feat: update Linux to 6.1.69, containerd to 1.7.11

Also pulls siderolabs/pkgs#852

Signed-off-by: Andrey Smirnov <[email protected]>

Makefile

@@ -16,7 +16,7 @@ CLOUD_IMAGES_EXTRA_ARGS ?= ""
 
 ARTIFACTS := _out
 TOOLS ?= ghcr.io/siderolabs/tools:v1.6.0-1-g336d248
-PKGS ?= v1.6.0-5-g3ae2450
+PKGS ?= v1.6.0-9-g8fa73db
 PKG_KERNEL ?= ghcr.io/siderolabs/kernel:$(PKGS)
 EXTRAS ?= v1.6.0-1-g113887a
 # renovate: datasource=github-tags depName=golang/go

go.mod

@@ -40,7 +40,7 @@ require (
 	github.com/blang/semver/v4 v4.0.0
 	github.com/cenkalti/backoff/v4 v4.2.1
 	github.com/containerd/cgroups/v3 v3.0.2
-	github.com/containerd/containerd v1.7.9
+	github.com/containerd/containerd v1.7.11
 	github.com/containerd/typeurl/v2 v2.1.1
 	github.com/containernetworking/cni v1.1.2
 	github.com/containernetworking/plugins v1.3.0
@@ -207,6 +207,7 @@ require (
 	github.com/emicklei/go-restful/v3 v3.11.0 // indirect
 	github.com/evanphx/json-patch v5.7.0+incompatible // indirect
 	github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect
+	github.com/felixge/httpsnoop v1.0.3 // indirect
 	github.com/gdamore/encoding v1.0.0 // indirect
 	github.com/ghodss/yaml v1.0.0 // indirect
 	github.com/go-errors/errors v1.4.2 // indirect
@@ -305,6 +306,7 @@ require (
 	go.etcd.io/etcd/server/v3 v3.5.11 // indirect
 	go.opencensus.io v0.24.0 // indirect
 	go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 // indirect
+	go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect
 	go.opentelemetry.io/otel v1.20.0 // indirect
 	go.opentelemetry.io/otel/metric v1.20.0 // indirect
 	go.opentelemetry.io/otel/trace v1.20.0 // indirect

go.sum

@@ -159,8 +159,8 @@ github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHq
 github.com/containerd/cgroups/v3 v3.0.2 h1:f5WFqIVSgo5IZmtTT3qVBo6TzI1ON6sycSBKkymb9L0=
 github.com/containerd/cgroups/v3 v3.0.2/go.mod h1:JUgITrzdFqp42uI2ryGA+ge0ap/nxzYgkGmIcetmErE=
 github.com/containerd/console v1.0.3/go.mod h1:7LqA/THxQ86k76b8c/EMSiaJ3h1eZkMkXar0TQ1gf3U=
-github.com/containerd/containerd v1.7.9 h1:KOhK01szQbM80YfW1H6RZKh85PHGqY/9OcEZ35Je8sc=
-github.com/containerd/containerd v1.7.9/go.mod h1:0/W44LWEYfSHoxBtsHIiNU/duEkgpMokemafHVCpq9Y=
+github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw=
+github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE=
 github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM=
 github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ=
 github.com/containerd/fifo v1.1.0 h1:4I2mbh5stb1u6ycIABlBw9zgtlK8viPI9QkQNRQEEmY=
@@ -241,6 +241,8 @@ github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d/go.mod h1:ZZM
 github.com/fatih/color v1.7.0/go.mod h1:Zm6kSWBoL9eyXnKyktHP6abPY2pDugNf5KwzbycvMj4=
 github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM=
 github.com/fatih/color v1.16.0/go.mod h1:fL2Sau1YI5c0pdGEVCbKQbLXB6edEj1ZgiY4NijnWvE=
+github.com/felixge/httpsnoop v1.0.3 h1:s/nj+GCswXYzN5v2DpNMuMQYe+0DDwt5WVCU6CWBdXk=
+github.com/felixge/httpsnoop v1.0.3/go.mod h1:m8KPJKqk1gH5J9DgRY2ASl2lWCfGKXixSwevea8zH2U=
 github.com/foxboron/go-uefi v0.0.0-20230808201820-18b9ba9cd4c3 h1:SJMQFT74bCrP+kQ24oWhmuyPFHDTavrd3JMIe//2NhU=
 github.com/foxboron/go-uefi v0.0.0-20230808201820-18b9ba9cd4c3/go.mod h1:VdozURTQHi5Rs54l+4Szi3yIJQDMfXXYrRLAjKKowWI=
 github.com/frankban/quicktest v1.11.3/go.mod h1:wRf/ReqHper53s+kmmSZizM8NamnL3IM0I9ntUbOk+k=
@@ -796,6 +798,8 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0=
 go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0 h1:PzIubN4/sjByhDRHLviCjJuweBXWFZWhghjg7cS28+M=
 go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.46.0/go.mod h1:Ct6zzQEuGK3WpJs2n4dn+wfJYzd/+hNnxMRTWjGn30M=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg=
+go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q=
 go.opentelemetry.io/otel v1.20.0 h1:vsb/ggIY+hUjD/zCAQHpzTmndPqv/ml2ArbsbfBYTAc=
 go.opentelemetry.io/otel v1.20.0/go.mod h1:oUIGj3D77RwJdM6PPZImDpSZGDvkD9fhesHny69JFrs=
 go.opentelemetry.io/otel/metric v1.20.0 h1:ZlrO8Hu9+GAhnepmRGhSU7/VkpjrNowxRN9GyKR4wzA=

hack/release.toml

@@ -6,135 +6,23 @@ github_repo = "siderolabs/talos"
 match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
 
 # previous release
-previous = "v1.5.0"
+previous = "v1.6.0"
 
 pre_release = false
 
 preface = """\
 """
 
 [notes]
-    [notes.firmware]
-        title = "Linux Firmware"
-        description = """\
-Starting with Talos 1.6, there is no Linux firmware included in the initramfs.
-Customers who need Linux firmware can pull them as extension during install time using the image factory service.
-If the initial boot requires firmware, a custom iso can be built with the firmware included using the image factory service.
-This also ensures that the linux-firmware is not tied to a specific Talos version.
-"""
-
-    [notes.kubelet]
-        title = "Kubelet Credential Provider Configuration"
-        description = """\
-Talos now supports specifying the kubelet credential provider configuration in the Talos configuration file.
-It can be set under `machine.kubelet.credentialProviderConfig` and kubelet will be automatically configured to with the correct flags.
-The credential binaries are expected to be present under `/usr/local/lib/kubelet/credentialproviders`.
-Talos System Extensions can be used to install the credential binaries.
-"""
-
-    [notes.kube-scheduler]
-        title = "Kube-Scheduler Configuration"
-        description = """\
-Talos now supports specifying the kube-scheduler configuration in the Talos configuration file.
-It can be set under `cluster.scheduler.config` and kube-scheduler will be automatically configured to with the correct flags.
-"""
-
-    [notes.extensions]
-        title = "Extension Services"
-        description = """\
-Talos now starts Extension Services early in the boot process, this allows guest agents to be started in maintenance mode.
-"""
-
-    [notes.kernel-args]
-        title = "Kernel Arguments"
-        description = """\
-Talos and Imager now supports dropping kernel arguments specified in `.machine.install.extraKernelArgs` or as `--extra-kernel-arg` to imager.
-Any kernel argument that starts with a `-` is dropped. Kernel arguments to be dropped can be specified either as `-<key>` which would remove all arguments that start with `<key>` or as `-<key>=<value>` which would remove the exact argument.
-"""
-
     [notes.updates]
         title = "Component Updates"
         description = """\
-Linux: 6.1.67
-containerd: 1.7.10
-CoreDNS: 1.11.1
-Kubernetes: 1.29.0
-Flannel: 0.23.0
-etcd: 3.5.11
-runc: 1.1.10
+Linux: 6.1.69
+containerd: 1.7.11
 
 Talos is built with Go 1.21.5.
 """
 
-    [notes.talosctl]
-        title = "talosctl CLI"
-        description = """\
-The command `images` deprecated in Talos 1.5 was removed, please use `talosctl images default` instead.
-"""
-
-    [notes.device-selectors]
-        title = "Network Device Selectors"
-        description = """\
-Previously, [network device selectors](https://www.talos.dev/v1.6/talos-guides/network/device-selector/) only matched the first link, now the configuration is applied to all matching links.
-"""
-
-
-    [notes.kubeprism]
-        title = "KubePrism"
-        description = """\
-[KubePrism](https://www.talos.dev/v1.6/kubernetes-guides/configuration/kubeprism/) is enabled by default on port 7445.
-"""
-
-    [notes.sysctl]
-        title = "Sysctl"
-        description = """\
-Talos now handles sysctl/sysfs key names in line with sysctl.conf(5):
-
-* if the first separator is '/', no conversion is done
-* if the first separator is '.', dots and slashes are remapped
-
-Example (both sysctls are equivalent):
-
-```yaml
-machine:
-  sysctls:
-    net/ipv6/conf/eth0.100/disable_ipv6: "1"
-    net.ipv6.conf.eth0/100.disable_ipv6: "1"
-```
-"""
-
-    [notes.auth2]
-        title = "OAuth2 Machine Config Flow"
-        description = """\
-Talos Linux when running on the `metal` platform can be configured to authenticate the machine configuration download using [OAuth2 device flow](https://www.talos.dev/v1.6/advanced/machine-config-oauth/).
-"""
-
-    [notes.ingress]
-        title = "Ingress Firewall"
-        description = """\
-Talos Linux now supports configuring the [ingress firewall rules](https://talos.dev/v1.6/talos-guides/network/ingress-firewall/).
-"""
-
-    [notes.flannel]
-        title = "Flannel Configuration"
-        description = """\
-Talos Linux now supports customizing default Flannel manifest with extra arguments for flanneld.
-
-```yaml
-cluster:
-  network:
-    cni:
-      flannel:
-        extraArgs:
-          - --iface-can-reach=192.168.1.1
-```
-"""
-
-    [notes.user-disks]
-        title = "User Disks"
-        description = """\
-Talos Linux now supports specifying user disks in `.machine.disks` machine configuration links via `udev` symlinks, e.g. `/dev/disk/by-id/XXXX`.
-"""
 
 [make_deps]
 

internal/app/machined/pkg/system/services/extension_test.go

@@ -94,6 +94,7 @@ func TestGetOCIOptions(t *testing.T) {
 			"/proc/timer_stats",
 			"/proc/sched_debug",
 			"/sys/firmware",
+			"/sys/devices/virtual/powercap",
 			"/proc/scsi",
 		}, spec.Linux.MaskedPaths)
 		assert.Equal(t, []string{

pkg/machinery/constants/constants.go

@@ -16,7 +16,7 @@ import (
 
 const (
 	// DefaultKernelVersion is the default Linux kernel version.
-	DefaultKernelVersion = "6.1.67-talos"
+	DefaultKernelVersion = "6.1.69-talos"
 
 	// KernelModulesPath is the default path to the kernel modules without the kernel version.
 	KernelModulesPath = "/lib/modules"
@@ -479,7 +479,7 @@ const (
 	TrustdUserID = 51
 
 	// DefaultContainerdVersion is the default container runtime version.
-	DefaultContainerdVersion = "1.7.10"
+	DefaultContainerdVersion = "1.7.11"
 
 	// SystemContainerdNamespace is the Containerd namespace for Talos services.
 	SystemContainerdNamespace = "system"

pkg/machinery/gendata/data/pkgs

@@ -1 +1 @@
-v1.6.0-5-g3ae2450
+v1.6.0-9-g8fa73db