Releases: kairos-io/kairos
v3.1.0
Upgrade issues
Be advised that there is currently an issue when upgrading from 3.0.x to 3.1.x in which the user ids will change. This will result in any files owned by the user under its /home directory to lose permissions which can lead to not being able to ssh (ssh keys will have a different user id)
We are currently working on a workaround, so you are advised to not upgrade until 3.1.2 is released with a fix for this.
Potential Breaking Changes
By default, Uki artifacts (identified by the -uki suffix) no longer include Linux modules and firmware in the image. Real-world testing has shown that many EFI firmwares are very particular about the size of the EFI image, often refusing to boot if the file exceeds 300-400MB. Given the wide variety of EFI firmware implementations, predicting whether a UKI EFI file will boot on different hardware is challenging.
To enhance compatibility, we decided to slim down the UKI files by removing the largest components: the Linux modules and firmware packages. This results in EFI files around 200-300MB, which are much more likely to boot correctly across various EFI implementations.
However, this change comes with a trade-off. Smaller images, while being more compatible with a wide range of EFI firmwares, may lack comprehensive hardware support because they do not include all the Linux modules and firmware packages. This means that certain hardware components may not function correctly or optimally when using these slimmer UKI images.
On the other hand, larger UKI images, which include all necessary modules and firmware for extensive hardware support, provide better functionality and compatibility with a broad range of hardware. However, these larger images are more likely to encounter boot issues due to EFI firmware limitations, as many EFI implementations refuse to boot files larger than 300-400MB.
We publish -uki artifacts ourselves, which are the slimmed versions, as examples of how to build a slimmer UKI artifact. While these serve as a reference, we recommend always building your own custom images to tailor them to your specific hardware needs. If you need to include those packages for full hardware support, you can create a custom artifact to add them back, as detailed in the Kairos docs.
We recommend keeping your UKI EFI files as small as possible to maximize boot success across different EFI firmware implementations. While smaller images offer better compatibility, they may lack full hardware support. Conversely, larger images, which include all necessary modules and firmware, provide comprehensive hardware support but may fail to boot due to EFI firmware constraints.
Check out how to build your own base images with the Kairos Factory
What's Changed
💿 UKI
- UKI: measured systemd-sysext by @Itxaka #2117
- UKI: Verify images signature before upgrade by @Itxaka #2200
- UKI: Enroll keys during setup #2048
- Install limited amount of modules for UKI Ubuntu by @mauromorales in #2566
🐧
- Support for Ubuntu 24.04 LTS by @mauromorales #2138 and deprecation of 23.10
- Support for Fedora 40 by @Itxaka in #2502 and deprecation of previous versions
- refactor debian dockerfile to build arm by @mauromorales in #2542
- Bump opensuse Leap to 15.6 by @mauromorales in #2623
🐛
- fix(nvidia): do not ship nohang in nvidia-arm builds by @mudler in #2433
- Allow https protocol in ipxe by @jimmykarily in #2468
- fix(orin): disable ISCSI in the initramfs generation by @mudler in #2474
- 🐛 Move nfs-utils to common build target in opensuse flavor by @kaiehrhardt in #2495
- 🐛 Install cryptsetup for all arches in opensuse by @Itxaka in #2691
📖
- 📖 chore: fix typos by @xiaoxianBoy in #2441
- readme: add links to project governance by @mudler in #2498
- Update LICENSE by @mudler in #2503
- Add OpenSSF best practices badge by @mauromorales in #2639
- Add clomonitor badge by @mauromorales in #2640
- Link to GH Security Draft Advisory form by @mauromorales in #2650
🔧
New Contributors
- @xiaoxianBoy made their first contribution in #2441
Full Changelog: v3.0.14...v3.1.0
v3.1.0-rc2
What's Changed
- Define permissions following the principle of least privilege by @mauromorales in #2676
- Add osv scanning for PRs by @mauromorales in #2678
- Add missing permissions on master pipeline by @mauromorales in #2687
- Update robinraju/release-downloader action to v1.11 by @renovate in #2685
- Update github/codeql-action action to v3.25.11 by @renovate in #2683
- Update google/osv-scanner-action action to v1.8.1 by @renovate in #2684
- Update aquasec/trivy Docker tag to v0.53.0 by @renovate in #2612
- Add permissions to reusable-provider-tests by @mauromorales in #2688
- Update github/codeql-action digest to b611370 by @renovate in #2681
- 🐛 Install cryptsetup for all arches in opensuse by @Itxaka in #2691
- Update framework by @Itxaka in #2695
Full Changelog: v3.1.0-rc1...v3.1.0-rc2
v3.1.0-rc1
What's Changed
- Update matching text for latest systemd tests by @mauromorales in #2633
- Update softprops/action-gh-release action to v2.0.6 by @renovate in #2636
- Add OpenSSF best practices badge by @mauromorales in #2639
- Add clomonitor badge by @mauromorales in #2640
- Create scorecards.yaml by @mauromorales in #2641
- 🤖 test sysextension on uki by @Itxaka in #2617
- 🤖 Improve renovate by @Itxaka in #2644
- Pin dependencies by @renovate in #2646
- Get digests from earthfile by @Itxaka in #2648
- Fix dangerous workflow by @mauromorales in #2649
- Link to GH Security Draft Advisory form by @mauromorales in #2650
- Update actions/checkout action to v4.1.7 by @renovate in #2642
- Update github/codeql-action action to v3.25.10 by @renovate in #2643
- Remove sha from docker images by @Itxaka in #2655
- Remove leftover by @Itxaka in #2656
- 🔧 : Update to use new osbuilder by @Itxaka in #2645
- 🔧 Bump osbuilder by @Itxaka in #2672
- Add .snyk config by @mauromorales in #2673
- Bump framework to 2.9.0 to get newer dependencies by @jimmykarily in #2671
Full Changelog: v3.1.0-alpha1...v3.1.0-rc1
v3.0.14
Security
- 🔒 Rebuild of kcrypt-discovery-challenger and luet with newer Golang version to address CVE-2024-24790
Full Changelog: v3.0.13...v3.0.14
v3.1.0-alpha1
What's Changed
- fix(nvidia): do not ship nohang in nvidia-arm builds by @mudler in #2433
- Add security scan link to release checklist by @mauromorales in #2436
- Bump fedora from 38 to 39 by @mauromorales in #2446
- Bump framework by @Itxaka in #2448
- fix(deps): update module github.com/kairos-io/kairos-sdk to v0.0.29 by @renovate in #2450
- chore(deps): update dependency kairos-io/kairos-framework to v2.7.27 by @renovate in #2459
- Symlink any /boot/Image* to /boot/vmlinuz by @mauromorales in #2463
- chore(deps): update quay.io/kairos/osbuilder-tools docker tag to v0.200.10 by @renovate in #2453
- chore(deps): update dependency kairos-io/kairos-framework to v2.7.28 by @renovate in #2465
- chore(deps): update quay.io/kairos/osbuilder-tools docker tag to v0.200.11 by @renovate in #2466
- Allow https protocol in ipxe by @jimmykarily in #2468
- Add test for custom partioning by @jimmykarily in #2291
- Add Ubuntu 24.04 to pipelines by @mauromorales in #2447
- Produce 24.04 uki master artifact by @mauromorales in #2470
- Push master ARM images to quay by @mauromorales in #2477
- fix(orin): disable ISCSI in the initramfs generation by @mudler in #2474
- [WIP] reusable nvidia by @mauromorales in #2478
- 📖 chore: fix typos by @xiaoxianBoy in #2441
- Add ubuntu 24.04 arm generic by @mauromorales in #2480
- chore(deps): update tj-actions/changed-files action to v44 by @renovate in #2392
- fix(deps): update module github.com/kairos-io/kairos-sdk to v0.1.0 by @renovate in #2471
- chore(deps): update earthly/earthly docker tag to v0.8.8 by @renovate in #2485
- chore(deps): update robinraju/release-downloader action to v1.10 by @renovate in #2460
- chore(deps): update dependency kairos-io/kairos-framework to v2.8.1 by @renovate in #2472
- fix(deps): update module github.com/kairos-io/kairos-sdk to v0.1.1 by @renovate in #2487
- readme: add links to project governance by @mudler in #2498
- chore(deps): update actions/download-artifact action to v4.1.5 by @renovate in #2490
- chore(deps): update quay.io/kairos/osbuilder-tools docker tag to v0.200.12 by @renovate in #2494
- chore(deps): update quay.io/luet/base docker tag to v0.35.2 by @renovate in #2499
- chore(deps): update actions/download-artifact action to v4.1.6 by @renovate in #2500
- 🐛 Move nfs-utils to common build target in opensuse flavor by @kaiehrhardt in #2495
- Update LICENSE by @mudler in #2503
- 🐧 Bump to Fedora 40 by @Itxaka in #2502
- chore(deps): update aquasec/trivy docker tag to v0.50.2 by @renovate in #2501
- chore(deps): update actions/download-artifact action to v4.1.7 by @renovate in #2507
- chore(deps): update aquasec/trivy docker tag to v0.50.4 by @renovate in #2508
- chore(deps): update earthly/earthly docker tag to v0.8.9 by @renovate in #2509
- Remove 23.10 from the test pipelines by @mauromorales in #2512
- More options for enki outputs by @Itxaka in #2515
- chore(deps): update dependency kairos-io/kairos-framework to v2.8.2 by @renovate in #2530
- 🤖 Fix reusable uki master test by @Itxaka in #2536
- 🤖 Drop profile-build by @Itxaka in #2537
- Remove double brackets from Earthly by @mauromorales in #2541
- refactor debian dockerfile to build arm by @mauromorales in #2542
- bump framework to v2.8.3 by @mauromorales in #2543
- chore(deps): update slackapi/slack-github-action action to v1.26.0 by @renovate in #2491
- chore(deps): update aquasec/trivy docker tag to v0.51.1 by @renovate in #2532
- bump framework to v2.8.4 by @mauromorales in #2546
- Bump action-gh-release to v2.0.5 by @mauromorales in #2544
- Bump osbuilder by @Itxaka in #2551
- 🤖 Do not auto reboot on uki tests by @Itxaka in #2549
- Update earthly/earthly Docker tag to v0.8.10 by @renovate in #2562
- Update earthly/earthly Docker tag to v0.8.12 by @renovate in #2567
- Update aquasec/trivy Docker tag to v0.51.2 by @renovate in #2576
- Update aquasec/trivy Docker tag to v0.51.4 by @renovate in #2590
- Update earthly/earthly Docker tag to v0.8.13 by @renovate in #2600
- Build ubuntu 22 arm rpi on cncf runners by @mauromorales in #2607
- Install limited amount of modules for UKI Ubuntu by @mauromorales in #2566
- Add systemd-continaers to ubuntu by @Itxaka in #2614
- Update earthly/earthly Docker tag to v0.8.14 by @renovate in #2618
- Bump opensuse Leap to 15.6 by @mauromorales in #2623
- 🐧 Add selinux packages to ubuntu 24.04 by @Itxaka in #2625
- Bump framework to v2.8.5 by @mauromorales in #2627
New Contributors
- @xiaoxianBoy made their first contribution in #2441
Full Changelog: v3.0.4...v3.1.0-alpha1
v3.0.13
⚠️ Known issues
Since v3.0.5 we introduced the 🐛 #2624 this is related to our backporting mechanism, which we will address starting in v3.1.x
🐛 Bug fixes
Full Changelog: v3.0.12...v3.0.13
v3.0.12
⚠️ Known issues
Since v3.0.5 we introduced the 🐛 #2624 this is related to our backporting mechanism, which we will address starting in v3.1.x
What's Changed
- Add more space on v3.0 releases by @mauromorales in #2564
Full Changelog: v3.0.11...v3.0.12
v3.0.11
⚠️ Known issues
Since v3.0.5 we introduced the 🐛 #2624 this is related to our backporting mechanism, which we will address starting in v3.1.x
Full Changelog: v3.0.10...v3.0.11
v3.0.10
⚠️ Known issues
Since v3.0.5 we introduced the 🐛 #2624 this is related to our backporting mechanism, which we will address starting in v3.1.x
Updated
- Bumps framework to v2.7.32
- Bumps kairos-agent to v2.8.14 (part of the framework)
Fixes
- Prevent unwanted yaml fields to be marshalled: Fixes some step duplication when triggering the install via events like providers do
- Avoid adding an extra line to os-release output: We were adding an extra line at the end of the os-release file, which some software had problems dealing with
Improvements
kairos-agent state
will now show SecureBoot state of the node (on/off)kairos-agent state
will now show the common name of the EFI certificates in the node if anykairos-agent state
will now show a list of encrypted partitions by label and by device if any
Full Changelog: v3.0.9...v3.0.10
v3.0.9
⚠️ Known issues
Since v3.0.5 we introduced the 🐛 #2624 this is related to our backporting mechanism, which we will address starting in v3.1.x
Fixes
- 🐛 Fix broken pipeline for arm rpi Tumbleweed (caused by Python package being much bigger) by @mauromorales f1aa0ac
- 🐛 Move nfs-utils to common build target in opensuse flavor by @kaiehrhardt #2495
- 🐛 UKI custom mounts breaking the cos-layout file by @kreeuwijk kairos-io/packages#839 (actual fix) release fix (c95475c)
- ✨ Ubuntu 24.04 artifacts by @mauromorales #2527
Full Changelog: v3.0.8...v3.0.9