Skip to content

Releases: flatcar/scripts

stable-3815.2.2

16 Apr 11:54
@dongsupark dongsupark
stable-3815.2.2
00a123a
Compare
Choose a tag to compare
stable-3815.2.2

Changes since Stable 3815.2.1

Security fixes:

Bug fixes:

  • Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
  • Fixed toolbox to prevent mounted ctr snapshots from being garbage-collected (toolbox#9)

Changes:

  • Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (scripts#1771)
  • SDK: Unified qemu image formats, so that the qemu_uefi build target provides the regular qemu and the qemu_uefi_secure artifacts (scripts#1847)

Updates:

Assets 2
Loading

lts-3510.3.3

16 Apr 11:53
@dongsupark dongsupark
lts-3510.3.3
568c2a0
Compare
Choose a tag to compare
lts-3510.3.3

Changes since LTS 3510.3.2

Security fixes:

Bug fixes:

  • Fixed toolbox to prevent mounted ctr snapshots from being garbage-collected (toolbox#9)

Changes:

  • SDK: Unified qemu image formats, so that the qemu_uefi build target provides the regular qemu and the `qemu...
Read more
Assets 2
Loading

beta-3913.1.0

16 Apr 11:56
@dongsupark dongsupark
beta-3913.1.0
87ac0c4
Compare
Choose a tag to compare
beta-3913.1.0

Changes since Beta 3874.1.0

Security fixes:

Bug fixes:

  • Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
  • Fixed toolbox to prevent mounted ctr snapshots from being garbage-collected (toolbox#9)
  • Removed custom CloudSigma coreos-cloudinit service configuration since it will be called with the cloudsigma oem anyway. The restart of the service can also cause the serial port to be stuck in an nondeterministic state which breaks future runs.

Changes:

  • A new format qemu_uefi_secure is introduced to test Flatcar for SecureBoot-enabled features. The format will be later merged into qemu_uefi.
  • Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server (scripts#1560)
  • Added Scaleway images (flatcar/scripts#1683)
  • Added support for unlocking the rootfs with a TPM set up by systemd-cryptenroll (bootengine#93)
  • Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (flatcar/scripts#1771)
  • Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI (scripts#1861)
  • Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. (flatcar/scripts#1742)
  • Removed Linux drivers for Mellanox Technologies Switch ASICs family and Spectrum/Spectrum-2/Spectrum-3/Spectrum-4 Ethernet Switch ASICs to reduce the initrd size on AMD64 by ~5MB (flatcar/scripts#1734). This change is part of the effort to reduce the initrd size (flatcar#1381).
  • Removed coreos-cloudinit support for automatic keys conversion (e.g reboot-strategy -> reboot_strategy) (scripts#1687)
  • SDK: Unified qemu image formats, so that the qemu_uefi build target provides the regular qemu and the qemu_uefi_secure artifacts (scripts#1847)

Updates:

Read more
Assets 2
Loading

alpha-3941.0.0

16 Apr 11:57
@dongsupark dongsupark
alpha-3941.0.0
9398f1d
Compare
Choose a tag to compare
alpha-3941.0.0

Changes since Alpha 3913.0.0

Security fixes:

Bug fixes:

  • Disabled user-configdrive.service on OpenStack when config drive is used, which caused the hostname to be overwritten. The coreos-cloudinit.service unit already runs on OpenStack if the system is not configured via ignition. (Flatcar#1385)
  • Fixed toolbox to prevent mounted ctr snapshots from being garbage-collected (toolbox#9)

Changes:

  • Added zram-generator package to the image (scripts#1772)
  • Add Intel igc driver to support I225/I226 family NICs. (flatcar/scripts#1786)
  • Added Hyper-V VHDX image (flatcar/scripts#1791)
  • Added support for unlocking the rootfs with a TPM set up by systemd-cryptenroll (bootengine#93)
  • Disabled real-time priority for multipathd as it prevents the cgroups2 cpu controller from working. (flatcar/scripts#1771)
  • Enabled amd-pstate,amd-pstate-epp cpufreq drivers for some AMD CPUs in the kernel. (flatcar/scripts#1770)
  • Enabled ntpd by default on AWS & GCP, enabled chronyd by default on Azure. The native time sync source is used on each cloud. (scripts#1792)
    • Enabled the ptp_vmw module in the kernel.
    • Switched ptp_kvm from kernel builtin to module.
  • Enabled the GRUB TPM2 module to measure the boot code path and files into PCR 8+9 in UEFI (scripts#1861)
  • Hyper-V images, both .vhd and .vhdx files are available as zip compressed, switching from bzip2 to a built-in available Windows compression - zip (scripts#1878)
  • OpenStack, Brightbox: Added the flatcar.autologin kernel cmdline parameter by default as the hypervisor manages access to the console (scripts#1866)
  • Removed actool from the image and acbuild from the SDK as these tools are deprecated and not used (scripts#1817)
  • SDK: Unified qemu image formats, so that the qemu_uefi build target provides the regular qemu and the qemu_uefi_secure artifacts (scripts#1847)
  • The default VM memory was bumped to 2 GB in the Qemu script and for VMware OVFs (scripts#1827)

Updates:

Assets 2
Loading

stable-3815.2.1

20 Mar 09:23
@sayanchowdhury sayanchowdhury
stable-3815.2.1
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
98e0cca
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
stable-3815.2.1

Changes since Stable 3815.2.0

Security fixes:

Bug fixes:

  • Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
  • Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages in an airgapped environment (update_engine#39)
  • Restored support for custom OEMs supplied in the PXE boot where /usr/share/oem brings the OEM partition contents (Flatcar#1376)

Changes:

Updates:

Assets 2
Loading

beta-3874.1.0

20 Mar 09:23
@sayanchowdhury sayanchowdhury
beta-3874.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
c4e7e2c
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
beta-3874.1.0

Changes since Beta 3850.1.0

Security fixes:

Bug fixes:

  • Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
  • Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
  • Resolved kmod static nodes creation in bootengine (bootengine#85)
  • Restored support for custom OEMs supplied in the PXE boot where /usr/share/oem brings the OEM partition contents (Flatcar#1376)

Updates:

Changes since Alpha 3874.0.0

Security fixes:

Bug fixes:

  • Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
  • Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
  • Resolved kmod static nodes creation in bootengine (bootengine#85)
  • Restored support for custom OEMs supplied in the PXE boot where /usr/share/oem brings the OEM partition contents (Flatcar#1376)

Updates:

Assets 2
Loading

alpha-3913.0.0

20 Mar 09:24
@sayanchowdhury sayanchowdhury
alpha-3913.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
76413d6
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
alpha-3913.0.0

Changes since Alpha 3874.0.0

Security fixes:

Bug fixes:

  • Fixed that systemd-sysext images can extend directories where Flatcar extensions are also shipping files, e.g., that the sysext-bakery Kubernetes extension works when OEM extensions are present (sysext-bakery#50)
  • Fixed kubevirt vm creation by ensuring that /dev/vhost-net exists (Flatcar#1336)
  • Removed custom CloudSigma coreos-cloudinit service configuration since it will be called with the cloudsigma oem anyway. The restart of the service can also cause the serial port to be stuck in an nondeterministic state which breaks future runs.
  • Resolved kmod static nodes creation in bootengine (bootengine#85)
  • Restored support for custom OEMs supplied in the PXE boot where /usr/share/oem brings the OEM partition contents (Flatcar#1376)

Changes:

  • Introduced a new format qemu_uefi_secure to test Flatcar for SecureBoot-enabled features. The format will be later merged into qemu_uefi.
  • Added Ignition Clevis support for encrypted disks unlocked with a TPM2 device or a Tang server (scripts#1560)
  • Added Scaleway images (flatcar/scripts#1683)
  • Provided a ZFS-2.2.2 Flatcar extension as optional systemd-sysext image with the release. Write 'zfs' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning. ZFS support is experimental and ZFS is not supported for the root partition. (flatcar/scripts#1742)
  • Removed Linux drivers for Mellanox Technologies Switch ASICs family and Spectrum/Spectrum-2/Spectrum-3/Spectrum-4 Ethernet Switch ASICs to reduce the initrd size on AMD64 by ~5MB (flatcar/scripts#1734). This change is part of the effort to reduce the initrd size (Flatcar#1381).
  • Removed coreos-cloudinit support for automatic keys conversion (e.g reboot-strategy -> reboot_strategy) (scripts#1687)

Updates:

Read more
Assets 2
Loading

stable-3815.2.0

14 Feb 04:35
@sayanchowdhury sayanchowdhury
stable-3815.2.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
999264b
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
stable-3815.2.0

Changes since Stable 3760.2.0

Security fixes:

Bug fixes:

  • Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
  • Forwarded the proxy environment variables of update-engine.service to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)
  • Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma (scripts#1280)

Changes:

  • torcx was replaced by systemd-sysext in the OS image. Learn more about sysext and how to customise OS images here.
    (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).
  • NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the overlay2 driver
    (changelog, upstream pr).
  • NOTE: If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the btrfs storage driver for backwards-compatibility with your deployment.
  • Docker will remove the btrfs driver entirely in a future version. Please consider migrating your deployments to the overlay2 driver.
    Using the btrfs driver can still be enforced by creating a respective docker config at /etc/docker/daemon.json.
  • cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").
  • GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of /usr and being part of the OEM A/B updates (flatcar#1146)
  • Added a flatcar-update --oem-payloads <yes|no> flag to skip providing OEM payloads, e.g., for downgrades (init#114)

Updates:

Read more
Assets 2
Loading

lts-3510.3.2

14 Feb 04:35
@sayanchowdhury sayanchowdhury
lts-3510.3.2
40e4b27
Compare
Choose a tag to compare
lts-3510.3.2

Changes since LTS 3510.3.1

Security fixes:

Bug fixes:

  • Forwarded the proxy environment variables of update-engine.service to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)

Changes:

  • Added a flatcar-update --oem-payloads <yes|no> flag to skip providing OEM payloads, e.g., for downgrades (init#114)
  • Backported the OEM payload support to update-engine to avoid the fallback download path for clients on a restricted network and rather use the URLs passed from flatcar-update -E or with self-hosted Nebraska payloads (Flatcar#1332, Flatcar#1326)
  • Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
  • OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the .gz or .bz2 images)

Updates:

Assets 2
Loading

beta-3850.1.0

14 Feb 04:34
@sayanchowdhury sayanchowdhury
beta-3850.1.0
80501ec
Compare
Choose a tag to compare
beta-3850.1.0

Changes since Beta 3815.1.0

Security fixes:

Read more
Assets 2
Loading