backports: for v1.5.0-beta.1

.conform.yaml

@@ -8,7 +8,7 @@ policies:
           gitHubOrganization: siderolabs
       spellcheck:
         locale: US
-      maximumOfOneCommit: true
+      maximumOfOneCommit: false
       header:
         length: 89
         imperative: true

.drone.jsonnet

@@ -211,7 +211,7 @@ local external_artifacts = Step('external-artifacts', depends_on=[setup_ci]);
 local generate = Step('generate', target='generate docs', depends_on=[setup_ci]);
 local uki_certs = Step('uki-certs', depends_on=[generate], environment={ PLATFORM: 'linux/amd64' });
 local check_dirty = Step('check-dirty', depends_on=[generate, external_artifacts, uki_certs]);
-local build = Step('build', target='talosctl-all kernel initramfs installer imager talos _out/integration-test-linux-amd64', depends_on=[check_dirty], environment={ IMAGE_REGISTRY: local_registry, PUSH: true });
+local build = Step('build', target='talosctl-all kernel sd-boot sd-stub initramfs installer imager talos _out/integration-test-linux-amd64', depends_on=[check_dirty], environment={ IMAGE_REGISTRY: local_registry, PUSH: true });
 local lint = Step('lint', depends_on=[build]);
 local talosctl_cni_bundle = Step('talosctl-cni-bundle', depends_on=[build, lint]);
 local iso = Step('iso', target='iso secureboot-iso', depends_on=[build], environment={ IMAGE_REGISTRY: local_registry });
@@ -735,6 +735,10 @@ local release = {
       '_out/oracle-arm64.qcow2.xz',
       '_out/scaleway-amd64.raw.xz',
       '_out/scaleway-arm64.raw.xz',
+      '_out/sd-boot-amd64.efi',
+      '_out/sd-boot-arm64.efi',
+      '_out/sd-stub-amd64.efi',
+      '_out/sd-stub-arm64.efi',
       '_out/talosctl-cni-bundle-amd64.tar.gz',
       '_out/talosctl-cni-bundle-arm64.tar.gz',
       '_out/talosctl-darwin-amd64',

Dockerfile

@@ -28,6 +28,7 @@ FROM ghcr.io/siderolabs/grub:${PKGS} AS pkg-grub
 FROM --platform=amd64 ghcr.io/siderolabs/grub:${PKGS} AS pkg-grub-amd64
 FROM --platform=arm64 ghcr.io/siderolabs/grub:${PKGS} AS pkg-grub-arm64
 
+FROM ghcr.io/siderolabs/sd-boot:${PKGS} AS pkg-sd-boot
 FROM --platform=amd64 ghcr.io/siderolabs/sd-boot:${PKGS} AS pkg-sd-boot-amd64
 FROM --platform=arm64 ghcr.io/siderolabs/sd-boot:${PKGS} AS pkg-sd-boot-arm64
 
@@ -343,14 +344,14 @@ WORKDIR /src/internal/app/machined
 ARG GO_BUILDFLAGS
 ARG GO_LDFLAGS
 ARG GOAMD64
-RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /machined
+RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=amd64 GOAMD64=${GOAMD64} go build ${GO_BUILDFLAGS} -tags tcell_minimal -ldflags "${GO_LDFLAGS}" -o /machined
 RUN chmod +x /machined
 
 FROM base AS machined-build-arm64
 WORKDIR /src/internal/app/machined
 ARG GO_BUILDFLAGS
 ARG GO_LDFLAGS
-RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=arm64 go build ${GO_BUILDFLAGS} -ldflags "${GO_LDFLAGS}" -o /machined
+RUN --mount=type=cache,target=/.cache GOOS=linux GOARCH=arm64 go build ${GO_BUILDFLAGS} -tags tcell_minimal -ldflags "${GO_LDFLAGS}" -o /machined
 RUN chmod +x /machined
 
 FROM machined-build-${TARGETARCH} AS machined-build
@@ -475,6 +476,16 @@ FROM scratch AS kernel
 ARG TARGETARCH
 COPY --from=pkg-kernel /boot/vmlinuz /vmlinuz-${TARGETARCH}
 
+# The sd-boot target is the systemd-boot asset.
+FROM scratch AS sd-boot
+ARG TARGETARCH
+COPY --from=pkg-sd-boot /*.efi /sd-boot-${TARGETARCH}.efi
+
+# The sd-stub target is the systemd-stub asset.
+FROM scratch AS sd-stub
+ARG TARGETARCH
+COPY --from=pkg-sd-boot /*.efi.stub /sd-stub-${TARGETARCH}.efi
+
 FROM tools AS depmod-amd64
 WORKDIR /staging
 COPY hack/modules-amd64.txt .

Makefile

@@ -14,7 +14,7 @@ NAME = Talos
 
 ARTIFACTS := _out
 TOOLS ?= ghcr.io/siderolabs/tools:v1.5.0
-PKGS ?= v1.5.0
+PKGS ?= v1.5.0-1-g8a2227d
 EXTRAS ?= v1.5.0
 # renovate: datasource=github-tags depName=golang/go
 GO_VERSION ?= 1.20
@@ -244,6 +244,14 @@ kernel: ## Outputs the kernel package contents (vmlinuz) to the artifact directo
 initramfs: ## Builds the compressed initramfs and outputs it to the artifact directory.
 	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
 
+.PHONY: sd-boot
+sd-boot: ## Outputs the systemd-boot to the artifact directory.
+	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
+
+.PHONY: sd-stub
+sd-stub: ## Outputs the systemd-stub to the artifact directory.
+	@$(MAKE) local-$@ DEST=$(ARTIFACTS) PUSH=false
+
 .PHONY: installer
 installer: ## Builds the container image for the installer and outputs it to the registry.
 	@INSTALLER_ARCH=targetarch  \
@@ -292,7 +300,7 @@ image-%: ## Builds the specified image. Valid options are aws, azure, digital-oc
 	@docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG)
 	@for platform in $(subst $(,),$(space),$(PLATFORM)); do \
 		arch=$$(basename "$${platform}") && \
-		docker run --rm -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch --tar-to-stdout $(IMAGER_ARGS) | tar xz -C $(ARTIFACTS) ; \
+		docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/secureboot:ro -v $(PWD)/$(ARTIFACTS):/out --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch $$arch $(IMAGER_ARGS) ; \
 	done
 
 images-essential: image-aws image-gcp image-metal secureboot-installer ## Builds only essential images used in the CI (AWS, GCP, and Metal).
@@ -301,7 +309,7 @@ images: image-aws image-azure image-digital-ocean image-exoscale image-gcp image
 
 sbc-%: ## Builds the specified SBC image. Valid options are rpi_generic, rock64, bananapi_m64, libretech_all_h3_cc_h5, rockpi_4, rockpi_4c, pine64, jetson_nano and nanopi_r4s (e.g. sbc-rpi_generic)
 	@docker pull $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG)
-	@docker run --rm -v /dev:/dev --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch arm64 --tar-to-stdout $(IMAGER_ARGS) | tar xz -C $(ARTIFACTS)
+	@docker run --rm -t -v /dev:/dev -v $(PWD)/$(ARTIFACTS):/out --network=host --privileged $(REGISTRY_AND_USERNAME)/imager:$(IMAGE_TAG) $* --arch arm64 $(IMAGER_ARGS)
 
 sbcs: sbc-rpi_generic sbc-rock64 sbc-bananapi_m64 sbc-libretech_all_h3_cc_h5 sbc-rockpi_4 sbc-rockpi_4c sbc-pine64 sbc-jetson_nano sbc-nanopi_r4s ## Builds all known SBC images (Raspberry Pi 4, Rock64, Banana Pi M64, Radxa ROCK Pi 4, Radxa ROCK Pi 4c, Pine64, Libre Computer Board ALL-H3-CC, Jetson Nano and Nano Pi R4S).
 

cmd/installer/cmd/imager/root.go

@@ -7,7 +7,6 @@ package imager
 
 import (
 	"context"
-	"fmt"
 	"os"
 	"runtime"
 
@@ -21,6 +20,7 @@ import (
 	"github.com/siderolabs/talos/pkg/imager"
 	"github.com/siderolabs/talos/pkg/imager/profile"
 	"github.com/siderolabs/talos/pkg/machinery/constants"
+	"github.com/siderolabs/talos/pkg/reporter"
 )
 
 var cmdFlags struct {
@@ -38,12 +38,19 @@ var cmdFlags struct {
 
 // rootCmd represents the base command when called without any subcommands.
 var rootCmd = &cobra.Command{
-	Use:   "imager <profile>|-",
-	Short: "Generate various boot assets and images.",
-	Long:  ``,
-	Args:  cobra.ExactArgs(1),
+	Use:          "imager <profile>|-",
+	Short:        "Generate various boot assets and images.",
+	Long:         ``,
+	Args:         cobra.ExactArgs(1),
+	SilenceUsage: true,
 	RunE: func(cmd *cobra.Command, args []string) error {
 		return cli.WithContext(context.Background(), func(ctx context.Context) error {
+			report := reporter.New()
+			report.Report(reporter.Update{
+				Message: "assembling the finalized profile...",
+				Status:  reporter.StatusRunning,
+			})
+
 			baseProfile := args[0]
 
 			var prof profile.Profile
@@ -98,7 +105,12 @@ var rootCmd = &cobra.Command{
 				return err
 			}
 
-			if err = imager.Execute(ctx, cmdFlags.OutputPath); err != nil {
+			if err = imager.Execute(ctx, cmdFlags.OutputPath, report); err != nil {
+				report.Report(reporter.Update{
+					Message: err.Error(),
+					Status:  reporter.StatusError,
+				})
+
 				return err
 			}
 
@@ -115,7 +127,6 @@ var rootCmd = &cobra.Command{
 // This is called by main.main(). It only needs to happen once to the rootCmd.
 func Execute() {
 	if err := rootCmd.Execute(); err != nil {
-		fmt.Fprintln(os.Stderr, err)
 		os.Exit(1)
 	}
 }

cmd/installer/pkg/install/install.go

@@ -42,6 +42,7 @@ type Options struct {
 	ImageSecureboot bool
 	Version         string
 	BootAssets      bootloaderoptions.BootAssets
+	Printf          func(string, ...any)
 }
 
 // Mode is the install mode.
@@ -107,7 +108,7 @@ func Install(ctx context.Context, p runtime.Platform, mode Mode, opts *Options)
 		return err
 	}
 
-	log.Printf("installation of %s complete", version.Tag)
+	i.options.Printf("installation of %s complete", version.Tag)
 
 	return nil
 }
@@ -132,6 +133,10 @@ func NewInstaller(ctx context.Context, cmdline *procfs.Cmdline, mode Mode, opts
 		i.options.Version = version.Tag
 	}
 
+	if i.options.Printf == nil {
+		i.options.Printf = log.Printf
+	}
+
 	if !i.options.Zero {
 		i.bootloader, err = bootloader.Probe(ctx, i.options.Disk)
 		if err != nil && !os.IsNotExist(err) {
@@ -258,6 +263,7 @@ func (i *Installer) Install(ctx context.Context, mode Mode) (err error) {
 		Version:    i.options.Version,
 		ImageMode:  mode.IsImage(),
 		BootAssets: i.options.BootAssets,
+		Printf:     i.options.Printf,
 	}); err != nil {
 		return err
 	}
@@ -270,7 +276,7 @@ func (i *Installer) Install(ctx context.Context, mode Mode) (err error) {
 			return err
 		}
 
-		log.Printf("installing U-Boot for %q", b.Name())
+		i.options.Printf("installing U-Boot for %q", b.Name())
 
 		if err = b.Install(i.options.Disk); err != nil {
 			return err

cmd/installer/pkg/install/manifest.go

@@ -9,7 +9,6 @@ import (
 	"context"
 	"errors"
 	"fmt"
-	"log"
 	"os"
 	"path/filepath"
 	"strings"
@@ -33,6 +32,8 @@ type Manifest struct {
 	Devices           map[string]Device
 	Targets           map[string][]*Target
 	LegacyBIOSSupport bool
+
+	Printf func(string, ...any)
 }
 
 // Device represents device options.
@@ -53,6 +54,8 @@ func NewManifest(mode Mode, uefiOnlyBoot bool, bootLoaderPresent bool, opts *Opt
 		Devices:           map[string]Device{},
 		Targets:           map[string][]*Target{},
 		LegacyBIOSSupport: opts.LegacyBIOSSupport,
+
+		Printf: opts.Printf,
 	}
 
 	if opts.Board != constants.BoardNone {
@@ -248,7 +251,7 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 	if device.Zero {
 		if err = partition.Format(device.Device, &partition.FormatOptions{
 			FileSystemType: partition.FilesystemTypeNone,
-		}); err != nil {
+		}, m.Printf); err != nil {
 			return err
 		}
 	}
@@ -272,7 +275,7 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 			return err
 		}
 
-		log.Printf("creating new partition table on %s", device.Device)
+		m.Printf("creating new partition table on %s", device.Device)
 
 		gptOpts := []gpt.Option{
 			gpt.WithMarkMBRBootable(m.LegacyBIOSSupport),
@@ -287,8 +290,8 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 			return err
 		}
 
-		log.Printf("logical/physical block size: %d/%d", pt.Header().LBA.LogicalBlockSize, pt.Header().LBA.PhysicalBlockSize)
-		log.Printf("minimum/optimal I/O size: %d/%d", pt.Header().LBA.MinimalIOSize, pt.Header().LBA.OptimalIOSize)
+		m.Printf("logical/physical block size: %d/%d", pt.Header().LBA.LogicalBlockSize, pt.Header().LBA.PhysicalBlockSize)
+		m.Printf("minimum/optimal I/O size: %d/%d", pt.Header().LBA.MinimalIOSize, pt.Header().LBA.OptimalIOSize)
 
 		if err = pt.Write(); err != nil {
 			return err
@@ -309,7 +312,7 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 
 	if !created {
 		if device.ResetPartitionTable {
-			log.Printf("resetting partition table on %s", device.Device)
+			m.Printf("resetting partition table on %s", device.Device)
 
 			// TODO: how should it work with zero option above?
 			if err = bd.Reset(); err != nil {
@@ -343,7 +346,7 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 			// delete all partitions which are not skipped
 			for _, part := range pt.Partitions().Items() {
 				if _, ok := keepPartitions[part.Name]; !ok {
-					log.Printf("deleting partition %s", part.Name)
+					m.Printf("deleting partition %s", part.Name)
 
 					if err = pt.Delete(part); err != nil {
 						return err
@@ -363,7 +366,7 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 	}
 
 	for i, target := range targets {
-		if err = target.partition(pt, i); err != nil {
+		if err = target.partition(pt, i, m.Printf); err != nil {
 			return fmt.Errorf("failed to partition device: %w", err)
 		}
 	}
@@ -376,7 +379,7 @@ func (m *Manifest) executeOnDevice(device Device, targets []*Target) (err error)
 		target := target
 
 		err = retry.Constant(time.Minute, retry.WithUnits(100*time.Millisecond)).Retry(func() error {
-			e := target.Format()
+			e := target.Format(m.Printf)
 			if e != nil {
 				if strings.Contains(e.Error(), "No such file or directory") {
 					// workaround problem with partition device not being visible immediately after partitioning
@@ -422,7 +425,7 @@ func (m *Manifest) preserveContents(device Device, targets []*Target) (err error
 
 	if bd, err = blockdevice.Open(device.Device); err != nil {
 		// failed to open the block device, probably it's damaged?
-		log.Printf("warning: skipping preserve contents on %q as block device failed: %s", device.Device, err)
+		m.Printf("warning: skipping preserve contents on %q as block device failed: %s", device.Device, err)
 
 		return nil
 	}
@@ -432,7 +435,7 @@ func (m *Manifest) preserveContents(device Device, targets []*Target) (err error
 
 	pt, err := bd.PartitionTable()
 	if err != nil {
-		log.Printf("warning: skipping preserve contents on %q as partition table failed: %s", device.Device, err)
+		m.Printf("warning: skipping preserve contents on %q as partition table failed: %s", device.Device, err)
 
 		return nil
 	}
@@ -473,13 +476,13 @@ func (m *Manifest) preserveContents(device Device, targets []*Target) (err error
 		}
 
 		if sourcePart == nil {
-			log.Printf("warning: failed to preserve contents of %q on %q, as source partition wasn't found", target.Label, device.Device)
+			m.Printf("warning: failed to preserve contents of %q on %q, as source partition wasn't found", target.Label, device.Device)
 
 			continue
 		}
 
 		if err = target.SaveContents(device, sourcePart, fileSystemType, fnmatchFilters); err != nil {
-			log.Printf("warning: failed to preserve contents of %q on %q: %s", target.Label, device.Device, err)
+			m.Printf("warning: failed to preserve contents of %q on %q: %s", target.Label, device.Device, err)
 		}
 	}