diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index a59fcd3..fab1628 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,33 @@ +- commits: + - subject: Update layers/meta-balena to 6f38c16dea7e006ee20b90a089574505fbce4a25 + hash: 4c40ce58f20f6d5195429036fb053cb2610a3a62 + body: Update layers/meta-balena + footer: + Changelog-entry: Update layers/meta-balena to 6f38c16dea7e006ee20b90a089574505fbce4a25 + changelog-entry: Update layers/meta-balena to 6f38c16dea7e006ee20b90a089574505fbce4a25 + author: Renovate Bot + nested: + - commits: + - subject: "mkfs-hostapp-native: Update base image in Dockerfile" + hash: 5d0e8d90050ab0bf94911ab4e676cb529c70c56b + body: | + Update Dockerfile base image from debian strech to the latest + stable debian bullseye to fix mkfs-hostapp-native build. + + The old image has been moved in Dockerhub to debian/eol. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alexandru Costache + signed-off-by: Alexandru Costache + author: Alexandru Costache + nested: [] + version: meta-balena-2.114.10 + title: "" + date: 2023-04-24T14:32:34.955Z + version: 2.114.10 + title: "" + date: 2023-04-24T17:33:36.369Z - commits: - subject: Update layers/meta-balena to e2663a747325b2cb71476fde889244ad424ec8a4 hash: 2bbdb9d064399bdb1e5388e9f3d960cce20702d7 @@ -11,7 +41,8 @@ - subject: "tests: os: configure to use installer's migrator" hash: 0715805137a721f6d551e3087f7eb5231036c004 body: > - Configuring the flasher image to force the migration. We use this to + Configuring the flasher image to force the migration. We use + this to skip migration tests when not configured. footer: @@ -60,7 +91,8 @@ - subject: Remove safeStateClone function hash: 6c031299d686cca9bb89f950b105ab5bf62fae97 body: > - This function is no longer needed with the latest changes to + This function is no longer needed with the latest + changes to getCurrentState footer: @@ -71,7 +103,8 @@ - subject: Get rid of targetVolatile in app manager hash: 36311ef7a1b9192879c4951fb7e4521ef3c4840b body: > - Target volatile doesn't make sense now that we can use the + Target volatile doesn't make sense now that we can use + the current state as a target. It wasn't actually being used for anything @@ -84,7 +117,8 @@ - subject: Make pausingApply a private member of device-state hash: 1e0dd381f54efd31119454db592d5c047d829681 body: > - This simplifies this module interface and hides implementation details + This simplifies this module interface and hides + implementation details from the rest of the code. @@ -103,7 +137,8 @@ - subject: Simplify doRestart and doPurge actions hash: 3d43f7e3b367636f01ac9b6388c933bab5c896e5 body: > - The actions now work by passing an intermediate state to the state + The actions now work by passing an intermediate state to + the state engine. @@ -124,7 +159,8 @@ - subject: Fix network appUuid inference in local mode hash: 43630e52674e82bf32792e2d15db35a9af332865 body: > - Local mode uses a numeric `appUuid` which was messing up parsing the + Local mode uses a numeric `appUuid` which was messing up + parsing the network name. This fixes this issue so the current state can be used @@ -137,7 +173,8 @@ - subject: Get image name from DB when getting the app current state hash: b1fc4e1761e02edc84c1be344a91ef29e771aa28 body: > - The Service class in `compose/service.ts` cannot get the image name + The Service class in `compose/service.ts` cannot get the + image name from the image id when building the object from the container metadata. @@ -153,7 +190,8 @@ - subject: Improve net alias comparison to prevent unwanted restarts hash: 27f0d2e655a5c11c89103847c485fa06babc1954 body: > - Network aliases are now compared checking that the target state is a + Network aliases are now compared checking that the + target state is a subset of the current state. This will prevent service restarts due to @@ -168,7 +206,8 @@ - subject: Exclude containerId from service network aliases hash: cb98133717b1c4c8f9e46c95ec7df996deae60e6 body: > - When getting the service from the docker container, remove the + When getting the service from the docker container, + remove the containerId from the list of aliases (which gets added by docker). This @@ -186,7 +225,8 @@ - subject: Skip image delete when applying intermediate state hash: f2ca7dbb6ae465f361fc05fb42dc5ff7cfc8de4c body: > - This replaces the previous flag `isApplyingIntermediate` on application + This replaces the previous flag `isApplyingIntermediate` + on application manager and simplifies the interface of the state engine to make temporary changes to the @@ -199,7 +239,8 @@ - subject: Make local mode image management work as in cloud mode hash: 967cb7747f187f70500f6393360df10b40fddebf body: > - There were multiple places in the state engine that skipped some + There were multiple places in the state engine that + skipped some operations while in local mode. In reality, all it's needed while in @@ -226,7 +267,8 @@ - subject: Remove ignoreImages argument from getRequiredSteps hash: 76d5be64e56c63c01474cee2ead43d02470c1389 body: > - The argument was unused and hence unnecesary. This is just a bit of + The argument was unused and hence unnecesary. This is + just a bit of cleanup footer: @@ -256,7 +298,8 @@ - subject: "barys: fix removal of equals sign from argval" hash: 8855ad4d31b45187e4007763b6bb084e08974807 body: > - When parsing additional variables to be passed to the bitbake build, + When parsing additional variables to be passed to the bitbake + build, keys and values are split using equals as a delimiter. However, the @@ -306,7 +349,8 @@ - subject: Do not restart balena-hostname on rename hash: 7b68ee4c4f03f464c762afc0b3da06e3f4620440 body: > - The OS since v2.82.6 will monitor changes to config.json and restart + The OS since v2.82.6 will monitor changes to config.json + and restart the relevant services to apply the changes. There is no need to trigger @@ -329,7 +373,8 @@ - subject: Remove anonymous build volume from Dockerfile hash: a3675651898f050eaefce0a9c4e02890ddc57b57 body: > - We don't need this anonymous volume as /data is bind mounted into + We don't need this anonymous volume as /data is bind + mounted into the container from host (legacy), and will soon be mounted by the @@ -363,7 +408,8 @@ - subject: Update db and dbx hashes during HUP when secure boot is enabled hash: 775dc7dba7afe2674dc0ef84e00bb773495d4c98 body: > - After moving to hashes for authenticating the allowed OS list, we need + After moving to hashes for authenticating the allowed OS list, + we need to update the db variable on each HUP to make sure the new OS @@ -382,7 +428,8 @@ - subject: "balena-db-hashes: ship both db and dbx updates" hash: c428010c83fd3a3ca1f4cdc72fc94a90f6be6ee4 body: > - In order to use hashes we can not use UEFI time-based authentication + In order to use hashes we can not use UEFI time-based + authentication for updates as this would prevent rollbacks. Instead we ship appendable @@ -397,7 +444,8 @@ - subject: Use hashes instead of certificates for secure boot image validation hash: c205b247c14cbdd132cb1bb335da2d17fa40caf5 body: > - This patch changes the validation of bootable images from certificate + This patch changes the validation of bootable images from + certificate signatures to a list of allowed hashes of binaries. This only applies @@ -439,7 +487,8 @@ - subject: Ship separate GRUB images for secure boot hash: 1eb49acca051d7c34fa0e48bd673fc764320b2e9 body: > - Shipping a single image with signature checks enabled will enforce + Shipping a single image with signature checks enabled will + enforce the signatures on non-secure-boot systems as well. GRUB does not have @@ -481,7 +530,8 @@ - subject: "initedscripts: recovery: do not use strings for timeout" hash: c17da3802213251c69ba8a99ce6a8a63b358f022 body: > - Remove the `m` suffix to the timeout as they are supposed to be compared + Remove the `m` suffix to the timeout as they are supposed to be + compared as integer numbers. footer: @@ -494,7 +544,8 @@ - subject: "resin-init-flasher: limit boot device identification to booting disk" hash: 5ee9a12075c3c0a11455ccb342ce4499916395be body: > - The installer is to copy configuration files into the boot partition on + The installer is to copy configuration files into the boot + partition on the installer disk - searching by label needs to be restriced to the @@ -521,7 +572,8 @@ - subject: "resin-init-flasher: fix EFI installation for multiple disks" hash: 69459a964f62adbe4b9661b718994391c4a78363 body: > - Search for the installation disk on the same device the system is being + Search for the installation disk on the same device the system + is being installed on. This avoids problems when there are more than one disk @@ -536,7 +588,8 @@ - subject: "initrdscripts: migrate: correctly identify boot device" hash: 27fd9e05d16d60a7340a16abcda5e93fd1fdb199 body: > - The internal target device to program is not always the device the system + The internal target device to program is not always the device + the system is booting from. Make sure the `flash-boot` partition search is done @@ -551,7 +604,8 @@ - subject: "distro: balena-os: update GRUB key id for signature" hash: f4242aa560e869892a7289ac8523bed055feffe3 body: > - Update the default Grub key id so it matches the currently configured + Update the default Grub key id so it matches the currently + configured key. This avoids having to configure this in the build jobs. @@ -583,7 +637,8 @@ - subject: "balena-lib: Do not return error if no balena user token is available" hash: e335e248305cda86ce55f934b2b3ba8202f17454 body: > - The balena API token is only required for private device access so don't + The balena API token is only required for private device access + so don't fail if there is not one available. footer: @@ -877,8 +932,8 @@ - subject: Mount boot partition into container on Supervisor start hash: 49ee1042a87ce0b101054e32b84afaa324a371de body: > - As the Supervisor is a privileged container, it has access to host /dev, - and therefore has access + As the Supervisor is a privileged container, it has + access to host /dev, and therefore has access to boot, data, and state balenaOS partitions. This commit sets up the framework for the following: @@ -1037,7 +1092,8 @@ - subject: "swtpm: store state in tmpfs" hash: 25460508d5477dd27a4743b4684e97e6d0f8529a body: > - swtpm stores state in the directory specified in the --tpmstate argument + swtpm stores state in the directory specified in the + --tpmstate argument If the same state directory/files are used for multiple installations, @@ -1126,7 +1182,8 @@ - subject: Don't create core dumps in containers by default hash: 1a78f2a1a27684bf244c881555b691d63a3247f6 body: > - Setting `LimitCORE=0` will avoid the creation of core dump files on + Setting `LimitCORE=0` will avoid the creation of core dump files + on containers. This will avoid cases in which a crashlooping user app ends @@ -1158,7 +1215,8 @@ - subject: Make sure balenaEngine owns the container cgroups hash: 5efa793c5af63ef177de95b8b4251799b0de7f40 body: > - Setting `Delegate=yes` ensures that systemd will not change anything on + Setting `Delegate=yes` ensures that systemd will not change + anything on the cgroups created for running the containers. @@ -1203,7 +1261,8 @@ - subject: Simplify and improve delta error handling hash: 2c972dff108a153896116b07798bbc959c07ef01 body: > - The original delta code on the `xfer` package used to set `d.err` when + The original delta code on the `xfer` package used to + set `d.err` when an unexpected EOF was found in the delta tar stream. Turns out `d.err` @@ -1227,7 +1286,8 @@ - subject: Refactor the xfer portions of delta hash: 8c9e6ec7c0efcb81c718c979ad45133f64679fc8 body: > - This factors out portions of the `xfer` package, so that we can + This factors out portions of the `xfer` package, so that + we can reuse this functionality between `balena pull` and `balena load`. There @@ -1242,7 +1302,8 @@ - subject: Refactor the distribution portions of delta hash: 34dd5a92f29e85a77926b9c5983552054dd483c8 body: > - This factors out portions of the `distribution` package, so that we can + This factors out portions of the `distribution` package, + so that we can reuse this functionality between `balena pull` and `balena load`. There @@ -1298,7 +1359,8 @@ - subject: Revert "Use multi-arch in dockerfile" hash: 75eeac5ed4b7ec076482c0cace2d2cfca8b6b2d4 body: > - This reverts commit 00e389e5f559dd10e49cfa411784b89498c3c0eb. + This reverts commit + 00e389e5f559dd10e49cfa411784b89498c3c0eb. Images generated using this dockerfile still don't have the right @@ -1365,7 +1427,8 @@ - subject: Use multi-arch in dockerfile hash: 00e389e5f559dd10e49cfa411784b89498c3c0eb body: > - This is necessary since the builder no longer passes the platform flag + This is necessary since the builder no longer passes the + platform flag to the build. This would lead to dockerfiles that are mixing multi and single @@ -1420,7 +1483,8 @@ - subject: "Installer: Make the script POSIX-compliant" hash: cc0683f0aa5cdd5cae54cf278e060328e2c2595f body: > - There were various usages of Bash-specific features. As a result, the + There were various usages of Bash-specific features. As + a result, the script would work correctly only on OSes that have `sh` as an alias to @@ -1487,7 +1551,8 @@ - subject: Remove the installation script from docs/ hash: 5305ab263ffebd08d0346de2bdbed34585805f4f body: > - This is removing a duplicate, since the same script is also present + This is removing a duplicate, since the same script is + also present under contrib/ footer: @@ -1512,7 +1577,8 @@ - subject: Revert "Cross-build the dynbinary target" hash: 9562704af9213870b7f861dcd394a06be6782678 body: > - This reverts commit 0240d94e35a43be595cd5e79b0653440c228229f. + This reverts commit + 0240d94e35a43be595cd5e79b0653440c228229f. footer: Change-type: patch change-type: patch @@ -1549,7 +1615,8 @@ - subject: Rename test functions for better clarity hash: f5b966a63503577b1b826dc23b95773fd073aacf body: > - Added an `Asserting` suffix to all functions that internally call + Added an `Asserting` suffix to all functions that + internally call `assert.*()`. This makes clearer what is really going on at the point of @@ -1574,7 +1641,8 @@ - subject: Add dev-focused docs on some balenaEngine features hash: 75b62a76df57767fcc1ab86f0adb3a9f210480a7 body: > - Most notably, on the "delta root" feature, which is important for HUPs, + Most notably, on the "delta root" feature, which is + important for HUPs, not very well-known and not documented anywhere else I know. footer: @@ -1587,7 +1655,8 @@ - subject: Simplify test code by using new std lib function hash: 2d192ea16be1df569c86028128397515d6d3322d body: > - io.ReadAll() is available since Go 1.16 (to which we upgraded some time + io.ReadAll() is available since Go 1.16 (to which we + upgraded some time ago). footer: @@ -1600,7 +1669,8 @@ - subject: Set the delta image store, fix delta-based HUPs hash: 9fe31eb8dad8dbcc35e48cb0f90a12b67256e490 body: > - We apparently have broken this during the 20.10 merge. Not setting the + We apparently have broken this during the 20.10 merge. + Not setting the delta image store breaks delta-based balenaOS updates (HUPs). footer: @@ -1690,7 +1760,8 @@ - subject: "plymouth: replace duplicated patches w/ shared drop-ins" hash: 72706964b8dd308b6c1772fa22c4e89d1680d205 body: > - Plymouth services are modified in the installation directory with balena + Plymouth services are modified in the installation directory + with balena specific customizations using patches. This increases the manual intervention necessary @@ -1707,7 +1778,8 @@ - subject: "systemd: mask systemd-getty-generator instead of patching" hash: e54f4c5d49d1aa18a3544ab8c7e46aef8e366a0a body: > - We disable systemd-getty-generator to allow explicit control over when + We disable systemd-getty-generator to allow explicit control + over when we setup getty to create consoles. Previously, this was done using a @@ -1724,7 +1796,8 @@ - subject: "systemd: replace duplicated patch w/ shared drop-ins" hash: 1481e83e225a341da13c7b7a60d8c96865a458de body: > - Certain services, such as getty@.service, and systemd-logind.service are + Certain services, such as getty@.service, and + systemd-logind.service are disabled when running in a container using a patch to the source files. @@ -1745,7 +1818,8 @@ - subject: "pyro/sumo: initrdscripts: fix migrate module for older Yocto versions" hash: 4eca2991ce9433ad5291af6e17887815db068ca9 body: > - In old Yocto versions the util-linux recipe has not yet been split into + In old Yocto versions the util-linux recipe has not yet been + split into individual packages. footer: @@ -1758,7 +1832,8 @@ - subject: "networkmanager: do not update to latest version in sumo" hash: 75311179f65172d2ca38f74b4487fe812b691a46 body: > - Hold the networkmanager update for older Yocto version as the new meson + Hold the networkmanager update for older Yocto version as the + new meson based build system in newer versions is broken. footer: @@ -1784,7 +1859,8 @@ - subject: "compose: qemu: add FLASHER_SECUREBOOT var" hash: 51977e109069f08f0364eed208fab2e01c104284 body: > - This environment variable is passed through to the suite to preconfigure + This environment variable is passed through to the suite + to preconfigure a flasher image to enable secure boot for testing. footer: @@ -1797,7 +1873,8 @@ - subject: "swtpm: fix abort on exit" hash: fc65360ae7896545bdcaad0d37f1345a447251f4 body: > - Some incoming tests require QEMU to exit, simulating a device powering + Some incoming tests require QEMU to exit, simulating a + device powering off, before starting QEMU again. This is used to "reflash" a virtualized @@ -1859,7 +1936,8 @@ - subject: "tests: os: disable unwrapping" hash: d27b7a53763e0682f1a47865be24345fa52e58ff body: > - The QEMU leviathan-worker now simulates flashing from an external + The QEMU leviathan-worker now simulates flashing from an + external device, which tests both flasher images, as well as @@ -1877,7 +1955,8 @@ - subject: "tests: hup: disable unwrapping" hash: 7e99b96cdfc69b0251566e71f4f9a44ac8e50ac4 body: > - Disable ad-hoc unwrapping in the HUP test suite in favor of utilizing + Disable ad-hoc unwrapping in the HUP test suite in favor of + utilizing the QEMU worker's new ability to bind a disk image to an emulated @@ -1894,7 +1973,8 @@ - subject: "tests: cloud: disable unwrapping" hash: 609706e3e631e305dde86c8462fd9a474e5593ce body: > - Utilize QEMU worker's new internal/external storage emulation to run + Utilize QEMU worker's new internal/external storage emulation to + run flasher in VM, rather than unwrapping image. footer: @@ -1911,7 +1991,8 @@ - subject: "resin-u-boot.bbclass: Default to u-boot Kconfig support" hash: ef248aa51635b08421ddd1a9ddf805ebeda47b43 body: > - It should be safe to assume that boards now use newer u-boot versions + It should be safe to assume that boards now use newer u-boot + versions that all have Kconfig support so we default to that. This allows for @@ -2017,7 +2098,8 @@ - subject: "balena-image-flasher: Default image type to balenaos-img" hash: 36750c1d0e75d82ec096faeff6d61579c075e0c4 body: > - This avoids device repositories having to specify it, and it can always + This avoids device repositories having to specify it, and it can + always be overwritten in append files. @@ -2038,8 +2120,8 @@ resin-specific-env-integration-kconfig.patch" hash: 281a2c8bd47bb77ccf1974ae05b9c42129094911 body: > - Because we use this patch with various u-boot versions it often happens - that this patch + Because we use this patch with various u-boot versions it often + happens that this patch does not apply so we then need to rework it in the device integration layer. Instead it @@ -2070,7 +2152,8 @@ - subject: Skip pin device step if release was deleted hash: f6435814cd86380dd3b02416f6f2199b483bb33c body: > - Preloaded devices can require that the device is pinned to the preloaded + Preloaded devices can require that the device is pinned + to the preloaded release on provisioning. However if the provisioned release gets @@ -2098,7 +2181,8 @@ - subject: Use single-arch in dockerfile hash: 17aa625d3b115103efa30bb98b83ee1fc54230c4 body: > - This is necessary since the builder no longer passes the platform flag + This is necessary since the builder no longer passes the + platform flag to the build. This would lead to dockerfiles that are mixing multi and single @@ -2126,8 +2210,8 @@ - subject: Replace BALENA-FIREWALL rule in INPUT chain instead of flushing hash: 84a9e7e9acd803b6b49d58ae3040694a5e2f823d body: > - The issue with the original Supervisor implementation of the firewall is - that + The issue with the original Supervisor implementation of + the firewall is that on Supervisor start, the Supervisor flushes the INPUT chain of the filter table. @@ -2157,7 +2241,8 @@ - subject: "update-balena-supervisor: use API request helper" hash: 91f8f7b6d77085614dace780997ff792c88b6ab2 body: > - Use an API request helper that checks the status code response before + Use an API request helper that checks the status code response + before trying to use the response itself. @@ -2197,7 +2282,8 @@ - subject: Remove a bad check in Internet connection sharing test hash: 80d2c45d7318464935516acdc2dd884efaacf31a body: > - In the Internet connection sharing test one of the checks may run + In the Internet connection sharing test one of the checks may + run into a racing problem. The following command is holding the iptables @@ -2239,7 +2325,8 @@ - subject: "peak: Ship signed module when signing is enabled" hash: 97d64167c1bcbb76d1638486aa3eb158f37785c9 body: > - At this moment, when module signing is enabled, the peak module is signed + At this moment, when module signing is enabled, the peak module + is signed but do_install ignores the signed variant and installs the original @@ -2272,7 +2359,8 @@ - subject: "flasher: fix installation when in user mode w/ sb disabled" hash: 1592a4cfa4035892fcdc1484717bfcb5966221f3 body: > - Previously, we bailed out of the installer when the system was in user + Previously, we bailed out of the installer when the system was + in user mode (keys enrolled) but the user had not opted in to secure boot, as it @@ -2360,7 +2448,8 @@ - subject: "recipes-core/images: Ensure redsocks sample files are deployed" hash: fe8b2b248d6a65b26def40c9d374f04c813fd40c body: > - ... before trying to include them in the boot partition, otherwise + ... before trying to include them in the boot partition, + otherwise the yocto build may fail sporadically. footer: @@ -2378,7 +2467,8 @@ partition" hash: 22942a52bdf3f1cde6201c0bcc71cb72e3c899b9 body: > - do_resin_boot_dirgen_and_deploy needs all the partial files deployed + do_resin_boot_dirgen_and_deploy needs all the partial files + deployed when it runs as it will be copying them to the actual boot partition. @@ -2430,7 +2520,8 @@ - subject: "balena-units-conf: launch os-config on config changes" hash: b3324272950bffa587963b8ce53d7111ebc04471 body: > - This allows to transition from unmanaged to managed by just writing + This allows to transition from unmanaged to managed by just + writing a config.json file, like it's the case with AWS cloud configuration. footer: @@ -2447,7 +2538,8 @@ - subject: Refer to balenaEngine by its full name hash: 74b747bd20bf906704b75058f43248f8a5f0c20c body: > - Previously, it was being referred to only as "balena". Being explicit + Previously, it was being referred to only as "balena". Being + explicit that this is about balenaEngine makes it simpler to grep for @@ -2493,7 +2585,8 @@ - subject: "initrdscripts: migrate: use du instead of wc to calculate byte sizes" hash: 28eb87859810e0a9e43936b4fc893fc5893510b0 body: > - The `du` utility has the same output format for single or several files, + The `du` utility has the same output format for single or + several files, while the `wc` utility doesn't and does not display a total for single @@ -2523,7 +2616,8 @@ - subject: "resin-init-flasher: replace shutdown for reboot in case of migration" hash: f5671f9514216c93b4770a20adc9ff71730f8f63 body: > - When migrating, we can't assume a device can be remotely powered on, so + When migrating, we can't assume a device can be remotely powered + on, so finish the flashing with a reboot instead of a shutdown. @@ -2554,7 +2648,8 @@ - subject: "initrdscripts: Add migration module" hash: c59a7090f281a0b0e1602efded31816101c094b1 body: > - This module allows to program the internal storage from initramfs hence + This module allows to program the internal storage from + initramfs hence making it possible to migrate an existing OS by booting from the same @@ -2580,7 +2675,8 @@ - subject: "resin-init-flasher: comply with recovery mode" hash: b0e671fe8d1782bfdc38c277899be43ae0cab977 body: > - If booting in recovery mode, wait on adbd to exit before continuing. + If booting in recovery mode, wait on adbd to exit before + continuing. footer: Change-type: patch change-type: patch @@ -2592,7 +2688,8 @@ module" hash: 7b3227c08f693131933fb9fea0d3796571837253 body: > - The migrate module needs to umount the rootfs, so by moving the mountpoint + The migrate module needs to umount the rootfs, so by moving the + mountpoint moving into the migrate module it's only done when not migrating. footer: @@ -2605,7 +2702,8 @@ - subject: "initrdscripts: add recovery module" hash: 2431bc39dde12cab35f407423e4b57db3ec78aff body: > - When `recovery` is passed in the kernel command line, the initramfs will + When `recovery` is passed in the kernel command line, the + initramfs will not boot into the OS but launch adbd. @@ -2644,7 +2742,8 @@ - subject: "os-helpers-fs: add dependency on util-linux fdisk" hash: f27132636f4dda10d51cf0e1a3eb13d3db67b1a2 body: > - The os-helpers-fs script uses functionality not available on busybox's + The os-helpers-fs script uses functionality not available on + busybox's fdisk. footer: @@ -2720,7 +2819,8 @@ - subject: "node: do not set unsafe-perm with npm 9 and newer" hash: c1950ce76e44b48196c44874e09c8857651bddd8 body: > - The unsafe-perm config option has been dropped in npm 9, trying to set it + The unsafe-perm config option has been dropped in npm 9, trying + to set it ends with an error and therefore fails the build. With this patch @@ -2780,7 +2880,8 @@ - subject: "balena-api: ignore quotes from API replies" hash: ad7065112eee4e6e3865ef5581e4c53676536459 body: > - The balenaAPI has replied both `OK` and `"OK"` to patch requests. Accept + The balenaAPI has replied both `OK` and `"OK"` to patch + requests. Accept any of them as long as they contain OK. footer: @@ -2832,7 +2933,8 @@ - subject: "balena-config-vars: Remove dependency on fatrw" hash: 57facfad07b7dd1de5687ab20258f6387575bd79 body: > - There is nothing in `balena-config-vars` itself that needs `fatrw`, so + There is nothing in `balena-config-vars` itself that needs + `fatrw`, so change it so scripts don't exit if it is not available. For example, @@ -2865,7 +2967,8 @@ - subject: Add raid support based on machine features hash: 4f43052ba8fbd74fb5af92fd8d818ef2512d08ab body: > - Not all device types need to support RAID, and its components increase + Not all device types need to support RAID, and its components + increase the images size significantly. @@ -2883,7 +2986,8 @@ - subject: "packagegroup-resin: add resin-device-progress dependency" hash: deb0fd28613ef26a0bbe1f588b8ed152b01b90cd body: > - As we removed the dependency from `resin-init-flasher` given that it + As we removed the dependency from `resin-init-flasher` given + that it will also be used from the initramfs, move the dependency to @@ -2901,7 +3005,8 @@ dependencies" hash: da696aff03e0080d67c87f1b4d3e7e12904b8e48 body: > - These are not always required for the flasher to work, only when the + These are not always required for the flasher to work, only when + the flasher is not running from initramfs. @@ -2921,7 +3026,8 @@ - subject: "resin-init-flasher: reduce dependencies" hash: b4b6dded00d2710f29f1bbef97dd6937a4766821 body: > - As we are pulling resin-init-flasher into the initramfs optimise the + As we are pulling resin-init-flasher into the initramfs optimise + the dependencies by removing the whole util-linux package and adding @@ -2948,7 +3054,8 @@ for flasher device types" hash: 33e33381ce8353bc539a1c61eec75ade2447eddc body: > - Now that the installer script is added to the initramfs and is included + Now that the installer script is added to the initramfs and is + included both for flasher and non-flasher device types, limit the @@ -2970,7 +3077,8 @@ - subject: "resin-init-flasher: wait for the by-label links to be created" hash: 21e7b74a4f8af7baf751859e5a5477c2ae99c8fa body: > - The by-label links can be used both for physical and mapper devices (used + The by-label links can be used both for physical and mapper + devices (used in disk encryption). @@ -3169,7 +3277,8 @@ - subject: "os-helpers-fs: get_internal_device() skip disks w/out media" hash: 1da9ea7a3ea1fb87ce31c9281376c2ad5110c1dd body: > - Block device nodes are sometimes created without attached media. These + Block device nodes are sometimes created without attached media. + These devices can neither be read from, nor written to. In this case, the @@ -3241,7 +3350,8 @@ - subject: "tests: os: secureboot: skip if system is not locked down" hash: 00ad363a00eef7805f9f0569d43b933b28504abb body: > - Secure boot is now opt-in, even in the case where the image is signed, + Secure boot is now opt-in, even in the case where the image is + signed, and it's supported in firmware. Skip the secure boot tests when it's not @@ -3296,7 +3406,8 @@ - subject: "client: throw errors instead of blanket handling" hash: 0f4b4b55b01bbfb023bcddba0ea585bcbe968a07 body: > - Remove try/catch block surrounding client code that blanket handles all + Remove try/catch block surrounding client code that + blanket handles all exceptions, and makes debugging and log messages worse. @@ -3333,8 +3444,8 @@ - subject: Updated owa5X logo. hash: 65dc08be089c25740fdc53ea86b4e8037fff600b body: > - The previous logo had some problems when show in Balena's dashboard and - other places. + The previous logo had some problems when show in Balena's + dashboard and other places. footer: Change-type: patch change-type: patch @@ -3572,7 +3683,8 @@ - subject: "workflows: update-backports: remove skipping tests" hash: 36ee78634fdc2c95644fcf2ad303d48b6193b6f2 body: > - It's not clear how the feature to skip tests work, so modify the commit + It's not clear how the feature to skip tests work, so modify the + commit message to be of type patch to avoid balenaCI errors on type none. footer: @@ -3589,7 +3701,8 @@ - subject: "workflows: add update-backports" hash: 04b6db97ced04eeae3204c9c88d162355abd297c body: > - This workflow will update the backports entry in repo.yml after a new + This workflow will update the backports entry in repo.yml after + a new ESR release is created. footer: @@ -3618,8 +3731,8 @@ - subject: Update aufs5 kernel patches for 5.10 versions hash: 525ae72f84fe7092dd642cb1068238e0593f9e2e body: > - We update to the newest patch revisions for 5.10 kernel versions from - upstream + We update to the newest patch revisions for 5.10 kernel versions + from upstream footer: Change-type: patch change-type: patch @@ -3658,7 +3771,8 @@ - subject: Find and remove duplicate networks hash: 89175432af9beb9f9765a6cfdbc8914a8eae251e body: > - We have seen a few times devices with duplicated network names for some + We have seen a few times devices with duplicated network + names for some reason. While we don't know the cause the networks get duplicates, this @@ -3691,7 +3805,8 @@ - subject: Reference networks by Id instead of by name hash: 180c4ff31ad719fb2b00217548514d42a4b5c4cf body: > - We have seen a few times devices with duplicated network names for some + We have seen a few times devices with duplicated network + names for some reason. While we don't know the cause the networks get duplicates, @@ -3809,7 +3924,8 @@ - subject: "docs: add section for sb/fde opt-in" hash: 0b6b034cbb0ca5a9cd7a13690d1f8b0b7485e674 body: > - Document the opt-in boolean for secure boot and full-disk encryption. + Document the opt-in boolean for secure boot and full-disk + encryption. footer: Change-type: patch change-type: patch @@ -3836,7 +3952,8 @@ - subject: "resin-init-flasher: do not report progress if unprovisioned" hash: c6e81823002c1b7f73373fc5eee9434c8805f5b5 body: > - If we know we have not provisioned, let's not print errors when the + If we know we have not provisioned, let's not print errors when + the report cannot be sent. footer: @@ -3849,7 +3966,8 @@ - subject: "resin-init-flasher: check splash configuration exists before copying" hash: 150bef07e330695cc2abcc1e46d533ed43b0a732 body: > - Otherwise, if the flasher is configured without a splash configuration + Otherwise, if the flasher is configured without a splash + configuration directory, the boot partition content is overwritten. footer: @@ -3861,7 +3979,8 @@ file" hash: be9f8c76eab4494d6dfaaca81ec2c695d9f78d8c body: > - This exposes a file based interface for configuration sharing. The + This exposes a file based interface for configuration sharing. + The clarity is needed while working on the migrator. footer: @@ -4124,7 +4243,8 @@ - subject: "balena-generate-ami: match instance type with image type" hash: 98c1601e106a1fe194fd6c1339b33b67a57a578a body: > - When using an amd64 AMI, use a suitable A1 Graviton instance to test it. + When using an amd64 AMI, use a suitable A1 Graviton instance to + test it. footer: Change-type: patch change-type: patch @@ -4173,7 +4293,8 @@ - subject: "balene-generate-ami: remove key name" hash: cebc5f30447785bdbad8260f0975bd1f9f261a9b body: > - No need to provide a key name as the instance only needs to be accessible + No need to provide a key name as the instance only needs to be + accessible via balenaCloud. footer: @@ -4191,7 +4312,8 @@ balena_os" hash: 0e3f9ca33265d1fc84244a4e3e86b9e7a7c85715 body: > - These applications have been moved to the `balena_os` organization. + These applications have been moved to the `balena_os` + organization. footer: Change-type: patch change-type: patch @@ -4206,7 +4328,8 @@ - subject: "balena-generate-ami: do not remove AMI snapshot" hash: 7022aa4933c5134d22b1f9f7e60c9e76fecca36a body: > - This snapshot is attached to the AMI and can only be removed after + This snapshot is attached to the AMI and can only be removed + after de-registering the AMI. footer: @@ -4220,7 +4343,8 @@ token" hash: 526fe49137cd619162d4e1307b977d1aa85401b0 body: > - No need to complicate the job configuration with two tokens if we can do + No need to complicate the job configuration with two tokens if + we can do with one. footer: @@ -4233,7 +4357,8 @@ - subject: "jenkins_build: respect the preserve build flag" hash: 30ff6dc19dafe9f7860df65c5552e4a25061a37b body: > - Do not remove the build directory if the preserve build flag is set. + Do not remove the build directory if the preserve build flag is + set. footer: Change-type: patch change-type: patch @@ -4280,7 +4405,8 @@ - subject: "os-helpers: remove shebangs as these are not meant to be executed" hash: 5ffda998055973cb6f4cb68a355b1a73bdea7c48 body: > - The os-helpers scripts are meant to be sourced by other scripts, not + The os-helpers scripts are meant to be sourced by other scripts, + not executed. When sourced, the shebang should be ignored. @@ -4332,7 +4458,8 @@ - subject: "resin-init-flasher: remove unused variable" hash: 800db4f0ce54dcd9d2f9b1ef8300c1534a3a55c1 body: > - The INTERNAL_DEVICE_CONF_PART_MOUNTPOINT is no longer used in the code. + The INTERNAL_DEVICE_CONF_PART_MOUNTPOINT is no longer used in + the code. footer: Change-type: patch change-type: patch @@ -4344,7 +4471,8 @@ mount" hash: 9599a70c6e7440dde993d847e1e1800f5f5d4409 body: > - This simplifies the code as we only set the boot partition mount in one + This simplifies the code as we only set the boot partition mount + in one place. footer: @@ -4358,7 +4486,8 @@ paths" hash: c261dbf4c96ee4204001be8e96654ebadf490516 body: > - The files will live in different places depending on whether the script + The files will live in different places depending on whether the + script is run from a flasher image or from initramfs. footer: @@ -4372,7 +4501,8 @@ device" hash: 60f130fabd947f1d929213196419bc2153258b2c body: > - Make sure the internal boot device we mount is the one we have just + Make sure the internal boot device we mount is the one we have + just programmed - using the resin-boot label might clash. footer: @@ -4385,7 +4515,8 @@ - subject: "resin-init-flasher: remove systemd dependency" hash: dbda0afade7c575f0b1f4ac3146e9760a5bcda26 body: > - Allow to run the script from initramfs where no systemd is installed. + Allow to run the script from initramfs where no systemd is + installed. footer: Change-type: patch change-type: patch @@ -4396,7 +4527,8 @@ - subject: "resin-init-flasher: Do not hardcode path to the raw image" hash: e48c090e1285ac03281c80d44644961d3f253d96 body: > - Allow the script to search for the raw balena image in the rootfs. This + Allow the script to search for the raw balena image in the + rootfs. This allows to use the raw image from different sources. footer: @@ -4420,7 +4552,8 @@ - subject: "initrdscript: resindataexpander: skip for flasher images" hash: f3448518b30f2cb41c4ee38e246b35f5ba7b77df body: > - The code outside of the enabled and run functions is not meant to be + The code outside of the enabled and run functions is not meant + to be executed for flasher images and it prints verbose errors. footer: @@ -4595,7 +4728,8 @@ - subject: "efitools: fix cross-compilation on arm" hash: 86887855e9023e56cd9c96fdfc29053f649366f5 body: > - efitools defaults ARCH to x86_64 when unset, leading to architecture + efitools defaults ARCH to x86_64 when unset, leading to + architecture specific flags being misapplied, breaking the build @@ -4628,7 +4762,8 @@ updated" hash: 75dd55660bcb9e37f458b505e23acc3f19dfddc7 body: > - This recipe has now been renamed to extra-udev-rules across all device + This recipe has now been renamed to extra-udev-rules across all + device types repositories. footer: @@ -4645,7 +4780,8 @@ - subject: "kernel-balena: Remove apparmor support" hash: 18cd233a83554b58b3540164afd768fdeda60b03 body: > - Newer releases of moby expect appArmor userland tools when appArmor is + Newer releases of moby expect appArmor userland tools when + appArmor is enabled in the kernel. footer: @@ -4662,7 +4798,8 @@ - subject: "flasher: handle user mode system w/out secure boot" hash: 73ca2d64f9bc22764694f774898db02a6c9e9825 body: > - When a user runs the flasher with secure boot enabled in `config.json`, + When a user runs the flasher with secure boot enabled in + `config.json`, the public keys used to validate the bootloader are enrolled. If any @@ -4697,7 +4834,8 @@ - subject: "flasher: fix keys not enrolling with secure boot enabled" hash: e9622bc5bb415d98bfd3c3277db96e5b585c583b body: > - Extended globbing is not enabled by default, which makes the substring + Extended globbing is not enabled by default, which makes the + substring match for trimming leading zeroes not work. This causes SETUPMODEVAR to @@ -4716,7 +4854,8 @@ - subject: "flasher: fix secure boot setup with enrolled keys" hash: 2116dc08fbc8e0df3739fc1067a3884712a55ade body: > - When refactoring secure boot setup, a logic mistake in the purpose and + When refactoring secure boot setup, a logic mistake in the + purpose and use of SECUREBOOT_VAR meant that devices booting the flasher with keys already @@ -4827,7 +4966,8 @@ - subject: split swtpm service into separate compose file hash: 93d0160eb9a07c86c309cb2c0c2f1b709185884d body: > - Not all platforms support secure boot, notably aarch64 using tianocore + Not all platforms support secure boot, notably aarch64 + using tianocore firmware. Additionally, swtpm may not be available for all platforms. @@ -4890,7 +5030,8 @@ - subject: "compose: qemu: add swtpm service" hash: 302446a90ceedf0e406ed5edef7600925cf55c8c body: > - QEMU is capable of using an emulated software TPM exposed via socket. A + QEMU is capable of using an emulated software TPM + exposed via socket. A TPM is necessary for full disk encryption (FDE), so add a service to @@ -4934,7 +5075,8 @@ - subject: "flasher: create EFI boot entry" hash: 5979409faeaaa2b0df7503b408e202d87c6d2f7b body: > - Some firmwares will not boot balenaOS by default without explicitly + Some firmwares will not boot balenaOS by default without + explicitly creating a boot entry, so create one on EFI platforms after flashing. footer: @@ -4947,7 +5089,8 @@ - subject: "common: os-helpers-fs: fix get_dev_path_from_label w/ luks" hash: 3b7ad68f938776db770a067de6b2973876cc7430 body: > - get_dev_path_from_label() calls lsblk to get the name and label of a + get_dev_path_from_label() calls lsblk to get the name and label + of a disk, then filters the list using the label and returns a /dev path. @@ -4977,7 +5120,8 @@ - subject: "flasher: make secure boot opt-in" hash: c6b84df2e571231bea8283e88750af949ca78df9 body: > - Opt-in to secure boot, full-disk encryption, and kernel lockdown with + Opt-in to secure boot, full-disk encryption, and kernel lockdown + with the `secureboot` boolean in the `installer` object contained in @@ -4992,7 +5136,8 @@ - subject: "flasher: ensure image is signed before enrollment" hash: 765ec79b9760a8822fab5801459398b798bd5e31 body: > - The flasher image enrolls the secure boot keys before rebooting into + The flasher image enrolls the secure boot keys before rebooting + into secured user mode and creating the encrypted luks volumes on disk. @@ -5015,7 +5160,8 @@ - subject: "flasher: refactor secure boot block" hash: 7127247bdabe96827b13837a573fc0c3966b1557 body: > - Improve readability and formatting of secure boot configuration section + Improve readability and formatting of secure boot configuration + section footer: Change-type: patch change-type: patch @@ -5054,7 +5200,8 @@ - subject: "hostapp-update-hooks: Fail if new keys are used" hash: e61b8183fc046b733f18c55ae21cdde29ec28064 body: > - Abort the hostOS update if new keys are detected so the device is + Abort the hostOS update if new keys are detected so the device + is not bricked until updating keys is supported. footer: @@ -5067,7 +5214,8 @@ - subject: "resin-init-flasher: In setupmode program new keys" hash: 46a0b3839eccb69e00d15fd69027b904a8613a89 body: > - If the device has been configured in setupmode, make the flasher images + If the device has been configured in setupmode, make the flasher + images program the balena keys from the boot partition. footer: @@ -5112,7 +5260,8 @@ - subject: "efitools: Allow builds for ARM architecture" hash: 03962bda4860726332715df5fbdec05a475b6026 body: > - There are ARM systems that use UEFI, and for example the `efivar` package + There are ARM systems that use UEFI, and for example the + `efivar` package can also be built for ARM architectures. footer: @@ -5278,7 +5427,8 @@ - subject: Enable back connectivity check in NetworkManager hash: b4ae8c2df204107054316e8b9f78075155c1f606 body: > - In v2.108.0 we did a major NetworkManager upgrade as we started using + In v2.108.0 we did a major NetworkManager upgrade as we started + using meson as a build system. The connectivity check feature was left @@ -5388,7 +5538,8 @@ - subject: "efitools: Package lock down EFI image into its own package" hash: 461ad62f13732cd325f3f532fda4fac4b9ffb3da body: > - This EFI image contains the secure boot certificates and when executed it + This EFI image contains the secure boot certificates and when + executed it is supposed to load the keys into the respective secure boot slots. @@ -5438,7 +5589,8 @@ - subject: "workflows: meta-balena-esr: Fix version calculation" hash: b56da33230839f4af74bac954cf834c2116e6209 body: > - Correct the calculation of the version to include in the yml file. + Correct the calculation of the version to include in the yml + file. footer: Change-type: patch change-type: patch @@ -5481,7 +5633,8 @@ - subject: "redsocks: Increase maximum number of open files" hash: e90b9159ed5f0dac3d9fe1b1b486201ee85f1161 body: > - This increases the number of open connections that redsocks can support + This increases the number of open connections that redsocks can + support to a new maximum of 2048. @@ -5513,7 +5666,8 @@ - subject: 'Revert "flasher: output logs to serial console"' hash: 406317b15726798d0c11928851897a530c980170 body: > - In development mode, the flasher service is killed by getty. Revert this + In development mode, the flasher service is killed by getty. + Revert this change to unbreak the flasher when OS development is enabled. @@ -5581,7 +5735,8 @@ - subject: "balena-supervisor: Set the supervisor package version" hash: 950cbe5dd708511e37d707d4121032cc06376d1a body: > - This should reflect the included supervisor version in the hostapp + This should reflect the included supervisor version in the + hostapp manifest. footer: @@ -5712,7 +5867,8 @@ - subject: "core: Increase the default timeout for worker connections to 30s" hash: 44002ac3e50fbbbf70bbb5abc325da4b92acbf02 body: > - This is a further attempt to avoid ETIMEOUT errors when running + This is a further attempt to avoid ETIMEOUT errors when + running on GH actions and connecting to real testbots. footer: @@ -5874,7 +6030,8 @@ rpi" hash: 6a47531bd8c1a3a032e57efe6b1c2d764d6d0570 body: > - This has since been fixed in the engine but since it impacts the HUP from + This has since been fixed in the engine but since it impacts the + HUP from version we need to handle it in the test suite. footer: @@ -5912,7 +6069,8 @@ - subject: 'Revert "minor: Add @balena/leviathan-test-helpers package"' hash: d662f07d297dc130c1592552f8ef1bcdcdabe37f body: > - This reverts PR https://github.com/balena-os/leviathan/pull/826. + This reverts PR + https://github.com/balena-os/leviathan/pull/826. footer: Change-type: minor change-type: minor @@ -5969,7 +6127,8 @@ - subject: Run out-of-band e2e tests after Flowzone passes hash: 4c82cc453f44736e05b2917be7357ac24348c212 body: > - Custom actions can only use certain secrets and single-dimension + Custom actions can only use certain secrets and + single-dimension run matrices. By running an entirely separate job after Flowzone @@ -6173,7 +6332,8 @@ - subject: "jenkins_build: add argument to build OS development images" hash: 07f20dae6f06831181fc2ae306f9c4a52499ca24 body: > - Building OS development images is useful for example when debugging and + Building OS development images is useful for example when + debugging and testing AMI images. footer: @@ -6282,7 +6442,8 @@ - subject: "dockerfile: balena-push-env: update balena CLI version to v14.5.15" hash: 06f4be81c2dd37eb6a6da51024d6857b32200d20 body: > - Newer supervisor require a CLI >= v13.5.1 to migrate from v2 apps.json + Newer supervisor require a CLI >= v13.5.1 to migrate from v2 + apps.json footer: Change-type: patch change-type: patch @@ -6293,7 +6454,8 @@ - subject: "jenkins_generate_ami: add balena org for preloaded app" hash: ee48444b36d3597264a7694b2246b3fee4f6b659 body: > - Specify the organization and block name when preloading so it is not + Specify the organization and block name when preloading so it is + not ambiguous. footer: @@ -6475,7 +6637,8 @@ - subject: "test: ssh-auth: fix test cases using custom keys" hash: b24d92774a67cf0c0b83a29848bdcf6ed8a574db body: > - There are two sets of keys used in this test, one stored in `/root/id` + There are two sets of keys used in this test, one stored in + `/root/id` which is created by the cloud suite to SSH via the proxy server, and @@ -6533,7 +6696,8 @@ - subject: "jenkins_generate_ami: use a different token" hash: 3fcb9cb302b3f50e5fd8943fdafe2934fb0de182 body: > - The AMI preload application no longer lives in the balena_os organization + The AMI preload application no longer lives in the balena_os + organization so allow to provide a different token. footer: @@ -6563,7 +6727,8 @@ supervisor" hash: fd788120e5915820e75240e548760fd107cc0580 body: > - The `os-config` application stops the supervisor before fetching openvpn + The `os-config` application stops the supervisor before fetching + openvpn configuration and starting the `openvpn` service unit. @@ -6605,7 +6770,8 @@ - subject: "ssh-auth: setConfig: run synchronously" hash: 5534839614a5221068d25fb703658b780d6c7463 body: > - Most tests expects a specific device configuration so having the setting + Most tests expects a specific device configuration so having the + setting run asynchronously leads to unexpected failures. footer: @@ -6618,7 +6784,8 @@ - subject: "cloud: ssh-auth: use custom path for custom key" hash: 6c83fd02383baf7b6932858a3e88ae207cbecc3b body: > - Right now it overwrites the key created by the cloud suite to connect + Right now it overwrites the key created by the cloud suite to + connect to the proxy. footer: @@ -6631,7 +6798,8 @@ - subject: "balena-config-vars: Set permissions for cache file" hash: 3406f9a45a5a97542972c442f1c8a8e3e80a7d37 body: > - The sshd daemon is configured to fetch keys from the API for local + The sshd daemon is configured to fetch keys from the API for + local user connections. The script that fetches the keys, cloud-public-sshkeys, @@ -6663,7 +6831,8 @@ - subject: "common: kernel-devsrc: fix pseudo abort" hash: e5307d7c7459ac977914122edc11d9ae7222e54b body: > - Yocto builds will abort due to inconsistencies between the pseudo + Yocto builds will abort due to inconsistencies between the + pseudo database and files modified outside of the pseudo context [0]. @@ -6720,7 +6889,8 @@ - subject: "flasher: fix detection and exclusion of installation media" hash: 02ba95a7f2b3889443f8fc2857723898140ff05e body: > - The old test no longer matches on full disk paths including /dev, which + The old test no longer matches on full disk paths including + /dev, which can potentially result in the installation disk not being excluded from @@ -6740,7 +6910,8 @@ - subject: "flasher: properly expand device_pattern globs" hash: 1b8059cf553b99de9a854dbbc7d81d7c079fe2a5 body: > - Previously, globs such as 'md/balena{,_*}' and 'mmcblk?' weren't being + Previously, globs such as 'md/balena{,_*}' and 'mmcblk?' weren't + being properly expanded, resulting in the old behavior of explicit lists of @@ -6826,7 +6997,8 @@ - subject: Enable network access for tasks talking to the signing service hash: ab1d75a0db11cde16d93cb7b3ebe734f61583e28 body: > - Since kirkstone tasks have network access disabled by default so we need + Since kirkstone tasks have network access disabled by default so + we need to enable it explicitly for tasks that talk to the signing service. footer: @@ -6880,7 +7052,8 @@ - subject: Add meta-balena-esr workflow hash: bcaddc164814569a9971c728bfbae316bbae88b3 body: > - This workflow will create an ESR branch from the latest patch of the + This workflow will create an ESR branch from the latest patch of + the previous minor version the first day of each quarter. footer: @@ -6924,7 +7097,8 @@ - subject: "prepare-openvpn: do not use cached configuration" hash: 021495a07f736c7a80497e18dea33e23ac63318b body: > - This script needs to update the VPN authentication with the currently + This script needs to update the VPN authentication with the + currently configured keys so do not use cached values. footer: @@ -7103,7 +7277,8 @@ - subject: "tests: hup: handle exception when unwrapping non-flasher image" hash: 4d020e008232c29a8d9ab316f7c71d7fb161d98e body: > - Handle ENOENT ErrnoException when attempting to unwrap a non-flasher + Handle ENOENT ErrnoException when attempting to unwrap a + non-flasher image in HUP tests. This mirrors a similar change made in ce2d33ad8. footer: @@ -7211,7 +7386,8 @@ - subject: "openssh: allow RSA signatures with SHA1 algorithms" hash: df5e9dcd4a8f61ace849d5bb437798d16a440191 body: > - Openssh v8.8 removes this support by default but the backend still + Openssh v8.8 removes this support by default but the backend + still needs to be updated to drop these. footer: @@ -7454,7 +7630,8 @@ - subject: "common: openvpn: remove resin.conf" hash: ce288ba9138ab385370e2375a64ef8c185feb2c9 body: > - This config file hasn't been used since commit 2db88c2, which unified + This config file hasn't been used since commit 2db88c2, which + unified how managed and unmanaged images operate. Since that commit, openvpn @@ -7490,7 +7667,8 @@ - subject: "Revert \"chrony: update to version 4.1 to match kirkstone's version\"" hash: 3ea5184c30f3051d58f1a1befd19c76c17ee4334 body: > - With the updated version the systemd watchdog events are not received. + With the updated version the systemd watchdog events are not + received. Fixes #2823 @@ -8065,7 +8243,8 @@ - subject: "core: Switch to debian base and install standalone balena-cli" hash: b6993366ce72f0c25f14dfeccdf42076fbf8dd50 body: > - Unfortunately the standalone balena-cli package is linked to glibc + Unfortunately the standalone balena-cli package is + linked to glibc and does not work with musl (alpine) so we need to switch to debian. @@ -8081,7 +8260,8 @@ - subject: "core: Set node engine to match the Dockerfile" hash: 06fcacf6573385aa2709bb2f0deb8a6bee3dd14a body: > - This version can likely be increased now that the balena-cli + This version can likely be increased now that the + balena-cli is no longer part of the ndoe dependencies, but for now just @@ -8096,7 +8276,8 @@ - subject: "core: Remove balena-cli npm dependency" hash: 8b785515f4e4b5d2161f2b84a93a6d162b929875 body: > - Pave the way for installing balena-cli standalone package. + Pave the way for installing balena-cli standalone + package. footer: Change-type: patch change-type: patch @@ -8126,7 +8307,8 @@ - subject: "resin-init-flasher: skip array members not matching a named array" hash: 2c4c437329ff0e74521cf11b74edcf83f58ff8b3 body: > - If a block device specified in resin-init-flasher.conf is part of an + If a block device specified in resin-init-flasher.conf is part + of an array, but that assembled array name wasn't specified, skip it to avoid @@ -8141,7 +8323,8 @@ - subject: "resin-init-flasher: support pattern matching of devices" hash: d552508ce70cf53b5a9fd1e18f5e31d9dbcf2108 body: > - Instead of querying devices w/ `fdisk -l`, glob match patterns specified + Instead of querying devices w/ `fdisk -l`, glob match patterns + specified in resin-init-flasher.conf with devices present in `/dev`. This allows us to @@ -8264,7 +8447,8 @@ - subject: "README: Add kirkstone support" hash: aeff6b085ceeca7ff1d27079bcee7ebe2c6e6d7e body: > - Also, remove the TESTED note as all releases are tested. Specify what is + Also, remove the TESTED note as all releases are tested. Specify + what is the upstream status for the different releases too. @@ -8290,7 +8474,8 @@ - subject: "kernel-balena-noimage: Remove kernel-image packages from image" hash: 08a1b066dfe21da6f43642c2d396edbfc34bb757 body: > - These packages also install kernel images into the boot directory in the + These packages also install kernel images into the boot + directory in the root partition, overwriting the initramfs kernel installed by @@ -8352,7 +8537,8 @@ - subject: "meta-balena-kirkstone: use upstream kernel-devsrc recipe" hash: d7656e313c88dd2b751d8e269a7f9dd049fbd4d4 body: > - This recipe was brough-in when the default meta-balena version was still + This recipe was brough-in when the default meta-balena version + was still behind the upstream version introducing it. footer: @@ -8365,7 +8551,8 @@ - subject: "meta-balena-kirkstone: use the procps recipe from upstream" hash: 871fc59292c9ca0673bae3486022d36751478a7d body: > - This recipe was useful until poky modified the procps recipe to include + This recipe was useful until poky modified the procps recipe to + include just the ps utility. footer: @@ -8389,7 +8576,8 @@ - subject: "classes: image-balena: Fix journal blocks calculation" hash: b890cab9e4c5b364944e520ed4034ce71932f0bc body: > - Replace a static check for the "honister" distro name with a version + Replace a static check for the "honister" distro name with a + version check on dumpe2fs which does not need further maintenance. footer: @@ -8430,7 +8618,8 @@ - subject: "balena-supervisor: Allow network use in install task" hash: 817c68135f5a96a4fc1673175bee25402fc58801 body: > - This recipe checks the API for the supervisor version so it must be + This recipe checks the API for the supervisor version so it must + be allowed network access. footer: @@ -8545,7 +8734,8 @@ - subject: "bluez5: update to 5.64" hash: f70ef8d009461fb5c25fec23ee51a56a3d50a2a6 body: > - We keep the bluez recipe in meta-balena so we can use the same version + We keep the bluez recipe in meta-balena so we can use the same + version independently of the Yocto version and integration layer used. footer: @@ -8595,7 +8785,8 @@ - subject: "core: Copy all files/directories except those in dockerignore" hash: d65bfbb94cab3cbfa676f53b42b85969bde41e58 body: > - In some situations the contracts submodule may not exist so this + In some situations the contracts submodule may not exist + so this will prevent the docker build from failing. footer: @@ -8767,7 +8958,8 @@ - subject: "udev: run resin-update-state after md assemble" hash: 09a985b3847b887ae47047c011057372cfee993e body: > - Run the resin-update-state rules that create the by-state links after md + Run the resin-update-state rules that create the by-state links + after md arrays are assembled. This fixes state link creation when running on a @@ -8956,7 +9148,8 @@ - subject: "meta-resin-sumo: libmbim: use v 1.24.2" hash: 1fe708b4bf84e60032c4e7f52316632a49ecc490 body: > - The current meta-balena libmbim is not compatible with sumo's libc + The current meta-balena libmbim is not compatible with sumo's + libc version. footer: @@ -9004,7 +9197,8 @@ - subject: "compose: qemu: enable loopback and metadata devices" hash: 962a1705b11457c7d9a87c17cc9e3bf1671d2257 body: > - Copied from https://github.com/balena-os/leviathan-worker/pull/21 + Copied from + https://github.com/balena-os/leviathan-worker/pull/21 footer: Change-type: patch change-type: patch @@ -9068,7 +9262,8 @@ - subject: Use a lightweight Engine healthcheck hash: 7146e4614c2658d6f7d5384602eb8ad213e08759 body: > - Previously, our healthcheck verified if we were able to start a new + Previously, our healthcheck verified if we were able to start a + new container. This had two downsides: @@ -9099,7 +9294,8 @@ - subject: Make Engine watchdog termination graceful hash: 9e322ee25bf50949880446f4fb85d1d8e864da37 body: > - With `WatchdogSignal=SIGTERM` systemd will send a SIGTERM and give the + With `WatchdogSignal=SIGTERM` systemd will send a SIGTERM and + give the Engine 90 seconds to gracefully shutdown before sending a SIGKILL. We @@ -9206,7 +9402,8 @@ - subject: "barys: Add balena-rust to syntax conversion step" hash: 2fb2b25a2bc6c226f3d4d570a2bfb261585ed283 body: > - Recent versions of meta-balena include a balena-rust layer used to + Recent versions of meta-balena include a balena-rust layer used + to specify a distro-set Rust version across all supported Yocto versions @@ -9238,7 +9435,8 @@ - subject: "meta-balena-rust: Link to meta-rust" hash: 83bd38733af9063c5d29d90fc0695838e4b718d3 body: > - This is a temporary way that will allow to update the bblayers.conf of + This is a temporary way that will allow to update the + bblayers.conf of device type repositories to include meta-balena/meta-balena-rust while @@ -9427,7 +9625,8 @@ - subject: "generic-amd64: match genericx86-64-ext connectivity" hash: ed449edbd6504f97e94f11f1f97075582cf27e7b body: > - Disable bluetooth/wifi in generic-amd64 to match genericx86-64-ext. + Disable bluetooth/wifi in generic-amd64 to match + genericx86-64-ext. footer: Change-type: patch change-type: patch @@ -9437,7 +9636,8 @@ - subject: "generic-amd64: update name to include GPT qualifier" hash: ab8af4bff6ccff7d650c794ec8dc3e31be6f1671 body: > - Update the long name for generic-amd64 to include the MBR qualifier, + Update the long name for generic-amd64 to include the MBR + qualifier, matching the device type coffeescript file. @@ -9452,7 +9652,8 @@ - subject: "genericx86-64-ext: update name to include MBR qualifier" hash: d511fa372a606ddbc1814b35d109c4cc0aef57e2 body: > - Update the long name for genericx86-64-ext to include the MBR qualifier, + Update the long name for genericx86-64-ext to include the MBR + qualifier, matching the device type coffeescript file. @@ -9621,7 +9822,8 @@ - subject: "balena-config-vars: Provide FAT safe filesystem access alternatives" hash: 09ddd9c7d9e9cce2e9956d15644931d879ce0ad3 body: > - The boot partition is currently a FAT filesystem that does not support + The boot partition is currently a FAT filesystem that does not + support atomic writes. To prevent corruption, this commit introduces a fatrw @@ -9638,7 +9840,8 @@ - subject: "fatrw: Add recipe" hash: c8312e6a8a6b20d5534754ab2930463b302c87d4 body: > - Builds a CLI application to perform atomic writes to FAT filesystems. + Builds a CLI application to perform atomic writes to FAT + filesystems. footer: Change-type: patch change-type: patch @@ -9653,7 +9856,8 @@ - subject: "test: os: chrony: Double the wait for time skew test" hash: 756b5eba8d3b197f56688be030b522f94a628c42 body: > - Including the 2min systemd watchdog timer, plus 60 attempts to sync + Including the 2min systemd watchdog timer, plus 60 attempts to + sync the time via chronyc waitsync, it may take longer than expected to @@ -9668,7 +9872,8 @@ - subject: "os: tests: chrony: Wrap disable/enable NTP in test conditions" hash: 6d51bd39d02898a3a50f8b5ff133a283b0368463 body: > - This allows us to catch if one of the enable/disable steps has failed + This allows us to catch if one of the enable/disable steps has + failed and includes time to execute. footer: @@ -9815,7 +10020,8 @@ - subject: "balena-config-vars: Do not use cache in flasher images" hash: c99ac402222d3187f5b7c71d6a40400328fd3327 body: > - Flasher images use an alternative configuration storage so skip caching. + Flasher images use an alternative configuration storage so skip + caching. footer: Change-type: patch change-type: patch @@ -9865,7 +10071,8 @@ - subject: 'Revert "patch: Increase timeout for worker connections"' hash: 5e98079b8a44b2470c8edc9ac6e4ab65b9a6da96 body: > - This reverts commit 87a741fd22a78c190bec59fa6628de921ac2809f. + This reverts commit + 87a741fd22a78c190bec59fa6628de921ac2809f. This change didn't actually help to resolve the original ETIMEDOUT @@ -9924,7 +10131,8 @@ - subject: "core: worker: add retryOptions to executeCommand methods" hash: 2f2d7a8b99fcaffc22d0032f9102e194160f7e1f body: > - The executeCommand family of methods default to retrying on failure. In + The executeCommand family of methods default to retrying + on failure. In some cases, such as in the ssh-auth test in the cloud test suite, we @@ -9952,7 +10160,8 @@ - subject: "tests: cloud: fix production mode ssh test" hash: 916d400456ef2cb58f13c7b8b6e542c23b57e8c2 body: > - This test was broken previously, and would fail with "All configured + This test was broken previously, and would fail with "All + configured authentication methods failed" after a long delay caused by excessive @@ -9984,7 +10193,8 @@ - subject: Create empty configuration units hash: 7fa2152878de1f40df40dc6db74fc77e02480967 body: > - By creating empty configuration units when no configuratin is applied to + By creating empty configuration units when no configuratin is + applied to a service instead we avoid regenerating them at boot if stored in @@ -9999,7 +10209,8 @@ - subject: Make configuration units storage path a distro setting hash: a5a9b3cf31b92e31f91eb6d4c99c9a2cc42b1257 body: > - This allows for specific devices to override the defaults, which is to + This allows for specific devices to override the defaults, which + is to store configuration units on volatile memory re-generating them every @@ -10019,7 +10230,8 @@ - subject: "balena-configurable: Generate initial unit configuration file" hash: f59f2f1716f0c59ac4e21cb35ebf1b34ad8a945e body: > - Before starting services generate the initial unit configuration file. + Before starting services generate the initial unit configuration + file. footer: Change-type: patch change-type: patch @@ -10030,7 +10242,8 @@ - subject: "balena-units-conf: Add script to generate configuration units" hash: 0de0d36727f13d8229e6f4936cc8ff14fdb4e204 body: > - Separate the generation of configuration units before a service has been + Separate the generation of configuration units before a service + has been started, from the processing of configuration changes. footer: @@ -10055,7 +10268,8 @@ time" hash: a0bbe0038b2bf99f0845095c42a9dca517293049 body: > - Currently `os-config-json` is also parsing `units-conf.json` at runtime. + Currently `os-config-json` is also parsing `units-conf.json` at + runtime. This is expensive to do for smaller devices, so this commit performs the @@ -10101,7 +10315,8 @@ - subject: "balena-config-vars: Split static defaults into a different file" hash: bfe134f8dc24bb3bab5cef8e1b82a6844e1e5de3 body: > - This allows to source the static configuration without having to parse + This allows to source the static configuration without having to + parse config.json which is expensive for smaller devices. footer: @@ -10137,7 +10352,8 @@ - subject: "balena-config-vars: Cache environment in memory file" hash: fe1581bf347fd354e806eb617ee6c446d22b52cb body: > - Executing balena-config-vars is quite taxing for smaller devices. For + Executing balena-config-vars is quite taxing for smaller + devices. For example a RaspberryPi Zero. @@ -10216,7 +10432,8 @@ - subject: "core: Reduce the interval for sdk.executeCommandInHostOS" hash: 72d3ff016213b88f6a552761536a697cbec98b03 body: > - Maintaining the total time of 600s but reducing the interval + Maintaining the total time of 600s but reducing the + interval from 10s to 1s to catch successful commands faster. footer: @@ -10229,7 +10446,8 @@ - subject: Revert "reduce ssh retries" hash: 47ca4a05ad2c970fa71dc5819c04fbfa46489a3b body: > - This reverts commit ca1a9238fd59fb3b46321f36a157021c705d1605. + This reverts commit + ca1a9238fd59fb3b46321f36a157021c705d1605. footer: Change-type: patch change-type: patch @@ -10415,7 +10633,8 @@ - subject: "balena-api: On hostapp creation, set class to app" hash: 3bb4995b8bedcfe83b75c3ef6151725828dd1eb8 body: > - Applications can be fleet, blocks or apps, and hostapps need to be set + Applications can be fleet, blocks or apps, and hostapps need to + be set as apps. footer: @@ -10535,7 +10754,8 @@ - subject: "balena-deploy: Use balena-img instead of resin-img" hash: 93a91f27b8538d60b45d0f25eb1fddf512e31e52 body: > - The resin-img is no longer maintained and the deployment of raw images + The resin-img is no longer maintained and the deployment of raw + images as well as flasher requires features only available in balena-img. footer: @@ -10593,7 +10813,8 @@ - subject: "balena-deploy: pin balena-img to v4.1.2" hash: 5a9efbc151127e6bb806627ba4949327cd54b776 body: > - Pin balena-img to v4.1.2, to ensure that upstream changes never break + Pin balena-img to v4.1.2, to ensure that upstream changes never + break the deployment. footer: @@ -10606,7 +10827,8 @@ - subject: "balena-deploy: s/resin-img/balena-img" hash: c632941d9f54549df6e9464b317c18bf6a313040 body: > - As part of rebranding, resin docker repos were renamed to balena, and + As part of rebranding, resin docker repos were renamed to + balena, and resin/resin-img no longer receives updates. Change the image we pull to @@ -10677,7 +10899,8 @@ BALENA_BOOT_MOUNTPOINT" hash: 8e4ed15d512304498540fd30c280a5f000dc4ba9 body: > - BOOT_MOUNTPOINT is no longer exported in the configuration environment. + BOOT_MOUNTPOINT is no longer exported in the configuration + environment. footer: Change-type: patch change-type: patch @@ -10738,7 +10961,8 @@ - subject: "tests: os: make apiKey an optional parameter" hash: 5b959d374810ab1d5e82d3017b91e678d50e4a2d body: > - When accessing a test device as part of a fleet, a cloud API key is + When accessing a test device as part of a fleet, a cloud API key + is required in order to generate an SSH key and access the device through @@ -10829,7 +11053,8 @@ - subject: "tests: os: config-json: fix race in udevRules test" hash: 8825d721ca64d523dc6faf8c317f4a09796457b6 body: > - Readlink can fail when the path is non-existent, raising an error and + Readlink can fail when the path is non-existent, raising an + error and making the udevRules test fail. Test that the link exists before @@ -10860,7 +11085,8 @@ - subject: "tests: os: modem: reduce time taken scanning for modems" hash: 7cb747bfadba14447cb682cfd15e0a15df0e3545 body: > - Reduce the interval between scans as well as the maximum number of scans + Reduce the interval between scans as well as the maximum number + of scans for modems, reducing the time spent waiting when no modem is present @@ -10888,7 +11114,8 @@ - subject: "core: worker: simplify rebootDut" hash: 55981700fb4c90a1f81192a44725f2c2d49e6135 body: > - worker.rebootDut() contains retry logic using utils.waitUntil() wrapping + worker.rebootDut() contains retry logic using + utils.waitUntil() wrapping this.executeCommandInHostOS(). The latter contains its own retry logic, @@ -10907,7 +11134,8 @@ - subject: "core: worker: reduce interval in executeCommandInHostOS" hash: 7f8b371b3035eed2b32011295768d5bec19ba1ba body: > - The default interval for retrying this command is 5s, with a total + The default interval for retrying this command is 5s, + with a total timeout of 2m30s. Reduce the timeout to 1s to reduce latency for the @@ -10950,7 +11178,8 @@ - subject: "tests: os: chrony: block NTP by disabling DNS resolution" hash: 78b393841a787f4ead18e9850488a23a4779cfd7 body: > - Certain chrony tests require the ability to block NTP requests. Switch + Certain chrony tests require the ability to block NTP requests. + Switch from blocking these requests using iptables rules to simply stopping the @@ -11049,7 +11278,8 @@ - subject: "base-files: Fix syntax in mdns.allow addition" hash: 144bfbf7c0426440351802d52183c3eeefcd060f body: > - The mdns.allow overwrite was not being properly applied on newer Yocto + The mdns.allow overwrite was not being properly applied on newer + Yocto versions. footer: @@ -11062,7 +11292,8 @@ - subject: "efitools: Fix append syntax" hash: 30053e1c43d8adba236e52a33416e601cdcfd9f8 body: > - The efitools package was already correctly build for x86_64, so this + The efitools package was already correctly build for x86_64, so + this flag is most likely a noop. footer: @@ -11079,8 +11310,8 @@ - subject: "resindataexpander: Move get_part_table_type to os-helpers-fs" hash: 7fc9af86c8b994ac61fe376ec8e63d6095dda3de body: > - This is useful outside of the expander script, specifically in the - init-board + This is useful outside of the expander script, specifically in + the init-board script in device repos. footer: @@ -11097,7 +11328,8 @@ - subject: "balena-efi.service: Mount if /mnt/boot/EFI is a symlink" hash: 9a873418d094b8b951535c52154be71f8b295c31 body: > - This changes the condition in the unit file from checking whether + This changes the condition in the unit file from checking + whether /dev/disk/by-state/balena-efi exists to checking whether /mnt/boot/EFI @@ -11131,7 +11363,8 @@ - subject: "grub-efi: disable shim_lock when in secure boot mode" hash: dd0c128664a4b5cb004cd154f4dabc627d1f6e77 body: > - Recent versions of GRUB default to use shim_lock when in secure boot mode. + Recent versions of GRUB default to use shim_lock when in secure + boot mode. We do not use shim and do not build the shim_lock module into GRUB EFI binary @@ -11183,7 +11416,8 @@ - subject: "core: worker: handle all local connections the same" hash: 7b6eee28e6d0db63ca3ec7f6046aad46a12b7eaa body: > - Create a directConnect variable that indicates whether we're connecting + Create a directConnect variable that indicates whether + we're connecting to a local instance of the worker server, including if the connection is @@ -11370,8 +11604,8 @@ - subject: Add Python v3.10.5 and v3.9.13 hash: 971223d30b9bf7391ffe57b36182c4857bf4c3aa body: > - Update checksum for v3.8.13 and v3.7.13 since they were rebuilt to add - tkinter modules + Update checksum for v3.8.13 and v3.7.13 since they were rebuilt + to add tkinter modules footer: Change-type: patch change-type: patch @@ -11424,7 +11658,8 @@ - subject: "chronyd: Add time synchronization healthcheck" hash: e2a0fb8ebd45400789ab466dbbe0e70da7fa6165 body: > - Add a healthcheck that will check that the NTP sources are reachable + Add a healthcheck that will check that the NTP sources are + reachable and the system time does not skew. @@ -11474,7 +11709,8 @@ - subject: "tests: os: chrony: reduce delays and retries" hash: 1064fd20a474af3aac8253f34cf543fb78725f9f body: > - When calling waitUntil(), reduce calling intervals and the total number + When calling waitUntil(), reduce calling intervals and the total + number of retries. This effectively halves the runtime for these tests, as the @@ -11562,7 +11798,8 @@ - subject: Add build and deploy workflow hash: e4053e7090864d8c30ea133db555ec1222d32913 body: > - This workflow will launch a Jenkins build and draft deploy job when a new + This workflow will launch a Jenkins build and draft deploy job when a + new tag is made. footer: @@ -11679,7 +11916,8 @@ - subject: "tests: hup: reduce delay between retries" hash: cb48541fa98093f6ce97419b8304469a4b3bb7ab body: > - Reduce delay between retries when using waitUntil, reducing latency and + Reduce delay between retries when using waitUntil, reducing + latency and test runtime. footer: @@ -11696,7 +11934,8 @@ - subject: "tests: cloud: reduce waitUntil interval" hash: 34f77b125c97d82e182bca1cee94fddc49ad5b07 body: > - When the promise called in waitUntil fails, the function defaults to a + When the promise called in waitUntil fails, the function + defaults to a 30s interval before trying again. Reduce this to a 5s interval w/ @@ -11796,7 +12035,8 @@ - subject: "os: waitForServiceState: fix missing rejectionFail" hash: 6bd43901e2d460c4e3df2a83734213ab62523689 body: > - utils.waitUntil expects rejectionFail before _times and _delay, include + utils.waitUntil expects rejectionFail before _times and _delay, + include this argument to ensure the later arguments have the intended effect footer: @@ -11834,9 +12074,9 @@ - subject: Remove the wrapper shim that base images have around sh on first run hash: cb3c0138081af7b73498e22f201af71277ec532c body: > - The wrapper will potentially break other packages that expect sh to be a - real shell (In case the real sh shell binary is not restored - yet) + The wrapper will potentially break other packages that expect sh + to be a real shell (In case the real sh shell binary is not + restored yet) footer: Change-type: patch change-type: patch @@ -11896,7 +12136,8 @@ - subject: "balena-lib: release_finalize: Do not retag phase for ESR branch patch" hash: ffdcb572e75b6bddc890710a6c1e4702d08a86a7 body: > - When we patch an ESR branch, for example from v2022.1.0 to v2022.1.1, + When we patch an ESR branch, for example from v2022.1.0 to + v2022.1.1, do not update the next, current, sunset ESR phases as they remain the @@ -11927,7 +12168,8 @@ - subject: "balena-lib: balena_lib_release_finalize: Pass the correct arguments" hash: e28b745d4ba121b639ba79dad2377f051fe5d3e2 body: > - The balena_api_fetch_fleet_tag requires a slug as first argument, not + The balena_api_fetch_fleet_tag requires a slug as first + argument, not a fleet that can contain the organization too. footer: @@ -11940,7 +12182,8 @@ - subject: "balena-lib: Tag ESR fleets with patch independent tags" hash: d51ecb6d91fe6ecf91de1ecde4fff700f7f88e67 body: > - Otherwise patch updates of ESR branches move the ESR phase when they + Otherwise patch updates of ESR branches move the ESR phase when + they should not. For example, if 2022.1.1 is current, 2022.1.2 is also @@ -12062,7 +12305,8 @@ - subject: "tests: os: config-json: fix race by waiting for InvocationID change" hash: a8303039013b6252680eb48a139e46a358506949 body: > - When tests execute quicker, a race condition can occur where config.json + When tests execute quicker, a race condition can occur where + config.json is edited to remove the dnsServers property, but /run/dnsmasq.servers is @@ -12091,7 +12335,8 @@ - subject: "tests: os: reformat config-json tests" hash: 440b799974eaf237664db1813d1ebc0bff3a46b9 body: > - Reformat config-json tests w/ await where variables aren't passed to + Reformat config-json tests w/ await where variables aren't + passed to chained promises. footer: @@ -12120,7 +12365,8 @@ - subject: "balena-lib: Check versions before finalizing" hash: 0ae1389a69b857b466b4eef81396d5f1b6bc4ae6 body: > - Only allow to finalize draft releases that have matching semver with + Only allow to finalize draft releases that have matching semver + with the device repository being deployed. footer: @@ -12133,7 +12379,8 @@ - subject: "balena-deploy-block: Do not always finalise on deploy" hash: 754833d6ef773b68a9eecafb426783ac70eb8767 body: > - Introduce a new final step after draft deployment to finalise releases. + Introduce a new final step after draft deployment to finalise + releases. footer: Change-type: patch change-type: patch @@ -12144,7 +12391,8 @@ - subject: "balena-deploy-block: Add OS version to contract" hash: 2c692984079215c2c916c5e4df79e200486be1ff body: > - If there is an OS contract, add the OS version we are building for. + If there is an OS contract, add the OS version we are building + for. footer: Change-type: patch change-type: patch @@ -12165,7 +12413,8 @@ - subject: "balena-lib: Build contracts" hash: b8c08faf2a86434793bcad67e063ade9754142ff body: > - Add a function to build all OS contracts and return the one for the + Add a function to build all OS contracts and return the one for + the specified slug. footer: @@ -12205,7 +12454,8 @@ - subject: Remove localMode setting from standalone image configuration hash: 26aa3caf4e4d649d323e57c21f818ca83a9b9b13 body: > - The `localMode` variable in `config.json` is not longer used and it can + The `localMode` variable in `config.json` is not longer used and + it can be removed @@ -12239,7 +12489,8 @@ - subject: "sw.os-image: Add balena-image software image" hash: 4473a99902a3793a33b63300778ad0118b8366cf body: > - This is used by the OS builders to deploy releases. This contract contains + This is used by the OS builders to deploy releases. This + contract contains details related to the balena-image artifact generated in the balenaOS @@ -12293,7 +12544,8 @@ - subject: Fix "slice bounds out of range" while applying deltas hash: 6f12d0abb3e438f26a18eee9bbaeca9c4702f7e7 body: > - The root cause of this issue was an integer overflow in 32-bit platforms + The root cause of this issue was an integer overflow in + 32-bit platforms -- specifically, when explicitly converting `io.Reader` offsets @@ -12380,7 +12632,8 @@ - subject: "worker: qemu: add new qemu firmware paths" hash: b19831d5209962eb729ffa55851b593e632a70d8 body: > - Search for firmware shipped as part of QEMU package to enable + Search for firmware shipped as part of QEMU package to + enable cross-platform emulation with UEFI. footer: @@ -12413,7 +12666,8 @@ - subject: "make: Do not assume qemu DUT arch will match the host" hash: 4aac404ff5e221eecef289d07339532335532543 body: > - When KVM is not used we can easily emulate generic-aarch64 + When KVM is not used we can easily emulate + generic-aarch64 on x86_64 hosts so avoid tying the host and target architectures @@ -12569,7 +12823,8 @@ - subject: "os-config: Randomize the timer period" hash: 6a9a456869ac37367058ea56bbf24d33a2cf42f2 body: > - To avoid all devices fetching configuration settings at the same time, + To avoid all devices fetching configuration settings at the same + time, distribute the timer adding a random time between 0 and 6 hours. footer: @@ -12832,7 +13087,8 @@ - subject: Avoid splash image failures if image is corrupt hash: a5ede01b18abd5e079361d24f2f8f5368d23da6d body: > - Splash image backend would throw if the image is not a valid png during + Splash image backend would throw if the image is not a + valid png during the write step. This could prevent the device from provisioning if some @@ -12849,7 +13105,8 @@ - subject: Use write + sync when writing configs to /mnt/boot hash: c04955354a76ab32ab5dc52062fdf72d668f7c3b body: > - This commit updates all backends that write to /mnt/boot to do it + This commit updates all backends that write to /mnt/boot + to do it through a new `lib/host-utils` module. Writes are now done using write + @@ -13018,8 +13275,8 @@ - subject: Explain /v2/state/status's status field in its response hash: 27249c278555c46154d1e917e769dd3fb9d2dcfc body: > - The status field does not indicate the current state of the Engine on the - device. + The status field does not indicate the current state of + the Engine on the device. Rather, it only indicates whether the HTTP response returned successfully or not. @@ -13053,8 +13310,8 @@ - subject: Add lockfile binary and internal lib for interfacing with it hash: 51e63ea22b876580de276808eca891ff6ab2a6c5 body: > - The linked issue describes the Supervisor not cleaning up locks it creates - due + The linked issue describes the Supervisor not cleaning + up locks it creates due to crashing at just the wrong time. After internal discussion we decided to @@ -13089,7 +13346,8 @@ - subject: Add system id/model support for Compulab IOT-gate hash: e6fa22306b9e2b55480772560e62bb8e8988b529 body: > - dmidecode for alpine 3.11 doesn't work in this device type. This change + dmidecode for alpine 3.11 doesn't work in this device + type. This change moves to using `/proc/device-tree/product-sn` and @@ -13124,7 +13382,8 @@ - subject: Fix database migration for legacyApps hash: eee24604459440569dee455db918d6901ea86645 body: > - Migration `M00008` had a bug with the check for legacy apps, which + Migration `M00008` had a bug with the check for legacy + apps, which resulted in devices that had at some point been updated from a single @@ -13155,7 +13414,8 @@ - subject: Add support for GET v3 target state hash: 7425d1110b719dffd132c681c6e0c28fcc218dea body: > - This change updates types and database format in order to allow + This change updates types and database format in order + to allow receiving the new format of the target state from the cloud and allow @@ -13512,7 +13772,8 @@ - subject: "networkmanager: Use default DHCP timeout" hash: 6175420731baa349c8d197151189462a23b2f460 body: > - This reverts 5047757 where we set the global DHCP timeout for ipv4 to + This reverts 5047757 where we set the global DHCP timeout for + ipv4 to infinity to mitigate problems with routers that do not respond to DHCP @@ -13547,7 +13808,8 @@ - subject: Disable Engine startup timeouts hash: c4ce541526455c8cb891e7c76889e0d4cb2735b1 body: > - There are known situations in which balenaEngine times out during + There are known situations in which balenaEngine times out + during initialization (for example, during aufs to overlayfs migrations, or @@ -13605,7 +13867,8 @@ - subject: "tests: os: Remove sshKeys test" hash: 579aef0199ed91f31bca301f7dc8ebd517594583 body: > - This is replaced by an SSH authentication test in the cloud suite, which + This is replaced by an SSH authentication test in the cloud + suite, which is more comprenhensive. footer: @@ -13618,7 +13881,8 @@ - subject: "tests: cloud: Add SSH authentication tests" hash: e9f125a67aa61136fe36a5844ca751984ab679aa body: > - This new test validates SSH authentication both in production and + This new test validates SSH authentication both in production + and development mode. @@ -13635,7 +13899,8 @@ configuration" hash: 0856b6e7acbe41a1bc60afb26906ee5bf9b253a9 body: > - The behaviour of the SSH connection depends on whether custom keys are + The behaviour of the SSH connection depends on whether custom + keys are present or not. This commit calls out to generate the development mode @@ -13653,7 +13918,8 @@ - subject: "development-features: use os-helpers-devmode include file" hash: afb63f9bfb794fa7af14c6e03bf29e85705dbf7f body: > - The development mode configuration file is now generated on a helper + The development mode configuration file is now generated on a + helper script. footer: @@ -13666,7 +13932,8 @@ - subject: "os-helpers: Add os-helpers-devmode" hash: dfaef0b9c7d07b31f254c2f9592772a58562f9e9 body: > - This extracts the generation of the development mode configuration file + This extracts the generation of the development mode + configuration file so it can be shared. footer: @@ -13745,7 +14012,8 @@ - subject: Log more info upon when raising errRootFSMismatch hash: ab3db5c03663e0b2ee35213ceebf9038e4af6b62 body: > - We currently do not log any information to help us understanding the + We currently do not log any information to help us + understanding the underlying issue -- not even to identify what is the exact point in @@ -13836,7 +14104,8 @@ - subject: "resin-device-register: avoid blocking the flasher when not connected" hash: b5c521404c14df8a5d14e2789c97eebe79eb7d96 body: > - Starting with v2.91.6 device provisioning will not start if the device + Starting with v2.91.6 device provisioning will not start if the + device was unable to register in the cloud due to lack of internet connectivity. @@ -13928,8 +14197,8 @@ - subject: "grub-efi: Remove patch passing secure boot status to the kernel" hash: fb171dc507348e11ab2c6ed894289f51689fc874 body: > - This was originally introduced in combination with a kernel patch - backported + This was originally introduced in combination with a kernel + patch backported from Red Hat kernel that would enable kernel lockdown when secure boot @@ -14048,7 +14317,8 @@ development mode" hash: 8c7bd8d87d0db97851528f97c4853097c63273e4 body: > - A legacy development image will update to development mode enabled + A legacy development image will update to development mode + enabled independently of whether the newOS is configured for development mode or @@ -14087,7 +14357,8 @@ - subject: "update-balena-supervisor: Support passing command line image argument" hash: 227fea72a17c00bcd7e8ee069414ccc006703072 body: > - For balena-cloud managed devices, the supervisor update data is managed + For balena-cloud managed devices, the supervisor update data is + managed by the API. @@ -14248,8 +14519,8 @@ - subject: "tests: Cleanup suites config to support both testbot and qemu workers" hash: e48e71e0bd2533806e7eff31f74b3e3a243e9493 body: > - This avoids having to make perl regex changes in yocto-scripts or in - Jenkins. + This avoids having to make perl regex changes in yocto-scripts + or in Jenkins. footer: Change-type: patch change-type: patch @@ -14270,7 +14541,8 @@ - subject: "tests/hup: Update hup suite to support core on client" hash: 2f386863408f32b0197090e786c46605e2ab7fcb body: > - This also removes the need for a registry and performs hup from file. + This also removes the need for a registry and performs hup from + file. footer: Change-type: patch change-type: patch @@ -14309,7 +14581,8 @@ - subject: Use by-state symlink for mounting the EFI partition when split hash: 42d8ac8daaee2a67d5666c7220e1b9cd0e013e6e body: > - In the current state the by-state symlink for balena-efi partition + In the current state the by-state symlink for balena-efi + partition is not generated for two reasons: @@ -14331,7 +14604,8 @@ - subject: "os-helpers: add TPM2 helpers" hash: 78f7da3a3cdf1942861195238a6cea691899a140 body: > - This helps with code duplication in flasher and initrd scripts using + This helps with code duplication in flasher and initrd scripts + using the TPM to manipulate LUKS passphrase. footer: @@ -14428,7 +14702,8 @@ - subject: "balena-image: Default image type to balenaos-img" hash: a3c276a1058d05e66991871bf167079fc2824843 body: > - This avoids device repositories having to specify it, and it can always + This avoids device repositories having to specify it, and it can + always be overwritten in append files. footer: @@ -14441,7 +14716,8 @@ - subject: Remove legacy resinhup images. hash: d895c90e6382da56f7327305b3def4ab5b37742c body: > - These image types are no longer generated and are not used for hostOS + These image types are no longer generated and are not used for + hostOS updates any longer. footer: @@ -14503,7 +14779,8 @@ - subject: Add troubleshooting notice for macOS hash: 6ab314f8c0af647cdb0537b6a396ccb3d5ce060f body: > - When developing on macOS (Darwin) DBus may have to be installed. + When developing on macOS (Darwin) DBus may have to be + installed. footer: Change-type: patch change-type: patch @@ -14526,8 +14803,8 @@ - subject: Add update lock check to PATCH /v1/device/host-config hash: 5f1a77da25b9d0bd07c2fbec85cb5deefae18884 body: > - This is necessary with the changes as of balenaOS 2.82.6, which watches - config.json + This is necessary with the changes as of balenaOS + 2.82.6, which watches config.json and will restart balena-hostname and some other services automatically on file change. footer: @@ -14546,7 +14823,8 @@ - subject: Add support for local ipv6 reporting hash: 72f6cbe4c7225623ed99083d20c4a2cb2f3b70ac body: > - With more and more devices in ipv6 only networks, this ensures the + With more and more devices in ipv6 only networks, this + ensures the local addresses are reported to the cloud as part of the state patch. footer: @@ -14609,7 +14887,8 @@ - subject: "storagemigration: keep going if migration fails" hash: 2bde63c800b1df72fba7161d62b5b6da84a8d390 body: > - the only hard error is if rollback (failcleanup) fails, in all other + the only hard error is if rollback (failcleanup) fails, + in all other scenarios we want the daemon to continue starting with the new @@ -14624,7 +14903,8 @@ - subject: "graphdriver/copy: fix handling of sockets" hash: 17a198cb53a53da456c848bf303dc3917ca538c5 body: > - previously switch would treat S_IFIFO and S_IFSOCK as the same, passing + previously switch would treat S_IFIFO and S_IFSOCK as + the same, passing both of the to mkfifo, which lead to EINVAL errors when trying to create @@ -14655,7 +14935,8 @@ - subject: Prune Jenkinsfile hash: ea14e503181bbb248a4bed1b86a227d9c214cbfb body: > - we are not using it for our CI, and it confuses jenkins set up on the + we are not using it for our CI, and it confuses jenkins + set up on the balena-os org footer: @@ -14683,7 +14964,8 @@ - subject: "storagemigration: capture failcleanup logs in logfile" hash: 4f7f543eff08766bc584024afdb57760dfb52130 body: > - reorder the defer statements in the migrate function to only teardown + reorder the defer statements in the migrate function to + only teardown the logger after the failcleanup function ran. otherwise errors logged @@ -14698,7 +14980,8 @@ - subject: "storagemigration: move logic to package" hash: 001835bf61172fdcfdb0416e000852ff05683c71 body: > - This brings all migration logic into a single call into the + This brings all migration logic into a single call into + the storagemigration package, which should make future maintenance easier @@ -14723,7 +15006,8 @@ - subject: Make layer download resuming more resilient hash: 582487f832c59c2f734a780ab0492833f29002c9 body: > - This commit changes the way we retry layer downloads after failures with + This commit changes the way we retry layer downloads + after failures with the goal of making it more resilient, especially for cases involving @@ -14792,7 +15076,8 @@ - subject: "storagemigration: defer commit to next start" hash: bd1628e67136b78ca7e7c83c5569666207d28a84 body: > - With this change the aufs data is kept around until the next time we + With this change the aufs data is kept around until the + next time we start. If we find both an aufs AND an overlay2 storage root, we cleanup @@ -14807,7 +15092,8 @@ - subject: Lock destination layers while delta is being processed hash: 0ad4281e11e4d3ef263010787aecd244c0ce333d body: > - During fingerpinting of the source image the destination layers are not + During fingerpinting of the source image the destination + layers are not exepmt from being released (e.g. when `balena image rm `) is run @@ -14828,7 +15114,8 @@ - subject: Add aufs to overlay2 migrator hash: b3a976b1294469e75222752bdc1fdc06bfcc97b8 body: > - The main logic is under pkg/storagemigration. This is able to seamlessly + The main logic is under pkg/storagemigration. This is + able to seamlessly migrate images and containers from AUFS to overlay2. footer: @@ -14872,7 +15159,8 @@ - subject: "top_unix.go: allow busybox ps with no args" hash: 6617c4d76d275e05d6055d91aabbd7df25332342 body: > - Busybox in balenaOS is compiled with desktop mode disabled, + Busybox in balenaOS is compiled with desktop mode + disabled, so features like `-ef` and providing pids via `-q` are not @@ -14962,7 +15250,8 @@ - subject: Add integration tests for hostapp handling hash: 0c18f60f1124567e51c752bb76d801c97bef5916 body: > - This refactors mobynit to allow for testing parts of it from + This refactors mobynit to allow for testing parts of it + from the integration tests. @@ -14977,8 +15266,8 @@ - subject: Fix container data deletion hash: bbdf9e2137de87696d758847a2eb544eb04d828e body: > - Previous implementation was not comparing graphdriver content to - layerStore mounts. + Previous implementation was not comparing graphdriver + content to layerStore mounts. footer: Change-type: patch change-type: patch @@ -15009,7 +15298,8 @@ - subject: "layer: Remove unreferenced driver layers on create" hash: 152736dfbb764e6c74f1afc71df853e93488a91f body: > - Earlier engine versions were not properly persisting cacheID + Earlier engine versions were not properly persisting + cacheID in layer metadata. As a result, because of abruptly terminated transactions, @@ -15027,7 +15317,8 @@ - subject: "layer: Prune unused data on layer store creation" hash: 01e4688f8c4f42e769d319353accdc0c34ffcc0b body: > - When layer store is created, its tmp directory may contain information + When layer store is created, its tmp directory may + contain information about transactions that were abruptly treminated during the previous process run. @@ -15044,8 +15335,8 @@ - subject: "layer: Persist cacheID early on transaction start" hash: b1709e0881b3ed61c1608ef5ed19acf8008b2275 body: > - If the engine process is terminated during the layer extraction - transaction, + If the engine process is terminated during the layer + extraction transaction, before Commit or Cancel is called on the transaction, a new FS layer can be created @@ -15115,7 +15406,8 @@ - subject: "contrib: Add balena-engine version of dind container" hash: ef813f867206df9ae6f3ddf1cb5d3915f8718cc5 body: > - This modifies https://github.com/docker-library/docker for balena-engine + This modifies https://github.com/docker-library/docker + for balena-engine footer: Change-type: patch change-type: patch @@ -15126,7 +15418,8 @@ - subject: "build.sh: Disable btrfs,zfs,devicemapper graphdrivers" hash: 88a5416e94945bc6998ba00723da26b738eb5bcd body: > - We don't support these on balenaOS anyway and we are planning to drop + We don't support these on balenaOS anyway and we are + planning to drop support for them once we move to the new balenaCI-based pipeline. footer: @@ -15163,7 +15456,8 @@ - subject: Allow passing container ID to container via environment variable hash: 635b48ca954c92ce7e35b2667c2001a52f43ef6d body: > - This adds a new ContainerIDEnv field to HostConfig that can pass an + This adds a new ContainerIDEnv field to HostConfig that + can pass an environment variable name, which will be set to the container ID and @@ -15180,7 +15474,8 @@ - subject: "contrib/install.sh: Add details to the success message" hash: 876ea49bb8e948c97cd959fcb7413e84e33f7006 body: > - First warn the user that balena-engine-daemon needs to be started. + First warn the user that balena-engine-daemon needs to + be started. Including instructions on how to make the system ready for that: @@ -15211,7 +15506,8 @@ - subject: "contrib/install.sh: Fail on error" hash: f93ce1f5226a882b0115cf321fc40e7d55f0e583 body: > - The install script should not print the success message if it didn't + The install script should not print the success message + if it didn't actually succeed to install anything footer: @@ -15227,8 +15523,8 @@ pull/push hash: feaeb5dd826eeb0a95908dfd91704238a59e8257 body: > - The defaults remain the same (dl=5, ul=5), but are moved from - distribution/xfer to + The defaults remain the same (dl=5, ul=5), but are moved + from distribution/xfer to daemon/config. footer: @@ -15243,8 +15539,8 @@ - subject: "aufs,overlay2: Add driver opts for disk sync" hash: 4fed10dd3a66e37f0f128b2f9fa227a9a6800da2 body: > - This patch adds a driver option to enalble/disable the to disk syncing - introduced in + This patch adds a driver option to enalble/disable the + to disk syncing introduced in 684d8ba6109c853b355bf11ca3733c4099f14b92. @@ -15275,7 +15571,8 @@ constraints" hash: ff2ac4d6823dfc30c115499a5d6f908752ea9223 body: > - The only test from integration/ that covers any resource constrained + The only test from integration/ that covers any resource + constrained container scenarios is the OomKilled check in integration/container/kill_test.go @@ -15307,7 +15604,8 @@ - subject: "travis: Use the minimal machine" hash: 1f6ab50f0cc20d21a5719e4a00f5407f231ed6f2 body: > - Since we build in docker anyway we can save the time it usually takes to + Since we build in docker anyway we can save the time it + usually takes to set up the Go environment. @@ -15334,7 +15632,8 @@ - subject: Allow tagging of image deltas on creation hash: 7f569a1e2407800e1c5f5d94f715c4313c5c4300 body: > - Similar to how the build command allows tagging of images this allows + Similar to how the build command allows tagging of + images this allows specifying a repo:tag indentifier to tag the delta with footer: @@ -15399,7 +15698,8 @@ - subject: "prepare-openvpn: Make configurable" hash: a475af4c69a7fafca28009286ddba7e4f3015ae4 body: > - The prepare-openvpn service needs to be restarted to regenerate the + The prepare-openvpn service needs to be restarted to regenerate + the VPN keys when provisioning is finished and the `apiKey` is removed. @@ -15425,7 +15725,8 @@ - subject: "tests/cloud: Use deviceID returned from pre-registration" hash: 7fdddb9a886bef14442a89f4440528a513239645 body: > - Avoid additional wait and API call when we already have the device ID. + Avoid additional wait and API call when we already have the + device ID. This might also resolve a race condition that has been difficult to @@ -15445,7 +15746,8 @@ - subject: "resin-device-register: Use supervisor version label instead of tag" hash: 8219b38be32cfa5b3674d7d96cf6b81b31e95328 body: > - This is just a name change that reflects the wider change that the + This is just a name change that reflects the wider change that + the supervisor is no longer fetched from dockerhub but from Balena's registry. footer: @@ -15498,7 +15800,8 @@ - subject: "resin-device-register: Regenerate VPN credentials on registration" hash: e6ccbc74b35c900f99998599e61bf36795dd4419 body: > - Before registration the VPN credentials use the `apiKey`, once the + Before registration the VPN credentials use the `apiKey`, once + the device is registered we need to regenerate the credentials to use the @@ -15513,7 +15816,8 @@ - subject: "resin-init-flasher: Wait for resin-device-register to start" hash: 314047e72cb133dcd531df2e7b8c632024f78694 body: > - Unless the device has been registered, provisioning reports are not + Unless the device has been registered, provisioning reports are + not sent to the fleet. footer: @@ -15552,7 +15856,8 @@ - subject: "openvpn: Remove dependency on timesync-http target" hash: 13cf7c9fef0a6e0df6b042ba34ceaa7a0d005254 body: > - We want the VPN to start unconditionally even if the connectivity URL + We want the VPN to start unconditionally even if the + connectivity URL is not reachable. @@ -15643,7 +15948,8 @@ - subject: "openssh: Add a dependency on os-sshkeys" hash: 0abc9213ba004325b77d96541e856aaf93cfdde2 body: > - This is required so that changes in the public keys are picked up + This is required so that changes in the public keys are picked + up by the SSH server. footer: @@ -15656,7 +15962,8 @@ - subject: "balena-supervisor: Add dependency on root CA" hash: 64cb45211a909b25170227079a400c2dfc9afae9 body: > - This is required so that the supervisor picks up a change in the root CA + This is required so that the supervisor picks up a change in the + root CA certificate. footer: @@ -15669,7 +15976,8 @@ - subject: "balena: Add dependency on balena-hostname" hash: b4d9569261de3a6640394ff416264f9e64c5367b body: > - This is needed so that the hostname change is picked up by the container + This is needed so that the hostname change is picked up by the + container applications. footer: @@ -15682,7 +15990,8 @@ - subject: Make services configurable hash: eb2028e5ed477ac4626bc55180cd872cd93f67b7 body: > - Changes to the system configuration will now restart several services. + Changes to the system configuration will now restart several + services. footer: Change-type: patch change-type: patch @@ -15693,7 +16002,8 @@ - subject: "classes: Add balena-configurable" hash: 5b26f9200e8051859906016e84c03ab3d72a11d1 body: > - This class adds support to apply configuration changes to a systemd + This class adds support to apply configuration changes to a + systemd unit. footer: @@ -15706,8 +16016,8 @@ - subject: "balena-config-vars: Split config.json configuration on write" hash: cd7dcc30dc58255d5c84c6e64142f4073797d557 body: > - When config.json is written, use the config.json unit configuration to - create + When config.json is written, use the config.json unit + configuration to create per-unit configuration files extracts. @@ -15727,7 +16037,8 @@ - subject: Remove config-json.target hash: 5e5de909b648d97ca949e7f6fed08ebbd6471893 body: > - Unit files that are configured via config.json and want to be restarted + Unit files that are configured via config.json and want to be + restarted on config.json changes are part of this target. @@ -15779,7 +16090,8 @@ with LUKS" hash: ebd9c9b775cb82247c1cd9b5ed4fe44864aa2343 body: > - In order to avoid the need to unlock encrypted partitions in GRUB we want + In order to avoid the need to unlock encrypted partitions in + GRUB we want to use a custom stage2 bootloader. Since that is not ready yet, emulate that @@ -15822,7 +16134,8 @@ - subject: "README: Update versioning information" hash: 3ac5a5aaac1be6364a5ec8519b313b1da979b6a3 body: > - The `balena-` repositories now use the same versioning scheme as + The `balena-` repositories now use the same versioning + scheme as application containers. This commit reflects this change in the @@ -15882,8 +16195,8 @@ - subject: "balena-supervisor: Update balena-supervisor to v12.11.32" hash: d222a1f6c84ff98f7698efd671063a0eeebb3ae3 body: > - Includes improvements when writing to `config.json` to reduce the chances - of corruption. + Includes improvements when writing to `config.json` to reduce + the chances of corruption. footer: Change-type: patch change-type: patch @@ -15898,7 +16211,8 @@ - subject: "resindataexpander: do not return after resizing the partition only" hash: dfb9a2e0b30ac5bbfef24332487ef537b6a830b1 body: > - After moving the partition resizing code to execute on each boot, + After moving the partition resizing code to execute on each + boot, we made it unreachable on first boot. We must not exit the script @@ -15935,7 +16249,8 @@ - subject: "docker-disk: Tag the supervisor digest with the repo name" hash: 52c2b0843bc19865fbe2298e508a9196c7143a2f body: > - This will allow us to refer to the supervisor image by the repo name + This will allow us to refer to the supervisor image by the repo + name in docker commands, like docker inspect, and prevent re-downloading the @@ -15954,7 +16269,8 @@ - subject: "resindataexpander: expand fs independent of partition" hash: 2889cb431e02f1f3e030f6c05a42be7374457eeb body: > - When resizing the filesystem fails, such as when resize2fs won't touch + When resizing the filesystem fails, such as when resize2fs won't + touch it because it's dirty, the partition gets resized, but not the @@ -16126,7 +16442,8 @@ - subject: "os: tests: optimize fingerprint tests" hash: 64afc5f3ca862cd23c639f702b00a55a4527f296 body: > - Run fingerprint tests in parallel with Promise.any(). This significantly + Run fingerprint tests in parallel with Promise.any(). This + significantly reduces the amount of time taken in these tests. @@ -16160,7 +16477,8 @@ - subject: "initramfs-framework: Make cleaning udev database the last step" hash: 333162a83daf742612a2e97353c9d3766eaad058 body: > - To avoid issues, move the udev database cleanup just before switching + To avoid issues, move the udev database cleanup just before + switching roots. footer: @@ -16219,7 +16537,8 @@ - subject: "balena-supervisor: Use image location path instead of repository:tag" hash: 10cf86186bef846123d5431f810fedc219f7e2ee body: > - Balena's registry does not use repository:tag to identify images but + Balena's registry does not use repository:tag to identify images + but the image location path. footer: @@ -16245,7 +16564,8 @@ - subject: "intel-quark: Fix to honister syntax" hash: c32e3f0c5421e46fbac991c5e5cb6240994422b2 body: > - The converter script did not consider the intel-quark an override, so + The converter script did not consider the intel-quark an + override, so fix manually. footer: @@ -16283,7 +16603,8 @@ - subject: "tests: os: config-json: cleanup persistentLogging test" hash: 1625e14c13da802e0bbd39467b106155861441be body: > - Minor cleanup of persistentLogging configuration test. Additionally, + Minor cleanup of persistentLogging configuration test. + Additionally, reduce the reboot count to one to save time. footer: @@ -16296,7 +16617,8 @@ - subject: "tests: os: config-json: return promise from sshKeys test" hash: caf3dfe4b43643ac5cfa219cb892f431992e0aaa body: > - Return the promise from the sshKeys test instead of awaiting inside the + Return the promise from the sshKeys test instead of awaiting + inside the async function, a minor style improvement. footer: @@ -16356,7 +16678,8 @@ - subject: "tests: os: config-json: remove reboot from randomMacAddressScan test" hash: b832ef095532e54a8508c41441575ef9f5661557 body: > - Restructure randomMacAddressScan test to remove unnecessary reboot + Restructure randomMacAddressScan test to remove unnecessary + reboot footer: Change-type: patch change-type: patch @@ -16429,7 +16752,8 @@ - subject: "os: tests: optimize fsck tests" hash: 15100419eb9e1fb8c0e99d0a9e07a09b8c8d415f body: > - Chain operations using Promise.then(), and run commands in parallel + Chain operations using Promise.then(), and run commands in + parallel using Promise.map(). This reduces the time taken for fsck tests to about @@ -16509,7 +16833,8 @@ - subject: "balena-os.inc: Switch balena backend storage to overlay2" hash: 90b2630937ecc3171fd925a9c679ab1b20c20a4c body: > - Now that we have the aufs to overlay2 migrator in place, let's switch + Now that we have the aufs to overlay2 migrator in place, let's + switch all our boards to overlay2. footer: @@ -16525,8 +16850,8 @@ - subject: "initrdscripts: fsuuidinit: Generate resin-rootA last" hash: 00d6ca48d32b2b1a111d400457b73be5cc36d6bf body: > - As resin-rootA is used to decide whether to re-run the generation, leave - it + As resin-rootA is used to decide whether to re-run the + generation, leave it last. As it stands, if resin-rootA is regenerated by any other fail, the @@ -16541,7 +16866,8 @@ - subject: "lvm2: Add rule to persist dm devices in udev database" hash: de2ff622473f2f0bc03c05dbd15f1df8c88f734e body: > - On transitioning from the initramfs to the rootfs, the udev database is + On transitioning from the initramfs to the rootfs, the udev + database is cleanedup as the rules between initramfs and rootfs might defer. @@ -16577,7 +16903,8 @@ - subject: "initrdscripts: Use /run as bootparam_root storage" hash: 449dee77f54d4185f98854bca9148a6f42620bc8 body: > - From v2.49, the hostapp-update utility creates the /run directory in the + From v2.49, the hostapp-update utility creates the /run + directory in the root filesystem, however when huping from previous versions /run is not @@ -16626,7 +16953,8 @@ - subject: "balena-keys: Fetch DER keys and decode from base64" hash: 2538a1c621979f83385729be57b53faa640326d1 body: > - Some BIOS configuration, like TianoCore used in QEMU, needs DER keys for + Some BIOS configuration, like TianoCore used in QEMU, needs DER + keys for secure boot setup. Also, der, auth and esl keys are served base64 encoded @@ -16657,7 +16985,8 @@ - subject: "hostapp-update-hooks: Handle developmentMode updates" hash: adc76c0588a67705ae20a8c61517f549f2e8549e body: > - When updating from a legacy development image which has no developmentMode + When updating from a legacy development image which has no + developmentMode set in config.json to an image configured with development mode, the hooks @@ -16680,7 +17009,8 @@ - subject: "systemd/timeinit: handle missing date field in HTTPS header" hash: e11a421c24a9c4003e0d606ef681447e48b2823b body: > - Update the timesync-https.sh script to handle the case where the date + Update the timesync-https.sh script to handle the case where the + date field is missing from the returned HTTPS header. @@ -16799,7 +17129,8 @@ - subject: "tests: os: fix unhandled exception when unwrapping non-flasher image" hash: ce2d33ad875e83b1ed01a16225a9ca19563836dc body: > - Handle ENOENT ErrnoException when attempting to unwrap non-flasher image + Handle ENOENT ErrnoException when attempting to unwrap + non-flasher image in os/suite.js. footer: @@ -16838,7 +17169,8 @@ - subject: "grub-conf: Delay grub boot in os development mode" hash: 08b54c04b109341542ff1f2b82d00699369a8280 body: > - When using the compile time OS_DEVELOPMENT switch, delay the boot so + When using the compile time OS_DEVELOPMENT switch, delay the + boot so the grub menu is displayed and it can be interacted with. footer: @@ -16866,7 +17198,8 @@ - subject: "sign-efi.bbclass: Do not deploy the unused .signed symlink" hash: 33c3e61eac60dff18a1bfe8e7a69cc31a8b16070 body: > - do_deploy:append replaces the original file with its signed counterpart, + do_deploy:append replaces the original file with its signed + counterpart, the signature just gets ignored for non secure boot setups. The .signed @@ -16883,7 +17216,8 @@ - subject: "sign-gpg.bbclass: Only deploy the detached signature" hash: 40ead6aefea6d4ab56c76ec0a968da9b23acc887 body: > - The original file should already be deployed, we only need to add + The original file should already be deployed, we only need to + add the signature in do_deploy:append. Re-deploying actually causes @@ -16900,8 +17234,8 @@ - subject: "kernel-image-initramfs.bb: Ship kernel and matching signature" hash: 73c254a9396dcf40ba421d70119400af7d4ef21f body: > - This patch replaces the kernel being shipped with the one that we - eventually + This patch replaces the kernel being shipped with the one that + we eventually sign for EFI - without signing the original file used would be identical @@ -16956,7 +17290,8 @@ - subject: "systemd/timeinit: add HTTPS time synchronisation service" hash: 2bb18707557979ed6466f45602de4ecf5b386c57 body: > - Add a new timesync-https systemd service to synchronise the system + Add a new timesync-https systemd service to synchronise the + system time at boot using an HTTPS header. The service uses curl to request @@ -17041,7 +17376,8 @@ - subject: "resin-update-state.rules: do not run for unnamed partitions" hash: bc45916b90e60aa849a2b99903825bce98e36752 body: > - When udev runs resin_update_state_probe for a non-balena partition + When udev runs resin_update_state_probe for a non-balena + partition and ENV{ID_PART_ENTRY_NAME} is undefined it still gets expanded to random @@ -17114,7 +17450,8 @@ - subject: "balena-os: make sure PAM support is not configured" hash: abb515f6a0bf5d274af873852ddd4e60cf4ee89e body: > - BalenaOS does not use PAM but some vendor BSPs enable it and misconfigure + BalenaOS does not use PAM but some vendor BSPs enable it and + misconfigure the hostOS authentication. footer: @@ -17154,7 +17491,8 @@ - subject: "connectivity: reduce ping interval to minimum" hash: b513920cd7d683f6511aee2d190d2e9df924fe87 body: > - The interface test uses a simple ping to ensure a specific interface + The interface test uses a simple ping to ensure a specific + interface works. It sends ten packets, and expects ten packets back. However, the @@ -17177,7 +17515,8 @@ - subject: "tests: Fix dnsmasq tests in cases where 8.8.8.8 is assigned via DHCP" hash: 970704092a2f73e120029464edca5b152296f486 body: > - One of the test was making sure we were NOT using the default 8.8.8.8 + One of the test was making sure we were NOT using the default + 8.8.8.8 server even though that may be a valid upstream server provided by DHCP/PPP. footer: @@ -17193,7 +17532,8 @@ - subject: "0-signed-update HUP hook: mount efivarfs if necessary" hash: 1a6c772c9266d5fc219939e9304813356f85d34c body: > - The hook tries to read EFI variables from efivarfs but this is not always + The hook tries to read EFI variables from efivarfs but this is + not always mounted within the container. We have already validated that we are running @@ -17241,7 +17581,8 @@ - subject: "linux-firmware: Include MT7601U firmware" hash: 33980c8b9ba464c91f016f9cade4140c278e7037 body: > - The MT7601U WiFi driver fails to find its firmware, so it is included now. + The MT7601U WiFi driver fails to find its firmware, so it is + included now. footer: Change-type: patch change-type: patch @@ -17257,7 +17598,8 @@ - subject: "balena-image: Add balena keys to boot partition if required" hash: 14624e33c3a48baf71ac7314fc116e7cb21016c9 body: > - When using secure boot, add the balena keys to the boot partition. + When using secure boot, add the balena keys to the boot + partition. footer: Change-type: patch change-type: patch @@ -17269,7 +17611,8 @@ config" hash: 1ba23869473faace427782d2aea07a0b46bfbc0c body: > - When booting in secure mode, enforce signed modules loading and integrity + When booting in secure mode, enforce signed modules loading and + integrity lockdown. footer: @@ -17293,7 +17636,8 @@ - subject: "classes: image-balena: Copy signed files if present" hash: cad39d9f0bf1630da4084cd9b6650cd612943f7d body: > - Grub requires that the signed files carry the .sig suffix, so copy then + Grub requires that the signed files carry the .sig suffix, so + copy then if present. footer: @@ -17349,7 +17693,8 @@ - subject: "balena-image-initramfs: Add secure boot dependencies" hash: 68d68cfb4523e4e012f174e91495949461782b9d body: > - When buildinf an initramfs for secure boot add the needed dependencies. + When buildinf an initramfs for secure boot add the needed + dependencies. footer: Change-type: patch change-type: patch @@ -17505,7 +17850,8 @@ - subject: "meta-resin-sumo/pyro: Fix initramfs-framework kexec dependencies" hash: 9d2d1df166a80f693cfee8a34ffd6e1f5b7ff581 body: > - On recent Yocto versions the findmnt package is split into its own + On recent Yocto versions the findmnt package is split into its + own package, but sumo needs to include the whole util-linux package. footer: @@ -17518,7 +17864,8 @@ - subject: "initrdscripts: Use a 2nd stage bootloader to unlock LUKS partitions" hash: acbc384d527436e5d7382504dcf62f799b9490d5 body: > - GRUB can not use the TPM easily to unlock the volumes and find the kernel + GRUB can not use the TPM easily to unlock the volumes and find + the kernel on an encrypted partition. Instead, we choose to store a linux kernel @@ -17555,7 +17902,8 @@ - subject: "initramfs-module-cryptsetup: add TPM dependencies" hash: dfff22ad0315c9893d9def6829708b50153d691d body: > - The TPM2 utilities were always pulled into the image during development + The TPM2 utilities were always pulled into the image during + development but for the final version they are not and this should pull them @@ -17590,8 +17938,8 @@ ones" hash: 853656e6bcfed0b0206d031c32cd1cde811b8146 body: > - Currently the two classes would keep the original files untouched and - store + Currently the two classes would keep the original files + untouched and store the signed versions as .signed. This patch reverses the logic - the signed @@ -17612,8 +17960,8 @@ - subject: Add signing classes hash: 5c128e6b234d75ba684212a322ababa7b5bd13d2 body: > - Add classes for GPG, KMOD and EFI artifact signing. Inheriting these - classes + Add classes for GPG, KMOD and EFI artifact signing. Inheriting + these classes won't run the signing tasks, they have to be manually added to recipes. footer: @@ -17630,8 +17978,8 @@ secure boot" hash: 9db5d09428bdba067974ff5c5c62a8d35eab7a67 body: > - When a device is running in secure boot mode, it must not be possible to - HUP + When a device is running in secure boot mode, it must not be + possible to HUP to an unsigned version of the OS because UEFI would refuse to boot it before @@ -17677,7 +18025,8 @@ - subject: "connectivity: proxy: move nadoo/glider to container" hash: 07dbe414a1dfa556427d4fc94ce7fdec688cf0e2 body: > - Previously, the core service exposed a /proxy endpoint that would start + Previously, the core service exposed a /proxy endpoint that + would start up a proxy remotely, which would be used by a test in the connectivity @@ -17708,7 +18057,8 @@ - subject: "tests: os: Add exposed engine socket test" hash: 612b7853a23441d0192de5580d37d0f89f7f3103 body: > - This tests the engine socket being exposed in development mode but not + This tests the engine socket being exposed in development mode + but not in production mode. footer: @@ -17810,7 +18160,8 @@ - subject: "dosfstools: selectively apply upstreamed patch" hash: 8f04f1142bcb3074d86e2827dfda6c7d8c87fefd body: > - This patch was submitted and accepted upstream, and is present since + This patch was submitted and accepted upstream, and is present + since v4.2. @@ -17831,7 +18182,8 @@ - subject: "tests: wait for the chronyd service become active" hash: c49648a0f27f1a57376803ba9c85ec9ba729ebe9 body: > - Add a test to wait for the chronyd service to become active before + Add a test to wait for the chronyd service to become active + before starting the time sync tests. @@ -17931,7 +18283,8 @@ - subject: "storagemigration: keep going if migration fails" hash: 2bde63c800b1df72fba7161d62b5b6da84a8d390 body: > - the only hard error is if rollback (failcleanup) fails, in all other + the only hard error is if rollback (failcleanup) fails, + in all other scenarios we want the daemon to continue starting with the new @@ -17946,7 +18299,8 @@ - subject: "graphdriver/copy: fix handling of sockets" hash: 17a198cb53a53da456c848bf303dc3917ca538c5 body: > - previously switch would treat S_IFIFO and S_IFSOCK as the same, passing + previously switch would treat S_IFIFO and S_IFSOCK as + the same, passing both of the to mkfifo, which lead to EINVAL errors when trying to create @@ -17971,7 +18325,8 @@ - subject: "linux-firmware: Include RTL8723BU firmware files" hash: 2490287e51d96f3ceabd7e3d7a9cd93f49442ba7 body: > - The driver for RTL8723BU wireless chipset is present, but its firmware + The driver for RTL8723BU wireless chipset is present, but its + firmware files are not loaded. This patch includes them. footer: @@ -18001,7 +18356,8 @@ - subject: "balena-engine: Remove deprecated development drop-in service file" hash: 8db04c4e70fc4f30ae6b9e5009d04d8c247d7364 body: > - This file is no longer used since the merge of dev and prod images. + This file is no longer used since the merge of dev and prod + images. footer: Change-type: patch change-type: patch @@ -18084,7 +18440,8 @@ - subject: "deploy: ensure deployRawArtifact is empty instead of null" hash: 56edfe62d6ecede3e07b0b51653ca605a2e4ba83 body: > - jq returns null by default when a given key isn't found, ensure that + jq returns null by default when a given key isn't found, ensure + that when getting the value of deployRawArtifact, we get an empty variable @@ -18180,7 +18537,8 @@ - subject: "automation: ami: make BALENA_PRELOAD_COMMIT optional" hash: b365cb9ba359637a3a6a8451b8d83142bb167571 body: > - Remove BALENA_PRELOAD_COMMIT from required env vars, as we have a + Remove BALENA_PRELOAD_COMMIT from required env vars, as we have + a default if it's not specified. footer: @@ -18211,7 +18569,8 @@ - subject: "jenkins_generate_ami: surface preload app commit as variable" hash: 7248b344198ba09a219ee227ffea4b6f0a4850d7 body: > - Surface the preloaded app commit as a variable that can be overridden in + Surface the preloaded app commit as a variable that can be + overridden in the build job. Default to "current" to maintain existing behavior when @@ -18245,7 +18604,8 @@ - subject: "balena-deploy: Avoid patching test suites config.js during deploy" hash: 21c27cd41cda7ee7f5041752cca1f79280c51a7e body: > - This will allow us to make changes to config.js in meta-balena without + This will allow us to make changes to config.js in meta-balena + without breaking the deploy steps. If additional changes are needed at runtime @@ -18283,7 +18643,8 @@ - subject: "jenkins_build: Use recurse-submodules when checking out meta-balena" hash: 00fb29b9a7a00dc1209be497ef171736e6229954 body: > - If meta-balena has submodule updates we want to make sure to use them. + If meta-balena has submodule updates we want to make sure to use + them. footer: Change-type: patch change-type: patch @@ -18390,7 +18751,8 @@ - subject: "balena-lib: Fix fetching meta-balena base version" hash: d5d838339ed23ecd242092bf4214fe2505ccd181 body: > - On an ESR branch the VERSION file contains the ESR version, not the + On an ESR branch the VERSION file contains the ESR version, not + the base meta-balena version. @@ -18419,7 +18781,8 @@ - subject: "balena-deploy-block: Label ESR hostapps" hash: 1c6561daf9f16e579d55305471274e7793dc3619 body: > - ESR hostapps need special labels in order to be recognized. This commit + ESR hostapps need special labels in order to be recognized. This + commit adds the esr-current, esr-next and esr-sunset labels. footer: @@ -18443,7 +18806,8 @@ - subject: "balena-api: Set policy on ESR hostapps" hash: 6e4d7b3d2ccbd1a5c67d94cc73c4552775ce3b94 body: > - ESR hostapps need an esr release-policy in order to be recognized. + ESR hostapps need an esr release-policy in order to be + recognized. footer: Change-type: patch change-type: patch @@ -18454,7 +18818,8 @@ - subject: "balena-deploy: Pass ESR variable when creating apps" hash: 2497bfb59ae16810169718e6d383d0bc9d564a04 body: > - ESR hostapps need special labels in order to be recognized. This allows + ESR hostapps need special labels in order to be recognized. This + allows to add those flags when creating the hostapp. footer: @@ -18471,7 +18836,8 @@ tag" hash: 9d5fa316dbda3d4782e782abaceed41efe3e5a99 body: > - The last meta-balena version and tag might not be the same, like in the + The last meta-balena version and tag might not be the same, like + in the case of ESR branches. @@ -18487,7 +18853,8 @@ - subject: "balena-lib: Add balena_lib_get_meta_balena_base_version" hash: 25840dc98e138781e78530be0437f3950970f263 body: > - Retrieves the last meta-balena version, which may not be the same as the + Retrieves the last meta-balena version, which may not be the + same as the last meta-balena tag. @@ -18565,7 +18932,8 @@ - subject: "prepare-and-start: Propagate balena API environment and token" hash: bb7b903e00fc153afea182a330da08a49b72cced body: > - The balena-build.sh script accepts a token in the command line. This + The balena-build.sh script accepts a token in the command line. + This commit modifies the prepare-and-start.sh script to use it if @@ -18630,7 +18998,8 @@ - subject: "balena-deploy: Check for file existence before deploying" hash: 36494bf99a08b68a5afac5038d4691a583d01500 body: > - When discontinuing a device type, there are no artifacts apart from + When discontinuing a device type, there are no artifacts apart + from device-type.json, so check that the logo is there before deploying. footer: @@ -18643,7 +19012,8 @@ - subject: "balena-deploy-block: Check existence of tag before re-deploying" hash: c1a5b20b0ef0d04a30b6bf0bcfacf0a527e931ae body: > - If a release is already tagged with this version, issue a warning and + If a release is already tagged with this version, issue a + warning and bail out. footer: @@ -18666,7 +19036,8 @@ - subject: "balena-deploy-block: Finalize releases when deployed" hash: 1e3768132d87295998bd9a17d0f01121e161e312 body: > - For now and until a proper CI/CD workflow is in place, finalize releases + For now and until a proper CI/CD workflow is in place, finalize + releases on deployment. footer: @@ -18679,7 +19050,8 @@ - subject: Accept deployments without balena.yml hash: 23c1f91993f37a18ade26ceef621e24409be5f74 body: > - If no balena.yml file exists, the deployment will go through without + If no balena.yml file exists, the deployment will go through + without setting a release semver. @@ -18744,7 +19116,8 @@ - subject: "balena-deploy: Stop using .dev/.prod variant suffixes" hash: 65c030b986f62b0faaddba501520662a8ac2777d body: > - The OS has now a unified image that can be configured to be development + The OS has now a unified image that can be configured to be + development or production mode. footer: @@ -18757,7 +19130,8 @@ - subject: "balena-deploy-block: Stop tagging hostapp releases with variant" hash: 3fc5efeeef4ae74e499504c1148932539a49c28e body: > - The API will stop using the variant tag but will still use the version + The API will stop using the variant tag but will still use the + version tag. footer: @@ -18770,7 +19144,8 @@ - subject: "balena-lib: Use externalVersion to match contracts" hash: 385c5bacfc1452e4b065de55bfdf71727b303fff body: > - The version refers to the actual contract, while the externalVersion is + The version refers to the actual contract, while the + externalVersion is the one that refers to the balenaOS revision. footer: @@ -18794,7 +19169,8 @@ - subject: "jenkins_build-blocks: Separate block build release deployment" hash: 70fe00969921bbf6894cc86ecb343eb342c6f2ca body: > - Separating the build and release of blocks allows to use common code for + Separating the build and release of blocks allows to use common + code for block release. @@ -18812,7 +19188,8 @@ - subject: "balena-deploy-block: Use release versioning" hash: d1c74d0261f17ebcad9825bc7e0df22142da14a3 body: > - Deploy as draft releases by default. Final releases will be flagged + Deploy as draft releases by default. Final releases will be + flagged once validation passes. footer: @@ -18825,7 +19202,8 @@ - subject: "jenkins_build: Remove discontinued check" hash: 55774ee27f938bbcbb238aa6441680b3d39172c3 body: > - Individual deploy functions now bail out for discontinued device types, + Individual deploy functions now bail out for discontinued device + types, there is no need to check for it here. footer: @@ -18838,7 +19216,8 @@ - subject: "balena-deploy: Do not deploy discontinued device types" hash: f54251e61c466018072e04c344595b3eba70bf57 body: > - Check for discontinued device types before deploying to dockerhub or + Check for discontinued device types before deploying to + dockerhub or to balenaCloud. footer: @@ -18862,7 +19241,8 @@ it" hash: cfc0bc43af1fb60ff3ddd56f08ae781edaa90b68 body: > - * Convert balena_deploy_build_block to balena_build_block, and deploy + * Convert balena_deploy_build_block to balena_build_block, and + deploy with balena_deploy_block * Remove balena_deploy_hostapp and replace with balena_deploy_block @@ -18884,7 +19264,8 @@ - subject: "balena-build-block: Remove image release" hash: 443269afbe867cb5c464ca5dd91bf27aa51427bd body: > - Deal with the release separately so we can use common code for it. + Deal with the release separately so we can use common code for + it. footer: Change-type: patch change-type: patch @@ -18914,7 +19295,8 @@ - subject: "jenkins_build-block: Remove release version API setter" hash: 8e27328a0caec2acc7651dfe64f8dfc5510e48e0 body: > - When using the now deprecated release_version field, the API would + When using the now deprecated release_version field, the API + would reject deployments for an existing release. @@ -18932,7 +19314,8 @@ - subject: "balena-api: Remove release version API setter" hash: 42486a59654047cf42f19bd999ef0bcd0a279ea5 body: > - This functionality has now been deprecated in the balena API is favour + This functionality has now been deprecated in the balena API is + favour of draft/final release versioning. footer: @@ -18945,7 +19328,8 @@ - subject: "balena-lib: Use release versioning" hash: de2c7af440c1ae4d6f84c5440368f92333500389 body: > - BalenaCloud has now a release versioning feature that deprecates the + BalenaCloud has now a release versioning feature that deprecates + the use of release_version. @@ -18967,7 +19351,8 @@ slug" hash: 891fadcbabe422e24245beb720cf7326a5ea1136 body: > - These changes are currently made in the Jenkins job, so it's preferrable + These changes are currently made in the Jenkins job, so it's + preferrable to have it done by the packaging scripts. footer: @@ -19025,7 +19410,8 @@ - subject: "jenkins_build.sh: Fix deployment for discontinued device types" hash: 84e65e937fef38625277fb8330ebd3179c466d04 body: > - Do not deploy dockerhub or hostapp images for discontinued device types. + Do not deploy dockerhub or hostapp images for discontinued + device types. footer: Change-type: patch change-type: patch @@ -19036,7 +19422,8 @@ - subject: "jenkins_build.sh: Remove PRIVATE_DT as it is unused" hash: 35fd54620ff5eb487b1323a1ead5fef9c157e385 body: > - The private device types status is checked with the API when required. + The private device types status is checked with the API when + required. footer: Change-type: patch change-type: patch @@ -19074,7 +19461,8 @@ - subject: "jenkins_generate_ami.sh: Use a shared directory for preloaded image" hash: 9b032f2fddc970db13147b4e637abd1bada1f234 body: > - The previous commit moved the preloaded image out of yocto cache, which + The previous commit moved the preloaded image out of yocto + cache, which made it unreachable from the balena-generate-ami-env container. @@ -19112,7 +19500,8 @@ - subject: "jenkins_generate_ami.sh: Preload outside of yocto cache" hash: fb1763984d76218adc2510da6cb673fbad7197be body: > - Since the file name is hardcoded at this moment, this fails when two + Since the file name is hardcoded at this moment, this fails when + two builds are running in parallel (e.g. dev and prod variants during deploy) @@ -19200,7 +19589,8 @@ - subject: "balena-generate-ami.sh: Fail if AMI already exists" hash: 9e9a792aed2a659c1ed7327237a61594033b308a body: > - This was only ignored for development purposes, we should not replace + This was only ignored for development purposes, we should not + replace released images. footer: @@ -19244,7 +19634,8 @@ name" hash: 7d2e3911defedc500b3b1ded3268dbe74bb523b0 body: > - This removes the necessity for the DT being named generic-*. It also means + This removes the necessity for the DT being named generic-*. It + also means all the DTs of the same architecture will preload the same app. footer: @@ -19257,7 +19648,8 @@ - subject: "jenkins_build.sh: pass MACHINE to jenkins_generate_ami.sh" hash: 0e33582e2860474e1c6aff5275539b1333aef6b9 body: > - This removes the dependency on JOB_NAME from jenkins_generate_ami.sh + This removes the dependency on JOB_NAME from + jenkins_generate_ami.sh footer: Change-type: patch change-type: patch @@ -19428,7 +19820,8 @@ - subject: "common: conf: create disable-user-ns distro feature" hash: 7dde2133a5b1df710255b8b0471385cca1449c1d body: > - When user namespacing was enabled in the kernel by default, a separate + When user namespacing was enabled in the kernel by default, a + separate commit [0] was introduced to disable the feature at runtime, to allow @@ -19467,7 +19860,8 @@ - subject: "balena-os-sysctl: Reduce the console default loglevel" hash: 626b0e25cbd13ca65a74bbfe09ff9e0828b380bb body: > - This avoids the kernel printing debug messages on the consoles. It is + This avoids the kernel printing debug messages on the consoles. + It is also the default in other upstream distros like Ubuntu. footer: @@ -19480,7 +19874,8 @@ - subject: "balena-config-vars: Re-run os-sshkeys if config.json is modified" hash: 67b7aa5b58a26178411b598415e296fea5628a00 body: > - This change allows to pick-up changes to "os.sshKeys" in config.json + This change allows to pick-up changes to "os.sshKeys" in + config.json without having to reboot. footer: @@ -19493,7 +19888,8 @@ - subject: "systemd: Use drop-in to modify unit files instead of sed" hash: b07a78453243d12db59524836c3cc62d355a6f2d body: > - Performing unit modifications in drop-in files is better practise. + Performing unit modifications in drop-in files is better + practise. footer: Change-type: patch change-type: patch @@ -19535,7 +19931,8 @@ - subject: Prune Jenkinsfile hash: ea14e503181bbb248a4bed1b86a227d9c214cbfb body: > - we are not using it for our CI, and it confuses jenkins set up on the + we are not using it for our CI, and it confuses jenkins + set up on the balena-os org footer: @@ -19581,7 +19978,8 @@ - subject: "tests: Remove OS variants" hash: 5545c4e15831e16497a737307da69d38f947aa51 body: > - The OS is now a single image that can switch between development and + The OS is now a single image that can switch between development + and production modes at runtime. footer: @@ -19597,7 +19995,8 @@ - subject: Replace image variants with development mode hash: 0c7c629dcde13de9188f05f6f551f34837ad84ff body: > - The dual image variants are replaced with a runtime configuration switch + The dual image variants are replaced with a runtime + configuration switch for development mode. @@ -19631,7 +20030,8 @@ - subject: "api-keys: Remove os variant parameter for authentication check" hash: 9e0cbe04c6d1c533c3e66183eca1d3abfb8c381d body: > - The current code authenticates unmanaged production devices which makes + The current code authenticates unmanaged production + devices which makes no sense. Unmanaged devices do not need to authenticate with the API. footer: @@ -19645,7 +20045,8 @@ releases" hash: 1abd10a12947f05ae328496e98fcbcdc6a834ce1 body: > - Newer BalenaOS releases have replaced OS variants for a developmentMode + Newer BalenaOS releases have replaced OS variants for a + developmentMode configuration setting. This commit uses this variable to set the OS @@ -19660,8 +20061,8 @@ - subject: "config: Add developmentMode to schema" hash: 4ad7a3ae917c888f267463fd3d5b839439cf40e6 body: > - Add a `developmentMode` configuration variable to the schema. Do not - expose + Add a `developmentMode` configuration variable to the + schema. Do not expose this on the device target state until local key-based authentication is @@ -19697,8 +20098,9 @@ - subject: Bump path-parse from 1.0.6 to 1.0.7 hash: 2e38356bf4f5157483017ea2e6670514cbca49c1 body: > - Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 - to 1.0.7. + Bumps + [path-parse](https://github.com/jbgutierrez/path-parse) + from 1.0.6 to 1.0.7. - [Release notes](https://github.com/jbgutierrez/path-parse/releases) @@ -19725,7 +20127,8 @@ - subject: Bump tar from 4.4.13 to 4.4.19 hash: b7cb494602fbd050bb9e31b5e8293a080349562c body: > - Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 to 4.4.19. + Bumps [tar](https://github.com/npm/node-tar) from 4.4.13 + to 4.4.19. - [Release notes](https://github.com/npm/node-tar/releases) @@ -19792,7 +20195,8 @@ - subject: "u-boot: Introduce a compile time osdev-image feature" hash: b839f2d91ca1844d96f4d3165ae5e2923489d11d body: > - At runtime we can now enable development features that were previously + At runtime we can now enable development features that were + previously configured using the development-image feature. That feature also @@ -19835,8 +20239,8 @@ - subject: Replace DEVELOPMENT_IMAGE and image variants with OS_DEVELOPMENT hash: fc369799cdab0012cc9c75aaa4a2e54bb6b2656a body: > - The images now can be configured for application development mode at - runtime. + The images now can be configured for application development + mode at runtime. This commit introduces a built time option to configure them for BSP or @@ -19851,7 +20255,8 @@ - subject: "images: Remove debug-tweaks settings." hash: cb1618b6d17a6c1118ea65d7485bb1bea907e18e body: > - The ssh development configurations are now applied at runtime. The only + The ssh development configurations are now applied at runtime. + The only feature that has been left out is the postinst logging. Customers that @@ -19895,7 +20300,8 @@ - subject: "balena: Expose engine socket on development mode" hash: 858f3b983e7842a155f0a34d60b6a8f488bacb2e body: > - When configured in development mode expose the engine socket. This is + When configured in development mode expose the engine socket. + This is currently used for local mode development. footer: @@ -19908,7 +20314,8 @@ - subject: "image-balena: Allow passwordless root logins" hash: 71aeea3652bf095544b1083023aa5d4e97448597 body: > - Even without debug-tweaks, allow passwordless root logins. For production + Even without debug-tweaks, allow passwordless root logins. For + production builds there is no console available so this setting does not change current @@ -19923,7 +20330,8 @@ - subject: 'image_balena: Remove "balena" hostname from development images' hash: 7b57e9caf4fa82bd05091becfe1b750bca033342 body: > - There is no reason not to have development images use the uuid as + There is no reason not to have development images use the uuid + as hostname in the same way production images do. footer: @@ -19936,7 +20344,8 @@ - subject: "systemd: Runtime enablement of serial console" hash: d80092c6ecf67720175b72ccbcbf7da6c907d48f body: > - Adapt the systemd getty services to enable for images configured for + Adapt the systemd getty services to enable for images configured + for development. footer: @@ -19950,7 +20359,8 @@ management" hash: 5227ba18d0fe81fabae2b33b3f0cd9f690f85973 body: > - This service will adjust the filesystem with development features based on + This service will adjust the filesystem with development + features based on the `developmentMode` setting on `config.json`. footer: @@ -20020,7 +20430,8 @@ - subject: "tests: led: require led property from device type" hash: 0439de2a706cabf2b6b82736fa2959313c653c56 body: > - Only run LED test when device type contract specifies support for it + Only run LED test when device type contract specifies support + for it footer: Change-type: patch change-type: patch @@ -20120,7 +20531,8 @@ - subject: "storagemigration: capture failcleanup logs in logfile" hash: 4f7f543eff08766bc584024afdb57760dfb52130 body: > - reorder the defer statements in the migrate function to only teardown + reorder the defer statements in the migrate function to + only teardown the logger after the failcleanup function ran. otherwise errors logged @@ -20138,7 +20550,8 @@ - subject: "storagemigration: move logic to package" hash: 001835bf61172fdcfdb0416e000852ff05683c71 body: > - This brings all migration logic into a single call into the + This brings all migration logic into a single call into + the storagemigration package, which should make future maintenance easier @@ -20231,7 +20644,8 @@ - subject: Skip restarting services if they are part of conf targets hash: 669866b4c296529bd5392a0c48cd389a6d1f5770 body: > - Some recent changes to the OS allowed some services to restart + Some recent changes to the OS allowed some services to + restart automatically when the associated config files are changed. @@ -20263,7 +20677,8 @@ - subject: Fix regression with local mode push hash: 6f5f3bc2f3aea1bf5e5772533be80c3bfbb4e3a9 body: > - PR #1749 introduced a bug when pushing local target state. An update to + PR #1749 introduced a bug when pushing local target + state. An update to the [image name normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81) @@ -20306,8 +20721,8 @@ - subject: Remove comparison based on image, release, and service ids hash: b67f94802dd8c2e890121f6ca82eda8dff2c051c body: > - Preparing for the new v3 target state, where the supervisor will make - environment + Preparing for the new v3 target state, where the + supervisor will make environment dependent ids optional and rely on using general UUIDs and user known identifiers @@ -20339,7 +20754,8 @@ - subject: Use tags to track supervised images in docker hash: f1bd4b8d9bcef29e326cbf97eaddd837c2704d19 body: > - The image manager module now uses tags instead of docker IDs as the main + The image manager module now uses tags instead of docker + IDs as the main way to identify docker images on the engine. That is, if the target @@ -20403,7 +20819,8 @@ - subject: Fix db-helper module for tests hash: 357d1baf6188d89b8552fd9068dbea9ac50aa008 body: > - The previous module was using `rewire` to get the knex instance from the + The previous module was using `rewire` to get the knex + instance from the db module but that was leading to issues when running tests using `test:fast`. @@ -20438,7 +20855,8 @@ - subject: "kernel-modules-headers: Copy module.lds" hash: 9fca34e0f4faffc0fa049e9341e7392f365bea31 body: > - Since kernel v5.10 this file is generated when using modules_prepare. As + Since kernel v5.10 this file is generated when using + modules_prepare. As the kernel-modules-headers contains pre-built target binaries, we also @@ -20465,7 +20883,8 @@ - subject: "kernel-balena: remove global blacklist of btrfs" hash: b9d6df84a1acd45df80da8a90ea4ca4dc2940bcf body: > - The kernel-balena class contains a global blacklist of btrfs that + The kernel-balena class contains a global blacklist of btrfs + that disables this filesystem for all device types, regardless of them @@ -20502,7 +20921,8 @@ - subject: "recipes-connectivity: fix auto-update when config.json changes" hash: 85df30628278eeb0d55e731319391d3cf98df9a8 body: > - Since adding the 'config-json' systemd target the 'balena-ntp-config' + Since adding the 'config-json' systemd target the + 'balena-ntp-config' and 'prepare-openvpn' services have stopped running automatically @@ -20550,7 +20970,8 @@ - subject: "tests: remove reboot requirement from hostname test" hash: 34687ca76515d57a77ba12c0fd44632518181392 body: > - We no longer require reboots when changing hostname in config.json. + We no longer require reboots when changing hostname in + config.json. The contents of '/etc/hostname' and the avahi mDNS broadcast hostname @@ -20567,7 +20988,8 @@ - subject: "hostname: update system hostname when config.json changes" hash: f7b3d37502f03ca65d3352a8a8cc3b8a5d612ff4 body: > - Automatically update the system hostname when config.json changes. + Automatically update the system hostname when config.json + changes. Changes to 'config.json' will trigger the 'balena-hostname' service @@ -20590,7 +21012,8 @@ - subject: "linux-firmware: Use wildcards when selecting files to package" hash: 16598bcffda7206d9a2ab9d96860cecf7de62756 body: > - Firmware files can be compressed with an xz extension or not, so use + Firmware files can be compressed with an xz extension or not, so + use wildcards to cover both cases. footer: @@ -20603,7 +21026,8 @@ - subject: "linux-firmware: Add firmware compression support" hash: 2ee6d2e652772d28c25df94aa400e7ccd9f207de body: > - This commit adds a FIRMWARE_COMPRESSION distro configuration that + This commit adds a FIRMWARE_COMPRESSION distro configuration + that performs the compression of linux-firmware files. Only kernel versions @@ -20618,7 +21042,8 @@ - subject: "kernel-balena: Support firmware compression from kernel version 5.3" hash: c8faa130b88f11af86619d69a115be96dfbc894a body: > - Kernel version 5.3 supports loading compressed firmware files saving + Kernel version 5.3 supports loading compressed firmware files + saving storage space. footer: @@ -20635,7 +21060,8 @@ version" hash: 9787d2879d2f372c19f336c7e08bd0e6fee16ae7 body: > - Some kernel configuration are only applicable from specific kernel + Some kernel configuration are only applicable from specific + kernel versions. This commit adds a function that allows to add a specific @@ -20650,7 +21076,8 @@ - subject: "kernel-balena: Split function to get kernel version from source" hash: c349f647db328558f026f1b914bc0246dc33bda5 body: > - This allows to re-use this functionality. Note that the `KERNEL_VERSION` + This allows to re-use this functionality. Note that the + `KERNEL_VERSION` variable is only available after the kernel has been built as it relies @@ -20678,7 +21105,8 @@ - subject: "kernel-balena: Replace and deprecate kernel-resin" hash: 8c0d2ce52d42e72a939d248784d67dc2413c0443 body: > - New device types should use kernel-balena instead of kernel-resin. + New device types should use kernel-balena instead of + kernel-resin. footer: Change-type: patch change-type: patch @@ -20750,7 +21178,8 @@ - subject: "grub: don't package or install bindir utils" hash: f1835282ecd3b0f9dfc52410d8f1628653e2c1b2 body: > - Remove ${bindir} from FILES_grub-common, ensuring grub utilities aren't + Remove ${bindir} from FILES_grub-common, ensuring grub utilities + aren't installed to /usr/bin, in addition to a previous similar commit that @@ -20768,7 +21197,8 @@ - subject: "balena-os-sysctl: disable user namespacing by default" hash: 31c3ae8ad5c7ad45e450349b6972524da120e96c body: > - Most major distributions now ship kernels with user namespacing enabled + Most major distributions now ship kernels with user namespacing + enabled in the kernel config. Some distributions, such as Arch and Ubuntu, @@ -20820,7 +21250,8 @@ - subject: "common: kernel-resin: enable user namespacing" hash: 04d9561760b449024a5b411bd366ded2351cd5cd body: > - Enable CONFIG_USER_NS, a kernel feature used for user namespacing, and + Enable CONFIG_USER_NS, a kernel feature used for user + namespacing, and required for docker-in-docker. footer: @@ -20836,7 +21267,8 @@ - subject: "resin-u-boot.bbclass: Make console silencing change more resilient" hash: 6f173d763828d63f70582219aa19333b1e599a57 body: > - There is at least a case in a board where the puts function in u-boot's + There is at least a case in a board where the puts function in + u-boot's common/console.c is #ifdef'ed and defined twice. Let's accomodate for @@ -20895,7 +21327,8 @@ - subject: "tests: Fix insecure registry error" hash: 647d683dbfd0461706e75291c5396752fdc1b2ce body: > - introduced when images including 8227a61f6bef6d93cc6a5acd0ef93a2012079964 + introduced when images including + 8227a61f6bef6d93cc6a5acd0ef93a2012079964 made it to production. @@ -20917,7 +21350,8 @@ - subject: "linux-firmware: package i915 generations separately" hash: e741dcf6f520765c3345c1e64cfc3f31f5b6a604 body: > - Package Intel graphics firmware generations separately, allowing GPU + Package Intel graphics firmware generations separately, allowing + GPU firmware to be installed for specific SoCs. footer: @@ -20949,7 +21383,8 @@ - subject: "tests: Symlink /dev/null instead of copying bash to break services" hash: eea7514c705b43482dd3656d0c34bb2414c267ee body: > - Triggered by a failue in the VPN test - the bash binary is bigger than + Triggered by a failue in the VPN test - the bash binary is + bigger than the openvpn binary and on devices with limitted rootfs space the copying @@ -20967,7 +21402,8 @@ - subject: "common: grub: don't install sbin utils" hash: e3bf23c7977c6c0dce9eb0a49172526a7e447522 body: > - These utilities aren't used on device. Don't install them to save space. + These utilities aren't used on device. Don't install them to + save space. footer: Change-type: patch change-type: patch @@ -21016,7 +21452,8 @@ - subject: "tests: Add rollback tests to HUP suite" hash: 87e89fcf7b07180f3221602afc7a5b4dd8cd9e48 body: > - Adding rollback-health check & rollback-altboot check to the HUP suite + Adding rollback-health check & rollback-altboot check to the HUP + suite footer: Change-type: patch change-type: patch @@ -21040,7 +21477,8 @@ - subject: "tests: Remove reboot requirement from dnsmasq tests" hash: 1ea1985f7ebc56908d018c98211fd52f6fd6701c body: > - We no longer require reboots when changing dnsServers in config.json + We no longer require reboots when changing dnsServers in + config.json and the service should restart on it's own. footer: @@ -21111,7 +21549,8 @@ - subject: Make layer download resuming more resilient hash: 582487f832c59c2f734a780ab0492833f29002c9 body: > - This commit changes the way we retry layer downloads after failures with + This commit changes the way we retry layer downloads + after failures with the goal of making it more resilient, especially for cases involving @@ -21161,7 +21600,8 @@ - subject: Lock destination layers while delta is being processed hash: 0ad4281e11e4d3ef263010787aecd244c0ce333d body: > - During fingerpinting of the source image the destination layers are not + During fingerpinting of the source image the destination + layers are not exepmt from being released (e.g. when `balena image rm `) is run @@ -21213,7 +21653,8 @@ - subject: "storagemigration: defer commit to next start" hash: bd1628e67136b78ca7e7c83c5569666207d28a84 body: > - With this change the aufs data is kept around until the next time we + With this change the aufs data is kept around until the + next time we start. If we find both an aufs AND an overlay2 storage root, we cleanup @@ -21243,7 +21684,8 @@ - subject: "balena-config-vars: Restart target when config.json changes" hash: 51005c7a3178bdc73dcff5f790a693aa70936d06 body: > - The config.json watcher service will restart the config.json target + The config.json watcher service will restart the config.json + target when the file changes. Any services that are PartOf config.json @@ -21293,7 +21735,8 @@ - subject: "kernel-headers-test: Update base image to buster" hash: 57f6aee369e8ec4ab8b20ae82a03f8b8fd7aebe4 body: > - Since we don't have devices using older 3.x kernels we update to a newer + Since we don't have devices using older 3.x kernels we update to + a newer base image so that we don't have problems compiling this test kernel @@ -21350,7 +21793,8 @@ - subject: Check that the hostapp image fits the inactive partion on HUP hash: a0803fcfff0e908f4ed358d0568c4872bbcecade body: > - Currently it is possible to build a docker image that will then fail to + Currently it is possible to build a docker image that will then + fail to hup due to a lack of space on the inactive partition. @@ -21370,7 +21814,8 @@ - subject: "image-balena: Add check for docker image size" hash: 9a75a872dfcf0c3d71d4d5584241b65d07bd7103 body: > - Currently it is possible to build a docker image that will then fail to + Currently it is possible to build a docker image that will then + fail to hup due to a lack of space on the inactive partition. @@ -21388,7 +21833,8 @@ - subject: "balena-image: Break down the rootfs image size calculation" hash: 8a2b704bd5103ba6419328d0f9cc3d6b667ab5f5 body: > - Replace the IMAGE_ROOTFS_SIZE magic number with a calculation based on + Replace the IMAGE_ROOTFS_SIZE magic number with a calculation + based on the partition sizes on the balena image classes. @@ -21411,7 +21857,8 @@ - subject: "image_types_balena: Add rootfs size calculation function" hash: a4ede069d1ab7cbd2b6830574eb891f8c76a92a9 body: > - Instead of hardcoding the requested root filesystem value, let's explain + Instead of hardcoding the requested root filesystem value, let's + explain how the calculation is made with a python function that will adjust based @@ -21537,7 +21984,8 @@ - subject: "recipes-core: add a 'network connectivity wait' service" hash: a6781d54c6edced457ad916cac3fec9c70d25a0a body: > - Add a new systemd service to check for full network connectivity. + Add a new systemd service to check for full network + connectivity. This service is required because the default NetworkManager (NM) @@ -21648,7 +22096,8 @@ - subject: "balena-engine: refactor systemd service" hash: 8227a61f6bef6d93cc6a5acd0ef93a2012079964 body: > - This makes it easier to overwrite the arguments passed in the engine + This makes it easier to overwrite the arguments passed in the + engine unit from drop-in overwrites. See the development image drop-in unit for @@ -21748,7 +22197,8 @@ - subject: "kernel-headers-test: simplify example module Makefile" hash: 88df9d672d45b7d0bf59d4656654091c3bbfd56b body: > - The example kernel module has some unnecessary variables and targets. + The example kernel module has some unnecessary variables and + targets. Simplify this makefile by passing the kernel source directory to make, @@ -21768,7 +22218,8 @@ - subject: Add oneshot service to migrate supervisor state config hash: d965d23fe60db6254eaabd81a0d48b5718e01a3a body: > - The hostapp-update hooks would run before the supervisor update step + The hostapp-update hooks would run before the supervisor update + step when using balenahup via the dashboard. This resulted in the balena @@ -21810,8 +22261,8 @@ - subject: "bluez5: Disable PnP Device Information service" hash: afb3dc0441e9ed0f2f9a08de5dd2a9cc75f09ac3 body: > - This reverts to the behavior before v5.56 as it interferes with user - defined + This reverts to the behavior before v5.56 as it interferes with + user defined Device Information profiles. @@ -21830,7 +22281,8 @@ - subject: Revert Go 1.16 recipes hash: 4303346ccda6d3e3c4f83cc3782c73a6d1adb494 body: > - balena-engine requires fixes backported from upstream to support a newer + balena-engine requires fixes backported from upstream to support + a newer version of Go, and retaining the new recipes while switching back to the @@ -21869,7 +22321,8 @@ - subject: "hostapp-update-hooks: Migrate resin-supervisor to balena-supervisor" hash: 19a9bfc2f172368c8652a448e77a77563a5c32a4 body: > - After a hostapp-update we need to migrate the supervisor.conf currently + After a hostapp-update we need to migrate the supervisor.conf + currently mounted from /etc/resin-supervisor in the state cache partition. @@ -21903,7 +22356,8 @@ - subject: "hostapp-update-hooks: Sync to disk when hook is done" hash: 9688de53a3d6ae143b74bb1a7ea446b073755b27 body: > - This makes sure the hook changes are committed if the power is lost. + This makes sure the hook changes are committed if the power is + lost. footer: Change-type: patch change-type: patch @@ -21914,7 +22368,8 @@ - subject: "extract-balena-ca: Sync changes to disk in case of power loss" hash: 62302a2149b886b5e44cd2cc93bdc70e55227bb0 body: > - Sync changes to disk once the certificates have been updated. This + Sync changes to disk once the certificates have been updated. + This minimizes the risk of the custom CA to be committed without having the @@ -21930,7 +22385,8 @@ loss" hash: e5733363c4ba2a3e31c4613b34e66e072517d1c8 body: > - Commit disk modifications to minimize data loss in event of power loss. + Commit disk modifications to minimize data loss in event of + power loss. Fixes #2141 @@ -21947,7 +22403,8 @@ - subject: "bluez: Set policy configuration to AutoEnable" hash: 614eaf745b29f6e5f373f9c712a7c533373a6187 body: > - Since bluez 5.35, the bluetooth daemon has the ability to power on + Since bluez 5.35, the bluetooth daemon has the ability to power + on controllers instead of using the unreliable `hciconfig hci0 up`. @@ -21966,7 +22423,8 @@ - subject: "bluez5: Replace executable path directory in unit file" hash: 809da983829e97e5cddc424c4ff95054e2404ef0 body: > - The unit file is left with a placeholder to perform the substitution. + The unit file is left with a placeholder to perform the + substitution. Previously this was replaced by autoconf. footer: @@ -21993,7 +22451,8 @@ - subject: "balena-deploy: When deploying hostapp default to using slug as name" hash: d9ee5fa5f5a97de9c41c2acc13b6c7335e2b043f body: > - Using the device type is incorrect as aliases are not taken into account. + Using the device type is incorrect as aliases are not taken into + account. footer: Change-type: patch change-type: patch @@ -22004,7 +22463,8 @@ - subject: "balena-api: Do not use balena_lib_resolve_aliases" hash: d50cee134436914b4960254abd0a5cf28b40f764 body: > - That function is now for internal use, replace with balena_lig_get_slug() + That function is now for internal use, replace with + balena_lig_get_slug() which is clearer. footer: @@ -22017,7 +22477,8 @@ - subject: "balena_lib: Make resolve_aliases local so it is not globally used" hash: 45a0f62debdbf9e20d56e8bba8a9567359d7e8e4 body: > - The correct call is balena_lib_get_slug(device_type), which resolves + The correct call is balena_lib_get_slug(device_type), which + resolves aliases too. footer: @@ -22082,7 +22543,8 @@ - subject: "balena-deploy: Provide working directory when deploying hostapp" hash: c20241cdf161ca8f438c38e84f504dadfaeeadc0 body: > - When creating a public app, the workdir is used to retrieve the URL + When creating a public app, the workdir is used to retrieve the + URL used in the public app creation. footer: @@ -22098,7 +22560,8 @@ - subject: "balena-deploy-block: Do not add variant suffix to release tag" hash: 084154ac3c3d0d6d3ec4c7d2a21590815a61bb2f body: > - Fix the legacy way of tagging releases with a string variant and the OS + Fix the legacy way of tagging releases with a string variant and + the OS version as this is still being used by the UI. footer: @@ -22161,7 +22624,8 @@ - subject: "jenkins_build-blocks: Separate recipes and packages" hash: 0b7c0a0a14141bbeb6b29171763cac99d68d9830 body: > - Currently we are reading a package list from the contracts that mixes + Currently we are reading a package list from the contracts that + mixes recipe and package names, and we run bitbake with the `-k` flag not to @@ -22186,7 +22650,8 @@ - subject: "balena-lib: Generalize contract fetcher" hash: 2d01048848734b580b89bfdd41df13ef10a8d31f body: > - Instead of fetching a package list, fetch a composedOf list passing a + Instead of fetching a package list, fetch a composedOf list + passing a type. This allows to fetch `sw.package` and `sw.recipe` types. footer: @@ -22200,7 +22665,8 @@ '/work'" hash: 20baa1d287d95f95cb84797586afa73ed52f2db1 body: > - The installation directory is currently "/yocto/resin-board". This is + The installation directory is currently "/yocto/resin-board". + This is too long for the creation of per-task balena-engine sockets which have @@ -22243,7 +22709,8 @@ - subject: "balena-lib: contracts: Add package list fetcher" hash: f2e5ce081f9ef39bcff364ce4a8e9a9d0d806590 body: > - Add functions to retrieve a package list from a sw.package contract where + Add functions to retrieve a package list from a sw.package + contract where a yocto package based hostos block is defined. footer: @@ -22284,7 +22751,8 @@ - subject: Add a parsable representation of the changelog hash: 9bbc4207170e8db4e79c0d139653570fdc013f95 body: > - This file allows other components to uniquely parse the information that + This file allows other components to uniquely parse the + information that is contained in the changelog. It will be automatically managed by @@ -22318,8 +22786,8 @@ subject: "Dockerfile_yocto-block-build-env: Add container to build Yocto based hostOS blocks" body: >- - This container is based on the `balena-push-env` helper container and - includes + This container is based on the `balena-push-env` helper + container and includes an opkg application built from source. It is used to build Yocto IPK packaged @@ -22355,7 +22823,8 @@ signed-off-by: Alex Gonzalez subject: "README: Add brief introduction to the main scripts" body: >- - Add a short description of the helper build scripts that this repository + Add a short description of the helper build scripts that this + repository offers. - version: balena-yocto-scripts-1.13.0 @@ -22368,7 +22837,8 @@ signed-off-by: Alex Gonzalez subject: "barys: Replace supervisor tag with supervisor release version" body: >- - The latest meta-balena fetches the supervisor from the internal registry + The latest meta-balena fetches the supervisor from the internal + registry using the release version. - hash: 74a5bcaa4761f1f0bdf7ea8fba153540d33e2313 @@ -22378,7 +22848,8 @@ signed-off-by: Alex Gonzalez subject: "jenkins_build: Replace supervisor tag with supervisor release" body: >- - The latest meta-balena fetches the supervisor from the internal registry + The latest meta-balena fetches the supervisor from the internal + registry using the release version. - hash: 84958c3687ca2424903414ed2304937e11776b16 @@ -22408,7 +22879,8 @@ signed-off-by: Alex Gonzalez subject: "Dockerfile_yocto-build-env: Specify docker version" body: >- - This matches as closely as possible the version of the dind container + This matches as closely as possible the version of the dind + container used in the Yocto build. - hash: 830377a4530fa755334b2060a732a944122c86b4 @@ -22418,7 +22890,8 @@ signed-off-by: Alex Gonzalez subject: "balena-docker: Allow to control iptables and ipmasq flags" body: >- - When running multiple daemons, we don't want them to clash managing + When running multiple daemons, we don't want them to clash + managing iptables so we start redundant daemons with iptables and ipmasq set to @@ -22442,7 +22915,8 @@ subject: "balena-api: Set default argument value not to exist on nounset setting" body: >- - Scripts sourcing balena-api might set nounset, so assign empty values + Scripts sourcing balena-api might set nounset, so assign empty + values to optional arguments not to trigger an early exit. - hash: 094faf7defe8f3e5bdccb86cc88afb5eda13a635 @@ -22452,7 +22926,8 @@ signed-off-by: Alex Gonzalez subject: "balena-api: Allow access to OS developers to public apps" body: >- - This allows the OS developers to see these applications with their + This allows the OS developers to see these applications with + their Balena account tokens. - version: balena-yocto-scripts-1.12.13 @@ -22472,7 +22947,8 @@ signed-off-by: Alex Gonzalez subject: "balena-api: Add block images getter functions" body: >- - Add a set of utility functions to retrieve release images and parse them + Add a set of utility functions to retrieve release images and + parse them according to their labeling. - hash: 513b525a141ccb16796218b8b8b5a67a36faf208 @@ -22489,7 +22965,8 @@ signed-off-by: Alex Gonzalez subject: "balena-deploy-block: Create public app if required" body: >- - The script will, given the correct token, create a public app if it does + The script will, given the correct token, create a public app if + it does not exist. - hash: 5a86b9edc5e91c9164a976eb4c4f5ba41141c830 @@ -22500,7 +22977,8 @@ subject: "balena-lib: Fix device installation path when running in helper container" body: >- - Several functions require to know where the device installation directory + Several functions require to know where the device installation + directory is, and this differs when the scripts are copied to a container. - hash: 960f754b2b86a9264155bf9763b148674a5e2db5 @@ -22511,7 +22989,8 @@ subject: "balena-deploy: Fix device installation path when running in helper container" body: >- - Several functions require to know where the device installation directory + Several functions require to know where the device installation + directory is, and this differs when the scripts are copied to a container. - version: balena-yocto-scripts-1.12.12 @@ -22546,7 +23025,8 @@ signed-off-by: Alex Gonzalez subject: "balena-build: Add option to keep local containers" body: >- - This is helpful when developing locally not to continuously download + This is helpful when developing locally not to continuously + download the helper images. - hash: 8d7b725471e27ea8d4eb21d68b1e9855d4f5bbf1 @@ -22556,7 +23036,8 @@ signed-off-by: Alex Gonzalez subject: "yocto-build-env: Update Dockerfile to add host tools dependencies" body: >- - In preparation for replacing docker with balena-engine, add the required + In preparation for replacing docker with balena-engine, add the + required host dependencies. - hash: 8462659f7d2d738fcf736ce89085224d8ae79d3b @@ -22566,7 +23047,8 @@ signed-off-by: Alex Gonzalez subject: Shorten installation directory '/yocto/resin-board' to '/work' body: >- - The installation directory is currently "/yocto/resin-board". This is + The installation directory is currently "/yocto/resin-board". + This is too long for the creation of per-task balena-engine sockets which have @@ -22593,7 +23075,8 @@ signed-off-by: Alex Gonzalez subject: "balena-build: print submodule status" body: >- - Print the details of all submodules so that layers that are not part of + Print the details of all submodules so that layers that are not + part of bblayers, like balena-yocto-scripts, also get their sha1s displayed on @@ -22605,7 +23088,8 @@ signed-off-by: Alex Gonzalez subject: "balena-build: Correctly pass development images flag and amend usage" body: >- - The development image flag is not being correctly passed to barys. + The development image flag is not being correctly passed to + barys. Also, attemps to make the usage instructions clearer. - version: balena-yocto-scripts-1.12.9 @@ -22626,7 +23110,8 @@ subject: "balena-lib: Add function to resolve between contract slugs and Yocto machines" body: >- - Some device types have different Yocto machine names than contract + Some device types have different Yocto machine names than + contract slugs, so provide a function to translate. - hash: 4e8425ceab16ea6ad516438c8ffd5b968e0feaa0 @@ -22636,7 +23121,8 @@ signed-off-by: Alex Gonzalez subject: "balena-build: Do not exit if no SSH_AUTH_SOCK defined" body: >- - Environment that build public device types will probably have no use + Environment that build public device types will probably have no + use for ssh authentication, so print a warning but go on. - hash: ee9533ec9c3cdf8236cd92fe37aa382d5cc19214 @@ -22665,7 +23151,8 @@ signed-off-by: Alex Gonzalez subject: "balena-build: Fix development image build" body: >- - The development image flag is being set to the variant instead of a + The development image flag is being set to the variant instead + of a yes/no string. - hash: d83f1779fe8771f3e8fb0ad1e4a5ca3b2d0928fa @@ -22676,7 +23163,8 @@ subject: "jenkins_build-containers: Use a fixed length for the git short revision" body: >- - The short version length could be configured differently on different + The short version length could be configured differently on + different git installations so this commit specifies the length. - hash: 22d97d0e9f887c614c3e6a14bec3167e52d85ad8 @@ -22686,7 +23174,8 @@ signed-off-by: Alex Gonzalez subject: "balena-lib: Do not err when sourcing without a repository" body: >- - A global variable uses git to retrieve a sha1 revision. If this fails + A global variable uses git to retrieve a sha1 revision. If this + fails with the errexit option the script exists after sourcing this file. @@ -22707,7 +23196,8 @@ signed-off-by: Alex Gonzalez subject: "balena-api: Improve logs when setting version" body: >- - The set release version function would print a success message even when + The set release version function would print a success message + even when the patch operation failed. - hash: f53f813640d8104c5a9d2028c22e2b9d7725f070 @@ -22748,7 +23238,8 @@ signed-off-by: Alex Gonzalez subject: "balena-lib: Set default namespace if not defined" body: >- - The namespace variable can point to an alternative registry and it is + The namespace variable can point to an alternative registry and + it is useful for developing. This commit sets the default when not defined. - version: balena-yocto-scripts-1.12.5 @@ -22768,7 +23259,8 @@ signed-off-by: Alex Gonzalez subject: "balena-deploy-block: Adjust variables for common use" body: >- - This script is called either to deploy a bootable block (hostapp) or to + This script is called either to deploy a bootable block + (hostapp) or to deploy a standard block. This commit makes the environmental variables @@ -22788,7 +23280,8 @@ subject: "balena-deploy: Adjust balena_deploy_hostapp to new balena_deploy_block entrypoint arguments" body: >- - The arguments to balena-deploy-block.sh have been modified so it can be + The arguments to balena-deploy-block.sh have been modified so it + can be used from multiple places. - hash: c65bdb09be42904dce36ec4bb9c44804329ccd41 @@ -22822,7 +23315,8 @@ signed-off-by: Alex Gonzalez subject: "balena-api: Add is_dt_private function" body: >- - This looks for a device type JSON file and outputs whether the device is + This looks for a device type JSON file and outputs whether the + device is a private type. - hash: 6ca8f284de6d94e0d9db3e50f31410142080fefa @@ -22849,7 +23343,8 @@ subject: "balena_deploy: Add functions to deploy Jenkins artifacts to S3 and dockerhub" body: >- - These have been extracted from `jenkins_buils.sh` so that they can be + These have been extracted from `jenkins_buils.sh` so that they + can be reused if required. - hash: c02c3d7467d4127cb4611afb5fc3388a7d417600 @@ -22896,7 +23391,8 @@ signed-off-by: Alex Gonzalez subject: "balena-lib: Add commonly used utility functions" body: >- - Add functions to obtain Balena environment, token and login to the cloud, + Add functions to obtain Balena environment, token and login to + the cloud, as well as to retrieve both OS and meta-balena versions. - hash: bb538a7010b47b17a11e26f800feed162d712d2f @@ -22906,7 +23402,8 @@ signed-off-by: Alex Gonzalez subject: "jenkins_build-containers: Allow docker login for local development" body: >- - Only fix user and password from environment when in a Jenkins context. + Only fix user and password from environment when in a Jenkins + context. This allows to rebuild and deploy helper images to user repositories for @@ -22921,7 +23418,8 @@ subject: "barys: Add bitbake-args argument and make bitbake-target accept multiple arguments" body: >- - This commit extends barys so it accepts a list of bitbake arguments + This commit extends barys so it accepts a list of bitbake + arguments and/or target images. This will allow the flexibilty needed to build @@ -22948,7 +23446,8 @@ signed-off-by: Alex Gonzalez subject: "balena-api: Add script library with API calls" body: >- - This library is to be sourced by scripts that need to use the API to + This library is to be sourced by scripts that need to use the + API to obtain app or image specific information. - hash: dd5fa7375182bd03d2e37a53af7982d2d96ce825 @@ -22959,7 +23458,8 @@ subject: "balena-push-os-version: Rename to balena-deploy-block and set the release version on deploy" body: >- - Until "balena deploy" has this functionality let's perform a direct + Until "balena deploy" has this functionality let's perform a + direct API call. @@ -22990,7 +23490,8 @@ signed-off-by: Alex Gonzalez subject: "jenkins_build: Separate barys build functions" body: >- - Separate the call to barys to a scritpt library so it can be reused from + Separate the call to barys to a scritpt library so it can be + reused from other scripts. - hash: 9067812829783ad75636917b82c3229746c10c51 @@ -23000,7 +23501,8 @@ signed-off-by: Alex Gonzalez subject: "balena-deploy: Add script library for deploy logic" body: >- - Centralize all the deploy login in one script library starting with + Centralize all the deploy login in one script library starting + with balena_deploy_hostapp. - hash: 0ab60de60dc2e45f222b07acb7283cde02131863 @@ -23021,7 +23523,8 @@ signed-off-by: Kyle Harding subject: "barys: Improve template layer matching" body: >- - The current method does not support multiple layers named with names + The current method does not support multiple layers named with + names following `meta-balena-*` so this change will search for the required @@ -23039,8 +23542,8 @@ subject: "jenkins_build-container: Do not overwrite environment DOCKERFILES variable if provided" body: >- - Also, do not duplicate the variable that specifies current script - directory + Also, do not duplicate the variable that specifies current + script directory and perform a docker login so that new images can be deployed. - hash: 1fe8f585cef6ca9592d1ee3929d32b838f272833 @@ -23057,7 +23560,8 @@ signed-off-by: Alex Gonzalez subject: "balena-lib: Rename functions with the balena_lib prefix" body: >- - This makes them easy to identify and makes it clear where they come from + This makes them easy to identify and makes it clear where they + come from making the code more legible. @@ -23103,7 +23607,8 @@ subject: "Dockerfile_yocto_build-env: Refactor to update dockerd and use balena-docker" body: >- - Use common scripts to manage docker instances, and update the dockerd + Use common scripts to manage docker instances, and update the + dockerd daemon to the distribution supported stabel version. - hash: 5fb8f5c74565096ede89e42985f9b7ad7d59ef4a @@ -23184,7 +23689,8 @@ - subject: "README: Update supported Yocto versions" hash: cdbf76ccbaaf6e265f8432eca10d42e55b6969e8 body: > - Add the warrior and dunfell versions to the list of tested releases. + Add the warrior and dunfell versions to the list of tested + releases. footer: Change-type: patch change-type: patch @@ -23330,7 +23836,8 @@ - subject: "balena-os: Add preferred provider for Go native" hash: 20dd5fb4384e78f24d3e3304be38666fdcb859a8 body: > - With Go 1.16 a precompiled go-binary-native that provides go-native was + With Go 1.16 a precompiled go-binary-native that provides + go-native was introduced to bootstrap the Go compilation. @@ -23350,7 +23857,8 @@ - subject: "balena-engine: build in GOPATH mode" hash: 342a9621b5416d2a1f6aec3948dfdcfe15395d13 body: > - balena-engine hasn't transitioned to building with modules yet, and Go + balena-engine hasn't transitioned to building with modules yet, + and Go 1.16 enabled them by default. Revert to the old behavior for now to fix the build. @@ -23371,7 +23879,8 @@ - subject: "recipes-devtools: go: backport get_linuxloader" hash: 283e7d279ed26c2855b4916c24bb502e2d87a189 body: > - Hardknott introduces get_linuxloader() to linuxloader.bbclass that + Hardknott introduces get_linuxloader() to linuxloader.bbclass + that allows for dynamically choosing between different c libraries, which go @@ -23595,7 +24104,8 @@ - subject: Show warning instead of exception for invalid network config hash: 5197a1330d69cbff97f3c53a77f640638e074b8a body: > - A previous PR (#1656) fixed validation for network ipam config, + A previous PR (#1656) fixed validation for network ipam + config, checking that both network and subnet are defined for each ipam config entry @@ -23667,7 +24177,8 @@ - subject: Update balena-register-device and send extra info at provision time hash: 9e52bb33ac931a035b4cd0fd80173bf10db771c0 body: > - This extra info will mean the API is able to immediately set default + This extra info will mean the API is able to immediately + set default config vars based on the os/supervisor version so that they are @@ -23777,7 +24288,8 @@ - subject: Log error responses from API when reporting state hash: 2203f78d517a9edf75a261dd3c77cdf5b609548c body: > - This adds the error message from the API to journal logs to better + This adds the error message from the API to journal logs + to better identify those cases where patching to the API fails. footer: @@ -23808,7 +24320,8 @@ - subject: Remove version tag from livepush generated image hash: 9c1d10dc318bb7c207608ed197c5713960642af3 body: > - The `start-resin-supervisor` script in newer OS version no longer uses the + The `start-resin-supervisor` script in newer OS version + no longer uses the SUPERVISOR_TAG environment variable setup on supervisor.conf and @@ -23849,8 +24362,8 @@ - subject: Bump dockerode types to 2.5.34 hash: 95fb568aaeb0d5a0fa8b4b88f650b51d3b96786d body: > - This commit updates dockerode types to the latest 2.x version, removing - the need + This commit updates dockerode types to the latest 2.x + version, removing the need for custom composer types for network. @@ -23924,7 +24437,8 @@ - subject: Bump ssri from 6.0.1 to 6.0.2 hash: ae8dc8ff227237444ae532cf7e817bfc463fbac5 body: > - Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to 6.0.2. + Bumps [ssri](https://github.com/npm/ssri) from 6.0.1 to + 6.0.2. - [Release notes](https://github.com/npm/ssri/releases) @@ -23973,7 +24487,8 @@ - subject: "grub update hook: move variables from grub.cfg to grubenv" hash: 76c82dd987215982dbfcbdf950588dafdc4c129e body: > - In order to verify GPG signature of grub.cfg it must be immutable. + In order to verify GPG signature of grub.cfg it must be + immutable. All the variables should be stored in grubenv file. This means @@ -24025,7 +24540,8 @@ - subject: Update mobynit to the new multi-container hostOS specification hash: 93335381320815dbe7b2d21233106910a200e2f5 body: > - Update mobynit to use the new multi-container hostOS specification + Update mobynit to use the new multi-container hostOS + specification footer: Change-type: minor change-type: minor @@ -24041,7 +24557,8 @@ - subject: "balena-engine: Update to 19.03.18" hash: 32705abbf93971bdddb980fe0c7a01b40d229560 body: > - This brings in the aufs-to-overlay migrator. Which won't run until we + This brings in the aufs-to-overlay migrator. Which won't run + until we configure the engine service to include an `BALENA_MIGRATE_OVERLAY=1` @@ -24067,7 +24584,8 @@ mode" hash: 9de54188ea47e121a7f408ae1c65f70f53d3a634 body: > - We need to make sure the modem is completely initialized before sending + We need to make sure the modem is completely initialized before + sending the AT commands that do the switch to ECM mode. To achieve this we @@ -24096,8 +24614,8 @@ - subject: "device-progress: do not force an exit code" hash: f080936299781d121866de112e6930fa2f261fac body: > - this script is only used during provisioning and HUP. in provisioning we - `|| true` anyway, and + this script is only used during provisioning and HUP. in + provisioning we `|| true` anyway, and in HUP we would like to use the exit code for retrying footer: @@ -24126,7 +24644,8 @@ - subject: "meta-balena: rename resin-vars to balena-config-vars" hash: 7d019abde039a469212c59bcf6e1b7a94ed365d6 body: > - Rename the 'resin-vars' script to 'balena-config-vars' and update all + Rename the 'resin-vars' script to 'balena-config-vars' and + update all references. footer: @@ -24163,7 +24682,8 @@ - subject: "repo.yml: Move balena-supervisor reference to balena-os" hash: 7d9433e3c41c37ba3d9cea51d894b520be81d899 body: > - The balena-supervisor repository has been moved to balena-os so the + The balena-supervisor repository has been moved to balena-os so + the repo.yml file needs to be corrected for nested changelogs to work again. footer: @@ -24194,7 +24714,8 @@ - subject: "resin-mounts/etc-fake-hwclock: add dependency on resin-state services" hash: 2b07011844a2738aec033d88af29e3f6e0dd28a2 body: > - Added a dependency on resin-state.service and resin-state-reset.service + Added a dependency on resin-state.service and + resin-state-reset.service to etc-fake-hwclock.mount. @@ -24287,7 +24808,8 @@ - subject: "udev: Silence warnings from resin_update_state_probe" hash: 5a0bed933fd9730e507305c6098698c4a1970c6e body: > - At this moment resin_update_state_probe is scanning pretty much every + At this moment resin_update_state_probe is scanning pretty much + every block device for rootfs. This include ramdisks, zram and loop devices @@ -24352,7 +24874,8 @@ - subject: "hostapp-update: convert absolute symlinks to relative" hash: fa8b5a4d2836510c5257d75c65542d374f628407 body: > - Symlinks to /boot and /sbin/init are absolute, which breaks them when + Symlinks to /boot and /sbin/init are absolute, which breaks them + when the sysroot is mounted under another system. @@ -24396,7 +24919,8 @@ - subject: "image_types_balena: make agnostic to root fstype" hash: 71553d47174d8dc28777b0d0a6723418192ad8e4 body: > - Build BALENA_HOSTAPP_IMG path using BALENA_ROOT_FSTYPE instead of assuming + Build BALENA_HOSTAPP_IMG path using BALENA_ROOT_FSTYPE instead + of assuming the root is ext4. footer: @@ -24409,7 +24933,8 @@ - subject: "mkfs-hostapp-native: make agnostic to fstype" hash: 295976261f44650bd108eafcb53b3d24f6a28671 body: > - Remove assumptions about root fstype. Rename create to create.ext4, + Remove assumptions about root fstype. Rename create to + create.ext4, mkfs.hostapp-ext4 to mkfs.hostapp, and add an argument to mkfs.hostapp @@ -24429,7 +24954,8 @@ - subject: "balena: dissolve healthcheck-image-load into healthcheck script" hash: 7983e9bfd716aaedad1ef5f1468b2771e1f5a71c body: > - Previously we were loading the healthcheck image from it's own service + Previously we were loading the healthcheck image from it's own + service that was previously made `PartOf=` the balena.service. @@ -24473,7 +24999,8 @@ - subject: Fix disablement of userspace firmware loading requests hash: 98fad0bbfd179f16c5985a3281af25b4801af6e9 body: > - This option depends on FW_LOADER_USER_HELPER which will be enabled if + This option depends on FW_LOADER_USER_HELPER which will be + enabled if _FALLBACK is set to 'y', which is the default in the arm64 defconfig @@ -24530,7 +25057,8 @@ - subject: "os-config: rename flasher flag path" hash: 3622cc8cdf38f42c1f38fb6d5c67dde16631d6f0 body: > - As part of a full rename away from legacy resin namespaces the + As part of a full rename away from legacy resin + namespaces the following os-config compatibility changes are required to align @@ -24575,7 +25103,8 @@ - subject: Apply aufs patches if aufs is present in kernel config hash: 8094dc7a3a36cfc4f1c0da5be66dc666e29b7dbe body: > - Allow installing and patching aufs even if BALENA_STORAGE is overlay2 + Allow installing and patching aufs even if BALENA_STORAGE is + overlay2 footer: Change-type: patch change-type: patch @@ -24591,7 +25120,8 @@ - subject: "grub-efi: build required modules into grub image" hash: 5e1004d6753025166c40b11af117e008feb875f1 body: > - grub-efi requires modules to be installed in the boot partition, and + grub-efi requires modules to be installed in the boot partition, + and resin-image installs them from ${DEPLOYDIR}. @@ -24634,8 +25164,8 @@ - subject: "initrdscripts: always use by-uuid symlink looking for flasher rootfs" hash: d16ad58f6efe76c9313226735de88648e54d2420 body: > - If the device with flasher rootfs is slow to bring up and rootfs is - defined + If the device with flasher rootfs is slow to bring up and rootfs + is defined as UUID=xxx the waiting loop in rootfs initrd script would assume UUIDs have @@ -24670,7 +25200,8 @@ - subject: "balena: Make the healthcheck loading service part of balena.service" hash: c26f2d203a87d1578d9d52d5bbd8b0b18869916e body: > - This prevents issues with the health check when the image is manually + This prevents issues with the health check when the image is + manually removed. footer: @@ -24688,7 +25219,8 @@ - subject: "dnsmasq: enable dbus support" hash: 372980ca6aa6bd2793ac856c303c3b3ac4eeffdb body: > - This config option is disabled by default in the upstream package + This config option is disabled by default in the upstream + package so I'm including the change here as a separate commit. footer: @@ -24721,7 +25253,8 @@ - subject: "recipes-bsp: grub: install only release modules" hash: 78a8049218d8ce3a9172b7fca6fe00270544e7f1 body: > - GRUB builds modules with both debug and release variants, with *.module + GRUB builds modules with both debug and release variants, with + *.module and *.mod extensions respectively. @@ -24742,7 +25275,8 @@ - subject: "meta-balena-common: add grub-efi support" hash: 3bfbd05d81d59c82fb131117700325416fb152cb body: > - Use upstream grub and grub-efi recipes with a new grub-conf recipe + Use upstream grub and grub-efi recipes with a new grub-conf + recipe employing a config template. footer: @@ -24758,7 +25292,8 @@ - subject: Update PR template to specify test coverage in more detail hash: ce0bb95e1d045ef32c377d4fc9de959c6ebbfd88 body: > - All PRs should include details about test coverage, including whether the + All PRs should include details about test coverage, including + whether the tests are automated on manually recorded. footer: @@ -24913,7 +25448,8 @@ - subject: "networkmanager: add improved dispatcher scripts for NTP handling" hash: 23e52eaca7f0983ac6da27289fc293e43e7dbebd body: > - Update the existing DHCP dispatcher script for adding NTP sources to + Update the existing DHCP dispatcher script for adding NTP + sources to make use of dynamic chrony source configuration. Any DHCP configured @@ -24951,7 +25487,8 @@ - subject: "chrony: add sourcedir support and helper script" hash: d6c64b0a08b64593d6684605bd5268f28ff1b1c9 body: > - Add the 'sourcedir' parameter to the chrony configuration to support + Add the 'sourcedir' parameter to the chrony configuration to + support dynamic source configuration files. Any NTP source files that are @@ -25223,7 +25760,8 @@ - subject: Respect custom CA in supervisor hash: 4cf82392c78d804a18737de80dcfa6f8f34d0494 body: > - This is necessary because node has its own built-in CA bundle and ignores + This is necessary because node has its own built-in CA bundle + and ignores the system-wide bundle. Bind-mount the system-wide bundle to the supervisor @@ -25245,7 +25783,8 @@ - subject: "README: Rename resin-logo to balena-logo." hash: 47a7a0ab9a99ea45b4fcf4e684d973088328eca9 body: > - The file rename happened in v2.51 but the README has not been updated + The file rename happened in v2.51 but the README has not been + updated accordingly. footer: @@ -25325,7 +25864,8 @@ - subject: "u-boot: Add required configuration for BalenaOS environment" hash: 401345c86a3a017dc548a94c7afa3977d547fc21 body: > - The BalenaOS u-boot environment patch requires u-boot to support importing + The BalenaOS u-boot environment patch requires u-boot to support + importing and exporting of the environment as well as the fsuuid command. footer: @@ -25356,7 +25896,8 @@ - subject: Add IPV6 multicast routing capability hash: 510bb7a7107f538f56c35a87a7426e7c12a3cdb3 body: > - Add IPV6 multicast routing capability to the default configuration. + Add IPV6 multicast routing capability to the default + configuration. Fixes #2051 @@ -25411,7 +25952,8 @@ - subject: "resin-supervisor: Make sure the database directory exists" hash: d070fe38a3b2a91fcc7c07d716fa90fdd3e9d078 body: > - If this directory is removed by mistake, the supervisor will not be + If this directory is removed by mistake, the supervisor will not + be able to start. @@ -25501,7 +26043,8 @@ - subject: "systemd: update patches to avoid fuzzy matching" hash: 03d64e57466c66acd710b089c4ae8d777f963554 body: > - The content applied by the patches has not changed, just the context + The content applied by the patches has not changed, just the + context in order to properly inject changes without fuzzy matching since the source @@ -25572,7 +26115,8 @@ - subject: "networkmanager: remove deprecated bluetooth inherit" hash: 1993db9f3027936119248bd193e350456ba035bc body: > - In poky dunfell and newer the bluetooth class has been deprecated. + In poky dunfell and newer the bluetooth class has been + deprecated. footer: Change-type: patch change-type: patch @@ -25583,7 +26127,8 @@ - subject: "meta-balena-common: replace distro_features_check with features_check" hash: c907611d66aa4d2ff27f9940178cbcdbc2273459 body: > - Replace distro_features_check that was deprecated upstream in dunfell. + Replace distro_features_check that was deprecated upstream in + dunfell. footer: Change-type: patch change-type: patch @@ -25594,7 +26139,8 @@ - subject: "avahi: remove example services" hash: 317c7a6404195e78a21c76e43f8743a47cf542d1 body: > - In dunfell the example ssh service files don't exist so avoid failing + In dunfell the example ssh service files don't exist so avoid + failing during do_install for services that we don't use anyway. footer: @@ -25649,7 +26195,8 @@ - subject: "mtools: remove initialize-direntry patch" hash: c35b98165cc698188b978c34c7fb20f58a4c83e1 body: > - Remove initialize-direntry.patch that has been fixed in mtools 4.0.23 + Remove initialize-direntry.patch that has been fixed in mtools + 4.0.23 footer: Change-type: patch change-type: patch @@ -25660,7 +26207,8 @@ - subject: "meta-balena-dunfell: dunfell compatibility layer support" hash: e8c34101f13d0327ac278207c8d7d500214f5f6f body: > - Create meta-balena-dunfell layer base by copying meta-balena-warrior + Create meta-balena-dunfell layer base by copying + meta-balena-warrior footer: Change-type: minor change-type: minor @@ -25676,7 +26224,8 @@ - subject: "start-resin-supervisor: fix directory creation for 'balena start'" hash: ce9e4f211a2356a866edee5ca3dbada3faa27689 body: > - Ensure that the /var/log/supervisor-log directory exists prior to + Ensure that the /var/log/supervisor-log directory exists prior + to running 'balena start --attach resin_supervisor' as well as @@ -25723,7 +26272,8 @@ - subject: "zram-swap-init: adjust default to lesser of 50%/4GB" hash: 155af3386029a0e76b74ee60d58c32ba72073a82 body: > - Copied from Fedora zram defaults [0]. This may be adjusted later after + Copied from Fedora zram defaults [0]. This may be adjusted later + after doing our own profiling. @@ -25788,7 +26338,8 @@ - subject: "systemd/timeinit: improve RTC handling at boot" hash: 1c1374f3c8b5914b7e645f8068ebafc8b4cbbe3a body: > - The handling of the RTC at boot time has been improved as follows: + The handling of the RTC at boot time has been improved as + follows: 1) A 'timeinit-rtc.sh' script has been added to improve logging of @@ -25836,7 +26387,8 @@ - subject: "modemmanager: add u-blox-modeswitch scripts" hash: a30ab44f40f1c059e64075c567fc388800d960a4 body: > - Add the u-blox-modeswitch scripts to modemmanager. The scripts are + Add the u-blox-modeswitch scripts to modemmanager. The scripts + are generic and therefore it makes sense to provide them as part of @@ -25873,7 +26425,8 @@ - subject: Enable kernel user space probes support hash: 8af9bc8fbc58096d986d8db7df81a0c9505dc420 body: > - This is needed to make use of eBPF and all the debugging and extra + This is needed to make use of eBPF and all the debugging and + extra features it brings. footer: @@ -26027,7 +26580,8 @@ - subject: Improve calculation for used system memory hash: dd5f62227a0b0d2024db924e7028c9fec8b2b1d9 body: > - The memory information reported by the supervisor currently + The memory information reported by the supervisor + currently estimates the value of used memory as `MemTotal - MemFree`. @@ -26096,7 +26650,8 @@ - subject: Attempt a state report once every maxReportFrequency hash: 0e3c0263922043b9d53a7eb3545622106f10100c body: > - With the addition of the system information feature (CPU temp) etc if + With the addition of the system information feature (CPU + temp) etc if there wasn't any changes in the docker or config state of the device, @@ -26145,7 +26700,8 @@ - subject: "version: drop SUPERVISOR_VERSION env var" hash: 8e65466f2d8540918b1fa8d8af88d0c21fcbf7f8 body: > - In order to make supervisor upgrades more transparent, lets move away + In order to make supervisor upgrades more transparent, + lets move away from this env var since it requires a container restart any time the supervisor @@ -26167,7 +26723,8 @@ - subject: Fix supervisor deadlock during migration hash: adffde932ec28b114a5821b9ae332a42bb330be2 body: > - Due to the singleton work, when performing migration M00005 and there + Due to the singleton work, when performing migration + M00005 and there are apps with services created in the database, a deadlock occurs @@ -26204,7 +26761,8 @@ - subject: Fix config checks for ConfigFS backend hash: a5f3002e708c949b6de3c8ba495b2a89c13214fc body: > - When trying to apply SSDT overlays in Up Board, the supervisor currently + When trying to apply SSDT overlays in Up Board, the + supervisor currently gets stuck in a loop trying to apply target state. See #1465 @@ -26242,7 +26800,8 @@ - subject: "api: Implement scoped Supervisor API keys" hash: c08de8701e49f417d2fc5849d237b9ed69b438e2 body: > - Each service, when requesting access to the Supervisor API, will + Each service, when requesting access to the Supervisor + API, will now get an individual key which can be scoped to specific resources. @@ -26353,7 +26912,8 @@ - subject: "chrony: set the source UDP port for NTP requests to 123" hash: 6b95bd55f12054d996a412e7a6bc202e518b4e29 body: > - By default chrony uses a random UDP source port for each NTP request. + By default chrony uses a random UDP source port for each NTP + request. This can cause problems with particular routers/firewalls (issues have @@ -26402,7 +26962,8 @@ reboots" hash: 96c2c495819ba6175261a5179e1cdb4673552e6c body: > - In order to produce sensible timestamps for journald log messages: + In order to produce sensible timestamps for journald log + messages: a) the system time needs to be maintained correctly over a reboot, and @@ -26467,7 +27028,8 @@ - subject: "resin-mounts: add bind mount service for /etc/fake-hwclock" hash: 394aa52f77ec222e6fda856a92cd499bd464fa07 body: > - Add a persistent r/w location (root-overlay/etc/fake-hwclock/) to + Add a persistent r/w location (root-overlay/etc/fake-hwclock/) + to the resin-state partition for storage of the fake-hwclock.data file. @@ -26487,7 +27049,8 @@ - subject: Add host extensions support hash: 1d33429f0bc925bc97b4b7820aeb812eac9098d2 body: > - Add a new section that described the host extensions functionality. + Add a new section that described the host extensions + functionality. Fixes #1984 @@ -26503,7 +27066,8 @@ - subject: "packagegroup-resin: Add hostapp extensions update script" hash: a03e5c9eed5105c5af85c79df29546ec641d873c body: > - This commit adds the update-hostapp-extensions utility. It can be run + This commit adds the update-hostapp-extensions utility. It can + be run with: @@ -26518,7 +27082,8 @@ - subject: "hostapp-extensions-update: Add host extensions update script" hash: 0fe293eb118913e667b52b2f6df032227719efc8 body: > - This script triggers an installation or update of the hostapp extensions + This script triggers an installation or update of the hostapp + extensions in the system. @@ -26538,7 +27103,8 @@ - subject: "resin-vars: Parse the HOSTEXT_IMAGES variable from config.json" hash: 761f517f955f829e12b2c7f0a0f88830ded39e13 body: > - This variable allows the hostapp extensions updater script to update the + This variable allows the hostapp extensions updater script to + update the hostapp extensions in the system. footer: @@ -26551,7 +27117,8 @@ - subject: "docker-disk: Add the host extension images to the data partition" hash: cd44a94cf1646828832070417a2deb9236b0f5ee body: > - Host extension images contain extra content that is overlayed over the + Host extension images contain extra content that is overlayed + over the root filesystem at boot. @@ -26573,7 +27140,8 @@ - subject: "docker-disk: Generalize hostapp platform variable" hash: 416544bd9c7b7e9080857dc0258668f388a55aa7 body: > - Rename HELLO_PLATFORM to HOSTAPP_PLATFORM so it can be used with any + Rename HELLO_PLATFORM to HOSTAPP_PLATFORM so it can be used with + any app type. footer: @@ -26586,7 +27154,8 @@ - subject: "initrdscripts: Busybox switch_root does not support -c argument" hash: a62a8189825de9dbcf52dbb3116d213fc7ceb84f body: > - Calling busybox switch_root in this way has always been complaining but + Calling busybox switch_root in this way has always been + complaining but the error log did not get to the console. footer: @@ -26600,7 +27169,8 @@ mounted" hash: d70fbd050e5a1f7c695782b99187d583103111e0 body: > - Now that the data partition will be mounted from the initramfs for host + Now that the data partition will be mounted from the initramfs + for host extensions support, this script will only run if something went wrong. footer: @@ -26613,7 +27183,8 @@ - subject: "initrdscripts: Expand the resin-data filesystem" hash: 00cad826c157ac2d5c13137fb1023f1eb7570c58 body: > - As the resin-data partition will be mounted in the initramfs, its + As the resin-data partition will be mounted in the initramfs, + its filesystem needs to be expanded before that. footer: @@ -26626,7 +27197,8 @@ - subject: "initrdscripts: Add resin-data to fs UUID generation" hash: d2794dd2d559ca0c55a4cbab9ae5ef3c01ebdcf3 body: > - The resin-data partition will be mounted in the initramfs for the host + The resin-data partition will be mounted in the initramfs for + the host extension support so the UUID generation needs to happen before that. footer: @@ -26639,7 +27211,8 @@ - subject: "resin-data.mount: Remove default dependencies" hash: dc6cfa2e90b29b0fdcfc05c1b85e2196de4f950b body: > - With the data partition being mounted in the initramfs to support host + With the data partition being mounted in the initramfs to + support host extensions, the runtime systemd-udev no longer sees the resin-data mount @@ -26690,8 +27263,8 @@ - subject: "mobynit: Separate recipe from balena-engine" hash: 6be3f1153d56c1c0c21e6d84db7be70be96bcd10 body: > - This commit adds a new recipe to build mobynit independently from - balena-engine. + This commit adds a new recipe to build mobynit independently + from balena-engine. footer: Change-type: patch change-type: patch @@ -26815,7 +27388,8 @@ - subject: Respect balenaRootCA system-wide hash: 2218cb21d1fc813ac59c08b77046c5d014ad9a42 body: > - We allow the user to specify a custom CA in the .balenaRootCA key + We allow the user to specify a custom CA in the .balenaRootCA + key of config.json but at this moment each tool has to implement support @@ -27042,7 +27616,8 @@ - commits: - author: Paulo Castro body: >- - The change type is considered 'major' because, by default, errors are + The change type is considered 'major' because, + by default, errors are now thrown for relatively common occurrences such as authentication @@ -27248,7 +27823,8 @@ - commits: - author: Will Boyce body: >- - * Switch to `export ...` syntax (from `export = ...`) + * Switch to `export ...` syntax (from `export = + ...`) * Fix invalid export of class inheriting non-exported class footers: @@ -27500,7 +28076,8 @@ - subject: Pack /lib/vdso/Makefile in kernel-modules-headers hash: 37ce34cbb4d1ddb8af5a0eafb40fc16436b6e2b8 body: > - For the updated 5.4 kernel on RPI4, kernel-headers-test fails with + For the updated 5.4 kernel on RPI4, kernel-headers-test fails + with arch/arm64/kernel/vdso/Makefile lib/vdso/Makefile No such file or directory @@ -27557,7 +28134,8 @@ - subject: "bug: Allow DNS through firewall for local containers" hash: e9b536a889542588e2f79247ed7937c709fdf3d2 body: > - We provide a local DNS server for containers to use and this + We provide a local DNS server for containers to use and + this was not allowed through the firewall when enabled. footer: @@ -27658,7 +28236,8 @@ - subject: Remove handlebars-helpers to shrink bundle size hash: 1305553f48747e0e450c89254790e67674c252b7 body: > - We can re-add specific helpers as necessary without needing to bloat + We can re-add specific helpers as necessary + without needing to bloat with the entirety of the helpers package footer: @@ -27768,7 +28347,8 @@ - commits: - author: Juan Cruz Viotti body: >- - This is very similar to the cache class they use by default, with the + This is very similar to the cache class + they use by default, with the difference that it has a limit and won't grow indefinitely, causing @@ -27813,7 +28393,8 @@ - commits: - author: Lucian Buzzo body: >- - Only match elements with .filter() if the base schema (the schema with no + Only match elements with .filter() if + the base schema (the schema with no anyOf branches) matches the element. footers: @@ -27933,7 +28514,8 @@ - commits: - author: Giovanni Garufi body: >- - Merge multiple anyOf subschemas that match into a single one. + Merge multiple anyOf subschemas that + match into a single one. Add axioms in test footers: @@ -27957,7 +28539,8 @@ - commits: - author: Juan Cruz Viotti body: >- - This is a hack, and should be reverted once we get to the bottom of it. + This is a hack, and should be reverted + once we get to the bottom of it. It will impact performance, but right now there are things that should @@ -28028,8 +28611,8 @@ - commits: - author: Stevche Radevski body: >- - Handlebars supports very basic if condition checking, but it only checks - for + Handlebars supports very basic if condition + checking, but it only checks for existence of a field. There are times when we want to combine conditions in order @@ -28051,7 +28634,8 @@ - subject: Bump elliptic from 6.5.2 to 6.5.3 hash: c11004cd24fe66e6af7f16a79c0cc9e8847eb415 body: > - Bumps [elliptic](https://github.com/indutny/elliptic) from 6.5.2 to 6.5.3. + Bumps [elliptic](https://github.com/indutny/elliptic) + from 6.5.2 to 6.5.3. - [Release notes](https://github.com/indutny/elliptic/releases) @@ -28096,7 +28680,8 @@ - subject: Drop unnecessary async from request() hash: dfd4c8c39327fe2e1706a8180e3c3f56d4229b77 body: > - This allows consumers like pinejs-client-supertest + This allows consumers like + pinejs-client-supertest to have all the methods returning different Promise @@ -28265,7 +28850,8 @@ - subject: "flasher-register: if no supervisor information found, report null" hash: dee971c0dbeb6e8363f3e321af582e99627626e9 body: > - In b791055f3f6ffd6cc5796569a7321c5060129eea I attempted to have flasher + In b791055f3f6ffd6cc5796569a7321c5060129eea I attempted to have + flasher images report their preconfigured supervisor version without a good @@ -28319,8 +28905,8 @@ supervisor state" hash: 6208f065e59d9c15e10e872bff788c0b80020983 body: > - Recently the supervisor added a codepath that assumes no files underneath - it will change during runtime. + Recently the supervisor added a codepath that assumes no files + underneath it will change during runtime. OS update hooks can trigger a condition whereby the supervisor reboots the device during a HUP, @@ -28384,7 +28970,8 @@ - subject: "common: Fix bug where aliases might be undefined" hash: 60132134deffd770a40d1e6f18fdd87cb2f9f52e body: > - Should handle the scenario where the network aliases are undefined. + Should handle the scenario where the network aliases are + undefined. footer: Change-type: patch change-type: patch @@ -28400,7 +28987,8 @@ - subject: "resin-supervisor: Create required directories before launch" hash: 7be7738c655e37e48c1a98f9e1e0ff2795d66bf8 body: > - On commit a4ce26caadabcb1e87d944d78218cc32c579914e the supervisor moved + On commit a4ce26caadabcb1e87d944d78218cc32c579914e the + supervisor moved from using --volume to using --mount to avoid the implicit creation of @@ -28442,7 +29030,8 @@ - subject: Bump lodash from 4.17.15 to 4.17.19 hash: 01655b595555ae63ea1b70d623451c9ad3ec03dd body: > - Bumps [lodash](https://github.com/lodash/lodash) from 4.17.15 to 4.17.19. + Bumps [lodash](https://github.com/lodash/lodash) from + 4.17.15 to 4.17.19. - [Release notes](https://github.com/lodash/lodash/releases) @@ -28570,7 +29159,8 @@ - subject: Force choosing busybox-hwclock over util-linux-hwclock hash: 86dd4c761038ab0214a1fca8dd2839b4dbddfa39 body: > - Otherwise, as util-linux has a higher default alternative priority, the + Otherwise, as util-linux has a higher default alternative + priority, the version in util-linux is chosen. It would seem they are exchangeable, but @@ -28595,7 +29185,8 @@ - subject: "provisioning: provide base supervisor_version during provision" hash: b791055f3f6ffd6cc5796569a7321c5060129eea body: > - In order to get closer to formally requiring a target supervisor release + In order to get closer to formally requiring a target supervisor + release in the model, we should expand our provisioning process to provide the @@ -28646,7 +29237,8 @@ - subject: "resin-supervisor: Create required directories before launch" hash: a93bd242d37246da83c1fa4368174d89b5c045f4 body: > - On commit a4ce26caadabcb1e87d944d78218cc32c579914e the supervisor moved + On commit a4ce26caadabcb1e87d944d78218cc32c579914e the + supervisor moved from using --volume to using --mount to avoid the implicit creation of @@ -28717,7 +29309,8 @@ - subject: "docker-disk: Update to still supported dind container" hash: e325ab34b9d7f14ad5a0d85b36b02ee1e2b7fdf8 body: > - The `docker` Docker Hub repository lists what versions of the image + The `docker` Docker Hub repository lists what versions of the + image are supported and 18.6 is not among them at all. Use the current stable @@ -28777,7 +29370,8 @@ container. hash: 0fd442943d6b6c802df2f6e35d334ecde0f748e9 body: > - This makes sure the source path refers to an existing file/directory on + This makes sure the source path refers to an existing + file/directory on the host. @@ -28820,7 +29414,8 @@ - subject: "bug: Fix unhandled promise rejection" hash: 898c7e71dae28aa046bdd3e075ecf0d6aa364142 body: > - When invoking iptables-restore it can fail. This wasn't handled + When invoking iptables-restore it can fail. This wasn't + handled and this makes sure that it fails gracefully. footer: @@ -28905,7 +29500,8 @@ - subject: "avahi: Control with HOST_DISCOVERABILITY" hash: 03ca0ee9add9872b5577833971b43682ae6cc427 body: > - The host config variable HOST_DISCOVERABILITY can be set to + The host config variable HOST_DISCOVERABILITY can be set + to true or false, controlling the state of the avahi service. This @@ -28922,7 +29518,8 @@ - subject: "firewall: Add Host Firewall functionality" hash: 28c5a44e714a3f155fbd528d0ec672dec1d96ef8 body: > - Controlled by BALENA_HOST_FIREWALL_MODE, the firewall can + Controlled by BALENA_HOST_FIREWALL_MODE, the firewall + can either be 'on' or 'off'. @@ -28955,7 +29552,8 @@ - subject: "state: Report device MAC address to the API" hash: 1b91ef3405d1d2013cbdd6381ed69256c6432d18 body: > - When reporting device information, send the MAC address of any + When reporting device information, send the MAC address + of any interfaces on the system. Also expose in the Supervisor API at @@ -29202,7 +29800,9 @@ - subject: "🐛: Fix missing `deprecated.getStringParams` function" hash: 53edb7e7485acd4310e9b04291894f6ab746285a body: > - The function `deprecated.getStringParams` was used, but + The function + `deprecated.getStringParams` was used, + but not defined. footer: @@ -29334,7 +29934,8 @@ - subject: Add 'upsert' method supporting natural keys, requires Pinejs ^10.19.1 hash: c8ebfceec3ecc1cc57ee6942db35730c6d993192 body: > - Detects unique constrain errors by 409 statusCodes. + Detects unique constrain errors by 409 + statusCodes. Because of this, the upsert() method is only @@ -29607,8 +30208,8 @@ - subject: Add label to expose gpu to container hash: ae646a07ec6a6c96f7cb91f1d37898a94dbab47a body: > - In the absence of an upstream implementation of the DeviceRequest API - introduced + In the absence of an upstream implementation of the + DeviceRequest API introduced as part of Docker API v1.40 we roll our own using a feature label. @@ -29641,7 +30242,8 @@ - subject: Move database app processing out to its own module hash: b31d5007fba001fcb71f5103447823f9a27bbfaa body: > - This is part of the work to make the application-manager module much + This is part of the work to make the application-manager + module much less monolithic, in preperation for system apps and more generally @@ -29693,7 +30295,8 @@ - subject: "fix: API auth missing on state GET/PATCH" hash: b89425c6079b74c709ef9872c6fc53726ffda6d3 body: > - When performing a state GET/PATCH the authentication header was being + When performing a state GET/PATCH the authentication + header was being missed off. footer: @@ -29844,8 +30447,8 @@ - subject: Make the db module a singleton hash: 1d7381327e3114c0d005316846429d26b01a3e4c body: > - We were treating the database class as a singleton, but still having to - pass + We were treating the database class as a singleton, but + still having to pass around the db instance. Now we can simply require the db module and have @@ -29945,7 +30548,8 @@ - subject: "kernel-resin: Make USB_SERIAL and USB_SERIAL_GENERIC built-ins" hash: 32c3f173fa4b8dc69f5ce8dc404d36585ab94c5b body: > - These variables are defined as a bool and not tristate so they cannot be + These variables are defined as a bool and not tristate so they + cannot be configured as a module. footer: @@ -29957,7 +30561,8 @@ - subject: "kernel-resin: Fix configuration warnings from newer kernels" hash: 819b7276aaa7ac4b4492fb9800ea074085c1ca82 body: > - Also, make the security section not checked by the builder as these + Also, make the security section not checked by the builder as + these configurations have disappeared from kernels > v4.8 footer: @@ -29969,7 +30574,8 @@ - subject: "kernel-resin: Update balena kernel configuration for updated engine" hash: f57846a1246e8fff506c95ee22c3347d83a5ec2e body: > - Also, move configuration that will not be present in newer kernels to + Also, move configuration that will not be present in newer + kernels to RESIN_CONFIGS_DEP so the kernel check task does not complain when not @@ -30016,7 +30622,8 @@ - subject: "systemd-zram-swap: Add compressed memory swap support" hash: 4c5156543852a6c2d963bf33f4e4307a7cb303cb body: > - This enables a compressed RAM swap of 25% of total system memory or 1GB, + This enables a compressed RAM swap of 25% of total system memory + or 1GB, whichever smallest. @@ -30048,7 +30655,8 @@ - subject: "kernel-resin: Built-in zram configuration" hash: 2fcf092e08349bc66a2a90172668024e8a589d22 body: > - In preparation to using zram swap drives make this configuration built-in + In preparation to using zram swap drives make this configuration + built-in so it is available in the initramfs. footer: @@ -30063,7 +30671,8 @@ - subject: "resin-ntp-config: merge 'burst' command with 'add server' line" hash: 034ff61a58f30a980514157412c0455b52ddf744 body: > - When the user supplies an additional NTP server source which is a + When the user supplies an additional NTP server source which is + a pool URL the 'burst' command may fail. This occurs when the pool @@ -30111,7 +30720,8 @@ - subject: "initrdscripts: rootfs: Fix comparison to account for empty variable" hash: 63b3fac98b09f2a98ca44223f98cbc7c419197e3 body: > - Enclosing bootparam_root in between quotes makes the comparison work as + Enclosing bootparam_root in between quotes makes the comparison + work as expected with an empty argument. footer: @@ -30139,7 +30749,8 @@ - subject: Set chrony default servers as pools hash: 881e217ac1b1818237afb20312fd593259f44e2a body: > - the `maxsources` directive is simply to maintain the current behavior of + the `maxsources` directive is simply to maintain the current + behavior of resolving four servers for synchronization. as noted in chrony's docs: @@ -30495,7 +31106,8 @@ - subject: No user impact, subtle fix in rollback version checks hash: 38717507b93962d199e07d9093382b8db4ec5d81 body: > - ESR releases have the VERSION string in /etc/os-release in a date + ESR releases have the VERSION string in /etc/os-release in a + date format. 2019.10.0 etc. @@ -30561,7 +31173,8 @@ some reason hash: 074f42aeaf98d2ede68a29d7f7d97cd17dc61f15 body: > - The default behaviour is Restart=on-abort inherited from upstream. + The default behaviour is Restart=on-abort inherited from + upstream. Lets make it Restart=always @@ -30675,7 +31288,8 @@ is no delay hash: ff9e5c26ce7caa694725d7009943db0713655be6 body: > - Customers usually don't need this delay during u-boot. Also in some + Customers usually don't need this delay during u-boot. Also in + some cases, hardware attached on the uart pins might pause uboot preventing @@ -30718,7 +31332,8 @@ - subject: "resin-supervisor: Expose container ID via env variable" hash: 27d76cd9441ad427342f53b7e5b865129dd05557 body: > - The supervisor needs to know its container ID on the context of different + The supervisor needs to know its container ID on the context of + different engine objects cleanup tasks, so it can understand what objects are @@ -30764,7 +31379,8 @@ precautionary measure. hash: 67bff0700e921a8adbceb4a3b77af2ed39415fa8 body: > - PasswordAuthentication defaults to yes. Make it no for production + PasswordAuthentication defaults to yes. Make it no for + production images. @@ -30786,7 +31402,8 @@ - subject: Update balena-engine to 18.9.10 hash: 9fa56fef4b2b34671951a09e241bb2623dd6d96c body: > - Includes feature to populate container environment with container id + Includes feature to populate container environment with + container id variable and bug fix for tagging deltas on the fly. footer: @@ -30842,7 +31459,8 @@ - subject: Add support for balena cloud SSH public keys hash: 76e774ff132d7cf23a729c3d587c9fd1354a969f body: > - When we have an API endpoint and key, we can query the API to get the + When we have an API endpoint and key, we can query the API to + get the user public keys and use them to try to authenticate over SSH. footer: @@ -30856,7 +31474,8 @@ - subject: Map any user to root using libnss-ato hash: 55ba5767199205ee945a5e69152a28e023e35397 body: > - This module was included to be able to map any user to root. This + This module was included to be able to map any user to root. + This is required by the balena-cloud backend. footer: @@ -30870,7 +31489,8 @@ - subject: Add option to disable kernel headers from being built. hash: 1f5940898a654c770858f802ea978ddb986082f4 body: > - These can take quite a bit of build time. Add an option to disable + These can take quite a bit of build time. Add an option to + disable the recipes from being built. @@ -30917,7 +31537,8 @@ reason hash: b5574aeb86ea6b6763f1c25c4b53a45d3e207eb5 body: > - We would just check for the existence of console=null in kernel cmdline + We would just check for the existence of console=null in kernel + cmdline A better way would be to check the presence of a valid symlink for fd0, @@ -30936,7 +31557,8 @@ - subject: Add automated testing for external kernel module header tarballs hash: aef272d20b471308790bfa63426f73a3ce334884 body: > - We'd like to run a simple hello-world external module build test using + We'd like to run a simple hello-world external module build test + using the headers we have generated. This recipe does that in a docker @@ -30978,7 +31600,8 @@ balenaEngine hash: a79f18a3e094721d1fc134afbae7a4773b697414 body: > - The default driver is cgroupfs. We switch to systemd so that there is + The default driver is cgroupfs. We switch to systemd so that + there is one cgroup manager in our OS. @@ -31256,7 +31879,8 @@ when altboot triggered hash: 856a3d1ad8dbf3b7a87689bbedac23c9148b3d79 body: > - PR #1441 changed mnt-sysroot-inactive to an automount. But there is no + PR #1441 changed mnt-sysroot-inactive to an automount. But there + is no way to easily add a udev dependency to the automount. As a result, @@ -31291,7 +31915,8 @@ - subject: Fix a hang in initramfs for warrior production images hash: 4c44265a7dd13760a89c235068500bf6f315f651 body: > - When `console=null` is passed in the kernel cmdline for production + When `console=null` is passed in the kernel cmdline for + production images, the system doesn't boot. Traced to initramfs not starting any @@ -31324,7 +31949,8 @@ - subject: Avoid overlayfs mounts in poky's volatile-binds hash: b7b6163d955a3bf76a1759b60ed82ccc5fcce6d0 body: > - Our root filesystem is overlayfs or aufs. When latter, the system + Our root filesystem is overlayfs or aufs. When latter, the + system crashes when reading a lower directory file. We avoid this by always @@ -31358,7 +31984,8 @@ filled the state partition. Vacuum the journal on boot. hash: 8284da08f245ed6da8308d558bb8dfcc66de9691 body: > - We have found a rare corner case bug where the journal bloats beyond + We have found a rare corner case bug where the journal bloats + beyond its limit and fills the state partition. Triggering a vacuum on reboot @@ -31400,7 +32027,8 @@ rollback. hash: 7e5843d6542d13d278d2a42da2f787ada8bfa229 body: > - After a HUP, until rollbacks clears its state, the supervisor(or user) + After a HUP, until rollbacks clears its state, the supervisor(or + user) can trigger good reboots. These reboots might be seen by the bootloader @@ -31426,7 +32054,8 @@ 2 seconds delay for development images hash: f50952f6e91541f4c07ef14612a71174b9417124 body: > - We'd like to split dev and prod uboot config fragments. Dev images can + We'd like to split dev and prod uboot config fragments. Dev + images can have a 2 second u-boot delay to facilitate debugging. While prod images @@ -31445,7 +32074,8 @@ Required for rollbacks to work hash: 7051a1bda83d53e08148eea953ee2653fd915743 body: > - We'd like to enable some config options for all devices via meta-balena + We'd like to enable some config options for all devices via + meta-balena The support is mainline since warrior. Lets copy it in meta-balena @@ -31470,7 +32100,8 @@ meta-balena. hash: aa0a389ea92a71123813f291833fea61f4965164 body: > - U-boot has its own bootcount framework. However, that will require + U-boot has its own bootcount framework. However, that will + require handling in each device type. We will use u-boot shell commands @@ -31629,7 +32260,8 @@ container as well hash: 15169084fe9355e6be997712a614e383a71555c9 body: > - Occasionally balena ps and balena info work but the balena daemon is + Occasionally balena ps and balena info work but the balena + daemon is unable to start a new container. This is usually when something in runc @@ -31706,7 +32338,8 @@ - subject: Reduce data partition size from 1G to 192M hash: 2270940edfd32a4dd3a3670aa1fb62eb2557f706 body: > - The data partition contains the supervisor which is only about 61M on + The data partition contains the supervisor which is only about + 61M on the pi3. We compress the data partition later on so don't notice these @@ -31763,7 +32396,8 @@ issue on kernel 5.0.3 hash: 10846e50674185b7c3126e45ad42f3927c822415 body: > - This version fixes the use of wrong fixdep binary (the bug makes it use + This version fixes the use of wrong fixdep binary (the bug makes + it use target fixdep binary instead of cross fixdep binary) used for compiling @@ -31824,7 +32458,8 @@ - subject: Fix kernel-devsrc on thud when kernel version < 4.10 hash: c4cd6307ac3ae86a8d34b91d9dc82b6d3310db9b body: > - Thud breaks when building against kernel version < 4.10. This is a known + Thud breaks when building against kernel version < 4.10. This is + a known issue which is fixed in poky warrior[1]. This patch includes a @@ -31846,7 +32481,8 @@ - subject: Fix VERSION_ID os-release to be semver complient hash: fecb50757c10e392d46dec6fd24360f778a87a43 body: > - Poky, following os-release(5), sanitizes VERSION_ID accordingly but in + Poky, following os-release(5), sanitizes VERSION_ID accordingly + but in doing so it produces a nonisemver compliant version. For example: @@ -31868,8 +32504,8 @@ - subject: Introduce META_BALENA_VERSION in os-release hash: b0e0c77a26f3fad51e2923ab416fdd2af2a5a033 body: > - Since #1550, os-release doesn't reference meta-balena distro version - anymore. Restore + Since #1550, os-release doesn't reference meta-balena distro + version anymore. Restore that by providing this information in a new variable called META_BALENA_VERSION. @@ -31885,7 +32521,8 @@ file at build time and using stale values. hash: b40271867c3249566775cfb870a6176bc47d503f body: > - Currently once config_resin.h is generated, a change in these variables + Currently once config_resin.h is generated, a change in these + variables doesn't regenerate the file. Add vardeps so that bitbake can regenerate @@ -31906,7 +32543,8 @@ - subject: Use all.rp_filter=2 as the default value in balenaOS hash: 2fe90f3316a9394db0a060ec976d23fa97d4f00a body: > - This change backports a PR[1] that is already in systemd and will come + This change backports a PR[1] that is already in systemd and + will come included by default from the version in Yocto warrior. @@ -31936,7 +32574,8 @@ - subject: Persist bluetooth storage data over reboots hash: 3815e42f24167c0ce84a39cf0653434bacb0bd88 body: > - Currently, bluez's storage data is set to /var/lib/bluetooth which + Currently, bluez's storage data is set to /var/lib/bluetooth + which in turn is a tmpfs location. We want this location persistent so we can @@ -31959,7 +32598,8 @@ - subject: Drop support for morty and krogoth Yocto versions hash: 85c1eda1eeade2e5d5a1153d9c737225de0b3ee2 body: > - We have been deprecating these layers since v2.30.0. It's time to drop + We have been deprecating these layers since v2.30.0. It's time + to drop this support completely. footer: @@ -31984,7 +32624,8 @@ - subject: Set both VERSION_ID and VERSION in os-release to host OS version hash: 40347f618b3b70ccc5f40e924990197ae9fa7e6b body: > - VERSION and VERSION_ID had a slightly different semantics in balenaOS. + VERSION and VERSION_ID had a slightly different semantics in + balenaOS. VERSION was referring to the BalenaOS (host OS) version (which is coming from @@ -32006,7 +32647,8 @@ - subject: Bump balena-engine to 18.9.6 hash: 3af08fe6d30b5f0f8148c6820cda1cca3076bf00 body: > - In preparation for warrior. Bumps containerd which works with the newer + In preparation for warrior. Bumps containerd which works with + the newer systemd in warrior. footer: @@ -32020,7 +32662,8 @@ - subject: Downgrade balena-supervisor to v9.15.7 hash: c3616e19967e30726048018161fd4763d3d45773 body: > - This is done because a feature (RESIN_SUPERVISOR_MIXPANEL_REPORT) needs + This is done because a feature + (RESIN_SUPERVISOR_MIXPANEL_REPORT) needs more work before releasing in production. footer: @@ -32034,7 +32677,8 @@ - subject: Switch from dropbear to openSSH hash: ef33f21cdb7283c6f62590b1fe3d37c7fbd4df99 body: > - This is done for the "AuthorizedKeysCommand" in openSSH which in turn is + This is done for the "AuthorizedKeysCommand" in openSSH which in + turn is used by the balena backend. @@ -32089,7 +32733,8 @@ - subject: "kernel-modules-headers: Update to v0.0.18" hash: 9c1fb61a96351c112b98544117b90c4986445516 body: > - This update includes an arch64 fix (module.lds) and one for passing the + This update includes an arch64 fix (module.lds) and one for + passing the correct LD flags. footer: @@ -32101,7 +32746,8 @@ - subject: "os-config: Update to v1.1.1 to fix mDNS" hash: 8d44decba7a252bfb4399622898d18e28367c4fa body: > - os-config has a dependency on reqwest which broke mdns on 9.6. The new + os-config has a dependency on reqwest which broke mdns on 9.6. + The new os-config updated this version to one that restored this functionality. @@ -32116,7 +32762,8 @@ - subject: Fix busybox nslookup mdns lookups hash: 157a06ad295a1f03635f8291dfc4dfe3358caa9c body: > - Since 1.29, busybox switched to an internal implementation of the + Since 1.29, busybox switched to an internal implementation of + the resolver based on a feature config, NSLOOKUP_BIG. This is enabled by @@ -32147,7 +32794,8 @@ - subject: Improve logging and version comparison in linux-firmware cleanup class hash: 6500c7f020133833b820f9152c22b8e45794542c body: > - This adds an easier to debug logging that shows both removed and kept + This adds an easier to debug logging that shows both removed and + kept firmwares. For example: @@ -32221,7 +32869,8 @@ - subject: Cleanup old versions of iwlwifi firmware files in Yocto Thud hash: 65122b0689d75d49b338595ec6813b1acad59223 body: > - This is done so we can save considerable amount of space on the root + This is done so we can save considerable amount of space on the + root partition. @@ -32252,7 +32901,8 @@ - subject: Add uboot support for unified kernel cmdline arguments hash: 35046288e2878f85e4bc33a0cb993e32d4d5aa9a body: > - This adds set_os_cmdline which defines os_cmdline so that BSPs can + This adds set_os_cmdline which defines os_cmdline so that BSPs + can import it in their bootargs and pass it to kernel accordingly. Also, as @@ -32295,7 +32945,8 @@ - subject: Improve boot speed by only mounting the inactive partition when needed hash: 28fc12ef94bc8e9a083bc5b1e8052fdb685453c2 body: > - The inactive partition is only needed for HUP or rollbacks. This commit + The inactive partition is only needed for HUP or rollbacks. This + commit changes the mnt-sysroot-inactive.service unit to an automount so that @@ -32370,7 +33021,8 @@ config.json hash: 2585af4a34abcd6ced3dcd0c70913ef1cdfe019d body: > - We'd like connectivity checking so that Network Manager can update + We'd like connectivity checking so that Network Manager can + update route metrics for devices that have multiple network interfaces. footer: @@ -32386,7 +33038,8 @@ - subject: "systemd: Fix journald configuration file" hash: b1cc7829758969112aae599ea0b986624596b8c6 body: > - 9a8f1f1b744248964d4d1b2eb2c8dd732a753980 switched to a config file + 9a8f1f1b744248964d4d1b2eb2c8dd732a753980 switched to a config + file fragment but when doing so the section was missed. This patch fixes @@ -32429,7 +33082,8 @@ expand etc. command output hash: 580a6fb37f5c077d3c80957db02d7cfd3376fdc5 body: > - We run some operations in the initramfs. fsck, expand partitions etc. + We run some operations in the initramfs. fsck, expand partitions + etc. Any error messages or warnings printed here are invisible in production @@ -32505,7 +33159,8 @@ - subject: Update rust to 1.33 hash: 1d223bb64d3668d9fcec6be2438d46acdabadc27 body: > - This is needed so that os-config from meta-balena can be updated to 1.1.0. + This is needed so that os-config from meta-balena can be updated to + 1.1.0. footer: Changelog-entry: Update rust to 1.33 changelog-entry: Update rust to 1.33 @@ -32527,7 +33182,8 @@ - subject: Fixes for sysroot symlinks creation hash: b7a6412e6368d3d562ff1ca2fb06be92a24a8548 body: > - When we set the udev rule we use IMPORT{program} to know what symlinks + When we set the udev rule we use IMPORT{program} to know what + symlinks to create in the sysroot directory. The problem is that we don't use @@ -32578,7 +33234,8 @@ - subject: Make security flags inclusion yocto version specific hash: 9571c572e4abcd1ea5951fa408b1543bc40db8c9 body: > - Since thud, poky distro file on which balena OS is based, already + Since thud, poky distro file on which balena OS is based, + already includes security_flags.inc. Because of this change, this version throws @@ -32617,7 +33274,8 @@ - subject: "systemd: Make directory warning patch yocto version specific" hash: 7bedeb98520b6b1bc995b4484f6b61d347a0befe body: > - We used to have this patch applied for all the supported yocto versions. + We used to have this patch applied for all the supported yocto + versions. Since thud, this patch is included by default so this change backports @@ -32633,7 +33291,8 @@ - subject: Replace wireless tools by iw hash: 81839342bebec4ca915f091607bb3977dc02d675 body: > - From yocto thud, wireless-tools recipe was removed and the iw can be + From yocto thud, wireless-tools recipe was removed and the iw + can be used as a replacement. We switch as well in preparation for thud @@ -32649,7 +33308,8 @@ - subject: "systemd: Use a conf.d file for journald configuration" hash: 9a8f1f1b744248964d4d1b2eb2c8dd732a753980 body: > - Since yocto thud systemd main configuration files are part of another + Since yocto thud systemd main configuration files are part of + another recipe - systemd-conf. See poky commit: @@ -32666,7 +33326,8 @@ - subject: Set go verison to 1.10.8 to match balena-engine requirements hash: 1f92a80e4a768bdff4646ccd31cc5c815a114be6 body: > - The reason for including this version is that balena-engine requires + The reason for including this version is that balena-engine + requires newer go compiler and also we want to unify it across our supported @@ -32704,8 +33365,8 @@ - subject: "resin-u-boot: make devtool-compatible" hash: fb727b680fbfad8db39c2b491e49f1568c111436 body: > - devtool moves the files from the WORKDIR into ${S}/oe-local-files which - makes + devtool moves the files from the WORKDIR into + ${S}/oe-local-files which makes copying of env_resin.h fail if the u-boot source is being modified using @@ -32721,7 +33382,8 @@ - subject: "docker-disk: Disable unnecessary docker pid check" hash: d7583f3373de1188240e65a8e30def281657e0d0 body: > - By checking for a pid you are prevented from building Balena inside + By checking for a pid you are prevented from building Balena + inside of a privileged container with a bind mount on /var/run/docker.sock @@ -32775,7 +33437,8 @@ kernel cmdline args to production images hash: 4b607b32495737f6f83f12e891188ab008b0de47 body: > - balenaOS comes in two flavours, production/development. production + balenaOS comes in two flavours, production/development. + production images have various options passed to the kernel cmdline. @@ -32854,8 +33517,8 @@ - subject: "resin-supervisor: Recreate on start if config has changed" hash: 20032211302d25300c09310e169cafa01375e35e body: > - Fix the ordering of the conditional check when starting the supervisor - container; + Fix the ordering of the conditional check when starting the + supervisor container; only check that the values being passed into the environment match the ones held @@ -32914,7 +33577,8 @@ - subject: "README:md: Document dnsServers behaviour" hash: ad441b8367d65fe780beef35b20f8d4898bdd339 body: > - Taken from fa3de6987e3bc82ab6d85038c637f1871e5269cb commit message + Taken from fa3de6987e3bc82ab6d85038c637f1871e5269cb commit + message footer: Change-type: patch change-type: patch @@ -32935,7 +33599,8 @@ - subject: Cleanup old versions of iwlwifi firmware files in Yocto sumo hash: 5db4441e50b2d47cd7658845c12508b50808d5ee body: > - This is done so we can save considerable amount of space on the root + This is done so we can save considerable amount of space on the + root partition. @@ -32991,7 +33656,8 @@ - subject: "resin-supervisor: Recreate on start if config has changed" hash: 3ce04f93b1894f86be5d838bcc24335aaa161233 body: > - When starting the supervisor container, check that the values being + When starting the supervisor container, check that the values + being passed into the environment match the ones held in the config. footer: @@ -33004,7 +33670,8 @@ instead of B hash: ed5fe09c9dfb4f5dd07bae691b277b9d2f38f718 body: > - It is best to not create anything in ${B} even if just temporary because + It is best to not create anything in ${B} even if just temporary + because it alters the directory in ways which can break other parts of the build @@ -33043,7 +33710,8 @@ - subject: Reduce sleeps while trying to mount partition to speed up boot hash: 73b69ae792330741603e0a4fc7878b2ec9ed0462 body: > - There is no need to wait 1 second if a label hasn't appeared. Other + There is no need to wait 1 second if a label hasn't appeared. + Other services depend on these partitions to be mounted. Reduce sleep to 0.1 @@ -33073,7 +33741,8 @@ - subject: "initrdscripts: Reduce sleep to speed up boot" hash: 4a6cb8ae75e275de389dc3ef9dfbd52c3bdd72f1 body: > - There is no need to sleep for 1 second if the label hasn't been found. + There is no need to sleep for 1 second if the label hasn't been + found. There is nothing else running on the device in the initramfs. @@ -33166,7 +33835,8 @@ they are added hash: 8cb1664a2650b1a60849efaf009b205e8e796816 body: > - By default, chrony will slowly and gracefully take measurements from + By default, chrony will slowly and gracefully take measurements + from the new ntp server. The burst 4/10 command will make chrony take 4 good @@ -33203,7 +33873,8 @@ - subject: Prevent rollbacks from running if the previous OS is before v2.30.0 hash: fee00ba8b841d3e8634960c37c3e96c994c18567 body: > - v2.30.0 is a more mature version for rollbacks. Prevent rollbacks + v2.30.0 is a more mature version for rollbacks. Prevent + rollbacks from running on OS footer: @@ -33219,7 +33890,8 @@ - subject: Change rollbacks to accept hex partition numbers for jetsons hash: 11b540777b76163493564407c9bdd7be98215f02 body: > - The partition numbers are hex and not integers. This is obvious when + The partition numbers are hex and not integers. This is obvious + when using the jetson family of devices as their partition numbering starts @@ -33270,7 +33942,8 @@ - subject: Reduce default reboot/poweroff timeouts from 30 minutes to 10 minutes hash: 59c923777e6145288df5b6e77ca33a21323b68e3 body: > - The default timeout for poweroff/reboot targets is 30 minutes. That is + The default timeout for poweroff/reboot targets is 30 minutes. + That is too long. Reduce it to 10 minutes. @@ -33293,7 +33966,8 @@ - subject: Configure systemd tmpfiles to ignore supervisor tmp directories hash: ebb0a930c7c8f8ec348858009a0ff3fd0c58b70b body: > - There are tmp directories supervisor assumes nobody touches in which + There are tmp directories supervisor assumes nobody touches in + which things like update lock files are stored. This patch configures systemd @@ -33404,7 +34078,8 @@ config.json hash: 0b75ee48cee005d78e08d8c68722cc2374567123 body: > - If there are no custom ntp servers, the added_server_file doesn't exist + If there are no custom ntp servers, the added_server_file + doesn't exist Add a check and avoid running the script if the file does not exist @@ -33423,7 +34098,8 @@ - subject: Improve persistent logging systemd service dependencies hash: 0ce1d8576b7e33083784cb3123d2ad2c53091513 body: > - We need the state partition and boot partition ready before we try + We need the state partition and boot partition ready before we + try to run the persistent logging service. footer: @@ -33462,7 +34138,8 @@ manager hook would get stuck and eat cpu cycles hash: 6fe830882bf8ee62dc6db09b5a8a6f099d64fe41 body: > - We have noticed devices in support that show high cpu usage because + We have noticed devices in support that show high cpu usage + because the process chronyc online seems to be eating up 50% cpu. @@ -33516,7 +34193,8 @@ - subject: Have boot partition type configurable as FAT32 hash: a582d10ca72ff0d865783252b87160f03b2045bb body: > - When BALENA_BOOT_FAT32 is 1, it will instruct the raw image generator to + When BALENA_BOOT_FAT32 is 1, it will instruct the raw image + generator to create the filesystem using 32 as file allocation tables type and, as @@ -33544,7 +34222,8 @@ compilation hash: bfc7a67cb6b6f38617bb810f2b5c1e051ebf6a4a body: > - We want to build the kernel-devsrc recipe so that we can package the + We want to build the kernel-devsrc recipe so that we can package + the kernel source tarball. This tarball will allow users to use the source @@ -33562,7 +34241,8 @@ - subject: "kernel-devsrc: Tarball up the kernel source and deploy it." hash: 4da9fdc90001f64f2bd8852cd4cf8a8de3b02cbb body: > - The kernel-devsrc recipe only builds a package by default. We'd like + The kernel-devsrc recipe only builds a package by default. We'd + like to tarball the source and share it. footer: @@ -33606,7 +34286,8 @@ - subject: OS will default apps.json to an empty json file hash: c935fcfd72dfefa5188d90edc48cd1b01dbadec2 body: > - Currently, because we bind mount apps.json unconditionally, when this + Currently, because we bind mount apps.json unconditionally, when + this file doesn't exist, balena engine will create a directory on the data @@ -33642,7 +34323,8 @@ - subject: Move an NM patch to the right place to reduce a warning hash: f823ee173d52519113bb9513972aa9eaf3816355 body: > - We get a warning that the file was not found when other versions of NM + We get a warning that the file was not found when other versions + of NM are parsed. @@ -33701,7 +34383,8 @@ other tun devices hash: 2a5415c4a9a1b9c1e3da8a340be4ba307174c42d body: > - Under the current configuration we instruct NetworkManager through its + Under the current configuration we instruct NetworkManager + through its configuration to completely ignore all the tun devices. This was @@ -33789,7 +34472,8 @@ - subject: Fix test cases for kernel module header compilation hash: 53793e1e591f2e0d4534c38fcb0585ace2d0d181 body: > - For some reason, using xargs -I a produced spurious difficult to trace + For some reason, using xargs -I a produced spurious difficult to + trace errors. Rework test case using a loop. Do the arch check using Yoctos @@ -33815,7 +34499,8 @@ on devices above v3.2 hash: 898ce1a6c0a18c91478f704f4014ec2fcd1fedce body: > - We added an option in chrony.conf (hwtimestamp) via meta-resin-common. + We added an option in chrony.conf (hwtimestamp) via + meta-resin-common. That option is supported in newer versions of chrony. @@ -33836,7 +34521,8 @@ - subject: "chrony/pyro: Add v3.2 recipe" hash: c3fbd6fe368ae1ca2472f15414d319f802e2989c body: > - We added an option in chrony.conf (hwtimestamp) via meta-resin-common. + We added an option in chrony.conf (hwtimestamp) via + meta-resin-common. That option is supported in newer versions of chrony. @@ -33853,7 +34539,8 @@ - subject: "chrony/morty: Add v3.2 recipe" hash: 75f44470da8e5bf99bdf4cd4ea45cbb798909604 body: > - We added an option in chrony.conf (hwtimestamp) via meta-resin-common. + We added an option in chrony.conf (hwtimestamp) via + meta-resin-common. That option is supported in newer versions of chrony. @@ -33870,7 +34557,8 @@ - subject: "chrony/krogoth: Bump recipe version to v3.2" hash: 59ac08ea58e59e2d61cc53cadea1b835eb5b4e31 body: > - We added an option in chrony.conf (hwtimestamp) via meta-resin-common. + We added an option in chrony.conf (hwtimestamp) via + meta-resin-common. That option is supported in newer versions of chrony. @@ -33901,7 +34589,8 @@ - subject: Update os-config to 1.0.0 hash: e9a428ae474c9a9e4573ae1071978b19e332f0b8 body: > - The main feature this brings is support for custom certificates base64 + The main feature this brings is support for custom certificates + base64 encoded in config.json. footer: @@ -33949,7 +34638,8 @@ - subject: Fix kernel module header generation hash: 706829bc46c593048909686a67faef064adf6232 body: > - 63baa421 introduced a bug where the tools in the header tarballs were + 63baa421 introduced a bug where the tools in the header tarballs + were compiled with the incorrect HOSTCC parameter. As a result the tools @@ -33989,7 +34679,8 @@ - subject: Allow supervisor update on unmanaged devices hash: b8705936f0a081a2f33f3fb590a90e4805547e9d body: > - When the device hasn't joined a backend, there is no API key available + When the device hasn't joined a backend, there is no API key + available and the update supervisor tool currently just bails out. This blocks @@ -34093,8 +34784,8 @@ - subject: Add support for XR819 Wifi on Orange Pi Zero board hash: 086c0520bbb0167454d34f113168210bb84c13cb body: > - Only add xradio and xradio firmware for the Orange Pi Zero, since no other - device uses this chipset. + Only add xradio and xradio firmware for the Orange Pi Zero, since no + other device uses this chipset. footer: Changelog-entry: Add support for XR819 Wifi on Orange Pi Zero board changelog-entry: Add support for XR819 Wifi on Orange Pi Zero board @@ -34102,7 +34793,8 @@ - subject: Add support for Orange Pi Zero hash: 4c58be8dfa8e2286c66f591491b84fe60c6cd57d body: > - This adds the possibility to build balenaOS for the Orange Pi Zero device. + This adds the possibility to build balenaOS for the Orange Pi Zero + device. footer: Changelog-entry: Add support for Orange Pi Zero changelog-entry: Add support for Orange Pi Zero @@ -34125,7 +34817,8 @@ - subject: Expose randomMacAddressScan config.json knob hash: 69d2340ccf5691085bebeb92478475cd3278bbb9 body: > - For now only allow `wifi.scan-rand-mac-address` configurable from + For now only allow `wifi.scan-rand-mac-address` configurable + from config.json using `randomMacAddressScan` as the json key. @@ -34157,7 +34850,8 @@ - subject: Move modemmanager udev rules in /lib/udev/rules.d hash: 1d7f81ee8b8ca5fd73417598ac8b15d8f99b28ed body: > - The path where the udev rules are currently installed (etc) will be + The path where the udev rules are currently installed (etc) will + be shadowned at runtime because the etc udev rules path is bindmounted for @@ -34173,7 +34867,8 @@ - subject: Fix modemmanager bbappend files hash: 304b7079ec0261a4467cd384b83b456348af6a0c body: > - The bbappend uses a local `resin-files` directory for additional file + The bbappend uses a local `resin-files` directory for additional + file entries but some of these files ended up in `files`. This works well if @@ -34268,7 +34963,8 @@ - subject: Include avahi d-bus introspection files in rootfs hash: d98f0d47369135f1c88429aac58b73aced3d4f6c body: > - Poky removes the dbus introspection description documents for avahi. + Poky removes the dbus introspection description documents for + avahi. See: @@ -34319,7 +35015,8 @@ - subject: Add support to pass custom configuration to NetworkManager hash: 8370f01078b6971f2b6c2707f679a3cc581702d2 body: > - This allows extra config fragments to be passed to NetworkManager + This allows extra config fragments to be passed to + NetworkManager via config.json footer: @@ -34343,7 +35040,8 @@ - subject: Avoid xtables lock in resin-proxy-config hash: f2bed69f1825e270be695ada997bc10120a2bae8 body: > - There are other components setting up iptables rules - for example + There are other components setting up iptables rules - for + example balena. In order to avoid a lock race, run iptables commands with a 10 @@ -34509,7 +35207,8 @@ - subject: Drop obsolete eval from kernel-resin's do_kernel_resin_reconfigure hash: 1b882e69d125c4cd84a8ebd8298eb294d52d5574 body: > - This is not needed as bitbake already expands KERNEL_CONFIG_COMMAND + This is not needed as bitbake already expands + KERNEL_CONFIG_COMMAND See Poky commit 95909bc788bef1baabead94231dffb3b7f59fb00 for details footer: @@ -34575,7 +35274,8 @@ - subject: Rename resinOS to balenaOS hash: d2a7e648b2ccefe46f67fb02c0f382c958aad5e5 body: > - As part of resin rename to balena, we rename the distro file including + As part of resin rename to balena, we rename the distro file + including the OS name which is part of the distro name. This ends up in the @@ -34722,7 +35422,8 @@ - subject: Avoid expander on flasher based on root kernel argument hash: c155f8edfa543d29c7efafe2fb6c80d633b82dc1 body: > - The current implementation checks for the existance of the `flash-boot` + The current implementation checks for the existance of the + `flash-boot` label. This breaks when after flashing the flashing device is left @@ -34741,7 +35442,8 @@ - subject: "resin-vars: Implement custom ssh keys service" hash: 6d2e43d4693208c8df9436ea1f96c844b4faeb75 body: > - This patch adds support for translating SSH public keys from config.json + This patch adds support for translating SSH public keys from + config.json to an authorize_keys file. We use `authorize_keys_local` file as the @@ -34821,7 +35523,8 @@ - subject: Fix for rollbacks in case of old balenaOS version hash: 814c39fb750104f1aef748a083a3384e5a594d9c body: > - In some cases, the previous rootfs hooks are not functional (which can + In some cases, the previous rootfs hooks are not functional + (which can be the case when the hooks don't exist in older versions of balenaOS). @@ -34853,7 +35556,8 @@ - subject: Warn if rules are found in /etc/udev/rules.d hash: f228de23f388859d7cf3847fc608863bab2c6857 body: > - The /etc/udev/rules.d folder is now used by os-udevrules. We warn if + The /etc/udev/rules.d folder is now used by os-udevrules. We + warn if there are rules in /etc/udev/rules.d installed by recipes in other @@ -34872,7 +35576,8 @@ - subject: Add support to load custom udev rules from config.json hash: f127232b8c7009c954f8467c32776c5fceee8c12 body: > - os-udevrules will parse config.json for any udev rules and copy the + os-udevrules will parse config.json for any udev rules and copy + the rules in /etc/udev/rules.d/key.rules @@ -34905,7 +35610,8 @@ - subject: "aufs-util: Package auplink separately" hash: f8d0ae01bae540dcf52ebbbdc6315c86f7efa684 body: > - From the aufs-util package only the auplink binary is needed and that + From the aufs-util package only the auplink binary is needed and + that dependency is from balena. So we package auplink in a separate package @@ -34921,7 +35627,8 @@ - subject: Enable kernel config dependencies for MBIM and QMI hash: fd7c661209532296b8e6f7ce74328ffbc5ab8053 body: > - MBIM and QMI support needs USB_NET_DRIVERS and USB_USBNET enabled. + MBIM and QMI support needs USB_NET_DRIVERS and USB_USBNET + enabled. footer: Change-type: minor change-type: minor @@ -34933,7 +35640,8 @@ - subject: Set UPX to use LZMA compression by default hash: 69bc7e1c6c8382d69b57b662518909c4f7824644 body: > - In my testing lzma offers at least 30-40% better compression and it is + In my testing lzma offers at least 30-40% better compression and + it is introduced from v3. footer: @@ -34989,7 +35697,8 @@ - subject: Fix proxy when using containers over bridge network hash: 3df6e1906e1138a8cd10d15ac3008685b90f75f8 body: > - Before multicontainer support in resin, the user container was running + Before multicontainer support in resin, the user container was + running over the host's network stack which means that all the packets were @@ -35026,7 +35735,8 @@ - subject: Add support for aufs 4.9.9+, 4.9.94+, 4.18 hash: bc91ca07f0a44aaffb68720fc10f3e524491d92d body: > - Also, update 4.9, 4.10, 4.11.7+, 4.12, 4.13, 4.14, 4.14.56+, 4.15, + Also, update 4.9, 4.10, 4.11.7+, 4.12, 4.13, 4.14, 4.14.56+, + 4.15, 4.16, 4.17. footer: @@ -35200,7 +35910,8 @@ - subject: Update HUP u-boot hook to support Automated Rollbacks hash: 76e103304264d88178b4948c020acf1f27246f85 body: > - u-boot uses an upgrade_avaiable flag to update bootcount to reduce + u-boot uses an upgrade_avaiable flag to update bootcount to + reduce writes to sd card. @@ -35232,7 +35943,8 @@ packagegroup-resin.inc hash: bfa0cc20d3bb1b6a26d87507b196b54ab6d672aa body: > - We add the package here as this file is included in the flasher image + We add the package here as this file is included in the flasher + image recipe as well footer: @@ -35248,7 +35960,8 @@ - subject: Have 99-resin-grub hostapp-update-hook decide which grub to use hash: ec0c373a8fa9dfd7ae989615646c76a4ab87f531 body: > - We move the decision of using either grub legacy or grub EFI from the + We move the decision of using either grub legacy or grub EFI + from the board specific layer to here so that all boards can benefit from these @@ -35346,7 +36059,8 @@ - subject: Remove duplicate packaging of bcm43143 hash: cef8864000507af337a52e47722274921ccb5982 body: > - Yocto Sumo 19.0.1 already packages this firmware separately so let's + Yocto Sumo 19.0.1 already packages this firmware separately so + let's remove the duplication we do here. footer: @@ -35516,7 +36230,8 @@ - subject: Remove duplicate packaging of bcm43143 hash: cef8864000507af337a52e47722274921ccb5982 body: > - Yocto Sumo 19.0.1 already packages this firmware separately so let's + Yocto Sumo 19.0.1 already packages this firmware separately so + let's remove the duplication we do here. footer: @@ -35566,7 +36281,8 @@ - subject: Add a parsable representation of the changelog hash: f6c58c1e4da805e5e53da0af08128b7fb4adb87e body: > - This file allows other components to uniquely parse the information that + This file allows other components to uniquely parse the + information that is contained in the changelog. It will be automatically managed by diff --git a/CHANGELOG.md b/CHANGELOG.md index b885958..1c1ae5c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,21 @@ Change log ----------- +# v2.114.10 +## (2023-04-24) + + +
+ Update layers/meta-balena to 6f38c16dea7e006ee20b90a089574505fbce4a25 [Renovate Bot] + +> ## meta-balena-2.114.10 +> ### (2023-04-24) +> +> * mkfs-hostapp-native: Update base image in Dockerfile [Alexandru Costache] +> + +
+ # v2.114.9 ## (2023-04-22) diff --git a/VERSION b/VERSION index 12f866f..db1f59e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -2.114.9 \ No newline at end of file +2.114.10 \ No newline at end of file