The deprecated-key-path option is no longer handled, but it doesn't cause
problems because the key is explicitly ignored. It was completely removed in
Docker 19.03.0 [1].
As such, the option and the pre-start script to fix the corrupted key.json can
be removed now, as it has no effect, only printing confusing message when
Docker service fails to start.
[1] 98fc09128b
Use the version used in the docker-engine package to ensure it stays in sync.
Although we haven't seen any issues related to the fact it was sometimes
mismatching, reduce the burden of needing it to be synced manually.
This might be required for some modern Intel processors (Meteor Lake and newer)
which fail to boot Linux kernel without x2APIC controller when some features
(e.g. VT-d or x2APIC itself) are enabled in the BIOS.
Enable it also for OVA, as it can be emulated in virtual machines, even when
the host CPU does not support it.
Fixes#4337, fixes#4144, fixes#4345
The CPUfreq governor "powersave" sets the CPU statically to the lowest
frequency within the borders of scaling_min_freq and scaling_max_freq.
This can be useful if a particular power budget should not ever be
crossed. Can be set using `cpufreq.default_governor=powersave`. Note
that this obviously affects performance.
* Improve UX of HA CLI wrapper and emergency console
For many users, the emergency console gives feeling that the system is
completely broken. However, there are various cases when the system just takes
just a bit longer to start up and the emergency message is shown, while it
finishes a proper startup shortly after. This change tries to improve the UX in
several ways:
* The limit before a forced emergency console startup is changed to 3 minutes
* Waiting can be interrupted with Ctrl+C (reset counter is cleared then)
* Some hints what to check have been added before starting the shell
* Also, because if the HA CLI failed for 5 times in a row in quick succession,
the CLI startup was then not retried anymore and user may have been left with
a black screen, the restart limits timeouts have been adjusted only to back
off and never mark the unit as failed
Closes#4273
* Use /bin/sh and printf to silence linter errors
RaspberryMatic was renamed to OpenCCU in
https://github.com/OpenCCU/OpenCCU/pull/3162. This caused change of the name of
the directory in the source tarball, causing build failure when the archive
wasn't cached.
The extra information printed when using the top-level makefile can clutter the
output when it needs to be further processed, e.g. when running
`make show-info | jq`. Make it respect the --silent flag (which also suppresses
messages about changing directories which would break parsing as well).
Use the --cidfile Docker CLI argument when starting the container and
bind-mount the generated file containing full ID of the container to the
container itself.
Using --mount instead of --volume is needed, as --volume is racy and creates
empty directory volume at the destination path instead.
This is prerequisite for home-assistant/supervisor#6006 but can come handy for
other cases too.
Upstream commit [1] caused regression in IPv4 routing which can cause some
routes becoming broadcast even though they should be routed as unicast, e.g.:
# ip route get 1.1.1.1
broadcast 1.1.1.1 via 192.168.122.1 dev enp0s3 src 192.168.122.204 uid 0
cache <local,brd>
It's not entirely clear yet why it happens but this behavior seems to be
triggered for instance when the SSDP integration sends the broadcast packet on
HA startup. While this behavior is not described in the regression report [1],
the commit cherry-picked from Linux master fixes the problems for us as well.
Patches moved to version-specific folder, as this one shouldn't be applied on
Raspberry Pi targets.
[1] https://lore.kernel.org/all/20250710142714.12986-1-oscmaes92@gmail.com/
[2] https://lore.kernel.org/stable/20250822165231.4353-4-bacs@librecast.net/Fixes#4265
(cherry picked from commit 78bda4bd10)
Upstream commit [1] caused regression in IPv4 routing which can cause some
routes becoming broadcast even though they should be routed as unicast, e.g.:
# ip route get 1.1.1.1
broadcast 1.1.1.1 via 192.168.122.1 dev enp0s3 src 192.168.122.204 uid 0
cache <local,brd>
It's not entirely clear yet why it happens but this behavior seems to be
triggered for instance when the SSDP integration sends the broadcast packet on
HA startup. While this behavior is not described in the regression report [1],
the commit cherry-picked from Linux master fixes the problems for us as well.
Patches moved to version-specific folder, as this one shouldn't be applied on
Raspberry Pi targets.
[1] https://lore.kernel.org/all/20250710142714.12986-1-oscmaes92@gmail.com/
[2] https://lore.kernel.org/stable/20250822165231.4353-4-bacs@librecast.net/Fixes#4265
Revert patch added to 6.12.43 which breaks the build of CAN_TI_HECC module
present in Tinker config. While it's quite unlikely anyone would be using it,
so we could just simply disable the module, this seems to be a better solution.
This reverts commit 22fe9b19ee.
There are major issues when OS has no internet connectivity - in such case the
script doesn't go the expected happy path after the rework and eventually
removes the Docker image, essentially bricking offline installations.
Since there is no immediate benefit for HAOS and such change turns out to be
high risk considering the planned release, leave it to be implemented later.
Update the buildroot submodule to include:
- BlueZ 5.83 (from 5.79)
- Patch to fix device removal on LE connection abort (upstream PR #1521)
This fixes Bluetooth stability issues where devices get removed from D-Bus
during connection retries, preventing reconnection attempts.
Fixes: https://github.com/bluez/bluez/issues/1489
This knob controls whether Linux throws away its congestion
window (cwnd) after a connection has been idle for at least one
retransmission timeout (RTO). With a value of 0, Linux keeps the
cwnd it had before the idle period and can send that amount
immediately when the application resumes writing (still bounded
by the receiver's advertised window and by pacing).
With slow start after idle enabled (the default), Linux allows
only about 10 MSS (~14 KiB) in the first burst after idle. Even
when a connection stays open to web clients, a short idle forces
multiple round trips to ramp back up.
On Wi-Fi, local connections often have very low RTTs, which drives
the RTO down. Between page navigations the connection is considered
idle by Linux. If the next request happens during a transient
latency spike on the Wi-Fi link, the sender starts with a tiny
cwnd and must grow it over many RTTs, so the spike causes outsized
and visible loading delays.
For devices behind typical Internet uplinks, the higher RTT makes
the initial ramp-up feel even slower until the window regains size.
However, here the connection does take longer to drop to idle, for
Linux standards. So the connection is less likely to be considered
idle between navigations.
This change does not affect flows with very small receive windows
(e.g. many microcontrollers), which are limited by the peer's
advertised window rather than the sender's cwnd.
Example RTOs on low jitter, low loss connections:
Defaults:
TCP_RTO_MIN = 200 ms
TCP_RTO_MAX = 120 s
low-jitter path so rttvar_us = 200 ms
HZ = 1000 or 250 or 100 (depending on the kernel settings)
*31 ms average RTT*
- SRTT ≈ 31 ms; RTTVAR ≈ 200 ms → Sum = 231 ms
- 'usecs_to_jiffies(231000)' = 231 jiffies (HZ 1000) -> RTO ≈ 231 ms
- If 'HZ = 250' (4 ms tick), ceil(231/4)=58 jiffies -> 232 ms RTO
- If 'HZ = 100' (10 ms tick), ceil(231/10)=23 jiffies -> 240 ms RTO
*178 ms average RTT*
- HZ=1000 (1 ms tick): 378 ms RTO
- HZ=250 (4 ms tick): ceil(378/4)=95 -> 380 ms RTO
- HZ=100 (10 ms tick): ceil(378/10)=38 -> 380 ms RTO
*292 ms average RTT*
- HZ=1000 (1 ms tick): 492 ms RTO
- HZ=250 (4 ms tick): ceil(492/4)=123 -> 492 ms RTO
- HZ=100 (10 ms tick): ceil(492/10)=50 -> 500 ms RTO
Any loss or jitter will increase those RTO values.
Set net.ipv4.tcp_thin_linear_timeouts=1 to switch retransmission
timeout (RTO) backoff from exponential to linear for 'thin' TCP flows.
This reduces tail latency for API-style connections that typically have
very few packets in flight, improving recovery from sporadic loss without
changing anything for larger TCP transfers.
Kernel definition: A flow is considered thin when 'tp->packets_out < 4'
and while not in the initial slow start.
See tcp_stream_is_thin(tp) in include/net/tcp.h.
Increase the BlueZ temporary device timeout from the default 30s to 195s.
This prevents devices from being removed from D-Bus during connection
retries, especially when multiple connection attempts are queued.
The 195s timeout aligns with Home Assistant's Bluetooth stack behavior
for ESPHome proxies and prevents the 'device removal spiral' that occurs
when devices timeout during sequential connection attempts.
Add list of hassio components from version.json that are built-in in the data
partition to the GH step summary. For landingpage, get the latest stable
release at the time of the build, as it's what should be published as
homeassistant:landingpage by that time.
Closes#4242
Currently when we run a build with limited set of boards that doesn't include
OVA, the test job fails because the OVA artifact is missing. Add a checkbox for
running tests and ensure that OVA artifact is built if it's enabled.
* Fix scripts/enter.sh so it is usable on macOS
Also, stop requiring `sudo` for actions that do not need it
Tested by building generic_x86_64 target on a macOS machine
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
* Update scripts/enter.sh
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
---------
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
Before update to Buildroot 2025.02, the overlays directory on Yellow was
created by rpi-firmware in a condition added confusingly in firmware bump [1].
However, this got lost during Buildroot update, and since Yellow doesn't copy
overlays from the rpi-firmware repo, the directory was never created and the
rpi-rf-mod.dtbo couldn't be copied there in pre-image build hook.
To make things more robust, create the overlays directory for rpi targets
conditionally in the hook instead of relying on rpi-firmware to create it.
[1] f1af1a0bf7Fixes#4233
* Enable publishing of dev builds to R2 without bumping version
We currently can only use Github artifacts for on-demand builds from feature
branches. However, downloading of these requires authentication and it's tricky
to update a device if we need feedback from user testing. On the other hand, we
never want to publish to the dev channel from anything else than from the dev
branch. Restrict version bump to builds from release channels or from the dev
branch only.
* Use YYYYMMDD dev suffix only for published dev branch
For feature builds, or for builds that should not be published, use timestamp
suffix instead of YYYYMMDD. That way feature builds won't collide with dev
releases.
Raspberry Pi Linux update to 6.12.34 broken some USB devices, mostly USB-Serial
converters connected to Yellow, but there are reports of some other peripherals
connected to RPi boards too.
This is a known RPi upstream issue [1] fixed by a PR [2] that's not been merged
to RPi stable kernel yet. Applying patches from this PR fixes the issues.
Fixes#4228, refs #4229
[1] https://github.com/raspberrypi/linux/issues/6941
[2] https://github.com/raspberrypi/linux/issues/6936
To make system timezone configurable, we need to have /etc/localtime
writable, and it must be possible to atomically create a symlink from
this place, which means the whole parent folder must be writable. We
don't have /etc writable and can't use the usual bind mount for this.
Latest Systemd v258 has patch that allows setting an environment
variable that sets where the localtime should be written. This can be
persisted in the overlay partition, with a symlink from /etc/localtime
leading there, finally pointing to the actual zoneinfo file. If the
symlink doesn't exist, create it by hassos-overlay script (it's not
really needed as UTC is the default, but Systemd does the same if you
change from non-UTC timezone back to UTC).
Also disable BR2_TARGET_LOCALTIME, so /etc/localtime and /etc/timezone
(the latter is only informative and non-standard) are not written by the
tzdata package build.
* Migrate docs to developers.home-assistant.io
Move all documentation (except the kernel.md, for which it makes sense to be
kept here) to developers.home-assistant.io.
Just bluetooth.md was intentionally not preserved, as the information value was
low and it was out of date anyway.
See home-assistant/developers.home-assistant#2748
* Fix reference links
* Prevent root from running the enter.sh helper script
Since configure doesn't like being ran as root, check in the enter.sh script
that the user running it is not UID/GID 0. The script itself takes care of
running what needs to be executed privileged with explicit sudo commands.
Fixes#4214
* Reword the error message
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Fix rpi-eeprom-update when device boots from NVMe
The boot partition detection doesn't work correctly if the device boots from
NVMe. Also the mounting step is unnecessary in HAOS as we can assume the boot
partition to be always mounted.
Fix the issues by modifying the bootfs detection logic to always use /mnt/boot.
However, still fail in case when flashrom can't be used (usually on CM4). On
CM5, or on Pi 5 booted from NVMe, update process works without further changes
because the firmware can be flashed directly from the running system using
flashrom.
Fixes#4157
* Fix typo in patch commit message
Update genimage so the images are not mangled (by the primary GPT relocated)
when flashed from Windows. Otherwise, boot media flashed from Windows isn't
compatible with bootloader older than 2024-10-10.
This is a regression of #3437. The Buildroot update in #4027 updated genimage
to v18, yet the downstream patch that was later replaced by a different one in
upstream was not merged to that version yet and the patch was incorrectly
removed. In v19 there's another fix in the offset calculation logic that sets
the first usable LBA again to a value that prevents Windows from mangling the
image.
* buildroot 01604756d2...141bf1f9fa (1):
> package/genimage: bump version to 19
Fixes#4160
* buildroot 9366ce5635...01604756d2 (3):
> package/docker-cli: bump version to v28.3.3
> package/docker-engine: bump version to v28.3.3
> package/containerd: bump version to v2.1.4
When follow request for logs is issued that points to/beyond the end of logs, a
busy loop in systemd-journal-gatewayd can be triggered which manifests as
systemd-journal-gatewayd consuming 100% CPU. Since threads are used for each
request, the logs may still work but the CPU will be hogged until the restart
of systemd-journal-gatewayd, Supervisor, or the whole system.
Backport the patch submitted upstream that addresses this issue.
Fixes#4190
As there is VirtualBox available for aarch64 on Apple Macs, provide OS images
also in the native VirtualBox format, which also grants the ability to resize
existing disk images, unlike VMDK.
Fixes#4171 & fixes#4172
Enable option for the netfilter NETMAP target, as it can be useful for some
users. Until now it's been enabled only for some targets as an option coming
from upstream defconfigs; make sure it's available for all targets.
Fixes#4183
The ip6tables configuration is now enabled by default since Docker 27
(see https://github.com/moby/moby/pull/47747). The experimental config
got introduced with the ip6tables flag in #2051. There is no other
experimental feature used from what I am aware of, so lets remove the
experimental flag as well.
Unbind the Bluetooth driver for Broadcom HCI module before the bluetooth
service starts if running on board without WiFi module. This is a replacement
for #2948 but using a more targeted approach for removing the particular driver
and better detection of no-WiFi (thus no-Bluetooth) models.
This still means the driver will be probed and couple of lines printed when it
fails to set baudrate and reset the module, yet this should be benign, at least
the all-zero MAC device no longers appears in Bluetooth stack.
(cherry picked from commit aff1f81817)
Backport patch for traces appearing since v4.21.0 bump, introduced in #4095.
This change is not available in any newer tagged release of the driver and the
commit message upstream is messed up, hence the reworded patch.
(cherry picked from commit 286f5a66ca)
Make sure that all LAN drivers used on Raspberry Pi boards are built-in.
Although they are defined as such in the base defconfig, we change them to
modules in device support includes. For simplicity and keeping kernel config
close to the RPi OS config, change them all to built-in in the main RPi include
for all RPi targets.
This is not only a formal change - at least one regression is known if the PHY
driver on RPi 5 is not built-in and MAC driver is - in that case the PHY hooked
up to the RP1 isn't initialized properly, and it is reported as "Generic PHY"
instead, e.g. breaking the control of LEDs through dtparams. Relevant dmesg log
before the change:
macb 1f00100000.ethernet end0: PHY [1f00100000.ethernet-ffffffff:01] driver [Generic PHY] (irq=POLL)
And after the change:
macb 1f00100000.ethernet eth0: PHY [1f00100000.ethernet-ffffffff:01] driver [Broadcom BCM54213PE] (irq=POLL)
Fixes#3333
(cherry picked from commit a338b67144)
Update Docker and related services to latest versions.
* buildroot 758ae477cd...9366ce5635 (6):
> package/runc: bump version to v1.3.0
> package/containerd: bump version to v2.1.3
> package/docker-cli: bump version to v28.3.0
> package/docker-engine: bump version to v28.3.0
> package/docker-cli: Fix go module version information
> package/docker-engine: Fix go module version information
(cherry picked from commit bc484f6409)
Bind-mount Systemd Journal socket to the Supervisor container. This way
Supervisor can use the socket directly for writing log entries using the
Systemd native Journal protocol [1] instead of logging to stderr of the
container.
[1] https://systemd.io/JOURNAL_NATIVE_PROTOCOL/
(cherry picked from commit dffbe89147)
This reverts commit eab18076ad.
This change was added in #2948 as a workaround for all-zero adapter appearing
in the HA frontend (#2944). With changes implemented in [1], this is no longer
needed, the only minor issue is that the ghost adapter still appears in
hciconfig (and other utilities') output as reported in [2]. However, this
should be less problematic than the Bluetooth being unavailable if WiFi is
disabled through disable-wifi DT overlay, so let's start with removing the
workaround.
Fixes#2975
[1] https://github.com/Bluetooth-Devices/bluetooth-adapters/pull/105
[2] https://github.com/raspberrypi/linux/issues/5756
(cherry picked from commit 17ae2d4741)
The tests that are involving reboots are flaky and fail when waiting for the
command to return or when waiting for a new login prompt. To mitigate this, do
not use run_check, as it needs the shell prompt to reappear, and instead use
sendline and wait up to a minute for the GRUB message.
(cherry picked from commit 9803f5fb4f)
Unbind the Bluetooth driver for Broadcom HCI module before the bluetooth
service starts if running on board without WiFi module. This is a replacement
for #2948 but using a more targeted approach for removing the particular driver
and better detection of no-WiFi (thus no-Bluetooth) models.
This still means the driver will be probed and couple of lines printed when it
fails to set baudrate and reset the module, yet this should be benign, at least
the all-zero MAC device no longers appears in Bluetooth stack.
Backport patch for traces appearing since v4.21.0 bump, introduced in #4095.
This change is not available in any newer tagged release of the driver and the
commit message upstream is messed up, hence the reworded patch.
Make sure that all LAN drivers used on Raspberry Pi boards are built-in.
Although they are defined as such in the base defconfig, we change them to
modules in device support includes. For simplicity and keeping kernel config
close to the RPi OS config, change them all to built-in in the main RPi include
for all RPi targets.
This is not only a formal change - at least one regression is known if the PHY
driver on RPi 5 is not built-in and MAC driver is - in that case the PHY hooked
up to the RP1 isn't initialized properly, and it is reported as "Generic PHY"
instead, e.g. breaking the control of LEDs through dtparams. Relevant dmesg log
before the change:
macb 1f00100000.ethernet end0: PHY [1f00100000.ethernet-ffffffff:01] driver [Generic PHY] (irq=POLL)
And after the change:
macb 1f00100000.ethernet eth0: PHY [1f00100000.ethernet-ffffffff:01] driver [Broadcom BCM54213PE] (irq=POLL)
Fixes#3333
Update Docker and related services to latest versions.
* buildroot 758ae477cd...9366ce5635 (6):
> package/runc: bump version to v1.3.0
> package/containerd: bump version to v2.1.3
> package/docker-cli: bump version to v28.3.0
> package/docker-engine: bump version to v28.3.0
> package/docker-cli: Fix go module version information
> package/docker-engine: Fix go module version information
Bind-mount Systemd Journal socket to the Supervisor container. This way
Supervisor can use the socket directly for writing log entries using the
Systemd native Journal protocol [1] instead of logging to stderr of the
container.
[1] https://systemd.io/JOURNAL_NATIVE_PROTOCOL/
This reverts commit eab18076ad.
This change was added in #2948 as a workaround for all-zero adapter appearing
in the HA frontend (#2944). With changes implemented in [1], this is no longer
needed, the only minor issue is that the ghost adapter still appears in
hciconfig (and other utilities') output as reported in [2]. However, this
should be less problematic than the Bluetooth being unavailable if WiFi is
disabled through disable-wifi DT overlay, so let's start with removing the
workaround.
Fixes#2975
[1] https://github.com/Bluetooth-Devices/bluetooth-adapters/pull/105
[2] https://github.com/raspberrypi/linux/issues/5756
The tests that are involving reboots are flaky and fail when waiting for the
command to return or when waiting for a new login prompt. To mitigate this, do
not use run_check, as it needs the shell prompt to reappear, and instead use
sendline and wait up to a minute for the GRUB message.
When following logs in Home Assitant frontend, the last line may be duplicated
over time when no new lines are added. This is because systemd-journal-gatewayd
incorrectly processed the num_skip part of the Range header, always returning
the last entry even when it should have been skipped.
Backport the patch for Systemd that processes the header correctly.
Fixes#4101
(cherry picked from commit 4a4da64f31)
* Bump buildroot to update package/pigz
* Enable parallel gzip for faster Docker pulls
Docker checks if unpigz is available, and if so uses it to unpack
container layers with multiple CPU cores. This should make Docker pulls
faster, especially on lower end hardware.
(cherry picked from commit 42a5e6becb)
Enable Intel NIC support only in the PCI include fragment and keep VF-related
options enabled only in the OVA config.
Refs #4021
(cherry picked from commit b25fce69b6)
Add timeout to expect call when waiting for the OS reboot after
switching slots. While it never fails for me locally, it regularly
breaks tests in GHA.
(cherry picked from commit 98a7a55df6)
Since update to Systemd v256.x the Range header requires the num_entries part
and fails if it's not provided, which we worked around by [1]. With this patch
that was already accepted upstream, the workaround shouldn't be necessary
anymore.
[1] https://github.com/home-assistant/supervisor/pull/5827
(cherry picked from commit f5efac66a0)
Add test that OS update works - use the whole stack using CLI to update to the
latest stable version (unless executed manually on the latest stable release,
this version should never be the same as the currently tested one).
With this test in place, we can also test command for switching the slots, so
add an extra test for that too.
Fixes#4103
(cherry picked from commit 90d36147f7)
Add driver for Marvell PHYs, such as 88E1543(4L) on an ASRock C3758D4I-4L
board. Adding it to x86 config only, as it seems it's not widely used anywhere
else.
Fixes#4025
(cherry picked from commit 6f854b67b0)
When following logs in Home Assitant frontend, the last line may be duplicated
over time when no new lines are added. This is because systemd-journal-gatewayd
incorrectly processed the num_skip part of the Range header, always returning
the last entry even when it should have been skipped.
Backport the patch for Systemd that processes the header correctly.
Fixes#4101
* Bump buildroot to update package/pigz
* Enable parallel gzip for faster Docker pulls
Docker checks if unpigz is available, and if so uses it to unpack
container layers with multiple CPU cores. This should make Docker pulls
faster, especially on lower end hardware.
Add timeout to expect call when waiting for the OS reboot after
switching slots. While it never fails for me locally, it regularly
breaks tests in GHA.
Since update to Systemd v256.x the Range header requires the num_entries part
and fails if it's not provided, which we worked around by [1]. With this patch
that was already accepted upstream, the workaround shouldn't be necessary
anymore.
[1] https://github.com/home-assistant/supervisor/pull/5827
Add test that OS update works - use the whole stack using CLI to update to the
latest stable version (unless executed manually on the latest stable release,
this version should never be the same as the currently tested one).
With this test in place, we can also test command for switching the slots, so
add an extra test for that too.
Fixes#4103
Add driver for Marvell PHYs, such as 88E1543(4L) on an ASRock C3758D4I-4L
board. Adding it to x86 config only, as it seems it's not widely used anywhere
else.
Fixes#4025
Bump Hailo stuff to the latest version. While this is a breaking change for
add-ons depending on the driver, the most commonly used one (i.e. Frigate)
didn't bump to v4.20.1 on their stable channel either, so it shouldn't have
significant impact. We agreed with @blakeblackshear that once HAOS bumps the
Hailo driver in HAOS 16, Frigate will follow.
Backport /boots endpoint for Systemd so we can use it in Supervisor to get the
actual list of boots. Should be available upstream since Systemd v258, for v256
minor tweaks were needed.
When creating OVA image, the CPU is slacking at the end of the build because it
is creating three ZIP archives, each one on a single CPU only. As we're
creating only single-entry archives, we can use pigz to use all cores.
The actual speedup on my machine (16C/32T) reflects the number of cores - it
takes around 2 seconds instead of 1 minute.
Since
127c420335
change in package/systemd, this option is patched by systemd build because
userspace FW loading has never been supported with Systemd. This should have no
runtime effect, just clear the warning about disabled option.
Fix build job to write config option for channel switching from #4043 to the
actual config. As it was written to .config in the top-level build directory,
it was never correctly applied.
* package/vcgencmd: add tool for RPi VideoCore commands
This tool is used by rpi-eeprom-update and is fairly lightweight binary without
dependencies. Use it as-is from raspberry/utils repo.
* package/rpi-eeprom: change package to install EEPROM userspace scripts
* configs: enable rpi-eeprom for rpi4, rpi4-64, rpi5-64 and yellow
On Pi5 and Yellow also enable flashrom so the firmware can be installed
directly without recovery being involved. On Yellow/CM4 this can't be done
without config.txt changes though (SPI and pinmuxing needs to be enabled) but
the image is shared there and users may eventually use the tools if they want,
so install BCM2711 on Yellow too. The "officially recommended" method is
rpiboot though, which is also documented in Yellow docs.
Because we use custom compatible strings in Yellow DTS's, the firmware loader
first attempts to load a firmware with this compatible in its name. Because it
doesn't exists, it shows error like this one before falling back to a more
generic one:
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,5-compute-module-ha-yellow.bin failed with error -2
While these errors are mostly harmless, add symlinks with our compatible in the
name to suppress them. Instead of patching upstream
package/brcmfmac_sdio-firmware-rpi which installs the firmware files, add them
to yellow overlay to make maintenance easier.
Latest RPi firmware package contains module options that supposedly improve
stability, with details described in [1].
Since the feature_disable mask also disables the dump_obss feature, this change
would also mitigate `brcmf_set_channel: set chanspec ... fail` messages still
seen in some environments even after #3719.
Fixes#3367
[1] 2788cb549a
Update to latest binary of 43455 firmware and add missing symlinks which
suppress warnings/file not found errors when loading the firmware on CM5.
* buildroot 50fcf58bfa...62bf5c5af5 (2):
> package/brcmfmac_sdio-firmware-rpi: add CM5/Pi 500 symlinks to 43455 FW
> package/brcmfmac_sdio-firmware-rpi: bump version to 4eec7f2
* Fix U-Boot config to access all RAM on 16 GB CM5
U-Boot defconfig used for Yellow checks only 4 DRAM banks, however, CM5 with 16
GB has the memory spread across 8 banks. Add a patch (submitted upstream) to
the defconfig to get access to the whole RAM.
Fixes#3989
* Add Upstream tag with link to uboot patchwork
Add input allowing to override the channel that's used for hassio image
downloads and in runtime for Supervisor updates, building on the option added
in #3618.
The new default is dev for dev builds, for GH releases keep using the stable
channel both for releases and pre-releases (so we could catch any stable issues
before beta is moved to stable).
To keep it DRY and idiomatic, create a new in-repo GH action for running
commands in the build container.
* Make usage of top-level make easier, drop 'all' target
Make it easier when using top-level make - proxy all possible commands to
Buildroot make and only wrap build for individual target builds. This way it's
still possible to run e.g. 'make ova' which would read the defconfig and run
the build, while we can also use the top-level make in the same way as it's in
vanilla Buildroot.
Target 'all' was dropped in favor of Buildroot 'make' without any arguments -
as it's fairly pointless to run all builds sequentially. With the current 19
targets it would take about a day even on a decent hardware and the build
artifacts would be lost in the process.
* Show warning only if BR2_DEFCONFIG changes
* Wait for 10s or input if defconfig differs
* Fall back to buildroot make in top-level make
To make running Buildroot commands easier, define .DEFAULT rule and fall back
to targets from Buildroot with necessary variables set. This makes
"savedefconfig" redundant as it's been simply passed to BR.
* Also implicitly fall back to 'clean' target
* Fix typo
* Update RPi kernel to 6.12.20
Update to latest stable RPi kernel and remove unnecessary 6.6.y kernel config
fragments.
* Refresh RPi and Yellow patches
Rebase all patches on 6.12.20, remove patches that are already present
upstream.
* Update Yellow device trees for 6.12.20
Upstream changes broke our downstream device trees. While the CM4 fix was
trivial, there were more changes in the CM5 device tree due to adaptation to
upstream code. To simplify future maintenance, DTS was refactored to reuse CM5
DTS include and override only what's necessary.
* Bump buildroot to update to matching package/rpi-firmware
* buildroot ead21eb6d2...cd82256125 (1):
> package/rpi-firmware: bump version to f49a396 (1.20250326)
* Update Buildroot base to v2025.02
Packages updated:
* Added host-blake3 1.5.4
* Added host-go-src
* Added host-libxcrypt 4.4.38
* Added host-tar 1.35
* Added host-xxhash 0.8.3
* Added libtalloc 2.4.2
* Added libxcrypt 4.4.38
* apparmor updated from 3.1.2 to 3.1.7
* busybox updated from 1.36.1 to 1.37.0
* cifs-utils updated from 6.15 to 7.1
* containerd updated from 1.7.26 to 2.0.2
* dbus-broker updated from 35 to 36
* dropbear updated from 2024.85 to 2024.86
* e2fsprogs updated from 1.47.0 to 1.47.2
* expat updated from 2.6.4 to 2.7.0
* gcc-final updated from 12.4.0 to 13.3.0
* glibc updated from 2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5 to 2.41-5-gcb7f20653724029be89224ed3a35d627cc5b4163
* gptfdisk updated from 1.0.9 to 1.0.10
* host-binutils updated from 2.40 to 2.43.1
* host-ccache updated from 4.8.2 to 4.10.2
* host-cmake updated from 3.28.3 to 3.31.5
* host-dtc updated from 1.7.0 to 1.7.2
* host-e2fsprogs updated from 1.47.0 to 1.47.2
* host-elfutils updated from 0.189 to 0.192
* host-expat updated from 2.6.4 to 2.7.0
* host-fakeroot updated from 1.32.1 to 1.36
* host-gawk updated from 5.3.0 to 5.3.1
* host-gcc-final updated from 12.4.0 to 13.3.0
* host-gcc-initial updated from 12.4.0 to 13.3.0
* host-genimage updated from 17 to 18
* host-go updated from 1.22.12 to unknown
* host-gptfdisk updated from 1.0.9 to 1.0.10
* host-kmod updated from 31 to 33
* host-libcap updated from 2.69 to 2.73
* host-libffi updated from 3.4.4 to 3.4.6
* host-libglib2 updated from 2.76.1 to 2.82.5
* host-libopenssl updated from 3.2.4 to 3.4.1
* host-libtirpc updated from 1.3.4 to 1.3.6
* host-libxml2 updated from 2.12.9 to 2.13.6
* host-lz4 updated from 1.9.4 to 1.10.0
* host-lzip updated from 1.23 to 1.25
* host-meson updated from 1.3.1 to 1.7.0
* host-mpc updated from 1.2.1 to 1.3.1
* host-mtools updated from 4.0.43 to 4.0.47
* host-nfs-utils updated from 2.6.4 to 2.8.2
* host-pcre2 updated from 10.42 to 10.44
* host-pkgconf updated from 1.6.3 to 2.3.0
* host-python3 updated from 3.11.11 to 3.12.9
* host-python-flit-core updated from 3.9.0 to 3.10.1
* host-python-jinja2 updated from 3.1.2 to 3.1.5
* host-python-markupsafe updated from 2.1.3 to 3.0.2
* host-python-packaging updated from 23.2 to 24.2
* host-python-pypa-build updated from 1.0.3 to 1.2.2
* host-python-pyproject-hooks updated from 1.0.0 to 1.2.0
* host-python-setuptools updated from 69.0.3 to 75.8.0
* host-python-wheel updated from 0.40.0 to 0.45.1
* host-rauc updated from 1.11.3 to 1.13
* host-sqlite updated from 3.44.2 to 3.48.0
* host-systemd updated from 254.13 to 256.7
* host-util-linux updated from 2.39.3 to 2.40.2
* host-xz updated from 5.4.5 to 5.6.4
* host-zstd updated from 1.5.5 to 1.5.7
* iproute2 updated from 6.7.0 to 6.13.0
* iptables updated from 1.8.9 to 1.8.11
* json-c updated from 0.17 to 0.18
* kmod updated from 31 to 33
* libapparmor updated from 3.1.2 to 3.1.7
* libblockdev updated from 3.1.1 to 3.3.0
* libbytesize updated from 2.7 to 2.10
* libcap-ng updated from 0.8.4 to 0.8.5
* libcap updated from 2.69 to 2.73
* libdnet updated from 1.16.4 to 1.18.0
* libffi updated from 3.4.4 to 3.4.6
* libglib2 updated from 2.76.1 to 2.82.5
* libgudev updated from 237 to 238
* libmicrohttpd updated from 0.9.77 to 1.0.1
* libnftnl updated from 1.2.6 to 1.2.7
* libnl updated from 3.9.0 to 3.11.0
* libnvme updated from 1.7.1 to 1.11.1
* libopenssl updated from 3.2.4 to 3.4.1
* libtirpc updated from 1.3.4 to 1.3.6
* libunistring updated from 1.1 to 1.3
* libusb updated from 1.0.26 to 1.0.27
* lvm2 updated from 2.03.14 to 2.03.27
* nettle updated from 3.9.1 to 3.10.1
* network-manager updated from 1.44.2 to 1.50.2
* nfs-utils updated from 2.6.4 to 2.8.2
* pcre2 updated from 10.42 to 10.44
* procps-ng updated from 4.0.4 to 4.0.5
* rauc updated from 1.11.3 to 1.13
* rpcbind updated from 1.2.6 to 1.2.7
* rtl8821cu updated from 1597dfeda6cefd2e603fc7020ceca226d05fb108 to 96c65c58b544241178638e810b333dcc9aa26b91
* sqlite updated from 3.44.2 to 3.48.0
* systemd updated from 254.13 to 256.7
* util-linux-libs updated from 2.39.3 to 2.40.2
* util-linux updated from 2.39.3 to 2.40.2
* wireless-regdb updated from 2023.09.01 to 2024.10.07
* wpa_supplicant updated from 2.10 to 2.11
* patches/genimage: drop upstreamed patches
* patches/systemd: drop merged patch
* patches/network-manager: drop upstreamed patch
* Add BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_* to defconfigs
As the reported MemTotal can fluctuate a bit on some systems, e.g. because the
reserved memory changes between kernel version or other factors affect it like
VRAM, the swap file can be recreated unnecessarily between boots. Allow for
some fluctuation (up to +-32MB) before the swapfile is recreated.
This was a problem already before the recent haos-swapfile changes, however,
before it checked if the existing swapfile isn't smaller than the desired
value. If the MemTotal fluctuated there, the swapfile size eventually settled
on the highest value seen and it wasn't recreated anymore. With this change,
things should be stable even more.
As pointed out in [1] by @cdce8p, the RTL8125D has an internal PHY that also
needs some changes to be backported.
Also, move the patches to more targeted directories is it would be otherwise
applied to RPi 6.6 kernel with failures. We can move it back to the top-level
patches directory once RPi moves to kernel 6.12.
[1] https://github.com/home-assistant/operating-system/issues/3880#issuecomment-2790105503
As we enabled SI/CIK support to fix crashes on bunch of AMD SoCs in #3957, the
amdgpu driver still crashes on some hardware. It seems to be some GX-217GA SoCs
or even GX-425GA in Fujitsu thin clients (even though the same SoC is fine on
T620).
To get to the state before update to kernel 6.12, disable amdgpu for these
platforms again (as it couldn't work properly there before OS 15.0) and just
backport the patch that fixes the crashes during probing when the driver isn't
compiled with SI/CIK support.
Fixes#4012
* Backport RTL8125D (rev C, XID 688) support
Apply mainline patch adding support for NIC present e.g. on ASUS NUC 14
Essential.
Fixes#3880
* Update buildroot to add RTL8125D firmware
* buildroot 4cd211162d...5379c358bf (1):
> linux-firmware: add RTL8125D firmware
When there's a problem with connectivity, it may result in obscure errors later
in the testing. Add checks testing three scenarions:
* connectivity in host - both using curl and nmcli
* connectivity in Supervisor container (uses docker0 as default via)
* connectivity in CLI container (uses hassio as default via)
Also make sure that Supervisor upgrade isn't attempted when the version
information is missing.
To avoid necroposting to old issues that's usually left unnoticed, add workflow
for locking issues similar to the one that Core has.
The PR locking limit can be increased as the traffic is much lower compared to
Core. Issues before 2025 have been locked manually via the API.
Update of OpenSSL in OS 12.2 from 1.1.1 to 3.2 changed the output of `openssl
sha256` command. It seems that some hypervisors don't like this and fail if
it's not plain "SHA256".
Fixes#3654
Update Docker and its dependencies to versions packaged in last bugfix release.
* buildroot 3914f8cad5...4cd211162d (4):
> package/runc: bump version to v1.2.6
> package/docker-cli: bump version to v28.0.4
> package/docker-engine: bump version to v28.0.4
> package/containerd: bump version to v1.7.26
Firmware change that set initial_turbo to 60 from the previous 0 has broken
initialization of some SD cards in U-Boot. Adjust the value in config.txt on OS
update if the value is not already set by the user, and put it to the default
config.txt.
The config.txt also contains a short comment explaining the purpose. The
purpose of it is also to make it easier to revert this change in the future if
the problem is fixed in the firmware or U-Boot.
Fixes#3965
One of the reason for failures after update to OS 15.0 was missing support for
the kernel PIO driver in EEPROM firmware. Backport upstream patches from
raspberrypi/linux#6645 and raspberrypi/linux#6642 that handle this situation
more gracefully. These patches could be dropped after the next RPi kernel
release.
Refs #3943
Update generic_raw_uart package to the latest sources available coming with
direct kernel 6.12.x compatibility dropping the intermediate patches
accordingly. In addition, the eq3_char_loop patchset was updated to reflect the
same changes performed.
When Intel GPUs are used in passthrough, the i915 is probed too early and fails
to load firmware which is in the rootfs mounted later. The CONFIG_DRM_I915=y
comes from x86_64_defconfig, by changing it to module (like we do for
generic-x86-64), the driver becomes only available after the rootfs is mounted
and firmware is loaded correctly.
Fixes#3949
It seems that kernel 6.12 handles device probing less gracefully when these
options are not enabled and causes crash on some AMD SoCs, e.g.:
*ERROR* Invalid callback to read register 0x58184
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/4050
Refs #3944
U-Boot update in #3878 changed the layout of patch folders for Hardkernel
targets with the goal to make it less confusing. However, it missed adding the
top-level hardkernel patches directory to all hardkernel targets and only
remove it from some of them in [1].
Revert to state before #3878 by adding the hardkernel folder to c2/c4/n2. In
the future, the patches from this folder should be split per target and if any
patches remain in it, they should be applied for all hardkernel boards.
[1] 2716b564c2Fixes#3936
We check that landing page is working when the network is down but we don't
check it in the happy path. Add its test to make it more obvious when the
just landing page is broken.
In some cases, the wipe service may be called due to a race condition for the
second time during the boot, very likely failing because the filesystems are
already mounted. This can not be reproduced on OVA but can be fairly easy
triggered e.g. on RPi. As we want the service to be executed exactly only once,
we can do what's suggested in [1] and set the RemainAfterExit=yes. That should
ensure the unit is not ever started for the second time.
[1] https://www.github.com/systemd/systemd/issues/29367
(cherry picked from commit 24640c11ae)
In some cases, the wipe service may be called due to a race condition for the
second time during the boot, very likely failing because the filesystems are
already mounted. This can not be reproduced on OVA but can be fairly easy
triggered e.g. on RPi. As we want the service to be executed exactly only once,
we can do what's suggested in [1] and set the RemainAfterExit=yes. That should
ensure the unit is not ever started for the second time.
[1] https://www.github.com/systemd/systemd/issues/29367
Add missing patch and update for latest runc version to fix losing device
permissions when new devices are added in runtime.
* buildroot b079a02a9a...3914f8cad5 (2):
> package/runc: add patch for extended default allowed devices in v1.2.4
> package/runc: add missing patch to fix device permissions update
Fixes#3915
(cherry picked from commit 04debe2f53)
Update to latest version of the driver and matching firmware. The most common
application for it - Frigate - currently has 4.19.0 in stable but 4.20.0 is
staged in dev. As it's easier to select OS version than a version of the
add-on, it makes sense to stay ahead in HAOS. This also means Frigate needs to
be updated to the matching version (as staying on an arbitrary older patch
revision doesn't make much sense either).
(cherry picked from commit 173a4388fe)
* Add test checking journal logs for dependency cycles
* Run some test cases to get their output also when full init fails
* Remove high timeouts from the times when GHA couldn't use KVM
* Enable logging durations for future optimizations
(cherry picked from commit 4a1d2b75b9)
Use simple shell script to perform device wipe instead of calling OS Agent to
do that through the UDisks2 API. While it might have been a good idea to use
high level interface for that back then, it turns out it causes more issues
than the benefits it could bring.
Main problem currently is that the OS Agent needs to read sysctl variables, but
those are only set after mounting the overlay partition. But at the same time,
the overlay partition can't be mounted if we want to wipe it - this creates a
dependency cycle through the haos-agent.service.
To get rid of the cycle and simplify things, use a shell script doing basically
the same what the OS Agent does. Since the wipe functionality only makes sense
to be implemented on HAOS targets (not on Supervised), there's little point of
having it in higher layer of abstraction that OS Agent provides.
It should be also checked if changes from #1291 are needed anymore, as the
driving factor for those have been probably the wipe feature in OS Agent too,
but at this point they seem to be harmless.
(cherry picked from commit 6c4f32a8c0)
Update to latest version that fixes start order in haos-agent.service. Without
that, OS Agent reports incorrect swappiness after boot.
(cherry picked from commit 36d905720a)
As discussed in #3885, now that fixed Supervisor is in stable, we can test that
no AppArmor denied events are logged during CI tests.
(cherry picked from commit 610ced0162)
Add missing patch and update for latest runc version to fix losing device
permissions when new devices are added in runtime.
* buildroot b079a02a9a...3914f8cad5 (2):
> package/runc: add patch for extended default allowed devices in v1.2.4
> package/runc: add missing patch to fix device permissions update
Fixes#3915
Update to latest version of the driver and matching firmware. The most common
application for it - Frigate - currently has 4.19.0 in stable but 4.20.0 is
staged in dev. As it's easier to select OS version than a version of the
add-on, it makes sense to stay ahead in HAOS. This also means Frigate needs to
be updated to the matching version (as staying on an arbitrary older patch
revision doesn't make much sense either).
* Add test checking journal logs for dependency cycles
* Run some test cases to get their output also when full init fails
* Remove high timeouts from the times when GHA couldn't use KVM
* Enable logging durations for future optimizations
Use simple shell script to perform device wipe instead of calling OS Agent to
do that through the UDisks2 API. While it might have been a good idea to use
high level interface for that back then, it turns out it causes more issues
than the benefits it could bring.
Main problem currently is that the OS Agent needs to read sysctl variables, but
those are only set after mounting the overlay partition. But at the same time,
the overlay partition can't be mounted if we want to wipe it - this creates a
dependency cycle through the haos-agent.service.
To get rid of the cycle and simplify things, use a shell script doing basically
the same what the OS Agent does. Since the wipe functionality only makes sense
to be implemented on HAOS targets (not on Supervised), there's little point of
having it in higher layer of abstraction that OS Agent provides.
It should be also checked if changes from #1291 are needed anymore, as the
driving factor for those have been probably the wipe feature in OS Agent too,
but at this point they seem to be harmless.
Cherry-pick bumps up to v5.79 and sync other changes and fixes with latest
upstream state.
* buildroot b4df362187...7d5c3b5e70 (10):
> package/bluez5_utils: tidy up the init script
> package/bluez5_utils: install datafiles with correct permissions
> package/bluez5_utils: fix dbusconfdir
> package/bluez5_utils{, -headers}: bump version to 5.79
> package/bluez5_utils: enable asha/bass when building audio plugins
> package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.78
> bluez5_utils: disable asha profile
> package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.77
> package/bluez5_utils: disable datafiles
> package/bluez5_utils: fix sixaxis build without tools
Update Docker to latest version and containerd to latest version from the 1.7
line. Runc updated to v1.2.5 with rebased patchset from the outstanding PR.
* buildroot 257ddc70ce...b4df362187 (4):
> package/runc: bump version to v1.2.5
> package/docker-cli: bump version to v28.0.1
> package/docker-engine: bump version to v28.0.1
> package/containerd: bump version to v1.7.25
Mainly the amdgpu updates cause an increase of generic-x86-64 image size by
~12MB but there's still enough of space in the rootfs after recent cleanup.
* buildroot c5a1cbcf73...257ddc70ce (9):
> package/linux-firmware: bump Intel BZ firmware version to 92
> package/linux-firmware: bump version to 20250211
> package/linux-firmware: bump version to 20241210
> package/linux-firmware: fix build failures to due RTL8723 file changes
> package/linux-firmware: bump version to 20240909
> package/linux-firmware: bump to version 20240709
> package/linux-firmware: improve help text for Realtek 88xx Bluetooth firmware
> package/linux-firmware: install all rtl88 Bluetooth binary blobs
> package/linux-firmware: RTL_88XX_BT: install all firmware
Disable downstream option for linux-firmware compression. With #3877 it's not
needed for x86 anymore and other boards don't need it. Eventually the higher
EROFS compression for firmwares and modules can be enabled for other targets as
well.
Patch added in #3843 is not necessary anymore, as the missing reset names have
been added to DTS includes of the 6.12.y branch as patch
6c9cd0a70ccea8a505471062a85de5626ad07cec (released in v6.12.14).
When RPi is booted in the tryboot state and the set-state operation is called
for the second time, the tryboot files don't exists anymore and the handler
exits with an error code, printing an error in the Supervisor logs. Fix
handling of this case and add few more checks to make the handler a bit more
robust/traceable.
As we don't have the info utility in HAOS, it's worthless to preserve info
pages. While there are currently some files in /share/info (coming from GRUB2
tools install), /usr/share/info was added pre-emptively.
Because the OTA hooks interact with GRUB environment using grub-editenv, we
have BR2_TARGET_GRUB2_INSTALL_TOOLS enabled. However, that brings massive bloat
of files that are never used in HAOS, as it also installs many other binaries,
GRUB modules and translations.
As it's not possible to configure what gets installed in grub2 package, remove
the undesired files in the post-build function. This brings savings of ~8.5MB
of space in the root partition.
Use auditd so logs from AppArmor and other audit events are processed by that
instead of printed to the Systemd journal. This will reduce the log spam from
BPF usually present in host logs and still preserve the audit logs for
debugging.
The default configs seems to be sane for our purpose, rotating up to 5 files of
8MiB each. The difference is that /var/log/audit will be now on tmpfs but given
how AppArmor is used on typical HA setup, we don't need to preserve the logs
over reboots.
Removal of the e2scrub binary is not needed anymore, as it's not installed and
only BR2_PACKAGE_E2FSPROGS_E2IMAGE is enabled. Moreover, it's been probably
wrong since the very beginning, as the TARGET_DIR prefix was missing, possibly
leading to removal of the binary from the host/builder.
Allow configuration of the swap size via /etc/default/haos-swapfile file. By
setting the SWAPSIZE variable in this file, swapfile get recreated on the next
reboot to the defined size. Size can be either in bytes or with optional units
(B/K/M/G, accepting some variations but always interpreted as power of 10). The
size is then rounded to 4k block size. If no override is defined or the value
can't be parsed, it falls back to previously used 33% of system RAM.
Fixes#968
* Refresh fileenv patch for U-Boot 2025.01
* Update Tinker to U-Boot 2025.01
Needs minor patch adjustment, also fixed patch numbering.
* Update ODROID-N2 to U-Boot 2025.01, move eMMC patch
Move the patch for eMMC so it's applied only for N2 specifically and update it
for 2025.01.
* Update ODROID-C/XU to U-Boot 2025.01
No changes in patches necessary after moving the N2 patch.
* Update RPi boards to U-Boot 2025.01
Changes needed in bcmstb PCIe driver due to upstream refactoring, rest only
refreshed. All patches now target the same version, so we can drop one of the
series.
* Update VIM3 to U-Boot 2025.01
No patches here, just version bump.
* Update Green to U-Boot 2025.01
Updated and refreshed patches, added a patch to disable OF_UPSTREAM which is
now needed.
* Update ODROID-M1 to U-Boot 2025.01
Drop patch that has been mostly merged upstream. The change is that HS400 would
stay enabled but let's get back to what upstream does.
* Update ODROID-M1 to U-Boot 2025.01
Drop all patches as M1S support should be now merged to U-Boot and DTS taken
from upstream.
* Disable DFU and mkeficapsule to fix build
mkeficapsule requires gnutls to be built first but it's not among dependencies.
Since we don't need the tool, we can disable it.
DFU is also not used on HAOS and it implies EFI_LOADER that we already disable.
Moreover, that also sets SET_DFU_ALT_INFO and leads to linker failure on some
platforms where it's not implemented.
* fixup! Update Green to U-Boot 2025.01
There were more changes needed in the Green config to use correct memory layout
due to upstream changes, otherwise we'll have malloc failures in U-Boot proper.
* Move N2 eMMC patch to more generic patches-meson
To stay on the safe side, move the eMMC hack to more generic folder that's used
for all targets using the meson_gx eMMC driver (i.e. C2, C4 and N2). This is
still better than keeping it in hardkernel/patches which is applied only to
some hardkernel boards (like it was before bump to U-Boot 20205.01).
Instead of using per-file ZSTD compression, compress firmware (and newly also
kernel modules) using LZMA within EROFS image. LZMA was picked because ZSTD
support in EROFS is still experimental and due to some limitations in the
implementation, the compression takes significantly more time.
This change gives us more control over compression of the files and with the
proposed settings, saves a bit of the space (~10 MiB) in the resulting image.
In theory, even higher savings could be achieved through compressing other
runtime binaries, but this would need to be thoroughly tested whether it
doesn't have any detrimental effects. For firmware and modules, the overhead
should be minimal, as they are usually touched only once per boot and are
rather small before decompression.
* buildroot 74994c4f32...92fab35fed (6):
> fs/erofs: add custom compression option with optional compress-hints file
> package/erofs-utils: bump to version 1.8.5
> package/erofs-utils: bump to version 1.8.3
> package/erofs-utils: bump to version 1.8.2
> package/erofs-utils: bump to version 1.8.1
> package/erofs-utils: add libdeflate and zlib optional dependencies
* buildroot 014c3fad50...74994c4f32 (2):
> package/linux-firmware: update Intel iwlwifi firmware versions for Linux 6.12
> package/linux-firmware: bump version to 20240513
* RaspberryPi: Update kernel to 6.6.74 - stable_20250127
* Bump buildroot to update rpi-firmware
* buildroot 71cba6c610...014c3fad50 (1):
> package/rpi-firmware: bump to version 1.20250127 for kernel 6.6.74
* Update patch for disabling CQE on CM5
The bool has been changed to a cell, adding the possibility to change the value
via sd_cqe dt_param both on CM5 and Pi5. Set it to disabled by default on CM5.
Because of refactoring/code quality improvements in upstream, IPv6 reachability
patch no longer applied on 6.12 kernel. We added two versions of the patch to
address this initially, however, this requires updating of the patch directory
name on every kernel bump. Backport the patch causing collision instead to RPi
kernel, so we can carry only one version of the patch.
This also requires swapping of the patching order - now we first apply
board-specific patches, then the global ones. Unless there are collisions,
these operations should be idempontent, so at this point it shouldn't have any
side-effects.
* Remove USB stack patches working around obsoleted Z-Wave devices issues
In #3224 we've introduced a patch reverting some changes in the USB stack that
was supposed to work around issues with some USB devices. Later discussions
revealed these devices are obsoleted by the manufacturer and there is no
official way of fixing those in newer Linux kernels. However, carrying the
patches makes us diverge from upstream and can eventually trigger other
problems not present upstream we'll have to handle.
Drop these patches now to be part of the upcoming OS 15 release, rather than
needing to drop them later in any of the patch revisions later.
* Also remove the patch from board/raspberrypi patches
* Upgrade Rockchip platforms to Linux 6.12
Upgrade all Rockchip boards to latest 6.12. Patches for M1S can be dropped, its
DTS has been merged. Same goes for the Rockchip TRNG, it only had to be enabled
in the Green DTS. Patch for broken combphy has been updated for 6.12.y.
* Remove deprecated and nonsense symbols from Rockchip defconfig
Many symbols have been removed between 6.6 and 6.12. Most of them have no use
in Rockchip defconfig, or should be set by other kernel fragments anyway.
Remove all of them, with the exception of USB_ONBOARD_HUB (which was renamed to
USB_ONBOARD_DEV) and FSCACHE (which was changed from tristate to bool).
* Update generic-aarch64 to Linux 6.12
* Update Amlogic-based ODROID boards to Linux 6.12
Removed couple of deprecated/unrelated kernel options.
* Update VIM3 to Linux 6.12
Cleaned up symbols unrelated/deprecated in 6.12 from defconfig.
* Update ODROID-XU4 to Linux 6.12
The usual defconfigs suspects had to been removed and the regulator patch for
ethernet needed a minor update after refactoring in upstream.
* Update Tinker to Linux 6.12
Needed defconfig cleanup for 6.12, otherwise no changes.
* Update x86 and OVA to latest 6.12 release
This way the extra patches directory can be removed too.
* Remove 6.6.73 patches
* Refresh all linux patch series against 6.12.11 sources
* Reenable HW RNG on M1S to speed up boot
The TRNG on RK3566 supposedly [1] has low quality, that's why it's disabled in
upstream for this SoC. We had it enabled in the past and without it, the boot
is delayed by quite a lot. Enable it again for now and investigate the RNG
issues later.
[1] https://patchew.org/linux/cover.1722355365.git.daniel@makrotopia.org/
* Also remove CACHEFILES module from Rockchip config
It was only enabled for Rockchip and Tinker, and to my knowledge there is no
cachefiles daemon or anything other in the userspace that's using it.
* Remove unused 6.6.y fragments
Since we only have 6.6.y for Raspberry Pi now, it doesn't need the Rockchip and
wireless PCI fragments.
Revert the patch changing phy reset behavior, requiring also changes in the
device tree that are missing in the stable backport. The issue was reported to
the regressions mailing list and hopefully future patch release should contain
a proper fix.
The patch is added to the patches-rockchip directory, potentially affecting
Green as well, although the broken peripherals are not used there.
Fixes#3837, fixes#3841
Probably since home-assistant/supervisor#5276 introduced in Supervisor
2024.9.0, RAUC bootloader handler for tryboot can set the tryboot flag also
when the tryboot file is not present, causing the Pi to become stuck in
bootloader, trying to load the tryboot file.
This happens when the device is already in the tryboot state, in that case the
tryboot files and flag are created by set-primary and in turn the files are
removed in set-state, while the flag is persisted, causing the bootloader to
attempt loading non-existing file.
To avoid unnecessary juggling with tryboot/config files, only create them and
set the flag if the boot slot is different than the current one. Also, make
sure that the flag is reboot parameter is cleared when the tryboot files are
removed by the handler.
Fixes#3740
* Linux: Update kernel to 6.12.6
* Linux 6.12
* https://github.com/home-assistant/operating-system/pull/3767#discussion_r1899169881
* https://github.com/home-assistant/operating-system/pull/3767#discussion_r1899170543
* Add patch descriptions, kernel ver conditionals
Signed-off-by: Nick Venenga <nick@venenga.com>
* Remove extra zram compression algos
* Undo fragment files config change
...for platforms that didn't receive kernel updates
* Sort Dockerfile apt packages
* Add Upstream refs to patches
* Re-enable TC
* Restore v6.6.y kernel fragments
* Update buildroot to rebased branch
* Apply 6.12 migration only to generic-x86-64
* package/eq3_char_loop: port patch from RaspberryMatic by @jens-maus
* package/generic_raw_uart: port patch from RaspberryMatic by @jens-maus
* Restore buildroot-external/board/pc/patches/linux
It's used in ova and generic-aarch64 defconfigs. Keep the path removed from
generic-x86-64 defconfig.
* Split linux patches to be version-specific
The IPv6 reachability patch needs different context on 6.6.y and 6.12.y -
introduce version-specific linux directories. To avoid the need for extra
directory for version used in RPi, copy those patches to its patches directory.
* Replace removed Intel Skylake audio driver with Intel AVS
The Skylake driver was removed and should be now replaced either by Intel HD
Audio or Intel AVS. Remove the old options and enable AVS.
SND_SOC_INTEL_SKYLAKE=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:63)
SND_SOC_INTEL_SKL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:64)
SND_SOC_INTEL_APL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:65)
SND_SOC_INTEL_KBL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:66)
SND_SOC_INTEL_GLK=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:67)
SND_SOC_INTEL_CNL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:68)
SND_SOC_INTEL_CFL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:69)
SND_SOC_INTEL_CML_H=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:70)
SND_SOC_INTEL_CML_LP=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:71)
SND_SOC_INTEL_SKYLAKE_FAMILY=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:72)
SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC=y not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:73)
SND_SOC_INTEL_SKYLAKE_COMMON=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:74)
-> a882f4d750
SND_SOC_INTEL_SST=m requested, actual = n (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:58)
-> 970d299b0a
* Remove I2C_COMPAT option
I2C_COMPAT=y not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:163)
-> 7e722083fc
* Correctly disable module compression after Kconfig change
The Kconfig structure was changed, there's now a top-level bool:
c7ff693fa2
---------
Signed-off-by: Nick Venenga <nick@venenga.com>
Co-authored-by: Jan Čermák <sairon@sairon.cz>
On Kria KD240 slg7xl45106 device is handling reset for USB hub which is
providing access to SD card (USB/SD converter). Access to this device is
done via i2c which needs to be also enabled in the kernel as built-in
driver not as module when rootfs is mounted.
Also change ZYNQ_GPIO to be built-in driver because i2c is using gpio for
bus recovery that's why it should be also enabled to probe i2c driver
properly.
v6.6 kernel doesn't have support for usb5744 driver that's why disable it
but add TODO to enable it once v6.12 upgrade is done.
Build of pam_lastlog.so was disabled by updating to v1.5.3 [1] yet the line
wasn't removed from the login modules. In upstream this was resolved by adding
a config option for turning the lastlog module and dynamic disabling of the
line including it. These changes neither a fix removing the config line were
not applied to 2024.02, so cherry-pick them here to fix the issue.
* buildroot ff563b383d...3784884466 (2):
> package/linux-pam: adjust login pam file for lastlog
> package/linux-pam: add menuconfig option to build pam_lastlog.so
Fixes#3789
[1] https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
(cherry picked from commit af7b36e100)
* Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform
Kria KD240 board is using SD card but SD is connected via onboard USB HUB.
USB controller is DWC3 with Xilinx glue logic. Both of these options are
enabled but board is using slg7xl45106 for driving usb-hub reset (PCA9570
driver) and USB3.0 requires initialization via PHY_XILINX_ZYNQMP driver.
All options should be enabled (=y) and can't be kernel modules because
provide access to rootfs.
* Add a note for config symbol change in 6.12
Changed in mainline commit 31e7f6c015d9eb35e77ae9868801c53ab0ff19ac
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
(cherry picked from commit 64ee53579b)
I have only tested that it fails for unreleased 6.6.72 kernel but haven't
tested the happy path and missed that it also failed because the types were
different. Stupid me.
* Move rauc.db to boot partition
The RAUC metadata file contains information that is tightly related to the
system and kernel partitions. With the possibility to migrate data disk, the
rauc.db can contain bogus information when moved to a different system. Removal
of the file on "device wipe" is also not desirable, because the information
about slot status is lost.
Relocate the rauc.db to the boot partition after a system upgrade (as this
can't be handled by RAUC hooks, because it needs to be executed after all slots
and metadata is written) and adjust the script for recreating it. The downside
is that its content in /mnt/data would be recreated if the boot slot is changed
or system downgraded but this should be handled quite gracefully.
Also remove the raucdb-first-boot service which is no longer necessary
with the file not present in the data partition.
* Fix shellcheck and mount path
Build of pam_lastlog.so was disabled by updating to v1.5.3 [1] yet the line
wasn't removed from the login modules. In upstream this was resolved by adding
a config option for turning the lastlog module and dynamic disabling of the
line including it. These changes neither a fix removing the config line were
not applied to 2024.02, so cherry-pick them here to fix the issue.
* buildroot ff563b383d...3784884466 (2):
> package/linux-pam: adjust login pam file for lastlog
> package/linux-pam: add menuconfig option to build pam_lastlog.so
Fixes#3789
[1] https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
Add test that the kernel isn't tainted at the end of the basic and supervisor
test suites, allowing us to catch e.g. kernel warnings that may left unnoticed
if dmesg isn't checked. There is no other source of tainting, so the value
should be always zero.
* Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform
Kria KD240 board is using SD card but SD is connected via onboard USB HUB.
USB controller is DWC3 with Xilinx glue logic. Both of these options are
enabled but board is using slg7xl45106 for driving usb-hub reset (PCA9570
driver) and USB3.0 requires initialization via PHY_XILINX_ZYNQMP driver.
All options should be enabled (=y) and can't be kernel modules because
provide access to rootfs.
* Add a note for config symbol change in 6.12
Changed in mainline commit 31e7f6c015d9eb35e77ae9868801c53ab0ff19ac
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
Similarly to #3803, artifact index update fails because the R2 doesn't
like the new awscli. The regression apparently comes from 1.37.0 as
well, so pin to version older than that.
The /etc/usb_modeswitch.d is present and empty but it can't be written to allow
user modification. Bind-mount it like other /etc folders to make it possible to
adjust usb_modeswitch config.
Fixes#3785
Zynq GPIO driver is used on AMD/Xilinx Kria platform for ETH phy reset.
Macb and PHY drivers are already enabled.
1 wire IP can be used for reading sensors via PMOD connector.
Similarly to #3705, enabled CQE triggers I/O freezes usually on the first boot
when the swapfile is being created. While we disabled it for Yellow, with #3782
the issue started to appear on generic CM5 targets with the rpi5-64 image.
In the meantime it was discovered that there seems to be some relation with the
ext4lazyinit task, which happens as a result of data partition resize, yet it's
still unclear if the pattern of the access triggered by the concurrent FS
initialization is somehow responsible, or if another factor comes in play.
Disabling CQE yet makes the issue go away and serves as an acceptable
workaround.
RPi 5 images container only device tree for Pi 5 Model B. Add the other
remaining BCM2712 device trees to enable running on CM5 and other variants
supported upstream.
Fixes#3766
With "cgroup: Use kernel command line to disable memory cgroup" merged to RPi
kernel as 86099de [1], the device tree now contains "cgroup_disable=memory"
parameter. The parameters are parsed in the order defined in the cmdline and
with the previous order, the memory CG ends up disabled. Switching the order
fixes that and makes the order similar to what we get with standard bootloader
and parameters in cmdline.txt only.
The possible downside is that it won't be possible to override parameters from
hardcoded bootargs_hassos using cmdline.txt anymore, however, it's unlikely any
of these parameters will need to be adjusted by users.
Fixes#3765
[1] 86099deff5
The z3fold allocator was deprecated with the reasoning explained in [1] and
this patch was backported to stable 6.6.y as well. We enable zsmalloc in shared
hassos.config and the enabled option in the Tinker config was probably just
some remnant from the past.
[1] https://lore.kernel.org/linux-mm/20240904233343.933462-1-yosryahmed@google.com/
The TCPMSS target module for iptables was enabled in some kernel defconfigs but
not for all targets. It is used e.g. in default config of @bigmoby's WireGuard
Client add-on. Enable it globally in the HAOS kernel config to make sure it's
always present.
Fixes#3730
If data disk is adopted on Yellow using the mechanism added in #3686, it
contains RAUC version information that is very likely invalid. In such case,
remove the file on first boot and have it recreated by the raucdb-update
service.
Hailo modules are usable also in other generic targets, so enable them also on
generic x86 and ARM targets. Runtime tested only on x86-64 (Beelink with Intel
N100).
The PCIe card from the RPi AI Kit (and probably other M.2 cards using the
Hailo-8 chip) can be used on Yellow - the driver initializes correctly and
creates a /dev/hailo0 device on Yellow both with CM4 and CM5.
* Add HA Yellow image to RPi Imager index update action
Update the action to also bump HA Yellow image added in
home-assistant/version#402.
* Sync image name with the current JSON PR
Instead of using in-tree module on RPi 5, build it as a module from the
original sources. This will give us better control over the version used and
will also allow us for easier way to add the module to other platforms.
This also makes 017d172 unnecessary anymore.
* buildroot c65b0306bb...b2077df873 (1):
> package/brcmfmac_sdio-firmware-rpi: bump version to 4c1789e
Raspberry Pi kernel 6.6 driver for BCM43455 (used in RPi 3B+/4B) calls new API
which uses the DUMP_OBSS feature for channel selection. If it's not preset, it
results in drivers reporting errors, e.g.:
brcmf_set_channel: set chanspec 0xd099 fail, reason -52
The RPi OS firmware was updated but the package we use for this firmware
contains an old version that lacks this support. Update to latest version
synced from RPi upstream to fix the issues. The root cause is explained in [1]
by @ragazenta. Both disabling the DUMP_OBSS and updating the firmware makes the
errors go away.
[1] https://github.com/raspberrypi/linux/issues/6049#issuecomment-2485431104Fixes#3367
With both RTCs enabled, the rpi_rtc is probed as the first one, making the
on-board RTC unused by default. Since the CM5's RTC peripheral can't be used on
Yellow, as the VBAT pin is not connected, disable it completely to fix RTC.
(cherry picked from commit 9d643edb54)
The I/O operations on the eMMC can sometimes fail and lock up completely, and
disabling CQE on the sdio1 (mmc0) interface seems to solve the issue. While it
is a known (and potentially resolved) issue [1] for SD cards in Raspberry Pi's
Linux fork, it is not acknowledged neither resolved for CM5's eMMC. With CQE
enabled, the device usually locks up within the first 10 first boots, when the
swap file is being created. After disabling CQE, no error occurred after more
that 100 cold boots (every time with swap file removed).
[1] https://github.com/raspberrypi/linuxissues/6349
(cherry picked from commit c514d6b482)
For yet unknown root cause, the eMMC interface sometimes fails to initialize
properly, delaying boot for up to 130 seconds. This can be reduced by ~100s by
disabling SD and SDIO modes on the sdio1 interface used for mmc0 before a
better patch is found.
(cherry picked from commit 489de0b2fb)
With both RTCs enabled, the rpi_rtc is probed as the first one, making the
on-board RTC unused by default. Since the CM5's RTC peripheral can't be used on
Yellow, as the VBAT pin is not connected, disable it completely to fix RTC.
The I/O operations on the eMMC can sometimes fail and lock up completely, and
disabling CQE on the sdio1 (mmc0) interface seems to solve the issue. While it
is a known (and potentially resolved) issue [1] for SD cards in Raspberry Pi's
Linux fork, it is not acknowledged neither resolved for CM5's eMMC. With CQE
enabled, the device usually locks up within the first 10 first boots, when the
swap file is being created. After disabling CQE, no error occurred after more
that 100 cold boots (every time with swap file removed).
[1] https://github.com/raspberrypi/linuxissues/6349
For yet unknown root cause, the eMMC interface sometimes fails to initialize
properly, delaying boot for up to 130 seconds. This can be reduced by ~100s by
disabling SD and SDIO modes on the sdio1 interface used for mmc0 before a
better patch is found.
Build cypress_m8 driver as module for all targets - some of them had it in
their base defconfig while some not. It is required e.g. for UPB PIM (Powerline
Interface Module).
Fixes#3690
(cherry picked from commit d57e507764)
Sync the DTS with changes added in newer commits merged after the initial
Yellow/CM5 DTS was written. The sdio1 node now has HS400 mode enabled and
sd_io_1v8_reg has been changed to regulator-fixed.
(cherry picked from commit b288cd212a)
If HAOS on Yellow is booted for the first time with NVMe data disk present, it
should be preferred over the empty eMMC data partition. This will ease
reinstall of the system and migration from CM4 to CM5. All other data disks
(e.g. if a USB drive is used for them) are still treated as before, requiring
manual adoption using the Supervisor repair.
(cherry picked from commit 98ac7f0170)
Build cypress_m8 driver as module for all targets - some of them had it in
their base defconfig while some not. It is required e.g. for UPB PIM (Powerline
Interface Module).
Fixes#3690
Sync the DTS with changes added in newer commits merged after the initial
Yellow/CM5 DTS was written. The sdio1 node now has HS400 mode enabled and
sd_io_1v8_reg has been changed to regulator-fixed.
If HAOS on Yellow is booted for the first time with NVMe data disk present, it
should be preferred over the empty eMMC data partition. This will ease
reinstall of the system and migration from CM4 to CM5. All other data disks
(e.g. if a USB drive is used for them) are still treated as before, requiring
manual adoption using the Supervisor repair.
Add Hailo-8 firmware binary for Rasperry Pi AI accelerators. The version needs
to be determined from the Git history of the kernel sources, as the driver
source code is included in the RPi downstream kernel and the version string
can't be found in the code directly.
Fixes#3663
* Add Makefile variable for Supervisor channel
Allow to set the release channel pre-installed Home Assistant components
like Supervisor and add-on are fetched from. This channel is then also
used at runtime.
* Use choice instead of string variable
* Fix channel in Supervisor updater.json config
* Add newlines
As stated in the docs [1], post-install hook is not executed if the slot
already has an install hook defined. Merge the post-install hook with the
install hook to fix CM5 migration for Yellow.
[1] https://rauc.readthedocs.io/en/latest/using.html#slot-hooks
The timeout of 90s was introduced before it was ensured that the timesync
systemd unit starts after network is online. Now with that, it makes less sense
to wait that long - if network is unreachable at the point the time
synchronization starts, and the server fails to reply on the first sync, the
polling interval is exponentially increased and the benefit of waiting for more
attempts is doubtful.
Since another synchronization attempt is done after network changes its state,
we should rely on that instead of having the 90 seconds interval as a waiting
period for plugging the network cable. Worst case, there are other mechanisms
that should set the time to a reasonably accurate value, making the NTP sync
less importart for most of the cases.
* Move RPi U-Boot patches to version-specific directory
We will need to use different series for 2024.10 which would be used as the
base for CM5 support.
* Remove common.h include from the fileenv cmd
It doesn't seem to be used and common.h has been removed in newer U-Boot.
* Use U-Boot 2024.10 with BCM2712 PCIe patches for Yellow
Use rebased patchset from v2024.01 with the first patch removed. Add patches
needed for PCIe initialization and use rpi_arm64_defconfig as the base config
for both CM4 and CM5.
* Add device tree for CM5 on HA Yellow and adjust config
Add device tree definition based on the CM5 device tree with BCM2712D0 changes
applied, and add nodes required for the on-board peripherals of Yellow.
Currently the difference in serial numbering still requires either changes in
this device tree, or userspace changes to create correct symlinks to make HA
configuration directly compatible with CM4 on Yellow.
* Add config.txt migration for conditional device_tree options
* Fix typos and minor issues found by CodeRabbit
* RaspberryPi: Update kernel to 6.6.51 - stable_20241008
* Update rpi-firmware to version for kernel 6.6.51
* buildroot 2ffac68a74...19027bc796 (1):
> package/rpi-firmware: bump to version 1.20241008 for kernel 6.6.51
Guest agent doesn't start because if HyperV Enlightenments are enabled, the
virtualization gets detected incorrectly. Backport Systemd patch that fixes the
detection, allowing the guest-agent service to meet its dependencies.
This patch should be no longer needed after update of Systemd to v256, or in
case the patch gets eventually backported to the v254 stable branch.
Fixes#3565
* Relocate HAOS Systemd drop-ins to /usr/lib/systemd
With some exceptions, Systemd drop-ins overriding default unit configuration
have been placed to `/etc/systemd/system`. This is meant for user overrides of
those, or per `man 5 systemd.unit` for "system unites created by the
administrator". Relocate all of these to `/usr/lib/systemd` which should be
used as path for units "installed by the distribution package manager" which is
closer to what we're trying to achieve.
This will make it easier to detect changes to unit files once we enable the
possibility to edit the content of /etc.
* Patch systemd-timesyncd.service instead of replacing it fully
If the system fails to boot, some kernel messages may not be shown before the
system fully boots. Enable the debug option for rescue shell options to have an
easy way to see those without modifying GRUB options. This will increase log
verbosity and turn on debug logging for Systemd as well [1].
[1] https://www.freedesktop.org/software/systemd/man/latest/systemd.html#debug
Bump labgrid to latest release. None of the changes require adjustments in the
tests. Remove pytest from requirements.txt, it's not needed anymore, so let pip
to resolve the correct (latest) version from labgrid's dependencies. With these
new dependencies, previous DeprecationWarnings on Python 3.12 are gone now.
* Update Docker to v27.2.0
Update Docker and containerd to latest supported version.
* buildroot a2c10a16a0...c68e03d96b (3):
> package/containerd: bump version to v1.7.21
> package/docker-cli: bump version to v27.2.0
> package/docker-engine: bump version to v27.2.0
* package/hassio: update DinD container to v27.2
If an attempt to access R2 artifacts is made before the files exist, the 404
reply gets cached and it's not possible to access the file after it's been
created without purging the cache, essentially doing a cache poisoning for
future build artifacts. To avoid it, list all files that have been created by
the build and call the purge cache API.
As there's a limit for number of files that can be purged in a single API call
[1], the GNU split utility is used to split intermediary list of files to
chunks of 30 URLs, which is then converted to a JSON array and passed to the
curl command.
[1] https://developers.cloudflare.com/api/operations/zone-purge#purge-cached-content-by-url
HP t520 have been reported to have the same issues as Atom boards with bad UEFI
firmware that doesn't work well with the new EFI loader used since GRUB 2.12.
Apply the patch to use legacy loader for its CPU ID as well.
Fixes#3557
Fix AX210 firmware files, this time for real. In #3549 we still had only
ucode and pnvm files for AX211, AX210 was still missing the pnvm file,
because its ucode was provided through IWLWIFI_22000 without appropriate
pnvm file. Both AX210 and AX211 firmwares are now installed with
IWLWIFI_6E which includes both pnvm and ucode files.
Also some firmwares which are not used by the current kernel can be
removed, because the kernel always only loads the most recent one.
* buildroot 01188d9c38...a2c10a16a0 (2):
> Revert "package/linux-firmware: exclude some files from compression"
> package/linux-firmware: fix AX210 support, stick to latest supported ucode API, reorganize the split
Fixes#3477
Since updating to Buildroot 2024.02, the iwlwifi loads a different version of
firmware for Intel AX cards (reported on AX210) which also needs the pnvm file.
However, unlike firmwares, the load method is different and the driver can't
load a compressed file. Disable compression for all .pnvm files to fix this.
* buildroot baa16784d2...55be56d521 (1):
> package/linux-firmware: exclude some files from compression
Fixes#3477
(cherry picked from commit d3a43a4ca4)
Since updating to Buildroot 2024.02, the iwlwifi loads a different version of
firmware for Intel AX cards (reported on AX210) which also needs the pnvm file.
However, unlike firmwares, the load method is different and the driver can't
load a compressed file. Disable compression for all .pnvm files to fix this.
* buildroot baa16784d2...55be56d521 (1):
> package/linux-firmware: exclude some files from compression
Fixes#3477
With #3523 as inspiration, it might be useful to wait for buttons to be
released, e.g. in case when they become stuck. Also indicate the button
operation (wipe, boot files removal, UMS) has been handled by turning on the
yellow LED.
* Improve LED naming in U-Boot DTS
Port Stefan's patch from Linux patchset to U-Boot.
* Implement device wipe using the hardware button on Green
Unlike Yellow, Green doesn't have a way to easily wipe the device, e.g. if the
user forgets the password - in that case the only option is to use a microSD
card and reflash the system. Fortunately, Green has a hardware button wired to
the PMIC chip which exposes the button state in one of the registers. Read this
value in U-Boot and decide if cmdline flag for device wipe should be set - same
as we do on Yellow.
Also enable LED driver and command in U-Boot. In the current implementation, if
the button is held for ~5 seconds when plugging in the device (this time
includes DDR training, SPL, etc.), the yellow LED turns solid to indicate wipe
is about the start. When the Linux kernel starts, the kernel LED driver takes
over and starts blinking in heartbeat pattern. Because it takes a while to load
the kernel, the LED stays solid for 2-3 seconds, which should be enough to
recognize it was acknowledged.
* Wait for button to be released before wiping
Enable NTFS and exFAT drivers, as they're not in defconfigs of all platforms and may be useful when mounting removable drives.
Fixes#2723
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
With default console on HDMI (tty0), we lost the console on the serial port. It
may be useful for debugging, let's enable it for new installs with the same
speed as bootloader (to avoid the need for baud rate switching).
Follow-up to #3412. While we haven't seen any issues so far, it's mentioned in
the original patch series we took inspiration from that HS200 works more
reliably, so enable it in Green's defconfig by amending the patch.
(cherry picked from commit 0452965fb0)
While mksquashfs uses this value by default, Genimage's default is 4K. This is
far too low value and results in slower kernel load, especially on embedded
boards with a flash drive. Explicitly set it to 128K to generate same images as
in pre-genimage builds.
(cherry picked from commit edba18f6c4)
We previously reverted the bump because we were unsure where the eMMC issues
are coming from. Now we know some of them were caused by incompatible eMMCs
then never worked from the beggining, and attempt to fix them (by changing the
frequency) caused some other side effects. Bump U-Boot back to the version used
generally and continue from there.
(cherry picked from commit 50a0062ee6)
Follow-up to #3412. While we haven't seen any issues so far, it's mentioned in
the original patch series we took inspiration from that HS200 works more
reliably, so enable it in Green's defconfig by amending the patch.
While mksquashfs uses this value by default, Genimage's default is 4K. This is
far too low value and results in slower kernel load, especially on embedded
boards with a flash drive. Explicitly set it to 128K to generate same images as
in pre-genimage builds.
We previously reverted the bump because we were unsure where the eMMC issues
are coming from. Now we know some of them were caused by incompatible eMMCs
then never worked from the beggining, and attempt to fix them (by changing the
frequency) caused some other side effects. Bump U-Boot back to the version used
generally and continue from there.
* add Documentation category
* add Dependencies (to easily filter them out if not needed in changelog)
* adjust the order a bit to have user-facing changes first
* Test landing page is reachable without internet connection
Add test that checks user is able to access the landing page even when HAOS has
no internet connection. We still need some sort of outgoing connectivity, so
outgoing connection attempts don't end up with "network is unreachable". To
simulate this, restricted network is created for the QEMU instance used in the
test, and when everything is started, unresponsive default gateway is added.
This intents to test regression that was fixed by
home-assistant/supervisor#5204, Supervisor 2024.7.0+ is thus needed for this
test to pass.
* Bump requirements for tests
* Use GRUB2 legacy loader only on some Intel Atom boards specifically
Previous revert of GRUB2 change that introduced usage of the generic EFI loader
for all x86 boards in #3324 caused regressions, the one confirmed is #3348.
This commit adds a specific patch that identifies the broken platforms based
on SMBIOS data gathered in #3305 and falls back to the legacy loader there.
Tested on Intel D525MW (falls back) and QEMU (no fallback).
* Enable GRUB's smbios module
Having smbios command in GRUB can help in future debugging, e.g. to add more
CPUs that should use the linux loader fallback.
Genimage sets the first usable LBA to the offset of the first partition. While
it shouldn't be an issue in theory, Windows may do some nasty things with the
GPT header afterwards which breaks the Raspberry Pi bootloader, manifesting as
Before purpose of this behavior is clarified in [1], add a downstream patch
that sets the first usable LBA back to 34, which was the value that was used
before migrating to Genimage in #3388. Since changing this value (hopefully)
doesn't have any other consequences, and the images now should be closer to
pre-genimage builds, no more side-effects are expected from this change.
[1] https://www.github.com/pengutronix/genimage/issues/262Fixes#3437
Rockchip config fragment had EROFS compression explicitly disabled. Remove that
option and also remove the EROFS one, as it's already set in common config.
Reduce verbosity from deactivated Docker mounts, triggered by the Docker
healthcheck. These messages do not carry any value for us and logs supplied by
users are often spammed mostly with these. Moreover, they sometimes cause
confusion that something is wrong, see for example #3021.
Unfortunately, it's not possible to use LogFilterPatterns= here, because it's
not applied to these messages, as explicitly said in the docs:
Filtering is based on the unit for which LogFilterPatterns= is defined
meaning log messages coming from systemd(1) about the unit are not taken
into account.
runc 1.2.0 supposedly should fix this, but it's unclear when it would be
available, so let's stick to this solution (reducing verbosity from debug to
notice for all units `run-docker-*.mount`) for the time being.
* Use name.sh functions for paths in genimage
Paths for images generated outside of genimage were not used in genimage
definitions. Use them as the single source of truth.
Images generated by genimage itself (e.g. kernel.img) don't need to use those
functions, so remove the unused ones.
* Use EROFS instead of SquashFS for root FS
* Enabled EROFS in common kernel fragment
* RootFS image switched to EROFS with options to get decent compression
* rootfstype removed from kernel command line
* Get size of correct FS image in GH build summary
While not as bad as in 87a6c84, because the grubenv already exists in the
image, RAUC still complains about missing ORDER on the very first boot on
aarch64. Populate the environment in the same way as we do for other GRUB
platforms.
With upgrade path enforced in standard HAOS upgrade procedure, we don't need to
keep some old code anymore. This means that upgrade from some very old HAOS
version (pre-8.0) to HAOS 13+ will fail in the install-check hook but this is
rather desirable.
RAUC currently doesn't know the version of the booted slot when booted for the
first time or after wiping the data partition. As a result `ha os info` is
missing this information too.
As there's no built-in mechanism for generating these data by RAUC itself, add
a oneshot service that checks if the boot slot information is contained in the
rauc.db and if not, then generate it.
RAUC seems to cope quite well even with bogus data contained in rauc.db but in
any case, a test has been added to check that everything works as expected.
On the very first boot, grubenv doesn't exist and loading and saving it
silently fails. However, it is later created by the hassos-persists script and
the missing information are added by grub.cfg on the next boot. As the
consequence, when RAUC tries to get information from grubenv on the first boot,
ORDER variable is missing and the slot is reported as bad.
Fixes#3376
We still face occasional build errors when fetching from the Docker registry
fails and is not retried with the Skopeo's built-in retry mechanism that was
enabled in #1866. This happens on some network failures, or when premature EOF
is returned when fetching the HTTP data. Seems we're not the only ones having
such issues [1].
To workaround this, add a generic retry shell function that simply retries when
the command ends with a non-zero status, no matter what was the actual cause of
the error.
[1] https://www.github.com/containers/common/issues/654
2024-06-13 15:44:11 +02:00
319 changed files with 7273 additions and 6520 deletions
- [Home Assistant Yellow](https://www.home-assistant.io/yellow/) (based custom carrier board and powered by a Raspberry Pi 4 Compute Module)
- [Home Assistant Blue](https://www.home-assistant.io/blue/) (based on ODROID-N2+)
- Raspberry Pi
- Pi 5 ([4 GB](https://www.raspberrypi.com/products/raspberry-pi-5/?variant=raspberry-pi-5-4gb) and [8 GB](https://www.raspberrypi.com/products/raspberry-pi-5/?variant=raspberry-pi-5-8gb) model) 64-bit
- Pi 4 Model B ([1 GB](https://www.raspberrypi.com/products/raspberry-pi-4-model-b/?variant=raspberry-pi-4-model-b-1gb), [2 GB](https://www.raspberrypi.com/products/raspberry-pi-4-model-b/?variant=raspberry-pi-4-model-b-2gb), [4 GB](https://www.raspberrypi.com/products/raspberry-pi-4-model-b/?variant=raspberry-pi-4-model-b-4gb) and [8 GB](https://www.raspberrypi.com/products/raspberry-pi-4-model-b/?variant=raspberry-pi-4-model-b-8gb) model) 32-bit or 64-bit (recommended)
- [Pi 3 Model B](https://www.raspberrypi.com/products/raspberry-pi-3-model-b/) and [B+](https://www.raspberrypi.com/products/raspberry-pi-3-model-b-plus/) 32-bit or 64-bit (recommended)
| Tinker S RK3288| January 2018 | yes | [tinker](../../../buildroot-external/configs/tinker_defconfig) |
| Tinker Edge T | November 2019 | no? | |
| Tinker Edge R | November 2019 | no? | |
## eMMC
eMMC support is provided with the same image. Just flash the image to the eMMC by connecting your Tinker Board S to your PC via Micro-USB. Refer to the Tinkerboard documentation how-to flash using Micro-USB and UMS.
The Home Assistant OS provided U-Boot does support UMS as well,
however manual intervention is necessary:
1. Set the jumper between Micro-USB and HDMI the maskrom mode
2. Insert SD card and connect the board via Micro-USB to your PC
3. Continusly press Ctrl+C to interrupt boot
4. Set the jumper back to the park position
5. Start UMS using:
```
ums 0 mmc 0
```
6. A mass storage device should appear. Flash Home Assistant OS to it.
## Serial console
To access the terminal over serial console, add `console=ttyS2,115200` to `cmdline.txt`. GPIO pins are: 34 = GND / 32 = UART TXD / 33 = UART RXD.
eMMC support is provided transparently. Just flash the image to the eMMC board as you would an SD card.
## Console
By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the AML0 console if you don't plan on using the serial adapter.
eg. `console=ttyAML0,115200n8 console=tty0`
## USB
A long-standing kernel bug currently results in some odd behavior. To use the USB, a device must be plugged into one of the USB ports at hard boot. If all devices are removed from the USB ports, the USB will cease to function until a reboot.
### OTG
The OTG USB is untested.
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-c2/hardware/expansion_connectors).
ODROID-C4 support is based heavily on the Odroid-C2 and N2 configurations. Given the similarity of the SoCs, as well as the comparable level of support in the Linux kernel, the C4 should hopefully present few surprises. However, Home Assistant support should be regarded as experimental.
Please also refer to the documentation pages for the [ODROID-C2](./odroid-c2.md) and [Odroid-N2](./odroid-n2.md), as some of that information may apply to the C4 as well.
Common C4 issues that have been specifically tested and appear to be working:
- boot from SD
- boot from eMMC
- MAC address obtained from eFuse
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-c4/hardware/expansion_connectors).
Home Assistant OS 12 and newer support the ODROID-M1S board.
## SD-card
ODROID-M1S can boot HAOS directly from an SD card, as it has higher priority than the system on the eMMC. Simply flash the image to the SD card using your favorite tool and insert it to the micro SD slot on the board. This works even when the eMMC is wiped, or when it contains the factory-default U-Boot SPL loader, which is still able to load U-Boot provided in the HAOS image. In the second case, however, if the SD card fails to probe (e.g. due to a hardware failure), the system on the eMMC may be booted instead of HAOS.
## eMMC
HAOS can be installed directly to the eMMC using a special boot image, to do that:
1. Download [`ODROID-M1S_EMMC2UMS.img`][1]
2. Use balenaEtcher or another tool to flash the UMS utility onto an SD card.
3. Plug-in that SD card to your ODROID-M1S and boot it. Connect your PC to the Micro USB OTG port.
4. The eMMC will show as a drive on your PC and you can directly flash the HAOS image with balenaEther.
Installing HAOS replaces the firmware and SPL on the eMMC with the mainline version provided by HAOS. As a result, it is not possible to use the SD card with the EMMC2UMS image anymore, because the mainline SPL is not compatible with U-Boot in the EMMC2UMS image at this time (February 2024). This does not pose any problem for standard use, just makes it more complicated in case you want to return to the Hardkernel-provided OS.
A reliable way of reflashing the eMMC in this case is to use HAOS booted from an SD card. To do that, insert the SD card with HAOS to the micro SD slot and plug the board in. Once the device boots to the HA CLI, enter `login` to enter the root shell and use `curl` to download an image and `dd` it to the eMMC block device:
This way the device will start in the UMS mode on the next boot with the SD card removed. Alternatively you can use the [Hardkernel installer image][2] directly instead of the EMMC2UMS image.
## NVMe
Booting directly from NVMe is not supported. The NVMe card can be used as a data disk.
## Technical notes on boot flow
The Home Assistant OS image is bootable by the SoC directly. Refer to the [boot sequence documentation][3] for the details on what part of the boot is executed from the eMMC and what from the SD card. The steps documented above should however cover all scenarios that a standard user may encounter during usage.
## Console
By default, console access is available on the serial header (UART) and on HDMI.
The serial console's baudrate is 1500000 by default.
The systemd startup messages will only appear on the serial console by default.
To show the messages on the HDMI console instead, add the console manually
to the `cmdline.txt` file on the boot partition (e.g. `console=tty0`).
## GPIO
Odroid-M1S introduces a new 14pin expansion header. Refer to [the ODROID wiki][4].
At this point not all functionality is supported by the upstream kernel used by Home Assistant OS.
eMMC support is provided transparently. Just flash the image to the eMMC board as you would an SD card.
## Console
By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the AML0 console if you don't plan on using the serial adapter.
eg. `console=ttyAML0,115200n8 console=tty0`
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-n2/hardware/expansion_connectors).
At this point not all functionality is supported by the upstream kernel used
by Home Assistant OS.
The GPIO on pin 11 is used as a low active power button input.
The ODROID XU4 uses the eMMC boot partition to boot from. Typically eMMC readers can't write to this eMMC boot partition. There are a couple of possibilities:
1.**Working** e.g. the eMMC already had a working image before flashing HassOS:
- It will be booting to U-Boot (but no further).
- If you have the serial adapter, you should be able to enter `distro_bootcmd` at the uboot prompt to continue booting.
- If not, flash the HassOS image to an SD card and boot off that temporarily (while the eMMC is also plugged in).
- Once booted, login at the prompts and then enter `dd if=/dev/mmcblk0 of=/dev/mmcblk0boot0 bs=512 skip=63 seek=62 count=1440` at the linux prompt.
- Reboot with eMMC (don't forget to flip the boot switch to eMMC)
2.**Not Working** e.g. a clean/wiped/corruped eMMC boot partition:
- You'll need to follow [Hardkernel's instructions](https://forum.odroid.com/viewtopic.php?f=53&t=6173) to get a working boot sector. Then flash HassOS and follow instructions above.
- Alternatively, you can try flash HassOS to both an SD and eMMC, then boot off the SD with the eMMC also plugged in, then run `dd if=/dev/mmcblk1 of=/dev/mmcblk0boot0 bs=512 skip=1 seek=0 count=16381` at the Linux prompt. Note that this is untested, but in theory should work..
If you are getting permissions issues when using the dd command, try disabling RO:
`echo 0 > /sys/block/mmcblk0boot0/force_ro`
to re-enable after running dd:
`echo 1 > /sys/block/mmcblk0boot0/force_ro`
## Console
By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the SAC2 console if you don't plan on using the serial adapter.
eg. `console=tty1 console=ttySAC2,115200`
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-xu4/hardware/expansion_connectors).
Currently we only publish a VMDK virtual disk due to issues with our previous OVA distribution. We are investigating our options to bring back the OVA distribution, however, the VMDK works for the hypervisors listed above.
## Requirements
Using this VMDK in a virtual machine requires the following:
- Operating system: Other 4.x or later Linux (64-bit)
For access to terminal over serial console, add `console=ttyAMA0,115200` to `cmdline.txt` and `enable_uart=1`, `dtoverlay=pi3-disable-bt` into `config.txt`. GPIO pins are: 6 = GND / 8 = UART TXD / 10 = UART RXD.
## I2C
Add `dtparam=i2c1=on` and `dtparam=i2c_arm=on` to `config.txt`. After that we create a module file on host with [config usb stick][config] or direct into `/etc/modules-load.d`.
rpi-i2c.conf:
```
i2c-dev
i2c-bcm2708
```
## USB Boot
USB mass storage boot is available on Raspberry Pi 4 (64-bit only), 3B, 3B+, 3A+, and 2B v1.2.
For Raspberry 3B, 3A+ and 2B v1.2, to enable USB boot, add `program_usb_boot_mode=1` into `config.txt`. Note that this **permanently** alters the one-time programmable memory of the device.
For Raspberry 4
* Make sure to update the bootloader to a stable release supporting USB mass storage boot (see [bcm2711_bootloader_config.md](https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2711_bootloader_config.md#usbmassstorageboot)).
* If no SD card is used add `sd_poll_once=on` to `dtparam` in `config.txt` (comma separated). This gets rid of `mmc0: timeout waiting for hardware interrupt` kernel errors.
* If install still fails, then your SSD likely needs quirks enabled to work correctly (see [Finding the VID and PID of your USB SSD](https://www.raspberrypi.org/forums/viewtopic.php?t=245931)). Once you find your adapter's ID, add the quirks parameter in `cmdline.txt`.
For more information see [RaspberryPi](https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/msd.md).
### Caveats
* All bootable SD cards must be removed.
* Boot time can be significantly longer with USB. This is due to the boot process first attempting to boot from SD card, failing, and resorting to USB.
* Many USB drives simply do not work for boot. This is likely due to minimal driver support in uboot and will not be fixed. If you can't get it to boot on one drive, try a different brand/model. SanDisk Cruzer drives seem to have a higher rate of issues.
## Tweaks
If you don't need bluetooth, disabled it with add `dtoverlay=pi3-disable-bt` into `config.txt`.
You can use an USB drive with HassOS to configure network options, SSH access to the host and to install updates.
Format a USB stick with FAT32/EXT4/NTFS and name it `CONFIG` (in all capitals). Alternative you can create a `CONFIG` folder inside the `boot` partition. Use the following directory structure within the USB drive:
```text
network/
modules/
modprobe/
udev/
authorized_keys
timesyncd.conf
hassos-xy.raucb
```
- The `network` folder can contain any kind of NetworkManager connection files. For more information see [Network][network.md].
- The `modules` folder is for modules-load configuration files.
- The `modprobe` folder is for modules configuration files (/etc/modprobe.d)
- The `udev` folder is for udev rules files.
- The `authorized_keys` file activates debug SSH access on port `22222`. See [Debugging Home Assistant][debug-homeassistant].
- The `timesyncd.conf` file allow you to set different NTP servers. HassOS won't boot without correct working time servers!
- The `hassos-*.raucb` file is a firmware OTA update which will be installed. These can be found on on the [release][hassos-release] page.
Text files that are on USB stick must have Unix (LF) end of line characters. If you create USB stick on Windows machine, be sure to use Notepad++, Visual Studio Code or any other editor, that supports different line endings. In Notepad++ LF EOL can be enabled with setting `Edit -> EOL Conversion -> Unix (LF)`.
You can put this USB stick into the device and it will be read on startup and files written to the correct places. You can also trigger this process later using `ha os import` from the CLI or by calling `systemctl restart hassos-config` on the OS shell. *The USB Stick just needs to be inserted to the device during this setup process and can be removed afterwards.*
## Local
### Bootargs
You can edit or create a `cmdline.txt` in your boot partition. That will be read from the bootloader.
### Kernel-Module
The kernel module folder `/etc/modules-load.d` is persistent and you can add your configuration files there. See [Systemd modules load][systemd-modules]. You can add the modules configuration files in `/etc/modprobe.d` that is also persistent.
### Udev rules
The udev rules folder `/etc/udev/rules.d` is persistent and you can add your configuration files there.
### Network
You can manual add, edit or remove connections configurations from `/etc/NetworkManager/system-connections`.
### NTP
You can manual edit the systemd timesync file on `/etc/systemd/timesyncd.conf`.
Home Assistant Operating System uses NetworkManager to control the host network.
## Configure network
By default the device will be in DHCP state.
Basic network settings can be set through the Supervisor frontend in the System
tab. Advanced configurations such as VLAN are also available through the
`ha network` CLI command.
To restore the default configuration the `ha network` CLI command can be used as
well:
```
ha network update default --ipv4-method auto
```
If more advanced network settings are required network connection files can be
placed on a USB drive and imported to the host as described in
[Configuration][configuration-usb].
## Manual Network Configuration
If the frontend or `ha network` CLI cannot meet your use case, it is still
possible to configure the underlying NetworkManager manually.
You can read the [NetworkManager manual][nm-manual] or find many configuration
examples across the internet. Note that changes to `NetworkManager.conf` are
not supported currently, only connection keyfiles are supported. Keep in mind
that the system is read-only. If you don't want the IP address to change on
every boot, you should modify the UUID property to a generic [UUID4][uuid].
Inside the `\CONFIG\network\` directory on the USB drive or SD card, create a
file called `my-network` and add the appropriate contents below:
**NOTE: Please make sure to save this file with UNIX line endings (LF, and not Windows' default CRLF endings). You can do this using Notepad these days!**
### Default
A preinstalled connection profile for wired network is active by default:
```ini
[connection]
id=Home Assistant OS default
uuid=f62bf7c2-e565-49ff-bbfc-a4cf791e6add
type=802-3-ethernet
llmnr=2
mdns=2
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
```
### Wired connection to the LAN
```ini
[connection]
id=my-network
uuid=d55162b4-6152-4310-9312-8f4c54d86afa
type=802-3-ethernet
llmnr=2
mdns=2
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
```
### Wireless LAN WPA/PSK
```ini
[connection]
id=my-network
uuid=72111c67-4a5d-4d5c-925e-f8ee26efb3c3
type=802-11-wireless
[802-11-wireless]
mode=infrastructure
ssid=MY_SSID
# Uncomment below if your SSID is not broadcasted
#hidden=true
[802-11-wireless-security]
auth-alg=open
key-mgmt=wpa-psk
psk=MY_WLAN_SECRET_KEY
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
```
### Static IP
Replace the following configuration:
```ini
[ipv4]
method=manual
address=192.168.1.111/24;192.168.1.1
dns=8.8.8.8;8.8.4.4;
```
For `address`, the value before the semicolon is the IP address and subnet prefix bitlength. The second value (after the semicolon) is the IP address of the local gateway.
## Tips
### Reset network
If you want to reset the network configuration back to the default connection
profile using DHCP, use the following commands on the host console:
Home Assistant OS will recreate the default connection profile during boot.
### Enabling Wi-Fi
Wi-Fi is discouraged for reliability reasons. However, if you still prefer to use Wi-Fi, you can us the `ha network` command to set up Wi-Fi (example for a Raspberry Pi 4, check `ha network info` to check if your board supports Wi-Fi and the name of the Wi-Fi device):
```bash
ha network update wlan0 --ipv4-method auto --wifi-auth wpa-psk --wifi-mode infrastructure --wifi-ssid "MY-SSID" --wifi-psk MY_PASS
````
### Powersave
If you have trouble with powersave then apply the following changes:
```ini
[wifi]
# Values are 0 (use default), 1 (ignore/don't touch), 2 (disable) or 3 (enable).
powersave=0
```
## Using `nmcli` to set a static IPv4 address
Log into the the Home Assistant OS base system via a console:
```bash
Welcome to Home Assistant
homeassistant login:
```
- Login as `root` (no password needed). At the `ha >` prompt, type `login` (as instructed).
From there you use the `nmcli` configuration tool.
-`# nmcli con show` will list the "Home Assistant OS default" connection in use.
-`# nmcli con show "Home Assistant OS default"` will list all the properties of the connection.
To start editing the configuration setting for "Home Assistant OS default":
```bash
# nmcli con edit "Home Assistant OS default"
```
To add your static IP address (select 'yes' for manual method);
```bash
nmcli> set ipv4.addresses 192.168.100.10/24
Do you also want to set'ipv4.method' to 'manual'? [yes]:
```
In addition, it's recommended to set the DNS server and the local gateway. For most home routers the DNS server will have the same IP address as the router itself. If you are using Pi-Hole or a third-party DNS system then you can set the DNS server to that.
```bash
nmcli> set ipv4.dns 192.168.100.1
nmcli> set ipv4.gateway 192.168.100.1
```
`nmcli> print ipv4` will show you the IPv4 properties of this connection. With `nmcli> save` you will save the changes afterwards.
If you now view the default connection `cat /etc/NetworkManager/system-connections/default` you should see the method is manual and the address is set.
Doing a `nmcli con reload` does not always work, so restart the virtual machine or the physical system.
@@ -4,6 +4,8 @@ Home Assistant Operating System (formerly HassOS) is a Linux based operating sys
Home Assistant Operating System uses Docker as its container engine. By default it deploys the Home Assistant Supervisor as a container. Home Assistant Supervisor in turn uses the Docker container engine to control Home Assistant Core and Add-Ons in separate containers. Home Assistant Operating System is **not** based on a regular Linux distribution like Ubuntu. It is built using [Buildroot](https://buildroot.org/) and it is optimized to run Home Assistant. It targets single board compute (SBC) devices like the Raspberry Pi or ODROID but also supports x86-64 systems with UEFI.
[](https://www.openhomefoundation.org/)
## Features
- Lightweight and memory-efficient
@@ -14,14 +16,10 @@ Home Assistant Operating System uses Docker as its container engine. By default
## Supported hardware
- Nabu Casa
- Raspberry Pi
- Hardkernel ODROID
- Asus Tinker Board
- Generic x86-64 (e.g. Intel NUC)
- Virtual appliances
The list of supported hardware is defined by [ADR-0015](https://github.com/home-assistant/architecture/blob/master/adr/0015-home-assistant-os.md).
Every new hardware addition must meet at least requirements defined in [ADR-0017](https://github.com/home-assistant/architecture/blob/master/adr/0017-hardware-screening-os.md) and pass through an architecture design proposal.
See the full list and specific models [here](./Documentation/boards/README.md)
For documentation explaining details of the individual supported boards, see [Board support](https://developers.home-assistant.io/docs/operating-system/boards/overview) section of the Home Assistant Developer Docs.
## Getting Started
@@ -38,7 +36,7 @@ The Home Assistant Operating System documentation can be found on the [Home Assi
### Components
- **Bootloader:**
- [Barebox](https://barebox.org/) for devices that support UEFI
- [GRUB](https://www.gnu.org/software/grub/) for devices that support UEFI
- [U-Boot](https://www.denx.de/wiki/U-Boot) for devices that don't support UEFI
part number ${devtype} ${devnum} hassos-boot boot_partnum
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.