Skip to content

Releases: flatcar/scripts

alpha-3874.0.0

14 Feb 04:33
@sayanchowdhury sayanchowdhury
alpha-3874.0.0
df0d336
Compare
Choose a tag to compare
alpha-3874.0.0

Changes since Alpha 3850.0.0

Security fixes:

Bug fixes:

  • Added a workaround for old airgapped/proxied update-engine clients to be able to update to this release (Flatcar#1332, update_engine#38)
  • Fixed the handling of OEM update payloads in a Nebraska response with self-hosted packages (ue-rs#49)
  • Forwarded the proxy environment variables of update-engine.service to the postinstall script to support fetching OEM systemd-sysext payloads through a proxy (Flatcar#1326)

Changes:

  • Added a flatcar-update --oem-payloads <yes|no> flag to skip providing OEM payloads, e.g., for downgrades (init#114)

Updates:

Assets 2
Loading

stable-3760.2.0

18 Jan 15:15
@sayanchowdhury sayanchowdhury
stable-3760.2.0
0db1e27
Compare
Choose a tag to compare
stable-3760.2.0

⚠️ From Alpha 3794.0.0 Torcx has been removed - please assert that you don’t rely on specific Torcx mechanism but now use systemd-sysext. See here for more information.

Changes since Stable-3602.2.3

Security fixes

Read more
Assets 2
Loading

beta-3815.1.0

18 Jan 15:14
@sayanchowdhury sayanchowdhury
beta-3815.1.0
0c6d588
Compare
Choose a tag to compare
beta-3815.1.0

Changes since Beta 3760.1.1

Security fixes:

Bug fixes:

  • AWS: Fixed the Amazon SSM agent that was crashing. (Flatcar#1307)
  • Fixed a bug resulting in coreos-cloudinit resetting the instance hostname to 'localhost' if no metadata could be found (coreos-cloudinit#25, Flatcar#1262), with contributions from MichaelEischer
  • Fixed supplying extension update payloads with a custom base URL in Nebraska (Flatcar#1281)
  • Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma (scripts#1280)

Changes:

  • Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image. Learn more about sysext and how to customise OS images here and read the blogpost about the replacement here.
    • Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
      (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).
    • Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our conversion script and to the sysext documentation mentioned above for migrating.
    • Consequently, update_engine will not perform torcx sanity checks post-update anymore.
    • Relevant changes: scripts#1216, update_engine#30, Mantle#466, Mantle#465.
  • cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").
    • NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the overlay2 driver
      (changelog, upstream pr).
      Using the btrfs driver can still be enforced by creating a respective docker config at /etc/docker/daemon.json.
    • NOTE: If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the btrfs storage driver for backwards-compatibility with your deployment.
      • Docker will remove the btrfs driver entirely in a future version. Please consider migrating your deployments to the overlay2 driver.
  • GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of /usr and being part of the OEM A/B updates (flatcar#1146)

Updates:

Read more
Assets 2
Loading

alpha-3850.0.0

18 Jan 15:13
@sayanchowdhury sayanchowdhury
alpha-3850.0.0
5b6d3dd
Compare
Choose a tag to compare
alpha-3850.0.0

Changes since Alpha 3815.0.0

Security fixes:

Read more
Assets 2
Loading

stable-3602.2.3

13 Dec 12:52
@tormath1 tormath1
stable-3602.2.3
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
51def6e
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
stable-3602.2.3

Changes since Stable 3602.2.2

Security fixes:

Bug fixes:

  • Deleted files in /etc that have a tmpfiles rule that normally would recreate them will now show up again through the /etc lowerdir (Flatcar#1265, bootengine#79)

Updates:

Assets 2
Loading

beta-3760.1.1

13 Dec 12:51
@tormath1 tormath1
beta-3760.1.1
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
d1c6e44
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
beta-3760.1.1

Changes since Beta 3760.1.0

Security fixes:

Bug fixes:

  • Deleted files in /etc that have a tmpfiles rule that normally would recreate them will now show up again through the /etc lowerdir (Flatcar#1265, bootengine#79)
  • Fixed the missing /etc/extensions/ symlinks for the inbuilt Docker/containerd systemd-sysext images on update from Beta 3760.1.0 (update_engine#32)
  • GCP: Fixed OS Login enabling (scripts#1445)

Changes:

  • linux kernel: added zstd support for squashfs kernel module (scripts#1297)

Updates:

Assets 2
Loading

alpha-3815.0.0

13 Dec 12:50
@tormath1 tormath1
alpha-3815.0.0
This tag was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
d249bac
This commit was signed with the committer’s verified signature.
sayanchowdhury Sayan Chowdhury
GPG key ID: B02399319CD05C8B
Learn about vigilant mode.
Compare
Choose a tag to compare
alpha-3815.0.0

Changes since Alpha 3794.0.0

Security fixes:

Bug fixes:

  • Deleted files in /etc that have a tmpfiles rule that normally would recreate them will now show up again through the /etc lowerdir (Flatcar#1265, bootengine#79)
  • Fixed the missing /etc/extensions/ symlinks for the inbuilt Docker/containerd systemd-sysext images on update from Beta 3760.1.0 (update_engine#32)
  • GCP: Fixed OS Login enabling (scripts#1445)

Changes:

  • GCP OEM images now use a systemd-sysext image for layering additional platform-specific software on top of /usr and being part of the OEM A/B updates (flatcar#1146)

Updates:

Assets 2
Loading

stable-3602.2.2

22 Nov 07:55
@tormath1 tormath1
stable-3602.2.2
This tag was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Learn about vigilant mode.
885a464
This commit was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
stable-3602.2.2

⚠️ From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See here for more information.

Changes since Stable 3602.2.1

Security fixes:

Changes:

  • Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
  • OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the .gz or .bz2 images)
  • linux kernel: added zstd support for squashfs kernel module (scripts#1297)

Updates:

Assets 2
Loading

beta-3760.1.0

22 Nov 07:54
@tormath1 tormath1
beta-3760.1.0
This tag was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Learn about vigilant mode.
8292a4e
This commit was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
beta-3760.1.0

⚠️ From Alpha 3794.0.0 Torcx has been removed - please assert that you don't rely on specific Torcx mechanism but now use systemd-sysext. See here for more information.

Changes since Beta 3745.1.0

Security fixes:

Bug fixes:

  • Added AWS EKS support for versions 1.24-1.28. Fixed /usr/share/amazon/eks/download-kubelet.sh to include download paths for these versions. (scripts#1210)
  • Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y (update-engine#31)
  • Fixed quotes handling for update-engine (Flatcar#1209)
  • Made sshkeys.service more robust to only run [email protected] when not masked and also retry on failure (init#112)

Changes:

  • Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
  • OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the .gz or .bz2 images)

Updates:

Changes since Alpha 3760.0.0

Security fixes:

Bug fixes:

  • Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y (update-engine#31)
  • Made sshkeys.service more robust to only run [email protected] when not masked and also retry on failure (init#112)

Changes:

  • Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
  • OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the .gz or .bz2 images)

Updates:

Assets 2
Loading

alpha-3794.0.0

22 Nov 07:53
@tormath1 tormath1
alpha-3794.0.0
This tag was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Learn about vigilant mode.
c2e50e8
This commit was signed with the committer’s verified signature. The key has expired.
tormath1 Mathieu Tortuyaux
GPG key ID: AC5CCFB52545D9B8
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
alpha-3794.0.0

This release removes the legacy "torcx" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK. Please refer to the "Changes" section below for details.

This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the "Changes" section below for details.

Changes since Alpha 3760.0.0

Security fixes:

Bug fixes:

  • Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y (update-engine#31)
  • Made sshkeys.service more robust to only run [email protected] when not masked and also retry on failure (init#112)
  • Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma (scripts#1280)

Known issues:

  • docker and containerd packages information are missing from flatcar_production_image_packages.txt (flatcar#1260)

Changes:

  • Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image. Learn more about sysext and how to customise OS images here.
    • Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
      (which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates).
    • Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our conversion script and to the sysext documentation mentioned above for migrating.
    • Consequently, update_engine will not perform torcx sanity checks post-update anymore.
    • Relevant changes: scripts#1216, update_engine#30, Mantle#466, Mantle#465.
  • cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").
    • NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the overlay2 driver
      (changelog, upstream pr).
      Using the btrfs driver can still be enforced by creating a respective docker config at /etc/docker/daemon.json.
    • NOTE: If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the btrfs storage driver for backwards-compatibility with your deployment.
      • Docker will remove the btrfs driver entirely in a future version. Please consider migrating your deployments to the overlay2 driver.
  • Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
  • OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the .gz or .bz2 images)

Updates:

Assets 2
Loading