From a8e9fc504ffc32e39618a645dc6bc414f20f8927 Mon Sep 17 00:00:00 2001 From: "flowzone-app[bot]" <124931076+flowzone-app[bot]@users.noreply.github.com> Date: Mon, 26 Feb 2024 07:58:38 +0000 Subject: [PATCH] v5.1.38 --- .versionbot/CHANGELOG.yml | 278 ++++++++++++++++++++++++++++++++++++++ CHANGELOG.md | 34 +++++ VERSION | 2 +- 3 files changed, 313 insertions(+), 1 deletion(-) diff --git a/.versionbot/CHANGELOG.yml b/.versionbot/CHANGELOG.yml index fe05eda6..85fc0e85 100644 --- a/.versionbot/CHANGELOG.yml +++ b/.versionbot/CHANGELOG.yml @@ -1,3 +1,281 @@ +- commits: + - subject: Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09 + hash: 490e22e0535e8e2e3b2f05ea004754b0dec5c3dc + body: Update layers/meta-balena + footer: + Changelog-entry: Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09 + changelog-entry: Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09 + author: Self-hosted Renovate Bot + nested: + - commits: + - subject: "balena-rollback: adapt to secure boot support" + hash: 3f5f5c71288551569522c321fb5f808706ce93c0 + body: > + Make sure the rollback scripts know to use the non-encrypted + boot + + partition to update A/B variables. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "hostapp-update-hooks: Adapt resin-uboot hook to secure boot" + hash: 727559886b6ebc6a0cbea6226826e454ff0ba023 + body: > + This is required for devices that use u-boot in their secure + boot + + trust chain. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "classes: u-boot: use global secure boot kernel command line instead of + hardcoding" + hash: 7457aec1b3efa2a5bf350c7046f165bcf2e08c3d + body: > + Use the new OS_KERNEL_SECUREBOOT_CMDLINE global variable instead + of + + hardcoding the values for the secure boot command line. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "grub: use global secure boot kernel command line instead of + hardcoding" + hash: af66b4184899c4c909979a065d57e178278569ec + body: > + Use the new OS_KERNEL_SECUREBOOT_CMDLINE global variable instead + of + + hardcoding the values for the secure boot command line. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "conf: distro: define kernel command line for secure boot" + hash: 2b5aa3f348c92e0ff4f83db6d8e4002f3c84bb3d + body: | + This can then be used in both grub and u-boot. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resindataexpander: encrypted partitions will auto-expand on unlock" + hash: 4e7ff432425672068f7b7430e416239a6b987fc0 + body: > + Calling `cryptsetup resize` on LUKS2 actually prompts for a + password + + and it is not needed as the partition will auto-expand on unlock. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "initrdscripts: migrate: replace hardcoded kernel image names" + hash: 66083abb5bee31c9efd230c69cae322021f85c63 + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-mounts: generalize secure boot mounts" + hash: 522800093a2271b8814b78a3eb25b09d0a125441 + body: > + Use the global BALENA_NONENC_BOOT_LABEL to define the name of + the + + non-encrypted boot partition to mount. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "initrdscripts: abroot: Use the global label for non-encrypted boot + partitions" + hash: 69093e694e806bd91fa3f275a075adabe587ef35 + body: | + Avoid having to redefine this in individual recipes. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "initrdscripts: allow for cryptsetup to support different secure boot + implementations" + hash: 3d932c8a8034fa0bafa6651f3b381823a3e738ff + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "os-helpers-fs: add shared wait4udev function" + hash: 10b435b81e49f24943ca89d6624199ecf82a3195 + body: | + This allows to share this function between the different device + integration cryptsetup implementations. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "balena-image-flasher: fix appended variable with a leading space" + hash: a7c9dd924bb754d49fe57f8c262592f707fc076b + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "balena-config-vars: customize for secure boot support" + hash: d55ed33746e8ebeeee524f556ce0fb7cc9d1dad7 + body: > + Specify defaults for both the encrypted and non-encrypted boot + mount + + points. On a non-secure boot system these will be set the same. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "os-helpers: add dummy os-helpers-sb" + hash: 8ca3bd996b78360b669417a4efd4e31b64ac1084 + body: > + This helper file is to be overwritten by device integration + layers + + to provide hostOS update customizations for secure boot devices that + + split the boot partition into encrypted and non-encrypted. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-init-flasher: allow flasher image use in devices without + internal storage" + hash: b0dc10609d9a6333cb43f137b73a88798c59b86a + body: > + The flasher image is now able to self-install when launched from + an + + external storage. This is useful for use cases where an installation + + steps that re-partitions/encrypts disk is required for example. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-init-flasher: flag non-encrypted boot partition as bootable" + hash: 60377c9a3073698ede0722ba6773a0bf223d881f + body: > + Non-EFI systems need this to identify the boot partition and it + won't + + affect EFI systems. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-init-flasher: replace hardcoded kernel image names" + hash: 6c60a5270af3936ec68a21cddf77ff4d330343fe + body: "" + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "resin-init-flasher: split secureboot and disk encryption interfaces" + hash: e85a14f22d50745e495bac0b431e942afad79b78 + body: > + Provide hooks in the flasher script to call out to device + specific + + secureboot and disk encryption interfaces. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "distro: balena-os: define the boot labels as global" + hash: 4254f27f6cd00282710929b314017222a22bb0cd + body: > + This allows to use the same values in several recipes without + having to + + re-define them. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + - subject: "distro: balena-os: Specify full GO version" + hash: 2506468771bffb84c3c507f8e50427b10177a8de + body: | + This avoids building warnings. + footer: + Change-type: patch + change-type: patch + Signed-off-by: Alex Gonzalez + signed-off-by: Alex Gonzalez + author: Alex Gonzalez + nested: [] + version: meta-balena-5.1.38 + title: "" + date: 2024-02-23T12:41:11.397Z + version: 5.1.38 + title: "" + date: 2024-02-26T07:58:30.748Z - commits: - subject: "jetson-dtbs: Fix build and install for pre-compiled spi dtb" hash: 606408f0222d9debda0a7b637195a2876e727079 diff --git a/CHANGELOG.md b/CHANGELOG.md index 9038c409..fac0d1a3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,40 @@ Change log ----------- +# v5.1.38 +## (2024-02-26) + + +
+ Update layers/meta-balena to 50a4fedb26b91e66e5c6fc15246822936c9eab09 [Self-hosted Renovate Bot] + +> ## meta-balena-5.1.38 +> ### (2024-02-23) +> +> * balena-rollback: adapt to secure boot support [Alex Gonzalez] +> * hostapp-update-hooks: Adapt resin-uboot hook to secure boot [Alex Gonzalez] +> * classes: u-boot: use global secure boot kernel command line instead of hardcoding [Alex Gonzalez] +> * grub: use global secure boot kernel command line instead of hardcoding [Alex Gonzalez] +> * conf: distro: define kernel command line for secure boot [Alex Gonzalez] +> * resindataexpander: encrypted partitions will auto-expand on unlock [Alex Gonzalez] +> * initrdscripts: migrate: replace hardcoded kernel image names [Alex Gonzalez] +> * resin-mounts: generalize secure boot mounts [Alex Gonzalez] +> * initrdscripts: abroot: Use the global label for non-encrypted boot partitions [Alex Gonzalez] +> * initrdscripts: allow for cryptsetup to support different secure boot implementations [Alex Gonzalez] +> * os-helpers-fs: add shared wait4udev function [Alex Gonzalez] +> * balena-image-flasher: fix appended variable with a leading space [Alex Gonzalez] +> * balena-config-vars: customize for secure boot support [Alex Gonzalez] +> * os-helpers: add dummy os-helpers-sb [Alex Gonzalez] +> * resin-init-flasher: allow flasher image use in devices without internal storage [Alex Gonzalez] +> * resin-init-flasher: flag non-encrypted boot partition as bootable [Alex Gonzalez] +> * resin-init-flasher: replace hardcoded kernel image names [Alex Gonzalez] +> * resin-init-flasher: split secureboot and disk encryption interfaces [Alex Gonzalez] +> * distro: balena-os: define the boot labels as global [Alex Gonzalez] +> * distro: balena-os: Specify full GO version [Alex Gonzalez] +> + +
+ # v5.1.37+rev1 ## (2024-02-25) diff --git a/VERSION b/VERSION index 9e467036..3b55d969 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -5.1.37+rev1 \ No newline at end of file +5.1.38 \ No newline at end of file