Skip to content

Releases: flatcar/scripts

lts-4081.3.4

08 Jul 15:22
@sayanchowdhury sayanchowdhury
lts-4081.3.4
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
6f93e9a
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
lts-4081.3.4

Changes since LTS 4081.3.3

Security fixes:

Read more
Loading

beta-4344.1.1

08 Jul 15:20
@sayanchowdhury sayanchowdhury
beta-4344.1.1
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
5622d7e
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
beta-4344.1.1

Changes since Beta 4344.1.0

Security fixes:

Changes:

Updates:

Loading

alpha-4372.0.1

08 Jul 15:19
@sayanchowdhury sayanchowdhury
alpha-4372.0.1
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
335df6f
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
alpha-4372.0.1

Changes since Alpha 4372.0.0

Security fixes:

Changes:

Updates:

Loading

stable-4230.2.0

24 Jun 11:58
@chewi chewi
stable-4230.2.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
6e3d59a
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
stable-4230.2.0

Changes since Stable 4152.2.3

Security fixes:

Bug fixes:

  • Fixed PXE boot failures that arose since upgrading to systemd v256. Users were dumped to an emergency shell. (...
Read more
Loading

beta-4344.1.0

24 Jun 11:56
@chewi chewi
beta-4344.1.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
0afd4fa
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
beta-4344.1.0

Changes since Beta 4230.1.1

Security fixes:

Bug fixes:

  • Added back some BCC tools (scripts#2900)
  • Fix non-conforming GPT partition table (flatcar/Flatcar#1651)
  • Fixed path handling in the QEMU .sh launcher scripts. Given paths now are relative to the current directory and absolute paths work as you would expect.
  • Fixed race condition in the script that grows the root partition to fill the disk. This bug sometimes caused the operation to not occur. (init#132)
  • Fixed the inclusion of Intel and AMD CPU microcode in the initrd. This was accidentally dropped some time ago.
  • azure: Fixed issue of wa-linux-agent overriding ssh public key from ignition configuration during provisioning (flatcar/Flatcar#1661)
  • update-ssh-keys: More intuitive --help text and the -n (no-replace) option has been fixed. (flatcar/Flatcar#1554)

Changes:

  • Add changes for our secureboot signed images with our signed release process until the official shim signing (scripts#2754)
  • Added nftables-load.service and nftables-store.service services to load/store rules from/in /var/lib/nftables/rules-save (Flatcar#900)
  • Added support for podman in toolbox (toolbox#11)
  • Allow per-sysext USE flags and architecture-specific sysexts. (scripts#2798)
  • Always truncate hostnames on the first occurrence of . (cloud-init#32)
  • Build Intel iGPU i915 driver as module (scripts#2349)
  • Compile OS-dependent NVIDIA kernel module sysexts signed for secure boot. (scripts#2798)
  • Enabled EROFS module with XATTR support (Flatcar#1659)
  • Enabled virtiofs and fuse-dax modules in the kernel for advaned Qemu usecases. Thank you @aaronk6! (Flatcar#2825)
  • Ensure hostnames never exceeds 63 characters, regardless of the metadata provider (cloud-init#31)
  • Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning. (scripts#1655)
  • Sign out-of-tree kernel modules using the ephemeral signing key so that ZFS and NVIDIA sysexts can work with secure boot. (scripts#2636)
  • The kernel image and its embedded initrd are now compressed with xz rather than zstd. This gives greater compression at the cost of decompression performance. Systems may therefore now be ever so slightly slower to boot, but this was necessary to avoid running out of space in the /boot partition. Further measures to address the space issue are planned, and perhaps we can switch back to zstd in a later release.
  • The qemu script (flatcar_production_qemu*.sh) received two new options. -D (or -image-disk-opts) can be used to add extra options to the virtio-blk-pci device for primary disk. -d (or -disk) can be used to add extra disks to the machine - this one takes a path to a raw or qcow2 image file and, after a comma, virtio-blk-pci options. To learn what disk options can be passed to -D or -d, call qemu-system-x86_64 -device virtio-blk-pci,help (qemu-system-aarch64 can be used too).
  • /boot is now only accessible by the root user for better security. (Flatcar#296)
  • sysext-incus: removed /etc/subuid and /etc/subgid generation for root user, it has to be created through initial provisioning. (scripts#3028)
  • systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar.

Updates:

Read more

Contributors

aaronk6
Loading

alpha-4372.0.0

24 Jun 11:38
@sayanchowdhury sayanchowdhury
alpha-4372.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
79335d2
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
alpha-4372.0.0

Changes since Alpha 4344.0.0

Security fixes:

Bug fixes:

  • Fixed race condition in the script that grows the root partition to fill the disk. This bug sometimes caused the operation to not occur. (init#132)

Changes:

  • Added support for podman in toolbox (toolbox#11)
  • /boot is now only accessible by the root user for better security. (Flatcar#296)
  • sysext-incus: removed /etc/subuid and /etc/subgid generation for root user, it has to be created through initial provisioning. (scripts#3028)

Updates:

Loading

alpha-4344.0.0

28 May 11:10
@tormath1 tormath1
alpha-4344.0.0
This tag was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Verified
Learn about vigilant mode.
87f0c43
This commit was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
alpha-4344.0.0

Changes since Alpha 4284.0.0

Breaking changes

  • Azure: hv_fcopy_daemon binary and its service hv_fcopy_daemon.service have been renamed to respectively hv_fcopy_uio_daemon and hv_fcopy_uio_daemon.service following 6.12 Kernel update

Security fixes:

Bug fixes:

  • Added back some BCC tools (scripts#2900)
  • Fixed path handling in the QEMU .sh launcher scripts. Given paths now are relative to the current directory and absolute paths work as you would expect. (scripts#2808)
  • Fixed the inclusion of Intel and AMD CPU microcode in the initrd. This was accidentally dropped some time ago. (scripts#2837)
  • update-ssh-keys: More intuitive --help text and the -n (no-replace) option has been fixed. (flatcar/Flatcar#1554)

Changes:

  • Added nftables-load.service and nftables-store.service services to load/store rules from/in /var/lib/nftables/rules-save (Flatcar#900)
  • Allow per-sysext USE flags and architecture-specific sysexts. (scripts#2798)
  • Always truncate hostnames on the first occurrence of . (cloud-init#32)
  • Compile OS-dependent NVIDIA kernel module sysexts signed for secure boot. (scripts#2798)
  • Enabled virtiofs and fuse-dax modules in the kernel for advaned Qemu usecases. Thank you @aaronk6! (Flatcar#2825)
  • Ensure hostnames never exceeds 63 characters, regardless of the metadata provider (cloud-init#31)
  • Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning. (scripts#1655)
  • Sign out-of-tree kernel modules using the ephemeral signing key so that ZFS and NVIDIA sysexts can work with secure boot. (scripts#2636)
  • The kernel image and its embedded initrd are now compressed with xz rather than zstd. This gives greater compression at the cost of decompression performance. Systems may therefore now be ever so slightly slower to boot, but this was necessary to avoid running out of space in the /boot partition. Further measures to address the space issue are planned, and perhaps we can switch back to zstd in a later release. (scripts#2835)
  • The qemu script (flatcar_production_qemu*.sh) received two new options. -D (or -image-disk-opts) can be used to add extra options to the virtio-blk-pci device for primary disk. -d (or -disk) can be used to add extra disks to the machine - this one takes a path to a raw or qcow2 image file and, after a comma, virtio-blk-pci options. To learn what disk options can be passed to -D or -d, call qemu-system-x86_64 -device virtio-blk-pci,help (qemu-system-aarch64 can be used too). (scripts#2847)
  • systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar. (scripts#2837)

Updates:

Read more

Contributors

aaronk6
Loading

stable-4152.2.3

06 May 11:36
@sayanchowdhury sayanchowdhury
stable-4152.2.3
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
a584898
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
stable-4152.2.3

Changes since Stable 4152.2.2

Security fixes:

Updates:

Loading

lts-4081.3.3

06 May 11:36
@sayanchowdhury sayanchowdhury
lts-4081.3.3
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
e935573
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
lts-4081.3.3

Changes since LTS 4081.3.2

Security fixes:

Updates:

Loading

beta-4230.1.1

06 May 11:35
@sayanchowdhury sayanchowdhury
beta-4230.1.1
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.
c5bfa52
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
beta-4230.1.1

Changes since Beta 4230.1.0

Security fixes:

Bug fixes:

  • Fixed PXE boot failures that arose since upgrading to systemd v256. Users were dumped to an emergency shell. (flatcar/bootengine#103)

Updates:

Loading