* Use alternative environment for release build bump
By using a separate environment, we can postpone the bump in the version
repository by adding a requirement for approval. Dev version will use
default (empty string) environment which doesn't have any constraints.
* Update build step name - it's not always dev build anymore
* Use dynamic environment name for beta/stable channels
The patch added in #2434 is not working: IS_ENABLED requires the full
config symbol including CONFIG_ prefix.
Fix the patch to make automatic IPv6 route failover depening on IPv6
reachability probes actually work.
* Fix extraction of OVA image artifact in test step
If the test image is obtained from an artifact instead of downloading,
its name contains the version as well, in that case we still need to use
wildcard expansion.
* uncompress qcow2 to a stable filename
* Create foundation for Labgrid-based OS tests
Add foundation for Labgrid-based tests of OS builds. Currently uses just
the QEMU driver, which starts a virtual machine with pristine OS, and
generates few log reports which are saved as build artifacts.
Workflow is currently triggered either manually by specifying an OS
version, or by OS build job, which now saves an artifact of the OVA
image. This allows for some modularity. If we eventually add the
possibility to run builds on PRs, we could also add the workflow_call
trigger and turn the workflow into a reusable one.
TBD (in future PRs): some meaningful tests and possibility to test on
real hardware (either local or distributed).
* Apply suggestions from @agners
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Wrap test command in a script, create venv for local tests
* Make shellcheck happy
---------
Co-authored-by: Stefan Agner <stefan@agner.ch>
* buildroot b1c6a5e707...81cb78a54b (86):
> Update for 2023.02.6
> package/libhtp: bump to version 0.5.45
> package/exim: security bump version to 4.96.2
> package/mutt: fix libgpgme static build
> board/raspberrypi: fix typo in comment
> package/netsnmp: fix musl build
> package/nmap: fix build with libressl >= 3.5.0
> package/gcc: remove leftover from legacy PowerPC patch
> package/samba4: security bump version to 4.18.8
> package/libcue: security bump to version 2.3.0
> package/go: security bump to version 1.20.10
> {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 5}.x series
> package/wireless-regdb: bump version to 2023.09.01
> package/python3: bump version to 3.11.6
> {linux, linux-headers}: bump 5.15.x / 6.{1, 5}.x series
> package/gstreamer1-editing-services: bump to version 1.22.6
> package/gst-omx: bump to version 1.22.6
> package/gst1-rtsp-vaapi: bump to version 1.22.6
> package/gst1-rtsp-server: bump to version 1.22.6
> package/gst1-python: bump to version 1.22.6
> package/gst1-libav: bump to version 1.22.6
> package/gst1-devtools: bump to version 1.22.6
> package/gst1-plugins-ugly: security bump to version 1.22.6
> package/gst1-plugins-bad: security bump to version 1.22.6
> package/gst1-plugins-good: security bump to version 1.22.6
> package/gst1-plugins-base: security bump to version 1.22.6
> package/gstreamer1: bump to version 1.22.6
> package/cups: add upstream security fix for CVE-2023-4504
> package/mbedtls: security bump to version 2.28.5
> package/mbedtls: bump to version 2.28.4
> package/mbedtls: bump to 2.28.3
> DEVELOPERS: add Thomas Petazzoni for nodejs
> package/exim: security bump version to 4.96.1
> package/efl: bump to version 1.26.3
> package/netsnmp: security bump to version 5.9.4
> package/sslh: add SSLH_CPE_ID_VENDOR
> package/gptfdisk: fix bug with util-linux 2.38
> package/libmodplug: use a full-length hash as version
> package/libmodplug: add a patch fixing cctype UB
> package/enlightenment: security bump to version 0.25.4
> package/wpewebkit: needs >= GCC 9
> package/Makefile.in: set --shuffle=none for MAKE1
> package/pkg-generic.mk: fix rule order for reinstall/rebuild/reconfigure
> package/tar: security bump to version 1.35
> package/go: fix installation
> package/pkg-utils.mk: break hardlinks in global {TARGET, HOST}_DIR on per-package build
> package/webkitgtk: require GCC 9 for the 2.40.x series
> package/linux-tools: fix SysV init script
> boot/at91bootstrap: disable PIE and stack-protector build flags
> package/rockchip-mali: fix hash of generated archive
> package/urandom-scripts: move seedrng init script to S01
> package/opkg-utils: actually install to target
> package/powertop: picutils is optional, not mandatory
> package/gnu-efi: disable on mips64el
> package/olsr: fix build with gpsd >= 3.25
> package/python-mako: add optional runtime dependency on python-babel
> package/python-mako: add optional runtime dependency on python-pygments
> package/python-mako: add missing dependency on python-markupsafe
> package/openblas: Add support for RISC-V architecture
> package/pipewire: fix typo in Kconfig comment
> package/go: cgo for the target needs the toolchain
> package/go: security bump to version 1.20.9
> package/go: security bump to version 1.20.8
> package/go: security bump to v1.20.7
> package/go: adjust Upstream header in patch
> package/go: fix go-bootstrap when parent dir contains invalid .git
> package/go-bootstrap-stage2: bump version to 1.19.11
> package/go: bump to version 1.20.6
> package/go: adjust comments
> package/go-bootstrap: split into two stages: go1.4 and go1.19.10
> package/{glibc, localedef}: security bump to version glibc-2.36-118-g22955ad85186ee05834e47e665056148ca07699c
> package/neon: drop patches
> package/libfastjson: security bump to version 0.99.9.1
> package/libvpx: Add upstream security patch to fix CVE-2023-5217
> package/libvpx: bump version to 1.13.0
> package/mosquitto: bump to version 2.0.18
> package/samba4: bump version to 4.18.7
> package/php: bump version to 8.2.11
> package/suricata: security bump to version 6.0.14
> package/librsvg: security bump to version 2.50.9
> unifdef: add missing license
> package/{glibc, localedef}: security bump to 2.36-117
> package/nodejs: fix parallel build further
> package/libyang: security bump to version 2.1.111
> package/bind: security bump to version 9.16.44
> {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series
The deployment on dev channel should always be development. The change
came in from the main branch backmerge where the wrong merge strategy
has been used (the merge strategy "ort" along with option "ours" has
been used, instead of the "ours" merge strategy). And since the
deployment was a separate hunk, it resolved to the release branch.
This reverts commit 0ebcdcb9dc8d2471bcacf0049e93f1ad0bf12a37.
We only added verity support in HAOS 10.4. However, we currently have
an issue since HAOS 10.3 where certain Realtek network cards don't work
anymore (see issue #2630). For this systems, it won't be possible to
upgrade, even when using the console.
Only having two HAOS releases creates a rather "narrow" upgrade path
accross all boards. There could be more issues where this proves
problematic.
Currently we don't use any new feature of the verity format. Therefor
let's postpone the move to the new format for a couple of releases
for now.
This reverts commit 0ebcdcb9dc8d2471bcacf0049e93f1ad0bf12a37.
We only added verity support in HAOS 10.4. However, we currently have
an issue since HAOS 10.3 where certain Realtek network cards don't work
anymore (see issue #2630). For this systems, it won't be possible to
upgrade, even when using the console.
Only having two HAOS releases creates a rather "narrow" upgrade path
accross all boards. There could be more issues where this proves
problematic.
Currently we don't use any new feature of the verity format. Therefor
let's postpone the move to the new format for a couple of releases
for now.
With the move to Docker 23 containerd stores its metadata no longer
undernath the Docker data directory but at its default location at
/var/lib/containerd. Previously Docker passed a containerd configuration
toml file which explicitly set the metadata root underneath Docker's
data directory.
On Home Assistant OS, the new location /var/lib/containerd is on a tmpfs
file system. For unknown reasons, it seems that if containerd's root
directory is on a tmpfs this leads to significantly more syscalls and
hence CPU load.
Change the metadata location to be on the data partition again. Since
containerd is treated separately from Docker these days, use a new
root directory under /mnt/data for containerd as well. With this, the
CPU load of containerd is back to normal.
* Bump buildroot
* buildroot a1bdf74b19...f125c3e292 (1):
> package/containerd: add control for additional build tags
* Drop unnecessary containerd changes
Now that the snappshotter and the CRI plug-ins are disabled we don't
need to configure or disable them via configuration anymore. Drop the
unnecessary configs.
Move from the current plain format to the new verity bundle format. This
requires at least HAOS 10.4 to work. The Supervisor will make sure to
update to the latest minor release of the previous major release, so
updating will work in the regular use case.
* Add fsfreeze support for QEMU/KVM/Proxmox installations
Add fsfreeze scripts which calls the new Supervisor API to freeze Home
Assistant Core and add-ons which support the backup freeze scripts
(`backup_pre` and `backup_post`).
This allows to create safe snapshots with databases running.
* Fix lint issues
This enables backlight support on these hosts, which is useful if
running HASS on an old laptop or tablet and you want to (e.g.) conserve
power by controlling the backlight.
* buildroot d6894cf55f...df5fccafd8 (3):
> package/docker-cli: bump version to v24.0.6
> package/docker-engine: bump version to v24.0.6
> package/containerd: bump to version 1.7.6
Currently `CONFIG_OVERLAY_FS_METACOPY` and
`CONFIG_OVERLAY_FS_REDIRECT_DIR` kernel options are enabled but not
preferred by Docker. The metadata copy feature is disabled by default,
and also not actively used by the overlayfs2 driver (see
2c3d1f7b4b).
So the metadata copy config is not really problematic per se. However,
it enables the redirect_dir feature. And a kernel which has the
redirect_dir feature compiled in also enables it by default. This
actually makes the overlayfs2 driver to fallback to naive diff, which
is, from what I understand, slower than the overlayfs native diff (see
also
49c3a7c4ba).
The Docker daemon is also reporting this on startup:
Not using native diff for overlay2, this may cause degraded performance
for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
Currently `CONFIG_OVERLAY_FS_METACOPY` is enabled, and it also enables
`CONFIG_OVERLAY_FS_REDIRECT_DIR`. There was already a previous attempt
to disable the latter (see #2067).
Disable both configs explicitly until Docker is able to use them.
Respect quotes in the meta file. While at it, simplify version
validation as well.
Make sure development version is correctly set at build time.
While at it also simplify version check.
* Adjust Home Assistant versioning to prepare for new release strategy
With OS 11 we'll create rc pre-releases which will get directly pushed
to the beta channel. In contrast, release builds will get directly
pushed to the stable channel.
Similar to Home Assistant Core we'll create bump commits for all stable
and beta releases. This makes sure that the source code matches the
built binaries for all releases.
The development build will get a generated version. To avoid issues
with the new rc builds the dev build version will get injected on source
level now.
* Apply suggestions from code review
* Download latest stable Supervisor after device wipe
Currently we download the latest tag after a device wipe, which gives us
the latest Supervisor (which quite likely can be a development version).
Use the stable version file instead to get the tag to be used to
download the Supervisor.
* Delete potentially corrupted updater info
Use a single workflow file for releases and dev builds. This avoids
duplication and enhances the release builds with some of the recent
improvements (e.g. shared build container).
This essentially reverts #2380, making sure that Home Assistant OS uses
systemd's latest network naming scheme.
We stick to a certain naming scheme to make sure NetworkManager still
applies the network configuration (which is matched by network interface
name by default).
With Supervisor [PR #4476](https://github.com/home-assistant/supervisor/pull/4476)
NetworkManager uses udev path by default. With this we can safely enable
the new interface naming and NetworkManager will still apply the
configuration based on udev path correctly.
