly return an `io.ErrUnexpectedEOF`. - This commit makes sure that last `Read()` returns all the remaining data + This commit makes sure that last `Read()` returns all + the remaining data without an error. It also adds various test cases for - `concatReadSeekCloser.Read()`, many of which would fail before this + `concatReadSeekCloser.Read()`, many of which would fail + before this correction. - Interestingly, this bug was silently affecting us. Not in a fatal way, + Interestingly, this bug was silently affecting us. Not + in a fatal way, - but causing deltas to be larger than necessary. Indeed, running + but causing deltas to be larger than necessary. Indeed, + running - `TestDeltaSize` after this commit shows that some test cases are + `TestDeltaSize` after this commit shows that some test + cases are - producing deltas smaller than what we expected before. For posterity, + producing deltas smaller than what we expected before. + For posterity, see all the details below. - We use `concatReadSeekCloser`s to concatenate all layers of the basis + We use `concatReadSeekCloser`s to concatenate all layers + of the basis - image when creating the "signature" of the basis image. In this process, + image when creating the "signature" of the basis image. + In this process, - the `concatReadSeekCloser`s are wrapped around by a buffered reader with + the `concatReadSeekCloser`s are wrapped around by a + buffered reader with a buffer of 65kB. - If, in any read, part of this 65kB buffer was beyond the second + If, in any read, part of this 65kB buffer was beyond the + second - concatenated reader, it would result in an `io.ErrUnexpectedEOF`. This + concatenated reader, it would result in an + `io.ErrUnexpectedEOF`. This - would not cause the whole process to fail, but would prematurely end the + would not cause the whole process to fail, but would + prematurely end the - signature generation: some of the final blocks in the basis image would + signature generation: some of the final blocks in the + basis image would - not be added to the signature. Therefore, if those blocks appeared in + not be added to the signature. Therefore, if those + blocks appeared in - the target image, they'd result in (larger) LITERAL, instead of + the target image, they'd result in (larger) LITERAL, + instead of (smaller) COPY operations. - For illustration, here's the delta generated for the `delta-006-008` + For illustration, here's the delta generated for the + `delta-006-008` test case. First before this commit: @@ -5379,7 +6528,8 @@ ``` - That 21kB LITERAL is the difference in size we saw in the test results. + That 21kB LITERAL is the difference in size we saw in + the test results. footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -5393,7 +6543,8 @@ Using `defer` for the sake of being more idiomatic (and maybe slightly - more reliable); plus, using the proper doc comment standards. + more reliable); plus, using the proper doc comment + standards. footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -5521,16 +6672,21 @@ This is necessary since the builder no longer passes the platform flag - to the build. This would lead to dockerfiles that are mixing multi and single + to the build. This would lead to dockerfiles that are + mixing multi and single - arch stages to pull the wrong architecture images, particularly when + arch stages to pull the wrong architecture images, + particularly when - trying to build images in emulated builds (e.g. armv7hf built on aarch64). + trying to build images in emulated builds (e.g. armv7hf + built on aarch64). - Moving the full build to multi-arch solves this as the docker engine is + Moving the full build to multi-arch solves this as the + docker engine is - capable of chosing the right architecture from the manifest. + capable of chosing the right architecture from the + manifest. footer: Relatest-to: balena-io/balena-builder#1010 relatest-to: balena-io/balena-builder#1010 @@ -5680,7 +6836,8 @@ This should be the default but with no explicit argument we still - end up with LUKS1 partitions. This patch adds the parameter to enforce + end up with LUKS1 partitions. This patch adds the parameter to + enforce LUKS2 formatting and adds conversion to LUKS2 to the cryptsetup @@ -6128,7 +7285,8 @@ deprecation. This allows to just remove the coffee file from the - device repository when a device is deprecated so there will be no + device repository when a device is deprecated so there will be + no more releases and no need for checks on a discontinued state. footer: @@ -6145,7 +7303,8 @@ deprecation. This allows to just remove the coffee file from the - device repository when a device is deprecated so there will be no + device repository when a device is deprecated so there will be + no more releases and no need for checks on a discontinued state. footer: @@ -6162,7 +7321,8 @@ deprecation. This allows to just remove the coffee file from the - device repository when a device is deprecated so there will be no + device repository when a device is deprecated so there will be + no more releases and no need for checks on a discontinued state. footer: @@ -6430,38 +7590,52 @@ There exists a race condition between Engine and a host resource that may not - be immediately created. In this race condition, if a container's compose config + be immediately created. In this race condition, if a + container's compose config - depends on the existence of that host resource, such as a network interface, and the + depends on the existence of that host resource, such as + a network interface, and the - Engine tries to create & start the container before the host resource is created, the + Engine tries to create & start the container before the + host resource is created, the - Engine will not reattempt to start the container, regardless of the restart policy. + Engine will not reattempt to start the container, + regardless of the restart policy. - This is undesireable behavior but seems to be the behavior as implemented by Docker. + This is undesireable behavior but seems to be the + behavior as implemented by Docker. - To rectify this, the Supervisor state funnel noops for a grace period of 1 minute + To rectify this, the Supervisor state funnel noops for a + grace period of 1 minute - after starting a container to see that the container's status has become 'running`. + after starting a container to see that the container's + status has become 'running`. - If the container exits because of the race condition, the status becomes 'exited' and the + If the container exits because of the race condition, + the status becomes 'exited' and the - Supervisor will attempt to generate another start step. This noop-wait-start step loop + Supervisor will attempt to generate another start step. + This noop-wait-start step loop will repeat until the container is able to start. - If the container is never able to start, there was a problem in the host in the creation of the + If the container is never able to start, there was a + problem in the host in the creation of the - host resource, and that should be fixed at the host level. + host resource, and that should be fixed at the host + level. - This commit does not handle the case of services with restart policies "no" or "on-failure" + This commit does not handle the case of services with + restart policies "no" or "on-failure" - which encounter this host race, as metadata from container inspects needs to be introduced + which encounter this host race, as metadata from + container inspects needs to be introduced - during step calculation in order to figure out whether services with those restart policies + during step calculation in order to figure out whether + services with those restart policies need to be started. This will be fixed in a future PR. footer: @@ -6487,7 +7661,8 @@ Removing the pull_request_target run for ESR branches fixes this, but - also removes the possibility of external pull requests into ESR branches, + also removes the possibility of external pull requests into ESR + branches, which we don't actually need. @@ -6519,7 +7694,8 @@ This patch extends secure boot documentation with more details about - how the feature works and tries to explain why some decisions were made. + how the feature works and tries to explain why some decisions + were made. footer: Change-type: patch change-type: patch @@ -6561,12 +7737,14 @@ When running in the initramfs, the resin-device-progress package is not - installed as we cannot guarantee that the initramfs would be able to + installed as we cannot guarantee that the initramfs would be + able to bring up all types of network interfaces. - This commit adds a check for the script to exists instead of getting a + This commit adds a check for the script to exists instead of + getting a `command not found` when an API endpoint is defined. footer: @@ -6586,10 +7764,12 @@ The purpose of testing the API calls is to detect breaking changes, not - to fail builds because of temporary network or API access problems. + to fail builds because of temporary network or API access + problems. - Printing a warning instead should be enough for developers to detect + Printing a warning instead should be enough for developers to + detect breaking changes. footer: @@ -6687,12 +7867,14 @@ Comply with AWS public AMI quota, taking into account we have two - architectures that publish AMI images and we need free slots for custom + architectures that publish AMI images and we need free slots for + custom version request. - Make the oldest public image back to private before publishing a new image. + Make the oldest public image back to private before publishing a + new image. footer: Change-type: patch change-type: patch @@ -6710,7 +7892,8 @@ When building signed images, add the secureBoot feature flag into the - OS contract. This is needed for other components to identify secureBoot + OS contract. This is needed for other components to identify + secureBoot compatible software releases. footer: @@ -6798,11 +7981,14 @@ Support for colon characters was added v14.6.0 which enabled - configurations for HDMI port 2 (e.g on the RPi 4). These configurations + configurations for HDMI port 2 (e.g on the RPi 4). These + configurations - are not documented anywhere else so this allows users to be able to + are not documented anywhere else so this allows users to + be able to - better find the relevant information for working with HDMI. + better find the relevant information for working with + HDMI. footer: Change-type: patch change-type: patch @@ -6903,9 +8089,11 @@ the setup mode flag after a new PK is installed. In this case - flasher will reboot in order to ensure the keys are actually saved + flasher will reboot in order to ensure the keys are actually + saved - and the device comes back with secure boot enabled. Since we changed + and the device comes back with secure boot enabled. Since we + changed flasher to be unsigned by default, this reboot causes a security @@ -6914,7 +8102,8 @@ With this patch flasher will add a new boot entry before issuing - the reboot so that signed flasher comes up and the installation process + the reboot so that signed flasher comes up and the installation + process can continue. footer: @@ -6931,14 +8120,17 @@ Currently the db.auth file is signed as "append" in order to make HUP work. - Most UEFI firmwares will accept such file even for "replace", which we do + Most UEFI firmwares will accept such file even for "replace", + which we do - during the initial provisioning, however we have seen devices that will + during the initial provisioning, however we have seen devices + that will only allow appending, which makes flasher fail. - With this patch flasher will use the esl file for initial programming + With this patch flasher will use the esl file for initial + programming of the db variable. @@ -7086,11 +8278,14 @@ for about 17 minutes (for details see commit - 582487f832c59c2f734a780ab0492833f29002c9). This worked fine in most + 582487f832c59c2f734a780ab0492833f29002c9). This worked + fine in most - situations, but we have seen at least one case of a particularly + situations, but we have seen at least one case of a + particularly - unreliable network connection that would not be able to finish a large + unreliable network connection that would not be able to + finish a large pull when operating under this policy. @@ -7098,17 +8293,20 @@ This commit: - * Completely removes timeouts from image pulls. We'll keep retrying + * Completely removes timeouts from image pulls. We'll + keep retrying forever, or until users cancel the pull. (From the perspective of the REST API, "canceling" mean closing the HTTP connection. This is what happens when a user Ctrl+C during a pull in the CLI, or, say, we kill a curl process that was using the REST API to pull image.) - * Still uses exponential back-off, but we now limit the interval between + * Still uses exponential back-off, but we now limit the + interval between retries to 5 minutes. The rationale is that some very unreliable networks may be up only for relatively small time windows. Therefore, using intervals that are too long would increase the risk of missing these windows. - * Tries to avoid flooding the log stream with messages about retries. + * Tries to avoid flooding the log stream with messages + about retries. We'll log every retry attempt up to the 10th. After that, we'll log retries only once about every 2h. This retry count is reset every time we successfully download any amount of data. @@ -7288,11 +8486,14 @@ the flasher image to force an installer migration. - With the current QEMU setting, `installerForceMigration` alone is not + With the current QEMU setting, `installerForceMigration` + alone is not - enough and the QEMU_INTERNAL_STORAGE also needs to be set to false in + enough and the QEMU_INTERNAL_STORAGE also needs to be + set to false in - the worker's environment so only a single external disk is attached to + the worker's environment so only a single external disk + is attached to the emulator. footer: @@ -7377,7 +8578,8 @@ Whether the internal disk is attached or not will be defined by the - environment. This allows to test the migrator that requires booting only + environment. This allows to test the migrator that + requires booting only the external disk. footer: @@ -7422,25 +8624,33 @@ After a recent change enforcing all the partitions to be on the same - block device, encrypted partitions are no longer being detected + block device, encrypted partitions are no longer being + detected - correctly. This is because the assumption that the parent block device + correctly. This is because the assumption that the + parent block device - is a substring of the actually mounted block device does not work + is a substring of the actually mounted block device does + not work - for LUKS devices - the mount will either be /dev/mapper/luks-XXX + for LUKS devices - the mount will either be + /dev/mapper/luks-XXX - or /dev/dm-X while the parent device is still e.g. /dev/sda. + or /dev/dm-X while the parent device is still e.g. + /dev/sda. - The usual balenaOS boot partition is also split in two - boot and efi. + The usual balenaOS boot partition is also split in two - + boot and efi. - The boot partition (mounted under /mnt/boot) is encrypted and the efi + The boot partition (mounted under /mnt/boot) is + encrypted and the efi partition (mounted under /mnt/efi) is not. - This patch generalizes the detection of the parent device so that + This patch generalizes the detection of the parent + device so that it works with both encrypted and unencrypted partitions. footer: @@ -7460,14 +8670,17 @@ The docker compose V2 spec no longer accepts `network_mode: bridge`, - which means we can no longer override the network configuration of + which means we can no longer override the network + configuration of the `balena-supervisor` service for tests. - For this reason we now create a separate service to run the built + For this reason we now create a separate service to run + the built - supervisor `balena-supervisor-sut` and run API tests against this + supervisor `balena-supervisor-sut` and run API tests + against this service instead of the default `balena-supervisor`. footer: @@ -7500,7 +8713,8 @@ Both the migrator and secureboot tests assumed they were creating an - installer config.json section. Modify the code so both settings are + installer config.json section. Modify the code so both settings + are included. footer: @@ -7579,13 +8793,17 @@ This patch adds a wait4file loop to the script that waits - for the /dev/disk/by-state directory. This is not tied to any particular + for the /dev/disk/by-state directory. This is not tied to any + particular - partition or device but since the directory does not exist by default + partition or device but since the directory does not exist by + default - and is only created by a custom balenaOS udev rule, its existence + and is only created by a custom balenaOS udev rule, its + existence - implies that the rule fired and a device with balenaOS partitions + implies that the rule fired and a device with balenaOS + partitions is present in the system. footer: @@ -7651,14 +8869,17 @@ A bug in service comparison would make it that a device already running - a service from a new release with network changes would never stop the + a service from a new release with network changes would + never stop the - running service so remaining services would forever get stuck in + running service so remaining services would forever get + stuck in `Downloaded` state. - This fixes the comparison so the service will get killed in this case, + This fixes the comparison so the service will get killed + in this case, particularly allowing devices to recover from #1576 footer: @@ -7672,11 +8893,14 @@ Devices affected by the bug described in 1576, are also stuck with some - services in the `Downloaded` state, because the state engine does not + services in the `Downloaded` state, because the state + engine does not - detect that the running services should be killed on a network change + detect that the running services should be killed on a + network change - even if they belong to a new release. This is a bug, which can be + even if they belong to a new release. This is a bug, + which can be replicated by the tests in this commit footer: @@ -7690,9 +8914,11 @@ Previous behavior would make it that an `updateMetadata` step would take - precedence over a `kill` step when network changes are present. This + precedence over a `kill` step when network changes are + present. This - would lead to an inconsistent state if an update included a + would lead to an inconsistent state if an update + included a network and a container change. footer: @@ -7716,10 +8942,12 @@ These tests use the supervisor API to check that applying a target state - allows the device to eventually get to the desired target configuration. + allows the device to eventually get to the desired + target configuration. - This are high-level tests that work with real images and containers + This are high-level tests that work with real images and + containers using dind. footer: @@ -7733,11 +8961,14 @@ The supervisor allows the target image to be an image without a - registry (e.g. `alpine:latest`), while this really only happens while in + registry (e.g. `alpine:latest`), while this really only + happens while in - local mode, we don't want to pass credentials to the default registry as + local mode, we don't want to pass credentials to the + default registry as - those credentials are meant for balena registry and will otherwise fail. + those credentials are meant for balena registry and will + otherwise fail. footer: Change-type: patch change-type: patch @@ -7768,7 +8999,8 @@ A safe copy would only work for files that are read by fatrw also and that is - not the case for boot files. Still, some file like `config.json` would + not the case for boot files. Still, some file like `config.json` + would benefit from a safe copy so we still try that first. @@ -7787,14 +9019,17 @@ If a safe copy is preferred but non-critical, the unsafe fatrw command - can be used and if fatrw does not have enough resources to make a safe + can be used and if fatrw does not have enough resources to make + a safe copy it will fallback to a standard cp. - This is useful when performing hostOS updates for example where a safe + This is useful when performing hostOS updates for example where + a safe - copy would only work for files that are read by fatrw also and that is + copy would only work for files that are read by fatrw also and + that is not the case for boot files for example. footer: @@ -7927,7 +9162,8 @@ https://github.com/moby/libnetwork/pull/1805 - This patch is meant to avoid cases in which libnetwork internal state + This patch is meant to avoid cases in which libnetwork + internal state gets inconsistent in case of crashes. footer: @@ -8054,7 +9290,8 @@ Target volatile doesn't make sense now that we can use the - current state as a target. It wasn't actually being used for anything + current state as a target. It wasn't actually being used + for anything anymore apparently footer: @@ -8071,7 +9308,8 @@ from the rest of the code. - The function `applyIntermediateTarget` will now call `pausingApply` + The function `applyIntermediateTarget` will now call + `pausingApply` before applying the target @@ -8091,12 +9329,14 @@ engine. - - doPurge first removes the user app from the target state and passes + - doPurge first removes the user app from the target + state and passes that to the state engine for purging. Since intermediate state doesn't remove images, this will have the effect of basically re-installing the app. - - doRestart modifies the target state by first removing only the + - doRestart modifies the target state by first removing + only the services from the current state but keeping volumes and networks. This has the same effect as before where services were stopped one by one footer: @@ -8110,7 +9350,8 @@ Local mode uses a numeric `appUuid` which was messing up parsing the - network name. This fixes this issue so the current state can be used + network name. This fixes this issue so the current state + can be used as a target state footer: @@ -8124,12 +9365,15 @@ The Service class in `compose/service.ts` cannot get the image name - from the image id when building the object from the container metadata. + from the image id when building the object from the + container metadata. - We query the metadata in the application manager getCurrentApps method + We query the metadata in the application manager + getCurrentApps method - so the current state can be used as target by API methods + so the current state can be used as target by API + methods footer: Change-type: patch change-type: patch @@ -8141,7 +9385,8 @@ Network aliases are now compared checking that the target state is a - subset of the current state. This will prevent service restarts due to + subset of the current state. This will prevent service + restarts due to additional aliases created by docker in the container. footer: @@ -8157,12 +9402,15 @@ When getting the service from the docker container, remove the - containerId from the list of aliases (which gets added by docker). This + containerId from the list of aliases (which gets added + by docker). This - will make it easier to use the current service state as a target. + will make it easier to use the current service state as + a target. - This will help us remove the `safeStateClone` function in the API in a + This will help us remove the `safeStateClone` function + in the API in a future commit footer: @@ -8176,7 +9424,8 @@ This replaces the previous flag `isApplyingIntermediate` on application - manager and simplifies the interface of the state engine to make temporary changes to the + manager and simplifies the interface of the state engine + to make temporary changes to the general app state. footer: @@ -8190,21 +9439,26 @@ There were multiple places in the state engine that skipped some - operations while in local mode. In reality, all it's needed while in + operations while in local mode. In reality, all it's + needed while in local mode is to skip image and volume deletion. - This commit simplifies application-manager and compose app to be more + This commit simplifies application-manager and compose + app to be more - local mode agnostic and instead making the image deletion and volume + local mode agnostic and instead making the image + deletion and volume deletion configurable via function arguments. - This also has the benefit to make the treatment of local mode + This also has the benefit to make the treatment of local + mode - applications more similar to cloud mode applications, allowing for + applications more similar to cloud mode applications, + allowing for API endpoints to function the same way both modes. footer: @@ -8249,13 +9503,16 @@ When parsing additional variables to be passed to the bitbake build, - keys and values are split using equals as a delimiter. However, the + keys and values are split using equals as a delimiter. However, + the - splitting process does not split only on the first occurrence, which + splitting process does not split only on the first occurrence, + which results in removing equals signs from the value as well. This is - problematic with base64 encoded strings, which are padded with equals + problematic with base64 encoded strings, which are padded with + equals signs. @@ -8300,11 +9557,14 @@ The OS since v2.82.6 will monitor changes to config.json and restart - the relevant services to apply the changes. There is no need to trigger + the relevant services to apply the changes. There is no + need to trigger - restart of the services via the supervisor. Users on older OS versions + restart of the services via the supervisor. Users on + older OS versions - will need to update their OS or restart the services manually as OS + will need to update their OS or restart the services + manually as OS loses support after 2y. footer: @@ -8324,7 +9584,8 @@ We don't need this anonymous volume as /data is bind mounted into - the container from host (legacy), and will soon be mounted by the + the container from host (legacy), and will soon be + mounted by the Supervisor itself on startup. footer: @@ -8379,7 +9640,8 @@ In order to use hashes we can not use UEFI time-based authentication - for updates as this would prevent rollbacks. Instead we ship appendable + for updates as this would prevent rollbacks. Instead we ship + appendable updates for both db and dbx that HUP can use. footer: @@ -8395,18 +9657,23 @@ This patch changes the validation of bootable images from certificate - signatures to a list of allowed hashes of binaries. This only applies + signatures to a list of allowed hashes of binaries. This only + applies on db level, PK and KEK are still certificates. - The motivation is that certificates expire and we need to be sure + The motivation is that certificates expire and we need to be + sure - that even devices that have been lying on a shelf for several years + that even devices that have been lying on a shelf for several + years - or whose CMOS battery has died and reset date to 1970-01-01 are still + or whose CMOS battery has died and reset date to 1970-01-01 are + still - bootable. Using hashes is more aligned with this use-case and also + bootable. Using hashes is more aligned with this use-case and + also more similar to the approach that embedded SoCs use. footer: @@ -8438,18 +9705,22 @@ Shipping a single image with signature checks enabled will enforce - the signatures on non-secure-boot systems as well. GRUB does not have + the signatures on non-secure-boot systems as well. GRUB does not + have - a simple method to check whether secure boot is enabled that could + a simple method to check whether secure boot is enabled that + could be embedded with the default built-in config. With this patch we build two separate images - one enforcing - the signatures and the other one not, keeping the original behavior. + the signatures and the other one not, keeping the original + behavior. - HUP and flasher both can detect if secure boot is enabled so they + HUP and flasher both can detect if secure boot is enabled so + they put the correct image in place when installing/updating GRUB. footer: @@ -8495,9 +9766,11 @@ The installer is to copy configuration files into the boot partition on - the installer disk - searching by label needs to be restriced to the + the installer disk - searching by label needs to be restriced to + the - booting disk to avoid clashes if there are other disks with matching + booting disk to avoid clashes if there are other disks with + matching labels present. footer: @@ -8523,7 +9796,8 @@ Search for the installation disk on the same device the system is being - installed on. This avoids problems when there are more than one disk + installed on. This avoids problems when there are more than one + disk with balena/resin labelling. footer: @@ -8539,7 +9813,8 @@ The internal target device to program is not always the device the system - is booting from. Make sure the `flash-boot` partition search is done + is booting from. Make sure the `flash-boot` partition search is + done on the booting device. footer: @@ -8629,14 +9904,18 @@ rejections](https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md#throw-on-unhandled-rejections---33021) from a warning to a throw. - For this reason errors like a corrupt migration directory, that happens when trying to + For this reason errors like a corrupt migration + directory, that happens when trying to - roll back to a previous supervisor version were no longer showing a + roll back to a previous supervisor version were no + longer showing a - message but dumping the full minimized code into the journal logs. + message but dumping the full minimized code into the + journal logs. - This PR adds a catchall on app.ts to log the exception and throw an exit + This PR adds a catchall on app.ts to log the exception + and throw an exit code of 1. footer: @@ -8654,9 +9933,11 @@ From: https://github.com/balena-os/balena-supervisor/pull/2153/commits/c0b4fafe842115933b1da9b4d68e601a19c3e4eb - Restart-service checks that both services have restarted in its test assertion, which is + Restart-service checks that both services have restarted + in its test assertion, which is - incorrect as restart-service should only restart one service. + incorrect as restart-service should only restart one + service. footer: Change-type: patch change-type: patch @@ -8883,24 +10164,32 @@ As the Supervisor is a privileged container, it has access to host /dev, and therefore has access - to boot, data, and state balenaOS partitions. This commit sets up the framework for the following: + to boot, data, and state balenaOS partitions. This + commit sets up the framework for the following: - - Finds the /dev partition that corresponds to each partition based on partition label + - Finds the /dev partition that corresponds to each + partition based on partition label - - Mounts the partitions into set mountpoints in the device + - Mounts the partitions into set mountpoints in the + device - - Removes reliance on env vars and mountpoints provided by host's start-balena-supervisor script + - Removes reliance on env vars and mountpoints provided + by host's start-balena-supervisor script - - Simplifies host path querying by centralizing these queries through methods in lib/host-utils.ts + - Simplifies host path querying by centralizing these + queries through methods in lib/host-utils.ts - This particular changes env vars for and mounts the boot partition. + This particular changes env vars for and mounts the boot + partition. - Since the Supervisor would no longer rely on container `run` arguments provided by a host script, + Since the Supervisor would no longer rely on container + `run` arguments provided by a host script, - this change moves Supervisor closer to being able to start itself (Supervisor-as-an-app). + this change moves Supervisor closer to being able to + start itself (Supervisor-as-an-app). footer: Change-type: minor change-type: minor @@ -8943,11 +10232,14 @@ Notable improvements these new versions bring: - * Optimized code path for generating deltas with blocks that are + * Optimized code path for generating deltas with blocks + that are power-of-two-sized. - * Avoid allocating unbounded amounts of memory when the target differs + * Avoid allocating unbounded amounts of memory when the + target differs completely from the source. - * Several bugfixes in edge cases that shall not affect balenaEngine. + * Several bugfixes in edge cases that shall not affect + balenaEngine. footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -9087,14 +10379,17 @@ --tpmstate argument - If the same state directory/files are used for multiple installations, + If the same state directory/files are used for multiple + installations, - the available space can be filled, and the installer will fail with the + the available space can be filled, and the installer + will fail with the error "insufficient space for NV allocation". - Move swtpm state to tmpfs to create new state files every run. + Move swtpm state to tmpfs to create new state files + every run. footer: Change-type: patch change-type: patch @@ -9176,12 +10471,14 @@ Setting `LimitCORE=0` will avoid the creation of core dump files on - containers. This will avoid cases in which a crashlooping user app ends + containers. This will avoid cases in which a crashlooping user + app ends up filling up the entire storage with dump files. - Users can re-enable core dumps in their services by manually setting the + Users can re-enable core dumps in their services by manually + setting the `ulimits.core`. For example: @@ -9217,7 +10514,8 @@ https://github.com/moby/moby/commit/d16737f971092767c1b9d28302a3f5aedbe2f576 - And also is recommended by systemd: https://systemd.io/CGROUP_DELEGATION/ + And also is recommended by systemd: + https://systemd.io/CGROUP_DELEGATION/ footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -9267,16 +10565,20 @@ The original delta code on the `xfer` package used to set `d.err` when - an unexpected EOF was found in the delta tar stream. Turns out `d.err` + an unexpected EOF was found in the delta tar stream. + Turns out `d.err` - would end up being overwritten before it was read, so that initial + would end up being overwritten before it was read, so + that initial assignment was effectively a no-op. - This commit simplifies the code a little bit by removing this bogus + This commit simplifies the code a little bit by removing + this bogus - assignment and also improves the error reporting a notch by adding more + assignment and also improves the error reporting a notch + by adding more context to the error messages. footer: @@ -9292,7 +10594,8 @@ This factors out portions of the `xfer` package, so that we can - reuse this functionality between `balena pull` and `balena load`. There + reuse this functionality between `balena pull` and + `balena load`. There was a good deal of duplication. footer: @@ -9308,31 +10611,39 @@ This factors out portions of the `distribution` package, so that we can - reuse this functionality between `balena pull` and `balena load`. There + reuse this functionality between `balena pull` and + `balena load`. There was a good deal of duplication. - This piece of code is tricky to factor out into a separate function. + This piece of code is tricky to factor out into a + separate function. Basically we had two options: - 1. Create a completely reusable, DRY function that encapsulates all the + 1. Create a completely reusable, DRY function that + encapsulates all the duplicate code. Sounds nice until you noticed that would be a horrendous function with 5 return values and overly obscure semantics. - 2. We create a small set of functions with clearer interfaces and + 2. We create a small set of functions with clearer + interfaces and semantics, but which will still lead to some code duplication between the `pull` and `load` implementations. - I opted for the second alternative because the resulting code is much + I opted for the second alternative because the resulting + code is much - easier to understand and maintain. Also, the remaining duplication is + easier to understand and maintain. Also, the remaining + duplication is - mostly dumb, integration and error handling code that almost writes + mostly dumb, integration and error handling code that + almost writes - itself as we call the new reusable functions -- so, this is sort of a + itself as we call the new reusable functions -- so, this + is sort of a benign duplication. footer: @@ -9378,7 +10689,8 @@ 00e389e5f559dd10e49cfa411784b89498c3c0eb. - Images generated using this dockerfile still don't have the right + Images generated using this dockerfile still don't have + the right architecture. More testing is needed footer: @@ -9469,16 +10781,21 @@ This is necessary since the builder no longer passes the platform flag - to the build. This would lead to dockerfiles that are mixing multi and single + to the build. This would lead to dockerfiles that are + mixing multi and single - arch stages to pull the wrong architecture images, particularly when + arch stages to pull the wrong architecture images, + particularly when - trying to build images in emulated builds (e.g. armv7hf built on aarch64). + trying to build images in emulated builds (e.g. armv7hf + built on aarch64). - Moving the full build to multi-arch solves this as the docker engine is + Moving the full build to multi-arch solves this as the + docker engine is - capable of chosing the right architecture from the manifest. + capable of chosing the right architecture from the + manifest. footer: Relatest-to: balena-io/balena-builder#1010 relatest-to: balena-io/balena-builder#1010 @@ -9537,7 +10854,8 @@ There were various usages of Bash-specific features. As a result, the - script would work correctly only on OSes that have `sh` as an alias to + script would work correctly only on OSes that have `sh` + as an alias to `bash`. It would fail on Ubuntu, for example. footer: @@ -9553,9 +10871,11 @@ A couple of changes here: - * Check for sudo necessity and availability before doing any real work. + * Check for sudo necessity and availability before doing + any real work. Better to warn and exit quick and early! - * Remove the support for using `su`. It was broken for two reasons. + * Remove the support for using `su`. It was broken for + two reasons. First, unlike `sudo`, `su -c` expects the command as a single argument. Second, `su`, unlike `sudo`, reads the password from stdin which in this case "contains" the tarball being downloaded. The second @@ -9576,9 +10896,11 @@ A couple of changes here: - * Check for missing dependencies before doing any real work. Better to + * Check for missing dependencies before doing any real + work. Better to warn and exit quick and early! - * Fix the actual check. We previously used `[ $abort ] && exit 1` which + * Fix the actual check. We previously used `[ $abort ] + && exit 1` which caused the script to always exit (`abort` is never empty). footer: Signed-off-by: Leandro Motta Barros @@ -9669,7 +10991,8 @@ Added an `Asserting` suffix to all functions that internally call - `assert.*()`. This makes clearer what is really going on at the point of + `assert.*()`. This makes clearer what is really going on + at the point of call, without needing to look under the hood. footer: @@ -9695,7 +11018,8 @@ Most notably, on the "delta root" feature, which is important for HUPs, - not very well-known and not documented anywhere else I know. + not very well-known and not documented anywhere else I + know. footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -9723,7 +11047,8 @@ We apparently have broken this during the 20.10 merge. Not setting the - delta image store breaks delta-based balenaOS updates (HUPs). + delta image store breaks delta-based balenaOS updates + (HUPs). footer: Signed-off-by: Leandro Motta Barros signed-off-by: Leandro Motta Barros @@ -9808,9 +11133,11 @@ https://github.com/containerd/console/pull/10/commits/c358734ec94e72903243bd1c9034874a1de09424 - This fix is present in balena engine since v17.13.5, which has been in + This fix is present in balena engine since v17.13.5, which has + been in - use since commit 53ce147. Drop this patch from meta-balena-dunfell and + use since commit 53ce147. Drop this patch from + meta-balena-dunfell and later. footer: @@ -9826,9 +11153,11 @@ Plymouth services are modified in the installation directory with balena - specific customizations using patches. This increases the manual intervention necessary + specific customizations using patches. This increases the manual + intervention necessary - when adding support for a new version of this package or Yocto. Replace + when adding support for a new version of this package or Yocto. + Replace the patches with equivalent drop-in configs. footer: @@ -9844,9 +11173,11 @@ We disable systemd-getty-generator to allow explicit control over when - we setup getty to create consoles. Previously, this was done using a + we setup getty to create consoles. Previously, this was done + using a - patch to systemd, removing this generator. Mask this instead so we can + patch to systemd, removing this generator. Mask this instead so + we can consolidate this configuration in meta-balena-common. footer: @@ -9862,11 +11193,14 @@ Certain services, such as getty@.service, and systemd-logind.service are - disabled when running in a container using a patch to the source files. + disabled when running in a container using a patch to the source + files. - This increases the manual intervention necessary when adding support for + This increases the manual intervention necessary when adding + support for - a new version of systemd. Replace the patch with drop-in configs. + a new version of systemd. Replace the patch with drop-in + configs. footer: Change-type: patch change-type: patch @@ -9943,9 +11277,11 @@ The unsafe-perm config option has been dropped in npm 9, trying to set it - ends with an error and therefore fails the build. With this patch + ends with an error and therefore fails the build. With this + patch - the build script parses the major version from `npm --version` and only + the build script parses the major version from `npm --version` + and only sets unsafe-perm on npm 8 and older. footer: @@ -10075,21 +11411,27 @@ Some incoming tests require QEMU to exit, simulating a device powering - off, before starting QEMU again. This is used to "reflash" a virtualized + off, before starting QEMU again. This is used to + "reflash" a virtualized - device before continuing with testing, for instance after tampering with + device before continuing with testing, for instance + after tampering with - boot files on a secure boot enabled device to verify secure boot checks. + boot files on a secure boot enabled device to verify + secure boot checks. - However, swtpm will exit when QEMU disconnects. The `--exit-code-from` + However, swtpm will exit when QEMU disconnects. The + `--exit-code-from` - compose argument implies `--abort-on-container-exit`, so this results + compose argument implies `--abort-on-container-exit`, so + this results in the test run aborting prematurely. - Adapt the entrypoint and command of the swtpm container to always + Adapt the entrypoint and command of the swtpm container + to always restart the program without exiting the container. footer: @@ -10157,9 +11499,11 @@ Disable ad-hoc unwrapping in the HUP test suite in favor of utilizing - the QEMU worker's new ability to bind a disk image to an emulated + the QEMU worker's new ability to bind a disk image to an + emulated - external USB mass storage device. This runs the flasher in QEMU, and + external USB mass storage device. This runs the flasher in QEMU, + and installs to emulated internal storage. footer: @@ -10193,11 +11537,14 @@ It should be safe to assume that boards now use newer u-boot versions - that all have Kconfig support so we default to that. This allows for + that all have Kconfig support so we default to that. This allows + for - device repos not to specify it and use Kconfig support or if for some + device repos not to specify it and use Kconfig support or if for + some - reason there are boards with old u-boot versions they can overwrite the + reason there are boards with old u-boot versions they can + overwrite the UBOOT_KCONFIG_SUPPORT variable to 0. footer: @@ -10248,7 +11595,8 @@ be overwritten in append files. - This change is an extension of https://github.com/balena-os/meta-balena/commit/a3c276a1058d05e66991871bf167079fc2824843 + This change is an extension of + https://github.com/balena-os/meta-balena/commit/a3c276a1058d05e66991871bf167079fc2824843 footer: Change-type: patch change-type: patch @@ -10267,11 +11615,14 @@ Because we use this patch with various u-boot versions it often happens that this patch - does not apply so we then need to rework it in the device integration layer. Instead it + does not apply so we then need to rework it in the device + integration layer. Instead it - would be better to have some code at configure time parsing the same file and inserting + would be better to have some code at configure time parsing the + same file and inserting - the balena env dynamically, so regardless of u-boot versions we use. + the balena env dynamically, so regardless of u-boot versions we + use. footer: Change-type: patch change-type: patch @@ -10299,18 +11650,23 @@ Preloaded devices can require that the device is pinned to the preloaded - release on provisioning. However if the provisioned release gets + release on provisioning. However if the provisioned + release gets - released in the future, that would lead to the device remaining in "VPN + released in the future, that would lead to the device + remaining in "VPN - only" state forever as the provisioning process could not finish due to + only" state forever as the provisioning process could + not finish due to pinning failure. - This commit changes the behavior so if the release does not exist, the + This commit changes the behavior so if the release does + not exist, the - pinning step is skipped and the device follows the fleet pinning state. + pinning step is skipped and the device follows the fleet + pinning state. footer: Closes: "#2133" closes: "#2133" @@ -10328,16 +11684,21 @@ This is necessary since the builder no longer passes the platform flag - to the build. This would lead to dockerfiles that are mixing multi and single + to the build. This would lead to dockerfiles that are + mixing multi and single - arch stages to pull the wrong architecture images, particularly when + arch stages to pull the wrong architecture images, + particularly when - trying to build images in emulated builds (e.g. armv7hf built on aarch64). + trying to build images in emulated builds (e.g. armv7hf + built on aarch64). - Moving the full build to single-arch solves this as the docker engine is + Moving the full build to single-arch solves this as the + docker engine is - capable of chosing the right architecture from the manifest. Once some + capable of chosing the right architecture from the + manifest. Once some of the builder issues are fixed, we should move to #2141 footer: @@ -10357,13 +11718,17 @@ The issue with the original Supervisor implementation of the firewall is that - on Supervisor start, the Supervisor flushes the INPUT chain of the filter table. + on Supervisor start, the Supervisor flushes the INPUT + chain of the filter table. - This doesn't play well with services that add to the INPUT chain on startup that + This doesn't play well with services that add to the + INPUT chain on startup that - may start up before the Supervisor, such as certain NetworkManager connection + may start up before the Supervisor, such as certain + NetworkManager connection - profiles. This change only replaces the BALENA-FIREWALL rule in the INPUT chain, + profiles. This change only replaces the BALENA-FIREWALL + rule in the INPUT chain, preserving the other rules as well as their order. footer: @@ -10429,9 +11794,11 @@ In the Internet connection sharing test one of the checks may run - into a racing problem. The following command is holding the iptables + into a racing problem. The following command is holding the + iptables - lock for 3 seconds while NetworkManager activates a connection with + lock for 3 seconds while NetworkManager activates a connection + with sharing enabled: @@ -10439,20 +11806,25 @@ `flock /run/xtables.lock sleep 3 & nmcli c up dummy & wait` - NetworkManager waits for 2 seconds for the lock to be released and + NetworkManager waits for 2 seconds for the lock to be released + and - those three seconds should be enough for one of the iptables rules + those three seconds should be enough for one of the iptables + rules - to fail. However there is no guarantee that NetworkManager will start + to fail. However there is no guarantee that NetworkManager will + start - adding the iptables rules that quickly - it may start adding those + adding the iptables rules that quickly - it may start adding + those after one out of those three seconds already passed, which will lead to all iptables rules to be set at the end. - This check is non-essential for the test itself, so it is removed with + This check is non-essential for the test itself, so it is + removed with this commit. footer: @@ -10472,9 +11844,11 @@ At this moment, when module signing is enabled, the peak module is signed - but do_install ignores the signed variant and installs the original + but do_install ignores the signed variant and installs the + original - unsigned file. With this patch do_install installs the signed file + unsigned file. With this patch do_install installs the signed + file if available. footer: @@ -10506,21 +11880,26 @@ Previously, we bailed out of the installer when the system was in user - mode (keys enrolled) but the user had not opted in to secure boot, as it + mode (keys enrolled) but the user had not opted in to secure + boot, as it was ambiguous whether the user actually wanted SB/FDE. - However, some systems come with vendor keys pre-enrolled, and a user may + However, some systems come with vendor keys pre-enrolled, and a + user may - simply turn off secure boot in the firmware setup menu without erasing + simply turn off secure boot in the firmware setup menu without + erasing - the keys. This would result in the installer bailing out even though + the keys. This would result in the installer bailing out even + though secure boot is disabled in the firmware menu. - Check that secure boot is enabled in addition to having keys enrolled + Check that secure boot is enabled in addition to having keys + enrolled before bailing out. footer: @@ -10552,16 +11931,20 @@ https://github.com/balena-os/meta-balena/pull/2963 - A racing condition between balenaEngine and NetworkManager led to some Internet + A racing condition between balenaEngine and NetworkManager led + to some Internet - connection sharing iptables rules not being applied when NM connection profile + connection sharing iptables rules not being applied when NM + connection profile with Internet sharing was activated at boot. - This test checks whether all necessary iptables rules are added by artificially + This test checks whether all necessary iptables rules are added + by artificially - blocking iptables for 1 second and then for 3 seconds while a connection + blocking iptables for 1 second and then for 3 seconds while a + connection profile with Internet sharing is activated. footer: @@ -10614,13 +11997,16 @@ do_resin_boot_dirgen_and_deploy needs all the partial files deployed - when it runs as it will be copying them to the actual boot partition. + when it runs as it will be copying them to the actual boot + partition. There is a race condition between it and grub_conf:do_deploy, - we have seen builds fail when grub_conf:do_deploy does not execute + we have seen builds fail when grub_conf:do_deploy does not + execute - in time. This patch adds an explicit dependency to avoid such situation. + in time. This patch adds an explicit dependency to avoid such + situation. footer: Change-type: patch change-type: patch @@ -10637,17 +12023,22 @@ body: > We have added DER certificates because it is the only format - that QEMU/TianoCore accepts in UEFI setup. Since we made setup mode + that QEMU/TianoCore accepts in UEFI setup. Since we made setup + mode - work properly, there is no need to program the QEMU keys manually + work properly, there is no need to program the QEMU keys + manually - and therefore there is no reason to pollute the boot partition with + and therefore there is no reason to pollute the boot partition + with the DER files. If indeed necessary, they can always be extracted - from the ESL, which is still shipped. Shipping the DER files is also + from the ESL, which is still shipped. Shipping the DER files is + also - not possible when db uses hashes instead of certificates, which we + not possible when db uses hashes instead of certificates, which + we want to move towards. footer: @@ -10667,7 +12058,8 @@ This allows to transition from unmanaged to managed by just writing - a config.json file, like it's the case with AWS cloud configuration. + a config.json file, like it's the case with AWS cloud + configuration. footer: Change-type: patch change-type: patch @@ -10687,7 +12079,8 @@ that this is about balenaEngine makes it simpler to grep for - Engine-related portions of balenaOS. Might also help a tad bit when + Engine-related portions of balenaOS. Might also help a tad bit + when looking at logs. footer: @@ -10732,7 +12125,8 @@ The `du` utility has the same output format for single or several files, - while the `wc` utility doesn't and does not display a total for single + while the `wc` utility doesn't and does not display a total for + single files. footer: @@ -10766,9 +12160,11 @@ finish the flashing with a reboot instead of a shutdown. - This is possible as the initramfs does not currently have a shutdown + This is possible as the initramfs does not currently have a + shutdown - command and avoids the complexity of having to detect whether we are + command and avoids the complexity of having to detect whether we + are running from initramfs or not. footer: @@ -10795,7 +12191,8 @@ This module allows to program the internal storage from initramfs hence - making it possible to migrate an existing OS by booting from the same + making it possible to migrate an existing OS by booting from the + same disk. footer: @@ -10835,7 +12232,8 @@ The migrate module needs to umount the rootfs, so by moving the mountpoint - moving into the migrate module it's only done when not migrating. + moving into the migrate module it's only done when not + migrating. footer: Change-type: patch change-type: patch @@ -10852,12 +12250,14 @@ not boot into the OS but launch adbd. - A connection can then be established via the network (if a DHCP address + A connection can then be established via the network (if a DHCP + address is provided) or using a USB gadget connection. - For a network connection, the client needs to install `adb` and run: + For a network connection, the client needs to install `adb` and + run: ``` @@ -10926,7 +12326,8 @@ characters with a `*`. - [1] https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet + [1] + https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet [skip ci] @@ -10956,9 +12357,11 @@ There is nothing in `balena-config-vars` itself that needs `fatrw`, so - change it so scripts don't exit if it is not available. For example, + change it so scripts don't exit if it is not available. For + example, - `balena-config-vars` gets used in the initramfs but `fatrw` is not + `balena-config-vars` gets used in the initramfs but `fatrw` is + not required (and it is quite heavy). footer: @@ -10976,7 +12379,8 @@ balena-config scripts and not unit configuration dependencies. - This allows to include only the balena-config scripts in the initramfs. + This allows to include only the balena-config scripts in the + initramfs. footer: Change-type: patch change-type: patch @@ -10993,7 +12397,8 @@ the images size significantly. - This commit introduces a `raid` machine feature that device types need + This commit introduces a `raid` machine feature that device + types need to define if RAID support is required. footer: @@ -11011,7 +12416,8 @@ will also be used from the initramfs, move the dependency to - packagegroup-resin so that resin-device-progress is still included in + packagegroup-resin so that resin-device-progress is still + included in the flasher image. footer: @@ -11031,9 +12437,11 @@ flasher is not running from initramfs. - These dependencies are already part of the corresponding packagegroups, + These dependencies are already part of the corresponding + packagegroups, - so listing them here is redundant and wrong as it increases the size of + so listing them here is redundant and wrong as it increases the + size of the initramfs with no reason. footer: @@ -11084,7 +12492,8 @@ it is only used in the installer script. - Also, make the resin-init-flasher script check for it's existance before using + Also, make the resin-init-flasher script check for it's + existance before using it. footer: @@ -11103,7 +12512,8 @@ in disk encryption). - Adding a loop that waits for the links to be available adds robustness + Adding a loop that waits for the links to be available adds + robustness in case there are device specific delays. footer: @@ -11178,7 +12588,8 @@ - The Radxa CM3 on RPI CM4 IOBoard as well as the Radxa zero use rockchip software tools in order to put the eMMC in mass-storage mode - - The CM4 module comes in two flavors: one with eMMC and the Lite version + - The CM4 module comes in two flavors: one with eMMC and the + Lite version which uses the carrier board sd-card slot to load the image. Both use the same balenaOS image. I switched the storage to internal for this DT because it *may* have @@ -11216,16 +12627,19 @@ saving the entire uboot environment in any device specific - partitions. This because it relies on the default environment being + partitions. This because it relies on the default environment + being stored in the u-boot binary. Let's disable the saveenv command and avoid potential incorrect - usage which may overwrite the partition table, resin-boot filesystem + usage which may overwrite the partition table, resin-boot + filesystem - or other areas of the eMMC that may be pre-configured by the BSP. + or other areas of the eMMC that may be pre-configured by the + BSP. footer: Change-type: patch change-type: patch @@ -11300,9 +12714,11 @@ Block device nodes are sometimes created without attached media. These - devices can neither be read from, nor written to. In this case, the + devices can neither be read from, nor written to. In this case, + the - flasher will attempt to install to the invalid disk and fail. Detect + flasher will attempt to install to the invalid disk and + fail. Detect this case and skip the disk to allow flashing to continue. footer: @@ -11373,7 +12789,8 @@ Secure boot is now opt-in, even in the case where the image is signed, - and it's supported in firmware. Skip the secure boot tests when it's not + and it's supported in firmware. Skip the secure boot tests when + it's not enabled at runtime. footer: @@ -11432,7 +12849,8 @@ exceptions, and makes debugging and log messages worse. - When we don't have a valid way to handle an exception, just throw it. + When we don't have a valid way to handle an exception, + just throw it. The traceback is more useful than the handler. footer: @@ -11638,7 +13056,8 @@ body: > This is used to support falling back into the original OS when - performing a brownfield migration into balenaOS from a flasher image. + performing a brownfield migration into balenaOS from a flasher + image. footer: Change-type: patch change-type: patch @@ -11706,7 +13125,8 @@ It's not clear how the feature to skip tests work, so modify the commit - message to be of type patch to avoid balenaCI errors on type none. + message to be of type patch to avoid balenaCI errors on type + none. footer: Change-type: patch change-type: patch @@ -11794,25 +13214,32 @@ We have seen a few times devices with duplicated network names for some - reason. While we don't know the cause the networks get duplicates, this + reason. While we don't know the cause the networks get + duplicates, this - can be disruptive for updates as trying to create a container referencing a duplicate + can be disruptive for updates as trying to create a + container referencing a duplicate network results in a 400 error from the engine. - This commit finds and removes duplicate networks via the state engine, + This commit finds and removes duplicate networks via the + state engine, - this means that even if somehow a container could be referencing a + this means that even if somehow a container could be + referencing a - network that has been duplicated later somehow, this will remove the + network that has been duplicated later somehow, this + will remove the container first. - While thies doesn't solve the problem of duplicate networks being + While thies doesn't solve the problem of duplicate + networks being - created in the first place, it will fix the state of the system to + created in the first place, it will fix the state of the + system to correct the inconsistency. footer: @@ -11828,29 +13255,38 @@ We have seen a few times devices with duplicated network names for some - reason. While we don't know the cause the networks get duplicates, + reason. While we don't know the cause the networks get + duplicates, - this is disruptive of updates, as the supervisor usually queries + this is disruptive of updates, as the supervisor usually + queries - resource by name, resulting in a 400 error from the engine because of + resource by name, resulting in a 400 error from the + engine because of the ambiguity. - This replaces those queries by name to queries by id. This includes + This replaces those queries by name to queries by id. + This includes - network removal. If a `removeNetwork` step is generated, the supervisor + network removal. If a `removeNetwork` step is generated, + the supervisor - opts to remove all instances of the network with the same name as it + opts to remove all instances of the network with the + same name as it cannot easily resolve the ambiguity. - This doesn't solve the problem of ambiguous networks, because even if + This doesn't solve the problem of ambiguous networks, + because even if - networks are referenced by id when creating a container, the engine will + networks are referenced by id when creating a container, + the engine will - throw an error (see https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871) + throw an error (see + https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871) footer: Change-type: patch change-type: patch @@ -12045,12 +13481,14 @@ - references in docs - - references device-state, api-binder, compose modules, API + - references device-state, api-binder, compose modules, + API - references in tests - The commit also adds a migration to remove the 4 dependent device tables from the DB. + The commit also adds a migration to remove the 4 + dependent device tables from the DB. footer: Change-type: minor change-type: minor @@ -12121,7 +13559,8 @@ body: > Drop support for Fedora 34 35. - Fedora 36 will be the last version for armv7 as it is no longer supported. + Fedora 36 will be the last version for armv7 as it is no longer + supported. footer: Change-type: patch change-type: patch @@ -12163,9 +13602,11 @@ executed. When sourced, the shebang should be ignored. - However, we have seen instances where a bash script sourcing a sh + However, we have seen instances where a bash script sourcing a + sh - os-helper scripts triggers POSIX behaviour, specifically glob parsing + os-helper scripts triggers POSIX behaviour, specifically glob + parsing failures. footer: @@ -12450,7 +13891,8 @@ specific flags being misapplied, breaking the build - Set ARCH based on the target architecture, and override OBJCOPY to the + Set ARCH based on the target architecture, and override OBJCOPY + to the binary provided by the target architecture's toolchain. footer: @@ -12517,27 +13959,35 @@ When a user runs the flasher with secure boot enabled in `config.json`, - the public keys used to validate the bootloader are enrolled. If any + the public keys used to validate the bootloader are enrolled. If + any - other bootloader signature fails to validate against this public key, it + other bootloader signature fails to validate against this public + key, it won't be executed. - If the user attempts to run the balenaOS flasher on that system again + If the user attempts to run the balenaOS flasher on that system + again - without first enabling the secure boot option, the flasher won't enroll + without first enabling the secure boot option, the flasher won't + enroll - keys, but the installed system will be signed. This will result in a + keys, but the installed system will be signed. This will result + in a secure boot enabled system without full-disk encryption. - Bail out in this case so the user must choose to explicitly opt-in to + Bail out in this case so the user must choose to explicitly + opt-in to - secure boot for the new installation, and full-disk encryption along + secure boot for the new installation, and full-disk encryption + along - with it. Otherwise, the user must reset the enrolled keys to install + with it. Otherwise, the user must reset the enrolled keys to + install without secure boot. footer: @@ -12553,11 +14003,14 @@ Extended globbing is not enabled by default, which makes the substring - match for trimming leading zeroes not work. This causes SETUPMODEVAR to + match for trimming leading zeroes not work. This causes + SETUPMODEVAR to - evaluate to "01", which fails comparison with the string "1", skipping + evaluate to "01", which fails comparison with the string "1", + skipping - key enrollment when secure boot is enabled. Compare using an integer + key enrollment when secure boot is enabled. Compare using an + integer expression instead. footer: @@ -12573,21 +14026,26 @@ When refactoring secure boot setup, a logic mistake in the purpose and - use of SECUREBOOT_VAR meant that devices booting the flasher with keys already + use of SECUREBOOT_VAR meant that devices booting the flasher + with keys already - enrolled would bail out with an incorrect message about secure boot not + enrolled would bail out with an incorrect message about secure + boot not being supported in firmware. - This variable is `00` on systems with secure boot support in firmware, + This variable is `00` on systems with secure boot support in + firmware, - but not enabled and enforced, `01` on systems where secure boot is + but not enabled and enforced, `01` on systems where secure boot + is enforced, and empty when secure boot is unsupported. - Change this conditional to bail out only when the variable is empty, + Change this conditional to bail out only when the variable is + empty, indicating that secure boot is unsupported. footer: @@ -12685,9 +14143,11 @@ Not all platforms support secure boot, notably aarch64 using tianocore - firmware. Additionally, swtpm may not be available for all platforms. + firmware. Additionally, swtpm may not be available for + all platforms. - Accordingly, move the swtpm service to a separate compose file that is + Accordingly, move the swtpm service to a separate + compose file that is only used when secure boot is enabled. footer: @@ -12749,7 +14209,8 @@ QEMU is capable of using an emulated software TPM exposed via socket. A - TPM is necessary for full disk encryption (FDE), so add a service to + TPM is necessary for full disk encryption (FDE), so add + a service to provide this to the QEMU worker. footer: @@ -12794,7 +14255,8 @@ Some firmwares will not boot balenaOS by default without explicitly - creating a boot entry, so create one on EFI platforms after flashing. + creating a boot entry, so create one on EFI platforms after + flashing. footer: Change-type: patch change-type: patch @@ -12808,19 +14270,23 @@ get_dev_path_from_label() calls lsblk to get the name and label of a - disk, then filters the list using the label and returns a /dev path. + disk, then filters the list using the label and returns a /dev + path. The name returned when using a luks encrypted partition is the - /dev/mapper name, rather than the kernel's device mapper name under + /dev/mapper name, rather than the kernel's device mapper name + under - /dev/dm-*. When assembling a path under /dev using the luks name, the + /dev/dm-*. When assembling a path under /dev using the luks + name, the path is invalid, and the by-state links aren't created. - This leads to the rootfs hook failing to find and mount the resin-rootA + This leads to the rootfs hook failing to find and mount the + resin-rootA partition. @@ -12855,15 +14321,18 @@ The flasher image enrolls the secure boot keys before rebooting into - secured user mode and creating the encrypted luks volumes on disk. + secured user mode and creating the encrypted luks volumes on + disk. - If the image is not signed, the key enrollment will fail, and the + If the image is not signed, the key enrollment will fail, and + the flasher will enter a loop trying to enroll them and rebooting. - Instead, skip the key enrollment if the image is not signed, resulting + Instead, skip the key enrollment if the image is not signed, + resulting in a non secure-boot installation. footer: @@ -12988,7 +14457,8 @@ old hooks from, the EFI partition must be bind-mounted as well - otherwise the /mnt/boot/EFI symlink is invalid and rollback fails + otherwise the /mnt/boot/EFI symlink is invalid and rollback + fails to deploy files into that directory. footer: @@ -13129,7 +14599,8 @@ body: > iptables takes a file lock at /run/xtables.lock. By default, if - the file is locked, iptables will fail with error. When that happens, + the file is locked, iptables will fail with error. When that + happens, the iptables rules won't be configured, and the shared mode @@ -13197,10 +14668,12 @@ This EFI image contains the secure boot certificates and when executed it - is supposed to load the keys into the respective secure boot slots. + is supposed to load the keys into the respective secure boot + slots. - We don't use this binary in our secure boot implementation, but currently + We don't use this binary in our secure boot implementation, but + currently the build breaks as the binary is installed but not packaged. footer: @@ -13239,7 +14712,8 @@ to a new maximum of 2048. - See https://github.com/darkk/redsocks/blob/19b822e345f6a291f6cff6b168f1cfdfeeb2cd7d/base.c#L419 + See + https://github.com/darkk/redsocks/blob/19b822e345f6a291f6cff6b168f1cfdfeeb2cd7d/base.c#L419 footer: Change-type: patch change-type: patch @@ -13409,14 +14883,17 @@ body: > The previous method of disabling NTP by stopping the nameserver - (dnsmasq) relied on the dnsmasq unit not being reactivated before the + (dnsmasq) relied on the dnsmasq unit not being reactivated + before the test completed. - Instead, disable NTP by blocking ntp.org in the local dnsmasq instance + Instead, disable NTP by blocking ntp.org in the local dnsmasq + instance - using a dbus method call. NTP is re-enabled as before, by restarting + using a dbus method call. NTP is re-enabled as before, by + restarting dnsmasq. footer: @@ -13572,7 +15049,8 @@ Custom actions can only use certain secrets and single-dimension - run matrices. By running an entirely separate job after Flowzone + run matrices. By running an entirely separate job after + Flowzone is successful we have a lot more options. footer: @@ -13725,11 +15203,13 @@ In rare cases (believed to be caused by a non-atomic file creation and - writing operation in containerd), we end up with an empty file at + writing operation in containerd), we end up with an empty file + at `/mnt/data/docker/containerd/daemon/io.containerd.grpc.v1.introspection/uuid`. - This causes `ctr version` (and hence the health check) to fail. See + This causes `ctr version` (and hence the health check) to fail. + See https://github.com/balena-os/balena-engine/issues/322 @@ -13737,13 +15217,16 @@ This commit addresses this issue in two ways: - 1. Before running `ctr version`, we check if the uuid file exists and is + 1. Before running `ctr version`, we check if the uuid file + exists and is empty. If so, we remove it. (The subsequent execution of `ctr version` by the healthcheck will create the file again.) - 2. After running `ctr version`, we check if the uuid file was really + 2. After running `ctr version`, we check if the uuid file was + really created and is not empty. - In both cases, when an empty uuid file is detected, we log the event to + In both cases, when an empty uuid file is detected, we log the + event to help us confirm our hypothesis about the root cause. footer: @@ -13847,16 +15330,19 @@ If the signing server's response is anything other than successful, such - as with an authentication failure or bad request, the HTTP status code + as with an authentication failure or bad request, the HTTP + status code and response are hidden due to the --silent flag passed to cURL. - Drop the stdio redirect to the output file along with the --silent flag, + Drop the stdio redirect to the output file along with the + --silent flag, and instead use the -o parameter to output the response to the - appropriate file on success. This allows the status code and response to + appropriate file on success. This allows the status code and + response to be shown in the logs upon failure. footer: @@ -13878,12 +15364,14 @@ meta-openembedded, so that all improvements are merged now. - Excluded from it are `iwd` and `dhcpcd` daemon configurations that are + Excluded from it are `iwd` and `dhcpcd` daemon configurations + that are not used by us. - Default NM firewall in meta-openembedded is `nftables` where we are still + Default NM firewall in meta-openembedded is `nftables` where we + are still using `iptables`. @@ -13891,11 +15379,14 @@ The new recipe relies on `meson` as a build system now. - The .bbapend file that contains modifications specific to balena is preserved. + The .bbapend file that contains modifications specific to balena + is preserved. - Only `balena-client-id.patch` is removed as it references code that no longer + Only `balena-client-id.patch` is removed as it references code + that no longer - exists. This is because the internal systemd DHCPv4 client code that NM used + exists. This is because the internal systemd DHCPv4 client code + that NM used is now replaced by nettools' n-dhcp4 implementation. @@ -13923,7 +15414,8 @@ so we reuse the fixed version from upstream. - The symptom is that DNS servers provided by DHCP are not being used. + The symptom is that DNS servers provided by DHCP are not being + used. Closes #2907 @@ -14764,7 +16256,8 @@ a unique subnet that is not in use. - The DinD daemon in the core service will also start with a non-default + The DinD daemon in the core service will also start with + a non-default subnet. footer: @@ -14824,11 +16317,14 @@ When unlocking LUKS devices, udev events initializing the DM devices are still - generated in the background even after cryptsetup luksOpen returns. We need to + generated in the background even after cryptsetup luksOpen + returns. We need to - wait for the udev processing to finish before killing udev and cleaning up + wait for the udev processing to finish before killing udev and + cleaning up - the udev database to avoid having to deal with partially initialized devices + the udev database to avoid having to deal with partially + initialized devices or corrupted udev database in the target OS. footer: @@ -14993,9 +16489,11 @@ Our initramfs is built into the kernel, which is always compressed. - Disable redundant initramfs compression, which should save some CPU + Disable redundant initramfs compression, which should save some + CPU - cycles during build and boot, as well as improving compression ratio. + cycles during build and boot, as well as improving compression + ratio. footer: Change-type: patch change-type: patch @@ -15025,16 +16523,21 @@ In the current state the cryptsetup initrd script tries to unlock all - LUKS volumes in the system using the TPM. This includes user-defined LUKS + LUKS volumes in the system using the TPM. This includes + user-defined LUKS - volumes that, if present, fail to unlock and make the system unbootable. + volumes that, if present, fail to unlock and make the system + unbootable. - We should also not touch user-defined volumes in the first place. + We should also not touch user-defined volumes in the first + place. - This patch modifies the cryptsetup script to only unlock LUKS volumes + This patch modifies the cryptsetup script to only unlock LUKS + volumes - that are on the OS drive (same block device as the EFI partition). + that are on the OS drive (same block device as the EFI + partition). footer: Change-type: patch change-type: patch @@ -15128,12 +16631,16 @@ ``` - /dev/sdd2: LABEL="flash-rootA" UUID="5585296a-c183-4b10-89ae-20607e5604be" TYPE="ext4" PARTLABEL="resin-rootA" PARTUUID="582478f2-be4b-4279-9124-536385c9551d" + /dev/sdd2: LABEL="flash-rootA" + UUID="5585296a-c183-4b10-89ae-20607e5604be" TYPE="ext4" + PARTLABEL="resin-rootA" + PARTUUID="582478f2-be4b-4279-9124-536385c9551d" ``` - This commit fixes the inconsistency as the PARTLABEL is used as a fallback + This commit fixes the inconsistency as the PARTLABEL is used as + a fallback method to identify devices. footer: @@ -15318,11 +16825,14 @@ Not all the boards we support have the redsocks uid as 995 in their rootfs so let's - fetch the actual redsocks uid from the DUT before running the proxy tests and + fetch the actual redsocks uid from the DUT before running the + proxy tests and - update that in the docker-compose.yml. We do so because the REDSOCKS_UID value + update that in the docker-compose.yml. We do so because the + REDSOCKS_UID value - isn't substituted in the compose if the variable, even if it is passed trough + isn't substituted in the compose if the variable, even if it is + passed trough the cli. footer: @@ -15354,19 +16864,23 @@ Enabling CONFIG_KERNEL_ZSTD=y improves the compression ratio compared - to gzip while being faster to decompress. With kernel 5.15 in balenaOS + to gzip while being faster to decompress. With kernel 5.15 in + balenaOS v2.105, we see the 24 MB kernel compress to approximately 19 MB. - Zstd support was added in commit 48f7ddf, first introduced in kernel + Zstd support was added in commit 48f7ddf, first introduced in + kernel v5.9. Enable this config unconditionally in supported kernels. - Note that not every architecture and device support this option, but in + Note that not every architecture and device support this option, + but in - those cases, Kconfig will automatically disable it as HAVE_ZSTD is also + those cases, Kconfig will automatically disable it as HAVE_ZSTD + is also missing. footer: @@ -15398,7 +16912,8 @@ Generate a bmap file from the sparse image to allow for punching holes - in the disk image ranges that were unmapped after building. This data is + in the disk image ranges that were unmapped after building. This + data is lost during compression, and the bmapfile allows for recreating, @@ -15456,12 +16971,14 @@ eb69ff445fe0cac4f2060e67fa6994e61c3ca4b9. - Hardcoding the bridge address like this results in conflicts + Hardcoding the bridge address like this results in + conflicts when multiple instances are running on one jenkins node. - A new solution for local workstation testing will have to be + A new solution for local workstation testing will have + to be considered. footer: @@ -15514,7 +17031,8 @@ Instead of retrying to get the DUT IP address 120 times on a 1 seconds interval, - let's reduce it to 30 times because the resolveLocalTarget which we call will + let's reduce it to 30 times because the + resolveLocalTarget which we call will timeout too in 15 seconds: @@ -15522,7 +17040,8 @@ https://github.com/balena-os/leviathan-worker/blob/master/lib/helpers/index.ts#L162 - So reducing the retries number to 30 will effectly bring the total combined timeout to a maximum of 8 minutes. + So reducing the retries number to 30 will effectly bring + the total combined timeout to a maximum of 8 minutes. footer: Change-type: patch change-type: patch @@ -15559,7 +17078,8 @@ The testbot AP is visible and is discovered during a scan. - Let's remove the hidden attribute as it may cause problems + Let's remove the hidden attribute as it may cause + problems for the 243390-rpi wireless tests. footer: @@ -15701,9 +17221,11 @@ There are two GRUB config variants - one for regular devices and one - for devices with FDE enabled. This commit makes flasher include the latter + for devices with FDE enabled. This commit makes flasher include + the latter - in the boot partition when secure boot and FDE is included in the image. + in the boot partition when secure boot and FDE is included in + the image. footer: Change-type: patch change-type: patch @@ -15819,7 +17341,8 @@ get_part_number_by_label expects the block device name without the /dev/ - prefix, flasher uses this correctly in all but one place, this patch fixes it. + prefix, flasher uses this correctly in all but one place, this + patch fixes it. footer: Change-type: patch change-type: patch @@ -15832,7 +17355,8 @@ body: > On most device types rootA and rootB are partitions 2 and 3 - but with LUKS encryption and boot/EFI split they are shifted to 3 and 4 + but with LUKS encryption and boot/EFI split they are shifted to + 3 and 4 footer: Change-type: patch change-type: patch @@ -15858,7 +17382,8 @@ We are using two variants of GRUB configs - one for LUKS-encrypted OS - and the other one for the rest. HUP needs to acknowledge this and use + and the other one for the rest. HUP needs to acknowledge this + and use the correct one based on the system being updated. footer: @@ -15885,7 +17410,8 @@ On full disk encrypted devices the EFI partition is a soft link in the - boot partition. This commit fixes detecting files in the EFI partition + boot partition. This commit fixes detecting files in the EFI + partition from the boot partition. footer: @@ -15901,7 +17427,8 @@ On full disk encrypted devices the EFI partition is a soft link in the - boot partition. This commit fixes detecting files in the EFI partition + boot partition. This commit fixes detecting files in the EFI + partition from the boot partition. footer: @@ -15921,9 +17448,11 @@ |-sda2 8:2 0 42M 0 part | `-luks-a91cd125-9e4c-45e6-b3f4-1e9b4ec9e5b9 250:0 0 40M 0 crypt /mnt/boot - This commit allows extracting the physical device (sdaN) whic is needed + This commit allows extracting the physical device (sdaN) whic is + needed - to extract the partition index using sysfs both for luks or standard + to extract the partition index using sysfs both for luks or + standard devices. footer: @@ -16013,7 +17542,8 @@ container and the DUT does not allow to ssh as a non-root user. - Run ssh from the worker to test local SSH authentication with a cloud + Run ssh from the worker to test local SSH authentication with a + cloud user. footer: @@ -16029,14 +17559,17 @@ Given that testbot devices use a tunnel to specific ports to communicate - with the DUT that is established with the suite-generated keys, using + with the DUT that is established with the suite-generated keys, + using - a different keypair for the ssh-auth test would require to tear down and + a different keypair for the ssh-auth test would require to tear + down and re-establish the tunnel. - It's easier to just use the existing key pair in the ssh-auth test. + It's easier to just use the existing key pair in the ssh-auth + test. footer: Change-type: patch change-type: patch @@ -16050,7 +17583,8 @@ Using two set of keys, the one created by the suite to authenticate by - the proxy and a new custom key, is tricky as when running on testbot the + the proxy and a new custom key, is tricky as when running on + testbot the key is used to establish the tunnel between core and DUT. @@ -16162,12 +17696,14 @@ When adding a kernel configuration conditional in a provided kernel - version, make the check include the provided kernel version as that is + version, make the check include the provided kernel version as + that is the intuitive way to understand it. - The two places that use this function already used it in this way. + The two places that use this function already used it in this + way. footer: Change-type: patch change-type: patch @@ -16196,7 +17732,8 @@ body: > chrony 4.2 introduces security hardening in the - service definition that removes the CAP_SYS_ADMIN permission, affecting + service definition that removes the CAP_SYS_ADMIN permission, + affecting the way healthdog uses execve to become chronyd. @@ -16204,7 +17741,8 @@ commit 83f96efdfd2d (examples: harden systemd services) - This commits works around it by allowing all members of the service's + This commits works around it by allowing all members of the + service's control group to send notification messages. footer: @@ -16296,7 +17834,8 @@ Add the wireguard module by default so it is included in all device - types. This is a frequently requested by customers and will avoid having + types. This is a frequently requested by customers and will + avoid having to patch individual device repositories. footer: @@ -16328,12 +17867,15 @@ There are two sets of keys used in this test, one stored in `/root/id` - which is created by the cloud suite to SSH via the proxy server, and + which is created by the cloud suite to SSH via the proxy server, + and - a custom key stored in `/root/test_id` used in some of the subtests. + a custom key stored in `/root/test_id` used in some of the + subtests. - Fix the test cases using the custom key to use the correct private key. + Fix the test cases using the custom key to use the correct + private key. footer: Change-type: patch change-type: patch @@ -16421,7 +17963,8 @@ configuration and starting the `openvpn` service unit. - As the `openvpn` service units stops `os-config`, it might not get to + As the `openvpn` service units stops `os-config`, it might not + get to restart the supervisor. @@ -16489,12 +18032,15 @@ The sshd daemon is configured to fetch keys from the API for local - user connections. The script that fetches the keys, cloud-public-sshkeys, + user connections. The script that fetches the keys, + cloud-public-sshkeys, - sources balena-config-vars and is run as an exclusive non-root user. + sources balena-config-vars and is run as an exclusive non-root + user. - Let's set the correct permissions for this file to allow not to break + Let's set the correct permissions for this file to allow not to + break the above. @@ -16525,12 +18071,14 @@ database and files modified outside of the pseudo context [0]. - This will occasionally cause builds to fail in the do_deploy step of the + This will occasionally cause builds to fail in the do_deploy + step of the kernel-devsrc recipe. [1] - Fix this by not removing the kernel_source tarball in the do_deploy + Fix this by not removing the kernel_source tarball in the + do_deploy step. @@ -16580,7 +18128,8 @@ The old test no longer matches on full disk paths including /dev, which - can potentially result in the installation disk not being excluded from + can potentially result in the installation disk not being + excluded from the pool of installation targets. @@ -16601,9 +18150,11 @@ Previously, globs such as 'md/balena{,_*}' and 'mmcblk?' weren't being - properly expanded, resulting in the old behavior of explicit lists of + properly expanded, resulting in the old behavior of explicit + lists of - disks continuing to work, but consolidated globs matching multiple disks + disks continuing to work, but consolidated globs matching + multiple disks would not. @@ -16688,7 +18239,8 @@ Since kirkstone tasks have network access disabled by default so we need - to enable it explicitly for tasks that talk to the signing service. + to enable it explicitly for tasks that talk to the signing + service. footer: Change-type: patch change-type: patch @@ -16992,7 +18544,8 @@ Handle ENOENT ErrnoException when attempting to unwrap a non-flasher - image in HUP tests. This mirrors a similar change made in ce2d33ad8. + image in HUP tests. This mirrors a similar change made in + ce2d33ad8. footer: Change-type: patch change-type: patch @@ -17132,7 +18685,8 @@ ``` - ERROR: libical-2.0.0-r0 do_package: QA Issue: libical: Files/directories were installed but not shipped in any package: + ERROR: libical-2.0.0-r0 do_package: QA Issue: libical: + Files/directories were installed but not shipped in any package: /usr/lib/cmake @@ -17163,7 +18717,8 @@ body: > Newer versions fail on the configuration step with: - Requested 'libcrypto >= 1.1.0' but version of OpenSSL-libcrypto is 1.0.2o + Requested 'libcrypto >= 1.1.0' but version of OpenSSL-libcrypto + is 1.0.2o footer: Change-type: patch change-type: patch @@ -17219,14 +18774,17 @@ This config file hasn't been used since commit 2db88c2, which unified - how managed and unmanaged images operate. Since that commit, openvpn + how managed and unmanaged images operate. Since that commit, + openvpn - starts up if the config file at /etc/openvpn/openvpn.conf is found, and + starts up if the config file at /etc/openvpn/openvpn.conf is + found, and otherwise remains inactive. This file is populated by os-config. - Remove the old config to prevent misdirection and cleanup the layer. + Remove the old config to prevent misdirection and cleanup the + layer. footer: Change-type: patch change-type: patch @@ -17278,26 +18836,32 @@ Chronyd checks that the directory specified as `sourcedir` in `chrony.conf` - (in this case `/var/chrony`) is not world accessible if it exists (chrony + (in this case `/var/chrony`) is not world accessible if it + exists (chrony - will create it correctly if it does not exist), and does not start + will create it correctly if it does not exist), and does not + start if that's the case. - The way that the `/var/chrony` is created when it does not exist opens + The way that the `/var/chrony` is created when it does not exist + opens - the possibility of the directory existing with the wrong permissions and + the possibility of the directory existing with the wrong + permissions and hitting this problem. - This commit creates the directory with the correct permissions from the + This commit creates the directory with the correct permissions + from the start to avoid the race condition. - It also changes the permissiong from 750 to 770 to match what chrony + It also changes the permissiong from 750 to 770 to match what + chrony does (see @@ -17350,7 +18914,8 @@ hostOS updates between aufs and overlay2 balenaOS versions. - This commit adds support for 5.15 kernels and improves the branch + This commit adds support for 5.15 kernels and improves the + branch selection logic to cover some corner cases. @@ -17376,7 +18941,8 @@ d6b563710e6cc0857843433d85023d47f9f2037d - Without much explanation in the commit, the ABI was removed in Poky: + Without much explanation in the commit, the ABI was removed in + Poky: e4c16d11128f0e9cc2567fc9e3579e9a94988b2e @@ -17386,14 +18952,17 @@ 0bf2fd16273436f1cd9ea2ab99ad882e879f965d - Then, there was a partial revert to remove the ABI again in Poky: + Then, there was a partial revert to remove the ABI again in + Poky: 66ff1fb3a164fa794ee186960809e3fa9e938b48 - This last 66ff1fb3a164fa794ee186960809e3fa9e938b48 commit is reverted here as + This last 66ff1fb3a164fa794ee186960809e3fa9e938b48 commit is + reverted here as - it fails to build for ARM targets. All our boards that cover all the + it fails to build for ARM targets. All our boards that cover all + the possible ABIs build with this change. footer: @@ -17622,7 +19191,8 @@ body: > This fixes the following error when building mkfs-hostapp-native - with Honister for a Variscite iMX8MM which only has Hardknott support: + with Honister for a Variscite iMX8MM which only has Hardknott + support: mkfs-hostapp-native-1.0-r0 do_prepare_recipe_sysroot: @@ -17742,7 +19312,8 @@ Unfortunately the standalone balena-cli package is linked to glibc - and does not work with musl (alpine) so we need to switch to debian. + and does not work with musl (alpine) so we need to + switch to debian. The trade-off seems worth it for build times though. @@ -17759,7 +19330,8 @@ This version can likely be increased now that the balena-cli - is no longer part of the ndoe dependencies, but for now just + is no longer part of the ndoe dependencies, but for now + just publish the current setting. footer: @@ -17794,7 +19366,8 @@ If a block device specified in resin-init-flasher.conf is part of an - array, but that assembled array name wasn't specified, skip it to avoid + array, but that assembled array name wasn't specified, skip it + to avoid data loss. footer: @@ -17810,18 +19383,23 @@ Instead of querying devices w/ `fdisk -l`, glob match patterns specified - in resin-init-flasher.conf with devices present in `/dev`. This allows us to + in resin-init-flasher.conf with devices present in `/dev`. This + allows us to - specify devices like `hd? sd? mmcblk?` instead of individual device + specify devices like `hd? sd? mmcblk?` instead of individual + device numbers, which don't consistently map to any particular disk. - This also allows RAID arrays to be matched with the array name and a + This also allows RAID arrays to be matched with the array name + and a - pattern that glob matches even arrays assembled automatically on a + pattern that glob matches even arrays assembled automatically on + a - non-matching host, such as `md/balena?(_?)` matching an array named + non-matching host, such as `md/balena?(_?)` matching an array + named `balena` and assembled on-device at `/dev/md/balena_0`. footer: @@ -17904,7 +19482,8 @@ Before kirkstone, the way to not include the kernel image was to - override the `RDEPENDS:${KERNEL_PACKAGE_NAME}-base` not to include + override the `RDEPENDS:${KERNEL_PACKAGE_NAME}-base` not to + include `kernel-image`, as was done in the `kernel-resin-noimage` class. @@ -17914,7 +19493,8 @@ Poky's commit f6d963fa6d0e64d53f7ef56fd2c12d67f5811829 - Now excluding the kernel image needs to `PACKAGE_EXCLUDE = "kernel-image-*"` + Now excluding the kernel image needs to `PACKAGE_EXCLUDE = + "kernel-image-*"` footer: Change-type: patch change-type: patch @@ -18014,7 +19594,9 @@ Yocto kirkstone complains with: - ERROR: packagegroup-resin-1.0-r1 do_package_write_ipk: An allarch packagegroup shouldn't depend on packages which are dynamically renamed (libnss-ato to libnss-ato2) + ERROR: packagegroup-resin-1.0-r1 do_package_write_ipk: An + allarch packagegroup shouldn't depend on packages which are + dynamically renamed (libnss-ato to libnss-ato2) For lack of a better place, move to the balena-image recipe. @@ -18320,7 +19902,8 @@ Run the resin-update-state rules that create the by-state links after md - arrays are assembled. This fixes state link creation when running on a + arrays are assembled. This fixes state link creation when + running on a RAID array. footer: @@ -18378,7 +19961,8 @@ The latest meta-balena includes `util-linux-findmnt` as a kexec module - dependency and this package has not yet been split from `util-linux` in + dependency and this package has not yet been split from + `util-linux` in thud. footer: @@ -18436,9 +20020,11 @@ In order to use the same rust toolchain across all supported Yocto - versions this commit updates the cmake version on all integration layers + versions this commit updates the cmake version on all + integration layers - below Zeus to 3.13.4, which is the minimum version to compile the rust + below Zeus to 3.13.4, which is the minimum version to compile + the rust 1.62 toolchain. @@ -18475,7 +20061,8 @@ it was living in meta-rust. - We want to use the balena-rust layer across a wide variety of Yocto + We want to use the balena-rust layer across a wide variety of + Yocto versions so include the fetcher conditionally. footer: @@ -18495,11 +20082,14 @@ systems and is not present in older Yocto releases. - This commit reverts to the previous way of setting the rust architecture. + This commit reverts to the previous way of setting the rust + architecture. - It will not work for ppc64le and if we would need to support such an + It will not work for ppc64le and if we would need to support + such an - architecture the arch_to_rust_arch() function will still be called if it + architecture the arch_to_rust_arch() function will still be + called if it exists in Kirkstone or newer Yocto versions. footer: @@ -18516,14 +20106,17 @@ With Kirkstone and the support of openSSL 3.0 it's not possible to find - a set of dependencies that work for all of our rust applications across + a set of dependencies that work for all of our rust applications + across - the 1.32 to 1.62 toolchain versions that are supported across all the + the 1.32 to 1.62 toolchain versions that are supported across + all the Yocto versions we keep compatibility with. - This layer allows to set a preferred version as a distro setting that can + This layer allows to set a preferred version as a distro setting + that can be used across all Yocto versions. @@ -18906,7 +20499,8 @@ Recent versions of meta-balena include a balena-rust layer used to - specify a distro-set Rust version across all supported Yocto versions + specify a distro-set Rust version across all supported Yocto + versions As such, the syntax of this layer also needs to be converted. @@ -19342,7 +20936,8 @@ The resin-img is no longer maintained and the deployment of raw images - as well as flasher requires features only available in balena-img. + as well as flasher requires features only available in + balena-img. footer: Change-type: patch change-type: patch @@ -19395,7 +20990,8 @@ As part of rebranding, resin docker repos were renamed to balena, and - resin/resin-img no longer receives updates. Change the image we pull to + resin/resin-img no longer receives updates. Change the image we + pull to process OS images from resin/resin-img to balena/balena-img. footer: @@ -19508,7 +21104,8 @@ When we patch an ESR branch, for example from v2022.1.0 to v2022.1.1, - do not update the next, current, sunset ESR phases as they remain the + do not update the next, current, sunset ESR phases as they + remain the same. footer: @@ -19542,7 +21139,8 @@ Otherwise patch updates of ESR branches move the ESR phase when they - should not. For example, if 2022.1.1 is current, 2022.1.2 is also + should not. For example, if 2022.1.1 is current, 2022.1.2 is + also current and should not move 2022.1.1 to sunset. footer: @@ -19664,7 +21262,8 @@ This is used by the OS builders to deploy releases. This contract contains - details related to the balena-image artifact generated in the balenaOS + details related to the balena-image artifact generated in the + balenaOS build. footer: @@ -19898,9 +21497,11 @@ jq returns null by default when a given key isn't found, ensure that - when getting the value of deployRawArtifact, we get an empty variable + when getting the value of deployRawArtifact, we get an empty + variable - instead, which is checked later on to determine if that file should be + instead, which is checked later on to determine if that file + should be deployed footer: @@ -19959,15 +21560,18 @@ * the CLI prompts for input during preload - Alternatively, the --pin-device-to-release flag may be used to pin only the + Alternatively, the --pin-device-to-release flag may be used to + pin only the preloaded device to the selected release. - Would you like to disable automatic updates for this fleet now? No + Would you like to disable automatic updates for this fleet now? + No - * we do not want to set the suggested flag and we do not want to touch the fleet release policy for this use case + * we do not want to set the suggested flag and we do not want to + touch the fleet release policy for this use case footer: Change-type: patch change-type: patch @@ -20027,7 +21631,8 @@ Surface the preloaded app commit as a variable that can be overridden in - the build job. Default to "current" to maintain existing behavior when + the build job. Default to "current" to maintain existing + behavior when the variable isn't set. footer: @@ -20062,7 +21667,8 @@ This will allow us to make changes to config.js in meta-balena without - breaking the deploy steps. If additional changes are needed at runtime + breaking the deploy steps. If additional changes are needed at + runtime the substitutions can be made by the leviathan Jenkins job. footer: @@ -20081,7 +21687,8 @@ body: > If the submodule was recently added to meta-balena, the checkout - command will not initialize it without a separate submodule update + command will not initialize it without a separate submodule + update command. footer: @@ -20208,7 +21815,8 @@ base meta-balena version. - Replace it with searching down the git tree for the commit before the + Replace it with searching down the git tree for the commit + before the branch. footer: @@ -20310,9 +21918,11 @@ last meta-balena tag. - For example, when we branch an ESR release, the meta-balena branch is + For example, when we branch an ESR release, the meta-balena + branch is - tagged with the ESR name, like 2.83.x, while the last meta-balena version + tagged with the ESR name, like 2.83.x, while the last + meta-balena version will be a proper semver. footer: @@ -20361,7 +21971,8 @@ body: > This is required to allow building against cloud instances with - different names for the balenaOS organization and private device types. + different names for the balenaOS organization and private device + types. footer: Change-type: patch change-type: patch @@ -20452,7 +22063,8 @@ When discontinuing a device type, there are no artifacts apart from - device-type.json, so check that the logo is there before deploying. + device-type.json, so check that the logo is there before + deploying. footer: Change-type: patch change-type: patch @@ -20507,10 +22119,12 @@ setting a release semver. - For the time being we are still using a version label in the hostapp. + For the time being we are still using a version label in the + hostapp. - This commit will be reverted once we get rid of the version label. + This commit will be reverted once we get rid of the version + label. footer: Change-type: patch change-type: patch @@ -20626,7 +22240,8 @@ block release. - Also, pass a flag to specify whether the block should be deployed as final + Also, pass a flag to specify whether the block should be + deployed as final release. footer: @@ -20695,14 +22310,16 @@ * Convert balena_deploy_build_block to balena_build_block, and deploy with balena_deploy_block - * Remove balena_deploy_hostapp and replace with balena_deploy_block + * Remove balena_deploy_hostapp and replace with + balena_deploy_block * Modify balena_deploy_hostos to use balena_deploy_block * Modify balena_deploy_block to use release versioning - By deafult image deployments happen as draft versions, and only become + By deafult image deployments happen as draft versions, and only + become final when passing validation. footer: @@ -20730,7 +22347,8 @@ When fetching images for blocks, use a given release revision. - Also, add token autentication to the API calls that miss it so that they work + Also, add token autentication to the API calls that miss it so + that they work with private device types. @@ -20752,7 +22370,8 @@ reject deployments for an existing release. - On the new versioning model, deployments increment a revision field so + On the new versioning model, deployments increment a revision + field so there is no need to check for uniqueness. footer: @@ -20785,7 +22404,8 @@ use of release_version. - Introduce a new balena_lib_release() function that utilises a balena + Introduce a new balena_lib_release() function that utilises a + balena contract and the CLI to set the release version. footer: @@ -20904,9 +22524,11 @@ made it unreachable from the balena-generate-ami-env container. - This patch makes mktemp create the file back within yocto cache to ensure + This patch makes mktemp create the file back within yocto cache + to ensure - this is shared yet still each concurrent process can safely have its own copy. + this is shared yet still each concurrent process can safely have + its own copy. footer: Change-type: patch change-type: patch @@ -20940,11 +22562,14 @@ Since the file name is hardcoded at this moment, this fails when two - builds are running in parallel (e.g. dev and prod variants during deploy) + builds are running in parallel (e.g. dev and prod variants + during deploy) - because they try to preload the same file at pretty much the same moment. + because they try to preload the same file at pretty much the + same moment. - Having a separate copy for each outside of yocto cache should fix the issue. + Having a separate copy for each outside of yocto cache should + fix the issue. footer: Change-type: patch change-type: patch @@ -20974,7 +22599,8 @@ body: > This is necessary for AMI preloading to work, additionally - it has been more than a year since the last update, we should keep up. + it has been more than a year since the last update, we should + keep up. footer: Change-type: patch change-type: patch @@ -21280,35 +22906,45 @@ A previous PR (#1656) fixed validation for network ipam config, - checking that both network and subnet are defined for each ipam config entry + checking that both network and subnet are defined for + each ipam config entry (as described in the docker documentation). - After that PR, the validations throws an exception if the network target state is incorrect, + After that PR, the validations throws an exception if + the network target state is incorrect, - but this turns out to be the wrong approach, because that exception is also triggered + but this turns out to be the wrong approach, because + that exception is also triggered when querying target state. - This isn't a problem in normal operation, but it is in local mode, because local + This isn't a problem in normal operation, but it is in + local mode, because local - mode queries the old target state before sending a new one. Since the query fails, + mode queries the old target state before sending a new + one. Since the query fails, the CLI can never push the new target state. - This PR replaces the exception with a warning on the logs, since a + This PR replaces the exception with a warning on the + logs, since a - misconfigured network won't cause any engine failures, it will just + misconfigured network won't cause any engine failures, + it will just - prevent containers to communicate through the provided network. + prevent containers to communicate through the provided + network. - A future improvement should move this validation to an earlier point in the process, + A future improvement should move this validation to an + earlier point in the process, - so the target state can get rejected before it even gets to a point it + so the target state can get rejected before it even gets + to a point it can be used. footer: @@ -21353,11 +22989,14 @@ This extra info will mean the API is able to immediately set default - config vars based on the os/supervisor version so that they are + config vars based on the os/supervisor version so that + they are - available on the first target state fetch rather than having a delay + available on the first target state fetch rather than + having a delay - whilst waiting for the supervisor to report them as part of a state + whilst waiting for the supervisor to report them as part + of a state patch @@ -21496,12 +23135,14 @@ The `start-resin-supervisor` script in newer OS version no longer uses the - SUPERVISOR_TAG environment variable setup on supervisor.conf and + SUPERVISOR_TAG environment variable setup on + supervisor.conf and update-supervisor.conf. - This change removes the need for that variable with livepush supervisor + This change removes the need for that variable with + livepush supervisor to make it compatible with older and newer OS versions footer: @@ -21541,7 +23182,8 @@ for custom composer types for network. - This commit also modifies network tests to use the new types + This commit also modifies network tests to use the new + types footer: Change-type: minor change-type: minor @@ -21581,7 +23223,8 @@ body: > Replace all references to the 'resin-vars' script with - 'balena-config-vars' as it has been renamed. Add a conditional + 'balena-config-vars' as it has been renamed. Add a + conditional test for compatibility with legacy systems. footer: @@ -21615,9 +23258,11 @@ - [Release notes](https://github.com/npm/ssri/releases) - - [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) + - + [Changelog](https://github.com/npm/ssri/blob/v6.0.2/CHANGELOG.md) - - [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) + - + [Commits](https://github.com/npm/ssri/compare/v6.0.1...v6.0.2) footer: Change-type: patch change-type: patch @@ -21684,9 +23329,11 @@ This is needed in preparation for storage migration from aufs to overlayfs. - When running hostapp-update, we need to create the target hostapp on + When running hostapp-update, we need to create the target + hostapp on - overlayfs, which implies the OS we update from can support both drivers + overlayfs, which implies the OS we update from can support both + drivers footer: Change-type: minor change-type: minor @@ -21733,14 +23380,16 @@ This brings in the aufs-to-overlay migrator. Which won't run until we - configure the engine service to include an `BALENA_MIGRATE_OVERLAY=1` + configure the engine service to include an + `BALENA_MIGRATE_OVERLAY=1` env var. The other notable change is the fix for - https://github.com/balena-os/balena-engine/issues/236 which allows + https://github.com/balena-os/balena-engine/issues/236 which + allows `balena top` to work as expected on balenaOS footer: @@ -21760,18 +23409,23 @@ We need to make sure the modem is completely initialized before sending - the AT commands that do the switch to ECM mode. To achieve this we + the AT commands that do the switch to ECM mode. To achieve this + we - change the systemd service dependency to depend on ModemManager.service + change the systemd service dependency to depend on + ModemManager.service - and then we determine the modem state by using mmcli and querying the + and then we determine the modem state by using mmcli and + querying the modem power-state property. - This procedure will only be done once. After the modem is placed in ECM + This procedure will only be done once. After the modem is placed + in ECM - mode, it will stay in this mode for future reboots so there will be no + mode, it will stay in this mode for future reboots so there will + be no other delays in bringing up the modem connection. footer: @@ -21858,7 +23512,8 @@ The balena-supervisor repository has been moved to balena-os so the - repo.yml file needs to be corrected for nested changelogs to work again. + repo.yml file needs to be corrected for nested changelogs to + work again. footer: Change-type: patch change-type: patch @@ -21893,30 +23548,40 @@ to etc-fake-hwclock.mount. - On initial boot after flashing a device the resin-state-reset.service + On initial boot after flashing a device the + resin-state-reset.service - was running after etc-fake-hwclock.mount causing the bind mount point + was running after etc-fake-hwclock.mount causing the bind mount + point - /mnt/state/root-overlay/etc/fake-hwclock to be deleted after it had + /mnt/state/root-overlay/etc/fake-hwclock to be deleted after it + had - been mounted. This resulted in a failure to save the date/time at + been mounted. This resulted in a failure to save the date/time + at - shutdown which caused problems with persistent logging at next boot. + shutdown which caused problems with persistent logging at next + boot. - Subsequent boots are unaffected as resin-state-reset does not run. + Subsequent boots are unaffected as resin-state-reset does not + run. Adding a dependency on the resin-state services ensures that the - bind mount point is created after the state reset has been performed. + bind mount point is created after the state reset has been + performed. - This issue was noticed when running the testbot unmanaged OS image + This issue was noticed when running the testbot unmanaged OS + image - persistent logging test. When running a managed OS image the device + persistent logging test. When running a managed OS image the + device normally reboots fairly immediately after connecting to the - balena-cloud host and receiving parameter updates, so this issue is + balena-cloud host and receiving parameter updates, so this issue + is not usually noticeable. footer: @@ -21984,11 +23649,14 @@ At this moment resin_update_state_probe is scanning pretty much every - block device for rootfs. This include ramdisks, zram and loop devices + block device for rootfs. This include ramdisks, zram and loop + devices - which, when scanned, even spam warnings in logs. This patch updates + which, when scanned, even spam warnings in logs. This patch + updates - the udev rule to skip such devices and only trigger on add or change + the udev rule to skip such devices and only trigger on add or + change events. footer: @@ -22109,9 +23777,11 @@ Remove assumptions about root fstype. Rename create to create.ext4, - mkfs.hostapp-ext4 to mkfs.hostapp, and add an argument to mkfs.hostapp + mkfs.hostapp-ext4 to mkfs.hostapp, and add an argument to + mkfs.hostapp - for fstype. Remove CMD from Dockerfile in favor of passing it as an + for fstype. Remove CMD from Dockerfile in favor of passing it as + an argument to docker run. footer: @@ -22132,27 +23802,35 @@ that was previously made `PartOf=` the balena.service. - This was done in an attempt to help get the system unstuck when the + This was done in an attempt to help get the system unstuck when + the - image is removed (like through manual pruning), which would cause the + image is removed (like through manual pruning), which would + cause the - healthcheck to trigger the engine to reboot until the load service was + healthcheck to trigger the engine to reboot until the load + service was restarted by hand. - Further investigation found a race between the first execution of the + Further investigation found a race between the first execution + of the - engine healthcheck script (which needs the image to be loaded) and the + engine healthcheck script (which needs the image to be loaded) + and the - loader service itself, which would lead to a similar state, requireing + loader service itself, which would lead to a similar state, + requireing manual intervention. - This change moves the loading into the healthcheck script itself, + This change moves the loading into the healthcheck script + itself, - allowing us to remove the loader script and service entirely, skipping + allowing us to remove the loader script and service entirely, + skipping the whole service ordering issue. footer: @@ -22175,7 +23853,8 @@ This option depends on FW_LOADER_USER_HELPER which will be enabled if - _FALLBACK is set to 'y', which is the default in the arm64 defconfig + _FALLBACK is set to 'y', which is the default in the arm64 + defconfig since Linux 5.4+. footer: @@ -22233,7 +23912,8 @@ As part of a full rename away from legacy resin namespaces the - following os-config compatibility changes are required to align + following os-config compatibility changes are required + to align with meta-balena changes. @@ -22299,9 +23979,11 @@ resin-image installs them from ${DEPLOYDIR}. - A normal grub installation installs those modules to ${PREFIX}/${libdir} + A normal grub installation installs those modules to + ${PREFIX}/${libdir} - to allow grub tooling to install them at runtime, but we're building the + to allow grub tooling to install them at runtime, but we're + building the image with GRUB baked in, so we don't need those in the sysroot. @@ -22310,18 +23992,23 @@ constraints by copying the modules from ${D}/${libdir}/grub/ to - ${DEPLOYDIR} in do_deploy(), then removing ${D}${prefix}. This had the + ${DEPLOYDIR} in do_deploy(), then removing ${D}${prefix}. This + had the - unfortunate side effect of breaking the build in certain cases, such as + unfortunate side effect of breaking the build in certain cases, + such as - clean builds or reexecuting do_deploy() without the other steps of the + clean builds or reexecuting do_deploy() without the other steps + of the build. - Instead, remove the unwanted files in do_install(), and append the + Instead, remove the unwanted files in do_install(), and append + the - required modules to GRUB_BUILDIN to create a standalone grub image + required modules to GRUB_BUILDIN to create a standalone grub + image without any external modules at all. footer: @@ -22340,11 +24027,14 @@ If the device with flasher rootfs is slow to bring up and rootfs is defined - as UUID=xxx the waiting loop in rootfs initrd script would assume UUIDs have + as UUID=xxx the waiting loop in rootfs initrd script would + assume UUIDs have - just been regenerated and wait for a by-state symlink instead. This only works + just been regenerated and wait for a by-state symlink instead. + This only works - for the OS - flasher does not use the dynamically generated UUIDs + for the OS - flasher does not use the dynamically generated + UUIDs therefore we always want to use the by-uuid link for it. footer: @@ -22467,7 +24157,8 @@ and *.mod extensions respectively. - Install only the release modules in do_deploy() to avoid balooning the + Install only the release modules in do_deploy() to avoid + balooning the size of the boot partition. footer: @@ -22545,15 +24236,20 @@ unit (etc-fake\x2dhwclock.mount). - Using a systemd service to bind mount the /etc/fake-hwclock directory + Using a systemd service to bind mount the /etc/fake-hwclock + directory - results in systemd generating an internal mount unit for the same + results in systemd generating an internal mount unit for the + same - directory. This causes problems at shutdown when both methods try to + directory. This causes problems at shutdown when both methods + try to - unmount the directory. This frequently leads to the directory being + unmount the directory. This frequently leads to the directory + being - unmounted before the fake-hwclock service has managed to save the + unmounted before the fake-hwclock service has managed to save + the system time. This results in an inaccurate fake-hwclock time @@ -22594,7 +24290,8 @@ body: > Running resin-ntp-config from openvpn upscript.sh is no longer - necessary as it is now run automatically when config.json changes. + necessary as it is now run automatically when config.json + changes. footer: Change-type: patch change-type: patch @@ -22637,9 +24334,11 @@ using the chrony-helper script. - A systemd service has been added to run the resin-ntp-config script + A systemd service has been added to run the resin-ntp-config + script - once at boot. Previously the script was being run up to 8 times at + once at boot. Previously the script was being run up to 8 times + at boot via a NetworkManager dispatcher script. footer: @@ -22659,15 +24358,19 @@ Update the existing DHCP dispatcher script for adding NTP sources to - make use of dynamic chrony source configuration. Any DHCP configured + make use of dynamic chrony source configuration. Any DHCP + configured - NTP sources for a particular interface are added to a sources file on + NTP sources for a particular interface are added to a sources + file on - network 'up' or DHCP lease renewal events. Any DHCP configured NTP + network 'up' or DHCP lease renewal events. Any DHCP configured + NTP sources for a particular interface are deleted on network 'down' - events. Changes to the sources file are picked up by chrony either + events. Changes to the sources file are picked up by chrony + either when it starts up or at runtime using the chrony-helper script. @@ -22676,7 +24379,8 @@ status on network 'up' and 'down' events. This will make chrony - re-run an iburst for sources when the appropriate network interface + re-run an iburst for sources when the appropriate network + interface comes back up. footer: @@ -22698,9 +24402,11 @@ Add the 'sourcedir' parameter to the chrony configuration to support - dynamic source configuration files. Any NTP source files that are + dynamic source configuration files. Any NTP source files that + are - created in 'sourcedir' (/run/chrony) can be used to update the chrony + created in 'sourcedir' (/run/chrony) can be used to update the + chrony source configuration at runtime. @@ -22727,7 +24433,8 @@ body: > We need to make sure the firmware cleanup function runs before - do_populate_sysroot otherwise do_populate_sysroot will race with it and + do_populate_sysroot otherwise do_populate_sysroot will race with + it and will fail complaining about the missing firmware that @@ -22750,38 +24457,49 @@ Fixes #2075 - Needed were a number of various changes to make the package compile properly: + Needed were a number of various changes to make the package + compile properly: - Removed is 0001-wwan-Set-MTU-based-on-what-ModemManager-exposes.patch that is now + Removed is + 0001-wwan-Set-MTU-based-on-what-ModemManager-exposes.patch that + is now included upstream. - Our patch for removing HTTPS connectivity checking warning is reworked for ease of + Our patch for removing HTTPS connectivity checking warning is + reworked for ease of - maintainance. It now keeps the log entry, but changes it to debug level. + maintainance. It now keeps the log entry, but changes it to + debug level. - Fixed are UPSTREAM_CHECK_* definitions as they referenced a wrong version number. + Fixed are UPSTREAM_CHECK_* definitions as they referenced a + wrong version number. - The following additional configuration options were added/removed: + The following additional configuration options were + added/removed: - *. Introspection is disabled through `--enable-introspection=no`. Other services do + *. Introspection is disabled through + `--enable-introspection=no`. Other services do - not depend on it, so it is safe to remove it. A related patch is no longer needed + not depend on it, so it is safe to remove it. A related patch is + no longer needed 0002-Do-not-create-settings-settings-property-documentati.patch - *. A new option for using firewalld zone for shared mode is disabled as we do not + *. A new option for using firewalld zone for shared mode is + disabled as we do not use firewalld. - *. The polkit agent option no longer is available, so `--enable-polkit-agent` and + *. The polkit agent option no longer is available, so + `--enable-polkit-agent` and `--disable-polkit-agent` are no longer defined. footer: @@ -22823,22 +24541,27 @@ By using procps as docker expects we can properly handle ps args - such as -e and -o to format output. Busybox is only capable of this + such as -e and -o to format output. Busybox is only capable of + this when compiled in "desktop" mode. - This upstream commit to poky has already split the ps binary into + This upstream commit to poky has already split the ps binary + into a separate procps package: - - https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=507a47a4e5077d5f8f76d9629be6b871dfd8eb90 + - + https://git.yoctoproject.org/cgit/cgit.cgi/poky/commit/?id=507a47a4e5077d5f8f76d9629be6b871dfd8eb90 - So for now we can copy this recipe at the commit above into compat branches + So for now we can copy this recipe at the commit above into + compat branches - and use that version until we pick up a branch newer than gatesgarth. + and use that version until we pick up a branch newer than + gatesgarth. footer: Change-type: patch change-type: patch @@ -22894,12 +24617,14 @@ UART modems (RaspberryPi HATs) are not working currently under - balenaOS as NetworkManager times out while attempting to establish + balenaOS as NetworkManager times out while attempting to + establish ppp connection. This is not a balenaOS specific issue. - This commits adds a `connect ""` declaration to `/etc/ppp/options` + This commits adds a `connect ""` declaration to + `/etc/ppp/options` to workaround this as the NULL default value causes the timeout. @@ -22908,7 +24633,8 @@ physical link. When using NetworkManager/ModemManager it is - ModemManager that establishes the physical link before passing it + ModemManager that establishes the physical link before passing + it to NetworkManager. Thus `connect` should be empty. footer: @@ -22928,16 +24654,19 @@ body: > Starting with dee971c0dbeb6e8363f3e321af582e99627626e9, flasher - images, which don't contain a supervisor version, try to register + images, which don't contain a supervisor version, try to + register in the API using the parameter supervisor_version='null'. - However, the API expects this parameter to be unset completely if + However, the API expects this parameter to be unset completely + if there's no version to be reported during registration, otherwise - the call fails and the device doesn't show up in dashboard during + the call fails and the device doesn't show up in dashboard + during flashing or report the post-provisioning state. footer: @@ -22971,9 +24700,11 @@ This is necessary because node has its own built-in CA bundle and ignores - the system-wide bundle. Bind-mount the system-wide bundle to the supervisor + the system-wide bundle. Bind-mount the system-wide bundle to the + supervisor - container as well to keep the previous behavior. Make it read-only though, + container as well to keep the previous behavior. Make it + read-only though, any modifications should be performed by the host OS. footer: @@ -23127,7 +24858,8 @@ This reverts commit dc6cfa2e90b29b0fdcfc05c1b85e2196de4f950b. - Once the core problem with the resin-data mount has been fixed this + Once the core problem with the resin-data mount has been fixed + this commit is no longer needed. footer: @@ -23145,9 +24877,11 @@ https://github.com/balena-os/meta-balena/commit/6be3f1153d56c1c0c21e6d84db7be70be96bcd10 - the supervisor database was relocated by mistake. On this version the database + the supervisor database was relocated by mistake. On this + version the database - returns to its original place, and these hooks copy the old database to the + returns to its original place, and these hooks copy the old + database to the new location to avoid data loss. footer: @@ -23166,7 +24900,8 @@ able to start. - This commit checks the directory existence and creates it if required + This commit checks the directory existence and creates it if + required independently of whether the supervisor container is present. footer: @@ -23238,7 +24973,8 @@ https://github.com/meta-rust/meta-rust/pull/242 - The fix for TUNE_FEATURES parsing has been merged in meta-rust master + The fix for TUNE_FEATURES parsing has been merged in meta-rust + master and should be present when they fork for dunfell. footer: @@ -23254,14 +24990,16 @@ The content applied by the patches has not changed, just the context - in order to properly inject changes without fuzzy matching since the source + in order to properly inject changes without fuzzy matching since + the source files have changed upstream. `devtool modify systemd` - `devtool finish --force-patch-refresh systemd ../layers/meta-balena/meta-balena-dunfell/` + `devtool finish --force-patch-refresh systemd + ../layers/meta-balena/meta-balena-dunfell/` footer: Change-type: patch change-type: patch @@ -23275,7 +25013,8 @@ https://github.com/balena-os/poky/commit/e3cd4e584239c207e3c82bdf5d7216d26fd28fc7 - add missing udev rules since systemd began including rules explicitly + add missing udev rules since systemd began including rules + explicitly footer: Change-type: patch change-type: patch @@ -23301,7 +25040,8 @@ [https://github.com/balena-os/poky/commit/d365948ebd76625f82ef04e77d35bcfeced42fec] - Dropbear is still required to migrate keys. Avoid the upstream conflict with openssh. + Dropbear is still required to migrate keys. Avoid the upstream + conflict with openssh. footer: Change-type: patch change-type: patch @@ -23364,9 +25104,11 @@ https://github.com/balena-os/poky/commit/d7b8ae3faa9344f2ada22e0402066c2fff5958c6 - We have no use for u-boot-initial-env and enabling it would require + We have no use for u-boot-initial-env and enabling it would + require - additional changes in do_compile to match the commit linked above. + additional changes in do_compile to match the commit linked + above. footer: Change-type: patch change-type: patch @@ -23392,7 +25134,8 @@ body: > In dunfell, rather than patching the bluetooth.service.in file, - we will just override the ExecStart value via bluetooth.conf.systemd + we will just override the ExecStart value via + bluetooth.conf.systemd footer: Change-type: patch change-type: patch @@ -23440,9 +25183,11 @@ 'runSupervisor'. - Updates to the 'start-resin-supervisor' script in v2.62.1 removed + Updates to the 'start-resin-supervisor' script in v2.62.1 + removed - the check for updates to the REGISTRY_ENDPOINT variable. Previously + the check for updates to the REGISTRY_ENDPOINT variable. + Previously this had been detected as changing every time the script was run @@ -23450,17 +25195,21 @@ 'start-resin-supervisor' script always running through the - 'runSupervisor' path. With this variable check removed, and no config + 'runSupervisor' path. With this variable check removed, and no + config updates being detected, the script was trying to run 'balena start --attach resin_supervisor' and failing due to the - absence of the /var/log/supervisor-log directory. To fix this problem we + absence of the /var/log/supervisor-log directory. To fix this + problem we - unconditionally test for and create this directory (if necessary) so + unconditionally test for and create this directory (if + necessary) so - that it is available regardless of the path taken through the script. + that it is available regardless of the path taken through the + script. footer: Change-type: patch change-type: patch @@ -23486,7 +25235,8 @@ doing our own profiling. - [0] https://fedoraproject.org/wiki/Changes/SwapOnZRAM#Default_zram_device_configuration: + [0] + https://fedoraproject.org/wiki/Changes/SwapOnZRAM#Default_zram_device_configuration: footer: Change-type: minor change-type: minor @@ -23505,15 +25255,20 @@ 1234 (non-privileged). - Previous issues with Phicomm routers had required the use of a fixed + Previous issues with Phicomm routers had required the use of a + fixed - UDP source port, so port 123 was chosen as this is used by both ntpd + UDP source port, so port 123 was chosen as this is used by both + ntpd - and ntpdate. However recent testing has shown that using a privileged + and ntpdate. However recent testing has shown that using a + privileged - port such as 123 can cause issues on other networks. By changing the + port such as 123 can cause issues on other networks. By changing + the - port to be non-privileged (i.e. 1234) we can satisfy both network + port to be non-privileged (i.e. 1234) we can satisfy both + network requirements. footer: @@ -23550,7 +25305,8 @@ follows: - 1) A 'timeinit-rtc.sh' script has been added to improve logging of + 1) A 'timeinit-rtc.sh' script has been added to improve logging + of system time updates from the RTC and to prevent system time being set when RTC time is behind system time. If RTC time is found to be behind system time a warning is issued regarding @@ -23766,11 +25522,14 @@ ``` - Will lead to the supervisor creating multiple image database entries + Will lead to the supervisor creating multiple image + database entries - with the same dockerId (this is because of how the engine handles this + with the same dockerId (this is because of how the + engine handles this - particular case). This case is not handled by the removal process + particular case). This case is not handled by the + removal process leading to image pile up and increased disk usage. footer: @@ -23791,22 +25550,29 @@ The memory information reported by the supervisor currently - estimates the value of used memory as `MemTotal - MemFree`. + estimates the value of used memory as `MemTotal - + MemFree`. - However, linux systems will try to cache and buffer as much + However, linux systems will try to cache and buffer as + much - memory as possible, which will affect the output of `MemFree` + memory as possible, which will affect the output of + `MemFree` - (from /proc/meminfo) and in consequence the memory usage seen + (from /proc/meminfo) and in consequence the memory usage + seen - by the user on the dashboard, which will appear much greater than + by the user on the dashboard, which will appear much + greater than it is. - The correct calculation should be `MemTotal - MemFree - Buffers - Cached`, + The correct calculation should be `MemTotal - MemFree - + Buffers - Cached`, - which the calculation performed by `htop` and the `free` commands. + which the calculation performed by `htop` and the `free` + commands. footer: Change-type: patch change-type: patch @@ -23861,13 +25627,17 @@ With the addition of the system information feature (CPU temp) etc if - there wasn't any changes in the docker or config state of the device, + there wasn't any changes in the docker or config state + of the device, - updates in system information would not be sent to the API. Now we + updates in system information would not be sent to the + API. Now we - attempt to send data once every maxReportFrequency (although this does + attempt to send data once every maxReportFrequency + (although this does - not mean that we will be sending data that often, we still only send the + not mean that we will be sending data that often, we + still only send the delta, if one exists) footer: @@ -23911,9 +25681,11 @@ In order to make supervisor upgrades more transparent, lets move away - from this env var since it requires a container restart any time the supervisor + from this env var since it requires a container restart + any time the supervisor - is upgraded. We should ultimately move towards providing the supervisors + is upgraded. We should ultimately move towards providing + the supervisors set of capabilities, but that can come later footer: @@ -23934,7 +25706,8 @@ Due to the singleton work, when performing migration M00005 and there - are apps with services created in the database, a deadlock occurs + are apps with services created in the database, a + deadlock occurs during database initialization due to a circular @@ -23972,12 +25745,15 @@ When trying to apply SSDT overlays in Up Board, the supervisor currently - gets stuck in a loop trying to apply target state. See #1465 + gets stuck in a loop trying to apply target state. See + #1465 - This was due to a bug in parsing the configuration, which lead to + This was due to a bug in parsing the configuration, + which lead to - the method bootConfigChangeRequired returning true when no change was + the method bootConfigChangeRequired returning true when + no change was needed. footer: @@ -24011,14 +25787,17 @@ Each service, when requesting access to the Supervisor API, will - now get an individual key which can be scoped to specific resources. + now get an individual key which can be scoped to + specific resources. - In this iteration the default scope will be to the application that + In this iteration the default scope will be to the + application that the service belongs to. - We also have a `global` scope which is used by the cloud API when in + We also have a `global` scope which is used by the cloud + API when in managed mode. footer: @@ -24098,14 +25877,17 @@ By default chrony uses a random UDP source port for each NTP request. - This can cause problems with particular routers/firewalls (issues have + This can cause problems with particular routers/firewalls + (issues have been reported for the Phicomm KE 2P). - The chrony `acquisitionport` configuration setting has been added + The chrony `acquisitionport` configuration setting has been + added - to the chrony.conf file to change the UDP source port for NTP requests + to the chrony.conf file to change the UDP source port for NTP + requests to 123 (this is the same as the default source port used by both @@ -24127,11 +25909,13 @@ body: > Drop the '-s' command line parameter from chronyd as: - a) restoring time from the drift file is no longer necessary due to + a) restoring time from the drift file is no longer necessary due + to the fake-hwclock service, and - b) restoring time from the RTC is already covered by the timeinit-rtc + b) restoring time from the RTC is already covered by the + timeinit-rtc service. footer: @@ -24148,43 +25932,52 @@ In order to produce sensible timestamps for journald log messages: - a) the system time needs to be maintained correctly over a reboot, and + a) the system time needs to be maintained correctly over a + reboot, and b) the system time needs to be set before journald is started. Currently the system time is maintained over reboots on systems - without an RTC using the last modified time of the chrony drift file. + without an RTC using the last modified time of the chrony drift + file. However there are a couple of issues with this approach: - a) /var/lib/chrony/ is not mounted early enough in the boot process + a) /var/lib/chrony/ is not mounted early enough in the boot + process to be available for setting the time before journald is started. - b) there is an issue with the current systemd dependencies that result + b) there is an issue with the current systemd dependencies that + result - in the last modified time of the drift file not being updated when the + in the last modified time of the drift file not being updated + when the system is shutdown or rebooted (see #1995). - The Debian fake-hwclock service (as used by Raspberry Pi OS) has been + The Debian fake-hwclock service (as used by Raspberry Pi OS) has + been added to overcome these issues. - The fake-hwclock service will save and restore the system time from + The fake-hwclock service will save and restore the system time + from - the fake-hwclock.data file (in /etc/fake-hwclock/). The system time + the fake-hwclock.data file (in /etc/fake-hwclock/). The system + time is loaded from this file at boot and saved to it on shutdown. An additional timer service has been added to update the file on an - hourly basis to cater for unexpected shutdown scenarios, e.g. power + hourly basis to cater for unexpected shutdown scenarios, e.g. + power failure. @@ -24214,7 +26007,8 @@ Add a persistent r/w location (root-overlay/etc/fake-hwclock/) to - the resin-state partition for storage of the fake-hwclock.data file. + the resin-state partition for storage of the fake-hwclock.data + file. This file is used by the fake-hwclock service to load the system @@ -24271,9 +26065,11 @@ in the system. - The list of hostapp extensions to install can either be passed to the + The list of hostapp extensions to install can either be passed + to the - script or it will use the ones set in config.json or hostapp-extensions.conf + script or it will use the ones set in config.json or + hostapp-extensions.conf in that order. footer: @@ -24306,11 +26102,14 @@ root filesystem at boot. - This commits adds the default host extensions to the data partition + This commits adds the default host extensions to the data + partition - image, stores their repository tags in the /etc directory, and creates + image, stores their repository tags in the /etc directory, and + creates - the containers so that mobynit can mount the container filesystems on + the containers so that mobynit can mount the container + filesystems on boot. footer: @@ -24355,7 +26154,8 @@ Now that the data partition will be mounted from the initramfs for host - extensions support, this script will only run if something went wrong. + extensions support, this script will only run if something went + wrong. footer: Change-type: patch change-type: patch @@ -24383,7 +26183,8 @@ The resin-data partition will be mounted in the initramfs for the host - extension support so the UUID generation needs to happen before that. + extension support so the UUID generation needs to happen before + that. footer: Change-type: patch change-type: patch @@ -24397,12 +26198,14 @@ With the data partition being mounted in the initramfs to support host - extensions, the runtime systemd-udev no longer sees the resin-data mount + extensions, the runtime systemd-udev no longer sees the + resin-data mount event and this mount is blocked. - This is resolved by not adding the default dependency on the block device. + This is resolved by not adding the default dependency on the + block device. footer: Change-type: patch change-type: patch @@ -24507,12 +26310,14 @@ The hostapp update process should not overwrite the supervisor configuration - backend files to avoid the supervisor being forced to set the target state + backend files to avoid the supervisor being forced to set the + target state after HUP and reboot the device during the rollback period. - This only applies to the host configuration files which are the only ones + This only applies to the host configuration files which are the + only ones that force a reboot. footer: @@ -24547,9 +26352,11 @@ body: > If the rootfs is on a slow-to-bring-up device (e.g. RPi4 + USB) - the fsuuidsinit_enabled() function may return before the balena symlinks + the fsuuidsinit_enabled() function may return before the balena + symlinks - are created. This gets wrongly interpreted as missing UUIDs leading to + are created. This gets wrongly interpreted as missing UUIDs + leading to a chain of failures in the subsequent scripts. @@ -24574,9 +26381,11 @@ We allow the user to specify a custom CA in the .balenaRootCA key - of config.json but at this moment each tool has to implement support + of config.json but at this moment each tool has to implement + support - if it wants to use it. This commit adds it to the system-wide CA bundle + if it wants to use it. This commit adds it to the system-wide CA + bundle so that the CA is respected everywhere. @@ -24802,9 +26611,11 @@ The change type is considered 'major' because, by default, errors are - now thrown for relatively common occurrences such as authentication + now thrown for relatively common occurrences + such as authentication - failures when pulling from private registries, and library users may + failures when pulling from private registries, + and library users may have to adapt. footers: @@ -25009,7 +26820,8 @@ * Switch to `export ...` syntax (from `export = ...`) - * Fix invalid export of class inheriting non-exported class + * Fix invalid export of class inheriting + non-exported class footers: change-type: major hash: a6307b8c04d3456ad7d8a6ac19035b5e718c4311 @@ -25262,7 +27074,8 @@ For the updated 5.4 kernel on RPI4, kernel-headers-test fails with - arch/arm64/kernel/vdso/Makefile lib/vdso/Makefile No such file or directory + arch/arm64/kernel/vdso/Makefile lib/vdso/Makefile No such file + or directory make[1] *** No rule to make target 'lib/vdso/Makefile'. Stop. @@ -25533,9 +27346,11 @@ This is very similar to the cache class they use by default, with the - difference that it has a limit and won't grow indefinitely, causing + difference that it has a limit and won't + grow indefinitely, causing - memory leaks on long running applications like Jellyfish. + memory leaks on long running + applications like Jellyfish. footers: change-type: patch signed-off-by: Juan Cruz Viotti @@ -25725,11 +27540,14 @@ This is a hack, and should be reverted once we get to the bottom of it. - It will impact performance, but right now there are things that should + It will impact performance, but right + now there are things that should - be filtered and are not, so lets get this merged for security purposes. + be filtered and are not, so lets get + this merged for security purposes. - Hopefully this library will be re-written soon. + Hopefully this library will be + re-written soon. footers: change-type: patch see: https://github.com/balena-io/jellyfish/pull/878 @@ -25797,11 +27615,14 @@ Handlebars supports very basic if condition checking, but it only checks for - existence of a field. There are times when we want to combine conditions in order + existence of a field. There are times when we + want to combine conditions in order - to generate something as part of a blueprint, without defining a completely separate + to generate something as part of a blueprint, + without defining a completely separate - blueprint for it (like generating network config schema if a dt has a wifi chip or + blueprint for it (like generating network config + schema if a dt has a wifi chip or a usb port to which we can connect a dongle). footers: @@ -25820,9 +27641,11 @@ Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. - - [Release notes](https://github.com/indutny/elliptic/releases) + - [Release + notes](https://github.com/indutny/elliptic/releases) - - [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) + - + [Commits](https://github.com/indutny/elliptic/compare/v6.5.2...v6.5.3) footer: Change-type: patch change-type: patch @@ -25866,9 +27689,11 @@ This allows consumers like pinejs-client-supertest - to have all the methods returning different Promise + to have all the methods returning + different Promise - types based solely on the implementation of the + types based solely on the implementation + of the request() method. footer: @@ -26036,11 +27861,14 @@ In b791055f3f6ffd6cc5796569a7321c5060129eea I attempted to have flasher - images report their preconfigured supervisor version without a good + images report their preconfigured supervisor version without a + good - understanding of how flasher images work. As it turns out no supervisor + understanding of how flasher images work. As it turns out no + supervisor - information is maintained in the flasher image itself, so until that is + information is maintained in the flasher image itself, so until + that is sorted stop reporting a blank string for the supervisor version. footer: @@ -26060,7 +27888,8 @@ like the older branches do. Let's move this setting in the - balena-os-sysctl file to avoid issues where some device integration + balena-os-sysctl file to avoid issues where some device + integration layers set the rp_filter mode to strict and break connectivity. footer: @@ -26091,12 +27920,14 @@ Recently the supervisor added a codepath that assumes no files underneath it will change during runtime. - OS update hooks can trigger a condition whereby the supervisor reboots the device during a HUP, + OS update hooks can trigger a condition whereby the supervisor + reboots the device during a HUP, which in turn bricks the device. - Additionally, since unknown args cause this update to fail-closed, + Additionally, since unknown args cause this update to + fail-closed, remove that barrier to future-proof more flag expansion. footer: @@ -26146,17 +27977,21 @@ On commit a4ce26caadabcb1e87d944d78218cc32c579914e the supervisor moved - from using --volume to using --mount to avoid the implicit creation of + from using --volume to using --mount to avoid the implicit + creation of directories instead of files. - However, in the case where the mount referred to a directory, these have + However, in the case where the mount referred to a directory, + these have - to exist in the rootfs beforehand as --mount will not create them. + to exist in the rootfs beforehand as --mount will not create + them. - This commit checks for the existence of the /var/log/supervisor-log + This commit checks for the existence of the + /var/log/supervisor-log directory and creates it if required. footer: @@ -26189,9 +28024,11 @@ Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. - - [Release notes](https://github.com/lodash/lodash/releases) + - [Release + notes](https://github.com/lodash/lodash/releases) - - [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) + - + [Commits](https://github.com/lodash/lodash/compare/4.17.15...4.17.19) footer: Change-type: patch change-type: patch @@ -26318,9 +28155,11 @@ Otherwise, as util-linux has a higher default alternative priority, the - version in util-linux is chosen. It would seem they are exchangeable, but + version in util-linux is chosen. It would seem they are + exchangeable, but - the busybox version reportedly works even if the RTC interrupt line is not + the busybox version reportedly works even if the RTC interrupt + line is not connected. @@ -26344,9 +28183,11 @@ In order to get closer to formally requiring a target supervisor release - in the model, we should expand our provisioning process to provide the + in the model, we should expand our provisioning process to + provide the - initial supervisor_version metadata. This connects back to tri-app. + initial supervisor_version metadata. This connects back to + tri-app. footer: Depends-on: https://github.com/balena-io/open-balena-api/pull/394 depends-on: https://github.com/balena-io/open-balena-api/pull/394 @@ -26396,17 +28237,21 @@ On commit a4ce26caadabcb1e87d944d78218cc32c579914e the supervisor moved - from using --volume to using --mount to avoid the implicit creation of + from using --volume to using --mount to avoid the implicit + creation of directories instead of files. - However, in the case where the mount referred to a directory, these have + However, in the case where the mount referred to a directory, + these have - to exist in the rootfs beforehand as --mount will not create them. + to exist in the rootfs beforehand as --mount will not create + them. - This commit checks for the existence of the /resin-data/resin-supervisor + This commit checks for the existence of the + /resin-data/resin-supervisor directory and creates it if required. footer: @@ -26426,9 +28271,11 @@ This commits renames it to the newly branded balena-logo.png - If the resin-logo.png was unmodified, it will forcefully replace to + If the resin-logo.png was unmodified, it will forcefully replace + to - balena-logo.png to force rebranding of older resin branded release. + balena-logo.png to force rebranding of older resin branded + release. Fixes #1801 @@ -26468,26 +28315,33 @@ The `docker` Docker Hub repository lists what versions of the image - are supported and 18.6 is not among them at all. Use the current stable + are supported and 18.6 is not among them at all. Use the current + stable - line of 18.09 instead, to stay on supported versions. See more info at: + line of 18.09 instead, to stay on supported versions. See more + info at: https://hub.docker.com/_/docker - For more reproducability, we are also including the patch level version + For more reproducability, we are also including the patch level + version - of the container, which will give us more responsibility to update more + of the container, which will give us more responsibility to + update more frequently, but fewer surprises. - Also explicitly set `DOCKER_HOST` for the daemon being started, otherwise + Also explicitly set `DOCKER_HOST` for the daemon being started, + otherwise - the base image's setting might silently take over, and modify this. + the base image's setting might silently take over, and modify + this. - Replace deprecated `-g` (graph driver) with `--data-root` as well. + Replace deprecated `-g` (graph driver) with `--data-root` as + well. footer: Change-type: minor change-type: minor @@ -26502,10 +28356,12 @@ on wlan0. This commit moves the logic to udev rule as there is - no guarantee wlan0 is the only or default wlan adapter in the system. + no guarantee wlan0 is the only or default wlan adapter in the + system. - There seems to be no better way to identify a wlan device in udev + There seems to be no better way to identify a wlan device in + udev than KERNEL=="wl*" which should match both net.ifnames=0 (wlanX) @@ -26535,7 +28391,8 @@ https://docs.docker.com/engine/reference/commandline/service_create/#differences-between---mount-and---volume - This avoids situations where --volume implicitely creates a directory (see #1748) + This avoids situations where --volume implicitely creates a + directory (see #1748) Fixes #1754 @@ -26659,9 +28516,11 @@ The host config variable HOST_DISCOVERABILITY can be set to - true or false, controlling the state of the avahi service. This + true or false, controlling the state of the avahi + service. This - determines if the device advertises it's presence over mDNS. + determines if the device advertises it's presence over + mDNS. footer: Change-type: patch change-type: patch @@ -26682,7 +28541,8 @@ - In the 'off' state, all traffic is allowed. - - In the 'on' state, only traffic for the core services provided + - In the 'on' state, only traffic for the core services + provided by Balena is allowed. footer: Change-type: patch @@ -26711,7 +28571,8 @@ When reporting device information, send the MAC address of any - interfaces on the system. Also expose in the Supervisor API at + interfaces on the system. Also expose in the Supervisor + API at the route GET /v1/device. footer: @@ -27093,7 +28954,8 @@ Detects unique constrain errors by 409 statusCodes. - Because of this, the upsert() method is only + Because of this, the upsert() method is + only supported when Pinejs ^10.19.0 is used. footer: @@ -27367,14 +29229,18 @@ In the absence of an upstream implementation of the DeviceRequest API introduced - as part of Docker API v1.40 we roll our own using a feature label. + as part of Docker API v1.40 we roll our own using a + feature label. - As per my comment in the code, we fall back to the default behavior of + As per my comment in the code, we fall back to the + default behavior of - docker cli's `--gpu` and request single device with the `gpu` capabilty. + docker cli's `--gpu` and request single device with the + `gpu` capabilty. - The only implementation at the moment is the NVIDIA driver; here: + The only implementation at the moment is the NVIDIA + driver; here: https://github.com/balena-os/balena-engine/blob/master/daemon/nvidia_linux.go @@ -27401,7 +29267,8 @@ This is part of the work to make the application-manager module much - less monolithic, in preperation for system apps and more generally + less monolithic, in preperation for system apps and more + generally multi-app. footer: @@ -27606,7 +29473,8 @@ We were treating the database class as a singleton, but still having to pass - around the db instance. Now we can simply require the db module and have + around the db instance. Now we can simply require the db + module and have access to the database handle. footer: @@ -27689,7 +29557,8 @@ Before=swap.target - Causes randomly appearing ordering cycles that leave the system in not + Causes randomly appearing ordering cycles that leave the system + in not functioning states. footer: @@ -27733,7 +29602,8 @@ Also, move configuration that will not be present in newer kernels to - RESIN_CONFIGS_DEP so the kernel check task does not complain when not + RESIN_CONFIGS_DEP so the kernel check task does not complain + when not present. footer: @@ -27784,24 +29654,32 @@ whichever smallest. - Upstream Yocto has a zram implementation that's broken in warrior, and a + Upstream Yocto has a zram implementation that's broken in + warrior, and a - new implementation introduced in Zeus that does not work in BalenaOS as + new implementation introduced in Zeus that does not work in + BalenaOS as - we run two udevs, one in the initramfs and one in the main OS. The + we run two udevs, one in the initramfs and one in the main OS. + The - mkswap needs to happen in the initramfs udev otherwise the udev database + mkswap needs to happen in the initramfs udev otherwise the udev + database - is not updated with the swap device and the zram0 device is not detected + is not updated with the swap device and the zram0 device is not + detected by systemd. - This implementation is simpler than the one upstream and common to all + This implementation is simpler than the one upstream and common + to all - the supported Yocto versions. It uses a udev rule in the initramfs that + the supported Yocto versions. It uses a udev rule in the + initramfs that - creates the swap drive, and a swap unit in the main OS that enables it. + creates the swap drive, and a swap unit in the main OS that + enables it. footer: Change-type: patch change-type: patch @@ -27832,21 +29710,25 @@ pool URL the 'burst' command may fail. This occurs when the pool - URL resolves to a different IP addresses for the 'add server' and + URL resolves to a different IP addresses for the 'add server' + and 'burst' commands. - To avoid this issue we can combine the burst functionality into the + To avoid this issue we can combine the burst functionality into + the 'add server' command by using the 'iburst' option. Although this - option is not documented by the chronyc man page it has been present + option is not documented by the chronyc man page it has been + present since v1.25 released in 2011. - This fix has been tested via the balenaOS (2.51.1+rev1) command line + This fix has been tested via the balenaOS (2.51.1+rev1) command + line running on a RPi3. footer: @@ -27908,10 +29790,14 @@ the `maxsources` directive is simply to maintain the current behavior of - resolving four servers for synchronization. as noted in chrony's docs: + resolving four servers for synchronization. as noted in chrony's + docs: - > When a pool source is unreachable, marked as a falseticker, or has a distance larger than the limit set by the maxdistance directive, chronyd will try to replace the source with a newly resolved address from the pool. + > When a pool source is unreachable, marked as a falseticker, or + has a distance larger than the limit set by the maxdistance + directive, chronyd will try to replace the source with a newly + resolved address from the pool. footer: Connects-to: "#1852" connects-to: "#1852" @@ -27942,11 +29828,14 @@ body: > The change this commit reverts allowed to update with a locally - available image - but it also has the side effect of restarting the + available image - but it also has the side effect of restarting + the - supervisor even if no update is required and that has unintentional + supervisor even if no update is required and that has + unintentional - consequences as https://github.com/balena-io/balena-supervisor/issues/1358 + consequences as + https://github.com/balena-io/balena-supervisor/issues/1358 This commit reverts 646e4ae809375f4abf35c55cd580e2c62a8812e2 @@ -27981,7 +29870,8 @@ The dependency is introduced by the upstream.sh and downstream.sh scripts. - Bash is also a dependency not only for internal packages but for external + Bash is also a dependency not only for internal packages but for + external scripts too. footer: @@ -28039,7 +29929,8 @@ Devices with closed source bootloaders that cannot be made to pass the UUID - of the booting device (like smartphones, Jetson NX and Xabier), need to + of the booting device (like smartphones, Jetson NX and Xabier), + need to fallback to passing a label in the kernel command line. @@ -28061,9 +29952,11 @@ Devices with custom HUPs, like Jetson devices that run BSP partition update - scripts, do not have state symlinks when updating from legacy pre state + scripts, do not have state symlinks when updating from legacy + pre state - symlinks OS versions, so they need to fallback to legacy label/partname + symlinks OS versions, so they need to fallback to legacy + label/partname resolution. footer: @@ -28112,7 +30005,8 @@ All logging is handled by journald so remove the default dependency on - busybox-syslog. It is still available to be explicitely included in + busybox-syslog. It is still available to be explicitely included + in images that might need it like initramfs images. footer: @@ -28288,10 +30182,12 @@ From v2.49, the hostapp-update utility creates the /run directory in the - root filesystem, however when huping from previous versions /run is not there. + root filesystem, however when huping from previous versions /run + is not there. - This commit switches to use /tmp to store the new UUID for the root partition on + This commit switches to use /tmp to store the new UUID for the + root partition on first boot after generating new UUIDs. footer: @@ -28321,9 +30217,11 @@ e.g. os-config, healthdog, bindmount, some others maybe - At the moment, we haven't syncronized on one rust version and device + At the moment, we haven't syncronized on one rust version and + device - integration layers can pick any meta-rust version. Which probably uses + integration layers can pick any meta-rust version. Which + probably uses the latest rust version in the layer. @@ -28377,9 +30275,11 @@ This file allows other components to uniquely parse the information that - is contained in the changelog. It will be automatically managed by + is contained in the changelog. It will be automatically + managed by - versionist by appending the new commits on top. This is needed to + versionist by appending the new commits on top. This is + needed to provide nested-changelogs. footer: @@ -28591,12 +30491,15 @@ This allows a response to an input with dport=`supevisor api port` and - is required when the host OS is doing stateful firewalling. + is required when the host OS is doing stateful + firewalling. - This should not affect things when stateful firewalling is not in + This should not affect things when stateful firewalling + is not in - effect, as the standard OUTPUT chain policy is ACCEPT, so we're just + effect, as the standard OUTPUT chain policy is ACCEPT, + so we're just being explicit about it. footer: @@ -28964,7 +30867,8 @@ sync-debug.js. - We add a command `npm run sync`, which starts a livepush process + We add a command `npm run sync`, which starts a livepush + process with the supervisor on a device. footer: @@ -28979,12 +30883,15 @@ We also remove the Makefile to go to a simpler build system, as long with - the retry_docker_push.sh file. We remove the rest of the automation tools + the retry_docker_push.sh file. We remove the rest of the + automation tools - as they're no longer used and update the circle.yml file. + as they're no longer used and update the circle.yml + file. - We also remove debug builds, as these aren't needed moving forward, and were + We also remove debug builds, as these aren't needed + moving forward, and were only to enable livepush builds. footer: @@ -29130,7 +31037,8 @@ ``` - could not initialize thread_rng: All entropy sources failed (permanently unavailable); + could not initialize thread_rng: All entropy sources + failed (permanently unavailable); cause: getrandom not ready (not ready yet); @@ -29138,7 +31046,8 @@ ``` - This change makes sure we are cycling until a random sequence is populated successfully. + This change makes sure we are cycling until a random + sequence is populated successfully. - hash: 14a19bf24e258c01a294bd7adfa808fddee59096 author: Zubair Lutfullah Kakakhel footers: @@ -29249,14 +31158,17 @@ When a partition filesystem label is detected, udev checks whether the - device belongs to the same disk as the root partitition passed in the + device belongs to the same disk as the root partitition passed + in the - kernel command line by the bootloader. Only if it does, it creates a by-state + kernel command line by the bootloader. Only if it does, it + creates a by-state link to it. - By using this by-state links we avoid filesystem label clashes as the + By using this by-state links we avoid filesystem label clashes + as the system will always use partitions in the same drive as root (as @@ -29294,7 +31206,8 @@ When running fsck, the tool will complain when needed gconv modules are - missing. Include them in the initramfs where we fsck the boot partition. + missing. Include them in the initramfs where we fsck the boot + partition. footer: Change-type: patch change-type: patch @@ -29309,9 +31222,11 @@ balenaOS uses FAT as a fs type for the boot/first partition. This is - currently hardcoded so let's have the related kernel configs built in + currently hardcoded so let's have the related kernel configs + built in - the kernel image. In this way we don't have to handle kernel modules in + the kernel image. In this way we don't have to handle kernel + modules in the initramfs (when needed). footer: @@ -29537,9 +31452,11 @@ Bumps [acorn](https://github.com/acornjs/acorn) from 5.7.3 to 5.7.4. - - [Release notes](https://github.com/acornjs/acorn/releases) + - [Release + notes](https://github.com/acornjs/acorn/releases) - - [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) + - + [Commits](https://github.com/acornjs/acorn/compare/5.7.3...5.7.4) footer: Change-type: patch change-type: patch @@ -29565,7 +31482,8 @@ We add an implicit .0 to the end of l4t versions which do not fulfill - semver, which allows us to always match using comparison operators, such + semver, which allows us to always match using comparison + operators, such as < and <=. footer: @@ -29652,7 +31570,8 @@ We also package separately the firmware for Intel Wireless-AC 9260 - cards and also package separetely the wifi and bluetooth firmware for + cards and also package separetely the wifi and bluetooth + firmware for Intel Wireless-AX MAC which is found in the Intel NUC10I7FNH. footer: @@ -29672,7 +31591,8 @@ body: > This package adds to rootfs the regulatory database into - /lib/firmware/regulatory.db which can be loaded by kernel versions + /lib/firmware/regulatory.db which can be loaded by kernel + versions >= v4.15 for Poky Thud and Warrior based boards. footer: @@ -29694,7 +31614,8 @@ We need to allow user containers to do some clean-up if they wish to on - reboot / shutdown through systemctl so let's add KillMode set to process + reboot / shutdown through systemctl so let's add KillMode set to + process so that systemd won't directly kill the user containers first. @@ -29751,9 +31672,11 @@ Lets pass it here to keep it correct. - Should not have any actual affect. NM plugin was built with reference + Should not have any actual affect. NM plugin was built with + reference - to the 2.4.7 headers. Just the directoy path would say 2.4.5 misleading + to the 2.4.7 headers. Just the directoy path would say 2.4.5 + misleading some debug effort footer: @@ -29770,7 +31693,8 @@ This is an old version of openvpn. Devices still on pyro should be using - the openvpn version from meta-balena-common and not this one. Removing + the openvpn version from meta-balena-common and not this one. + Removing this to prevent any accidents even and some cleanup. footer: @@ -29913,12 +31837,14 @@ e.g. Jetson family have tegra-firmware-xusb etc. - IMAGE_ROOTFS_MAXSIZE triggers an error if the rootfs goes beyond this + IMAGE_ROOTFS_MAXSIZE triggers an error if the rootfs goes beyond + this limit. This does not force the rootfs to an empty fixed size. - We can comfortably increase the max size to 32MB to reduce unnecessary + We can comfortably increase the max size to 32MB to reduce + unnecessary patches in the device integration layers. @@ -29985,16 +31911,20 @@ The DNS clients (applications) resolver libraries use the timeout value in - /etc/resolv.conf to set the time between DNS attempts. The default is 5 + /etc/resolv.conf to set the time between DNS attempts. The + default is 5 - secs which for slow networks like cellular mean lots of DNS requests on + secs which for slow networks like cellular mean lots of DNS + requests on a bandwidth sensitive channel. - This change modifies the default to 15 secs. This timeout only applies + This change modifies the default to 15 secs. This timeout only + applies - when DNS servers are unresponsive so it will not affect the normal + when DNS servers are unresponsive so it will not affect the + normal functionality. @@ -30100,7 +32030,8 @@ We do not want by default that any OS variants allow for stopping the - autoboot in any way and letting users enter the u-boot shell. This can + autoboot in any way and letting users enter the u-boot shell. + This can be overwritten by setting OS_DEV_UBOOT_DELAY to 1. footer: @@ -30120,19 +32051,23 @@ hours. - BalenaOS uses chronyd for time synchronization, and it allows to specify + BalenaOS uses chronyd for time synchronization, and it allows to + specify - a minpoll and maxpoll values per server with a power of two number of + a minpoll and maxpoll values per server with a power of two + number of seconds for the minimum and maximum polling time respectively. - With those constraints, the change set both limits to 2^14s (4.55h) for + With those constraints, the change set both limits to 2^14s + (4.55h) for all servers. - An architectural decision has been made not to make this configurable. + An architectural decision has been made not to make this + configurable. Fixes #1780. @@ -30150,7 +32085,8 @@ body: > We do not want that production OS variants allow for stopping - the autoboot in any way and letting users enter the u-boot shell. + the autoboot in any way and letting users enter the u-boot + shell. footer: Change-type: patch change-type: patch @@ -30238,10 +32174,12 @@ Reports indicate that NetworkManager can leave stale temporary files on - the state partition that over time can affect the device's operability. + the state partition that over time can affect the device's + operability. - This commit removes the timestamps.XXXXXX and seen-bssids.XXXXXX files on + This commit removes the timestamps.XXXXXX and seen-bssids.XXXXXX + files on startup to avoid this situation. @@ -30270,9 +32208,11 @@ body: > Fetched from: - * https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn_2.4.7.bb?id=c1c8895609ae70a1b735e8625c19046c25184ee4 + * + https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn_2.4.7.bb?id=c1c8895609ae70a1b735e8625c19046c25184ee4 - * https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn/openvpn?id=910891d722085c56c474ac72788898b94c5ed193 + * + https://git.openembedded.org/meta-openembedded/commit/meta-networking/recipes-support/openvpn/openvpn/openvpn?id=910891d722085c56c474ac72788898b94c5ed193 footer: Connects-to: "#1740" connects-to: "#1740" @@ -30305,21 +32245,27 @@ which includes DATETIME - DATETIME changes between runs so we can sometimes get into a state + DATETIME changes between runs so we can sometimes get into a + state where the do_populate_lic_deploy task has its stamp file set. - But when our subsequent deploy_image_license_manifest task runs, the + But when our subsequent deploy_image_license_manifest task runs, + the - DATETIME is different. Hence we get into a state where we have to + DATETIME is different. Hence we get into a state where we have + to - run cleanall on the resin-image-flasher recipe to clean up directories. + run cleanall on the resin-image-flasher recipe to clean up + directories. - Lets mark do_populate_lic_deploy with nostamp. This should make it + Lets mark do_populate_lic_deploy with nostamp. This should make + it - run every time we need to run deploy_image_license_manifest with the + run every time we need to run deploy_image_license_manifest with + the most up to date DATETIME variable to prevent any hiccups footer: @@ -30336,12 +32282,14 @@ Need to make the script go in the background in ExecStartPost=. - Otherwise, the service status never gets to active/running resulting + Otherwise, the service status never gets to active/running + resulting it in remaining stuck in an endless loop. - If the health-check load fails for whatever reason, the subsequent + If the health-check load fails for whatever reason, the + subsequent engine healthcheck will fail retriggering the healthcheck load. footer: @@ -30469,7 +32417,8 @@ b0e0c77a26f3fad51e2923ab416fdd2af2a5a033 - Lets use META_BALENA_VERSION if available for our os version checks. + Lets use META_BALENA_VERSION if available for our os version + checks. footer: Change-type: patch change-type: patch @@ -30570,18 +32519,21 @@ Customers usually don't need this delay during u-boot. Also in some - cases, hardware attached on the uart pins might pause uboot preventing + cases, hardware attached on the uart pins might pause uboot + preventing customers from using dev images easily. - But we do need this delay during our development work on bsps etc. + But we do need this delay during our development work on bsps + etc. Lets make this autoboot delay build time configurable - Also make the BOOTDELAY -2 which is better than 0 as that completely + Also make the BOOTDELAY -2 which is better than 0 as that + completely prevents any char on serial from interrupting boot. footer: @@ -30614,7 +32566,8 @@ The supervisor needs to know its container ID on the context of different - engine objects cleanup tasks, so it can understand what objects are + engine objects cleanup tasks, so it can understand what objects + are related to itself. @@ -30639,7 +32592,8 @@ body: > Necessary to avoid error: - "No rule to make target 'arch/arm64/kernel/vdso/vdso.lds', needed + "No rule to make target 'arch/arm64/kernel/vdso/vdso.lds', + needed by 'arch/arm64/kernel/vdso/vdso.so.dbg'" @@ -30820,7 +32774,8 @@ cmdline - A better way would be to check the presence of a valid symlink for fd0, + A better way would be to check the presence of a valid symlink + for fd0, fd1 and fd2. And assign them to /dev/null if unavailable. footer: @@ -30863,7 +32818,8 @@ git revision although the kernel's abiversion includes it and - as such the external modules built using this utsrelease.h header + as such the external modules built using this utsrelease.h + header will fail to load because of this mismatch). footer: @@ -30885,7 +32841,8 @@ one cgroup manager in our OS. - Otherwise, systemd will have its own cgroup manager and cgroupfs will + Otherwise, systemd will have its own cgroup manager and cgroupfs + will be another cgroup manager via balenaEngine daemon. @@ -30922,9 +32879,17 @@ body: > Otherwise systemd complains: - localhost systemd-tmpfiles[525]: [/etc/tmpfiles.d/balena-tmpfiles.conf:1] Line references path below legacy directory /var/run/, updating /var/run/docker.pid → /run/docker.pid; please update the tmpfiles.d/ drop-in file accordingly. + localhost systemd-tmpfiles[525]: + [/etc/tmpfiles.d/balena-tmpfiles.conf:1] Line references path + below legacy directory /var/run/, updating /var/run/docker.pid → + /run/docker.pid; please update the tmpfiles.d/ drop-in file + accordingly. - localhost systemd-tmpfiles[525]: [/etc/tmpfiles.d/balena-tmpfiles.conf:2] Line references path below legacy directory /var/run/, updating /var/run/balena.pid → /run/balena.pid; please update the tmpfiles.d/ drop-in file accordingly. + localhost systemd-tmpfiles[525]: + [/etc/tmpfiles.d/balena-tmpfiles.conf:2] Line references path + below legacy directory /var/run/, updating /var/run/balena.pid → + /run/balena.pid; please update the tmpfiles.d/ drop-in file + accordingly. footer: Change-type: patch change-type: patch @@ -30942,14 +32907,16 @@ PR #1441 changed mnt-sysroot-inactive to an automount. But there is no - way to easily add a udev dependency to the automount. As a result, + way to easily add a udev dependency to the automount. As a + result, when rollbacks tries to access the inactive partition, it fails. Let's add systemd-udev-settle.service to the rollback services. - This will only delay the first boot after a HUP which is reasonable. + This will only delay the first boot after a HUP which is + reasonable. footer: Change-type: patch change-type: patch @@ -30978,14 +32945,17 @@ When `console=null` is passed in the kernel cmdline for production - images, the system doesn't boot. Traced to initramfs not starting any + images, the system doesn't boot. Traced to initramfs not + starting any process such as udev with the right file descripters for 0,1,2 - Add workaround for that issue. This got exposed with a systemd bump. + Add workaround for that issue. This got exposed with a systemd + bump. - More details here https://github.com/systemd/systemd/issues/13332 + More details here + https://github.com/systemd/systemd/issues/13332 footer: Change-type: patch change-type: patch @@ -31012,9 +32982,11 @@ Our root filesystem is overlayfs or aufs. When latter, the system - crashes when reading a lower directory file. We avoid this by always + crashes when reading a lower directory file. We avoid this by + always - falling back to copy and mount (as if overlayfs is not available). + falling back to copy and mount (as if overlayfs is not + available). Fixes #1618 @@ -31047,9 +33019,11 @@ We have found a rare corner case bug where the journal bloats beyond - its limit and fills the state partition. Triggering a vacuum on reboot + its limit and fills the state partition. Triggering a vacuum on + reboot - helps a bit in case the device is restarted to recover its function. + helps a bit in case the device is restarted to recover its + function. Fixes #1423 @@ -31090,14 +33064,17 @@ After a HUP, until rollbacks clears its state, the supervisor(or user) - can trigger good reboots. These reboots might be seen by the bootloader + can trigger good reboots. These reboots might be seen by the + bootloader as bad reboots. - To prevent this from happening, add a service that clears the bootcount + To prevent this from happening, add a service that clears the + bootcount - upon good reboots. This only runs if the rollback services have not + upon good reboots. This only runs if the rollback services have + not cleared their flag files in the state partition. footer: @@ -31117,7 +33094,8 @@ We'd like to split dev and prod uboot config fragments. Dev images can - have a 2 second u-boot delay to facilitate debugging. While prod images + have a 2 second u-boot delay to facilitate debugging. While prod + images shouldn't really pause at this stage of the boot. footer: @@ -31138,12 +33116,14 @@ meta-balena - The support is mainline since warrior. Lets copy it in meta-balena + The support is mainline since warrior. Lets copy it in + meta-balena to get it in the previous layers as well. - We need CMD_SETEXPR to be enabled for rollbacks to work. So enable it + We need CMD_SETEXPR to be enabled for rollbacks to work. So + enable it via the config fragment footer: @@ -31173,9 +33153,11 @@ This will allow us to scale to lots of devices. - A flag os_bootcount_skip is left for devices that are unable to support + A flag os_bootcount_skip is left for devices that are unable to + support - fatwrite in u-boot (in some rare cases). This will allow a device to + fatwrite in u-boot (in some rare cases). This will allow a + device to not support rollback-altboot and still function. @@ -31199,23 +33181,28 @@ body: > We'd like to enable some options in all boards header files via - meta-balena. This patch adds a task to include config_resin.h into + meta-balena. This patch adds a task to include config_resin.h + into config_default.h (which is included in all board header files). - We can then add a config option via meta-balena that will be enabled for + We can then add a config option via meta-balena that will be + enabled for all devices. - This patch enables CONFIG_RESET_TO_RETRY. If for whatever strange reason + This patch enables CONFIG_RESET_TO_RETRY. If for whatever + strange reason - (accidental fs issue in u-boot etc), this will trigger a u-boot reset + (accidental fs issue in u-boot etc), this will trigger a u-boot + reset command the device in 15 seconds. - Note This requires that the device's u-boot supports the reset command + Note This requires that the device's u-boot supports the reset + command which it probably should. footer: @@ -31234,7 +33221,8 @@ Fixes #1597 - The warning doesn't apply for our use case and confuses customers + The warning doesn't apply for our use case and confuses + customers footer: Change-type: patch change-type: patch @@ -31272,14 +33260,17 @@ body: > We load the hello-world image after starting the balena daemon. - ExecStartPost should run after the daemon is initialized but chaining a + ExecStartPost should run after the daemon is initialized but + chaining a 15 second sleep for good measure. - We load the hello-world image here so that devices out in the field and + We load the hello-world image here so that devices out in the + field and - on prem devices don't need to pull from dockerhub which would require + on prem devices don't need to pull from dockerhub which would + require external internet connectivity. footer: @@ -31323,21 +33314,27 @@ Occasionally balena ps and balena info work but the balena daemon is - unable to start a new container. This is usually when something in runc + unable to start a new container. This is usually when something + in runc or containerd is not functioning correctly. - Add a healthcheck to spin up a simple hello-world container as well. + Add a healthcheck to spin up a simple hello-world container as + well. - The trade-off here is that there will be a few extra writes to disk + The trade-off here is that there will be a few extra writes to + disk - every healthcheck timeout. But there will be a benefit that if runc + every healthcheck timeout. But there will be a benefit that if + runc - or containerd is in a bad state, the healthcheck will fail and systemd + or containerd is in a bad state, the healthcheck will fail and + systemd - will restart the balena daemon to recover the application container + will restart the balena daemon to recover the application + container Fixes #1391 @@ -31401,9 +33398,11 @@ The data partition contains the supervisor which is only about 61M on - the pi3. We compress the data partition later on so don't notice these + the pi3. We compress the data partition later on so don't notice + these - zeros. But lets reduce the size of the data partition to eat less + zeros. But lets reduce the size of the data partition to eat + less space whenever an uncompressed image is used anywhere. e.g. when @@ -31577,7 +33576,8 @@ This version fixes the use of wrong fixdep binary (the bug makes it use - target fixdep binary instead of cross fixdep binary) used for compiling + target fixdep binary instead of cross fixdep binary) used for + compiling the target objtool binary on kernel version 5.0.3. footer: @@ -31612,17 +33612,22 @@ Fixes #1564 - This bbclass uses the common layer path advertised by BBLAYERS to find + This bbclass uses the common layer path advertised by BBLAYERS + to find - the paths to different resources in board repository. For example + the paths to different resources in board repository. For + example - machine json - to get the slug and advertise it in os-release. After + machine json - to get the slug and advertise it in os-release. + After - renaming the common layer (resin to balena) and because we support old + renaming the common layer (resin to balena) and because we + support old references to the old common layer name (by including a dummy - deprecation layer), we need to make sure this class can cope now with + deprecation layer), we need to make sure this class can cope now + with both cases. footer: @@ -31644,7 +33649,8 @@ workaround for thud. - [1] http://lists.openembedded.org/pipermail/openembedded-core/2019-February/278695.html + [1] + http://lists.openembedded.org/pipermail/openembedded-core/2019-February/278695.html footer: Change-type: patch change-type: patch @@ -31662,7 +33668,8 @@ Poky, following os-release(5), sanitizes VERSION_ID accordingly but in - doing so it produces a nonisemver compliant version. For example: + doing so it produces a nonisemver compliant version. For + example: VERSION="2.37.0+rev1" VERSION_ID="2.37.0-rev1" @@ -31685,7 +33692,8 @@ Since #1550, os-release doesn't reference meta-balena distro version anymore. Restore - that by providing this information in a new variable called META_BALENA_VERSION. + that by providing this information in a new variable called + META_BALENA_VERSION. Fixes #1558 @@ -31702,7 +33710,8 @@ Currently once config_resin.h is generated, a change in these variables - doesn't regenerate the file. Add vardeps so that bitbake can regenerate + doesn't regenerate the file. Add vardeps so that bitbake can + regenerate config_resin.h in case these variables are changed. @@ -31727,15 +33736,20 @@ included by default from the version in Yocto warrior. - In summary, with this change we fix newer NM which stopped handling + In summary, with this change we fix newer NM which stopped + handling - rp_filter when connected to multiple interfaces. See "device: disable + rp_filter when connected to multiple interfaces. See "device: + disable - rp_filter handling" commit from NM. Without this change, only the + rp_filter handling" commit from NM. Without this change, only + the - default route will me usable and binding to a specific interface will + default route will me usable and binding to a specific interface + will - break connectivity if that interface is not also the default route for + break connectivity if that interface is not also the default + route for the target IP. @@ -31755,11 +33769,14 @@ Currently, bluez's storage data is set to /var/lib/bluetooth which - in turn is a tmpfs location. We want this location persistent so we can + in turn is a tmpfs location. We want this location persistent so + we can - save paired devices over reboot. We do that by adding the corresponding + save paired devices over reboot. We do that by adding the + corresponding - bind mount to the state partition and setting bluez to depend on this + bind mount to the state partition and setting bluez to depend on + this mount unit. @@ -31805,9 +33822,11 @@ VERSION and VERSION_ID had a slightly different semantics in balenaOS. - VERSION was referring to the BalenaOS (host OS) version (which is coming from + VERSION was referring to the BalenaOS (host OS) version (which + is coming from - device repositories) while VERSION_ID was set to the DISTRO_VERSION. + device repositories) while VERSION_ID was set to the + DISTRO_VERSION. This brings confusion so we change it to adhere to @@ -31927,7 +33946,8 @@ os-config has a dependency on reqwest which broke mdns on 9.6. The new - os-config updated this version to one that restored this functionality. + os-config updated this version to one that restored this + functionality. Partially fixes: #1531 @@ -31943,11 +33963,14 @@ Since 1.29, busybox switched to an internal implementation of the - resolver based on a feature config, NSLOOKUP_BIG. This is enabled by + resolver based on a feature config, NSLOOKUP_BIG. This is + enabled by - default and it's meant to be musl compatible. In BalenaOS we use glibc + default and it's meant to be musl compatible. In BalenaOS we use + glibc - and we rely on it for being able to resolve names using NSS modules + and we rely on it for being able to resolve names using NSS + modules (libmdns). footer: @@ -31987,14 +34010,17 @@ Leaving iwlwifi-8000C-34.ucode in place. Leaving iwlwifi-8000C-36.ucode in place. - Also, this commit improves the version comparison which was comparing + Also, this commit improves the version comparison which was + comparing - strings and not integers. Now we try integer comparison and fallback to + strings and not integers. Now we try integer comparison and + fallback to string when parse fails. - Finally, the task's vardeps expands varflags to correctly retrigger on + Finally, the task's vardeps expands varflags to correctly + retrigger on change. @@ -32082,11 +34108,14 @@ This adds set_os_cmdline which defines os_cmdline so that BSPs can - import it in their bootargs and pass it to kernel accordingly. Also, as + import it in their bootargs and pass it to kernel accordingly. + Also, as - part of os_cmdline, there is an argument added when the booted image is + part of os_cmdline, there is an argument added when the booted + image is - a flasher. This can be used in the OS for various flasher specific + a flasher. This can be used in the OS for various flasher + specific checks. footer: @@ -32126,9 +34155,11 @@ The inactive partition is only needed for HUP or rollbacks. This commit - changes the mnt-sysroot-inactive.service unit to an automount so that + changes the mnt-sysroot-inactive.service unit to an automount so + that - the partition is only mounted when used. This improves boot time. + the partition is only mounted when used. This improves boot + time. footer: Change-type: minor change-type: minor @@ -32144,16 +34175,20 @@ body: > Since yocto thud, and more specifically since poky switched to - openssl 1.1 line, the openssl binary is provided by 'openssl-bin'. On + openssl 1.1 line, the openssl binary is provided by + 'openssl-bin'. On - that version, 'openssl' doesn't provide this binary making the uuid + that version, 'openssl' doesn't provide this binary making the + uuid generation script fail. - This patch makes 'openssl-bin' the default dependency but does that in a + This patch makes 'openssl-bin' the default dependency but does + that in a - way that older yocto versions can overwrite it back to the old provider + way that older yocto versions can overwrite it back to the old + provider (openssl package). footer: @@ -32219,7 +34254,8 @@ 9a8f1f1b744248964d4d1b2eb2c8dd732a753980 switched to a config file - fragment but when doing so the section was missed. This patch fixes + fragment but when doing so the section was missed. This patch + fixes that. footer: @@ -32263,11 +34299,14 @@ We run some operations in the initramfs. fsck, expand partitions etc. - Any error messages or warnings printed here are invisible in production + Any error messages or warnings printed here are invisible in + production - images. This line from debian initramfs-tools configures the initramfs + images. This line from debian initramfs-tools configures the + initramfs - shell to log all output in /dev/kmsg so the dmesg shows the output of + shell to log all output in /dev/kmsg so the dmesg shows the + output of initramfs commands as well. @@ -32338,9 +34377,11 @@ When we set the udev rule we use IMPORT{program} to know what symlinks - to create in the sysroot directory. The problem is that we don't use + to create in the sysroot directory. The problem is that we don't + use - absolute paths and from the documentation udev uses /usr/lib/udev as the + absolute paths and from the documentation udev uses + /usr/lib/udev as the default path while we install the invoked script in /lib/udev. @@ -32354,7 +34395,8 @@ This PR changes the udev rule to use an absolute path for the - resin_update_state_probe script. Also it fixes some typos in the script + resin_update_state_probe script. Also it fixes some typos in the + script itself. footer: @@ -32390,27 +34432,36 @@ Since thud, poky distro file on which balena OS is based, already - includes security_flags.inc. Because of this change, this version throws + includes security_flags.inc. Because of this change, this + version throws a build warning similar to: - WARNING Duplicate inclusion for /build/../layers/poky/meta/conf/distro/include/security_flags.inc + WARNING Duplicate inclusion for + /build/../layers/poky/meta/conf/distro/include/security_flags.inc - in /build/../layers/meta-resin/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc + in + /build/../layers/meta-resin/meta-balena-thud/conf/distro/include/balena-os-yocto-version.inc - This happens because again, we import `poky` and `security_flags` but + This happens because again, we import `poky` and + `security_flags` but - since thud, poky includes security_flags by default. In order to avoid + since thud, poky includes security_flags by default. In order to + avoid - this warning we import it (security_flags) now using an .inc file at the + this warning we import it (security_flags) now using an .inc + file at the - level of the yocto version meta-balena layer. There is as well a small + level of the yocto version meta-balena layer. There is as well a + small - additional wrinkle here. We switch the include statement from `require` + additional wrinkle here. We switch the include statement from + `require` - to `include` so new layers (like thud) don't have to carry this hack in + to `include` so new layers (like thud) don't have to carry this + hack in the future. @@ -32430,9 +34481,11 @@ We used to have this patch applied for all the supported yocto versions. - Since thud, this patch is included by default so this change backports + Since thud, this patch is included by default so this change + backports - it on all the rest of the supported mate-balena yocto version specific + it on all the rest of the supported mate-balena yocto version + specific layers. footer: @@ -32482,7 +34535,8 @@ The reason for including this version is that balena-engine requires - newer go compiler and also we want to unify it across our supported + newer go compiler and also we want to unify it across our + supported yocto versions to avoid eventual possible runtime issues. footer: @@ -32521,11 +34575,14 @@ devtool moves the files from the WORKDIR into ${S}/oe-local-files which makes - copying of env_resin.h fail if the u-boot source is being modified using + copying of env_resin.h fail if the u-boot source is being + modified using - devtool. Since devtool also alters FILESPATH to include said oe-local-files + devtool. Since devtool also alters FILESPATH to include said + oe-local-files - directory, we can iterate over those paths instead of relying on WORKDIR. + directory, we can iterate over those paths instead of relying on + WORKDIR. footer: Change-type: patch change-type: patch @@ -32538,10 +34595,12 @@ By checking for a pid you are prevented from building Balena inside - of a privileged container with a bind mount on /var/run/docker.sock + of a privileged container with a bind mount on + /var/run/docker.sock - The "Test docker execute permission" stanza is adequate for testing + The "Test docker execute permission" stanza is adequate for + testing if docker is operational. footer: @@ -32595,16 +34654,20 @@ images have various options passed to the kernel cmdline. - Currently some devices BSPs have those options passed and some dont. + Currently some devices BSPs have those options passed and some + dont. It'll be hard to keep the common options consistent. - e.g. consoleblank=0 is passed for some devices and not for others. + e.g. consoleblank=0 is passed for some devices and not for + others. - We'd like the extra options we pass to be in one place. All BSPs can + We'd like the extra options we pass to be in one place. All BSPs + can - then append this variable in their respective recipe/bootloader config + then append this variable in their respective recipe/bootloader + config etc. @@ -32734,9 +34797,11 @@ last filesystem mount timestamp. - As we run on devices without an rtc, and we run the filesystem-expand + As we run on devices without an rtc, and we run the + filesystem-expand - service which runs fsck before ntp sync happens, this results in errors + service which runs fsck before ntp sync happens, this results in + errors like @@ -32746,14 +34811,17 @@ Fix? yes - This results in fsck running on the data partition on every boot which + This results in fsck running on the data partition on every boot + which slows down the boot time. - Add e2fsck.conf file with the broken_system_clock flag to prevent this + Add e2fsck.conf file with the broken_system_clock flag to + prevent this - check from running fsck on every boot. Quite a few distros do this as + check from running fsck on every boot. Quite a few distros do + this as well. @@ -32791,28 +34859,35 @@ Currently mmc and usb devices are checked at every boot for the presence - of flasher images. USB initialization is slow 1-3 seconds. This slows + of flasher images. USB initialization is slow 1-3 seconds. This + slows boot time significantly. - Most device types dont need to check for the presence of flasher images + Most device types dont need to check for the presence of flasher + images in usb devies. Modify u-boot to only check for mmc devices. - usb initialization happens in devices via the "usb start" command. This + usb initialization happens in devices via the "usb start" + command. This - is usually configured in CONFIG_PREBOOT for devices. Devices will need + is usually configured in CONFIG_PREBOOT for devices. Devices + will need - to remove "usb start" from CONFIG_PREBOOT to benefit from any boot time + to remove "usb start" from CONFIG_PREBOOT to benefit from any + boot time optimization. - We will need to run "usb start" ourselves via env_resin for any device + We will need to run "usb start" ourselves via env_resin for any + device - that happens to be searching for flasher images in usb device types. + that happens to be searching for flasher images in usb device + types. footer: Change-type: minor change-type: minor @@ -33011,7 +35086,8 @@ Currently, because we bind mount apps.json unconditionally, when this - file doesn't exist, balena engine will create a directory on the data + file doesn't exist, balena engine will create a directory on the + data filesystem. This breaks when we add an apps.json file after the @@ -33053,7 +35129,8 @@ Warning networkmanager_1.10.6.bb: Unable to get checksum for - networkmanager SRC_URI entry balena-client-id.patch: file could not + networkmanager SRC_URI entry balena-client-id.patch: file could + not be found footer: @@ -33112,13 +35189,17 @@ enforced as an extra precation as we run an openvpn client which - connects to the balena-cloud backend. This client creates, on the host, + connects to the balena-cloud backend. This client creates, on + the host, - the interface `resin-tun` currently (rename pending). We want to loosen + the interface `resin-tun` currently (rename pending). We want to + loosen - up this restriction to only unmanage this specific device - `resin-tun` + up this restriction to only unmanage this specific device - + `resin-tun` - - so that users can take advantage of NetworkManager managing other tun + - so that users can take advantage of NetworkManager managing + other tun devices. footer: @@ -33137,15 +35218,19 @@ Without this, we get a QA error - ERROR networkmanager-1.14.4-r0 do_package QA Issue networkmanager + ERROR networkmanager-1.14.4-r0 do_package QA Issue + networkmanager Files/directories were installed but not shipped in any package ... nm-pppd-plugin.so - Please set FILES such that these items are packaged. Alternatively + Please set FILES such that these items are packaged. + Alternatively - if they are unneeded, avoid installing them or delete them within do_install. + if they are unneeded, avoid installing them or delete them + within do_install. - networkmanager 1 installed and not shipped files. [installed-vs-shipped] + networkmanager 1 installed and not shipped files. + [installed-vs-shipped] footer: Change-type: patch change-type: patch @@ -33197,16 +35282,20 @@ For some reason, using xargs -I a produced spurious difficult to trace - errors. Rework test case using a loop. Do the arch check using Yoctos + errors. Rework test case using a loop. Do the arch check using + Yoctos - QA framework that runs on all packages. Otherwise, we'd have to manually + QA framework that runs on all packages. Otherwise, we'd have to + manually map various compatible arches e.g. aarch64 - arm8, 80386 - x86 - bberror does not exit the do_compile task. Add exit 1 to make sure that + bberror does not exit the do_compile task. Add exit 1 to make + sure that - if an error is found, the task is marked as failed. Otherwise the + if an error is found, the task is marked as failed. Otherwise + the error becomes a heisenbug as bitbake proceeds after do_compile. footer: @@ -33350,7 +35439,8 @@ body: > Test if the ELFs inside the kernel module header tarball are the - correct architecture and don't have the sysroot as the interpreter + correct architecture and don't have the sysroot as the + interpreter footer: Change-type: minor change-type: minor @@ -33363,18 +35453,22 @@ 63baa421 introduced a bug where the tools in the header tarballs were - compiled with the incorrect HOSTCC parameter. As a result the tools + compiled with the incorrect HOSTCC parameter. As a result the + tools - inside the tarball were compiled for x86-64 instead of the native + inside the tarball were compiled for x86-64 instead of the + native - device architecture. And they had the incorrect ld interpreter path + device architecture. And they had the incorrect ld interpreter + path as well. Update to v0.0.12 to fix that. - This release also adds objtool support needed by the intel nuc image. + This release also adds objtool support needed by the intel nuc + image. Fixes #1302 @@ -33404,7 +35498,8 @@ When the device hasn't joined a backend, there is no API key available - and the update supervisor tool currently just bails out. This blocks + and the update supervisor tool currently just bails out. This + blocks switching the supervisor version on an unmanaged device. footer: @@ -33450,7 +35545,8 @@ } - We include a set of tests for this tool which are ran at build time. + We include a set of tests for this tool which are ran at build + time. Fixes #1294 @@ -33468,7 +35564,8 @@ The path where the udev rules are currently installed (etc) will be - shadowned at runtime because the etc udev rules path is bindmounted for + shadowned at runtime because the etc udev rules path is + bindmounted for use with custom configuration from `config.json`. footer: @@ -33485,13 +35582,16 @@ The bbappend uses a local `resin-files` directory for additional file - entries but some of these files ended up in `files`. This works well if + entries but some of these files ended up in `files`. This works + well if the recipe used is the one in the same directory as the `files` - subdirectory will be used by default. The problem shows when the recipe + subdirectory will be used by default. The problem shows when the + recipe - is not in the same directoy as bitbake will not be able to find needed + is not in the same directoy as bitbake will not be able to find + needed bbappended files. footer: @@ -33524,7 +35624,8 @@ The error seen is that the balena-host service wasn't - able to start because of a mnt-sysroot-active.service dependency: + able to start because of a mnt-sysroot-active.service + dependency: resin-partition-mounter[440]: ERROR: Timeout while waiting @@ -33586,7 +35687,8 @@ http://git.yoctoproject.org/cgit.cgi/poky/commit/?id=59a08907eafffde664079b9a2068f47131dd3f5d - dbus-native node module requires this data to be available to allow + dbus-native node module requires this data to be available to + allow access to interfaces. @@ -33605,7 +35707,8 @@ body: > Fixes #1271 - When os.udevRules is completely removed from config.json, any previous + When os.udevRules is completely removed from config.json, any + previous rules are left there. Remove them. footer: @@ -33658,7 +35761,8 @@ There are other components setting up iptables rules - for example - balena. In order to avoid a lock race, run iptables commands with a 10 + balena. In order to avoid a lock race, run iptables commands + with a 10 seconds wait flag. footer: @@ -33830,7 +35934,8 @@ This is not needed as bitbake already expands KERNEL_CONFIG_COMMAND - See Poky commit 95909bc788bef1baabead94231dffb3b7f59fb00 for details + See Poky commit 95909bc788bef1baabead94231dffb3b7f59fb00 for + details footer: Change-type: minor change-type: minor @@ -33897,7 +36002,8 @@ As part of resin rename to balena, we rename the distro file including - the OS name which is part of the distro name. This ends up in the + the OS name which is part of the distro name. This ends up in + the dashboard as part of the OS version. footer: @@ -33941,7 +36047,8 @@ body: > These files are generated by the CI when running the automatic - versioning. Since this is not a node project both can be simply ignored. + versioning. Since this is not a node project both can be simply + ignored. footer: Change-type: patch change-type: patch @@ -34045,9 +36152,11 @@ The current implementation checks for the existance of the `flash-boot` - label. This breaks when after flashing the flashing device is left + label. This breaks when after flashing the flashing device is + left - plugged. Change this with a check based on the root kernel argument. + plugged. Change this with a check based on the root kernel + argument. Fixes #1210 @@ -34065,20 +36174,26 @@ This patch adds support for translating SSH public keys from config.json - to an authorize_keys file. We use `authorize_keys_local` file as the + to an authorize_keys file. We use `authorize_keys_local` file as + the - destination file of this translation so we can differentiate in between keys + destination file of this translation so we can differentiate in + between keys - brought locally from config.json and keys brought from the balena backend + brought locally from config.json and keys brought from the + balena backend - through os-config an avoid racing issues with this tool (os-config). The final + through os-config an avoid racing issues with this tool + (os-config). The final - `authorize_keys` file will be merged at every ssh connection in the dropbear + `authorize_keys` file will be merged at every ssh connection in + the dropbear service. - These SSH custom public keys in config.json are assumed to be provided + These SSH custom public keys in config.json are assumed to be + provided as an array in `.os.sshKeys`. Example: @@ -34146,12 +36261,15 @@ In some cases, the previous rootfs hooks are not functional (which can - be the case when the hooks don't exist in older versions of balenaOS). + be the case when the hooks don't exist in older versions of + balenaOS). - With this patch, rollbacks will be stopped and a reboot will happen + With this patch, rollbacks will be stopped and a reboot will + happen - preventing further attempts by rollback-health to keep retrying and + preventing further attempts by rollback-health to keep retrying + and rolling back footer: @@ -34179,7 +36297,8 @@ The /etc/udev/rules.d folder is now used by os-udevrules. We warn if - there are rules in /etc/udev/rules.d installed by recipes in other + there are rules in /etc/udev/rules.d installed by recipes in + other layers @@ -34216,7 +36335,8 @@ and /etc/udev/rules.d/99.rules - The first time rules are added/modified, these rules will be added and + The first time rules are added/modified, these rules will be + added and udevd will be asked to reload rules and re-trigger. footer: @@ -34233,7 +36353,8 @@ From the aufs-util package only the auplink binary is needed and that - dependency is from balena. So we package auplink in a separate package + dependency is from balena. So we package auplink in a separate + package and just install that package into the rootfs. footer: @@ -34277,7 +36398,8 @@ body: > 3.95 introduced a data/instruction cache inconsistency bug: - https://github.com/upx/upx/issues/225. As this only afects this version, + https://github.com/upx/upx/issues/225. As this only afects this + version, we downgrade it for the affected architecture. footer: @@ -34294,14 +36416,17 @@ This patch bumps the balena version in meta-resin. - The update in balena adds support to pass an argument to mobynit which + The update in balena adds support to pass an argument to mobynit + which allows mobynit to mount a rootfs from a custom path. - The command ./mobynit -sysroot /mnt/sysroot/inactive will mount the + The command ./mobynit -sysroot /mnt/sysroot/inactive will mount + the - rootfs partition from /mnt/sysroot/inactive and return the destination + rootfs partition from /mnt/sysroot/inactive and return the + destination path in stdout. footer: @@ -34320,28 +36445,37 @@ Before multicontainer support in resin, the user container was running - over the host's network stack which means that all the packets were + over the host's network stack which means that all the packets + were - treated as locally emitted ones. In this case, the communication was + treated as locally emitted ones. In this case, the communication + was redirected as per the OUTPUT iptable rule only. - In the "multicontainer world" the user containers run on top of bridge + In the "multicontainer world" the user containers run on top of + bridge - network which makes the host act as a socksifying router. In this case, + network which makes the host act as a socksifying router. In + this case, - the packets won't go through the OUTPUT chain and the redirection to + the packets won't go through the OUTPUT chain and the + redirection to redsocks needs to happen at PREROUTING chain. - This change adds a redirect rule at PREROUTING for TCP packets to + This change adds a redirect rule at PREROUTING for TCP packets + to - redsocks to redirect packets from the containers to redsocks too. + redsocks to redirect packets from the containers to redsocks + too. - As well, this adds support for redirecting DNS UDP packets to redsocks. + As well, this adds support for redirecting DNS UDP packets to + redsocks. - This is implemented as iptables rules which are only added if the + This is implemented as iptables rules which are only added if + the redsocks configuration has a `dnsu2t` section. footer: @@ -34374,14 +36508,17 @@ resin-altboot checks if the boot configuration is set to run - resinOS from rootA(B) but we are actually running rootB(A) due to + resinOS from rootA(B) but we are actually running rootB(A) due + to something. - If rollback-altboot triggers, it will run hooks to refresh boot files + If rollback-altboot triggers, it will run hooks to refresh boot + files - and reboot. There is no point starting balena in such a device state + and reboot. There is no point starting balena in such a device + state as that will only slow down the hooks from running. footer: @@ -34400,23 +36537,29 @@ automated OS rollback functionality. - The rollback-altboot.service checks if we are running in altboot mode + The rollback-altboot.service checks if we are running in altboot + mode - i.e. resinOS_uEnv.txt says we should boot resin_root_part=3. But we are + i.e. resinOS_uEnv.txt says we should boot resin_root_part=3. But + we are - actually running resinOS from resin_root_part=2. This can happen if + actually running resinOS from resin_root_part=2. This can happen + if - a reboot happened without clearing upgrade_available in resinOS_uEnv + a reboot happened without clearing upgrade_available in + resinOS_uEnv txt file. A kernel panic happened etc. - The rollback-altboot script runs hostapp-update hooks to change the + The rollback-altboot script runs hostapp-update hooks to change + the bootfiles. - The rollback-health.service runs rollback-health which checks if vpn is + The rollback-health.service runs rollback-health which checks if + vpn is online and balena is healthy after a hostapp-update. footer: @@ -34440,19 +36583,23 @@ variables. - To enable rollback in devices, devices have to do the following in + To enable rollback in devices, devices have to do the following + in their u-boot - Enable CONFIG_CMD_SETEXPR, CONFIG_BOOTCOUNT_LIMIT and depending on the + Enable CONFIG_CMD_SETEXPR, CONFIG_BOOTCOUNT_LIMIT and depending + on the - device, save the bootcount in some persistant location whether that + device, save the bootcount in some persistant location whether + that is an area in the SoC or an ext partition etc. - If you are using the CONFIG_BOOTCOUNT_EXT driver, use only the boot + If you are using the CONFIG_BOOTCOUNT_EXT driver, use only the + boot partition and use the filename "bootcount.env" @@ -34496,12 +36643,14 @@ body: > Devices that support automated os rollbacks will have two extra - variables upgrade_available and resin_root_part in their grub.cfg + variables upgrade_available and resin_root_part in their + grub.cfg files. - Check for the presense of those variables and update them if they + Check for the presense of those variables and update them if + they exist. @@ -34509,7 +36658,8 @@ Otherwise stick to the previous way of updating grub.cfg - For devices using grub 2.0, devices will have to mirror the pattern + For devices using grub 2.0, devices will have to mirror the + pattern that exists in u-boot. @@ -34536,9 +36686,11 @@ writes to sd card. - If upgrade_available=0, u-boot won't bother updating the bootcount + If upgrade_available=0, u-boot won't bother updating the + bootcount - variable. During HUP, we'll set upgrade_available=1 so that u-boot + variable. During HUP, we'll set upgrade_available=1 so that + u-boot starts counting. @@ -34548,9 +36700,11 @@ upgrade_available=0 - For some devices, u-boot will save the bootcount in the boot partition + For some devices, u-boot will save the bootcount in the boot + partition - in /mnt/boot/bootcount.env. Remove that counter when running hooks + in /mnt/boot/bootcount.env. Remove that counter when running + hooks footer: Change-type: minor change-type: minor @@ -34583,12 +36737,14 @@ We move the decision of using either grub legacy or grub EFI from the - board specific layer to here so that all boards can benefit from these + board specific layer to here so that all boards can benefit from + these changes. - Additionally, we make it so that this hostapp-update-hook also deletes + Additionally, we make it so that this hostapp-update-hook also + deletes the unnecessary grub.cfg file. footer: @@ -34620,22 +36776,27 @@ body: > With Sumo 19.0.1, when building cargo 0.25.0 we get: - | error[E0425]: cannot find function `read_to_string` in module `fs` + | error[E0425]: cannot find function `read_to_string` in module + `fs` - | --> /yocto/resin-board/build/tmp/work/x86_64-linux/cargo-native/ + | --> + /yocto/resin-board/build/tmp/work/x86_64-linux/cargo-native/ 0.25.0-r0/cargo_home/registry/src/github.com-1ecc6299db9ec823/ libssh2-sys-0.2.11/build.rs:99:26 - let config = fs::read_to_string("libssh2/src/libssh2_config_cmake.h.in") + let config = + fs::read_to_string("libssh2/src/libssh2_config_cmake.h.in") ^^^^^^^^^^^^^^ did you mean `read_string`? - This is just one example of a package that fails like this. There are + This is just one example of a package that fails like this. + There are - multiple packages in the cargo source tree that fail with this error. + multiple packages in the cargo source tree that fail with this + error. The cargo bbclass does a: @@ -34650,20 +36811,26 @@ Updating registry `https://github.com/rust-lang/crates.io-index` - Updating the registry will result in using the versions pinned upstream. + Updating the registry will result in using the versions pinned + upstream. - In our case, it will be using newer versions of packages that require a + In our case, it will be using newer versions of packages that + require a - newer rust version (read_to_string was added in rust 1.26.0). But at the + newer rust version (read_to_string was added in rust 1.26.0). + But at the - same time, the meta-rust layer which we use has an older rust version. + same time, the meta-rust layer which we use has an older rust + version. (currently meta-rust on sumo branch has rust at version 1.24.1) - The fix for such a case would be to use a Cargo.lock file which pins + The fix for such a case would be to use a Cargo.lock file which + pins - the packages to versions which are known to work with rust 1.24.1, + the packages to versions which are known to work with rust + 1.24.1, the version we use in sumo. footer: @@ -34889,22 +37056,27 @@ body: > With Sumo 19.0.1, when building cargo 0.25.0 we get: - | error[E0425]: cannot find function `read_to_string` in module `fs` + | error[E0425]: cannot find function `read_to_string` in module + `fs` - | --> /yocto/resin-board/build/tmp/work/x86_64-linux/cargo-native/ + | --> + /yocto/resin-board/build/tmp/work/x86_64-linux/cargo-native/ 0.25.0-r0/cargo_home/registry/src/github.com-1ecc6299db9ec823/ libssh2-sys-0.2.11/build.rs:99:26 - let config = fs::read_to_string("libssh2/src/libssh2_config_cmake.h.in") + let config = + fs::read_to_string("libssh2/src/libssh2_config_cmake.h.in") ^^^^^^^^^^^^^^ did you mean `read_string`? - This is just one example of a package that fails like this. There are + This is just one example of a package that fails like this. + There are - multiple packages in the cargo source tree that fail with this error. + multiple packages in the cargo source tree that fail with this + error. The cargo bbclass does a: @@ -34919,20 +37091,26 @@ Updating registry `https://github.com/rust-lang/crates.io-index` - Updating the registry will result in using the versions pinned upstream. + Updating the registry will result in using the versions pinned + upstream. - In our case, it will be using newer versions of packages that require a + In our case, it will be using newer versions of packages that + require a - newer rust version (read_to_string was added in rust 1.26.0). But at the + newer rust version (read_to_string was added in rust 1.26.0). + But at the - same time, the meta-rust layer which we use has an older rust version. + same time, the meta-rust layer which we use has an older rust + version. (currently meta-rust on sumo branch has rust at version 1.24.1) - The fix for such a case would be to use a Cargo.lock file which pins + The fix for such a case would be to use a Cargo.lock file which + pins - the packages to versions which are known to work with rust 1.24.1, + the packages to versions which are known to work with rust + 1.24.1, the version we use in sumo. footer: @@ -35002,9 +37180,11 @@ This file allows other components to uniquely parse the information that - is contained in the changelog. It will be automatically managed by + is contained in the changelog. It will be automatically managed + by - versionist by appending the new commits on top. This is needed to + versionist by appending the new commits on top. This is needed + to provide nested-changelogs. footer: diff --git a/CHANGELOG.md b/CHANGELOG.md index 33a8d1dd..6208790b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,273 @@ Change log ----------- +# v5.1.34+rev1 +## (2024-08-05) + + +
+ Update balena-yocto-scripts to 730286256ce2ff6db73bce2b8289d2199596269e [balena-renovate[bot]] + +> ## balena-yocto-scripts-1.25.18 +> ### (2024-08-05) +> +> * Update actions/upload-artifact action to v4.3.5 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.17 +> ### (2024-08-05) +> +> * Update Lock file maintenance [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.16 +> ### (Invalid date) +> +> * Update docker/login-action action to v3.3.0 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.15 +> ### (Invalid date) +> +> * Update actions/upload-artifact action to v4.3.4 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.14 +> ### (2024-07-29) +> +> * Update balena-os/leviathan digest to 36aafe0 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.13 +> ### (2024-07-29) +> +> * Update actions/checkout action to v4.1.7 [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.12 +> ### (2024-07-29) +> +> * Update Pin dependencies [balena-renovate[bot]] +> +> ## balena-yocto-scripts-1.25.11 +> ### (2024-07-29) +> +> * revovate: change config to use balena-io template [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.10 +> ### (2024-07-23) +> +> * By default, deploy hostapp on push only [Leandro Motta Barros] +> +> ## balena-yocto-scripts-1.25.9 +> ### (2024-07-22) +> +> * use token to fetch private contracts [rcooke-warwick] +> * unroll balena_lib_build_contract function [rcooke-warwick] +> * unroll balena_api_is_dt_private function [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.8 +> ### (2024-07-17) +> +> * Use env vars BALENA_HOST and BALENACLOUD_SSH_URL when provided [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.7 +> ### (2024-07-16) +> +> * Fix handling of empty test matrix input [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.6 +> ### (2024-07-15) +> +> * Use App Installation tokens so we can clone private submodules [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.5 +> ### (2024-07-08) +> +> * only login to s3 if deploying to s3 [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.4 +> ### (2024-07-06) +> +> * balena-deploy: deploy secure boot lock artifacts if available [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.25.3 +> ### (2024-07-05) +> +> * use workflow run of PR head instead of statuses to determine test results [rcooke-warwick] +> +> ## balena-yocto-scripts-1.25.2 +> ### (2024-07-03) +> +> * Remove dry-run flag from S3 upload [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.1 +> ### (2024-07-03) +> +> * Fix actionlint errors and warnings in shell steps [Kyle Harding] +> +> ## balena-yocto-scripts-1.25.0 +> ### (2024-07-03) +> +> * Do not run any tests by default unless provided by calling workflow [Kyle Harding] +> +> ## balena-yocto-scripts-1.24.3 +> ### (2024-07-02) +> +> * patch: No upload to GH artifacts when PR is closed [Vipul Gupta (@vipulgupta2048)] +> +> ## balena-yocto-scripts-1.24.2 +> ### (2024-07-02) +> +> * Fix quoting of $GITHUB_OUTPUT [Leandro Motta Barros] +> +> ## balena-yocto-scripts-1.24.1 +> ### (2024-06-27) +> +> * Simplify check for secure boot [Leandro Motta Barros] +> +> ## balena-yocto-scripts-1.24.0 +> ### (2024-06-26) +> +> * Support runner selection in the test matrix [Kyle Harding] +> * Allow both combinatorial and include syntax for test_matrix [Kyle Harding] +> +> ## balena-yocto-scripts-1.23.1 +> ### (2024-06-26) +> +> * Refactor secrets and variables to use environments [Kyle Harding] +> +> ## balena-yocto-scripts-1.23.0 +> ### (2024-06-19) +> +> * Dockerfiles: update balenaCLI version to 18.2.2 [Joseph Kogut] +> * Dockerfile_yocto-build-env: bump base image to 22.04 [Joseph Kogut] +> +> ## balena-yocto-scripts-1.22.4 +> ### (2024-06-14) +> +> * Update job conditions to allow non-PR events for internal branches [Kyle Harding] +> * Hardcode environment paths at the job level [Kyle Harding] +> * Replace test inputs with a single JSON matrix input [Kyle Harding] +> +> ## balena-yocto-scripts-1.22.3 +> ### (2024-06-13) +> +> * jenkins_generate_ami: pass yocto scripts version as an env var to helper container [rcooke-warwick] +> +> ## balena-yocto-scripts-1.22.2 +> ### (2024-06-12) +> +> * Update the triggers on the example test workflow [Kyle Harding] +> +> ## balena-yocto-scripts-1.22.1 +> ### (2024-06-07) +> +> * Prevent duplicate workflow runs for multiple triggers [Kyle Harding] +> * Add catchall job to yocto-build-deploy for merge requirements [Kyle Harding] +> +> ## balena-yocto-scripts-1.22.0 +> ### (2024-06-06) +> +> * Create workflow to build and deploy balenaOS [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.10 +> ### (2024-05-02) +> +> * balena-deploy: deploy usbboot if available [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.21.9 +> ### (Invalid date) +> +> * balena-lib: improve base tag detection [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.21.8 +> ### (2024-04-29) +> +> * Support commit tags when extracting version tag from git [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.7 +> ### (2024-04-19) +> +> * Add missing $select for release_asset.asset_key [Thodoris Greasidis] +> +> ## balena-yocto-scripts-1.21.6 +> ### (2024-03-25) +> +> * Revert "balena-build: avoid using device-type as a prefix in yocto sstate" [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.5 +> ### (2024-03-14) +> +> * Merge AMI publishing dependencies into yocto-build-env [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.4 +> ### (2024-03-13) +> +> * balena-build: avoid using device-type as a prefix in yocto sstate [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.3 +> ### (2024-02-11) +> +> * Enable S3 Server Side Encryption flags [Kyle Harding] +> +> ## balena-yocto-scripts-1.21.2 +> ### (2024-02-08) +> +> * automation/include: Pass helper image version [Florin Sarbu] +> +> ## balena-yocto-scripts-1.21.1 +> ### (2024-02-07) +> +> * balena-deploy: Remove docker.io when pulling image [Alexandru] +> +> ## balena-yocto-scripts-1.21.0 +> ### (2024-02-02) +> +> * Return image id after pulling helper images [Kyle Harding] +> * Build and publish helper images with Flowzone [Kyle Harding] +> +> ## balena-yocto-scripts-1.20.0 +> ### (2024-02-02) +> +> * Remove unused block-build functions [Kyle Harding] +> +> ## balena-yocto-scripts-1.19.41 +> ### (2023-12-22) +> +> * automation/balena-deploy: Pin to known working version of balena-img [Alexandru Costache] +> +> ## balena-yocto-scripts-1.19.40 +> ### (2023-11-13) +> +> * Dockerfiles: update balenaCLI version to 17.2.2 [Alex Gonzalez] +> * balena-deploy-block.sh: deploy licenses and changelog as release assets [Alex Gonzalez] +> * balena-deploy: Add changelog to deployed artifacts [Alex Gonzalez] +> * balena-api: add release assets helper functions [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.19.39 +> ### (2023-10-20) +> +> * Dockerfile_yocto-build-env: Install rsync and uudecode host dependencies [Alexandru Costache] +> +> ## balena-yocto-scripts-1.19.38 +> ### (2023-10-11) +> +> * README.md ChangeType is needed for PR so add to README example [Alex J Lennon] +> +> ## balena-yocto-scripts-1.19.37 +> ### (2023-10-10) +> +> * Dockerfile_yocto-build-env: Add screen [Alex J Lennon] +> +> ## balena-yocto-scripts-1.19.36 +> ### (2023-10-10) +> +> * flowzone: allow external contributions [Alex Gonzalez] +> +> ## balena-yocto-scripts-1.19.35 +> ### (2023-09-28) +> +> * balena-deploy: fail if device type not found [rcooke-warwick] +> * balena-api: Dont assume private if can't get DT [rcooke-warwick] +> + +
+ # v5.1.34 ## (2024-02-15) diff --git a/VERSION b/VERSION index eeb25c4a..89edb980 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.1.34 \ No newline at end of file +5.1.34+rev1 \ No newline at end of file