Prepare 15.0#3932
Merged
Merged
Conversation
Member
sairon
commented
Mar 17, 2025
sairon
commented
- Pin awscli to older version to work around R2 issues (Pin awscli to older version to work around R2 issues #3803)
- Bump OS to development version 15.0.dev0
- Fix artifacts index job by downgrading awscli (Fix artifacts index job by downgrading awscli #3805)
- Bump docker/build-push-action from 6.11.0 to 6.12.0 (Bump docker/build-push-action from 6.11.0 to 6.12.0 #3809)
- Bump Buildroot to 2024.02.10 (Bump Buildroot to 2024.02.10 #3811)
- Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform (Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform #3812)
- Add check for tainted kernel to automatic tests (Add check for tainted kernel to automatic tests #3814)
- Linux: Update kernel to 6.6.73 (Linux: Update kernel to 6.6.73 #3813)
- Fix linux-pam trying to include disabled pam_lastlog.so on login (Fix linux-pam trying to include disabled pam_lastlog.so on login #3815)
- Move rauc.db to boot partition (Move rauc.db to boot partition #3810)
- Fix kernel tainted test (Fix kernel tainted test #3818)
- Bump actions/stale from 9.0.0 to 9.1.0 (Bump actions/stale from 9.0.0 to 9.1.0 #3835)
- Bump docker/build-push-action from 6.12.0 to 6.13.0 (Bump docker/build-push-action from 6.12.0 to 6.13.0 #3836)
- Change Cadence i2c and Zynq GPIO from modules to built-in drivers (Change Cadence i2c and Zynq GPIO from modules to built-in drivers #3821)
- Use Python 3.13 for the build and artifacts index jobs (Use Python 3.13 for the build and artifacts index jobs #3840)
- Update generic-x86-64 Linux kernel to 6.12 (Update generic-x86-64 Linux kernel to 6.12 #3767)
- Update OVA to Linux 6.12 (Update OVA to Linux 6.12 #3845)
- Fix RPi 5 getting stuck in bootloader after some reboots (Fix RPi 5 getting stuck in bootloader after some reboots #3842)
- Revert kernel patch causing USB 3 and PCIe breakage on ODROID-M1/M1S (Revert kernel patch causing USB 3 and PCIe breakage on ODROID-M1/M1S #3843)
- Update all platforms to latest stable Linux 6.12 (Update all platforms to latest stable Linux 6.12 #3850)
- Allow boot from USB and NVMe on ODROID-M1 (Allow boot from USB and NVMe on ODROID-M1 #3852)
- Remove USB stack patches working around obsoleted Z-Wave devices issues (Remove USB stack patches working around obsoleted Z-Wave devices issues #3854)
- Backport upstream patch to fix downstream patch collision in RPi 6.6 kernel (Backport upstream patch to fix downstream patch collision in RPi 6.6 kernel #3856)
- Disable UAS via usb-storage.quirks on RPi for JMicron JMS578 (Disable UAS via usb-storage.quirks on RPi for JMicron JMS578 #3857)
- ** RaspberryPi: Update kernel to 6.6.74 - stable_20250127 ( RaspberryPi: Update kernel to 6.6.74 - stable_20250127 #3860)**
- Linux: Update kernel to 6.12.12 (Linux: Update kernel to 6.12.12 #3859)
- Enable Intel 40 Gigabit ethernet driver module for x86-64 and OVA (Enable Intel 40 Gigabit ethernet driver module for x86-64 and OVA #3858)
- Fix order of patches for Yellow (Fix order of patches for Yellow #3862)
- Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 (Bump docker/setup-buildx-action from 3.8.0 to 3.9.0 #3869)
- Linux: Update kernel to 6.12.13 (Linux: Update kernel to 6.12.13 #3868)
- Update firmware for Intel Wi-Fi 6/6E/7 cards, bump linux-firmware to 20240513 (Update firmware for Intel Wi-Fi 6/6E/7 cards, bump linux-firmware to 20240513 #3876)
- Use EROFS LZMA compression of firmware on x86 instead of per-file ZSTD (Use EROFS LZMA compression of firmware on x86 instead of per-file ZSTD #3877)
- Linux: Update kernel to 6.12.14 (Linux: Update kernel to 6.12.14 #3881)
- Update U-Boot to 2025.01 (Update U-Boot to 2025.01 #3878)
- Make swap size configurable (Make swap size configurable #3882)
- Allow overriding sysctl parameters via /etc/sysctl.d files (Allow overriding sysctl parameters via /etc/sysctl.d files #3883)
- Move swappiness config to 15-swappiness.conf (Move swappiness config to 15-swappiness.conf #3884)
- Remove unnecessary and invalid e2scrub removal from post-build (Remove unnecessary and invalid e2scrub removal from post-build #3886)
- Use auditd to process AppArmor/audit logs (Use auditd to process AppArmor/audit logs #3885)
- Remove unnecessary GRUB userspace tools and other files (Remove unnecessary GRUB userspace tools and other files #3887)
- Remove all info pages in post-build script (Remove all info pages in post-build script #3888)
- Fix RAUC tryboot handler set-state idempotency, add more checks (Fix RAUC tryboot handler set-state idempotency, add more checks #3891)
- Linux: Update kernel to 6.12.16 (Linux: Update kernel to 6.12.16 #3892)
- Bump docker/build-push-action from 6.13.0 to 6.14.0 (Bump docker/build-push-action from 6.13.0 to 6.14.0 #3894)
- Drop kernel patch for fixed ODROID-M1/M1S kernel regression (Drop kernel patch for fixed ODROID-M1/M1S kernel regression #3895)
- Improve log clarity and fix typos (Improve log clarity and fix typos #3896)
- Bump buildroot to 2024.02.11 (Bump buildroot to 2024.02.11 #3897)
- Disable linux-firmware zstd compression (Disable linux-firmware zstd compression #3898)
- Update linux-firmware to 20250211 (Update linux-firmware to 20250211 #3901)
- Update Docker to v28.0.1 (Update Docker to v28.0.1 #3902)
- Bump BlueZ to v5.79 (Bump BlueZ to v5.79 #3903)
- Linux: Update kernel to 6.12.17 (Linux: Update kernel to 6.12.17 #3905)
- Bump os-agent to v1.7.1 (Bump os-agent to v1.7.1 #3906)
- Bump OS to pre-release version 15.0.rc1
- Bump docker/build-push-action from 6.14.0 to 6.15.0 (Bump docker/build-push-action from 6.14.0 to 6.15.0 #3909)
- Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 (Bump docker/setup-buildx-action from 3.9.0 to 3.10.0 #3910)
- Add test that no AppArmor denied events are produced (Add test that no AppArmor denied events are produced #3912)
- Update RPi firmware to fix boot with 2025-02-11 bootloader (Update RPi firmware to fix boot with 2025-02-11 bootloader #3913)
- Bump os-agent to v1.7.2 (Bump os-agent to v1.7.2 #3914)
- Use shell script instead of OS Agent for device wipe (Use shell script instead of OS Agent for device wipe #3916)
- Improve tests traceability, add test for Systemd dependency cycles (Improve tests traceability, add test for Systemd dependency cycles #3917)
- Linux: Update kernel to 6.12.18 (Linux: Update kernel to 6.12.18 #3919)
- Update Hailo PCIe driver and firmware to v4.20.1 (Update Hailo PCIe driver and firmware to v4.20.1 #3922)
- Fix runtime device permissions update in runc v1.2.x (Fix runtime device permissions update in runc v1.2.x #3921)
- Ensure haos-wipe service can be called only once per boot (Ensure haos-wipe service can be called only once per boot #3924)
- Bump OS to pre-release version 15.0.rc2
- Bump OS to release version 15.0
CI job fails to upload build artifacts because R2 doesn't support checksums [1]. This was added in awscli 1.37.0 [2], pin to a version older than that to work around the issue before R2 supports it or ignores the header. [1] https://www.cloudflarestatus.com/incidents/t5nrjmpxc1cj [2] https://github.com/aws/aws-cli/blob/develop/CHANGELOG.rst
Similarly to #3803, artifact index update fails because the R2 doesn't like the new awscli. The regression apparently comes from 1.37.0 as well, so pin to version older than that.
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* buildroot 00e8f09356...ff563b383d (1): > Merge tag '2024.02.10' into 2024.02.x-haos
* Enable USB-SD convertor on AMD/Xilinx Kria KD240 platform Kria KD240 board is using SD card but SD is connected via onboard USB HUB. USB controller is DWC3 with Xilinx glue logic. Both of these options are enabled but board is using slg7xl45106 for driving usb-hub reset (PCA9570 driver) and USB3.0 requires initialization via PHY_XILINX_ZYNQMP driver. All options should be enabled (=y) and can't be kernel modules because provide access to rootfs. * Add a note for config symbol change in 6.12 Changed in mainline commit 31e7f6c015d9eb35e77ae9868801c53ab0ff19ac --------- Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
Add test that the kernel isn't tainted at the end of the basic and supervisor test suites, allowing us to catch e.g. kernel warnings that may left unnoticed if dmesg isn't checked. There is no other source of tainting, so the value should be always zero.
Build of pam_lastlog.so was disabled by updating to v1.5.3 [1] yet the line wasn't removed from the login modules. In upstream this was resolved by adding a config option for turning the lastlog module and dynamic disabling of the line including it. These changes neither a fix removing the config line were not applied to 2024.02, so cherry-pick them here to fix the issue. * buildroot ff563b383d...3784884466 (2): > package/linux-pam: adjust login pam file for lastlog > package/linux-pam: add menuconfig option to build pam_lastlog.so Fixes #3789 [1] https://github.com/linux-pam/linux-pam/releases/tag/v1.5.3
* Move rauc.db to boot partition The RAUC metadata file contains information that is tightly related to the system and kernel partitions. With the possibility to migrate data disk, the rauc.db can contain bogus information when moved to a different system. Removal of the file on "device wipe" is also not desirable, because the information about slot status is lost. Relocate the rauc.db to the boot partition after a system upgrade (as this can't be handled by RAUC hooks, because it needs to be executed after all slots and metadata is written) and adjust the script for recreating it. The downside is that its content in /mnt/data would be recreated if the boot slot is changed or system downgraded but this should be handled quite gracefully. Also remove the raucdb-first-boot service which is no longer necessary with the file not present in the data partition. * Fix shellcheck and mount path
I have only tested that it fails for unreleased 6.6.72 kernel but haven't tested the happy path and missed that it also failed because the types were different. Stupid me.
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.12.0 to 6.13.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.12.0...v6.13.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
) On Kria KD240 slg7xl45106 device is handling reset for USB hub which is providing access to SD card (USB/SD converter). Access to this device is done via i2c which needs to be also enabled in the kernel as built-in driver not as module when rootfs is mounted. Also change ZYNQ_GPIO to be built-in driver because i2c is using gpio for bus recovery that's why it should be also enabled to probe i2c driver properly. v6.6 kernel doesn't have support for usb5744 driver that's why disable it but add TODO to enable it once v6.12 upgrade is done.
* Linux: Update kernel to 6.12.6 * Linux 6.12 * #3767 (comment) * #3767 (comment) * Add patch descriptions, kernel ver conditionals Signed-off-by: Nick Venenga <nick@venenga.com> * Remove extra zram compression algos * Undo fragment files config change ...for platforms that didn't receive kernel updates * Sort Dockerfile apt packages * Add Upstream refs to patches * Re-enable TC * Restore v6.6.y kernel fragments * Update buildroot to rebased branch * Apply 6.12 migration only to generic-x86-64 * package/eq3_char_loop: port patch from RaspberryMatic by @jens-maus * package/generic_raw_uart: port patch from RaspberryMatic by @jens-maus * Restore buildroot-external/board/pc/patches/linux It's used in ova and generic-aarch64 defconfigs. Keep the path removed from generic-x86-64 defconfig. * Split linux patches to be version-specific The IPv6 reachability patch needs different context on 6.6.y and 6.12.y - introduce version-specific linux directories. To avoid the need for extra directory for version used in RPi, copy those patches to its patches directory. * Replace removed Intel Skylake audio driver with Intel AVS The Skylake driver was removed and should be now replaced either by Intel HD Audio or Intel AVS. Remove the old options and enable AVS. SND_SOC_INTEL_SKYLAKE=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:63) SND_SOC_INTEL_SKL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:64) SND_SOC_INTEL_APL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:65) SND_SOC_INTEL_KBL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:66) SND_SOC_INTEL_GLK=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:67) SND_SOC_INTEL_CNL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:68) SND_SOC_INTEL_CFL=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:69) SND_SOC_INTEL_CML_H=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:70) SND_SOC_INTEL_CML_LP=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:71) SND_SOC_INTEL_SKYLAKE_FAMILY=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:72) SND_SOC_INTEL_SKYLAKE_HDAUDIO_CODEC=y not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:73) SND_SOC_INTEL_SKYLAKE_COMMON=m not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:74) -> torvalds/linux@a882f4d SND_SOC_INTEL_SST=m requested, actual = n (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:58) -> torvalds/linux@970d299 * Remove I2C_COMPAT option I2C_COMPAT=y not found (defined in /build/buildroot-external/board/pc/generic-x86-64/kernel.config:163) -> torvalds/linux@7e72208 * Correctly disable module compression after Kconfig change The Kconfig structure was changed, there's now a top-level bool: torvalds/linux@c7ff693 --------- Signed-off-by: Nick Venenga <nick@venenga.com> Co-authored-by: Jan Čermák <sairon@sairon.cz>
* Update OVA to Linux 6.12 * Remove obsolete I2C_COMPAT option Same as on x86, this symbol was removed upstream. * Disable linux-tools hypervfcopyd option It was removed from Linux beginning in 6.9, see: https://lore.kernel.org/all/1711788723-8593-7-git-send-email-ssengar@linux.microsoft.com/
Probably since home-assistant/supervisor#5276 introduced in Supervisor 2024.9.0, RAUC bootloader handler for tryboot can set the tryboot flag also when the tryboot file is not present, causing the Pi to become stuck in bootloader, trying to load the tryboot file. This happens when the device is already in the tryboot state, in that case the tryboot files and flag are created by set-primary and in turn the files are removed in set-state, while the flag is persisted, causing the bootloader to attempt loading non-existing file. To avoid unnecessary juggling with tryboot/config files, only create them and set the flag if the boot slot is different than the current one. Also, make sure that the flag is reboot parameter is cleared when the tryboot files are removed by the handler. Fixes #3740
…3843) Revert the patch changing phy reset behavior, requiring also changes in the device tree that are missing in the stable backport. The issue was reported to the regressions mailing list and hopefully future patch release should contain a proper fix. The patch is added to the patches-rockchip directory, potentially affecting Green as well, although the broken peripherals are not used there. Fixes #3837, fixes #3841
* Upgrade Rockchip platforms to Linux 6.12 Upgrade all Rockchip boards to latest 6.12. Patches for M1S can be dropped, its DTS has been merged. Same goes for the Rockchip TRNG, it only had to be enabled in the Green DTS. Patch for broken combphy has been updated for 6.12.y. * Remove deprecated and nonsense symbols from Rockchip defconfig Many symbols have been removed between 6.6 and 6.12. Most of them have no use in Rockchip defconfig, or should be set by other kernel fragments anyway. Remove all of them, with the exception of USB_ONBOARD_HUB (which was renamed to USB_ONBOARD_DEV) and FSCACHE (which was changed from tristate to bool). * Update generic-aarch64 to Linux 6.12 * Update Amlogic-based ODROID boards to Linux 6.12 Removed couple of deprecated/unrelated kernel options. * Update VIM3 to Linux 6.12 Cleaned up symbols unrelated/deprecated in 6.12 from defconfig. * Update ODROID-XU4 to Linux 6.12 The usual defconfigs suspects had to been removed and the regulator patch for ethernet needed a minor update after refactoring in upstream. * Update Tinker to Linux 6.12 Needed defconfig cleanup for 6.12, otherwise no changes. * Update x86 and OVA to latest 6.12 release This way the extra patches directory can be removed too. * Remove 6.6.73 patches * Refresh all linux patch series against 6.12.11 sources * Reenable HW RNG on M1S to speed up boot The TRNG on RK3566 supposedly [1] has low quality, that's why it's disabled in upstream for this SoC. We had it enabled in the past and without it, the boot is delayed by quite a lot. Enable it again for now and investigate the RNG issues later. [1] https://patchew.org/linux/cover.1722355365.git.daniel@makrotopia.org/ * Also remove CACHEFILES module from Rockchip config It was only enabled for Rockchip and Tinker, and to my knowledge there is no cachefiles daemon or anything other in the userspace that's using it. * Remove unused 6.6.y fragments Since we only have 6.6.y for Raspberry Pi now, it doesn't need the Rockchip and wireless PCI fragments.
Use devtype instead of hardcoding device type to mmc in U-Boot script Signed-off-by: Ricardo Pardini <ricardo@pardini.net>
…es (#3854) * Remove USB stack patches working around obsoleted Z-Wave devices issues In #3224 we've introduced a patch reverting some changes in the USB stack that was supposed to work around issues with some USB devices. Later discussions revealed these devices are obsoleted by the manufacturer and there is no official way of fixing those in newer Linux kernels. However, carrying the patches makes us diverge from upstream and can eventually trigger other problems not present upstream we'll have to handle. Drop these patches now to be part of the upcoming OS 15 release, rather than needing to drop them later in any of the patch revisions later. * Also remove the patch from board/raspberrypi patches
…kernel (#3856) Because of refactoring/code quality improvements in upstream, IPv6 reachability patch no longer applied on 6.12 kernel. We added two versions of the patch to address this initially, however, this requires updating of the patch directory name on every kernel bump. Backport the patch causing collision instead to RPi kernel, so we can carry only one version of the patch. This also requires swapping of the patching order - now we first apply board-specific patches, then the global ones. Unless there are collisions, these operations should be idempontent, so at this point it shouldn't have any side-effects.
Reported in/fixes #3827
* RaspberryPi: Update kernel to 6.6.74 - stable_20250127 * Bump buildroot to update rpi-firmware * buildroot 71cba6c610...014c3fad50 (1): > package/rpi-firmware: bump to version 1.20250127 for kernel 6.6.74 * Update patch for disabling CQE on CM5 The bool has been changed to a cell, adding the possibility to change the value via sd_cqe dt_param both on CM5 and Pi5. Set it to disabled by default on CM5.
) Enable Intel 40 Gigabit (aka 700 series) driver, used e.g. on MinisForum MS-01 for the SFP+ ports. Fixes #3751
After #3856, we need to change the patch order also for Yellow.
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.8.0 to 3.9.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.8.0...v3.9.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Patch added in #3843 is not necessary anymore, as the missing reset names have been added to DTS includes of the 6.12.y branch as patch 6c9cd0a70ccea8a505471062a85de5626ad07cec (released in v6.12.14).
* buildroot 92fab35fed...c5a1cbcf73 (1): > Merge tag '2024.02.11' into 2024.02.x-haos
Disable downstream option for linux-firmware compression. With #3877 it's not needed for x86 anymore and other boards don't need it. Eventually the higher EROFS compression for firmwares and modules can be enabled for other targets as well.
Mainly the amdgpu updates cause an increase of generic-x86-64 image size by ~12MB but there's still enough of space in the rootfs after recent cleanup. * buildroot c5a1cbcf73...257ddc70ce (9): > package/linux-firmware: bump Intel BZ firmware version to 92 > package/linux-firmware: bump version to 20250211 > package/linux-firmware: bump version to 20241210 > package/linux-firmware: fix build failures to due RTL8723 file changes > package/linux-firmware: bump version to 20240909 > package/linux-firmware: bump to version 20240709 > package/linux-firmware: improve help text for Realtek 88xx Bluetooth firmware > package/linux-firmware: install all rtl88 Bluetooth binary blobs > package/linux-firmware: RTL_88XX_BT: install all firmware
Update Docker to latest version and containerd to latest version from the 1.7 line. Runc updated to v1.2.5 with rebased patchset from the outstanding PR. * buildroot 257ddc70ce...b4df362187 (4): > package/runc: bump version to v1.2.5 > package/docker-cli: bump version to v28.0.1 > package/docker-engine: bump version to v28.0.1 > package/containerd: bump version to v1.7.25
Cherry-pick bumps up to v5.79 and sync other changes and fixes with latest
upstream state.
* buildroot b4df362187...7d5c3b5e70 (10):
> package/bluez5_utils: tidy up the init script
> package/bluez5_utils: install datafiles with correct permissions
> package/bluez5_utils: fix dbusconfdir
> package/bluez5_utils{, -headers}: bump version to 5.79
> package/bluez5_utils: enable asha/bass when building audio plugins
> package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.78
> bluez5_utils: disable asha profile
> package/{bluez5_utils, bluez5_utils-headers}: bump to version 5.77
> package/bluez5_utils: disable datafiles
> package/bluez5_utils: fix sixaxis build without tools
Adds new DBus APIs for NTP servers and swap: - home-assistant/os-agent#207 - home-assistant/os-agent#222
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 6.14.0 to 6.15.0. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v6.14.0...v6.15.0) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit 668c849)
Bumps [docker/setup-buildx-action](https://github.com/docker/setup-buildx-action) from 3.9.0 to 3.10.0. - [Release notes](https://github.com/docker/setup-buildx-action/releases) - [Commits](docker/setup-buildx-action@v3.9.0...v3.10.0) --- updated-dependencies: - dependency-name: docker/setup-buildx-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> (cherry picked from commit c72cf09)
Update to latest version that fixes start order in haos-agent.service. Without that, OS Agent reports incorrect swappiness after boot. (cherry picked from commit 36d9057)
Use simple shell script to perform device wipe instead of calling OS Agent to do that through the UDisks2 API. While it might have been a good idea to use high level interface for that back then, it turns out it causes more issues than the benefits it could bring. Main problem currently is that the OS Agent needs to read sysctl variables, but those are only set after mounting the overlay partition. But at the same time, the overlay partition can't be mounted if we want to wipe it - this creates a dependency cycle through the haos-agent.service. To get rid of the cycle and simplify things, use a shell script doing basically the same what the OS Agent does. Since the wipe functionality only makes sense to be implemented on HAOS targets (not on Supervised), there's little point of having it in higher layer of abstraction that OS Agent provides. It should be also checked if changes from #1291 are needed anymore, as the driving factor for those have been probably the wipe feature in OS Agent too, but at this point they seem to be harmless. (cherry picked from commit 6c4f32a)
* https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.12.18 (cherry picked from commit 3fb9c16)
Update to latest version of the driver and matching firmware. The most common application for it - Frigate - currently has 4.19.0 in stable but 4.20.0 is staged in dev. As it's easier to select OS version than a version of the add-on, it makes sense to stay ahead in HAOS. This also means Frigate needs to be updated to the matching version (as staying on an arbitrary older patch revision doesn't make much sense either). (cherry picked from commit 173a438)
Add missing patch and update for latest runc version to fix losing device permissions when new devices are added in runtime. * buildroot b079a02a9a...3914f8cad5 (2): > package/runc: add patch for extended default allowed devices in v1.2.4 > package/runc: add missing patch to fix device permissions update Fixes #3915 (cherry picked from commit 04debe2)
In some cases, the wipe service may be called due to a race condition for the second time during the boot, very likely failing because the filesystems are already mounted. This can not be reproduced on OVA but can be fairly easy triggered e.g. on RPi. As we want the service to be executed exactly only once, we can do what's suggested in [1] and set the RemainAfterExit=yes. That should ensure the unit is not ever started for the second time. [1] https://www.github.com/systemd/systemd/issues/29367 (cherry picked from commit 24640c1)
frenck
approved these changes
Mar 17, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.