Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

backports: for v1.7.6 #9113

Merged
merged 4 commits into from
Aug 6, 2024
Merged

backports: for v1.7.6 #9113

merged 4 commits into from
Aug 6, 2024

Conversation

smira
Copy link
Member

@smira smira commented Aug 5, 2024

@smira smira added this to the v1.7 milestone Aug 5, 2024
@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote integration-trusted-boot

@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote integration-misc

@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote integration-qemu

@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote integration-cilium

@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote integration-provision

@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote e2e-aws

@smira
Copy link
Member Author

smira commented Aug 5, 2024

/promote integration-extensions

@smira
Copy link
Member Author

smira commented Aug 6, 2024

/promote integration-extensions

@smira
feat: update Linux 6.6.43, Kubernetes 1.30.3, go 1.22.5
7287a11 
Update core components.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
@smira
feat: provide an option to enforce SecureBoot for TPM enrollment
d692ab1 
Fixes siderolabs#8995

There is no security impact, as the actual SecureBoot
state/configuration is measured into the PCR 7 and the disk encryption
key unsealing is tied to this value.

This is more to provide a way to avoid accidentally encrypting to the
TPM while SecureBoot is not enabled.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit cf5effa)
@smira
fix: sort ports and merge adjacent ones in the nft rule
44827e4 
Fixes siderolabs#9009

When building a port interval set, sort the ports and merge adjacent
ranges to prevent mismatch on the nftables side.

With address sets, this was already the case due to the way IPRange
builder works, but ports need a manual implementation.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit f14c479)
@smira
fix: panic on shutdown
08fbf08 
Fixes siderolabs#9017

Don't assume the config is there before trying to access it.

Signed-off-by: Andrey Smirnov <andrey.smirnov@siderolabs.com>
(cherry picked from commit d983e44)
@smira
Copy link
Member Author

smira commented Aug 6, 2024

/promote integration-extensions

@smira
Copy link
Member Author

smira commented Aug 6, 2024

/m

@talos-bot talos-bot merged commit 08fbf08 into siderolabs:release-1.7 Aug 6, 2024
14 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@frezbo frezbo frezbo approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.7
Development

Successfully merging this pull request may close these issues.
3 participants
@smira @frezbo @talos-bot