Infix v24.06.0-rc2
Pre-release
Pre-release
github-actions
released this
28 Jun 14:06
·
351 commits
to main
since this release
Note: this release contains breaking changes in YANG models
that are incompatible with existing configuration files. So, after
upgrade, but before reboot, a factory reset is required!
Changes
- Upgrade Buildroot to 2024.02.3 (LTS)
- Upgrade Linux kernel to 6.6.34 (LTS)
- Upgrade bundled curiOS httpd container to v24.05.0
- Default web landing page refactored into a Buildroot package to make
it possible to overload from customer repos. - Enable DCB support in aarch64 kernel (for EtherType prio override)
- Topology mapper improvements, including option for deterministic
reproduction of logical to physical mappings - New version of
gencert
tool, for self signed HTTPS certificates.
This allows dropping dependency on building a host rust toolchain - Issue #374: add timestamps to dagger .log files
- Add small delay in U-Boot to allow stopping boot on reference boards
- Document how to provision the bootloader and Infix on a blank board
- Use initial hostname from
/etc/os-release
as configuration fallback - Update documentation for use of VETH pairs in containers
- Issue #454: create bridges in
factory-config
with IGMP/MLD snooping
enabled by default - The following YANG models have been updated to newer draft versions:
ietf-crypto-types
,ietf-keystore
,ietf-netconf-server
,ietf-ssh-common
,
ietf-ssh-server
,ietf-tcp-client
,ietf-tcp-common
,ietf-tcp-server
,
ietf-tcp-server
,ietf-tcp-server
,ietf-tcp-server
.
In these there are a lot of breaking changes, most likely
you will need to redo your configuration fromfactory-config
. - The Augeas package has been dropped, so
augtool
is no longer available - VLAN interfaces can now map the incoming PCP value to the
kernel-internal priority on ingress, and perform the reverse mapping
on egress. mv88e6xxx
ports can now use Linux's priority information to select
the appropriate egress queue, via themqprio
queuing discipline.- Add logging of output from container start/stop action
- Clean up stale directories after OCI container archive import
- Add support for
show leaf-node
in CLI configure context - Allow non-admin users to use the CLI. NACM rules still apply
- Ensure filesystem is sync'ed properly after a CLI
copy
command - Issue #178: add early boot script to migrate configuration files of
older version to new syntax. Initial, rudimentary support, for the
change in shell types - Issue #308: add
version
field to configuration file using a new
model, infix-meta.yang. Used to trigger migration from older formats
to newer on future breaking changes - Issue #432: extract YANG documentation at build time. Part of the
release tarballs is nowyangdoc.html
for the complete tree of all
YANG configuration, operational data, RPCs, and notification nodes - Issue #435: add support for
$factory$
password hash. This allows
backing up configuration files with device specific passwords. Upon
restore to another device this ensures the replacement's password is
used instead of the originals' - Issue #435: add support for hostname format specifiers. The default
hostname configuration is now%h-%m
to encode,infix-c0-ff-ee
- Issue #435: support for "empty" NETCONF host keys. Primarily used in
static factory-config setups. When a configuration is detected with
this, the automatically generated, device specific 2048 bit RSA host
key pair is used. With this, vendor/product specific factory-config
is now fully supported. Seesrc/confd/README.md
- Issue #447: add support for [yescrypt][],
$y$
hashes. This also
adds support for$0$cleartext
password according to ietf-system.yang - Issue #455: split CLI tutorial into multiple files for easy access
from the CLI admin-exec context using thehelp
command - Issue #478: add operational support for ietf-system.yang, reading
actual hostname and passwords after issue #435 - Merge infix-shell-types.yang with infix-system.yang
- cli: improved error/warning message on missing or incomplete command
[yescrypt]: https://en.wikipedia.org/wiki/Yescrypt)
Fixes
- Fix #424: regression, root user can log in without password
- Fix build regressions in
cn9130_crb_boot_defconfig
caused by upgrade
to Buildroot v2024.02 and recent multi-key support in RAUC and U-Boot - Fix provisioning script after changes to make GRUB loading more robust
- Fix missing
/etc/resolv.conf
, as noticed byavahi-daemon
, when a
user callsno system
from the CLI - Fix #428: loss of admin account after upgrade to v24.04
- Fix #429: failing to load
startup-config
does not trigger the fail
secure mode, causing the system to end up in an undefined state - Fix #453: fix inconsistent behavior of custom MAC address (interface
phys-address
for VETH pairs. Allows fixed MAC in containers - Fix #462: increase port column width for CLI
show bridge mdb
- Fix #468: non-admin users can get a POSIX shell as login shell, root
cause was buggy Augeas library, replaced with plain C API. - Fix #469: non-admin users added to any group get administrator
privileges (added to UNIXwheel
group) - Fix #473: bridge interface with IPv6 SLAAC never get global prefix
- Fix #476: Custom command for containers not working
- Fix #479: timeout from underlying datastore when disabling containers
in configuration. Only disabling (stopping) container now done in the
configuration change, removal of container done in the background - Fix locking issue with standard counter groups on
mv88e6xxx
- Add missing LICENSE hash for factory reset tool
- Fix timeout handling in container restart command
- Fix MDB/ATU synchronization issue from IGMPv3/MLDv2 reports on
mv88e6xxx
systems