The deprecated-key-path option is no longer handled, but it doesn't cause
problems because the key is explicitly ignored. It was completely removed in
Docker 19.03.0 [1].
As such, the option and the pre-start script to fix the corrupted key.json can
be removed now, as it has no effect, only printing confusing message when
Docker service fails to start.
[1] 98fc09128b
Use the version used in the docker-engine package to ensure it stays in sync.
Although we haven't seen any issues related to the fact it was sometimes
mismatching, reduce the burden of needing it to be synced manually.
This might be required for some modern Intel processors (Meteor Lake and newer)
which fail to boot Linux kernel without x2APIC controller when some features
(e.g. VT-d or x2APIC itself) are enabled in the BIOS.
Enable it also for OVA, as it can be emulated in virtual machines, even when
the host CPU does not support it.
Fixes#4337, fixes#4144, fixes#4345
The CPUfreq governor "powersave" sets the CPU statically to the lowest
frequency within the borders of scaling_min_freq and scaling_max_freq.
This can be useful if a particular power budget should not ever be
crossed. Can be set using `cpufreq.default_governor=powersave`. Note
that this obviously affects performance.
* Improve UX of HA CLI wrapper and emergency console
For many users, the emergency console gives feeling that the system is
completely broken. However, there are various cases when the system just takes
just a bit longer to start up and the emergency message is shown, while it
finishes a proper startup shortly after. This change tries to improve the UX in
several ways:
* The limit before a forced emergency console startup is changed to 3 minutes
* Waiting can be interrupted with Ctrl+C (reset counter is cleared then)
* Some hints what to check have been added before starting the shell
* Also, because if the HA CLI failed for 5 times in a row in quick succession,
the CLI startup was then not retried anymore and user may have been left with
a black screen, the restart limits timeouts have been adjusted only to back
off and never mark the unit as failed
Closes#4273
* Use /bin/sh and printf to silence linter errors
RaspberryMatic was renamed to OpenCCU in
https://github.com/OpenCCU/OpenCCU/pull/3162. This caused change of the name of
the directory in the source tarball, causing build failure when the archive
wasn't cached.
The extra information printed when using the top-level makefile can clutter the
output when it needs to be further processed, e.g. when running
`make show-info | jq`. Make it respect the --silent flag (which also suppresses
messages about changing directories which would break parsing as well).
Use the --cidfile Docker CLI argument when starting the container and
bind-mount the generated file containing full ID of the container to the
container itself.
Using --mount instead of --volume is needed, as --volume is racy and creates
empty directory volume at the destination path instead.
This is prerequisite for home-assistant/supervisor#6006 but can come handy for
other cases too.
Upstream commit [1] caused regression in IPv4 routing which can cause some
routes becoming broadcast even though they should be routed as unicast, e.g.:
# ip route get 1.1.1.1
broadcast 1.1.1.1 via 192.168.122.1 dev enp0s3 src 192.168.122.204 uid 0
cache <local,brd>
It's not entirely clear yet why it happens but this behavior seems to be
triggered for instance when the SSDP integration sends the broadcast packet on
HA startup. While this behavior is not described in the regression report [1],
the commit cherry-picked from Linux master fixes the problems for us as well.
Patches moved to version-specific folder, as this one shouldn't be applied on
Raspberry Pi targets.
[1] https://lore.kernel.org/all/20250710142714.12986-1-oscmaes92@gmail.com/
[2] https://lore.kernel.org/stable/20250822165231.4353-4-bacs@librecast.net/Fixes#4265
(cherry picked from commit 78bda4bd10)
Upstream commit [1] caused regression in IPv4 routing which can cause some
routes becoming broadcast even though they should be routed as unicast, e.g.:
# ip route get 1.1.1.1
broadcast 1.1.1.1 via 192.168.122.1 dev enp0s3 src 192.168.122.204 uid 0
cache <local,brd>
It's not entirely clear yet why it happens but this behavior seems to be
triggered for instance when the SSDP integration sends the broadcast packet on
HA startup. While this behavior is not described in the regression report [1],
the commit cherry-picked from Linux master fixes the problems for us as well.
Patches moved to version-specific folder, as this one shouldn't be applied on
Raspberry Pi targets.
[1] https://lore.kernel.org/all/20250710142714.12986-1-oscmaes92@gmail.com/
[2] https://lore.kernel.org/stable/20250822165231.4353-4-bacs@librecast.net/Fixes#4265
Revert patch added to 6.12.43 which breaks the build of CAN_TI_HECC module
present in Tinker config. While it's quite unlikely anyone would be using it,
so we could just simply disable the module, this seems to be a better solution.
This reverts commit 22fe9b19ee.
There are major issues when OS has no internet connectivity - in such case the
script doesn't go the expected happy path after the rework and eventually
removes the Docker image, essentially bricking offline installations.
Since there is no immediate benefit for HAOS and such change turns out to be
high risk considering the planned release, leave it to be implemented later.
Update the buildroot submodule to include:
- BlueZ 5.83 (from 5.79)
- Patch to fix device removal on LE connection abort (upstream PR #1521)
This fixes Bluetooth stability issues where devices get removed from D-Bus
during connection retries, preventing reconnection attempts.
Fixes: https://github.com/bluez/bluez/issues/1489
This knob controls whether Linux throws away its congestion
window (cwnd) after a connection has been idle for at least one
retransmission timeout (RTO). With a value of 0, Linux keeps the
cwnd it had before the idle period and can send that amount
immediately when the application resumes writing (still bounded
by the receiver's advertised window and by pacing).
With slow start after idle enabled (the default), Linux allows
only about 10 MSS (~14 KiB) in the first burst after idle. Even
when a connection stays open to web clients, a short idle forces
multiple round trips to ramp back up.
On Wi-Fi, local connections often have very low RTTs, which drives
the RTO down. Between page navigations the connection is considered
idle by Linux. If the next request happens during a transient
latency spike on the Wi-Fi link, the sender starts with a tiny
cwnd and must grow it over many RTTs, so the spike causes outsized
and visible loading delays.
For devices behind typical Internet uplinks, the higher RTT makes
the initial ramp-up feel even slower until the window regains size.
However, here the connection does take longer to drop to idle, for
Linux standards. So the connection is less likely to be considered
idle between navigations.
This change does not affect flows with very small receive windows
(e.g. many microcontrollers), which are limited by the peer's
advertised window rather than the sender's cwnd.
Example RTOs on low jitter, low loss connections:
Defaults:
TCP_RTO_MIN = 200 ms
TCP_RTO_MAX = 120 s
low-jitter path so rttvar_us = 200 ms
HZ = 1000 or 250 or 100 (depending on the kernel settings)
*31 ms average RTT*
- SRTT ≈ 31 ms; RTTVAR ≈ 200 ms → Sum = 231 ms
- 'usecs_to_jiffies(231000)' = 231 jiffies (HZ 1000) -> RTO ≈ 231 ms
- If 'HZ = 250' (4 ms tick), ceil(231/4)=58 jiffies -> 232 ms RTO
- If 'HZ = 100' (10 ms tick), ceil(231/10)=23 jiffies -> 240 ms RTO
*178 ms average RTT*
- HZ=1000 (1 ms tick): 378 ms RTO
- HZ=250 (4 ms tick): ceil(378/4)=95 -> 380 ms RTO
- HZ=100 (10 ms tick): ceil(378/10)=38 -> 380 ms RTO
*292 ms average RTT*
- HZ=1000 (1 ms tick): 492 ms RTO
- HZ=250 (4 ms tick): ceil(492/4)=123 -> 492 ms RTO
- HZ=100 (10 ms tick): ceil(492/10)=50 -> 500 ms RTO
Any loss or jitter will increase those RTO values.
Set net.ipv4.tcp_thin_linear_timeouts=1 to switch retransmission
timeout (RTO) backoff from exponential to linear for 'thin' TCP flows.
This reduces tail latency for API-style connections that typically have
very few packets in flight, improving recovery from sporadic loss without
changing anything for larger TCP transfers.
Kernel definition: A flow is considered thin when 'tp->packets_out < 4'
and while not in the initial slow start.
See tcp_stream_is_thin(tp) in include/net/tcp.h.
Increase the BlueZ temporary device timeout from the default 30s to 195s.
This prevents devices from being removed from D-Bus during connection
retries, especially when multiple connection attempts are queued.
The 195s timeout aligns with Home Assistant's Bluetooth stack behavior
for ESPHome proxies and prevents the 'device removal spiral' that occurs
when devices timeout during sequential connection attempts.
Add list of hassio components from version.json that are built-in in the data
partition to the GH step summary. For landingpage, get the latest stable
release at the time of the build, as it's what should be published as
homeassistant:landingpage by that time.
Closes#4242
Currently when we run a build with limited set of boards that doesn't include
OVA, the test job fails because the OVA artifact is missing. Add a checkbox for
running tests and ensure that OVA artifact is built if it's enabled.
* Fix scripts/enter.sh so it is usable on macOS
Also, stop requiring `sudo` for actions that do not need it
Tested by building generic_x86_64 target on a macOS machine
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
* Update scripts/enter.sh
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
---------
Signed-off-by: Marat Radchenko <marat@slonopotamus.org>
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
Before update to Buildroot 2025.02, the overlays directory on Yellow was
created by rpi-firmware in a condition added confusingly in firmware bump [1].
However, this got lost during Buildroot update, and since Yellow doesn't copy
overlays from the rpi-firmware repo, the directory was never created and the
rpi-rf-mod.dtbo couldn't be copied there in pre-image build hook.
To make things more robust, create the overlays directory for rpi targets
conditionally in the hook instead of relying on rpi-firmware to create it.
[1] f1af1a0bf7Fixes#4233
* Enable publishing of dev builds to R2 without bumping version
We currently can only use Github artifacts for on-demand builds from feature
branches. However, downloading of these requires authentication and it's tricky
to update a device if we need feedback from user testing. On the other hand, we
never want to publish to the dev channel from anything else than from the dev
branch. Restrict version bump to builds from release channels or from the dev
branch only.
* Use YYYYMMDD dev suffix only for published dev branch
For feature builds, or for builds that should not be published, use timestamp
suffix instead of YYYYMMDD. That way feature builds won't collide with dev
releases.
Raspberry Pi Linux update to 6.12.34 broken some USB devices, mostly USB-Serial
converters connected to Yellow, but there are reports of some other peripherals
connected to RPi boards too.
This is a known RPi upstream issue [1] fixed by a PR [2] that's not been merged
to RPi stable kernel yet. Applying patches from this PR fixes the issues.
Fixes#4228, refs #4229
[1] https://github.com/raspberrypi/linux/issues/6941
[2] https://github.com/raspberrypi/linux/issues/6936
To make system timezone configurable, we need to have /etc/localtime
writable, and it must be possible to atomically create a symlink from
this place, which means the whole parent folder must be writable. We
don't have /etc writable and can't use the usual bind mount for this.
Latest Systemd v258 has patch that allows setting an environment
variable that sets where the localtime should be written. This can be
persisted in the overlay partition, with a symlink from /etc/localtime
leading there, finally pointing to the actual zoneinfo file. If the
symlink doesn't exist, create it by hassos-overlay script (it's not
really needed as UTC is the default, but Systemd does the same if you
change from non-UTC timezone back to UTC).
Also disable BR2_TARGET_LOCALTIME, so /etc/localtime and /etc/timezone
(the latter is only informative and non-standard) are not written by the
tzdata package build.
* Migrate docs to developers.home-assistant.io
Move all documentation (except the kernel.md, for which it makes sense to be
kept here) to developers.home-assistant.io.
Just bluetooth.md was intentionally not preserved, as the information value was
low and it was out of date anyway.
See home-assistant/developers.home-assistant#2748
* Fix reference links
* Prevent root from running the enter.sh helper script
Since configure doesn't like being ran as root, check in the enter.sh script
that the user running it is not UID/GID 0. The script itself takes care of
running what needs to be executed privileged with explicit sudo commands.
Fixes#4214
* Reword the error message
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Fix rpi-eeprom-update when device boots from NVMe
The boot partition detection doesn't work correctly if the device boots from
NVMe. Also the mounting step is unnecessary in HAOS as we can assume the boot
partition to be always mounted.
Fix the issues by modifying the bootfs detection logic to always use /mnt/boot.
However, still fail in case when flashrom can't be used (usually on CM4). On
CM5, or on Pi 5 booted from NVMe, update process works without further changes
because the firmware can be flashed directly from the running system using
flashrom.
Fixes#4157
* Fix typo in patch commit message
Update genimage so the images are not mangled (by the primary GPT relocated)
when flashed from Windows. Otherwise, boot media flashed from Windows isn't
compatible with bootloader older than 2024-10-10.
This is a regression of #3437. The Buildroot update in #4027 updated genimage
to v18, yet the downstream patch that was later replaced by a different one in
upstream was not merged to that version yet and the patch was incorrectly
removed. In v19 there's another fix in the offset calculation logic that sets
the first usable LBA again to a value that prevents Windows from mangling the
image.
* buildroot 01604756d2...141bf1f9fa (1):
> package/genimage: bump version to 19
Fixes#4160
* buildroot 9366ce5635...01604756d2 (3):
> package/docker-cli: bump version to v28.3.3
> package/docker-engine: bump version to v28.3.3
> package/containerd: bump version to v2.1.4
When follow request for logs is issued that points to/beyond the end of logs, a
busy loop in systemd-journal-gatewayd can be triggered which manifests as
systemd-journal-gatewayd consuming 100% CPU. Since threads are used for each
request, the logs may still work but the CPU will be hogged until the restart
of systemd-journal-gatewayd, Supervisor, or the whole system.
Backport the patch submitted upstream that addresses this issue.
Fixes#4190
As there is VirtualBox available for aarch64 on Apple Macs, provide OS images
also in the native VirtualBox format, which also grants the ability to resize
existing disk images, unlike VMDK.
Fixes#4171 & fixes#4172
Enable option for the netfilter NETMAP target, as it can be useful for some
users. Until now it's been enabled only for some targets as an option coming
from upstream defconfigs; make sure it's available for all targets.
Fixes#4183
The ip6tables configuration is now enabled by default since Docker 27
(see https://github.com/moby/moby/pull/47747). The experimental config
got introduced with the ip6tables flag in #2051. There is no other
experimental feature used from what I am aware of, so lets remove the
experimental flag as well.
Unbind the Bluetooth driver for Broadcom HCI module before the bluetooth
service starts if running on board without WiFi module. This is a replacement
for #2948 but using a more targeted approach for removing the particular driver
and better detection of no-WiFi (thus no-Bluetooth) models.
This still means the driver will be probed and couple of lines printed when it
fails to set baudrate and reset the module, yet this should be benign, at least
the all-zero MAC device no longers appears in Bluetooth stack.
(cherry picked from commit aff1f81817)
Backport patch for traces appearing since v4.21.0 bump, introduced in #4095.
This change is not available in any newer tagged release of the driver and the
commit message upstream is messed up, hence the reworded patch.
(cherry picked from commit 286f5a66ca)
Make sure that all LAN drivers used on Raspberry Pi boards are built-in.
Although they are defined as such in the base defconfig, we change them to
modules in device support includes. For simplicity and keeping kernel config
close to the RPi OS config, change them all to built-in in the main RPi include
for all RPi targets.
This is not only a formal change - at least one regression is known if the PHY
driver on RPi 5 is not built-in and MAC driver is - in that case the PHY hooked
up to the RP1 isn't initialized properly, and it is reported as "Generic PHY"
instead, e.g. breaking the control of LEDs through dtparams. Relevant dmesg log
before the change:
macb 1f00100000.ethernet end0: PHY [1f00100000.ethernet-ffffffff:01] driver [Generic PHY] (irq=POLL)
And after the change:
macb 1f00100000.ethernet eth0: PHY [1f00100000.ethernet-ffffffff:01] driver [Broadcom BCM54213PE] (irq=POLL)
Fixes#3333
(cherry picked from commit a338b67144)
Update Docker and related services to latest versions.
* buildroot 758ae477cd...9366ce5635 (6):
> package/runc: bump version to v1.3.0
> package/containerd: bump version to v2.1.3
> package/docker-cli: bump version to v28.3.0
> package/docker-engine: bump version to v28.3.0
> package/docker-cli: Fix go module version information
> package/docker-engine: Fix go module version information
(cherry picked from commit bc484f6409)
Bind-mount Systemd Journal socket to the Supervisor container. This way
Supervisor can use the socket directly for writing log entries using the
Systemd native Journal protocol [1] instead of logging to stderr of the
container.
[1] https://systemd.io/JOURNAL_NATIVE_PROTOCOL/
(cherry picked from commit dffbe89147)
This reverts commit eab18076ad.
This change was added in #2948 as a workaround for all-zero adapter appearing
in the HA frontend (#2944). With changes implemented in [1], this is no longer
needed, the only minor issue is that the ghost adapter still appears in
hciconfig (and other utilities') output as reported in [2]. However, this
should be less problematic than the Bluetooth being unavailable if WiFi is
disabled through disable-wifi DT overlay, so let's start with removing the
workaround.
Fixes#2975
[1] https://github.com/Bluetooth-Devices/bluetooth-adapters/pull/105
[2] https://github.com/raspberrypi/linux/issues/5756
(cherry picked from commit 17ae2d4741)
The tests that are involving reboots are flaky and fail when waiting for the
command to return or when waiting for a new login prompt. To mitigate this, do
not use run_check, as it needs the shell prompt to reappear, and instead use
sendline and wait up to a minute for the GRUB message.
(cherry picked from commit 9803f5fb4f)
Unbind the Bluetooth driver for Broadcom HCI module before the bluetooth
service starts if running on board without WiFi module. This is a replacement
for #2948 but using a more targeted approach for removing the particular driver
and better detection of no-WiFi (thus no-Bluetooth) models.
This still means the driver will be probed and couple of lines printed when it
fails to set baudrate and reset the module, yet this should be benign, at least
the all-zero MAC device no longers appears in Bluetooth stack.
Backport patch for traces appearing since v4.21.0 bump, introduced in #4095.
This change is not available in any newer tagged release of the driver and the
commit message upstream is messed up, hence the reworded patch.
Make sure that all LAN drivers used on Raspberry Pi boards are built-in.
Although they are defined as such in the base defconfig, we change them to
modules in device support includes. For simplicity and keeping kernel config
close to the RPi OS config, change them all to built-in in the main RPi include
for all RPi targets.
This is not only a formal change - at least one regression is known if the PHY
driver on RPi 5 is not built-in and MAC driver is - in that case the PHY hooked
up to the RP1 isn't initialized properly, and it is reported as "Generic PHY"
instead, e.g. breaking the control of LEDs through dtparams. Relevant dmesg log
before the change:
macb 1f00100000.ethernet end0: PHY [1f00100000.ethernet-ffffffff:01] driver [Generic PHY] (irq=POLL)
And after the change:
macb 1f00100000.ethernet eth0: PHY [1f00100000.ethernet-ffffffff:01] driver [Broadcom BCM54213PE] (irq=POLL)
Fixes#3333
Update Docker and related services to latest versions.
* buildroot 758ae477cd...9366ce5635 (6):
> package/runc: bump version to v1.3.0
> package/containerd: bump version to v2.1.3
> package/docker-cli: bump version to v28.3.0
> package/docker-engine: bump version to v28.3.0
> package/docker-cli: Fix go module version information
> package/docker-engine: Fix go module version information
Bind-mount Systemd Journal socket to the Supervisor container. This way
Supervisor can use the socket directly for writing log entries using the
Systemd native Journal protocol [1] instead of logging to stderr of the
container.
[1] https://systemd.io/JOURNAL_NATIVE_PROTOCOL/
This reverts commit eab18076ad.
This change was added in #2948 as a workaround for all-zero adapter appearing
in the HA frontend (#2944). With changes implemented in [1], this is no longer
needed, the only minor issue is that the ghost adapter still appears in
hciconfig (and other utilities') output as reported in [2]. However, this
should be less problematic than the Bluetooth being unavailable if WiFi is
disabled through disable-wifi DT overlay, so let's start with removing the
workaround.
Fixes#2975
[1] https://github.com/Bluetooth-Devices/bluetooth-adapters/pull/105
[2] https://github.com/raspberrypi/linux/issues/5756
The tests that are involving reboots are flaky and fail when waiting for the
command to return or when waiting for a new login prompt. To mitigate this, do
not use run_check, as it needs the shell prompt to reappear, and instead use
sendline and wait up to a minute for the GRUB message.
When following logs in Home Assitant frontend, the last line may be duplicated
over time when no new lines are added. This is because systemd-journal-gatewayd
incorrectly processed the num_skip part of the Range header, always returning
the last entry even when it should have been skipped.
Backport the patch for Systemd that processes the header correctly.
Fixes#4101
(cherry picked from commit 4a4da64f31)
* Bump buildroot to update package/pigz
* Enable parallel gzip for faster Docker pulls
Docker checks if unpigz is available, and if so uses it to unpack
container layers with multiple CPU cores. This should make Docker pulls
faster, especially on lower end hardware.
(cherry picked from commit 42a5e6becb)
Enable Intel NIC support only in the PCI include fragment and keep VF-related
options enabled only in the OVA config.
Refs #4021
(cherry picked from commit b25fce69b6)
Add timeout to expect call when waiting for the OS reboot after
switching slots. While it never fails for me locally, it regularly
breaks tests in GHA.
(cherry picked from commit 98a7a55df6)
Since update to Systemd v256.x the Range header requires the num_entries part
and fails if it's not provided, which we worked around by [1]. With this patch
that was already accepted upstream, the workaround shouldn't be necessary
anymore.
[1] https://github.com/home-assistant/supervisor/pull/5827
(cherry picked from commit f5efac66a0)
Add test that OS update works - use the whole stack using CLI to update to the
latest stable version (unless executed manually on the latest stable release,
this version should never be the same as the currently tested one).
With this test in place, we can also test command for switching the slots, so
add an extra test for that too.
Fixes#4103
(cherry picked from commit 90d36147f7)
Add driver for Marvell PHYs, such as 88E1543(4L) on an ASRock C3758D4I-4L
board. Adding it to x86 config only, as it seems it's not widely used anywhere
else.
Fixes#4025
(cherry picked from commit 6f854b67b0)
When following logs in Home Assitant frontend, the last line may be duplicated
over time when no new lines are added. This is because systemd-journal-gatewayd
incorrectly processed the num_skip part of the Range header, always returning
the last entry even when it should have been skipped.
Backport the patch for Systemd that processes the header correctly.
Fixes#4101
* Bump buildroot to update package/pigz
* Enable parallel gzip for faster Docker pulls
Docker checks if unpigz is available, and if so uses it to unpack
container layers with multiple CPU cores. This should make Docker pulls
faster, especially on lower end hardware.
Add timeout to expect call when waiting for the OS reboot after
switching slots. While it never fails for me locally, it regularly
breaks tests in GHA.
Since update to Systemd v256.x the Range header requires the num_entries part
and fails if it's not provided, which we worked around by [1]. With this patch
that was already accepted upstream, the workaround shouldn't be necessary
anymore.
[1] https://github.com/home-assistant/supervisor/pull/5827
Add test that OS update works - use the whole stack using CLI to update to the
latest stable version (unless executed manually on the latest stable release,
this version should never be the same as the currently tested one).
With this test in place, we can also test command for switching the slots, so
add an extra test for that too.
Fixes#4103
Add driver for Marvell PHYs, such as 88E1543(4L) on an ASRock C3758D4I-4L
board. Adding it to x86 config only, as it seems it's not widely used anywhere
else.
Fixes#4025
Bump Hailo stuff to the latest version. While this is a breaking change for
add-ons depending on the driver, the most commonly used one (i.e. Frigate)
didn't bump to v4.20.1 on their stable channel either, so it shouldn't have
significant impact. We agreed with @blakeblackshear that once HAOS bumps the
Hailo driver in HAOS 16, Frigate will follow.
Backport /boots endpoint for Systemd so we can use it in Supervisor to get the
actual list of boots. Should be available upstream since Systemd v258, for v256
minor tweaks were needed.
When creating OVA image, the CPU is slacking at the end of the build because it
is creating three ZIP archives, each one on a single CPU only. As we're
creating only single-entry archives, we can use pigz to use all cores.
The actual speedup on my machine (16C/32T) reflects the number of cores - it
takes around 2 seconds instead of 1 minute.
Since
127c420335
change in package/systemd, this option is patched by systemd build because
userspace FW loading has never been supported with Systemd. This should have no
runtime effect, just clear the warning about disabled option.
Fix build job to write config option for channel switching from #4043 to the
actual config. As it was written to .config in the top-level build directory,
it was never correctly applied.
* package/vcgencmd: add tool for RPi VideoCore commands
This tool is used by rpi-eeprom-update and is fairly lightweight binary without
dependencies. Use it as-is from raspberry/utils repo.
* package/rpi-eeprom: change package to install EEPROM userspace scripts
* configs: enable rpi-eeprom for rpi4, rpi4-64, rpi5-64 and yellow
On Pi5 and Yellow also enable flashrom so the firmware can be installed
directly without recovery being involved. On Yellow/CM4 this can't be done
without config.txt changes though (SPI and pinmuxing needs to be enabled) but
the image is shared there and users may eventually use the tools if they want,
so install BCM2711 on Yellow too. The "officially recommended" method is
rpiboot though, which is also documented in Yellow docs.
Because we use custom compatible strings in Yellow DTS's, the firmware loader
first attempts to load a firmware with this compatible in its name. Because it
doesn't exists, it shows error like this one before falling back to a more
generic one:
brcmfmac mmc1:0001:1: Direct firmware load for brcm/brcmfmac43455-sdio.raspberrypi,5-compute-module-ha-yellow.bin failed with error -2
While these errors are mostly harmless, add symlinks with our compatible in the
name to suppress them. Instead of patching upstream
package/brcmfmac_sdio-firmware-rpi which installs the firmware files, add them
to yellow overlay to make maintenance easier.
Latest RPi firmware package contains module options that supposedly improve
stability, with details described in [1].
Since the feature_disable mask also disables the dump_obss feature, this change
would also mitigate `brcmf_set_channel: set chanspec ... fail` messages still
seen in some environments even after #3719.
Fixes#3367
[1] 2788cb549a
Update to latest binary of 43455 firmware and add missing symlinks which
suppress warnings/file not found errors when loading the firmware on CM5.
* buildroot 50fcf58bfa...62bf5c5af5 (2):
> package/brcmfmac_sdio-firmware-rpi: add CM5/Pi 500 symlinks to 43455 FW
> package/brcmfmac_sdio-firmware-rpi: bump version to 4eec7f2
* Fix U-Boot config to access all RAM on 16 GB CM5
U-Boot defconfig used for Yellow checks only 4 DRAM banks, however, CM5 with 16
GB has the memory spread across 8 banks. Add a patch (submitted upstream) to
the defconfig to get access to the whole RAM.
Fixes#3989
* Add Upstream tag with link to uboot patchwork
Add input allowing to override the channel that's used for hassio image
downloads and in runtime for Supervisor updates, building on the option added
in #3618.
The new default is dev for dev builds, for GH releases keep using the stable
channel both for releases and pre-releases (so we could catch any stable issues
before beta is moved to stable).
To keep it DRY and idiomatic, create a new in-repo GH action for running
commands in the build container.
* Make usage of top-level make easier, drop 'all' target
Make it easier when using top-level make - proxy all possible commands to
Buildroot make and only wrap build for individual target builds. This way it's
still possible to run e.g. 'make ova' which would read the defconfig and run
the build, while we can also use the top-level make in the same way as it's in
vanilla Buildroot.
Target 'all' was dropped in favor of Buildroot 'make' without any arguments -
as it's fairly pointless to run all builds sequentially. With the current 19
targets it would take about a day even on a decent hardware and the build
artifacts would be lost in the process.
* Show warning only if BR2_DEFCONFIG changes
* Wait for 10s or input if defconfig differs
* Fall back to buildroot make in top-level make
To make running Buildroot commands easier, define .DEFAULT rule and fall back
to targets from Buildroot with necessary variables set. This makes
"savedefconfig" redundant as it's been simply passed to BR.
* Also implicitly fall back to 'clean' target
* Fix typo
* Update RPi kernel to 6.12.20
Update to latest stable RPi kernel and remove unnecessary 6.6.y kernel config
fragments.
* Refresh RPi and Yellow patches
Rebase all patches on 6.12.20, remove patches that are already present
upstream.
* Update Yellow device trees for 6.12.20
Upstream changes broke our downstream device trees. While the CM4 fix was
trivial, there were more changes in the CM5 device tree due to adaptation to
upstream code. To simplify future maintenance, DTS was refactored to reuse CM5
DTS include and override only what's necessary.
* Bump buildroot to update to matching package/rpi-firmware
* buildroot ead21eb6d2...cd82256125 (1):
> package/rpi-firmware: bump version to f49a396 (1.20250326)
* Update Buildroot base to v2025.02
Packages updated:
* Added host-blake3 1.5.4
* Added host-go-src
* Added host-libxcrypt 4.4.38
* Added host-tar 1.35
* Added host-xxhash 0.8.3
* Added libtalloc 2.4.2
* Added libxcrypt 4.4.38
* apparmor updated from 3.1.2 to 3.1.7
* busybox updated from 1.36.1 to 1.37.0
* cifs-utils updated from 6.15 to 7.1
* containerd updated from 1.7.26 to 2.0.2
* dbus-broker updated from 35 to 36
* dropbear updated from 2024.85 to 2024.86
* e2fsprogs updated from 1.47.0 to 1.47.2
* expat updated from 2.6.4 to 2.7.0
* gcc-final updated from 12.4.0 to 13.3.0
* glibc updated from 2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5 to 2.41-5-gcb7f20653724029be89224ed3a35d627cc5b4163
* gptfdisk updated from 1.0.9 to 1.0.10
* host-binutils updated from 2.40 to 2.43.1
* host-ccache updated from 4.8.2 to 4.10.2
* host-cmake updated from 3.28.3 to 3.31.5
* host-dtc updated from 1.7.0 to 1.7.2
* host-e2fsprogs updated from 1.47.0 to 1.47.2
* host-elfutils updated from 0.189 to 0.192
* host-expat updated from 2.6.4 to 2.7.0
* host-fakeroot updated from 1.32.1 to 1.36
* host-gawk updated from 5.3.0 to 5.3.1
* host-gcc-final updated from 12.4.0 to 13.3.0
* host-gcc-initial updated from 12.4.0 to 13.3.0
* host-genimage updated from 17 to 18
* host-go updated from 1.22.12 to unknown
* host-gptfdisk updated from 1.0.9 to 1.0.10
* host-kmod updated from 31 to 33
* host-libcap updated from 2.69 to 2.73
* host-libffi updated from 3.4.4 to 3.4.6
* host-libglib2 updated from 2.76.1 to 2.82.5
* host-libopenssl updated from 3.2.4 to 3.4.1
* host-libtirpc updated from 1.3.4 to 1.3.6
* host-libxml2 updated from 2.12.9 to 2.13.6
* host-lz4 updated from 1.9.4 to 1.10.0
* host-lzip updated from 1.23 to 1.25
* host-meson updated from 1.3.1 to 1.7.0
* host-mpc updated from 1.2.1 to 1.3.1
* host-mtools updated from 4.0.43 to 4.0.47
* host-nfs-utils updated from 2.6.4 to 2.8.2
* host-pcre2 updated from 10.42 to 10.44
* host-pkgconf updated from 1.6.3 to 2.3.0
* host-python3 updated from 3.11.11 to 3.12.9
* host-python-flit-core updated from 3.9.0 to 3.10.1
* host-python-jinja2 updated from 3.1.2 to 3.1.5
* host-python-markupsafe updated from 2.1.3 to 3.0.2
* host-python-packaging updated from 23.2 to 24.2
* host-python-pypa-build updated from 1.0.3 to 1.2.2
* host-python-pyproject-hooks updated from 1.0.0 to 1.2.0
* host-python-setuptools updated from 69.0.3 to 75.8.0
* host-python-wheel updated from 0.40.0 to 0.45.1
* host-rauc updated from 1.11.3 to 1.13
* host-sqlite updated from 3.44.2 to 3.48.0
* host-systemd updated from 254.13 to 256.7
* host-util-linux updated from 2.39.3 to 2.40.2
* host-xz updated from 5.4.5 to 5.6.4
* host-zstd updated from 1.5.5 to 1.5.7
* iproute2 updated from 6.7.0 to 6.13.0
* iptables updated from 1.8.9 to 1.8.11
* json-c updated from 0.17 to 0.18
* kmod updated from 31 to 33
* libapparmor updated from 3.1.2 to 3.1.7
* libblockdev updated from 3.1.1 to 3.3.0
* libbytesize updated from 2.7 to 2.10
* libcap-ng updated from 0.8.4 to 0.8.5
* libcap updated from 2.69 to 2.73
* libdnet updated from 1.16.4 to 1.18.0
* libffi updated from 3.4.4 to 3.4.6
* libglib2 updated from 2.76.1 to 2.82.5
* libgudev updated from 237 to 238
* libmicrohttpd updated from 0.9.77 to 1.0.1
* libnftnl updated from 1.2.6 to 1.2.7
* libnl updated from 3.9.0 to 3.11.0
* libnvme updated from 1.7.1 to 1.11.1
* libopenssl updated from 3.2.4 to 3.4.1
* libtirpc updated from 1.3.4 to 1.3.6
* libunistring updated from 1.1 to 1.3
* libusb updated from 1.0.26 to 1.0.27
* lvm2 updated from 2.03.14 to 2.03.27
* nettle updated from 3.9.1 to 3.10.1
* network-manager updated from 1.44.2 to 1.50.2
* nfs-utils updated from 2.6.4 to 2.8.2
* pcre2 updated from 10.42 to 10.44
* procps-ng updated from 4.0.4 to 4.0.5
* rauc updated from 1.11.3 to 1.13
* rpcbind updated from 1.2.6 to 1.2.7
* rtl8821cu updated from 1597dfeda6cefd2e603fc7020ceca226d05fb108 to 96c65c58b544241178638e810b333dcc9aa26b91
* sqlite updated from 3.44.2 to 3.48.0
* systemd updated from 254.13 to 256.7
* util-linux-libs updated from 2.39.3 to 2.40.2
* util-linux updated from 2.39.3 to 2.40.2
* wireless-regdb updated from 2023.09.01 to 2024.10.07
* wpa_supplicant updated from 2.10 to 2.11
* patches/genimage: drop upstreamed patches
* patches/systemd: drop merged patch
* patches/network-manager: drop upstreamed patch
* Add BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_* to defconfigs
As the reported MemTotal can fluctuate a bit on some systems, e.g. because the
reserved memory changes between kernel version or other factors affect it like
VRAM, the swap file can be recreated unnecessarily between boots. Allow for
some fluctuation (up to +-32MB) before the swapfile is recreated.
This was a problem already before the recent haos-swapfile changes, however,
before it checked if the existing swapfile isn't smaller than the desired
value. If the MemTotal fluctuated there, the swapfile size eventually settled
on the highest value seen and it wasn't recreated anymore. With this change,
things should be stable even more.
As pointed out in [1] by @cdce8p, the RTL8125D has an internal PHY that also
needs some changes to be backported.
Also, move the patches to more targeted directories is it would be otherwise
applied to RPi 6.6 kernel with failures. We can move it back to the top-level
patches directory once RPi moves to kernel 6.12.
[1] https://github.com/home-assistant/operating-system/issues/3880#issuecomment-2790105503
As we enabled SI/CIK support to fix crashes on bunch of AMD SoCs in #3957, the
amdgpu driver still crashes on some hardware. It seems to be some GX-217GA SoCs
or even GX-425GA in Fujitsu thin clients (even though the same SoC is fine on
T620).
To get to the state before update to kernel 6.12, disable amdgpu for these
platforms again (as it couldn't work properly there before OS 15.0) and just
backport the patch that fixes the crashes during probing when the driver isn't
compiled with SI/CIK support.
Fixes#4012
* Backport RTL8125D (rev C, XID 688) support
Apply mainline patch adding support for NIC present e.g. on ASUS NUC 14
Essential.
Fixes#3880
* Update buildroot to add RTL8125D firmware
* buildroot 4cd211162d...5379c358bf (1):
> linux-firmware: add RTL8125D firmware
When there's a problem with connectivity, it may result in obscure errors later
in the testing. Add checks testing three scenarions:
* connectivity in host - both using curl and nmcli
* connectivity in Supervisor container (uses docker0 as default via)
* connectivity in CLI container (uses hassio as default via)
Also make sure that Supervisor upgrade isn't attempted when the version
information is missing.
To avoid necroposting to old issues that's usually left unnoticed, add workflow
for locking issues similar to the one that Core has.
The PR locking limit can be increased as the traffic is much lower compared to
Core. Issues before 2025 have been locked manually via the API.
Update of OpenSSL in OS 12.2 from 1.1.1 to 3.2 changed the output of `openssl
sha256` command. It seems that some hypervisors don't like this and fail if
it's not plain "SHA256".
Fixes#3654
Update Docker and its dependencies to versions packaged in last bugfix release.
* buildroot 3914f8cad5...4cd211162d (4):
> package/runc: bump version to v1.2.6
> package/docker-cli: bump version to v28.0.4
> package/docker-engine: bump version to v28.0.4
> package/containerd: bump version to v1.7.26
Firmware change that set initial_turbo to 60 from the previous 0 has broken
initialization of some SD cards in U-Boot. Adjust the value in config.txt on OS
update if the value is not already set by the user, and put it to the default
config.txt.
The config.txt also contains a short comment explaining the purpose. The
purpose of it is also to make it easier to revert this change in the future if
the problem is fixed in the firmware or U-Boot.
Fixes#3965
One of the reason for failures after update to OS 15.0 was missing support for
the kernel PIO driver in EEPROM firmware. Backport upstream patches from
raspberrypi/linux#6645 and raspberrypi/linux#6642 that handle this situation
more gracefully. These patches could be dropped after the next RPi kernel
release.
Refs #3943
Update generic_raw_uart package to the latest sources available coming with
direct kernel 6.12.x compatibility dropping the intermediate patches
accordingly. In addition, the eq3_char_loop patchset was updated to reflect the
same changes performed.
When Intel GPUs are used in passthrough, the i915 is probed too early and fails
to load firmware which is in the rootfs mounted later. The CONFIG_DRM_I915=y
comes from x86_64_defconfig, by changing it to module (like we do for
generic-x86-64), the driver becomes only available after the rootfs is mounted
and firmware is loaded correctly.
Fixes#3949
It seems that kernel 6.12 handles device probing less gracefully when these
options are not enabled and causes crash on some AMD SoCs, e.g.:
*ERROR* Invalid callback to read register 0x58184
Link: https://gitlab.freedesktop.org/drm/amd/-/issues/4050
Refs #3944
U-Boot update in #3878 changed the layout of patch folders for Hardkernel
targets with the goal to make it less confusing. However, it missed adding the
top-level hardkernel patches directory to all hardkernel targets and only
remove it from some of them in [1].
Revert to state before #3878 by adding the hardkernel folder to c2/c4/n2. In
the future, the patches from this folder should be split per target and if any
patches remain in it, they should be applied for all hardkernel boards.
[1] 2716b564c2Fixes#3936
We check that landing page is working when the network is down but we don't
check it in the happy path. Add its test to make it more obvious when the
just landing page is broken.
In some cases, the wipe service may be called due to a race condition for the
second time during the boot, very likely failing because the filesystems are
already mounted. This can not be reproduced on OVA but can be fairly easy
triggered e.g. on RPi. As we want the service to be executed exactly only once,
we can do what's suggested in [1] and set the RemainAfterExit=yes. That should
ensure the unit is not ever started for the second time.
[1] https://www.github.com/systemd/systemd/issues/29367
(cherry picked from commit 24640c11ae)
In some cases, the wipe service may be called due to a race condition for the
second time during the boot, very likely failing because the filesystems are
already mounted. This can not be reproduced on OVA but can be fairly easy
triggered e.g. on RPi. As we want the service to be executed exactly only once,
we can do what's suggested in [1] and set the RemainAfterExit=yes. That should
ensure the unit is not ever started for the second time.
[1] https://www.github.com/systemd/systemd/issues/29367
Add missing patch and update for latest runc version to fix losing device
permissions when new devices are added in runtime.
* buildroot b079a02a9a...3914f8cad5 (2):
> package/runc: add patch for extended default allowed devices in v1.2.4
> package/runc: add missing patch to fix device permissions update
Fixes#3915
(cherry picked from commit 04debe2f53)
Update to latest version of the driver and matching firmware. The most common
application for it - Frigate - currently has 4.19.0 in stable but 4.20.0 is
staged in dev. As it's easier to select OS version than a version of the
add-on, it makes sense to stay ahead in HAOS. This also means Frigate needs to
be updated to the matching version (as staying on an arbitrary older patch
revision doesn't make much sense either).
(cherry picked from commit 173a4388fe)
* Add test checking journal logs for dependency cycles
* Run some test cases to get their output also when full init fails
* Remove high timeouts from the times when GHA couldn't use KVM
* Enable logging durations for future optimizations
(cherry picked from commit 4a1d2b75b9)
Use simple shell script to perform device wipe instead of calling OS Agent to
do that through the UDisks2 API. While it might have been a good idea to use
high level interface for that back then, it turns out it causes more issues
than the benefits it could bring.
Main problem currently is that the OS Agent needs to read sysctl variables, but
those are only set after mounting the overlay partition. But at the same time,
the overlay partition can't be mounted if we want to wipe it - this creates a
dependency cycle through the haos-agent.service.
To get rid of the cycle and simplify things, use a shell script doing basically
the same what the OS Agent does. Since the wipe functionality only makes sense
to be implemented on HAOS targets (not on Supervised), there's little point of
having it in higher layer of abstraction that OS Agent provides.
It should be also checked if changes from #1291 are needed anymore, as the
driving factor for those have been probably the wipe feature in OS Agent too,
but at this point they seem to be harmless.
(cherry picked from commit 6c4f32a8c0)
Update to latest version that fixes start order in haos-agent.service. Without
that, OS Agent reports incorrect swappiness after boot.
(cherry picked from commit 36d905720a)
As discussed in #3885, now that fixed Supervisor is in stable, we can test that
no AppArmor denied events are logged during CI tests.
(cherry picked from commit 610ced0162)
Add missing patch and update for latest runc version to fix losing device
permissions when new devices are added in runtime.
* buildroot b079a02a9a...3914f8cad5 (2):
> package/runc: add patch for extended default allowed devices in v1.2.4
> package/runc: add missing patch to fix device permissions update
Fixes#3915
Update to latest version of the driver and matching firmware. The most common
application for it - Frigate - currently has 4.19.0 in stable but 4.20.0 is
staged in dev. As it's easier to select OS version than a version of the
add-on, it makes sense to stay ahead in HAOS. This also means Frigate needs to
be updated to the matching version (as staying on an arbitrary older patch
revision doesn't make much sense either).
* Add test checking journal logs for dependency cycles
* Run some test cases to get their output also when full init fails
* Remove high timeouts from the times when GHA couldn't use KVM
* Enable logging durations for future optimizations
Use simple shell script to perform device wipe instead of calling OS Agent to
do that through the UDisks2 API. While it might have been a good idea to use
high level interface for that back then, it turns out it causes more issues
than the benefits it could bring.
Main problem currently is that the OS Agent needs to read sysctl variables, but
those are only set after mounting the overlay partition. But at the same time,
the overlay partition can't be mounted if we want to wipe it - this creates a
dependency cycle through the haos-agent.service.
To get rid of the cycle and simplify things, use a shell script doing basically
the same what the OS Agent does. Since the wipe functionality only makes sense
to be implemented on HAOS targets (not on Supervised), there's little point of
having it in higher layer of abstraction that OS Agent provides.
It should be also checked if changes from #1291 are needed anymore, as the
driving factor for those have been probably the wipe feature in OS Agent too,
but at this point they seem to be harmless.
Cherry-pick bumps up to v5.79 and sync other changes and fixes with latest
upstream state.
* buildroot b4df362187...7d5c3b5e70 (10):
> package/bluez5_utils: tidy up the init script
> package/bluez5_utils: install datafiles with correct permissions
> package/bluez5_utils: fix dbusconfdir
> package/bluez5_utils{, -headers}: bump version to 5.79
> package/bluez5_utils: enable asha/bass when building audio plugins
> package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.78
> bluez5_utils: disable asha profile
> package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.77
> package/bluez5_utils: disable datafiles
> package/bluez5_utils: fix sixaxis build without tools
Update Docker to latest version and containerd to latest version from the 1.7
line. Runc updated to v1.2.5 with rebased patchset from the outstanding PR.
* buildroot 257ddc70ce...b4df362187 (4):
> package/runc: bump version to v1.2.5
> package/docker-cli: bump version to v28.0.1
> package/docker-engine: bump version to v28.0.1
> package/containerd: bump version to v1.7.25
Mainly the amdgpu updates cause an increase of generic-x86-64 image size by
~12MB but there's still enough of space in the rootfs after recent cleanup.
* buildroot c5a1cbcf73...257ddc70ce (9):
> package/linux-firmware: bump Intel BZ firmware version to 92
> package/linux-firmware: bump version to 20250211
> package/linux-firmware: bump version to 20241210
> package/linux-firmware: fix build failures to due RTL8723 file changes
> package/linux-firmware: bump version to 20240909
> package/linux-firmware: bump to version 20240709
> package/linux-firmware: improve help text for Realtek 88xx Bluetooth firmware
> package/linux-firmware: install all rtl88 Bluetooth binary blobs
> package/linux-firmware: RTL_88XX_BT: install all firmware
Disable downstream option for linux-firmware compression. With #3877 it's not
needed for x86 anymore and other boards don't need it. Eventually the higher
EROFS compression for firmwares and modules can be enabled for other targets as
well.
Patch added in #3843 is not necessary anymore, as the missing reset names have
been added to DTS includes of the 6.12.y branch as patch
6c9cd0a70ccea8a505471062a85de5626ad07cec (released in v6.12.14).
When RPi is booted in the tryboot state and the set-state operation is called
for the second time, the tryboot files don't exists anymore and the handler
exits with an error code, printing an error in the Supervisor logs. Fix
handling of this case and add few more checks to make the handler a bit more
robust/traceable.
As we don't have the info utility in HAOS, it's worthless to preserve info
pages. While there are currently some files in /share/info (coming from GRUB2
tools install), /usr/share/info was added pre-emptively.
Because the OTA hooks interact with GRUB environment using grub-editenv, we
have BR2_TARGET_GRUB2_INSTALL_TOOLS enabled. However, that brings massive bloat
of files that are never used in HAOS, as it also installs many other binaries,
GRUB modules and translations.
As it's not possible to configure what gets installed in grub2 package, remove
the undesired files in the post-build function. This brings savings of ~8.5MB
of space in the root partition.
Use auditd so logs from AppArmor and other audit events are processed by that
instead of printed to the Systemd journal. This will reduce the log spam from
BPF usually present in host logs and still preserve the audit logs for
debugging.
The default configs seems to be sane for our purpose, rotating up to 5 files of
8MiB each. The difference is that /var/log/audit will be now on tmpfs but given
how AppArmor is used on typical HA setup, we don't need to preserve the logs
over reboots.
Removal of the e2scrub binary is not needed anymore, as it's not installed and
only BR2_PACKAGE_E2FSPROGS_E2IMAGE is enabled. Moreover, it's been probably
wrong since the very beginning, as the TARGET_DIR prefix was missing, possibly
leading to removal of the binary from the host/builder.
Allow configuration of the swap size via /etc/default/haos-swapfile file. By
setting the SWAPSIZE variable in this file, swapfile get recreated on the next
reboot to the defined size. Size can be either in bytes or with optional units
(B/K/M/G, accepting some variations but always interpreted as power of 10). The
size is then rounded to 4k block size. If no override is defined or the value
can't be parsed, it falls back to previously used 33% of system RAM.
Fixes#968
* Refresh fileenv patch for U-Boot 2025.01
* Update Tinker to U-Boot 2025.01
Needs minor patch adjustment, also fixed patch numbering.
* Update ODROID-N2 to U-Boot 2025.01, move eMMC patch
Move the patch for eMMC so it's applied only for N2 specifically and update it
for 2025.01.
* Update ODROID-C/XU to U-Boot 2025.01
No changes in patches necessary after moving the N2 patch.
* Update RPi boards to U-Boot 2025.01
Changes needed in bcmstb PCIe driver due to upstream refactoring, rest only
refreshed. All patches now target the same version, so we can drop one of the
series.
* Update VIM3 to U-Boot 2025.01
No patches here, just version bump.
* Update Green to U-Boot 2025.01
Updated and refreshed patches, added a patch to disable OF_UPSTREAM which is
now needed.
* Update ODROID-M1 to U-Boot 2025.01
Drop patch that has been mostly merged upstream. The change is that HS400 would
stay enabled but let's get back to what upstream does.
* Update ODROID-M1 to U-Boot 2025.01
Drop all patches as M1S support should be now merged to U-Boot and DTS taken
from upstream.
* Disable DFU and mkeficapsule to fix build
mkeficapsule requires gnutls to be built first but it's not among dependencies.
Since we don't need the tool, we can disable it.
DFU is also not used on HAOS and it implies EFI_LOADER that we already disable.
Moreover, that also sets SET_DFU_ALT_INFO and leads to linker failure on some
platforms where it's not implemented.
* fixup! Update Green to U-Boot 2025.01
There were more changes needed in the Green config to use correct memory layout
due to upstream changes, otherwise we'll have malloc failures in U-Boot proper.
* Move N2 eMMC patch to more generic patches-meson
To stay on the safe side, move the eMMC hack to more generic folder that's used
for all targets using the meson_gx eMMC driver (i.e. C2, C4 and N2). This is
still better than keeping it in hardkernel/patches which is applied only to
some hardkernel boards (like it was before bump to U-Boot 20205.01).
Instead of using per-file ZSTD compression, compress firmware (and newly also
kernel modules) using LZMA within EROFS image. LZMA was picked because ZSTD
support in EROFS is still experimental and due to some limitations in the
implementation, the compression takes significantly more time.
This change gives us more control over compression of the files and with the
proposed settings, saves a bit of the space (~10 MiB) in the resulting image.
In theory, even higher savings could be achieved through compressing other
runtime binaries, but this would need to be thoroughly tested whether it
doesn't have any detrimental effects. For firmware and modules, the overhead
should be minimal, as they are usually touched only once per boot and are
rather small before decompression.
* buildroot 74994c4f32...92fab35fed (6):
> fs/erofs: add custom compression option with optional compress-hints file
> package/erofs-utils: bump to version 1.8.5
> package/erofs-utils: bump to version 1.8.3
> package/erofs-utils: bump to version 1.8.2
> package/erofs-utils: bump to version 1.8.1
> package/erofs-utils: add libdeflate and zlib optional dependencies
* buildroot 014c3fad50...74994c4f32 (2):
> package/linux-firmware: update Intel iwlwifi firmware versions for Linux 6.12
> package/linux-firmware: bump version to 20240513
* RaspberryPi: Update kernel to 6.6.74 - stable_20250127
* Bump buildroot to update rpi-firmware
* buildroot 71cba6c610...014c3fad50 (1):
> package/rpi-firmware: bump to version 1.20250127 for kernel 6.6.74
* Update patch for disabling CQE on CM5
The bool has been changed to a cell, adding the possibility to change the value
via sd_cqe dt_param both on CM5 and Pi5. Set it to disabled by default on CM5.
Because of refactoring/code quality improvements in upstream, IPv6 reachability
patch no longer applied on 6.12 kernel. We added two versions of the patch to
address this initially, however, this requires updating of the patch directory
name on every kernel bump. Backport the patch causing collision instead to RPi
kernel, so we can carry only one version of the patch.
This also requires swapping of the patching order - now we first apply
board-specific patches, then the global ones. Unless there are collisions,
these operations should be idempontent, so at this point it shouldn't have any
side-effects.
* Remove USB stack patches working around obsoleted Z-Wave devices issues
In #3224 we've introduced a patch reverting some changes in the USB stack that
was supposed to work around issues with some USB devices. Later discussions
revealed these devices are obsoleted by the manufacturer and there is no
official way of fixing those in newer Linux kernels. However, carrying the
patches makes us diverge from upstream and can eventually trigger other
problems not present upstream we'll have to handle.
Drop these patches now to be part of the upcoming OS 15 release, rather than
needing to drop them later in any of the patch revisions later.
* Also remove the patch from board/raspberrypi patches
* Upgrade Rockchip platforms to Linux 6.12
Upgrade all Rockchip boards to latest 6.12. Patches for M1S can be dropped, its
DTS has been merged. Same goes for the Rockchip TRNG, it only had to be enabled
in the Green DTS. Patch for broken combphy has been updated for 6.12.y.
* Remove deprecated and nonsense symbols from Rockchip defconfig
Many symbols have been removed between 6.6 and 6.12. Most of them have no use
in Rockchip defconfig, or should be set by other kernel fragments anyway.
Remove all of them, with the exception of USB_ONBOARD_HUB (which was renamed to
USB_ONBOARD_DEV) and FSCACHE (which was changed from tristate to bool).
* Update generic-aarch64 to Linux 6.12
* Update Amlogic-based ODROID boards to Linux 6.12
Removed couple of deprecated/unrelated kernel options.
* Update VIM3 to Linux 6.12
Cleaned up symbols unrelated/deprecated in 6.12 from defconfig.
* Update ODROID-XU4 to Linux 6.12
The usual defconfigs suspects had to been removed and the regulator patch for
ethernet needed a minor update after refactoring in upstream.
* Update Tinker to Linux 6.12
Needed defconfig cleanup for 6.12, otherwise no changes.
* Update x86 and OVA to latest 6.12 release
This way the extra patches directory can be removed too.
* Remove 6.6.73 patches
* Refresh all linux patch series against 6.12.11 sources
* Reenable HW RNG on M1S to speed up boot
The TRNG on RK3566 supposedly [1] has low quality, that's why it's disabled in
upstream for this SoC. We had it enabled in the past and without it, the boot
is delayed by quite a lot. Enable it again for now and investigate the RNG
issues later.
[1] https://patchew.org/linux/cover.1722355365.git.daniel@makrotopia.org/
* Also remove CACHEFILES module from Rockchip config
It was only enabled for Rockchip and Tinker, and to my knowledge there is no
cachefiles daemon or anything other in the userspace that's using it.
* Remove unused 6.6.y fragments
Since we only have 6.6.y for Raspberry Pi now, it doesn't need the Rockchip and
wireless PCI fragments.
Revert the patch changing phy reset behavior, requiring also changes in the
device tree that are missing in the stable backport. The issue was reported to
the regressions mailing list and hopefully future patch release should contain
a proper fix.
The patch is added to the patches-rockchip directory, potentially affecting
Green as well, although the broken peripherals are not used there.
Fixes#3837, fixes#3841
Probably since home-assistant/supervisor#5276 introduced in Supervisor
2024.9.0, RAUC bootloader handler for tryboot can set the tryboot flag also
when the tryboot file is not present, causing the Pi to become stuck in
bootloader, trying to load the tryboot file.
This happens when the device is already in the tryboot state, in that case the
tryboot files and flag are created by set-primary and in turn the files are
removed in set-state, while the flag is persisted, causing the bootloader to
attempt loading non-existing file.
To avoid unnecessary juggling with tryboot/config files, only create them and
set the flag if the boot slot is different than the current one. Also, make
sure that the flag is reboot parameter is cleared when the tryboot files are
removed by the handler.
Fixes#3740
* Linux: Update kernel to 6.12.6
* Linux 6.12
* https://github.com/home-assistant/operating-system/pull/3767#discussion_r1899169881
* https://github.com/home-assistant/operating-system/pull/3767#discussion_r1899170543
* Add patch descriptions, kernel ver conditionals
Signed-off-by: Nick Venenga <nick@venenga.com>
* Remove extra zram compression algos
* Undo fragment files config change
...for platforms that didn't receive kernel updates
* Sort Dockerfile apt packages
* Add Upstream refs to patches
* Re-enable TC
* Restore v6.6.y kernel fragments
* Update buildroot to rebased branch
* Apply 6.12 migration only to generic-x86-64
* package/eq3_char_loop: port patch from RaspberryMatic by @jens-maus
* package/generic_raw_uart: port patch from RaspberryMatic by @jens-maus
* Restore buildroot-external/board/pc/patches/linux
It's used in ova and generic-aarch64 defconfigs. Keep the path removed from
generic-x86-64 defconfig.
* Split linux patches to be version-specific
The IPv6 reachability patch needs different context on 6.6.y and 6.12.y -
introduce version-specific linux directories. To avoid the need for extra
directory for version used in RPi, copy those patches to its patches directory.
* Replace removed Intel Skylake audio driver with Intel AVS
The Skylake driver was removed and should be now replaced either by Intel HD
Audio or Intel AVS. Remove the old options and enable AVS.
SND_SOC_INTEL_SKYLAKE=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:63)
SND_SOC_INTEL_SKL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:64)
SND_SOC_INTEL_APL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:65)
SND_SOC_INTEL_KBL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:66)
SND_SOC_INTEL_GLK=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:67)
SND_SOC_INTEL_CNL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:68)
SND_SOC_INTEL_CFL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:69)
SND_SOC_INTEL_CML_H=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:70)
SND_SOC_INTEL_CML_LP=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:71)
SND_SOC_INTEL_SKYLAKE_FAMILY=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:72)
SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC=y not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:73)
SND_SOC_INTEL_SKYLAKE_COMMON=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:74)
-> a882f4d750
SND_SOC_INTEL_SST=m requested, actual = n (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:58)
-> 970d299b0a
* Remove I2C_COMPAT option
I2C_COMPAT=y not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:163)
-> 7e722083fc
* Correctly disable module compression after Kconfig change
The Kconfig structure was changed, there's now a top-level bool:
c7ff693fa2
---------
Signed-off-by: Nick Venenga <nick@venenga.com>
Co-authored-by: Jan Čermák <sairon@sairon.cz>
On Kria KD240 slg7xl45106 device is handling reset for USB hub which is
providing access to SD card (USB/SD converter). Access to this device is
done via i2c which needs to be also enabled in the kernel as built-in
driver not as module when rootfs is mounted.
Also change ZYNQ_GPIO to be built-in driver because i2c is using gpio for
bus recovery that's why it should be also enabled to probe i2c driver
properly.
v6.6 kernel doesn't have support for usb5744 driver that's why disable it
but add TODO to enable it once v6.12 upgrade is done.
Build of pam_lastlog.so was disabled by updating to v1.5.3 [1] yet the line
wasn't removed from the login modules. In upstream this was resolved by adding
a config option for turning the lastlog module and dynamic disabling of the
line including it. These changes neither a fix removing the config line were
not applied to 2024.02, so cherry-pick them here to fix the issue.
* buildroot ff563b383d...3784884466 (2):
> package/linux-pam: adjust login pam file for lastlog
> package/linux-pam: add menuconfig option to build pam_lastlog.so
Fixes#3789
[1] https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
(cherry picked from commit af7b36e100)
* Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform
Kria KD240 board is using SD card but SD is connected via onboard USB HUB.
USB controller is DWC3 with Xilinx glue logic. Both of these options are
enabled but board is using slg7xl45106 for driving usb-hub reset (PCA9570
driver) and USB3.0 requires initialization via PHY_XILINX_ZYNQMP driver.
All options should be enabled (=y) and can't be kernel modules because
provide access to rootfs.
* Add a note for config symbol change in 6.12
Changed in mainline commit 31e7f6c015d9eb35e77ae9868801c53ab0ff19ac
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
(cherry picked from commit 64ee53579b)
I have only tested that it fails for unreleased 6.6.72 kernel but haven't
tested the happy path and missed that it also failed because the types were
different. Stupid me.
* Move rauc.db to boot partition
The RAUC metadata file contains information that is tightly related to the
system and kernel partitions. With the possibility to migrate data disk, the
rauc.db can contain bogus information when moved to a different system. Removal
of the file on "device wipe" is also not desirable, because the information
about slot status is lost.
Relocate the rauc.db to the boot partition after a system upgrade (as this
can't be handled by RAUC hooks, because it needs to be executed after all slots
and metadata is written) and adjust the script for recreating it. The downside
is that its content in /mnt/data would be recreated if the boot slot is changed
or system downgraded but this should be handled quite gracefully.
Also remove the raucdb-first-boot service which is no longer necessary
with the file not present in the data partition.
* Fix shellcheck and mount path
Build of pam_lastlog.so was disabled by updating to v1.5.3 [1] yet the line
wasn't removed from the login modules. In upstream this was resolved by adding
a config option for turning the lastlog module and dynamic disabling of the
line including it. These changes neither a fix removing the config line were
not applied to 2024.02, so cherry-pick them here to fix the issue.
* buildroot ff563b383d...3784884466 (2):
> package/linux-pam: adjust login pam file for lastlog
> package/linux-pam: add menuconfig option to build pam_lastlog.so
Fixes#3789
[1] https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
Add test that the kernel isn't tainted at the end of the basic and supervisor
test suites, allowing us to catch e.g. kernel warnings that may left unnoticed
if dmesg isn't checked. There is no other source of tainting, so the value
should be always zero.
* Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform
Kria KD240 board is using SD card but SD is connected via onboard USB HUB.
USB controller is DWC3 with Xilinx glue logic. Both of these options are
enabled but board is using slg7xl45106 for driving usb-hub reset (PCA9570
driver) and USB3.0 requires initialization via PHY_XILINX_ZYNQMP driver.
All options should be enabled (=y) and can't be kernel modules because
provide access to rootfs.
* Add a note for config symbol change in 6.12
Changed in mainline commit 31e7f6c015d9eb35e77ae9868801c53ab0ff19ac
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
Similarly to #3803, artifact index update fails because the R2 doesn't
like the new awscli. The regression apparently comes from 1.37.0 as
well, so pin to version older than that.
The /etc/usb_modeswitch.d is present and empty but it can't be written to allow
user modification. Bind-mount it like other /etc folders to make it possible to
adjust usb_modeswitch config.
Fixes#3785
Zynq GPIO driver is used on AMD/Xilinx Kria platform for ETH phy reset.
Macb and PHY drivers are already enabled.
1 wire IP can be used for reading sensors via PMOD connector.
Similarly to #3705, enabled CQE triggers I/O freezes usually on the first boot
when the swapfile is being created. While we disabled it for Yellow, with #3782
the issue started to appear on generic CM5 targets with the rpi5-64 image.
In the meantime it was discovered that there seems to be some relation with the
ext4lazyinit task, which happens as a result of data partition resize, yet it's
still unclear if the pattern of the access triggered by the concurrent FS
initialization is somehow responsible, or if another factor comes in play.
Disabling CQE yet makes the issue go away and serves as an acceptable
workaround.
RPi 5 images container only device tree for Pi 5 Model B. Add the other
remaining BCM2712 device trees to enable running on CM5 and other variants
supported upstream.
Fixes#3766
With "cgroup: Use kernel command line to disable memory cgroup" merged to RPi
kernel as 86099de [1], the device tree now contains "cgroup_disable=memory"
parameter. The parameters are parsed in the order defined in the cmdline and
with the previous order, the memory CG ends up disabled. Switching the order
fixes that and makes the order similar to what we get with standard bootloader
and parameters in cmdline.txt only.
The possible downside is that it won't be possible to override parameters from
hardcoded bootargs_hassos using cmdline.txt anymore, however, it's unlikely any
of these parameters will need to be adjusted by users.
Fixes#3765
[1] 86099deff5
The z3fold allocator was deprecated with the reasoning explained in [1] and
this patch was backported to stable 6.6.y as well. We enable zsmalloc in shared
hassos.config and the enabled option in the Tinker config was probably just
some remnant from the past.
[1] https://lore.kernel.org/linux-mm/20240904233343.933462-1-yosryahmed@google.com/
The TCPMSS target module for iptables was enabled in some kernel defconfigs but
not for all targets. It is used e.g. in default config of @bigmoby's WireGuard
Client add-on. Enable it globally in the HAOS kernel config to make sure it's
always present.
Fixes#3730
If data disk is adopted on Yellow using the mechanism added in #3686, it
contains RAUC version information that is very likely invalid. In such case,
remove the file on first boot and have it recreated by the raucdb-update
service.
Hailo modules are usable also in other generic targets, so enable them also on
generic x86 and ARM targets. Runtime tested only on x86-64 (Beelink with Intel
N100).
The PCIe card from the RPi AI Kit (and probably other M.2 cards using the
Hailo-8 chip) can be used on Yellow - the driver initializes correctly and
creates a /dev/hailo0 device on Yellow both with CM4 and CM5.
* Add HA Yellow image to RPi Imager index update action
Update the action to also bump HA Yellow image added in
home-assistant/version#402.
* Sync image name with the current JSON PR
Instead of using in-tree module on RPi 5, build it as a module from the
original sources. This will give us better control over the version used and
will also allow us for easier way to add the module to other platforms.
This also makes 017d172 unnecessary anymore.
* buildroot c65b0306bb...b2077df873 (1):
> package/brcmfmac_sdio-firmware-rpi: bump version to 4c1789e
Raspberry Pi kernel 6.6 driver for BCM43455 (used in RPi 3B+/4B) calls new API
which uses the DUMP_OBSS feature for channel selection. If it's not preset, it
results in drivers reporting errors, e.g.:
brcmf_set_channel: set chanspec 0xd099 fail, reason -52
The RPi OS firmware was updated but the package we use for this firmware
contains an old version that lacks this support. Update to latest version
synced from RPi upstream to fix the issues. The root cause is explained in [1]
by @ragazenta. Both disabling the DUMP_OBSS and updating the firmware makes the
errors go away.
[1] https://github.com/raspberrypi/linux/issues/6049#issuecomment-2485431104Fixes#3367
With both RTCs enabled, the rpi_rtc is probed as the first one, making the
on-board RTC unused by default. Since the CM5's RTC peripheral can't be used on
Yellow, as the VBAT pin is not connected, disable it completely to fix RTC.
(cherry picked from commit 9d643edb54)
The I/O operations on the eMMC can sometimes fail and lock up completely, and
disabling CQE on the sdio1 (mmc0) interface seems to solve the issue. While it
is a known (and potentially resolved) issue [1] for SD cards in Raspberry Pi's
Linux fork, it is not acknowledged neither resolved for CM5's eMMC. With CQE
enabled, the device usually locks up within the first 10 first boots, when the
swap file is being created. After disabling CQE, no error occurred after more
that 100 cold boots (every time with swap file removed).
[1] https://github.com/raspberrypi/linuxissues/6349
(cherry picked from commit c514d6b482)
For yet unknown root cause, the eMMC interface sometimes fails to initialize
properly, delaying boot for up to 130 seconds. This can be reduced by ~100s by
disabling SD and SDIO modes on the sdio1 interface used for mmc0 before a
better patch is found.
(cherry picked from commit 489de0b2fb)
With both RTCs enabled, the rpi_rtc is probed as the first one, making the
on-board RTC unused by default. Since the CM5's RTC peripheral can't be used on
Yellow, as the VBAT pin is not connected, disable it completely to fix RTC.
The I/O operations on the eMMC can sometimes fail and lock up completely, and
disabling CQE on the sdio1 (mmc0) interface seems to solve the issue. While it
is a known (and potentially resolved) issue [1] for SD cards in Raspberry Pi's
Linux fork, it is not acknowledged neither resolved for CM5's eMMC. With CQE
enabled, the device usually locks up within the first 10 first boots, when the
swap file is being created. After disabling CQE, no error occurred after more
that 100 cold boots (every time with swap file removed).
[1] https://github.com/raspberrypi/linuxissues/6349
For yet unknown root cause, the eMMC interface sometimes fails to initialize
properly, delaying boot for up to 130 seconds. This can be reduced by ~100s by
disabling SD and SDIO modes on the sdio1 interface used for mmc0 before a
better patch is found.
Build cypress_m8 driver as module for all targets - some of them had it in
their base defconfig while some not. It is required e.g. for UPB PIM (Powerline
Interface Module).
Fixes#3690
(cherry picked from commit d57e507764)
Sync the DTS with changes added in newer commits merged after the initial
Yellow/CM5 DTS was written. The sdio1 node now has HS400 mode enabled and
sd_io_1v8_reg has been changed to regulator-fixed.
(cherry picked from commit b288cd212a)
If HAOS on Yellow is booted for the first time with NVMe data disk present, it
should be preferred over the empty eMMC data partition. This will ease
reinstall of the system and migration from CM4 to CM5. All other data disks
(e.g. if a USB drive is used for them) are still treated as before, requiring
manual adoption using the Supervisor repair.
(cherry picked from commit 98ac7f0170)
Build cypress_m8 driver as module for all targets - some of them had it in
their base defconfig while some not. It is required e.g. for UPB PIM (Powerline
Interface Module).
Fixes#3690
Sync the DTS with changes added in newer commits merged after the initial
Yellow/CM5 DTS was written. The sdio1 node now has HS400 mode enabled and
sd_io_1v8_reg has been changed to regulator-fixed.
If HAOS on Yellow is booted for the first time with NVMe data disk present, it
should be preferred over the empty eMMC data partition. This will ease
reinstall of the system and migration from CM4 to CM5. All other data disks
(e.g. if a USB drive is used for them) are still treated as before, requiring
manual adoption using the Supervisor repair.
Add Hailo-8 firmware binary for Rasperry Pi AI accelerators. The version needs
to be determined from the Git history of the kernel sources, as the driver
source code is included in the RPi downstream kernel and the version string
can't be found in the code directly.
Fixes#3663
* Add Makefile variable for Supervisor channel
Allow to set the release channel pre-installed Home Assistant components
like Supervisor and add-on are fetched from. This channel is then also
used at runtime.
* Use choice instead of string variable
* Fix channel in Supervisor updater.json config
* Add newlines
As stated in the docs [1], post-install hook is not executed if the slot
already has an install hook defined. Merge the post-install hook with the
install hook to fix CM5 migration for Yellow.
[1] https://rauc.readthedocs.io/en/latest/using.html#slot-hooks
The timeout of 90s was introduced before it was ensured that the timesync
systemd unit starts after network is online. Now with that, it makes less sense
to wait that long - if network is unreachable at the point the time
synchronization starts, and the server fails to reply on the first sync, the
polling interval is exponentially increased and the benefit of waiting for more
attempts is doubtful.
Since another synchronization attempt is done after network changes its state,
we should rely on that instead of having the 90 seconds interval as a waiting
period for plugging the network cable. Worst case, there are other mechanisms
that should set the time to a reasonably accurate value, making the NTP sync
less importart for most of the cases.
* Move RPi U-Boot patches to version-specific directory
We will need to use different series for 2024.10 which would be used as the
base for CM5 support.
* Remove common.h include from the fileenv cmd
It doesn't seem to be used and common.h has been removed in newer U-Boot.
* Use U-Boot 2024.10 with BCM2712 PCIe patches for Yellow
Use rebased patchset from v2024.01 with the first patch removed. Add patches
needed for PCIe initialization and use rpi_arm64_defconfig as the base config
for both CM4 and CM5.
* Add device tree for CM5 on HA Yellow and adjust config
Add device tree definition based on the CM5 device tree with BCM2712D0 changes
applied, and add nodes required for the on-board peripherals of Yellow.
Currently the difference in serial numbering still requires either changes in
this device tree, or userspace changes to create correct symlinks to make HA
configuration directly compatible with CM4 on Yellow.
* Add config.txt migration for conditional device_tree options
* Fix typos and minor issues found by CodeRabbit
* RaspberryPi: Update kernel to 6.6.51 - stable_20241008
* Update rpi-firmware to version for kernel 6.6.51
* buildroot 2ffac68a74...19027bc796 (1):
> package/rpi-firmware: bump to version 1.20241008 for kernel 6.6.51
Guest agent doesn't start because if HyperV Enlightenments are enabled, the
virtualization gets detected incorrectly. Backport Systemd patch that fixes the
detection, allowing the guest-agent service to meet its dependencies.
This patch should be no longer needed after update of Systemd to v256, or in
case the patch gets eventually backported to the v254 stable branch.
Fixes#3565
* Relocate HAOS Systemd drop-ins to /usr/lib/systemd
With some exceptions, Systemd drop-ins overriding default unit configuration
have been placed to `/etc/systemd/system`. This is meant for user overrides of
those, or per `man 5 systemd.unit` for "system unites created by the
administrator". Relocate all of these to `/usr/lib/systemd` which should be
used as path for units "installed by the distribution package manager" which is
closer to what we're trying to achieve.
This will make it easier to detect changes to unit files once we enable the
possibility to edit the content of /etc.
* Patch systemd-timesyncd.service instead of replacing it fully
If the system fails to boot, some kernel messages may not be shown before the
system fully boots. Enable the debug option for rescue shell options to have an
easy way to see those without modifying GRUB options. This will increase log
verbosity and turn on debug logging for Systemd as well [1].
[1] https://www.freedesktop.org/software/systemd/man/latest/systemd.html#debug
Bump labgrid to latest release. None of the changes require adjustments in the
tests. Remove pytest from requirements.txt, it's not needed anymore, so let pip
to resolve the correct (latest) version from labgrid's dependencies. With these
new dependencies, previous DeprecationWarnings on Python 3.12 are gone now.
* Update Docker to v27.2.0
Update Docker and containerd to latest supported version.
* buildroot a2c10a16a0...c68e03d96b (3):
> package/containerd: bump version to v1.7.21
> package/docker-cli: bump version to v27.2.0
> package/docker-engine: bump version to v27.2.0
* package/hassio: update DinD container to v27.2
If an attempt to access R2 artifacts is made before the files exist, the 404
reply gets cached and it's not possible to access the file after it's been
created without purging the cache, essentially doing a cache poisoning for
future build artifacts. To avoid it, list all files that have been created by
the build and call the purge cache API.
As there's a limit for number of files that can be purged in a single API call
[1], the GNU split utility is used to split intermediary list of files to
chunks of 30 URLs, which is then converted to a JSON array and passed to the
curl command.
[1] https://developers.cloudflare.com/api/operations/zone-purge#purge-cached-content-by-url
HP t520 have been reported to have the same issues as Atom boards with bad UEFI
firmware that doesn't work well with the new EFI loader used since GRUB 2.12.
Apply the patch to use legacy loader for its CPU ID as well.
Fixes#3557
Fix AX210 firmware files, this time for real. In #3549 we still had only
ucode and pnvm files for AX211, AX210 was still missing the pnvm file,
because its ucode was provided through IWLWIFI_22000 without appropriate
pnvm file. Both AX210 and AX211 firmwares are now installed with
IWLWIFI_6E which includes both pnvm and ucode files.
Also some firmwares which are not used by the current kernel can be
removed, because the kernel always only loads the most recent one.
* buildroot 01188d9c38...a2c10a16a0 (2):
> Revert "package/linux-firmware: exclude some files from compression"
> package/linux-firmware: fix AX210 support, stick to latest supported ucode API, reorganize the split
Fixes#3477
Since updating to Buildroot 2024.02, the iwlwifi loads a different version of
firmware for Intel AX cards (reported on AX210) which also needs the pnvm file.
However, unlike firmwares, the load method is different and the driver can't
load a compressed file. Disable compression for all .pnvm files to fix this.
* buildroot baa16784d2...55be56d521 (1):
> package/linux-firmware: exclude some files from compression
Fixes#3477
(cherry picked from commit d3a43a4ca4)
Since updating to Buildroot 2024.02, the iwlwifi loads a different version of
firmware for Intel AX cards (reported on AX210) which also needs the pnvm file.
However, unlike firmwares, the load method is different and the driver can't
load a compressed file. Disable compression for all .pnvm files to fix this.
* buildroot baa16784d2...55be56d521 (1):
> package/linux-firmware: exclude some files from compression
Fixes#3477
With #3523 as inspiration, it might be useful to wait for buttons to be
released, e.g. in case when they become stuck. Also indicate the button
operation (wipe, boot files removal, UMS) has been handled by turning on the
yellow LED.
* Improve LED naming in U-Boot DTS
Port Stefan's patch from Linux patchset to U-Boot.
* Implement device wipe using the hardware button on Green
Unlike Yellow, Green doesn't have a way to easily wipe the device, e.g. if the
user forgets the password - in that case the only option is to use a microSD
card and reflash the system. Fortunately, Green has a hardware button wired to
the PMIC chip which exposes the button state in one of the registers. Read this
value in U-Boot and decide if cmdline flag for device wipe should be set - same
as we do on Yellow.
Also enable LED driver and command in U-Boot. In the current implementation, if
the button is held for ~5 seconds when plugging in the device (this time
includes DDR training, SPL, etc.), the yellow LED turns solid to indicate wipe
is about the start. When the Linux kernel starts, the kernel LED driver takes
over and starts blinking in heartbeat pattern. Because it takes a while to load
the kernel, the LED stays solid for 2-3 seconds, which should be enough to
recognize it was acknowledged.
* Wait for button to be released before wiping
Enable NTFS and exFAT drivers, as they're not in defconfigs of all platforms and may be useful when mounting removable drives.
Fixes#2723
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
With default console on HDMI (tty0), we lost the console on the serial port. It
may be useful for debugging, let's enable it for new installs with the same
speed as bootloader (to avoid the need for baud rate switching).
Follow-up to #3412. While we haven't seen any issues so far, it's mentioned in
the original patch series we took inspiration from that HS200 works more
reliably, so enable it in Green's defconfig by amending the patch.
(cherry picked from commit 0452965fb0)
While mksquashfs uses this value by default, Genimage's default is 4K. This is
far too low value and results in slower kernel load, especially on embedded
boards with a flash drive. Explicitly set it to 128K to generate same images as
in pre-genimage builds.
(cherry picked from commit edba18f6c4)
We previously reverted the bump because we were unsure where the eMMC issues
are coming from. Now we know some of them were caused by incompatible eMMCs
then never worked from the beggining, and attempt to fix them (by changing the
frequency) caused some other side effects. Bump U-Boot back to the version used
generally and continue from there.
(cherry picked from commit 50a0062ee6)
Follow-up to #3412. While we haven't seen any issues so far, it's mentioned in
the original patch series we took inspiration from that HS200 works more
reliably, so enable it in Green's defconfig by amending the patch.
While mksquashfs uses this value by default, Genimage's default is 4K. This is
far too low value and results in slower kernel load, especially on embedded
boards with a flash drive. Explicitly set it to 128K to generate same images as
in pre-genimage builds.
We previously reverted the bump because we were unsure where the eMMC issues
are coming from. Now we know some of them were caused by incompatible eMMCs
then never worked from the beggining, and attempt to fix them (by changing the
frequency) caused some other side effects. Bump U-Boot back to the version used
generally and continue from there.
* add Documentation category
* add Dependencies (to easily filter them out if not needed in changelog)
* adjust the order a bit to have user-facing changes first
* Test landing page is reachable without internet connection
Add test that checks user is able to access the landing page even when HAOS has
no internet connection. We still need some sort of outgoing connectivity, so
outgoing connection attempts don't end up with "network is unreachable". To
simulate this, restricted network is created for the QEMU instance used in the
test, and when everything is started, unresponsive default gateway is added.
This intents to test regression that was fixed by
home-assistant/supervisor#5204, Supervisor 2024.7.0+ is thus needed for this
test to pass.
* Bump requirements for tests
* Use GRUB2 legacy loader only on some Intel Atom boards specifically
Previous revert of GRUB2 change that introduced usage of the generic EFI loader
for all x86 boards in #3324 caused regressions, the one confirmed is #3348.
This commit adds a specific patch that identifies the broken platforms based
on SMBIOS data gathered in #3305 and falls back to the legacy loader there.
Tested on Intel D525MW (falls back) and QEMU (no fallback).
* Enable GRUB's smbios module
Having smbios command in GRUB can help in future debugging, e.g. to add more
CPUs that should use the linux loader fallback.
Genimage sets the first usable LBA to the offset of the first partition. While
it shouldn't be an issue in theory, Windows may do some nasty things with the
GPT header afterwards which breaks the Raspberry Pi bootloader, manifesting as
Before purpose of this behavior is clarified in [1], add a downstream patch
that sets the first usable LBA back to 34, which was the value that was used
before migrating to Genimage in #3388. Since changing this value (hopefully)
doesn't have any other consequences, and the images now should be closer to
pre-genimage builds, no more side-effects are expected from this change.
[1] https://www.github.com/pengutronix/genimage/issues/262Fixes#3437
Rockchip config fragment had EROFS compression explicitly disabled. Remove that
option and also remove the EROFS one, as it's already set in common config.
Reduce verbosity from deactivated Docker mounts, triggered by the Docker
healthcheck. These messages do not carry any value for us and logs supplied by
users are often spammed mostly with these. Moreover, they sometimes cause
confusion that something is wrong, see for example #3021.
Unfortunately, it's not possible to use LogFilterPatterns= here, because it's
not applied to these messages, as explicitly said in the docs:
Filtering is based on the unit for which LogFilterPatterns= is defined
meaning log messages coming from systemd(1) about the unit are not taken
into account.
runc 1.2.0 supposedly should fix this, but it's unclear when it would be
available, so let's stick to this solution (reducing verbosity from debug to
notice for all units `run-docker-*.mount`) for the time being.
* Use name.sh functions for paths in genimage
Paths for images generated outside of genimage were not used in genimage
definitions. Use them as the single source of truth.
Images generated by genimage itself (e.g. kernel.img) don't need to use those
functions, so remove the unused ones.
* Use EROFS instead of SquashFS for root FS
* Enabled EROFS in common kernel fragment
* RootFS image switched to EROFS with options to get decent compression
* rootfstype removed from kernel command line
* Get size of correct FS image in GH build summary
While not as bad as in 87a6c84, because the grubenv already exists in the
image, RAUC still complains about missing ORDER on the very first boot on
aarch64. Populate the environment in the same way as we do for other GRUB
platforms.
With upgrade path enforced in standard HAOS upgrade procedure, we don't need to
keep some old code anymore. This means that upgrade from some very old HAOS
version (pre-8.0) to HAOS 13+ will fail in the install-check hook but this is
rather desirable.
RAUC currently doesn't know the version of the booted slot when booted for the
first time or after wiping the data partition. As a result `ha os info` is
missing this information too.
As there's no built-in mechanism for generating these data by RAUC itself, add
a oneshot service that checks if the boot slot information is contained in the
rauc.db and if not, then generate it.
RAUC seems to cope quite well even with bogus data contained in rauc.db but in
any case, a test has been added to check that everything works as expected.
On the very first boot, grubenv doesn't exist and loading and saving it
silently fails. However, it is later created by the hassos-persists script and
the missing information are added by grub.cfg on the next boot. As the
consequence, when RAUC tries to get information from grubenv on the first boot,
ORDER variable is missing and the slot is reported as bad.
Fixes#3376
We still face occasional build errors when fetching from the Docker registry
fails and is not retried with the Skopeo's built-in retry mechanism that was
enabled in #1866. This happens on some network failures, or when premature EOF
is returned when fetching the HTTP data. Seems we're not the only ones having
such issues [1].
To workaround this, add a generic retry shell function that simply retries when
the command ends with a non-zero status, no matter what was the actual cause of
the error.
[1] https://www.github.com/containers/common/issues/654
Very often we have to ask for further details about the hardware that HAOS is
running on. Add a required field that asks for these details - in the end it
should't complicate the form a lot and might result in faster turnaround of
resolving the issues.
Also adjust the question about the upgrade and swap the order (people often
don't care and keep the pre-selected value).
When Green starts, there is an error indicating the MMC write failed when
saving the bootstate:
storing env...
MMC write: dev # 0, block # 1214464, count 64 ... mmc write failed 0 blocks written: ERROR
This results in the boot count not being updated properly if the boot fails.
Seems to be a known issue for this platform, disabling the DDR52 mode (which is
the same what upstream does for other RK356x boards [1]) fixes the issues and
the bootstate is updated correctly.
[1] https://patchwork.ozlabs.org/project/uboot/patch/20240204205312.2342868-2-jonas@kwiboo.se/
As we don't have proper solution for #3319 and #3351 yet, revert to
previous U-Boot which was proven working. This is intended as a
workaround but as there's nothing in the latest U-Boot that will be
really missed on N2, we can stay on the older version for the time
being.
This also means reverting the "40 MHz hack" back to the 24 MHz one.
Since this patch only applies to N2 (meson gx), it can stay along the
common hardkernel uboot patches.
The compression is necessary for successful generic-x86-64 build.
* buildroot 770f939463...b9520eedc6 (1):
> package/linux-firmware: fix compression after bad merge
* Bump buildroot to 2024.02.3
* buildroot 691077e577...770f939463 (1):
> Merge tag '2024.02.3' into 2024.02.x-haos
* package/hassio: update dind to version 26.0 used in current buildroot
* Use Genimage for declarative image layout instead of s[fg]disk and dd
* Change partition type to hybrid for M1, M1S and Green
This is what it really is, so just make sure only one "fix" function is
called.
* Change efi BOOT_SYS to gpt
There is no reason to have separate efi and boot sys, since all boards
that use efi also use grub as the loader.
* Change BOOT_SYS to more explanatory PARTITION_TABLE_TYPE
* Add units to DISK_SIZE
* Add forced-primary patch and use it in MBR images
* Avoid disabling SC2155, remove old comments
The preferred console (which is used for printing the systemd boot log)
is the last one specified in the cmdline boot arguments. Make sure it is
always tty0, i.e. the first graphical console.
In some places tty1 was used - change it to tty0 which is commonly used,
and in HAOS points to tty1 anyway.
The only exception is the Yellow, which doesn't have an HDMI port, so
the serial console is used as the preferred one instead.
For ASUS Tinker, use a versioned cmdline.txt file instead of in-place
generating it in the post-build hook.
* RaspberryPi: Update kernel to 6.6.31 - stable_20240529
* Unify Linux patches after RPi update to non-conflicting 6.6.31
* Bump buildroot to update rpi-firmware
* buildroot 9af2384782...691077e577 (1):
> package/rpi-firmware: bump to version 1.20240529 for kernel 6.6.31
* Reintroduce IPv6 reachability probe patch for RPi lost after refactoring
In #3384 we moved the patches around, which results in version-specific
patches not applied for RPi linux-custom build. Copy the missing IPv6
reachability probe patch to the RPi patches directory.
* Only copy IPv6 reachability probe patch to top-level linux patches
Instead of copying the patch to RPi directory and renumbering the
patches, only copy it upper level so it's applied for all linux versions
other than 6.6.31.
* Linux: Update kernel to 6.6.31
* https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.6.31
* Update patch workarounding Z-Wave.me USB issues
Linux commit 480c3abbba36628dab063b9ca218bb28090e5b46 changed code that
is reverted by the patch. Use a version-specific patch directory again
for upstream Linux patches before RPi kernel is updated to 6.6.31+.
ODROID M1, M1S and Green historically used git repo as the source. Now
that we use the same version for all boards, use always use distribution
tarball for consistency and more efficient caching.
Cherry-picked downstream-only patch lost in Buildroot 2024.02 bump.
* buildroot 34e790c5da...9af2384782 (1):
> package/openvmtools: bump version to 12.3.0
Fixes#3366
RPi 5 config uses BR2_LINUX_KERNEL_INSTALL_INTREE_OVERLAYS which builds
the device tree overlays from the Linux tree when building the kernel.
The overlays directory also contains overlay_map.dtb which is necessary
to correctly map overlays without RPi version suffix to the
platform-specific ones. Without this, some peripherals may not work
correctly on Pi 5 without any obvious error messages in the kernel log
because an incorrect (Pi 4) overlay is used as the default.
Fixes#3321
* buildroot cc0481f40e...0a64bfe8f1 (1):
> Install overlay_map.dtb when using in-tree DT overlays
(cherry picked from commit fce19b7846)
Enable libkcapi in generic kernel config. The bloat is minimal and the
options are enabled on most distributions. These modules are also needed
for Bluetooth Mesh and adding them fixes compatibility with some HCI USB
adapters.
Fixes#3322
(cherry picked from commit 67315f86d4)
RPi 5 config uses BR2_LINUX_KERNEL_INSTALL_INTREE_OVERLAYS which builds
the device tree overlays from the Linux tree when building the kernel.
The overlays directory also contains overlay_map.dtb which is necessary
to correctly map overlays without RPi version suffix to the
platform-specific ones. Without this, some peripherals may not work
correctly on Pi 5 without any obvious error messages in the kernel log
because an incorrect (Pi 4) overlay is used as the default.
Fixes#3321
* buildroot cc0481f40e...0a64bfe8f1 (1):
> Install overlay_map.dtb when using in-tree DT overlays
Enable libkcapi in generic kernel config. The bloat is minimal and the
options are enabled on most distributions. These modules are also needed
for Bluetooth Mesh and adding them fixes compatibility with some HCI USB
adapters.
Fixes#3322
This fixes "Warning: your password will expire in 0 days." message
shown on tty login since Buildroot bump in HAOS 12.2.
* buildroot 9f5750121a...d29893dd98 (1):
> package/linux-pam: bump to version 1.6.1
GRUB 2.12 release contains a change of the loader [1] used for loading
the kernel on x86_64 platform. This change was identified to cause boot
failure on some old Intel Atom boards with the NM10 chipset, and
possibly some others. Revert this patch before we get a more proper fix
for the issue.
[1] https://git.savannah.gnu.org/cgit/grub.git/commit/?id=cfbfae1aef0694b416aa199291cfef7596cdfc20Fixes#3305
It seems that forcing 24MHz clocks is problematic for newer 32GB
Kingston based eMMC modules on ODROID-N2(+). Use what downstream
U-Boot is using as f_max, which is 40MHz.
Fixes: #3227
With #3281 we hit the maximum length of the quirks parameter. Since
cmdline.txt changes are not applied on OS update, only new installs of
12.2 are affected, effectively disabling all quirks until this patch
lands in future OS release.
Fixes#3308
Make sure all Raspberry Pi devices using the BCM2837 SoC (or the SiP
version RP3A0 of it) are deployed. This especially makes sure that
we only deploy the downstream device trees (named bcm2710*) and deploy
device trees for the CM3 as well as the Zero 2 and Zero 2 W consistently
for 32-bit and 64-bit.
* RaspberryPi: Update kernel to 6.6.20 - 6f16847710cc0502450788b9f12f0a14d3429668
Used version specified in RPi OS release notes [1].
[1] https://downloads.raspberrypi.org/raspios_arm64/release_notes.txt
* Update RPi Buildroot defconfigs for v6.6.y kernel
* Update RPi kernel patches for v6.6.y kernel
* Amended old patches to accomodate for new DTS paths
* Removed 6.6.25 patches -> moved to the common folder
* Added patch to fix Yellow DTS compilation
* Bump buildroot to update rpi-firmware
* buildroot b45d671fe3...9f5750121a (1):
> package/rpi-firmware: bump to version for (untagged) kernel v6.6.20
* Remove kernel v6.1.y config fragments, as they're not needed anymore
* Only run HA CLI interactively if stdout is a terminal
Flags for running HA CLI commands in an interactive shell added in #3238
cause the command to fail if the process is not running in a terminal.
This is needed for example for the fsfreeze hook, otherwise the command
fails, as seen in this trace when the hook is executed:
-----------
+ '[' thaw '=' freeze ]
+ '[' thaw '=' thaw ]
+ echo 'File system thaw requested, thawing Home Assistant'
File system thaw requested, thawing Home Assistant
+ ha backups thaw
the input device is not a TTY
------------
However, for example on Proxmox this message is not logged anywhere and
the hook just fails silently (i.e. it doesn't cause the backup to fail).
Fixes#3251
* Use -i also when not running in a terminal
(cherry picked from commit 78d281fce1)
CP15 barrier instruction emulation only exists on arm64 architecture.
Avoid sysctl writing an error to the journal when the setting doesn't
exist by prepending a dash.
(cherry picked from commit 889b561ca1)
Booting from a ADATA SD600Q fails when connected to a USB 3.0 port on RPi4. Adding it to the quirks list resolves the issue.
(cherry picked from commit 5ee9cef8c8)
* Only run HA CLI interactively if stdout is a terminal
Flags for running HA CLI commands in an interactive shell added in #3238
cause the command to fail if the process is not running in a terminal.
This is needed for example for the fsfreeze hook, otherwise the command
fails, as seen in this trace when the hook is executed:
-----------
+ '[' thaw '=' freeze ]
+ '[' thaw '=' thaw ]
+ echo 'File system thaw requested, thawing Home Assistant'
File system thaw requested, thawing Home Assistant
+ ha backups thaw
the input device is not a TTY
------------
However, for example on Proxmox this message is not logged anywhere and
the hook just fails silently (i.e. it doesn't cause the backup to fail).
Fixes#3251
* Use -i also when not running in a terminal
CP15 barrier instruction emulation only exists on arm64 architecture.
Avoid sysctl writing an error to the journal when the setting doesn't
exist by prepending a dash.
Since buildroot commit 3ceb8c97bcb6753740fa27a58b8e0dc00dbbbd19, systemd
has new option BR2_PACKAGE_SYSTEMD_VCONSOLE_DEFAULT_KEYMAP which
defaults to "us". With this option specified, systemd-console depends on
kbd package and causes the following message to be printed during
startup on HAOS:
systemd-vconsole-setup[253]: sh: gzip: not found
This comes from the loadkeys call which tries to open the gzipped file,
so likely the kbd package should also depend on gzip. However, since we
don't want the kbd package at this point, I'm leaving this for later
investigation and simply unsetting the new option to revert to
pre-2024.02 setup.
List Nabu Casa appliances under boards README.md
* Home Assistant Green
* Home Assistant Yellow (based custom carrier board and powered by a Raspberry Pi 4 Compute Module)
* Home Assistant Blue (based on ODROID-N2+)
The official description says:
Multipath TCP (MPTCP) connections send and receive data over multiple
subflows in order to utilize multiple network paths. Each subflow uses
the TCP protocol, and TCP options carry header information for MPTCP.
Thanks to MPTCP, being able to use multiple paths in parallel or
simultaneously brings new use-cases:
- Seamless handovers: switching from one path to another while
preserving established connections -- Apple is using it for this
reason since 2013.
- Best network selection: using the "best" available path (latency,
losses, cost, bandwidth) -- one path can be used as a "backup" one.
- Network aggregation: using multiple paths at the same time to have a
higher throughput -- e.g. to combine a fixed an mobile network to
send files faster.
For example, for HA, it is possible to keep a SSH connection alive when
switching from one network to another (e.g. while travelling).
To be able to use MPTCP, both ends need to support it. An application
has to request it, by creating an MPTCP socket instead of a TCP one.
The rest in unchanged. An alternative is to use 'mptcpize' tool, which
relies on LD_PRELOAD to create an MPTCP socket instead of a TCP one.
Note that a MPTCP-enabled server continues to accept regular TCP
connections that do not use the Multipath TCP extension without any
performance impact. When a connection request is received, and is linked
to a listening socket with MPTCP support, the kernel will simply check
if MPTCP options are present. If not, the accepted socket will be a
"plain" TCP one, with the same impact as before.
To use multiple paths at the same time, additional IP addresses need to
be configured, e.g. via the 'ip' tool (IPRoute2).
MPTCP in the kernel is enabled in most main Linux distributions (Debian,
Ubuntu, RedHat, Fedora, etc.), but in more specific ones like Raspbian.
It is available in the Linux kernel since v5.6.
Signed-off-by: Matthieu Baerts (NGI0) <matttbe@kernel.org>
* Update Buildroot to tag 2024.02 with rebased HAOS patchset
* udisks2: update to v2.10.1
* Updated to version 2.10.x compatible with libblockdev v3
* Rebased patches to new codebase
* Autoreconf patch is not needed anymore
* libblockdev-nvme is now hard dependency of udisks daemon
* patches/grub2: remove upstreamed efidisk patch
* patches/network-manager: update multiple gateway patch
* package/os-agent: fix go download
After the Go update, build fails with the following error on mod vendor:
GOPROXY list is not the empty string, but contains no entries
Turns out this step is not having the environment variables set, use
those used for download to fix it.
* package/xe-guest-utilities: set DL env for go mod vendor
* Bump buildroot to fix missing unit file from nfs-utils
* buildroot 3f950a1aee...a1b2d12f32 (1):
> package/nfs-utils: only install fsidd binary and unit file with enabled nfsd
* CI: install flake8 for pr-checks runner
Use distribution package, as it's what's used in Buidlroot's Gitlab CI
Docker image at buildroot/support/docker/Dockefile.
* Disable check for Upstream section in the patch header for now
It was introduced in latest BR - disable it for now and re-enable
for HAOS in a later separate PR.
Fix regression caused by #3224 which introduced version-specific
directory for linux patches, causing the upper-level patch not being
applied. Copy the patch to the version folder instead. Also we need
to keep it in the upper directory for RPi kernels.
(cherry picked from commit 8226323a1b)
The test was missing --no-progress flag, which only manifested after
merging #3238 - causing the CLI to run in an interactive pseudotty.
(cherry picked from commit 122dd1c288)
Use -i (--interactive) and -t (--tty) to start the HA CLI interactively.
This is required by some commands like the new device wipe command added
with https://github.com/home-assistant/cli/pull/464.
(cherry picked from commit fe1978f98f)
Fix regression caused by #3224 which introduced version-specific
directory for linux patches, causing the upper-level patch not being
applied. Copy the patch to the version folder instead. Also we need
to keep it in the upper directory for RPi kernels.
Use -i (--interactive) and -t (--tty) to start the HA CLI interactively.
This is required by some commands like the new device wipe command added
with https://github.com/home-assistant/cli/pull/464.
The in-tree driver introduced in HAOS 12.0 is having random issues,
so revert back to the stable OOT driver that was used before for now.
Also it add it to RPi 2 and Yellow where it's been missing the whole
time.
Fixes#3205
Revert changes in the USB driver causing Z-Wave sticks (Z-Wave.me a
and Aeotec at least) failing to enumerate. Issue is reported upstream
but reverting the patches is a feasible workaround for the time being.
Refs #2995
Remove the mentions of petitboot, as it's not normally used on M1S.
Document possibility to use SD card boot and alternative method of
reflashing the eMMC from an OS running from an SD card.
With recent change of Azure VM type, the disk layout has changed and
the build of ova target fails with insufficient space. Since there
is now plenty of space on /mnt partition, we can use that, just like
we've been using it for cache for now.
Ref: https://github.com/easimon/maximize-build-space/issues/39#issuecomment-1935591779
* Copy Odroid-m1 config for new odroid-m1s board
* config: Adjust names and paths for odroid-m1s
* configs: Use rk3566 blobs for ATF
* set correct fdt in uboot.ush
* Add linux patches with Odroid-m1s devicetree
Synced from Hardkernel unofficial 6.1 tree
ae33b44557/arch/arm64/boot/dts/rockchip/rk3566-odroid-m1s.dts
With additional cleanup and fixes for mainline linux
* Add Odroid M1S to Github actions
* uboot: Patch boot order to set SD Card first
* Create u-boot placeholder partion for odroid-m1s also
* Switch u-boot to full odroid-m1s config
* cherry-pick emmc stability improvements
* Generalise u-boot to use ${devtype} instead of hardcoded mmc
* Remove deprecated snps, reset options from device tree
* re-enable uboot ethernet
* Create common kernel config for Rockchip aarch64 boards
* Green: drop kernel option already included in main config
* Move rockchip RNG patchset to common folder
* Odroid-m1 has no board specific patches now
We added drivers for Realtek cards readers in #3005, however it also
needs MMC drivers in order to make card reading possible. Enable both
USB and PCI versions of those (each about ~40 kB).
Fixes#3167
* Update issue template with better links to logs, add CLI instructions
Legacy supervisor_logs target (which is currently kind of broken) replaced
with standard logs with provider specified. Added instructions how to get
logs in HA CLI.
* Apply suggestions from code review
Co-authored-by: Stefan Agner <stefan@agner.ch>
* RaspberryPi: Update kernel to 6.1.73 - stable_20240124
* Bump rpi-firmware to version for RPi Linux 6.1.73
* buildroot f844f7f725...0ab96d7c0d (1):
> package/rpi-firmware: bump to version for stable_20240124 kernel
ODROID XU4 fails to boot after update to Linux 6.6. Comparing downstream
kernel config with upstream exynos defconfig shows it has various lockdep
options enabled, and PROVE_LOCKING seems to be the one that causes the
issue. It seems it (or any of PROVE_RCU, TRACE_IRQFLAGS or
PREEMPTIRQ_TRACEPOINTS) which get enabled along with it) probably
triggers some timing issues on the I2C bus, which causes the main PMIC
to fail to properly initialize all voltages.
Since these options should not have any real impact on our system, the
easiest option is to disable them. If we need them, or want to stay
closer to upstream defconfig, further debugging is needed.
Fixes#3137
We originally enabled it in 0ebcdcb9dc
but later reverted the patch in 5b927389b8
because of backward compatibility issues. Since we're going to 12.0,
there is now hopefully enough room for seamless transition.
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Use separate path for v6.1.y and v6.6.y kernel config fragments
Since we're now maintaining Linux configs for two different versions,
it may happen that we want to add some options only to one of the
versions. While the Kconfig might figure the invalid options itself,
our config checking tooling would spam us with warnings. This commit
splits the configs to two directories. This pattern is used only for
the common fragments, more specific ones are usually sharing the same
Linux version anyway.
* Add back options removed in v6.6.y to v6.1.y kernel config fragments
* Linux: Update kernel 6.6.15
* Update buildroot packages to work with Linux 6.6
* Fix top-level and pc patches of linux
* Update tinker patch series
* Drop Odroid M1 patches
M1 is now supported in upstream.
* Update Hardkernel patches
Needed larger refactoring because of 379ae64609c7a3301b60483eb65bd8bc78f76328
* Update Green patches
* Update Odroid XU4 patches
Removing the TMU patch/hack for now, need to check if it's still needed.
If it is indeed, then it needs slighter rewrite.
* Move Rockchip RNG patches to M1 and Green dirs
* Update rtl88x2bu package to fix build
* Update gasket package to fix build
* Fix eq3_char_loop build
* Use fan53555 instead of custom rk860x driver
* Fix kernel base configs and fragments after 6.6 update
Mostly removed options that have been removed between releases. Only
a few options have been renamed, then there's bunch of options that
had dependencies added so they are available only on some architectures,
which are not those that we're using.
* Remove deprecated regulator-compatible from Green DTS
Generate list of changelogs if we're bumping to the next patch release.
If major or minor version is bumped, the commit message contains only
the title, like before.
Also fix English in the commit title of RPi bump.
Odroid M1 was using 1056 MHz blob for RAM training, although it can run
at 1560 MHz. Use the correct file for M1 and update it to latest version,
along with ARM Trusted Firmware blob.
(cherry picked from commit 1f45aaf359)
We don't really use the MMC environment, so disable it by default. This
prevents the following warning at startup:
Loading Environment from MMC... *** Warning - bad CRC, using default environment
(cherry picked from commit f263326ef8)
It seems that the Ethernet initialization in U-Boot causes significant
packet drops in Linux on some board. On a ODROID-M1 with 8GB of RAM, a
packet loss rate of ~20% has been observed. From the user point of view
it feels like a massive slow down (SSH feels very slow, Home Assistant
loads very slow or not at all).
Disabling the Ethernet controller driver avoids initialization in U-Boot
and makes Ethernet work correctly again in Linux.
While at it, drop the previously board specific configs. They haven't
been used and the board seemed fine without them.
(cherry picked from commit bd3cae5300)
Odroid M1 was using 1056 MHz blob for RAM training, although it can run
at 1560 MHz. Use the correct file for M1 and update it to latest version,
along with ARM Trusted Firmware blob.
We don't really use the MMC environment, so disable it by default. This
prevents the following warning at startup:
Loading Environment from MMC... *** Warning - bad CRC, using default environment
It seems that the Ethernet initialization in U-Boot causes significant
packet drops in Linux on some board. On a ODROID-M1 with 8GB of RAM, a
packet loss rate of ~20% has been observed. From the user point of view
it feels like a massive slow down (SSH feels very slow, Home Assistant
loads very slow or not at all).
Disabling the Ethernet controller driver avoids initialization in U-Boot
and makes Ethernet work correctly again in Linux.
While at it, drop the previously board specific configs. They haven't
been used and the board seemed fine without them.
Enabling CONFIG_EXPERT, which was a dependency of some options we try
to set by our config fragments, had a side-effect of toggling some other
options, most importantly the framebuffer console support. Enable the
options found by diffing old and new kernel configs.
Fixes#3112
(cherry picked from commit 3d234144a2)
Enabling CONFIG_EXPERT, which was a dependency of some options we try
to set by our config fragments, had a side-effect of toggling some other
options, most importantly the framebuffer console support. Enable the
options found by diffing old and new kernel configs.
Fixes#3112
* ../../../buildroot 55120df0b7...512a487366 (3):
> package/linux-firmware: add WiFi and BT firmware for MT7921 and MT7922
> package/dbus-broker: fix legal info
> package/rtl8821cu: fix legal info
Since we're using a custom os_prefix for dual boot on RPi 5, overlays
can be also present in different directories. Raspberry Pi's bootloader
has a strange feature that it only respects os_prefix if the directory
with overlays contains a README file:
https://www.raspberrypi.com/documentation/computers/config_txt.html#overlay_prefix
While rpi-firmware package touches the file when copying overlays to
the destination directory, for RPi 5 we are using BR2_LINUX_KERNEL_INSTALL_INTREE_OVERLAYS
option which does not copy or create it. Ensure it is present (no matter
if we're using intree on rpi-firmware overlays) in the hassos-hook.
Fixes#3079
(also removed invalid mention about the README from config.txt)
* Remove all non-existing kernel config symbols
* Remove unapplied x86 Intel sound options
These are missing various subsystem dependencies and were never in fact
enabled, assuming they're rather exotic and removing them completely.
* Add missing dependencies, adjust tristate values, remove nonsense
* Use KERNEL_LZ4 only for non-aarch64
Since aarch64 doesn't use self-extracting kernel:
https://patchwork.kernel.org/project/linux-arm-kernel/patch/20190119185540.20526-1-tobias.johannes.klausmann@mni.thm.de/
* Extract PCI options to device-support-pci fragment (renamed from device-support-pcie)
RPi 4+ should use this fragment too, since CM4 has PCIe support.
* Rename RPi's kernel-32b fragment to kernel-armv7
* Bump U-Boot to 2024.01 for Raspberry Pi and Home Assistant Yellow
* Regenerated using --no-thread
By default git creates some email headers. We can minimize them using
--no-thread.
* Fix build for Yellow
* Update U-Boot for ASUS Tinker Board
* Update U-Boot for Khadas VIM3
* Update U-Boot for ODROID-M1
* Update U-Boot for Home Assistant Green
* Update U-Boot for ODROID-C2/C4/N2/XU4
It seems that the PCIe driver is not enabled for Khadas VIM3. Enable it
by default.
Note to make use of the M2X extension board, the following commands need
to be executed on the U-Boot command line:
```
HAOS> i2c dev 0
Setting bus to 0
HAOS> i2c mw 0x18 0x33 1
```
Wrong arch for arm64 produces few false check results resulting
from some symbols in arm64 tree not being loaded. We can use raw
$(ARCH) variable for arm, only need to translate aarch64 -> arm64.
Using apt-key for managing Debian repo keys has been deprecated for a
while now. While it currently works ok, seems to be broken in bookworm. This migrates to storing keys in trusted.gpg.d as recommended by the warning messages when using apt-key.
* buildroot 153f1461f6...55120df0b7 (8):
> package/linux-firmware: bump version to 20231211
> package/linux-firmware: bump version to 20231030
> package/linux-firmware: add iwlwifi quz firmware
> package/linux-firmware: add new option for Marvell prestera firmware
> package/linux-firmware: bump version to 20230804
> package/linux-firmware: bump version to 20230625
> package/linux-firmware: add QCA9377 BT firmware
> package/linux-firmware: bump version to 20230515
Path to cmdline is set in tryboot.txt to cmdline-tryboot.txt before
attempting A/B boot. After successful boot, tryboot.txt is relocated
to config.txt, yet the config path of cmdline is not changed and remains
set to cmdline-tryboot.txt which doesn't exist anymore at that point,
causing following reboots to fail.
Fixes#3065
The value of ```self_signed_cert``` is being set incorrectly, resulting in a failed build, as the self signed certs aren't copied correctly.
Updated so the value is set from ```self_signed_cert``` and not ```self_signed```
* Revert kernel patch causing failures on CIFS share disk usage
The issue was reported upstream, waiting for a fix there. Reverting the
patch for a quick resolution of the bug that breaks some things in HA
and add-ons badly.
Refs #3041
* Move the patch to 6.1.71 subdirectory
That way Raspberry Pi's kernel won't be patched (unless it's the same
version which it's currently not).
The Raspberry Pi 2 was based on Cortex-A7 in first revisions, then
Cortex-A53. However, both ar armv7 architectures, and that is also how
the Operating System itself is configured. Use the correct architecture
for Supervisor.
The hassos-supervisor script should recreate the container
automatically on first boot after update.
Since Supervisor itself is written in Python this shouldn't affect much.
However, the Supervisor uses it's architecture as default architecture
when building local add-on and uses it as default architecture for
multi-arch container images. This is also where this error got noticed
(see https://github.com/home-assistant/supervisor/issues/4402#issuecomment-1865979421).
The Raspberry Pi 2 was based on Cortex-A7 in first revisions, then
Cortex-A53. However, both ar armv7 architectures, and that is also how
the Operating System itself is configured. Use the correct architecture
for Supervisor.
The hassos-supervisor script should recreate the container
automatically on first boot after update.
Since Supervisor itself is written in Python this shouldn't affect much.
However, the Supervisor uses it's architecture as default architecture
when building local add-on and uses it as default architecture for
multi-arch container images. This is also where this error got noticed
(see https://github.com/home-assistant/supervisor/issues/4402#issuecomment-1865979421).
* Remove duplicated step uploading ova QEMU image for the test job
Instead of uploading the file twice with a fixed name, upload it in the
same step that is used for unpublished builds and pass the version string
to the test job.
* Update .github/workflows/test.yaml
Co-authored-by: Stefan Agner <stefan@agner.ch>
---------
Co-authored-by: Stefan Agner <stefan@agner.ch>
Generate the certificate only once and make it available. The preferred
option that doesn't generate warnings would be to use secrets in the
repository config, in that case no certificate is generated or archived.
Enable PCI card reader found on some Intel NUC models, along with the USB
drivers as well.
Adds two new modules (listed with size):
30104 /lib/modules/6.1.68-haos/kernel/drivers/misc/cardreader/rtsx_usb.ko
167240 /lib/modules/6.1.68-haos/kernel/drivers/misc/cardreader/rtsx_pci.ko
Fixes#2688
There is bunch of kernel config options that are not propagated
correctly to the kernel configuration after fragments are merged
and processed by Kconfig. Current Buildroot tools are not good at
discovering these - while we cleaned up most inconsistencies by using
linux-diff-config and output from the merge_config.sh script, there
are still options that were removed or get a different value than
intended because of dependencies, etc.
This commit adds a Python script that is using Kconfiglib to parse
current kernel's Kconfig files and the generated .config and compare
the requested values from individual kernel config fragments. The
script can be used manually by running `make linux-check-dotconfig`
from the buildroot directory (with path to BR2_EXTERNAL directory set)
and it's called also from the CI, where it generates Github Workflow
warning annotations when some of the values are not present or when set
incorrectly.
The kconfiglib.py is checked-in to the repo as well, because the library
is currently abandoned on PyPI and packaged version has a bug that causes
errors parsing Kconfigs in newer Linux versions, fixed in outstanding
pull request ulfalizer/Kconfiglib#119 - so version from this PR is used
here.
If pypi/support#2526 is ever resolved, we could remove it from our repo
and use pip for installing the package as a requirement during build
of the build container.
Add new firmwares and enable them for all targets.
Bloat in rootfs in my x86_64 test build was ~2.16 MiB.
Buildroot bump:
* buildroot 8a75878da4...4c89661fd1 (2):
> package/linux-firmware: add WiFi and BT firmware for MT7921 and MT7922
> package/linux-firmware: add rtw89 firmware files
Make it possible to run build on feature branches by adding a flag that
can be used to select whether the build output will be uploaded to the
R2 artifacts bucket or kept only as build artifact on GH. The latter is
also used for 3rd party repos, allowing builds in forked repositories.
Feature builds are using Unix timestamp as the dev version suffix. This
makes them easily distiguishable, yet it makes them appear to be newer
than standard daily dev version builds when compared by AwesomeVersion.
Compress firmware files from linux-firmware using ZSTD algorithm.
This should grant us some more space to add more firmwares and should
not have any major performance impact, because firmwares are not accessed
frequently.
Includes buildroot submodule bump:
* buildroot 07e08e01b2...8a75878da4 (1):
> linux-firmware: add option for firmware files compression
This allows for rudimentary image/partition size tracking between builds,
potentially this could be further extended with more useful information
about the build (TBD).
* Add initial Raspberry Pi 5 buildroot config
* Add machine-id support via cmdline.txt
* Add new entry if entry is missing
* Don't overwrite cmdline.txt when adding machine-id
Use sed to append the new cmdline parameter to the first line.
* Skeleton script for RAUC custom bootloader interface
* Deploy kernel/device-tree into a RAUC slot specific directory
This allows us to use the os_prefix feature to switch between slot A and
B. Compared to the boot_partition option, this option allows to use a
shared config.txt and cmdline.txt, which makes it more like how HAOS
currently works on other Raspberry Pis.
* Deploy new kernel/device-tree to correct slot on installation
* Increase boot size to 128MB
This makes sure we can store up to three kernels (slot A, B and an
temporary one while installing the OTA update).
* Initial tryboot implementation using os_prefix
* Make sure to delete the old slot completely
* Add Busybox xargs for tryboot bootloader script
* Compare tryboot bootloader file silently
* Revert "Increase boot size to 128MB"
This reverts commit 7f2c69b58f02f500d6aeee4f0a419046899b5e38.
* Use compressed kernel
* Address shellcheck
* Address shellcheck issue in rauc-hook
* Fix shellcheck for rpi-tryboot.sh
* Do not follow source - it gets checked separately
* Correctly set the slot to boot
* Apply suggestions from code review
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop serial console from default cmdline.txt
* Resync rpi5_64_defconfig with rpi4_64_defconfig
* Improve machine-id match
Only match actual hexadecimal characters.
* Deploy firmware overlays to OS prefix directory
* Add Raspberry Pi 5 to documentation
* Bump buildroot
* buildroot fd1dc86f40...f13ad03408 (1):
> linux: add in-tree device tree overlay support
* Install device tree overlays from Kernel sources
* Drop RPi RF modules for now
No Raspberry Pi 5 specific device tree overlays are available, drop RPi
RF mod for now.
* Use Raspberry 5 specific identifiers for Supervisor/OS Agent
* Bump buildroot
* buildroot f13ad03408...07e08e01b2 (1):
> linux: fix add in-tree device tree overlay support
* Revert "Drop RPi RF modules for now"
This reverts commit 46fc1701e4.
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
There is no sanity check when creating OS images, so when some of the
partitions gets too big, part of its data may get overwritten by the
following partition, resulting in corrupted image. Add checks for the
defined partition sizes and bail out if they're too big.
* Fix Supervisor image corruption detection
When multiple images match the reference, multiple IDs are passed as a
single argument to docker image rm, leading to an error:
Error response from daemon: page not found
Make sure to pass the ids as separate argument to make the delete work
in any case.
* Cleanup reusing Supervisor from an old/unused reference
As noted in #2113, we don't need this logic anymore after a major OS
releases. So simply drop the logic to also make the image corruption
detection work again.
* Make sure image IDs are sorted to make them unique
Current mainline contains support for two more WiFi cards in the mt7921u
driver that only use a proprietary VID/PID but are compatible with the
standard driver. Backport support for those via a simple driver patch.
Fixes#2926
* Fix Supervisor image corruption detection
When multiple images match the reference, multiple IDs are passed as a
single argument to docker image rm, leading to an error:
Error response from daemon: page not found
Make sure to pass the ids as separate argument to make the delete work
in any case.
* Cleanup reusing Supervisor from an old/unused reference
As noted in #2113, we don't need this logic anymore after a major OS
releases. So simply drop the logic to also make the image corruption
detection work again.
* Make sure image IDs are sorted to make them unique
Preemptively enable larger set of WiFi drivers for all platforms and add more firmwares for them with the aim to harmonize WiFi device support among all boards and to have implicit support of devices that users might want to use. Targets `generic_aarch64`, `generic_x86_64` and `ova` also include options and firmwares for cards that are using PCI/PCIe bus - support for these is in a separate config fragment.
Especially the `generic_x86_64` is currently very tight with the rootfs space, so I had to do some triaging and select only sensible drivers and firmwares - especially archaic PCMCIA devices or devices not supporting only 802.11g or lower standards were among the first that I removed during the triaging - we can consider enabling those but this time on an someone's explicit need to have them enabled.
This closes#2815 and replaces large part of #2761, also potentially addresses (at least) these: #2806, #2783, #2841, #2776, #2725, #2600
-------------
* Remove WiFi options from generic and board kernel config fragments
* Enable MMC in OVA kernel
This is needed for SDIO drivers to work. Use the same options as we
currently use for generic_x86_64.
* Add CRYPTO_MICHAEL_MIC to the common kernel config
This is requirement for TKIP and is a dependency of ATH11K driver.
* Add kernel config fragments with wireless cards support
* Add firmwares for WiFi cards
* Enable more Bluetooth device drivers
* Remove kernel HCI driver if no WiFi/Bluetooth module present (#2944)
If the WiFi/Bluetooth module is not present on the SDIO bus, remove the
HCI driver. This avoids hci0 interface to be present. Current Home
Assistant Core versions show a Bluetooth device as soon as a hci device
is present. With this change there won't be a Bluetooth device shown.
* Update buildroot-external/package/pi-bluetooth/hcidisable.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Do not start hciuart.service if krnbt is used
Avoid starting (and failing to start) hciuart.service if krnbt is used.
This avoid unnecessary failed services showing up.
* Update buildroot-external/package/pi-bluetooth/hciuart.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop duplicate bluetooth in path
* Avoid bthelper@hci0.service failing
* Revert "Avoid bthelper@hci0.service failing"
This reverts commit f79777e63e.
* Add ExecConditiono to bthelper@.service as well
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Remove kernel HCI driver if no WiFi/Bluetooth module present (#2944)
If the WiFi/Bluetooth module is not present on the SDIO bus, remove the
HCI driver. This avoids hci0 interface to be present. Current Home
Assistant Core versions show a Bluetooth device as soon as a hci device
is present. With this change there won't be a Bluetooth device shown.
* Update buildroot-external/package/pi-bluetooth/hcidisable.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Do not start hciuart.service if krnbt is used
Avoid starting (and failing to start) hciuart.service if krnbt is used.
This avoid unnecessary failed services showing up.
* Update buildroot-external/package/pi-bluetooth/hciuart.service
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop duplicate bluetooth in path
* Avoid bthelper@hci0.service failing
* Revert "Avoid bthelper@hci0.service failing"
This reverts commit f79777e63e.
* Add ExecConditiono to bthelper@.service as well
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Generate self-signed certificates for development
To simplify development generate a self-signed certificate on first
build. Also make sure that the self-signed certificate is being added
the RAUC keyring so that manual updates can be performed.
* Add self-signed certificat independent of deployment type
* Add a warning when building with self-signed certificate
Bluetooth initialization was broken on Yellow because RPi's kernel
started to use initialization by the kernel driver by default, yet
changes from the miniuart-bt overlay are applied directly to Yellow
DTS and had to be updated too. This commit replaces the previous
patch forcing the miniUART usage for Bluetooth with a new one which
is based on the current miniuart-bt-overlay.dts.
Also added a little warning to the RPi kernel bump script, so the
future me/us don't do the same mistake as I did.
* buildroot 20ea6bedda...a48cc458e7 (1):
> package/rpi-firmware: bump to version for stable_20231030 kernel
Reduce fully-expanded configs versioned in our repository to defconfigs
containing only the necessary options. Just like #2923, this change does
not alter the resulting kernel .config in any way for the affected
platforms (Tinker, Odroid C2/C4/N2).
For tinker and amlogic-based targets we're using checked-in kernel
configs generated by kconfig for some old kernel revisions. Check in
current config before we clean it up and reduce to a smaller stub later.
Clean up all kernel configs and fragments from non-existing kernel
options, invalid choice values and choices that trigger warnings
during kernel package configuration.
Here's an example of warnings triggered for Yellow:
.config:8531:warning: override: MODULE_COMPRESS_NONE changes choice state
.config:8536:warning: override: ZSWAP_COMPRESSOR_DEFAULT_LZ4 changes choice state
.config:8537:warning: override: ZSWAP_ZPOOL_DEFAULT_ZSMALLOC changes choice state
.config:8543:warning: override: CPU_FREQ_DEFAULT_GOV_ONDEMAND changes choice state
.config:8717:warning: override: reassigning to symbol CGROUP_HUGETLB
.config:8767:warning: symbol value 'm' invalid for XFRM
.config:8852:warning: symbol value 'm' invalid for MEDIA_CONTROLLER_DVB
.config:8972:warning: symbol value 'm' invalid for SND_HDA_I915
There were also some options that are set in our or default configs
but end up patched by `KCONFIG_(DIS|EN)ABLE_OPT` in package makefiles,
these options are now explicitly set in our fragments too. For example
this was toggled for `generic_aarch64`:
CONFIG_DEFAULT_SECURITY_APPARMOR n -> y
CONFIG_DEFAULT_SECURITY_DAC y -> n
CONFIG_GCC_PLUGINS y -> n
The only goal of this commit is to make sure no warnings appear
anymore and the resulting kernel configs remain unchanged. This will
allow us to create tools for sanity checks of our kernel config
overrides. There is one single change in `ova` config resulting from
previously invalid `m` option for a bool value:
-# CONFIG_9P_FS_POSIX_ACL is not set
+CONFIG_9P_FS_POSIX_ACL=y
* Use kernel local version for HAOS compiled Linux kernel
Use the local version config option to add "haos" to the system's Linux
kernel version to indicate the kernel is built specifically for Home
Assistant OS. This makes sure to overwrite any other local version (e.g.
provided by Raspberry Pi kernel's defconfig) and makes it easier to
verify something is running on HAOS since the string will be visible in
any Container using `uname -a`.
* Add dash in front
* Add missing dependency to kernel.config
* Move CONFIG_IIO up to follow Kconfig hieararchy
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Improve handling of timeouts in tests
Make timeout handling in tests more transparent. Added a custom shell
driver that allows to define global timeout for commands in the config
file, and replaced for/sleep constructs with infinite loops that will be
eventually terminated by pytest-timeout plugin. Current timeouts taken
from last runs on Github CI with some extra headroom.
* test_supervisor_is_updated shouldn't be skipped if no update was needed
* Allow more time for system startup
* Allow even more time for system startup
If a reusable workflow is called from another workflow, the event_type
in the child workflow is still the same as parent's. This is a known
"feature": https://github.com/actions/runner/discussions/1884
Add a flag to inputs that has default value set to true. This is in turn
set only if the workflow is called from another one, chosing the correct
step for obtaining the OS image.
* Add test suite for Supervisor tests
* test_supervisor_is_updated should depend on test_update_supervisor
Co-authored-by: Stefan Agner <stefan@agner.ch>
---------
Co-authored-by: Stefan Agner <stefan@agner.ch>
Print the object cache statistics before uploading them to the action
cache. The action cache accesses all files, this makes the statistics
of files used during build not useful.
* Optimize build cache for dev builds
* Remove downloaded files cache, as it doesn't save that much time and
it can't fit into the repo cache limit, randomly causing eviction of
CC object cache for a single board.
* Limit saving of the object cache only to the dev branch, because
of the restrictions for the cache access limit us from effectively
using the cache for rc/main branches anyway.
* Adjust names of the steps a bit for clarity.
* Add printing of some cache stats
* Compare old ccache files' age to Makefile
* Maintain and upload artifacts index
Make the artifacts browsable by maintaining a list of builds. This keeps
it up-to-date even when deleting images from the object storage, and
minimizes queries to the object storage.
* Add favicon
* Apply suggestions from code review
Co-authored-by: Joakim Sørensen <joasoe@gmail.com>
* Move index update outside of the build Matrix
* Add error handling and styling
* Exclude index files
* Add cache flush
* Use separate prefix for indexes
This allows to filter by prefix when generating the main index. Since
the list-objects-v2 is limited to 1000 entries, this will be a bottle
neck soon. Separating indexes allows to support up to 1000 nightly
builds.
* Add missing backslash
* Use cp and fix index format
* Sync index.html as well
* Move OS artifacts index file to root directory
This is not really GitHub related, so it shouldn't live in there.
* Adjust URL for dev builds
---------
Co-authored-by: Joakim Sørensen <joasoe@gmail.com>
Automate bump of the rpi-imager-haos.json in the version repository on
stable release so we don't have to do it manually. Uses slightly
advanced jq magic to touch only the changed fields and keep the rest of
the JSON content intact.
Automate bump of the rpi-imager-haos.json in the version repository on
stable release so we don't have to do it manually. Uses slightly
advanced jq magic to touch only the changed fields and keep the rest of
the JSON content intact.
Make sure the environment can be read and written to SD card as well.
This makes sure that first boot detection works properly too when
booting from SD card.
* Use alternative environment for release build bump
By using a separate environment, we can postpone the bump in the version
repository by adding a requirement for approval. Dev version will use
default (empty string) environment which doesn't have any constraints.
* Update build step name - it's not always dev build anymore
* Use dynamic environment name for beta/stable channels
The patch added in #2434 is not working: IS_ENABLED requires the full
config symbol including CONFIG_ prefix.
Fix the patch to make automatic IPv6 route failover depening on IPv6
reachability probes actually work.
* Fix extraction of OVA image artifact in test step
If the test image is obtained from an artifact instead of downloading,
its name contains the version as well, in that case we still need to use
wildcard expansion.
* uncompress qcow2 to a stable filename
* Create foundation for Labgrid-based OS tests
Add foundation for Labgrid-based tests of OS builds. Currently uses just
the QEMU driver, which starts a virtual machine with pristine OS, and
generates few log reports which are saved as build artifacts.
Workflow is currently triggered either manually by specifying an OS
version, or by OS build job, which now saves an artifact of the OVA
image. This allows for some modularity. If we eventually add the
possibility to run builds on PRs, we could also add the workflow_call
trigger and turn the workflow into a reusable one.
TBD (in future PRs): some meaningful tests and possibility to test on
real hardware (either local or distributed).
* Apply suggestions from @agners
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Wrap test command in a script, create venv for local tests
* Make shellcheck happy
---------
Co-authored-by: Stefan Agner <stefan@agner.ch>
* buildroot b1c6a5e707...81cb78a54b (86):
> Update for 2023.02.6
> package/libhtp: bump to version 0.5.45
> package/exim: security bump version to 4.96.2
> package/mutt: fix libgpgme static build
> board/raspberrypi: fix typo in comment
> package/netsnmp: fix musl build
> package/nmap: fix build with libressl >= 3.5.0
> package/gcc: remove leftover from legacy PowerPC patch
> package/samba4: security bump version to 4.18.8
> package/libcue: security bump to version 2.3.0
> package/go: security bump to version 1.20.10
> {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 5}.x series
> package/wireless-regdb: bump version to 2023.09.01
> package/python3: bump version to 3.11.6
> {linux, linux-headers}: bump 5.15.x / 6.{1, 5}.x series
> package/gstreamer1-editing-services: bump to version 1.22.6
> package/gst-omx: bump to version 1.22.6
> package/gst1-rtsp-vaapi: bump to version 1.22.6
> package/gst1-rtsp-server: bump to version 1.22.6
> package/gst1-python: bump to version 1.22.6
> package/gst1-libav: bump to version 1.22.6
> package/gst1-devtools: bump to version 1.22.6
> package/gst1-plugins-ugly: security bump to version 1.22.6
> package/gst1-plugins-bad: security bump to version 1.22.6
> package/gst1-plugins-good: security bump to version 1.22.6
> package/gst1-plugins-base: security bump to version 1.22.6
> package/gstreamer1: bump to version 1.22.6
> package/cups: add upstream security fix for CVE-2023-4504
> package/mbedtls: security bump to version 2.28.5
> package/mbedtls: bump to version 2.28.4
> package/mbedtls: bump to 2.28.3
> DEVELOPERS: add Thomas Petazzoni for nodejs
> package/exim: security bump version to 4.96.1
> package/efl: bump to version 1.26.3
> package/netsnmp: security bump to version 5.9.4
> package/sslh: add SSLH_CPE_ID_VENDOR
> package/gptfdisk: fix bug with util-linux 2.38
> package/libmodplug: use a full-length hash as version
> package/libmodplug: add a patch fixing cctype UB
> package/enlightenment: security bump to version 0.25.4
> package/wpewebkit: needs >= GCC 9
> package/Makefile.in: set --shuffle=none for MAKE1
> package/pkg-generic.mk: fix rule order for reinstall/rebuild/reconfigure
> package/tar: security bump to version 1.35
> package/go: fix installation
> package/pkg-utils.mk: break hardlinks in global {TARGET, HOST}_DIR on per-package build
> package/webkitgtk: require GCC 9 for the 2.40.x series
> package/linux-tools: fix SysV init script
> boot/at91bootstrap: disable PIE and stack-protector build flags
> package/rockchip-mali: fix hash of generated archive
> package/urandom-scripts: move seedrng init script to S01
> package/opkg-utils: actually install to target
> package/powertop: picutils is optional, not mandatory
> package/gnu-efi: disable on mips64el
> package/olsr: fix build with gpsd >= 3.25
> package/python-mako: add optional runtime dependency on python-babel
> package/python-mako: add optional runtime dependency on python-pygments
> package/python-mako: add missing dependency on python-markupsafe
> package/openblas: Add support for RISC-V architecture
> package/pipewire: fix typo in Kconfig comment
> package/go: cgo for the target needs the toolchain
> package/go: security bump to version 1.20.9
> package/go: security bump to version 1.20.8
> package/go: security bump to v1.20.7
> package/go: adjust Upstream header in patch
> package/go: fix go-bootstrap when parent dir contains invalid .git
> package/go-bootstrap-stage2: bump version to 1.19.11
> package/go: bump to version 1.20.6
> package/go: adjust comments
> package/go-bootstrap: split into two stages: go1.4 and go1.19.10
> package/{glibc, localedef}: security bump to version glibc-2.36-118-g22955ad85186ee05834e47e665056148ca07699c
> package/neon: drop patches
> package/libfastjson: security bump to version 0.99.9.1
> package/libvpx: Add upstream security patch to fix CVE-2023-5217
> package/libvpx: bump version to 1.13.0
> package/mosquitto: bump to version 2.0.18
> package/samba4: bump version to 4.18.7
> package/php: bump version to 8.2.11
> package/suricata: security bump to version 6.0.14
> package/librsvg: security bump to version 2.50.9
> unifdef: add missing license
> package/{glibc, localedef}: security bump to 2.36-117
> package/nodejs: fix parallel build further
> package/libyang: security bump to version 2.1.111
> package/bind: security bump to version 9.16.44
> {linux, linux-headers}: bump 4.{14, 19}.x / 5.{4, 10, 15}.x / 6.{1, 4}.x series
The deployment on dev channel should always be development. The change
came in from the main branch backmerge where the wrong merge strategy
has been used (the merge strategy "ort" along with option "ours" has
been used, instead of the "ours" merge strategy). And since the
deployment was a separate hunk, it resolved to the release branch.
This reverts commit 0ebcdcb9dc.
We only added verity support in HAOS 10.4. However, we currently have
an issue since HAOS 10.3 where certain Realtek network cards don't work
anymore (see issue #2630). For this systems, it won't be possible to
upgrade, even when using the console.
Only having two HAOS releases creates a rather "narrow" upgrade path
accross all boards. There could be more issues where this proves
problematic.
Currently we don't use any new feature of the verity format. Therefor
let's postpone the move to the new format for a couple of releases
for now.
This reverts commit 0ebcdcb9dc.
We only added verity support in HAOS 10.4. However, we currently have
an issue since HAOS 10.3 where certain Realtek network cards don't work
anymore (see issue #2630). For this systems, it won't be possible to
upgrade, even when using the console.
Only having two HAOS releases creates a rather "narrow" upgrade path
accross all boards. There could be more issues where this proves
problematic.
Currently we don't use any new feature of the verity format. Therefor
let's postpone the move to the new format for a couple of releases
for now.
With the move to Docker 23 containerd stores its metadata no longer
undernath the Docker data directory but at its default location at
/var/lib/containerd. Previously Docker passed a containerd configuration
toml file which explicitly set the metadata root underneath Docker's
data directory.
On Home Assistant OS, the new location /var/lib/containerd is on a tmpfs
file system. For unknown reasons, it seems that if containerd's root
directory is on a tmpfs this leads to significantly more syscalls and
hence CPU load.
Change the metadata location to be on the data partition again. Since
containerd is treated separately from Docker these days, use a new
root directory under /mnt/data for containerd as well. With this, the
CPU load of containerd is back to normal.
* Bump buildroot
* buildroot a1bdf74b19...f125c3e292 (1):
> package/containerd: add control for additional build tags
* Drop unnecessary containerd changes
Now that the snappshotter and the CRI plug-ins are disabled we don't
need to configure or disable them via configuration anymore. Drop the
unnecessary configs.
Move from the current plain format to the new verity bundle format. This
requires at least HAOS 10.4 to work. The Supervisor will make sure to
update to the latest minor release of the previous major release, so
updating will work in the regular use case.
* Add fsfreeze support for QEMU/KVM/Proxmox installations
Add fsfreeze scripts which calls the new Supervisor API to freeze Home
Assistant Core and add-ons which support the backup freeze scripts
(`backup_pre` and `backup_post`).
This allows to create safe snapshots with databases running.
* Fix lint issues
This enables backlight support on these hosts, which is useful if
running HASS on an old laptop or tablet and you want to (e.g.) conserve
power by controlling the backlight.
* buildroot d6894cf55f...df5fccafd8 (3):
> package/docker-cli: bump version to v24.0.6
> package/docker-engine: bump version to v24.0.6
> package/containerd: bump to version 1.7.6
Currently `CONFIG_OVERLAY_FS_METACOPY` and
`CONFIG_OVERLAY_FS_REDIRECT_DIR` kernel options are enabled but not
preferred by Docker. The metadata copy feature is disabled by default,
and also not actively used by the overlayfs2 driver (see
2c3d1f7b4b).
So the metadata copy config is not really problematic per se. However,
it enables the redirect_dir feature. And a kernel which has the
redirect_dir feature compiled in also enables it by default. This
actually makes the overlayfs2 driver to fallback to naive diff, which
is, from what I understand, slower than the overlayfs native diff (see
also
49c3a7c4ba).
The Docker daemon is also reporting this on startup:
Not using native diff for overlay2, this may cause degraded performance
for building images: kernel has CONFIG_OVERLAY_FS_REDIRECT_DIR enabled
Currently `CONFIG_OVERLAY_FS_METACOPY` is enabled, and it also enables
`CONFIG_OVERLAY_FS_REDIRECT_DIR`. There was already a previous attempt
to disable the latter (see #2067).
Disable both configs explicitly until Docker is able to use them.
Respect quotes in the meta file. While at it, simplify version
validation as well.
Make sure development version is correctly set at build time.
While at it also simplify version check.
* Adjust Home Assistant versioning to prepare for new release strategy
With OS 11 we'll create rc pre-releases which will get directly pushed
to the beta channel. In contrast, release builds will get directly
pushed to the stable channel.
Similar to Home Assistant Core we'll create bump commits for all stable
and beta releases. This makes sure that the source code matches the
built binaries for all releases.
The development build will get a generated version. To avoid issues
with the new rc builds the dev build version will get injected on source
level now.
* Apply suggestions from code review
* Download latest stable Supervisor after device wipe
Currently we download the latest tag after a device wipe, which gives us
the latest Supervisor (which quite likely can be a development version).
Use the stable version file instead to get the tag to be used to
download the Supervisor.
* Delete potentially corrupted updater info
Use a single workflow file for releases and dev builds. This avoids
duplication and enhances the release builds with some of the recent
improvements (e.g. shared build container).
This essentially reverts #2380, making sure that Home Assistant OS uses
systemd's latest network naming scheme.
We stick to a certain naming scheme to make sure NetworkManager still
applies the network configuration (which is matched by network interface
name by default).
With Supervisor [PR #4476](https://github.com/home-assistant/supervisor/pull/4476)
NetworkManager uses udev path by default. With this we can safely enable
the new interface naming and NetworkManager will still apply the
configuration based on udev path correctly.
Pull in the swapfile creation service haos-swapfile.service when
swap.target is reached. This makes sure the service is started even when
other targets are used (e.g. rescue.target).
* Delete Bluetooth device cache regularly
Delete stale Bluetooth devices from the BlueZ device cache every week.
This makes sure that the overlay partition doesn't run out of inodes
which has happened in real world scenarios where many new Bluetooth
devices are discovered.
BlueZ maintains these files on a best effort base. So removing them
while BlueZ is running should be safe.
An alternative considered was to lower BlueZ GATT caching (e.g. by
using Cache=yes instead of always, to cache only paired devices).
However, this would hurt performance and battery lifetime of Bluetooth
devices due to additional unnecessary GATT attributes reads. This is in
particular true for Bluetooth 5.1 devices which support the Database
Hash charactristic. Caching has also helped reliability with
intermittent connections (see
https://github.com/bluez/bluez/issues/191).
More importantly, besides the GATT attribute cache the same files are
also used to cache the device names as well. This is independent of the
above mentioned GATT cache configuration (see device_store_cached_name
in BlueZ). So disabling the GATT caching alone wouldn't solve the
particular problem we are facing.
See also: https://github.com/home-assistant/supervisor/issues/4490
* Use access timestamp instead of modification timestamp
The modification timestamp gets updated regularly (on each connect) it
seems. However, using access timestamp might be more accurate, as it
seems to preserves slightly more cache files. This additional devices
might be devices we don't regularly connect but are still around (and
therefor we shouldn't reread the GATT attributes regularly).
So deleting cache entries with access time older than 7 days. Which
essentially deletes all the entries of devices which haven't been seen
the last 7 days.
It turns out that the way concurrency works in GitHub action doesn't
allow to queue up multiple pending jobs. As soon as a second job gets
pending, the previous pending jobs get cancelled. So this does not allow
to sequentially run all cache combine jobs as we hoped for.
Let's use a single download cache and per board build cache for now.
This combines all caches in a single cache to save space (assumption is
that quite some files are duplicated otherwise). With this we shouold
end up with 4 relevant cache files (build cache for each architecture
plus download cache).
Use more specific keys for GitHub Action caches to make sure we update
caches regularly. Also add board id to the downloads cache to get a
more specific cache file. This avoid redownloading large dependencies
of some boards.
Separate fetching the current release and loading the container image
into separate build steps. This allows to manually later the version
json file for testing.
Enable fully preemptible kernel (low-latency desktop) configuration for
Home Assistant. Home Assistant can be considered as a soft real-time
system, where a lower latency is preferred over throughput.
A few tests using the rt_test development add-on didn't show measurable
improvements, but this could be due to rather synthetic test.
Currently some platform use voluntary preemptible kernel, and some fully
preemptible. So besides improving latency, this also aims to synchronize
the settings across all platforms.
Also make sure that debugging is not enable as it can have high runtime
overhead according to Kconfig.
The BR2_GCC_ENABLE_LTO config used to enable LTO on compiler level. That
config symbol doesn't exist anymore. Instead, LTO is enabled by default
with GCC.
However, there is a new flag named BR2_ENABLE_LTO which enables LTO in
packages. So far it doesn't look like that packages we are using support
the flag, but that might get added in the feature. Opt-in already today.
* Determine git reference in prepare step
We can determin the git reference used once in the prepare step.
* Build HAOS builder in prepare step
Instead of building the build container multiple times, simply build it
once in the prepare step. This saves some GitHub Runner time (as we only
need to create the builder once).
* Drop per PR builds
Drop the per PR builds which are based on pull_request_target. These
make things more complicated with the recent changes requiring two
deployment approvals since we use the environment in for the prepare
and build job now. It will also interfere with future expansions.
We should consider readding the feature using `pull_request` and
subsequent `workflow_run` trigger, as suggested by
https://securitylab.github.com/research/github-actions-preventing-pwn-requests/.
* Simplify board filter
In case a group with the same id as used outside the container already
exists, do not create a group inside the container.
It seems that GitHub Action runners started to use primary group id 999
which is the default group id used by the Docker daemon.
Home Assistant Green uses a SPI NOR flash storage. One can use dd to
write to the SPI NOR flash, but this is problematic if a unit has bad
blocks. Add MTD tools, specifically flashcp, to enable SPI NOR
flashing support.
Update U-Boot board configuration for Home Assistant Green. This moves
all Green specific board configuration into the U-Boot source code
patches. The "sf probe" command now picks up the correct SPI bus by
default.
* Initial commit of Home Assistant Green board support
* Add Home Assistant Green boot files
* HA Green board configs
* board/nabucasa: Unsupport rtc rk808
* Use odroid-m1 as Supervisor machine for now
* Green: linux: pmic: set set PWRON_LP_OFF_TIME 12s
* green: Update U-Boot to 2023.07.02
* green: supports usb boot
* green: uboot-boot.ush use rk3566-ha-green.dtb
* green: spinor supports uboot
* green: use U-Boot provided devtype as boot device type
* green: Fix polarity of power key
The power key is low active. Add patch to avoid accidential long press
being reported to user space.
* green: uboot: eeprom: add CONFIG_ENV_OVERWRITE
* green: uboot: eerprom: add mac read
* green: fix-cpufreq null issue
* green: board aliases ethernet0
* green: uboot mac set ethernet0
* green: uboot add serial-number read
* green: Update kernel 6.1.39
* green: add green to the build matrix
* green: fix 339d13 & 9b9416 can not boot from usb
* green: changfe sd mode, change led default state
* green: uboot add board.c to read eeprom info
* green: enable uboot to read eeprom info
* green: delete boot.scr read eeprom function
* green: change spl loader uboot order:sd-emmc-spi_nor
* green: serialnum change to 18 bytes
* green: Update kernel 6.1.43
* green: use hwrng support from ODROID-M1
* green: Use latest Rockchip BL31/DDR binaries
* change led_act polarity
* green: Disable watchdog
The watchdog on Green seems to not reliably reset the system. For now
disable the driver to avoid systemd making use of it.
* green: Update kernel 6.1.44
* green: Fix Supervisor Machine
Use odroid-m1 for now as Supervisor machine (used to download the
landing page).
* green: emmc use hs200 to increase speed
* green: use green as Supervisor machine
* green: Update kernel 6.1.45
* green: add Green to the kernel documentation
---------
Co-authored-by: Zhangqun Ming <north_sea@qq.com>
Co-authored-by: syan <syan.cham@gmail.com>
Use the official rkbin repository for Rockchip binaries. Use the
binaries from an older git hash which provide the very same binaries
(by hash). This makes sure we use the same DDR version as currently used
by the Hardkernel in their SPI flash bootloader (DDR v1.09).
* Including the RTW8821ce driver module to support Wifi on the KAMRUI AK1 PRO micro PC. It is a low-cost Intel Celeron N5105 that I think should work well for Home Assistant. However, it does not use Intel radios, it needs Realtek drivers.
* also need the firmware for the rtl8821ce
* Use hosted GitHub Action runners
Instead of using self-hosted runners use the hosted GitHub Action
runners. Officially the GitHub Action runners have a maximum of 14GB
free space available. However, a single Home Assistant OS build requires
up to 23GB (the ova board seems to require most because of the various
output image formats).
This PR adds some tricks to make use of the GitHub hosted GitHub Action
runners still, namely:
- Build and download cache is stored on /mnt which offers an additional
10GB of disk space
- Some tools/SDKs on the runner get removed from the root disk to free
up some disk space.
Other than that building on the hosted GitHub Action runners seems
straight forward. The build time is significantly longer (from ~30
minutes on the current AMD Ryzen 7950X build machine to 1 hours 30
minutes even with cache). But since we can build all boards in parallel
now, the overall build time will likely be shorted.
* Remove top-level release directory
The top-level release directory adds another copy of the images. This is
unnecessary for our release process now. Save the additional space and
time requirement. It comes with a slight downside for developers, but
also helps to save disk space on dev machines.
The chosen GitHub action sets MIME types correctly and allows glob
uploads. Also upload directly from the output directory. This way we can
remove the unnecessary copy to the release directory in the future.
Add patches for the hardware random number generator part of the
Rockchip RK3568. This avoids dbus-broker startup failure seen on some
Hardkernel ODROID-M1 devices due to lack of entropy.
On some platforms (it seems to be pronounced on Intel NUC systems)
Bluetooth advertisements suddenly stop after a short while. Currently
there are work arounds in place to restart the HCI controller to keep
receiving the advertisements.
Advertisements have been received fine with Linux 5.15. This change
reverts a commit which has been isolated to be the culprit.
In case a system takes a bit longer to boot (e.g. due to SWAP
initialization on first boot, especially on a system with lots of memory
and not very fast strage, e.g. an ODROID-M1 using an SD card) we might
time-out waiting for time synchronization before the time
synchronization service even got started. By ordering the
systemd-time-wait-sync.service after the network is online, the timeout
of this service should be started much later. With that the
systemd-time-wait-sync.service shouldn't timeout any longer.
To read the current LED configuration correctly /mnt/boot is required.
This change makes sure that the boot partition is mounted when the OS
Agent starts.
Many x86_64 tablets (e.g. Cherry View) use SDIO WiFi modules, this
enables the driver for a common one I've come across in the wild.
This module requires firmware from the following, which are already
enabled for this platform:
- BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX
- BR2_PACKAGE_LINUX_FIRMWARE_RTL_87XX_BT
fixes#2422
* Yellow: Always use mini-UART for Bluetooth
Unfortunately, the mini-UART device tree adjusts the alias for serial1,
which we need to make ttyAMA1 the Zigbee UART (UART4).
However, we can no simply adjust that overlay, as the overlays are not
built as part of the Buildroot build. Instead, they are directly copied
from Raspberry Pi's Firmware repostiory.
Instead of using device tree overlays, just apply the changes to our
Yellow specific device tree. To avoid that the device tree gets loaded
anyhow, we could adjust config.txt but that has complications on its
own. Since the overlay might be conflicting with the Yellow device tree
anyways, just remove all of them.
Note: The miniuart-bt.dtbo overlay won't be present, while config.txt
of upgraded instances still reference it. It seems that this doesn't
cause problems at boot time. Leaving the dtoverlay=miniuart-bt present
also allows user to downgrade in case needed.
* Avoid duplicating 98-rpi.conf
* Make it clearer that the image file needs to be renamed
- add information that the update was only successful if version 20230328 is visible.
* Update Documentation/boards/hardkernel/odroid-m1.md
---------
Co-authored-by: Stefan Agner <stefan@agner.ch>
* buildroot 8e1c933e7f...21edbd975f (4):
> package/docker-cli: bump version to v23.0.6
> package/docker-engine: bump version to v23.0.6
> package/containerd: Bump to containerd 1.6.21
> package/runc: bump to version 1.1.7
With U-Boot 2023.01 booting on Raspberry Pi 4 32-bit (at least with 4
or 8GB of memory) freezes when trying to enumerate USB devices. It seems
that the PCIe initialization partially fails, which causes the USB XHCI
initialization to fail.
It seems that a new restriction on viable addresses for PCIe
initialization causes the problem. Revert the offending commit to make
U-Boot properly detect USB devices again.
The new U-Boot 2023.01 requires an additional config which is missing
from the generic Raspberry Pi U-Boot configuration (see #2234). Add
it to the generic Raspberry Pi U-Boot configuration so Yellow as well as
other CM4 based systems can boot from NVMe SSD again.
* buildroot befb515cdb...ddc0ddca51 (4):
> package/docker-cli: bump version to v23.0.3
> package/docker-engine: security bump version to v23.0.3
> package/containerd: security bump to version 1.6.20
> package/runc: security bump to version v1.1.5
* Enable Multi-Gen LRU
Multi-Gen LRU should improve performance under memory pressure. This is
especially useful for embedded platforms where memory is scarce.
* Add service to configure Multi-Gen LRU
Use min_ttl_ms of 1 which is the least aggressive in terms of lag. Since
we are a server application, we can tune trashing prevention with a
higher acceptable lag.
* Add multiple routes support in NetworkManager
Support multiple routes to the same network learned via Router
Information Option. With this change, the kernel will have multiple
routing table entries to a given Thread network. The routes gateway
won't be updated with every new RIO any longer since every gateway
has its own entry.
* Enable IPv6 router reachability probing
Currently router reachability probing is disabled since HAOS enables
IPv6 forwarding and the necessary kernel options are not enabled. With
this change router reachability probing is enabled even though we are
a router on our own.
Note that Linux commit ea659e077528 ("[IPV6] ROUTE: Do not enable router
reachability probing in router mode.") by default disabled this
behavior. But since we are acting as a router as well as a host device,
we rather want this reachability probing.
See also: https://lore.kernel.org/netdev/b9182b02829b158d55acc53a0bcec1ed667b2668.1680000784.git.stefan@agner.ch/T/#u
* Fix swapfile creation for all memory sizes
In certain situation awk prints the swapfile size in scientific
notation. The script can't deal with that, in which case swap file
creation fails.
Use int to convert the number to an integer.
Since pages are 4k, also make sure swapsize is aligned to 4k blocks.
* Add info message
Drop PCIe hotplug since this causes network interfaces name changes
which aren't handled gracefully right now. People are left with no
network configuration.
By default systemd kills the service which causes an OOM. That make
sense for a typical service, however, for SSH we don't want this
behavior: The connection should continue, just the command which caused
OOM should be killed.
* Use zswap instead of swap in zram
This requires a swap file which will get generated automatically on
startup.
* Fix file size and free disk space comparison
* Set zswap factor to 33%
* Set vm.swappiness to 1
Decrease swapping to a minimum. This is also recommended for database
work loads by the MariaDB documentation. In practice it causes the least
amount of writes to disk when under memory pressure, while still making
swap available when needed.
* Avoid moving data to same device
When a data disk move is triggered when the data disk is already in use
the script currently renames that only data disk, rendering the system
unusable.
Don't continue if source and destination happens to be the same device.
* On failure rename to hassos-data-fail
The label hassos-data-failed is too long.
* Deactivate any external data disk device on first boot (#2390)
* Use lsblk to determine the underlying device file
Comparing major number is not reliable, e.g. virtio disks have the same
major number despite being different devices. Use lsblk to find the
underlying device, and compare the device name instead.
By default ConditionFirstBoot is ankered to the presence of
/etc/machine-id. However, in our case /etc/machine-id is a bind mount,
which makes the first boot condition non-working.
Since machine-id is stored by the bootloader on HAOS, use the boot
loaders knowledge and pass the information to systemd.
* Add ODROID-M1 to documentation
While at it, also use the new writing style for all Hardkernel boards by
changing Odroid to ODROID.
* Add ODROID-M1 board specific documentation
* Add NVMe information
* Apply suggestions from code review
Co-authored-by: c0ffeeca7 <38767475+c0ffeeca7@users.noreply.github.com>
It seems that Raspberry Pi enabled Multi-Gen LRU by default. By my
testing, it performs worse in some situation. Add it by default for all
platforms, but disable it by default for now.
* Add ODROID-M1 board support
* Add Rockchip kernel config for ODROID-M1
Kernel defconfig for Rockchip is based on Armbian kernel defconfig
from config/kernel/linux-rk3568-odroid-edge.config (git hash
95c829f9e664).
* Add U-Boot/Kernel patches
* Add Rockchip blob support
Add package which provides Rockchip TPL and ATF firmware binaries.
* Use latest U-Boot for ODROID-M1
* Fix Rockchip blob support
* Update defconfig
* Use GPT by default
* Create uboot partition to support non-recovery boot
* Enable eMMC boot in U-Boot SPL
* Drop unnecessary mmc device selection
Distro boot already activates the right mmc device. The extra selection
seems to actually cause problems for eMMC boot.
* Make sure driver for eMMC is built-in
* Use odroid-m1 as Supervisor machine
* Add ODROID-M1 to CI pipeline and issue template
* Bump to Linux 6.1.16
* Add security library libseccomp
Enable libseccomp to activate seccomp support in HAOS. This will compile
systemd and Docker with seccomp support.
Note: Traditionally Supervisor required to disable seccomp. This seems
no longer to be the case with current Supervisor, but it needs further
testing. All containers started by Supervisor get currently started with
seccomp disabled.
* Enable seccomp in the kernel
Currently the only board supporting GPT partition table and SPL is the
ASUS Tinker board. Its Rockchip boot loader is stored at LBA 0x40 (64)
which is well past the last LBA of a regular GPT partition table which
is at LBA 33). Therefor a custom GPT main partition table location (via
sgdisk -j, --adjust-main-table=sector) is not necessary.
Technically we could copy anything after LBA 34 from the SPL image, but
since we don't support a board which needs that space for its SPL let's
stick with the well aligned Rockchip start at LBA 64.
Note: To preserve the layout we still add the SPL size to the regular
offset. Technically we could start the boot partition at LBA 16384, but
this would mean a different partition table compared to before and
different offset of subsequent partitions compared to other GPT
platforms.
* Support custom sized SPL/raw boot region
This is required for Rockchip which by default stores the U-Boot FIT
image at the 8MiB offset.
* Ignore shellcheck warning
The new systemd version v252 brings a new naming scheme, in particular
it seems that on device tree based systems (e.g. Raspberry Pis) the
Ethernet device name changes from eth0 to end0.
This breaks a previously made configuration.
Even worse, it seems that the default NetworkManager behavior is to only
configure a network device if there is no profile. But since profiles
are configured on a typical installation, NetworkManager doesn't bring
up any of the network interface, leaving the user stranded on an
unconnected system.
Ideally, we should have a plan how to migrate from one naming scheme to
the next. For now, just stick with the naming scheme HAOS 9.x has been
using.
The OTBR install scripts by default increases the net.core.optmem_max
ancillary buffer size to 64KiB to allow for a larger number of multicast
groups. Arch Linux as well recommends this size for high speed network
links.
* Update config for Buildroot 2023.02
* Use Buildroot's version of the rtl8821cu package
Buildroot provides a newer driver for the RTL8821CU based chipsets
provided by https://github.com/morrownr/8821cu-20210118.
* Pass argument when verifying partition table
This also avoids running into a segmentation fault in the current
version of sgdisk.
* Remove obsolte GRUB2/NetworkManager patches
* Bump buildroot
* buildroot 90aa1a6daa...4832525e6c (4596):
> package/runc: add support for CGroup device permission updates
> package/network-manager: fix build with -Dmodem_manager=false
> package/dbus-broker: bump to release 33
> package/iptables: Allow to use iptables with nf_tables backend
> package/brcmfmac_sdio-firmware-rpi: bump to latest version
> package/linux-firmware: Deploy fewer Intel WiFi 22000 series variants
> package/linux-firmware: Add more Intel WiFi 22000 series variants
> package/linux-firmware: Add Broadcom BNX2 firmware
> package/rpi-firmware: bump version to 1.20230106
> Update for 2023.02-rc2
* Use Ubuntu 22.04 for CI checks
* Bump xe-guest-utilities to 7.33.0
* Remove unnecessary shellcheck ignore for xe-guest-utilities
* Address new buildroot check-packages issues
The bridge support is not complete and causes issues in Supervisor.
Supervisor first needs proper support for it before we can deploy it in
Operating System.
See also: https://github.com/home-assistant/supervisor/pull/4133
* Linux: Update kernel 6.1.12
* Update generic_raw_uart to build with Linux 6.1
* Update Realtek rtl8821cu/rtl88x2bu to build with Linux 6.1
* Bump buildroot
* buildroot 43f82f01b9...90aa1a6daa (1):
> rtl8812au-aircrack-ng: bump to latest rev d98018
* Fix eq3_char_loop to build with Linux 6.1
* rtl8821cu: make sure -Werror is disabled for the kernel build
* generic_raw_uart: make sure -Werror is disabled for the kernel build
Replace Busybox ip command with the full version from the iproute2
package. This removes ~20KiB from Busybox, but adds ~685KiB for full
iproute2.
The main reason is to get full ip -6 route command support to debug
Thread related routing problems.
* Enable wpa_supplicant access point funtionality, to allow NetworkManager to manage WiFi interfaces as HotSpots or access points.
* Add an exception, to allow NetworkManager to manage bridge interfaces whose name starts with 'bridge'.
* Update buildroot-external/rootfs-overlay/etc/NetworkManager/NetworkManager.conf
Co-authored-by: Stefan Agner <stefan@agner.ch>
Co-authored-by: Stefan Agner <stefan@agner.ch>
Set 2022.02-haos as the default remote tracking branch. This should not
influence regular submodule updates/inits as they reference the git
hash tracked by the operating-system repository directly.
To get access to the experimental advertisement monitor api
experimental mode is required. This eanbles the experimental D-Bus API
by default.
See also: https://github.com/hbldh/bleak/pull/884
* Bump buildroot
* buildroot 215e54fe41...54eff73a8f (1):
> package/iptables: Allow to use iptables with nf_tables backend
* Use iptables with NFT backend
The powertop command built-in BusyBox uses old timer_stats proc API
which has been removed since Linux 4.11. Hence the command is not
useful on HAOS. Remove it.
The fq_codel network scheduler is the de-facto standard nowadays in most
distros. Systemd enables the scheduler by default if available. Make
sure all boards have the necessary kernel module activated.
The ODROID-XU4 is largely compatible with the ODROID-HC1. It seems that
the image used to work until recently, where a stable kernel update
broke access to the S-ATA disk.
Revert the offending stable kernel patch to fix S-ATA disk on
ODROID-HC1.
* Update outdated ui references in issue template
* Mention top right menu
* Remove health
* Remove health and fix directions
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Fix Docker key.json corruption check
Since /etc/docker does not get bind mounted anymore (see #2116),
key.json from the overlay partition is used directly.
* Use -e flag for jq to get useful exit code
The cgroup_enable parameter is a Raspberry Pi kernel specific kernel
parameter. Upstream based kernel do not have the parameter, and hence
do not do anything.
This gets rid of the following message during boot:
Unknown kernel command line parameters "cgroup_enable=memory", will be passed to user space.
The image name is stored in a separate field IMAGE_NAME as well. This
allows to use the container name (e.g. `hassio_supervisor`) to get logs
of all Supervisors independent of the image name (which differs for
every version).
* RaspberryPi: Update kernel 5.15.61 - 1.20220830
* Add Yellow to the Raspberry Pi kernel update script
* Bump Yellow to kernel 5.15.61 - 1.20220830
Also drop the work around for the LED polarity as the new firmware
has been fixed.
* Explicitly select no kernel module compression
Home Assistant OS uses a compressed rootfs already, no compression for
kernel modules necessary.
* Bump buildroot
* buildroot d7e4c223e5...5468d36a26 (1):
> package/rpi-firmware: bump version to 1.20220830
This is more readable than passing arguments to the daemon directly. It
also shortens the ExecStart command significantly, which is stored in
every log entry in systemd-journald.
* Retry up to 3 times
By default, HAOS used to retry 3 times. That is still true for U-Boot
based boards. Apply the same logic for GRUB2 based systems for
consistency.
This can help to remedy intermittent internet/connectivity issuese.
Altough hacky, in practise it makes sense to give the newly installed OS
another go.
* Also apply to generic-aarch64
A higher file system commit interval can help to decrease the amount of
writes. In tests, a commit interval of higher than 30s seems not to help
much in practice. Settle with 30s for now.
Add direct access to Docker's containerd instance by passing in its GRCP
socket. This can be useful to talk to the containerd GRPC API directly,
which exposes more information than the Docker API (e.g. OOM kill
events).
It seems that Docker can fail to start if there is no space left on the
device. Try to free up some space in that case by asking journald to
limit its size to 256MiB.
This should work for any storage larger than ~2.5GiB (as the journals
maximum size is 10% of the disk size). It still should leave enough
logs to diagnose problems if necessary.
Note: We could also limit the size of the journal in first place, but
that isn't sustainable: Once that space is used up, we run into the
same problem again.
By only asking journalctl to free up if necessary, we kinda (miss)use
the journal as way to "reserve" some space which we can free up at boot
if necessary.
* rpi4: Enable arm_boost=1 to unlock 1.8Ghz CPU
The official Raspberry Pi OS enables a "boosted" 1.8GHz
mode since their Debian bullseye based release [source]. This
commit brings this feature to HA OS.
This can be helpful when debugging HAOS issues. Dropbear is only started
for users which actually enabled it by configuring a SSH key, so this
change won't have an effect for most people.
* buildroot 2083b57930...9dbf8d5e86 (3):
> package/brcmfmac_sdio-firmware-rpi: bump to latest version
> package/linux-firmware: Deploy fewer Intel WiFi 22000 series variants
> package/linux-firmware: bump version to 20220815
* Fix delaying systemd-timesyncd
Setting WantedBy=time-sync.target in a service.d config file does not
clear previous assignments of WantedBy. This caused the services to still
be pulled in by the sysinit.target, causing a ordering cycle and the
system to not start essential services.
* Remove sysinit.target from Before ordering
With commit 2d3119ef22 ("Delay Supervisor start until time has been
sychronized (#1360)") systemd-time-wait-sync.service got enabled, which
waits until systemd-timesyncd synchronizes time with a NTP server.
By default systemd-timesyncd.service and systemd-time-wait-sync.service
are pulled in by sysinit.target. This starts the services before full
network connectivity is established. The first sychronization fails and
systemd-timesyncd only retries after a ratelimit mechanism times out.
This causes a dealy of 30s during startup. While systemd-timesyncd has
a mechanism to (re)try time synchronization when network becomes
online, it seems that those only work properly when systemd-networkd
is used, see also https://github.com/systemd/systemd/issues/24298.
Simply reordering systemd-timesyncd.service after network-online.target
does not work as it causes circular dependencies (NetworkManager itself
depends ultimately on the sysinit.target).
With this change, the services are only pulled in by time-sync.target.
That allows to order the service after network-online.target. With that
the first synchronization succeeds.
This mechanism also works when a NTP server is provided through DHCP.
In that case, a the systemd-timesyncd service is started by the dispatch
script /usr/lib/NetworkManager/dispatcher.d/10-ntp before the systemd
even considers starting the service. Tests show that the default
fallback NTP is not contacted, only the DHCP provided service.
* Move Bluetooth protocol configuration to hassos.config
Enable a couple of potential useful Bluetooth protocol drivers.
Also enable Bluetooth Network Encapsulation Protocol since the BlueZ
plug-in seems to be enabled.
* Drop OverlayFS configuration not liked by Docker
* Bump buildroot
* buildroot 0397d9c8f0...2ba3394abf (1):
> package/docker-engine: use kernel modules for extra network drivers
* Make IPv6 SIT tunnel driver a kernel module
This is what distributions seem to be doing too.
Currently systemd-timesyncd tries to connect to the NTP server quite
early at boot-up. At this time the network connection has not been
established yet. This causes resolving the NTP server to fail and
a rate limit kicks in which makes systemd-timesyncd wait for 30s until
the next attempt.
Lowering the retry attempt to 10s makes systemd-timesyncd connecting
shortly after.
Note: The rate limit is 10 attempts per 10s. Because the attempts are
immediately exhausted lowering connection retry attempt below 10s
adds no benefit.
See also: https://github.com/systemd/systemd/issues/24298
* buildroot 97287bbebf...0397d9c8f0 (5):
> package/docker-proxy: bump version to f6ccccb1c082
> package/containerd: security bump to 1.6.6
> package/docker-engine: bump to version 20.10.17
> package/docker-cli: bump to version 20.10.17
> package/runc: bump to version 1.1.3
* Load container images descending by size
Loading container images using docker load seems to require more space
at load time (which gets freed after loading). Loading the largest
container first avoids running out of space.
* Bump buildroot
* buildroot 99b62b8bd3...97287bbebf (3):
> package/dbus-broker: bump to release 32
> package/dbus-broker: new package
> Merge pull request #3 from home-assistant/2022.02.x-haos-cgroup-v2
* Use dbus-broker as default D-Bus broker
The dbus-broker (Linux D-Bus Message Broker) aims to be a high
performance and reliable D-Bus broker which can be used as a drop in
replacement to the reference implementation D-Bus broker. In tests it
showed significantly better performance especially when routing BLE
messages.
* Allow dbus-broker to start early
For HAOS device wipe feature we need haos-agent.service and
udisk2.service early. Both require a working D-Bus broker.
The options PrivateTmp and PrivateDevices add additional After=
orderings which doesn't allow dbus-broker to be started early.
* Fix D-Bus dependency
D-Bus services should just depend on dbus.socket.
* Disable real-time scheduling
It seems that Linux' cgroup v2 currenlty does not support RT scheduling.
* Remove Supervisor RT support flag
With CGroups v2 we can no longer support CPU resource allocation for
realtime scheduling.
* Bump OS Agent to 1.3.0 for CGroups v2 support
This makes the Red+Blue Button cause the boot loader to wipe start4.elf,
which is essential for the boot loader to boot from eMMC. With the file
missing, the Raspberry Pi firmware will continue its boot flow and boot
from USB host next. This allows to run the Home Assistant OS Installer
from a USB flash drive again.
A faster restart policy is unlikely to help. Increasing the limit makes
it less likely to run into cloud service rate limits (e.g. container
registry).
* chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
* Remove global permissions which are set implicitly
With restrictive settings in the global GitHub Action permission settings
those permissions are given implicitly.
Co-authored-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
Co-authored-by: Joakim Sørensen <hi@ludeeus.dev>
Co-authored-by: Stefan Agner <stefan@agner.ch>
Some applications try to increase the buffers for performance reason. The
QUIC Go implementation for instance tries to request a 2048 kiB buffer
size.
The kernel default depends on skubuf size (which is architecture
dependent), but it is memory size independet and typically around 200 kiB
(see [1]).
Other network tuning guides suggest 16MiB for 1GB ethernet, as well as
changing the default as well as maximum bufffer size (see [2]). This
conservatively increases the maximum buffer size to 4MiB.
[1]: https://elixir.bootlin.com/linux/v5.15.45/source/include/net/sock.h#L2742
[2]: https://nateware.com/2013/04/06/linux-network-tuning-for-2013/
* Add open-vm-tools to AArch64 for better VMware support (#1050)
* Bump buildroot
* buildroot 666868435d...de7aa15c65 (1):
> package/openvmtools: bump version to 11.3.5
For phyiscal hardware the default Power Button action has been disabled
to avoid accidentally power down the machine.
However, for virtual machine this method is often used to shutdown the
virtual machine gracefully. Use the regular power settings for virtual
machines.
* Use upstream Linux driver for Bluetooth on ASUS Tinker
* Drop unnecessary Bluetooth initialization systemd service
Bluetooth is now entirely handled by the kernel.
* Recreate defconfigs using savedefconfig target
Buildroot allows to generate minimal defconfigs using the savedefconfig
target. Regenerate all our configurations so they all look alive and are
minimalistc.
* Fix generic_aarch64_defconfig
* Enable additional LED triggers
* Improve Yellow device tree
Fix soundcard name and use BTN_1 as key code.
* Add input-event-daemon configuration
Add minimal input-event-daemon configuration to avoid the default
configuration taking effect. This minimal configuration triggers
the USB configuration import on button press.
* Support firewall matching by pkttype
Matching by pkttype is required by the reference OTBR firewall script.
* Add additional Kernel configurations required for OpenThread.
It seems that the GitHub container registry sometimes returns 503
service unavailable temporarily ("Error fetching tags list: invalid status
code from registry 503"). Use skopeo's retry mechanism to try up to 5
times before failing.
Add VID/PID of some known problematic USB SSD controllers to USB storage
quirk list. This should make most USB SSD's work with Home Assistant OS
out-of-the box.
The Google Gasket driver has been removed from the main kernels staging
tree between 5.10 and 5.15 development window. Readd Google's
out-of-tree driver to continiue support Google Coral devices.
* Replace bluetooth-bcm43xx with pi-bluetooth Buildroot package
The new pi-bluetooth packages the scripts and systemd service from
the Raspberry distribution package directly:
https://github.com/RPi-Distro/pi-bluetooth
* Update to latest pi-bluetooth service files
* Update busybox configuration to 1.35.0
The new/deleted configurations are generated automatically, no actual
change in this patch.
* Enable busybox xxd command
The xxd tool is useful for conversion in scripts.
* Prevent start erros on Compute Module 4 without WiFi/Bluetooth
Enable IPv6 forwarding by default which is useful to run IPv6 based
OpenThread Border Router.
Currently Docker enables IPv4 forwarding by default. Enabling IPv6
support will enable IPv6 routing as well, but we are not ready yet to
enable IPv6 support for Docker at this point.
Enabling IPv6 forwarding should be harmless as there are no IPv6
addresses configured internally and Home Assistant OS is not typically
dual-homed. In cases where it is dual-homed (e.g. VPN), routing is
often used and firewalling is setup as part of that add-on.
* Enable wext and nl80211 drivers for wpa_supplicant for all devices
* Enable r8188eu module globally and add related firmware to all devices config
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Use anonymous Docker volume as build output
Use anonymous Docker volumes as build output. This makes sure
every build is using a clean output directory.
This aligns with what we used to have in Barebox. Most of the time the
user is not expected to make a choice, so keeping the timeout short is
sensible.
* Drop default NetworkManager configuration
NetworkManager will automatically connect using the global defaults.
Also Supervisor today will create a profiles once the user configures
the network explicitly.
* Create system-connection directory
* Add tempio host package
tempio is a template helper using Go's template engine and sprig
functions.
* Use tempio to generate rauc manifest
* Use tempio to generate rauc system.conf
This reverts commit ff07728fa3.
Removing the .git file from the git submodule is problematic when
updating buildroot: Files deleted stay present in the buildroot
directory (since their origin is no longer known).
The workaround has been introduced to allow building non-git submodule
releases (rel-6) on the same runners. Since rel-7 uses git submodule and
we stay with git submodule for the forseeable future, remove this work
around.
* Drop unnecessary device tree utilities
They have been used for Barebox which uses device tree to configure the
state storage and its location. With the change to GRUB the tools are no
longer required.
* Determine manual GRUB update depending on installed tools
Manually update the GRUB environment if no grub environment tools are
installed. This makes a upgrade work even after a previous downgrade (in
that case a grubenv file might still be present in the UEFI ESP).
* Add generic-aarch64 to the list of Kernels
* Bump buildroot
* buildroot 8bbb32c16a...962ff8c0d4 (1):
> package/rtl8812au-aircrack-ng: bump version to 3a6402e
* Fix kernel version for Raspberry Pi kernel based boards
* Linux: Update kernel 5.15.25
Use highest available kernel version in Buildroot 2021.08 (5.13)
* Update Hardkernel patches to Linux 5.15
* Update generic-x86-64/ova kernel config/patches for 5.15
* Drop Intel e1000e Sourceforge driver
The driver has been discontinued sometime last year. The main reason the
out-of-tree kernel has been enabled was for support for the i219-V
network chips which meanwhile are supported in mainline.
* Use shell functions for install hooks
* Use post-install hook to initialize GRUB2 bootloader env
Unfortunately the boot name to be updated (RAUC_SLOT_BOOTNAME) is not
available when updating the "boot" slot. Instead, initialize the boot
slot in a kernel post-install slot.
* Fix migration from Barebox GRUB
Create GRUB env which defaults to the boot slot we are updating to. This
makes sure that the newly installed OS version will be booted on next
reboot even if installed on boot slot B.
* Add AArch64/ARM64 EFI boot support (for QEMU and some boards)
* Allow GRUB to load cmdline.txt-like
* Enable qcow2/vmdk disk images
Co-authored-by: Stefan Agner <stefan@agner.ch>
* updated generic_raw_uart to latest version which comes with dualcopro
support for the HmIP-RFUSB usb rf-sticks by eQ3/ELV.
* remove 99-hmip-rfusb.rules to keep a HmIP-RFUSB device free from being
occupied by the cp210x driver but use the new generic_raw_uart support
instead allowing for advanced dualcopro support for HomeMatic/BidCos-RF
and homematicIP support in parallel.
To make HDMI CEC work, we have to compile MESON_DRM as a module
(see #1717). However, this essentially reverts #1347, which fixed the
reboot problem by compiling the driver into the kernel.
Hence we need to reintroduce the earlier fix from #1345, which reverts
the offending commit causing the reboot problem.
* Fix enable USB host mode kernel patch
Update to a new patch which applies the device tree change such that the
USB controller actually gets enabled.
* Update Home Assistant Yellow board config
Update config to match changes which have been made to other baords as
well.
* Rename Home Assistant Amber to Yellow
Rename the board from "amber" to "yellow" as Home Assistant Yellow is
the official name now.
* Add Home Assistant Yellow to the build matrix
* ODROID XU4: Update U-Boot on eMMC boot partition
Update the U-Boot on the eMMC boot partition if present. Only write the
first megabyte as the eMMC boot partition might be smaller than the SPL
image and only the first megabyte is occupied by FW/BL1/BL2/TZSW (see
https://wiki.odroid.com/odroid-xu4/software/partition_table#tab__odroid-xu341).
* Bump buildroot
* buildroot 907739ed48...4c6c8fb767 (1):
> package/rpi-firmware: bump version to 71bd3109
* RaspberryPi: Update kernel 5.10.63 - oldstable_20211201
* Add Raspberry Pi Zero 2 W device tree
* Use LSI Logic SCSI controller in vmdk descriptor as well
For some reason, the vmdk disk format's descriptor contains the
controller type as well. By default, qemu-img sets it to "ide", which
seems not optimal especially for VMware's ESXi. Set adapter type to
commonly supported "lsilogic".
* Move ova image generation to hdd-image.sh
* Check if Busybox supports oflag
It seems that Busybox' dd shipped with OS release 5 and earlier does not
support oflag. Check if the flag is supported before making use of it.
* Exit if a command in the update scripts returns an error
This makes sure that the update isn't marked as successful in case there
is an error in the update script.
* Devices description update
Updating the list of supported devices according to https://www.home-assistant.io/installation/
* Intel NUC -> Generic x86-64 (e.g. Intel NUC)
* Remove unsupported Raspberry Pi and Raspberry Pi Zero
* Use OpenSSL to generate OVA manifest file (#826)
It seems that sha256sum adds a space after the hash algorithm which
causes "Invalid OVF checksum algorithm" on certain VMware virtualization
products.
Using OpenSSL avoids the space and makes the manifest file compatible
wiht VMware products.
* Use Buildroot provided OpenSSL binary
* Use SCSI controller by default
Make sure to overwrite existing files on upload. This allows to trigger
rebuilds and have the latest builds on the os-builds server.
Note: When using GitHub Actions, the release/ directory is cleared at
the beginning (by the checkout action, which has the clean option set
by default which also causes files in .gitignore to be deleted).
* Avoid race condition when fetching containers during build
So far only a single builder was active for each architecture. This
toghether with the naming scheme to include architecture/machine name
made sure that an image could only be fetched or used by a single
builder.
However, since most systems are now aarch64, multiple runners are now
active for a single architecture. This makes it necessary to lock
fetching/coping of container images to avoid race conditions.
Use rtl8812au driver provided by buildroot. This uses a newer verison of
the v5.6.4.2 branch which works with newer kernel and seems to be the
recommended branch.
Note: It seems that our buildroot package currently fails to properly
deploy the 88XXau.ko kernel module. Instead of fixing our version, just
move to the buildroot version.
* Update Linux kernel patches for Home Assistant Amber
Fix user LED polarity. Also rebase the patchset ontop of the Raspberry Pi
kernel 1.20211029.
* Add RTC as well
These boards support the rather ancient ARMv6 architecture only. We
officially stopped supporting them already two releases ago, its time to
say goodbye.
* Add systemd-journal-remote to the image
This allows to access journald's log from within Supervisor and expose
more system logs to users.
* Allow to access systemd-journal-gatewayd from Supervisor
Create a systemd-journal-gatewayd.socket service using a Unix socket and
bind mount it into the Supervisor container. This allows to query
systemd-journald from Supervisor directly.
* Bump buildroot
* buildroot 73991f0fee...5b5dff3136 (1):
> package/linux-firmware: Add RTL8152/8153/8156 firmware
* Enable Realtek 8152/8153/8156 USB Ethernet adapter support
Enable kernel driver and install firmware for Realtek USB Ethernet
adapter. While at it, also enable some other common USB Ethernet
adapters which don't require firmwares.
If a git submodule is converted to a regular git directory (e.g. when
moving from dev -> rel-6 branch), the directory is not properly cleaned
by the checkout action.
Remove the git submodule .git files which makes sure that git properly
reinitialize subdirectories, even if they have been a submodule before.
See also: https://github.com/actions/checkout/issues/624
* Add Amber machine
Introduce a new machine for Amber. Store it under Raspberry Pi boards
since Amber is based on the Raspberry Pi Compute Module 4. This way we
can reuse existing scripts.
* Add kernel patches for Amber
Add kernel patches which add a custom device tree for Amber.
* Add device wipe support via GPIO button
Allow to wipe the device by pressing and holding the red button.
* Enable serial console by default
Enable serial console on the on-board USB-to-UART adapter as well as on
the GPIO header.
* Use 64-bit mode by default
Support only 64-bit for Amber, it is mature enough.
Currently the hassos-apparmor.service wants the
hassos-supervisor.service and vice-versa. This is unnecessary and leads
to activation of hassos-supervisor.service when reload/restart
hassos-apparmor.service (Supervisor is doing that on startup).
Make hassos-apparmor.service independent and add dependency as well as
ordering from hassos-supervisor.service side.
* Avoid duplicate log entries
So far the hassos-supervisor.service starts the hassos-supervisor script
which in turn attaches to the Supervisor container. This causes stdout
and stderr to be forwarded to the service unit, which in turn logs it in
the journal.
However, Docker too logs all stdout/stderr to the journal through the
systemd-journald log driver.
Do not attach to the Supervisor container to avoid logging the
Supervisor twice.
Note that this no longer forwards signals to the container. However, the
hassos-supervisor.service uses the ExecStop= setting to make sure the
container gets gracefully stopped.
* Use image and container name as syslog identifier
By default Docker users the container id as syslog identifier. This
leads to log messages which cannot easily be attributed to a particular
container (since the container id is a random hex string).
Use the image and container name as syslog identifier.
Note that the Docker journald log driver still stores the container id
as a separate field (CONTAINER_ID), in case the particular instance need
to be tracked.
* Bump buildroot
* buildroot 3c5f87185d...5ffdf6ccc5 (1):
> package/e2fsprogs: Create y2038 capable file systems by default
* Use inode size of 256 bytes for overlayfs
By default older versions of mkfs.ext4 create file systems with inode
size of 128 bytes. This does not allow for 64-bit timestamps, which
leads to y2038 compatibility warnings. Use 256 bytes inodes.
* Remove dt-utils patches applied upstream
All patches are now applied upstream. With 2021.03.0 release no more
downstream patches are required.
* Bump buildroot to fix linux-firmware build issues
* buildroot f10577b836...3c5f87185d (3):
> package/linux-firmware: add rtl8761b/rtl8761bu firmware
> package/linux-firmware: bump version to 20210919
> Revert "package/linux-firmware: add rtl8761b/rtl8761bu firmware"
* Bump to Buildroot 2021.08.1
Move to Buildroot 2021.08.1 using the 2021.08.x-haos branch. Some
patches on the previous branch 2021.02.x-haos have been applied upstream
meanwhile. Others required rather trivial rebasing.
This latest Buildroot release brings new versions of the following
components:
- glibc 2.33
- systemd 249.3
- Networkmanager 1.32.2
- BlueZ 5.60
- Docker 20.10.8
The patch "Fix dhcp client" seems not to be necessary anymore. The
directory /var/lib/dhcp seems not in use when NetworkManager invokes
dhclient. It seems the leases which are typically stored in that
directory are managed inside NetworkManager.
* buildroot 2021.08.1..2021.08.x-haos (6)
> package/rpi-firmware: bump version to 1.20210805
> package/rpi-wifi-firmware: bump version to 883b726
> package/linux-firmware: add rtl8761b/rtl8761bu firmware
> package/docker-proxy: bump version to 64b7a4574d14
> package/rpi-firmware: Allow to deploy multiple firmware files
> network-manager: wpa_supplicant
* Bump Raspberry Pi Bluetooth helper scripts
With the update to Buildroot 2021.08.1, the bthelper fails with an error
org.bluez.Error.Busy when trying to power off the device. Presumably this
is a race condition which surfaced due to a change in Bluez 5.60:
348feb005a
Oct 11 14:32:21 homeassistant systemd[1]: Reached target Bluetooth Support.
...
Oct 11 14:32:21 homeassistant bluetoothd[412]: Bluetooth management interface 1.18 initialized
Oct 11 14:32:21 homeassistant systemd[1]: Started Raspberry Pi bluetooth helper.
Oct 11 14:32:21 homeassistant bthelper[417]: Raspberry Pi BDADDR already set
Oct 11 14:32:21 homeassistant bthelper[426]: [58B blob data]
Oct 11 14:32:21 homeassistant bthelper[426]: [59B blob data]
Oct 11 14:32:21 homeassistant bthelper[426]: Failed to set power off: org.bluez.Error.Busy
Oct 11 14:32:21 homeassistant systemd[1]: bthelper@hci0.service: Main process exited, code=exited, status=1/FAILURE
Oct 11 14:32:21 homeassistant systemd[1]: bthelper@hci0.service: Failed with result 'exit-code'.
The latest version of the pi-bluetooth package introduced a sleep before
powering off the device, however, presumably for a different reason:
ae2efdeee8 (diff-609c8a23261988c47afd40be9b012feb1d167de8761c1301e44e1864635c19e3)
Anyways, this latest version seems to also fix the above mentioned race
condition.
Sometimes the first command after starting the Docker daemon container
fails, presumably because the container did not start yet. Wait until
the Docker daemon is ready.
The BCM2711 has two USB 2.0 IPs: A Broadcom XHCI USB 2.0 controller and
a Synopsys DWC2 USB 2.0 Host/Device controller. When USB boot is used
the former is active. Make sure the driver has the correct device tree
compatible.
We only have a single U-Boot version currently, so there is no value in
storing the patch file in a version specific directory. This makes sure
U-Boot 2021.10 final release also has fileenv support.
* Add NVMe and XHCI USB driver fix for Raspberry Pi
Add patch which fixes NVMe read reliability and allows to compile the
XHCI USB driver (for Compute Module 4).
* Enable Broadcom XHCI driver for Compute Module 4
The BCM2711 has two USB 2.0 IPs: A Broadcom XHCI USB 2.0 controller and
a Synopsys DWC2 USB 2.0 Host/Device controller. When USB boot is used
the former is active. Make sure U-Boot has the driver built-in for that
IP.
* Remove duplicate config.txt copy statement
* Use static cmdline.txt file
Instead of dynamically creating cmdline.txt use a static version of it.
This aligns with other boot loader/firmware configuration files and makes
it easier to customize the file per board.
Support optional board specific default RPi firmware configuration file
(config.txt). Also rename from boot-env.txt to config.txt since this
file is not read by the U-Boot boot loader but the Raspberry Pi specific
boot firmware.
* Use skopeo to download container images
Separate container download from image build. This will allow to share
the downloaded images between multiple builds.
We won't store the Supervisor container with the version tag, just with
the latest tag. This allows to simplify the procedure a bit. It seems
there is no downside to this approach.
* Use official Docker in Docker images to build data partition
Instead of building our own Debian based image let's use the official
Docker in Docker image. This avoids building an image for the hassio
data partition and speeds up build as well.
This calls mount commands using sudo to mount the data partition as part
of the buildroot build now. This is not much different from before as
mount has been called as root inside the container, essentially equates
to the same "isolation" level.
* Use image digest as part of the file name
The landing page has no version information in the tag. To avoid
potentially source caching issues, use the digest as part of the file
name.
CONFIG_BT_HCIBTUSB selects CONFIG_BT_INTEL. That causes CONFIG_BT_INTEL
to be built-in instead of being built as a kernel module.
When the driver is built-in, loading firmware fails during early boot
with the following error message:
[ 1.058941] bluetooth hci0: Direct firmware load for intel/ibt-17-16-1.sfi failed with error -2
Make sure the driver is built as a module which should fix firmware
loading.
* Add U-Boot patches for NVMe boot support
Add NVMe to boot order. Fix NVMe support on 64-bit Raspberry Pi devices.
This is useful for Raspberry Pi Compute Module 4 IO Board where a native
NVMe can be plugged in.
* Enable NVMe support for Raspberry Pi 4
Our machine configuration rpi4 and rpi4_64 work on the Compute Module IO
Board. In this configuration a NVMe SSD can be used. Therefor, enable
support for NVMe in the Raspberry Pi 4 configurations.
Note: Regular Raspberry Pi devices will not notice a difference as the
"nvme scan" command will return very quickly and not find a NVMe on the
PCIe bus.
* Use built-in NVMe support in Kernel for NVMe boot support
The bump to U-Boot 2021.10-rc5 also makes quite some patches obsolete
since they are already part of U-Boot.
This also removes a patch which disables framebuffer support on
Raspberry Pi: Framebuffer support seems to work fine in todays
U-Boot/Linux combination. It can help debug boot problems on Raspberry
Pi devices. Without the patch framebuffer support will be enabled by
default.
Some USB devices cause the USB stack to get stuck with a stall error.
This adds a patch which recovers from this situation.
This avoids an U-Boot crash when Arduino Mega R3 devices are connected,
which cause an USB stall when trying to read the product string.
When a USB keyboard is connected to Raspberry Pi 32-bit versions of
U-Boot crashed in certain situations just before booting Linux. This
seems to be cause by a buffer overflow when removing the USB keyboard
before hand-over to Linux.
Add buildroot utils/check-package check to the pr-checks.yml workflow.
It checks for common errors/mistakes when creating own buildroot
packages. Also fixed all warnings this utility output for our existing packages.
* Linux: Update kernel 5.10.61 for ODROID-N2 (#1512)
Update the kernel to 5.10.61 for ODROID-N2 and fix the update script
to update kernel for ODROID-N2 next time too.
* Move ODROID kernel patches to non-kernel version specific directory
The minimal memory reserved parameter vm.min_free_kbytes should be
between 1-3% according to RedHat.
However, the kernel by default reserves around 3MB (e.g. only 3285 on a
32-bit Raspberry Pi 4 2GB installation). This seems to be too low for
network intensive applications such as ours: Under memory pressure
"page allocation failure" on various orders have been observed.
Raspberry Pi OS uses a fixed value of 16MB. Follow this setting for now.
Note: We cannot set this globally for Home Assistant: x86-64 machines
can have quite a bit more memory, which also requires increased
min_free_kbytes parameter. ODROID-N2 on the other hand uses transparent
huge pages: If enabled, the kernel requires higher min_free_kbytes
values, and sets those also by default (e.g. on ODROID-N2+ with 4GB
memory its set to 22528 by default).
Don't fail adding reserved memory when a memory region already has been
reserved (e.g. via memreserve). This avoids conflicting no-map setting
and makes sure memory is properly reserved.
* Enable some useful kernel configurations
* Add xe-guest-utilities for better Xen support
Add guest utilities and make sure the Xen guest daemon gets started
when running under Xen virtualization.
* Avoid using tar when uploading dev builds
The GitHub action to upload the images to the os-builds server uses
tar before uploading. This creates unnecessary copies and takes a while.
Switch to a GitHub action which uploads the images using rsync instead.
Other compression methods remove the original image file at compression.
Add the -m (move) command to zip to do the same when compressing with
zip. This saves some space in the builds image/release directory.
The CRDA (Central Regulatory Domain Agent) utility has been used as a
user space helper to load regulatory information for WiFi drivers.
However, since Linux 4.15 the kernel can load the regulatory information
directly from a signed firmware file "regulatory.db".
The regulatory.db file is provided by the WIRELESS_REGDB package, which
has been already installed since its a dependency of CRDA.
Drop CRDA and select WIRELESS_REGDB package explicitly to make sure the
regulatory.db file is present.
LVM2 is not really required in the embedded use case. Opt out of
installing the standard installation which will install only dmsetup.
This requires a backported fix for the lvm2 package to not install
unnecessary systemd services.
Fixes: #1448
* Drop buildroot from git repository
Manage buildroot in a separate git repository and use a git submodule
to include it into the HAOS source tree.
This makes it easier to manage changes to buildroot since it can be
managed by git. A buildroot fork repository is being maintained with
the changes we currently have. It makes the buildroot-patches unnecessary
and should make it easier to rebase and upstream changes to buildroot.
* Remove buildroot-patches
Now that buildroot changes are managed in the buildroot fork repository
there is no need to manage patches in a separate directory.
* Initialize git submodule if necessary
* Move build directory to root
This avoids conflict/local modification issues with the buildroot
git submodule.
* Improve kernel update scripts
Use separate script for ODROID-N2 for now. Also warn if there are kernel
patches with a specific kernel version number in the source tree: They
typically can be just moved to the new kernel version, but one should
compile check them before committing.
* Add squashfs with LZ4 and LZO compression to Barebox
* Add squashfs with LZO compression to U-Boot
* Use squashfs for Linux kernel partition
Generate a squashfs image with LZO compression for the Linux kernel
partition. Adjust the boot scripts to be file system independent commands
to boot from squashfs.
The patches for ODROID-C2/C4 don't apply to Linux 5.12 used in
ODROID-N2. Move ODROID-C2/C4 patches to kernel version specific
directory so they don't get applied for ODROID-N2.
Use the latest Linux stable release 5.12 for ODROID-N2. This allows to
test if we see the random kernel crashes observed with 5.10 in latest
stable 5.12 as well.
The rauc hook for the spl slotclass writes to the disk directly. Make
sure the changes do not end up in cache in case the device looses power
or is otherwise not properly rebooted.
Also use the same partition label detection we are using in
hassos-expand.
In the past file system extents have been deactivated to get better
performance in U-Boot. However, the performance issue has been addressed
with commit d5aee659f217 ("fs: ext4: cache extent data") in U-Boot. The
performance should be equal to regular files using no extents.
Enabling extents has an advantage however: Files are stored more
efficently, especially relatively large files like a kernel image. The
impact is not all that big (~100KiB), but worthwhile nonetheless.
The Wireless Extension framework is deprecated, but it seems that the
Wireless Extensions proc API is still popular (/proc/net/wireless).
Enable the minimal set of Wireless Extension to get the proc API.
Since we start the HomeAssistant shell directly on tty the service
responsible for starting did not restart the shell on exit. Remove the
RemainAfterExit flag to make sure that the shell restarts on exit.
It seems that the TPU (thermal monitoring) sometimes reports
unreasonable high temperatures, leading the kernel to trigger a thermal
shutdown. Add a patch which filters out such spurious temperature
readings.
* Remove CONFIG_CLOCKSOURCE_EFI configuration
It seems to cause messages like this on some machines:
EFI Event timer too slow freq = 100 Hz
The Barebox efi_defconfig configurationd doesn't enable it either.
Disable it by default as well.
* Enable CONFIG_CMD_ECHO_E to fix menutree
It seems that menutree needs CONFIG_CMD_ECHO_E to properly display the
boot menu.
Also enable other useful commands such as edit or reset.
* Bump Barebox to 2021.05.0
Since the move to 5.10 multiple users experience stability issues
leading to random crashes. All reboots follow a SError Interrupt:
[48112.247242] SError Interrupt on CPU5, code 0xbf000000 -- SError
...
Revert back to Linux 5.9.16 for now.
Using console focused virtualization environments such as virsh having
a serial console is the easiest way to interact with a virtual machine.
It also saves resources since no video memory needs to be allocated.
Enable serial console besides tty1 by default.
Note: The bootloader as well as the kernel shows its boot messages on
all consoles. However, only the last console is mapped to /dev/console,
which systemd is using to show service startup messages. Putting tty1 as
last console makes sure that systemd messages are still shown on the
console screen.
When using quotes currently, they are not passed to HA due to $*. This
doesn't allow to use some commands properly, e.g. snapshot restore with
a passwort with spaces:
```
ha snapshot restore c31f3c93 --password "test test"
...
time="2021-05-26T11:24:19+02:00" level=fatal msg="Error while executing rootCmd: accepts 1 arg(s), received 2"
```
Properly pass all arguments using $@ in quotes.
Add a minimal motd so users know what kind of system they just logged
in. Also add the hint that the Home Assistant CLI is still available
using the command ha.
* Recreate Supervisor container on OS upgrade/downgrade
When the operating system gets upgraded or downgraded the Supervisor
start script might start the Supervisor slightly differently (e.g. with
RT scheduling support). If the container has already been created, a OS
upgrade or downgrade won't recreate the Supervisor container.
* Move startup script version file to /mnt/data
* Start ha-cli on tty1 instead of a getty
Instead of starting a getty start the ha-cli directly. This will show
the banner right on startup with the important information such as IP
address of the instance or the URL to reach it.
* Use default shell as root shell instead of HA CLI
Instead of using the ha-cli.sh script as login shell use the regular
shell. Amongst other things, this allows to run VS Code devcontainers
remotely via SSH or using scp. The HA CLI is still available using the
`ha` command.
* Enable systemd-time-wait-sync.service by default
Enable the systemd-time-wait-sync.service by default. This allows to use
the time-sync.target which allows to make sure services only get started
once the time is synchronized.
* Make sure time is synchronized when starting hassos-supervisor.service
Use the time-sync.target to make sure that the Supervisor gets stsarted
after the time has been synchronized.
* Set timeout for systemd-time-wait-sync.service
Don't delay startup forever in case time synchronization doesn't work.
This allows to boot the system even without Internet connection.
Support OS releases (tags) with custom dev part (3rd group of the
release number). This allows to create tagged release candidates with
the form 6.0.rc1.
It seems that the crash of the Meson DRM driver on shutdown can also be
fixed by compiling it in. The driver is also built-in in LibreELEC,
hence this is better tested by the upstream community.
Note the underlying issue seems to be a disabled clock: Since the
introduction of meson_drv_shutdown some registers are touched at a very
late stage. Those clock get disabled in meson_ee_pwrc_shutdown. It seems
that when the driver is built-in, meson_drv_shutdown gets called before
meson_ee_pwrc_shutdown and hence sidesteps the problem.
Note: This increases the kernel by a bit since DRM needs to be built-in
as well. Configure some less common used file systems as modules
(ext3/NFS).
Since 0001-CMD-read-string-from-fileinto-env.patch is in the global
directory to be applied for U-Boot, drop it from the Raspberry Pi
specific patch directory.
In Linux 5.10.24 a regression has been introduced which broke reboot on
ODROID-N2(+). Interestingly the patch should improve reboot stability
for VIM3, which uses the same SoC. However, it seems that in the
ODROID-N2 case, this causes more problems then it fixes. Revert the
offending patch.
* Fix issue with latest shellcheck version
The latest shellcheck versions use a new error number for non-POSIX
string replacement. Change to ignore this new error number.
* Ignore shellcheck issue about not following sourced files
Newer shellcheck versions also warn when shellcheck does not follow
sourcing of files with known path:
Not following: ./meta was not specified as input (see shellcheck -x).
We check those files separately so ignore this error for the two scripts
affected.
Virtual Disk images are often used on Windows and/or Mac platforms where
xz is not a widely known file ending and also not supported by dafault.
Use zip which is much better known.
Keep using xz for boards since those are not meant to be extracted by
users but directly used in Etcher. Also keep using xz for qcow2, since
qcow2 is mostly used on Linux platforms where xz is available by default
and zip usually needs an extra package.
Use sparse files instead of files written full of zeros. This speeds up
the image generation process significantly. It also makes sure that
virtual disk image formats are minimal in size.
Note: qemu-img automatically generates sparse files when detecting a
block full of zeros. But this is applied on the write side, after image
convertion: The disk image format itself still thinks the whole image
is allocated, leading to larger image than necessary. Also some output
format seem to regonize chunks of zero and create sparse files themself.
With this change, the raw source image file is a sparse file. This is
regocnized by qemu-img at read time (see block/file-posix.c), and leads
to "native" sparse files in the output format.
Some numbers
- qcow2 1.8G -> 862M (same on-disk size)
- vdi 15G -> 888M (same on-disk size)
- vhdx 30G -> 1.1G (918M -> 861M on-disk size)
- vmdk 1.8G -> 866M (about the same on-disk size)
Obviously this also affects the compressed size. But because there are
still lots of zeros, the difference in compressed size is not that big.
* Use interface-name to exclude veth
The type veth is not a valid type (see [1] for how to obtain a list of
valid device types. Use `driver` to filter veth.
Note: It seems that NetworkManager did not manage veth so far, so this
change seems not to be relevant in practice.
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
* add eq3_char_loop package (eQ-3 char loopback kernel module)
* add generic_raw_uart package (low-latency raw UART kernel driver)
* add rpi-rf-mod package
* add device tree overlay support for RPI-RF-MOD/HM-MOD-RPI-PCB on Raspberry Pi
* enable GPIOLIB and GPIO_SYSFS required for RPI-RF-MOD/HM-MOD-RPI-PCB support.
* add basic RPI-RF-MOD/HM-MOD-RPI-PCB support for ASUS Tinker Board
* add device tree overlay support for ASUS Tinker Board and add
haos-config.txt loading support to U-Boot boot script
* Re-add patches missed with U-Boot 2021.04-rc4 upgrade
Also add patches for Raspberry Pi again.
* Regenerate patches for U-Boot 2021.04
* Update to U-Boot 2021.04
The latest version of OS Agent sets haos.wipe=1 as kernel argument to
trigger a device wipe. Let systemd pickup this kernel command line
argument and start haos-wipe.service.
This rather complex architecture allows to add other triggers in the
future, e.g. a button read in the boot loader.
* Disable systemd-logind support for udisks2
Currently udisks2 uses systemd-logind to prevent the system from
rebooting or similar operations while udisks operations are ongoing.
Unfortunately this stops us from using udisks2 during early boot since
systemd-logind is not ready at this point. Make the dependency
configureable so we can opt-out of using systemd-logind.
* Make dbus.service/socket and udisks2.service/socket available early
Disable default dependencies. This avoids those services to be ordered
after sysinit.target, and makes them available before local-fs.target
is reached. All mounts like mnt-data.mount are ordered before
local-fs.target, so breaking this dependency allows to use D-Bus before
mounting local file systems.
This seems fine when using the system bus directly from /run (instead of
/var/run, which is anyway a symlink to /run normally). It seems that
udisks misses /var/lib/udisks2 but it seems not to be required for the
features used so far.
So far the exit code has been evaluated, which seems to be non-zero even
with a regular term signal. With that systemd assumed the service is in
a failed state, when in fact this seems the regular behavior of dropbear
when shutting it down.
* Add udisks2 package
Add latest release of udisks2 as a package. Also disable polkit to avoid
excessive dependencies.
* Add udisks2 and os-agent to Home Assistant OS
* Bump OS Agent to latest version with udisks support
* Add RTL87xx/RTL88xx Bluetooth firmware
Enable Realtek Bluetooth dongles by adding firmware for RTL87xx and
RTL8xx devices.
* Enable Wireless firmwares for OVA and Generic x86-64 machines
Virtual machines might use hardware pass through functionality to get
direct access to wireless hardware. Add all firmwares we use in Generic
x86-64 image also to the OVA image. Also enable Ralink devices for the
two machines.
* Add RTL87xx/RTL88xx Bluetooth firmwares (#1273)
Add RTL87xx/RTL88xx Bluetooth to all devices without on-board Bluetooth.
* Rename NetworkManager default profile
Rename the NetworkManager default profile to "Home Assistant OS
default". Improve documentation on how to reset to default
configuration.
Bump to the latest U-Boot release 2021.04-rc4. This alows to drop quite
some patches which have been sent to the mailing list or picked from the
mailing list and have been merged upstream now.
* Accept installation with intel-nuc in compatible string
For the OS release 6 intel-nuc gets renamed to generic-x86-64. Since
the machine name is in the OS compatible string we need to make sure
OS release 5 installation can update to release 6 despite the new
machine name.
* Change HASSOS_ID from hassos to haos
Use a rauc install-check hook to make this update compatible with OS
releases using hassos in the compatible string.
* Use home-assistant as organization in CPE_NAME
Align with Home Assistant core which uses home-assistant with a dash as
organization in CPE_NAME.
* Rename Intel NUC machine to Generic x86-64
The Intel NUC machine has evolved and supports various x86-64 machines
today. Rename the board.
Note that this does not address the migration issue. This will be
handled separately.
* Update Scripts/Documentation
* Rebase patches to Buildroot 2021.02-rc3
* Update Buildroot to 2021.02-rc3
* Declare Kernel headers to be Linux version 5.10 (since they are, and new Buildroot knows about 5.10)
Move to the new Linux 5.10 based kernel for all Raspberry Pi boards.
This uses the version of the last OS version used in Raspberry Pi OS
raspberrypi-kernel_1.20210201-1.
* Add Ralink rt27xx/rt28xx/rt30xx firmware (#1242)
Add Ralink firmware for devices which have the driver enabled. The
firmware's are rather small at 20KiB in total.
* Remove Ralink and other WiFi drivers from Tinker Board
The board has on-board WiFi, no need for Ralink drivers to be enabled.
* Add Ralink WiFi drivers and firmware to ODROID boards
This matches the 1.2-4+rpt8 release of Raspberry Pi OS' bluez-firmware
package. It addresses mainly addresses Spectra fix for CYW43455
(CVE-2020-10370).
Also update the Bluetooth start scripts with CM4 support and some
minor improvements.
* Add --cpu-rt-runtime to allow Docker allocate real-time CPU time (#1235)
* Enable Supervisor's CPU bandwith allocation feature (#1235)
Since we have CONFIG_RT_GROUP_SCHED enabled in the Home Assistant OS
kernel the Supervisor needs to enable CPU bandwith allocation for
Add-Ons which need real-time scheduling. Set the appropriate environment
variable.
It seems that the release drafter filters commits which have been made
before the last release has been made. If the last release is a
unrelated stable release, this clears the full changelog for the next
major release. It seems `filter-by-commitish` should prevent that.
While at it, also set `commitish` to be dev (which is the default, but
being explicit certainly doesn't hurt).
* Improve ASUS Tinker Board support for 5.10
Remove patches which are unnecessary. Revert DMA for UART as it seems to
cause more problems (its also what Armbian is doing). With that
Bluetooth firmware seems to load without errors when loaded before the
bluetooth daemon is running!
Note: It seems that the board overheats quite quickly. With Armbian,
without load, that seems not to be a big deal, but HAOS does quite a
bunch at startup, leading the CPU to reach the 90°C trip point. Maybe it
was related to the rather closed shelf I have the ASUS Tinker board
running, but only after using a fan the board behaved for me.
* Use hardware flow control explicitly
The rtk_hciattach program uses hardware flow control by default (judging
from tty settings after starting the program). Just to be sure,
explicitly request 115200 and hardware flow control.
* Add SocketCAN support
A Controller Area Network (CAN bus) is a robust vehicle bus standard designed to allow microcontrollers and devices to communicate with each other's applications without a host computer. It is a message-based protocol, designed originally for multiplex electrical wiring within automobiles to save on copper, but it can also be used in many other contexts. For each device, the data in a frame is transmitted sequentially but in such a way that if more than one device transmits at the same time, the highest priority device can continue while the others back off. Frames are received by all devices, including by the transmitting device.
* Update also for GS_USB support
There is a port of the candleLight USB to CAN firmware for CANable. The port works very well under Linux using the gs_usb driver. This firmware does not use slcan, so it is not interchangeable with the stock firmware. However, the CANable appears as a CAN interface natively in Linux
With the candlelight firmware, simply plug in the CANable and the device will enumerate as can0. Set the baud rate and bring the interface up with the following command, and you're good to go!
ip link set can0 up type can bitrate 500000
* Update for Peak PCAN-USB Support
Currently Linux has a limit of IGMP memberships of 20. When trying to
add membership to more than that, Linux fails with:
OSError: [Errno 105] No buffer space available
Allowing more memberships should not really be problematic as memory is
allocated dynamically when membership is actually added.
However, there is a protocol limit of how many memberships a host can be
in. The number of memberships needs to fit in a single group report
datagram of 64kB. In total 5459 group records fit in a datagram, but due
to IP header options this might be slightly smaller in practise.
(see https://github.com/home-assistant/core/issues/45957).
Use a limit of 1024, which should be plenty of headroom in both
directions.
Related to: https://github.com/home-assistant/core/issues/45957
* Drop ODROID specific kernel update script
With the jump to Linux 5.10 LTS we can use the same upstream kernel for
Hardkernel ODROID boards as well. Extend the update-kernel-upstream.sh
to support the ODROID boards.
* Linux: Update kernel 5.10.13
It seems that Busybox shell (ash) cannot calculate the disk size
properly probably due to integer overflow. Use jq to calculate the last
usable LBA which seems to be able to handle large integers.
There are incident reports on the internet where poeple report that
fsck.(v)fat actually leads to problems rather file system fixes. Around
the time when Home Assistant OS added fsck.fat for the boot partition,
reports of empty boot partitions or file with weired filenames started
to appear. This could be caused by fsck.fat.
Disable fsck on the boot partition.
Use udev rules to set the CPU online. For memory, we let the kernel
bring memory online automatically. This is preferred as udev rule
processing might be delayed in a low memory situation, see:
https://lwn.net/Articles/668944/
Partition handling for disks with 4k sectors broke partition resizing
when using MBR disk label. It seems that sfdisk doesn't calculate the
last LBA for diks with MBR label. Calculate the last usable LBA ourselfs
in the MBR case.
The calculation whether to resize the partition only works with disks
with 512 byte sector size. Use values provided by sfdisk exclusively to
make sure comparing the same sector size.
Furthermore, it seems that sgdisk does not like sfdisk's backup GPT
placement:
$ sgdisk -e /dev/zram1
Warning! Secondary partition table overlaps the last partition by 250 blocks!
Today it seems sfdisk can handle GPT quite well. Use sfdisk for all
operations in hassos-expand.
The e2scrub utilities only make sense on system which use LVM. They
come with e2fsprogs and can't be disabled currently. Drop them manually
in our post-build script.
systemd-udevd substitutes variables starting with $ in the PROGRAM
argument. If a shell variable is to be used, two $ need to be used to
escape properly. This fixes three instances of the following warning:
Invalid value "..." for PROGRAM (char 58: invalid substitution type), ignoring, but please fix it.
The supervisor container requires the "hassio-supervisor" AppArmor
profile. Make sure our AppArmor service hassos-apparmor is a dependency
of the hassos-supervisor.service.
* Use systemd-growfs instead of resize2fs (#1106)
Since systemd 236 systemd has a built-in file system growing mechanism.
The mechanism relies on the kernels online file system resize
capabilities instead of the external resize2fs utility. Online resizing
is supposedly much faster since the kernel takes care of things.
This also makes sure that external file systems get resized which
previously have not been taken care of.
* Drop HA OS specific file system resizing
Since we have systemd-growfs in place now we can drop our file system
resizing code.
* Make sure /dev/disk/by-label/hassos-data is present after resizing
Note: systemd will retry mnt-data.mount later, so at least in theory
this shouldn't really matter. However, the journal has a lot of churn
due to that reordering.
It seems that page table mappings for compressed tables cause issues in
certain situation leading to "zram: Decompression failed!" errors.
Upstream Linux seems to have recognized the problem and a patch to drop
the functionality entirly has been proposed:
https://lore.kernel.org/linux-mm/20201117135632.GA27763@infradead.org/
* Enable hidraw driver (#1120)
The hidraw driver is required by some IoT devices such as Wyze sense or
Jablotron JA-100. Enable the driver on all platforms by default.
It seems that on certain setups the default DNS over TLS mode
"opportunistic" causes delays of ~10s when trying to resolve names. This
is probably caused by providers and/or firewall setups not properly rejecting
connections on port 853.
It seems that also other distributions (such as Arch Linux) still
disable DNS over TLS currently. Side step issues with DNS over TLS by
disabling it for now.
Directing people from discord to this page but there wasn't any mention they will likely be needing quirks enabled for usb boot on Rpi4. Also some minor layout adjustments on that section.
The EEPROM upgrade 2020-10-28 causes issues with JMS583 or JMS580
controller from Jmicron. Others reported that the same update fixes
reboot issues. Currently there is no Raspberry Pi 4 firmware which works
for all cases. Therefor don't ship an EEPROM upgrade so users can flash
and continue using what works for their setup.
Old Laptops are a popular choice to run Home Assistant: They have low
power consumption, are relatively fast and cheap to come by. However,
closing their lid by default puts a Linux system into suspend. This is
not what the typical user of Home Assistant OS wants. Ignore lid
activity in any state by default.
* Add Realtek RTL8812AU out-of-tree driver
This adds support for Realtek RTL8812AU devices such as the Hardkernel
WiFi Module 5A (with the RTL8811AU chipset, supported by this driver as
well). This patch uses Realtek driver 5.9.3.2 which has been made to
compile up to Linux 5.10.
Note: This driver does not seem to support 5GHz networks! But it seems
the only driver which supports the RTL8811AU chipset and also works with
recent mainline drivers...
* Enable RTL8812AU driver for Hardkernel modules
The WiFi Module 5A comes with a RTL8811AU chipset. Enable the driver for
all Hardkernel modules.
When we write the update to the boot partiton, there is nothing which
makes sure that data is written to disk. This leaves a rather large
window (probably around 30s) where a machine reset/poweroff can lead
to a corrupted boot partition. Use the sync mount option to minimize the
corruption window.
Note that sync is not ideal for flash drives normally. But since we
write very little and typically only on OS update to the boot partition,
this shouldn't be a problem.
After increasing the actual disk image size the capacity field in the
OVF description file still was mentioning 6GB. This seems to be
problematic for VMware hypervisor. Increase the size to 32GB as well.
* Revert "Fix boot from 128GB Micron eMMC on ODROID-N2(+) (#1064)"
This reverts commit 162084082e.
This patches seem to cause issue on a ODROID-N2 with 32GB eMMC.
* Cap eMMC frequency to 24MHz in U-Boot for ODROID-N2(+)
Also remove the ODROID-C4 specific patch.
* Avoid waiting for external drive unnecessarily
Even though the condition to start hassos-data.service is not met (the
file /mnt/overlay/data-move is not there by default), it seems that
systemd waits for the dependencies for hassos-data.service. Don't
Require or Wants any dependencies which might not be present by
default.
* Use systemd to wait for partition using partlabel device
* Use sfdisk which allows to wipe filesystem signatures
Even though we zap the partition table using sgdisk, the file system
superblock (which contains the file system label) does survive. This
can cause problems when trying to reuse a disk previously already
labeled using hassos-data: It might take precendence on next boot
over the existing data partition on the eMMC.
Make sure to clean all file system signatures using sfdisk.
VMware as well as Qemu emulate LSI53C1030 SCSI controller when choosing
a SCSI controller has host interface for disks. For VMware this seems
to be the default choice. Enable the driver by default.
* Make the datactl command more robust
Validate target disk (partition) size to avoid a copy attempt which will
fail. If e2image operation fails, make sure the leftover copy is not
regonized as data partition.
* Fix hassos-data service device unit dependencies
In case the data partition is missing avoid using the Docker command.
The Docker command triggers a socket activation, which in turn makes
systemd wait for the data partition. This blocks entry into the shell
forever.
Just enter the shell in case data partition is not mounted.
* Rewrite datactl command
Prepare the target partition as part of the datactl command. Rely on
partlabel for the target disk since we are always using GPT on the
target disk. Use systemd and partlabel mechanism to wait and find
the target data disk. Keep using the file system label to identify
the source disk.
Also use e2image instead of raw dd to move data. This should
speed up the processes significantly.
* Fix corner case when reusing same disk again
* Add find utility helpful to find things
* Add hwclock utility useful to debug RTC issues
* Remove several utilities which are provided by util-linux (such as
dmesg, mount, blkid etc.)
* Drop unused utilities e.g. for raw nand (nandread/write/ubi)
Fix ethernet PHY reset timing to make sure the link comes up when
reconfiguring the link.
Also drop 0006-clk-meson-g12a-mark-fclk_div2-as-critical.patch which has
been applied in v5.9.2 stable release.
The version banner was showing "Amlogic Meson G12A (Unknown) Revision
28:0 (0:0)" in all cases instead of the correct SoC name and revision.
Make sure the SoC revision is properly read also for the banner.
* Add sound card by default using the hdaudio driver (#925)
* Use virtio-net for VirtualBox
The virtio-net driver is a paravirtualization driver which means less
overhead than virtualizing a full network card. The driver is supported
by VirtualBox since several releases by now.
* Use full OS name in product name.
The change "Avoid trying to boot non-existing kernel image in failover
case" introduced a broken boot script on Raspberry Pi (when booting from
partition B) and ODROID-XU4.
* Bump dev channel after build
Bump version on dev channel automatically when building a dev branch
pre-release.
Co-authored-by: Joakim Sørensen <hi@ludeeus.dev>
HAOS builds add a lot of files and things get quickly messy. Use a
directory per build.
Also don't abort the complete build if a single board failed, we still
might be interested in the rest.
* Add 2020-10-28 beta EEPROM
This improves boot from USB and speeds up boot times.
also includes sd card v1 boot reliability.
see https://github.com/raspberrypi/rpi-eeprom/pull/246
Also add HDMI_DELAY=0 so HDMI display is always visible
for easier debugging.
* Add development build version part to version number
Add third part in the version number to indicate development builds.
Generate a default version number based on the date, e.g.
"5.6.dev20201124".
* Add GitHub Action workflow for development builds
Add another GitHub workflow for development builds. Make it triggered
only for now. The version number is generated by the workflow and
passed to all builds to make sure all builds have the same development
build version.
* Add documentation
* Avoid trying to boot non-existing kernel image in fail-over case
The A/B update system automatically switches to the other boot slot when
booting fails. However, in a fresh installation, only boot slot A
exists. If booting fails three times (e.g. if somebody plugs out power
before the slot can be marked as good), then the system switches to boot
slot B which does not contain a kernel image yet. Avoid trying to boot
the non-existing kernel image.
With this change, if slot B is empty U-Boot will restore both slots to 3
attempts and retry booting from slot A on next reboot:
```
Trying to boot slot B, 2 attempts remaining. Loading kernel ...
** Unrecognized filesystem type **
No valid slot found, resetting tries to 3
storing env...
```
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
* Fix N2+ boot by disabling USB enumeration
On some devices USB enumeration in U-Boot seems to freeze:
starting USB...
Bus usb@ff500000: Register 3000140 NbrPorts 3
Starting the controller
USB XHCI 1.10
scanning bus usb@ff500000 for devices... <freeze>
We don't use USB currenty in the U-Boot script, disable it for now.
* Disable USB enumeration on all ODROID devices
The current default size of 6GB can fill up pretty quickly. Since most
disk images we offer resize dynamically its not really problem to ship
with a bigger default size. It avoids support cases when people forget
to increase the disk image size.
* Remove busybox Linux module support
Since systemd relies on the upstream Linux kernel module handling
utility "kmod" the busybox implementations are not required. Already
today the official "kmod" utility takes precedence:
haos # ls -la /usr/sbin/*mod*
lrwxrwxrwx 1 root root 11 Nov 11 11:32 /usr/sbin/depmod -> ../bin/kmod
lrwxrwxrwx 1 root root 11 Nov 11 11:32 /usr/sbin/insmod -> ../bin/kmod
lrwxrwxrwx 1 root root 11 Nov 11 11:32 /usr/sbin/lsmod -> ../bin/kmod
lrwxrwxrwx 1 root root 11 Nov 11 11:32 /usr/sbin/modinfo -> ../bin/kmod
lrwxrwxrwx 1 root root 11 Nov 11 11:32 /usr/sbin/modprobe -> ../bin/kmod
lrwxrwxrwx 1 root root 11 Nov 11 11:32 /usr/sbin/rmmod -> ../bin/kmod
* Move modprobe configuration alsa-base.conf to correct location
The official modprobe package from kmod checks three locations:
/etc/modprobe.d/, /lib/modprobe.d/ and /run/modprobe.d/. Since usr-move
/lib is a symlink to /usr/lib, the correct location for distribution
provided modprobe files is /usr/lib/modprobe.d.
* Initial version of release workflow using GitHub Actions
Add release workflow using GitHub Actions to replace the current Azure
DevOps pipeline. Currently the same functionality is implemented. This
uses multiple builds in parallel to make better use of CPU resources.
Remove Azure DevOps pipeline.
* Add GitHub Actions workflow for pull-request checks
Lint Dockerfile and shell scripts when PRs are opened.
* Use multiple runners in parallel
Buildroot has stretches where CPU resources are not fully utilized.
Spawn multiple builds accross builders to increase load. Also sort them
by architecture to maximize ccache hit rate.
* Checkout before validate version
* Add resolved.conf to disable stub resolver and DNSSEC
There are Add-Ons which try to bind port 53 on all interfaces including
127.0.0.53. Disable the stub resolver to make them continue working. We
don't need the resolver currently anyway.
Also disable DNSSEC to make sure the baords can access a NTP time server
even when their time is incorrect (since DNSSEC validation may fail).
This is a known chicken-egg problem with systemd-resolved/systemd-timesyncd
and might be addressed in a future version, with what we can reenable
DNSSEC:
https://github.com/systemd/systemd/issues/5873
* Make sure resolve gets added only once to nsswitch.conf
Only add resolve to nsswitch.conf if not already present.
* Use double quote to prevent globbing and exit with error in case
directory doesn't exit in hassos-hook.sh
* echo flags are undefined in POSIX, use bash instead in
bluetooth-rtl8723
* Use /run as default location for lock files for U-Boot tools
While there is a command line parameter to set the lock file explicitly,
there are other tools invoking fw_setenv (in particular rauc) which do
not set the lock file. Using /run by default makes fw_setenv use the
correct lock file in all situations.
* Don't explicitly set lock file location
Since we patch U-Boot tools to use /run by default setting it explicitly
is unnecessary.
* Change titels to reflect official/new naming
* Use GitHub Actions to trigger Release Drafter
The Add-On is no longer developed and GitHub Actions is the recommended
way to use the Release Drafter
* Update buildroot-patches for 2020.11-rc1 buildroot
* Update buildroot to 2020.11-rc1
Signed-off-by: Stefan Agner <stefan@agner.ch>
* Don't rely on sfdisk --list-free output
The --list-free (-F) argument does not allow machine readable mode. And
it seems that the output format changes over time (different spacing,
using size postfixes instead of raw blocks).
Use sfdisk json output and calculate free partition space ourselfs. This
works for 2.35 and 2.36 and is more robust since we rely on output which
is meant for scripts to parse.
* Migrate defconfigs for Buildroot 2020.11-rc1
In particular, rename BR2_TARGET_UBOOT_BOOT_SCRIPT(_SOURCE) to
BR2_PACKAGE_HOST_UBOOT_TOOLS_BOOT_SCRIPT(_SOURCE).
* Rebase/remove systemd patches for systemd 246
* Drop apparmor/libapparmor from buildroot-external
* hassos-persists: use /run as directory for lockfiles
The U-Boot tools use /var/lock by default which is not created any more
by systemd by default (it is under tmpfiles legacy.conf, which we no
longer install).
* Disable systemd-update-done.service
The service is not suited for pure read-only systems. In particular the
service needs to be able to write a file in /etc and /var. Remove the
service. Note: This is a static service and cannot be removed using
systemd-preset.
* Disable apparmor.service for now
The service loads all default profiles. Some might actually cause
problems. E.g. the profile for ping seems not to match our setup for
/etc/resolv.conf:
[85503.634653] audit: type=1400 audit(1605286002.684:236): apparmor="DENIED" operation="open" profile="ping" name="/run/resolv.conf" pid=27585 comm="ping" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Drop AVAHI and use systemd-resolved to announce hostname via mDNS
and LLMNR. Also continue to offer the _workstation._tcp.local service
since it is used by the CoreDNS mDNS plug-in.
* Bump Raspberry Pi kernel to 5.4
Bump kernel to the downstream Raspberry Pi 5.4 kernel. Drop patches
already merged upstream and use rebased patches for USB reset
controller (required for U-Boot 2020.10 for USB SSD boot).
* Add compatible node for upstream U-Boot
Add brcm,bcm2835-pl011 to make upstream U-Boot bind with the
bcm283x_pl011 driver. This allows to boot with the device tree provided
by the Raspberry Pi Linux kernel 5.4 even without enable_uart=1.
After running HAOS on my ODROID N2+ several hours I see freezes and
sometimes stack traces which point to a problem in CPU frequency
scaling. This crash seems not to appear on Hardkernel's 18.04 Ubuntu
stable release. However, Hardkernel's Ubuntu uses the performance
governor. Use the performance governor as well to avoid crashes on N2+.
In case a container image is corrupted `docker inspect` might fail:
# docker inspect --format='{{.Id}}' "${SUPERVISOR_IMAGE}"
Error response from daemon: readlink /mnt/data/docker/overlay2: invalid argument
In that same state the `docker images` command still shows the images.
Since `docker inspect` returns an error SUPERVISOR_IMAGE_ID will be empty
and a simple `docker pull` will be attempted. That does not suffice to
recover from a corrupted container image.
Use `docker images` to get the image ids and make sure to delete all
image ids found by that command.
Also don't use RuntimeDirectory since it deletes the runtime directory
between the service start attempts which defeats the purpose.
This reverts commit c92b4b54be.
Pure GPT would be nice, but older EEPROM/firmware version seem not to
handle it properly (before EEPROM 2020-09-03/firmware 2020-10-22). Since
devices still get shipped with older EEPROM we currently moving to pure
GPT would make those devices not booting.
Stick with hybrid mode for now to make sure HAOS boots on all devices no
matter if a new or old EEPROM is in use.
* Simplify self healing capabilities of Supervisor service
Instead of relying on time based information on how long the container
has been running use a startup marker file to infer if the last startup
has been successful.
* Update buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
The landingpage container is a minimal webserver with built-in zeroconf
annoucement. Preinstall the machine specific landingpage container to
make sure it will show up right after startup.
* automatically fsck to repair partitions
* add fsck.fat so rpi boot partition can be repaired
* Use Wants= instead of Requires=
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
* add dosfstools to all images
* run hassos-data and hassos-expand after fsck
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
* Make sure to set board_rev for N2+ correctly
For some reason the code to set the environment did not make it into the
ODROID N2 board code. Fix the patch to correctly set board_rev for N2(+).
Also remove the w400 patch as it is no longer required.
* Use latest ODROID-N2+ patches
Use the queued patches (and fixes) for upstream ODROID-N2+ support.
This uses the clock settings from meson-g12b-a311d.dtsi running the
CPUs at the following clocks:
- 4xA73@2.2GHz
- 2xA53@1.8GHz
Instead of reverting the CDC ACM cool-down patch fix the intention of
that change. This should fix the error recovery paths in the CDC ACM
driver and allow CDC ACM devices to continue working even in the event
of USB issues.
Revert CDC ACM cool-down patch. This should fix the error recovery paths
in the CDC ACM driver and allow CDC ACM devices to continue working even
in the event of USB issues.
* Bump ODROID boards to Linux 5.9.1
This makes quite some patches obsolete which since have been upstreamed.
* Drop Linux 5.7 header symbols
Since we do not introduce new packages which actually require a newer
kernel headers, there is no value in having config symbols for the new
kernel version. Buildroot is still using the headers from our kernel,
and hence gets the latest version of the headers.
The Docker socket path is /run/docker.sock. Also only one path can be
used per property. This fixes the supervisor service, which currently
refuses to start due to missing Docker socket.
The patch causes U-Boot freezes in some configurations. The root cause
is that U-Boot does not allow to use the bss section in pre-relocation
code (which is where the UART is used). Drop the patch as it is not
required currently.
See also:
http://u-boot.10912.n7.nabble.com/RPi4-U-Boot-freeze-td424432.html#a427198
The to symlink serial0/1 currently might apply to the first or second
ttyAMAX instance. In downstream, a patch makes sure that the first
PL011 is always ttyAMA0. However, upstream the numbering depends on the
UART alias, which leads to the first PL011 being ttyAMA1.
Check the actual iobase too to make sure we are dealing with the first
PL011 instance.
See also:
05cfe136f7 (diff-2678c183f503319c8d8c09c818af789a)
The new readline utilty used by the CLI add-on requires the size of the
terminal to be set. Use the resize command to initialize terminal size
on login if we are running on a serial terminal.
The U-Boot build system creates a ready to use idbloader.img. A earlier
commit dropped the HAOS code to create the same. However, the commit
missed copying the one built by U-Boot. Make sure idbloader.img gets
copied to the image output directory.
Currently the Microsoft Reserved Partition GUID is used for this FAT32
formatted partition. This GUID is a rather Microsoft Windows specific
GUID and not commonly used on Linux.
On Linux systems partitions of this type do not get automatically
mounted (see /usr/lib/udev/rules.d/80-udisks2.rules). However, since
this partition contains some files user commonly need to adjust
(config.txt, cmdline.txt) it would be good if the partition does get
mounted.
Use Microsoft Basic Data instead, which is used by default for FAT32
partition (even by Linux partitioning tools such as gparted). Tested
on ASUS Tinker Board and RPi4.
The hassos-expand script calls sfdisk to find free disk space. It seems
that today it considers the space before the first partition as free:
$ sudo sfdisk -Fq /dev/sdi
Start End Sectors Size
2048 16383 14336 7M
This causes the script to always resize. It seems not to cause harm to
the partition table (it does not resize really). However, the call to
partx seems to confuse systemd and kill the mnt-data.mount process
(presumably because udev causes remove/add events for the by-label
device units).
Consider everything below 8MiB to not be worthy of a size change. This
avoids missdetection and resize attempts where there is no need.
* Remove rk3288-xt-q8l-v10.dts related patches
We only support ASUS Tinker Board, so no need for those patches.
* Remove unnecessary patches and rebase some for Tinker Board S
Some patches only apply to the Tinker Board device tree. Rebase them to
apply to the dtsi file so they apply for both boards, the Tinker Board
and the Tinker Board S board.
Support custom output directories akin to how buildroot supports O=.
This allows to use separate output directory per board, e.g. using
make O=output_odroid-n2.
* Fix Tinker Board S (eMMC) boot (#650)
Use Tinker Board S U-Boot configuration which is capable to boot from
eMMC as well as from SD card.
Note that this makes U-Boot always claiming to run on Tinker Board S:
..
Model: Rockchip RK3288 Asus Tinker Board S
..
It seems that there is no generic Tinker Board configuration. However,
Tinker Board S configuration really seems to work well with Tinker Board
as well, so just use it.
Also today the U-Boot Makefile seems to generate a working idbloader.img
already. Drop our special handling.
* Use Tinker Board S device tree if booting from eMMC for Linux
Instead of patching the Tinker Board device tree, select the device tree
based on what device we are booting from.
Note: This boots the non-S device tree when booting a Tinker Board S
from SD card! But there is no reliable detection otherwise, so let's
just live with that fact.
* Document how to use our U-Boot to flash eMMC
Aligning partitions (and hence file system structures) to higher level
then 512 byte sectors is common practise and highly recommended for flash
backed block devices. It makes sure that the underlaying flash translation
layer (FTL) does not amplify writes due to missalignment of its erase
block size. Use a 1MiB boundary which is what a modern fdisk is doing.
Before this change:
# fdisk /dev/mmcblk0
Welcome to fdisk (util-linux 2.35.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): p
Disk /dev/mmcblk0: 14.57 GiB, 15634268160 bytes, 30535680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x48617373
Device Boot Start End Sectors Size Id Type
/dev/mmcblk0p1 * 16384 65537 49154 24M c W95 FAT32 (LBA)
/dev/mmcblk0p2 65539 1228814 1163276 568M 5 Extended
/dev/mmcblk0p3 1228816 1425425 196610 96M 83 Linux
/dev/mmcblk0p4 1425427 30535679 29110253 13.9G 83 Linux
/dev/mmcblk0p5 65540 114693 49154 24M 83 Linux
/dev/mmcblk0p6 114695 638984 524290 256M 83 Linux
/dev/mmcblk0p7 638986 688139 49154 24M 83 Linux
/dev/mmcblk0p8 688141 1212430 524290 256M 83 Linux
/dev/mmcblk0p9 1212432 1228814 16383 8M 83 Linux
After this change:
# fdisk /dev/mmcblk0
Welcome to fdisk (util-linux 2.35.1).
Changes will remain in memory only, until you decide to write them.
Be careful before using the write command.
Command (m for help): p
Disk /dev/mmcblk0: 14.57 GiB, 15634268160 bytes, 30535680 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x48617373
Device Boot Start End Sectors Size Id Type
/dev/mmcblk0p1 * 16384 65535 49152 24M c W95 FAT32 (LBA)
/dev/mmcblk0p2 65536 1239039 1173504 573M 5 Extended
/dev/mmcblk0p3 1241088 1437695 196608 96M 83 Linux
/dev/mmcblk0p4 1439744 30535679 29095936 13.9G 83 Linux
/dev/mmcblk0p5 67584 116735 49152 24M 83 Linux
/dev/mmcblk0p6 118784 643071 524288 256M 83 Linux
/dev/mmcblk0p7 645120 694271 49152 24M 83 Linux
/dev/mmcblk0p8 696320 1220607 524288 256M 83 Linux
/dev/mmcblk0p9 1222656 1239039 16384 8M 83 Linux
See also:
https://unix.stackexchange.com/questions/248939/how-to-achieve-optimal-alignment-for-emmc-partitionhttp://3gfp.com/wp/2014/07/formatting-sd-cards-for-speed-and-lifetime/
Remove code duplication and make sure to load socinfo only once. Also
set board_rev before MAC address to make sure board_rev is set even if
loading MAC address from efuses fails.
This makes sure that the kernel module loop is loaded, the loop devices
under /dev have been created before the container starts. Docker uses
the current /dev as template for the container /dev. If the loop entries
are missing, loop devices can't be used inside the container. Use
losetup which does not make assumption weather loop support is built-in.
This fixes issues seen on my machine when entering the build environment
the first time after build:
mount: /mnt/data: failed to setup loop device for /export/data.ext4.
make[2]: *** [package/pkg-generic.mk:364: /build/buildroot/output_rpi4/build/hassio-1.0.0/.stamp_target_installed] Error 32
* Add ODROID-N2+ support
Add ODROID-N2+ support with the new SoC revision c. Extend the U-Boot
script: Assume ODROID-N2 if the SoC revision is "a" (there are only "a"
revision SoCs on ODROID N2) and assume N2+ otherwise.
Currently using overclock mode as proposed in the upstream kernel patches.
* Update hassos-hook.sh
Co-authored-by: Pascal Vizeli <pascal.vizeli@syshack.ch>
Can be found in [Settings -> System -> Repairs -> System Information](https://my.home-assistant.io/redirect/system_health/). It is listed as the `Board` value.
[](https://my.home-assistant.io/redirect/system_health/)
- type:input
validations:
required:true
attributes:
label:What version of Home Assistant Operating System is installed?
placeholder:"6.6"
description:>
Can be found in [Settings -> System -> Repairs -> System Information (top right menu)](https://my.home-assistant.io/redirect/system_health/). It is listed as the `Host Operating System` value.
- type:dropdown
validations:
required:true
attributes:
label:Did the problem occur after upgrading the Operating System?
default:0
options:
- "No"
- "Yes"
- type:textarea
validations:
required:true
attributes:
label:Hardware details
description:>
Provide details about the hardware used for your install.
This is especially important for bare-metal x86 installations.
If you have any USB devices attached, please list them here.
For VMs, include the hypervisor type and version.
- type:textarea
validations:
required:true
attributes:
label:Steps to reproduce the issue
description:|
Please tell us exactly how to reproduce your issue.
Provide clear and concise step by step instructions and add code snippets if needed.
value:|
1.
2.
3.
...
- type:textarea
validations:
required:true
attributes:
label:Anything in the Supervisor logs that might be useful for us?
description:>
Supervisor Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/?provider=supervisor)
then choose `Supervisor` in the top right. Alternatively enter `ha supervisor logs` in the Home Assistant CLI.
[](https://my.home-assistant.io/redirect/logs/?provider=supervisor)
render:txt
- type:textarea
validations:
required:true
attributes:
label:Anything in the Host logs that might be useful for us?
description:>
Host Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/?provider=host)
then choose `Host` in the top right. Alternatively enter `ha host logs` in the Home Assistant CLI.
render:txt
- type:textarea
attributes:
label:System information
description:>
**Optional** Copy the full System Health in this text area.
System information can be found in [Settings -> System -> Repairs -> System Information (top right menu)](https://my.home-assistant.io/redirect/system_health/),
Click the copy button at the bottom of the pop-up and paste it here.
[](https://my.home-assistant.io/redirect/system_health/)
- type:textarea
attributes:
label:Additional information
description:>
**Optional** If you have any additional information for us, use the field below.
Please note, you can attach screenshots or screen recordings here, by
eMMC support is provided transparently. Just flash the image to the eMMC board as you would an SD card.
## Console
By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the AML0 console if you don't plan on using the serial adapter.
eg. `console=ttyAML0,115200n8 console=tty0`
## USB
A long-standing kernel bug currently results in some odd behavior. To use the USB, a device must be plugged into one of the USB ports at hard boot. If all devices are removed from the USB ports, the USB will cease to function until a reboot.
### OTG
The OTG USB is untested.
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-c2/hardware/expansion_connectors).
eMMC support is provided transparently. Just flash the image to the eMMC board as you would an SD card.
## Console
By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the AML0 console if you don't plan on using the serial adapter.
eg. `console=ttyAML0,115200n8 console=tty0`
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-n2/hardware/expansion_connectors).
The Odroid XU4 has a hidden boot sector that is only visible on the Odroid itself (can't be written by a card reader). There are a couple possibilities:
1) If the eMMC already had a working image before flashing HassOS:
* It will be booting to uBoot (but no further).
* If you have the serial adapter, you should be able to enter `distro_bootcmd` at the uboot prompt to continue booting.
* If not, flash the HassOS image to an SD card and boot off that temporarily (while the eMMC is also plugged in).
* Once booted, login at the prompts and then enter `dd if=/dev/mmcblk0 of=/dev/mmcblk0boot0 bs=512 skip=63 seek=62 count=1440` at the linux prompt.
* Reboot with eMMC (don't forget to flip the boot switch to eMMC)
2) Clean/wiped/corruped boot sector:
* You'll need to follow [Hardkernel's instructions](https://forum.odroid.com/viewtopic.php?f=53&t=6173) to get a working boot sector. Then flash HassOS and follow instructions above.
* Alternatively, you can try flash HassOS to both an SD and eMMC, then boot off the SD with the eMMC also plugged in, then run `dd if=/dev/mmcblk1 of=/dev/mmcblk0boot0 bs=512 skip=1 seek=0 count=16381` at the Linux prompt. Note that this is untested, but in theory should work..
If you are getting permissions issues when using the dd command, try disabling RO:
`echo 0 > /sys/block/mmcblk0boot0/force_ro`
to re-enable after running dd:
`echo 1 > /sys/block/mmcblk0boot0/force_ro`
## Console
By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the SAC2 console if you don't plan on using the serial adapter.
eg. `console=tty1 console=ttySAC2,115200`
## GPIO
Refer to [the odroid wiki](https://wiki.odroid.com/odroid-xu4/hardware/expansion_connectors).
Using this VMDK in a virtual machine requires the following:
- Operating system: Other 4.x or later Linux (64-bit)
- Enabled support for UEFI boot
- SATA disk controller
- Minimal of 1GB RAM
- At least 2x vCPU
- An assigned network
# OVA (Open Virtual Appliance)
Currently, we only publish a VMDK virtual disk, due to issues with our previous OVA distribution. We are currently investigating our options to bring back the OVA distribution. However, the VMDK works on the following hypervisors:
The 64bit version is under development by RPi-Team. It work very nice but it could have some impacts. Actual we see that the SDcard access with ext4 are a bit slower than on 32bit.
## Serial console
For access to terminal over serial console, add `console=ttyAMA0,115200` to `cmdline.txt` and `enable_uart=1`, `dtoverlay=pi3-disable-bt` into `config.txt`. GPIO pins are: 6 = GND / 8 = UART TXD / 10 = UART RXD.
## I2C
Add `dtparam=i2c1=on` and `dtparam=i2c_arm=on` to `config.txt`. After that we create a module file on host with [config usb stick][config] or direct into `/etc/modules-load.d`.
rpi-i2c.conf:
```
i2c-dev
i2c-bcm2708
```
## USB Boot
USB mass storage boot is available on Raspberry Pi 4 (64-bit only), 3B, 3B+, 3A+, and 2B v1.2.
For Raspberry 3B, 3A+ and 2B v1.2, to enable USB boot, add `program_usb_boot_mode=1` into `config.txt`. Note that this **permanently** alters the one-time programmable memory of the device.
For Raspberry 4, make sure to update the bootloader to a stable release
supporting USB mass storage boot (see
[bcm2711_bootloader_config.md](https://www.raspberrypi.org/documentation/hardware/raspberrypi/bcm2711_bootloader_config.md#usbmassstorageboot). If no SD card is used add `sd_poll_once=on` to `dtparam` in `config.txt` (comma separated). This gets rid of `mmc0: timeout waiting for hardware interrupt` kernel errors.
For more information see [RaspberryPi](https://www.raspberrypi.org/documentation/hardware/raspberrypi/bootmodes/msd.md).
### Caveats
* All bootable SD cards must be removed.
* Boot time can be significantly longer with USB. This is due to the boot process first attempting to boot from SD card, failing, and resorting to USB.
* Many USB drives simply do not work for boot. This is likely due to minimal driver support in uboot and will not be fixed. If you can't get it to boot on one drive, try a different brand/model. SanDisk Cruzer drives seem to have a higher rate of issues.
## Tweaks
If you don't need bluetooth, disabled it with add `dtoverlay=pi3-disable-bt` into `config.txt`.
You can use an USB drive with HassOS to configure network options, SSH access to the host and to install updates.
Format a USB stick with FAT32/EXT4/NTFS and name it `CONFIG` (in all capitals). Alternative you can create a `CONFIG` folder inside the `boot` partition. Use the following directory structure within the USB drive:
```text
network/
modules/
modprobe/
udev/
authorized_keys
timesyncd.conf
hassos-xy.raucb
```
- The `network` folder can contain any kind of NetworkManager connection files. For more information see [Network][network.md].
- The `modules` folder is for modules-load configuration files.
- The `modprobe` folder is for modules configuration files (/etc/modprobe.d)
- The `udev` folder is for udev rules files.
- The `authorized_keys` file activates debug SSH access on port `22222`. See [Debugging Home Assistant][debug-homeassistant].
- The `timesyncd.conf` file allow you to set different NTP servers. HassOS won't boot without correct working time servers!
- The `hassos-*.raucb` file is a firmware OTA update which will be installed. These can be found on on the [release][hassos-release] page.
You can put this USB stick into the device and it will be read on startup and files written to the correct places. You can also trigger this process later over the
API/UI or by calling `systemctl restart hassos-config` on the host. *The USB Stick just needs to be inserted to the device during this setup process and can be disconnected afterwards.*
## Local
### Bootargs
You can edit or create a `cmdline.txt` in your boot partition. That will be read from the bootloader.
### Kernel-Module
The kernel module folder `/etc/modules-load.d` is persistent and you can add your configuration files there. See [Systemd modules load][systemd-modules]. You can add the modules configuration files in `/etc/modprobe.d` that is also persistent.
### Udev rules
The udev rules folder `/etc/udev/rules.d` is persistent and you can add your configuration files there.
### Network
You can manual add, edit or remove connections configurations from `/etc/NetworkManager/system-connections`.
### NTP
You can manual edit the systemd timesync file on `/etc/systemd/timesyncd.conf`.
The format of version is *MAJOR.BUILD*. Everytime we create a new release with same userland, we bump the build number.
The development number they will be bump for the stable release version and the development version go to next major number.
## Git branch/Tag
The branch `dev` ist the actual development branch and from there we never make a release. The `master` branch contains the development version and from there we build a beta release.
If we create a new productive/staging release, we create a new branch `rel-{MAJOR}`. They will be used for the whole cycle of this release.
## Upload release files
We use [ghr](https://github.com/tcnksm/ghr) to upload files to our repository. A binary version is available inside `scripts`.
HassOS is using GPT. But to use GPT we need own the first 1024 of boot drive. Is that's not possible, you can use MBR for your device. This also work with SPLs.
Hybrid and SPL use both a hybrid MBR/GPT table but SPL move the GPT header 8 MB for give space to write SPL and boot images before.
`BOOT_SPL`:
- true
- false
Enable SPL update handling.
`BOOTLOADER`:
- U-Boot
- barebox
We support mainly U-Boot but for UEFI systems we can also use [barebox](https://barebox.org/). In the future, we hope to remove barebox with U-Boot also on UEFI.
# Getting started with HassOS development using Docker on GNU/Linux
First, install `docker-ce` for your distribution. I'd advise to use your distro's provided packages, since that will make sure permissions et al. are sanely set up for what you are about to run. You're also expected to have your current user properly set up in in your sudoers policy, so that this account may elevate to root and execute arbitrary commands as UID 0 (this is required, since at some point during the build process, a new loopback device-backed filesystem image will be mounted inside a Docker container - which requires a "privileged" container to run, which can only be done as root).
Now, change your working directory to your home-assistant/operating-system repository checkout (please adapt path names as needed), make sure your intended changes to the source tree are applied (and committed, ideally :)), and execute the `enter.sh` helper script:
```bash
$ cd ~/codebase/hassos/
$ sudo scripts/enter.sh
Sending build context to Docker daemon 30.48MB
Step 1/6 : FROM ubuntu:18.04
[...]
---> 4dc25a21556b
Successfully built 4dc25a21556b
Successfully tagged hassbuildroot:latest
```
Note that the current iteration of `enter.sh` will try to load the **overlayfs** kernel module, which is not strictly required for Docker's operation, as far as I can tell. It's OK if loading that module fails; the shell script will continue executing. If everything works out, you will find yourself in an interactive login shell inside your Docker container/build environment, where you can peek around:
```bash
root@somehashinhex:/build#
root@somehashinhex:/build# make help
[...]
```
The HassOS developers provide a `Makefile` that will build HassOS images for a list of targets. For example run the command below to start building the _ova_ variant, and go make a cup of tea. Or fifteen.
```bash
root@0db6f7079872:/build# make ova
[...]
```
That will result in a single VMDK image file at the very end of the build process. This image file is a compressed block device dump with a proper GPT partition table, prepared to ship into any OVA-compatible hypervisor's innards. For me, the end of the **ova** build steps looks like this:
The artifacts you just built are placed in the `target/` subdirectory:
```bash
root@fd292c061896:/build# ls -lh release/
total 141M
-rw-r--r-- 1 root root 141M Oct 10 20:22 hassos_ova-2.2.vmdk.gz
```
In order to be able to use this image file with the QEMU hypervisor, you'll need to unpack it, and convert it to an image format that QEMU can work with. Conveniently, the HassOS buildenv already provides all the tools we need for this conversion:
-rw-r--r-- 1 root root 337M Oct 10 20:25 hassos_ova-2.2.qcow2
```
Now, exit the docker container's environment, and find the build artifacts in the `releases/` directory beneath your repository checkout dir. (The generated files will be owned by _root_; make sure to `chown` them to your user account, if needed.)
From there, QEMU can try to boot it. Since the generated image assumes UEFI support in the host/hypervisor, this is slightly more tricky than with "classic"(/legacy) MBR-based images. On the *Debian* host I use to run my QEMU virtual machine on, you'll need to install the **ovmf** package which provides the "UEFI firmware for 64-bit x86 virtual machines". That package will install a **TianoCore**-derived QEMU UEFI image build at `/usr/share/OVMF/OVMF_CODE.fd`, which we'll use with QEMU to boot the generated qcow2 image. (Please adapt path names as necessary, for example if you have installed the ovmf firmware image at another location.)
This should pop up QEMU's SDL frontend, displaying _hassos_' VT/CLI environment. Specifying additional options and flags to QEMU for network access, keyboard layout et al. are left as an exercise for the reader.
After the boot process has finished, you can log in to _hassos_ without a password, providing *root* as the username. From there, executing `login` on the *ha>* shell prompt will yield a root shell in the host OS.
HassOS uses NetworkManager to control the host network.
## Configure network
Only a manual configuration using NetworkManager connection files is supported. Without a configuration file, the device will use DHCP by default. These network connection files can be placed on a USB drive and imported to the host as described in [Configuration][configuration-usb].
## Configuration examples
You can read the [NetworkManager manual][nm-manual] or find many configuration examples across the internet. Keep in mind that the system is read-only. If you don't want the IP address to change on every boot, you should modify the UUID property to a generic [UUID4][uuid]. Inside the `\CONFIG\network\` directory on the USB drive or SD card, create a file called `my-network` and add the appropriate contents below:
### Default
A preinstalled connection profile is provided by default:
```ini
[connection]
id=my-network
uuid=f62bf7c2-e565-49ff-bbfc-a4cf791e6add
type=802-3-ethernet
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
```
### Wired connection to the LAN
```ini
[connection]
id=my-network
uuid=d55162b4-6152-4310-9312-8f4c54d86afa
type=802-3-ethernet
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
```
### Wireless LAN WPA/PSK
```ini
[connection]
id=my-network
uuid=72111c67-4a5d-4d5c-925e-f8ee26efb3c3
type=802-11-wireless
[802-11-wireless]
mode=infrastructure
ssid=MY_SSID
# Uncomment below if your SSID is not broadcasted
#hidden=true
[802-11-wireless-security]
auth-alg=open
key-mgmt=wpa-psk
psk=MY_WLAN_SECRET_KEY
[ipv4]
method=auto
[ipv6]
addr-gen-mode=stable-privacy
method=auto
```
### Static IP
Replace the following configuration:
```ini
[ipv4]
method=manual
address=192.168.1.111/24;192.168.1.1
dns=8.8.8.8;8.8.4.4;
```
For `address`, the value before the semicolon is the IP address and subnet prefix bitlength. The second value (after the semicolon) is the IP address of the local gateway.
## Tips
### Reset network
If you want to reset the network configuration back to the default DHCP settings, use the following commands on the host:
If you have trouble with powersave then apply the following changes:
```ini
[wifi]
# Values are 0 (use default), 1 (ignore/don't touch), 2 (disable) or 3 (enable).
powersave=0
```
## Using `nmcli` to set a static IPv4 address
Log into the the HassOS base system via a console:
```bash
Welcome to Home Assistant
homeassistant login:
```
- Login as `root` (no password needed). At the `ha >` prompt, type `login` (as instructed).
From there you use the `nmcli` configuration tool.
-`# nmcli con show` will list the "HassOS default" connection in use.
-`# nmcli con show "HassOS default"` will list all the properties of the connection.
To start editing the configuration setting for "HassOS default":
```bash
# nmcli con edit "HassOS default"
```
To add your static IP address (select 'yes' for manual method);
```bash
nmcli> set ipv4.addresses 192.168.100.10/24
Do you also want to set'ipv4.method' to 'manual'? [yes]:
```
In addition, it's recommended to set the DNS server and the local gateway. For most home routers the DNS server will have the same IP address as the router itself. If you are using Pi-Hole or a third-party DNS system then you can set the DNS server to that.
```bash
nmcli> set ipv4.dns 192.168.100.1
nmcli> set ipv4.gateway 192.168.100.1
```
`nmcli> print ipv4` will show you the IPv4 properties of this connection. With `nmcli> save` you will save the changes afterwards.
If you now view the default connection `cat /etc/NetworkManager/system-connections/default` you should see the method is manual and the address is set.
Doing a `nmcli con reload` does not always work, so restart the virtual machine or the physical system.
The partition layout is a bit different than for regular setups. We prefer GPT, if possible. With SoCs which don't support GPT, we use the hybrid GPT. For more details about this topic, please refer to the [development](development.md) documentation.
The system is designed to have as less as possible write operations on the storage media. Which means that we have basically only write during the OTA update and 5-6 times per week on the overlay part. The data partition is having I/O. This is the reason which is should be run on a different drive.
A visual representation looks like this:
```text
-------------------------
| Bootloader |
-------------------------
| Kernel A |
-------------------------
| System A |
| |
-------------------------
| Kernel B |
-------------------------
| System B |
| |
-------------------------
| Bootstate |
-------------------------
| Overlay |
| |
...
-------------------------
| Data |
| |
-------------------------
```
Sometime the bootloader part can look different because there can be firmware or SPLs for boot the CPU on the SoC.
## Data
The data partition is the only partition with real I/O. It will be expanded automatically at boot to the full size of the disk.
## Using datactl to move the data partition.
In a Home Assistant OS installation, the data is stored on the `/mnt/data` partition of the SD card. This is the only read+write partition on the SD drive. Using the `datactl` move command, this partition can be moved off of the SD card onto an externally connected drive, leaving the rest of the read-only system on the SD.
The storage capacity of the external drive must be larger than the storage capacity of the existing SD card.
The command needs to be run from the host console by either connecting a keyboard and monitor or making use of the [debug ssh access](https://developers.home-assistant.io/docs/operating-system/debugging/) over port 22222. The command will not work from within an SSH add-on container.
Log in as `root` to get to the Home Assistant CLI and then enter `login` to continue to the host.
Confirm your USB SSD/HD is connected and recognized using `fdisk -l`.
It is recommended to use fdisk to remove the existing partition(s) before proceeding.
- Type `fdisk /dev/XXX` (replacing XXX with your drive)
- Type `d` to delete a partition.
- Continue if needed, then write the changes.
Creating a new partition is not necessary.
With the drive now prepared, use the below command (again, replacing XXX with your drive)
```sh
$ datactl move /dev/xxx
```
Hit any key to continue, and then the move will happen after the next reboot. Once complete, the external drive will be owned and used by the system.
Home Assistant Operating System (HassOS) is based on [buildroot](https://buildroot.org/). It's a hypervisor for Docker and supports various kind of hardware. It is also available as virtual appliance for different virtualization solutions. The whole system is optimized for hosting [Home Assistant](https://www.home-assistant.io) and its features (to be precise, the [Add-ons](https://www.home-assistant.io/addons/)). You can update the system by using OTA updates or offline updates.
Home Assistant Operating System (formerly HassOS) is a Linux based operating system optimized to host [Home Assistant](https://www.home-assistant.io) and its [Add-ons](https://www.home-assistant.io/addons/).
This is an embedded Linux which works different than a normal Linux distribution. The system is designed to run with minimal I/O and is optimized for its tasks.
Home Assistant Operating System uses Docker as its container engine. By default it deploys the Home Assistant Supervisor as a container. Home Assistant Supervisor in turn uses the Docker container engine to control Home Assistant Core and Add-Ons in separate containers. Home Assistant Operating System is **not** based on a regular Linux distribution like Ubuntu. It is built using [Buildroot](https://buildroot.org/) and it is optimized to run Home Assistant. It targets single board compute (SBC) devices like the Raspberry Pi or ODROID but also supports x86-64 systems with UEFI.
If you don't have experience with embedded systems, buildroot or the build process Linux distributions, then please read up on those topics. All provided documentation here is focusing on developers with a background on embedded systems or a strong understanding of the internal workings of operating systems.
[](https://www.openhomefoundation.org/)
## Focus
## Features
-Barebox as bootloader on EFI
-U-Boot as bootloader
-Linux/Buildroot LTS
-RAUC for OTA updates
-SquashFS LZ4 as filesystem
- Docker-CE
- AppArmor protected
- ZRAM LZ4 for `/tmp`, `/var` and swap
-Lightweight and memory-efficient
-Minimized I/O
-Over The Air (OTA) updates
-Offline updates
-Modular using Docker container engine
## Supported hardware
The list of supported hardware is defined by [ADR-0015](https://github.com/home-assistant/architecture/blob/master/adr/0015-home-assistant-os.md).
Every new hardware addition must meet at least requirements defined in [ADR-0017](https://github.com/home-assistant/architecture/blob/master/adr/0017-hardware-screening-os.md) and pass through an architecture design proposal.
For documentation explaining details of the individual supported boards, see [Board support](https://developers.home-assistant.io/docs/operating-system/boards/overview) section of the Home Assistant Developer Docs.
## Getting Started
If you just want to use Home Assistant the official [getting started guide](https://www.home-assistant.io/getting-started/) and [installation instructions](https://www.home-assistant.io/hassio/installation/) take you through how to download Home Assistant Operating System and get it running on your machine.
If you're interested in finding out more about Home Assistant Operating System and how it works read on...
## Development
If you don't have experience with embedded systems, Buildroot or the build process for Linux distributions it is recommended to read up on these topics first (e.g. [Bootlin](https://bootlin.com/docs/) has excellent resources).
The Home Assistant Operating System documentation can be found on the [Home Assistant Developer Docs website](https://developers.home-assistant.io/docs/operating-system).
### Components
- **Bootloader:**
- [GRUB](https://www.gnu.org/software/grub/) for devices that support UEFI
- [U-Boot](https://www.denx.de/wiki/U-Boot) for devices that don't support UEFI
- **Operating System:**
- [Buildroot](https://buildroot.org/) LTS Linux
- **File Systems:**
- [SquashFS](https://www.kernel.org/doc/Documentation/filesystems/squashfs.txt) for read-only file systems (using LZ4 compression)
- [ZRAM](https://www.kernel.org/doc/Documentation/blockdev/zram.txt) for `/tmp`, `/var` and swap (using LZ4 compression)
- **Container Platform:**
- [Docker Engine](https://docs.docker.com/engine/) for running Home Assistant components in containers
- **Updates:**
- [RAUC](https://rauc.io/) for Over The Air (OTA) and USB updates
- **Security:**
- [AppArmor](https://apparmor.net/) Linux kernel security module
### Development builds
The Development build GitHub Action Workflow is a manually triggered workflow
which creates Home Assistant OS development builds. The development builds are
available at [https://os-artifacts.home-assistant.io/index.html](https://os-artifacts.home-assistant.io/index.html).
File diff suppressed because it is too large
Load Diff
Some files were not shown because too many files have changed in this diff
Show More
Reference in New Issue
Block a user
Blocking a user prevents them from interacting with repositories, such as opening or commenting on pull requests or issues. Learn more about blocking a user.