pomfi/balena-allwinner
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

v5.1.38

Browse source
This commit is contained in:
flowzone-app[bot] 2024-02-23 15:47:38 +00:00 committed by GitHub
parent 81662ad046
commit dbe5b74fcc
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 313 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

278
.versionbot/CHANGELOG.yml
View file

@ -1,3 +1,281 @@
- commits:
- subject: Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09
hash: 7ac9c2bea784431b31c8cf1146c2e6eaa7e37520
body: Update layers/meta-balena
footer:
Changelog-entry: Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09
changelog-entry: Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09
author: Self-hosted Renovate Bot
nested:
- commits:
- subject: "balena-rollback: adapt to secure boot support"
hash: 3f5f5c71288551569522c321fb5f808706ce93c0
body: >
Make sure the rollback scripts know to use the non-encrypted
boot
partition to update A/B variables.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "hostapp-update-hooks: Adapt resin-uboot hook to secure boot"
hash: 727559886b6ebc6a0cbea6226826e454ff0ba023
body: >
This is required for devices that use u-boot in their secure
boot
trust chain.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "classes: u-boot: use global secure boot kernel command line instead of
hardcoding"
hash: 7457aec1b3efa2a5bf350c7046f165bcf2e08c3d
body: >
Use the new OS_KERNEL_SECUREBOOT_CMDLINE global variable instead
of
hardcoding the values for the secure boot command line.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "grub: use global secure boot kernel command line instead of
hardcoding"
hash: af66b4184899c4c909979a065d57e178278569ec
body: >
Use the new OS_KERNEL_SECUREBOOT_CMDLINE global variable instead
of
hardcoding the values for the secure boot command line.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "conf: distro: define kernel command line for secure boot"
hash: 2b5aa3f348c92e0ff4f83db6d8e4002f3c84bb3d
body: |
This can then be used in both grub and u-boot.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "resindataexpander: encrypted partitions will auto-expand on unlock"
hash: 4e7ff432425672068f7b7430e416239a6b987fc0
body: >
Calling `cryptsetup resize` on LUKS2 actually prompts for a
password
and it is not needed as the partition will auto-expand on unlock.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "initrdscripts: migrate: replace hardcoded kernel image names"
hash: 66083abb5bee31c9efd230c69cae322021f85c63
body: ""
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "resin-mounts: generalize secure boot mounts"
hash: 522800093a2271b8814b78a3eb25b09d0a125441
body: >
Use the global BALENA_NONENC_BOOT_LABEL to define the name of
the
non-encrypted boot partition to mount.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "initrdscripts: abroot: Use the global label for non-encrypted boot
partitions"
hash: 69093e694e806bd91fa3f275a075adabe587ef35
body: |
Avoid having to redefine this in individual recipes.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "initrdscripts: allow for cryptsetup to support different secure boot
implementations"
hash: 3d932c8a8034fa0bafa6651f3b381823a3e738ff
body: ""
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "os-helpers-fs: add shared wait4udev function"
hash: 10b435b81e49f24943ca89d6624199ecf82a3195
body: |
This allows to share this function between the different device
integration cryptsetup implementations.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "balena-image-flasher: fix appended variable with a leading space"
hash: a7c9dd924bb754d49fe57f8c262592f707fc076b
body: ""
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "balena-config-vars: customize for secure boot support"
hash: d55ed33746e8ebeeee524f556ce0fb7cc9d1dad7
body: >
Specify defaults for both the encrypted and non-encrypted boot
mount
points. On a non-secure boot system these will be set the same.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "os-helpers: add dummy os-helpers-sb"
hash: 8ca3bd996b78360b669417a4efd4e31b64ac1084
body: >
This helper file is to be overwritten by device integration
layers
to provide hostOS update customizations for secure boot devices that
split the boot partition into encrypted and non-encrypted.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "resin-init-flasher: allow flasher image use in devices without
internal storage"
hash: b0dc10609d9a6333cb43f137b73a88798c59b86a
body: >
The flasher image is now able to self-install when launched from
an
external storage. This is useful for use cases where an installation
steps that re-partitions/encrypts disk is required for example.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "resin-init-flasher: flag non-encrypted boot partition as bootable"
hash: 60377c9a3073698ede0722ba6773a0bf223d881f
body: >
Non-EFI systems need this to identify the boot partition and it
won't
affect EFI systems.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "resin-init-flasher: replace hardcoded kernel image names"
hash: 6c60a5270af3936ec68a21cddf77ff4d330343fe
body: ""
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "resin-init-flasher: split secureboot and disk encryption interfaces"
hash: e85a14f22d50745e495bac0b431e942afad79b78
body: >
Provide hooks in the flasher script to call out to device
specific
secureboot and disk encryption interfaces.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "distro: balena-os: define the boot labels as global"
hash: 4254f27f6cd00282710929b314017222a22bb0cd
body: >
This allows to use the same values in several recipes without
having to
re-define them.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
- subject: "distro: balena-os: Specify full GO version"
hash: 2506468771bffb84c3c507f8e50427b10177a8de
body: |
This avoids building warnings.
footer:
Change-type: patch
change-type: patch
Signed-off-by: Alex Gonzalez <alexg@balena.io>
signed-off-by: Alex Gonzalez <alexg@balena.io>
author: Alex Gonzalez
nested: []
version: meta-balena-5.1.38
title: ""
date: 2024-02-23T12:41:11.397Z
version: 5.1.38
title: ""
date: 2024-02-23T15:47:31.987Z
- commits:
- subject: Update layers/meta-balena to bf4ec98227e4cce4c22ff3d7037bdcd78ffdd9ec
hash: fe52d93011797614efade5eb511f87024912aabb

34
CHANGELOG.md
View file

@ -1,6 +1,40 @@
Change log
-----------
# v5.1.38
## (2024-02-23)
<details>
<summary> Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09 [Self-hosted Renovate Bot] </summary>
> ## meta-balena-5.1.38
> ### (2024-02-23)
>
> * balena-rollback: adapt to secure boot support [Alex Gonzalez]
> * hostapp-update-hooks: Adapt resin-uboot hook to secure boot [Alex Gonzalez]
> * classes: u-boot: use global secure boot kernel command line instead of hardcoding [Alex Gonzalez]
> * grub: use global secure boot kernel command line instead of hardcoding [Alex Gonzalez]
> * conf: distro: define kernel command line for secure boot [Alex Gonzalez]
> * resindataexpander: encrypted partitions will auto-expand on unlock [Alex Gonzalez]
> * initrdscripts: migrate: replace hardcoded kernel image names [Alex Gonzalez]
> * resin-mounts: generalize secure boot mounts [Alex Gonzalez]
> * initrdscripts: abroot: Use the global label for non-encrypted boot partitions [Alex Gonzalez]
> * initrdscripts: allow for cryptsetup to support different secure boot implementations [Alex Gonzalez]
> * os-helpers-fs: add shared wait4udev function [Alex Gonzalez]
> * balena-image-flasher: fix appended variable with a leading space [Alex Gonzalez]
> * balena-config-vars: customize for secure boot support [Alex Gonzalez]
> * os-helpers: add dummy os-helpers-sb [Alex Gonzalez]
> * resin-init-flasher: allow flasher image use in devices without internal storage [Alex Gonzalez]
> * resin-init-flasher: flag non-encrypted boot partition as bootable [Alex Gonzalez]
> * resin-init-flasher: replace hardcoded kernel image names [Alex Gonzalez]
> * resin-init-flasher: split secureboot and disk encryption interfaces [Alex Gonzalez]
> * distro: balena-os: define the boot labels as global [Alex Gonzalez]
> * distro: balena-os: Specify full GO version [Alex Gonzalez]
>
</details>
# v5.1.37
## (2024-02-23)

2
VERSION
View file

@ -1 +1 @@
5.1.37
5.1.38