Skip to content

Infix v24.06.0-rc2

Pre-release
Pre-release
Compare
Choose a tag to compare
@github-actions github-actions released this 28 Jun 14:06
· 351 commits to main since this release
v24.06.0-rc2
a672074

Note: this release contains breaking changes in YANG models
that are incompatible with existing configuration files. So, after
upgrade, but before reboot, a factory reset is required!

Changes

  • Upgrade Buildroot to 2024.02.3 (LTS)
  • Upgrade Linux kernel to 6.6.34 (LTS)
  • Upgrade bundled curiOS httpd container to v24.05.0
  • Default web landing page refactored into a Buildroot package to make
    it possible to overload from customer repos.
  • Enable DCB support in aarch64 kernel (for EtherType prio override)
  • Topology mapper improvements, including option for deterministic
    reproduction of logical to physical mappings
  • New version of gencert tool, for self signed HTTPS certificates.
    This allows dropping dependency on building a host rust toolchain
  • Issue #374: add timestamps to dagger .log files
  • Add small delay in U-Boot to allow stopping boot on reference boards
  • Document how to provision the bootloader and Infix on a blank board
  • Use initial hostname from /etc/os-release as configuration fallback
  • Update documentation for use of VETH pairs in containers
  • Issue #454: create bridges in factory-config with IGMP/MLD snooping
    enabled by default
  • The following YANG models have been updated to newer draft versions:
    ietf-crypto-types, ietf-keystore, ietf-netconf-server, ietf-ssh-common,
    ietf-ssh-server, ietf-tcp-client, ietf-tcp-common, ietf-tcp-server,
    ietf-tcp-server, ietf-tcp-server, ietf-tcp-server.
    In these there are a lot of breaking changes, most likely
    you will need to redo your configuration from factory-config.
  • The Augeas package has been dropped, so augtool is no longer available
  • VLAN interfaces can now map the incoming PCP value to the
    kernel-internal priority on ingress, and perform the reverse mapping
    on egress.
  • mv88e6xxx ports can now use Linux's priority information to select
    the appropriate egress queue, via the mqprio queuing discipline.
  • Add logging of output from container start/stop action
  • Clean up stale directories after OCI container archive import
  • Add support for show leaf-node in CLI configure context
  • Allow non-admin users to use the CLI. NACM rules still apply
  • Ensure filesystem is sync'ed properly after a CLI copy command
  • Issue #178: add early boot script to migrate configuration files of
    older version to new syntax. Initial, rudimentary support, for the
    change in shell types
  • Issue #308: add version field to configuration file using a new
    model, infix-meta.yang. Used to trigger migration from older formats
    to newer on future breaking changes
  • Issue #432: extract YANG documentation at build time. Part of the
    release tarballs is now yangdoc.html for the complete tree of all
    YANG configuration, operational data, RPCs, and notification nodes
  • Issue #435: add support for $factory$ password hash. This allows
    backing up configuration files with device specific passwords. Upon
    restore to another device this ensures the replacement's password is
    used instead of the originals'
  • Issue #435: add support for hostname format specifiers. The default
    hostname configuration is now %h-%m to encode, infix-c0-ff-ee
  • Issue #435: support for "empty" NETCONF host keys. Primarily used in
    static factory-config setups. When a configuration is detected with
    this, the automatically generated, device specific 2048 bit RSA host
    key pair is used. With this, vendor/product specific factory-config
    is now fully supported. See src/confd/README.md
  • Issue #447: add support for [yescrypt][], $y$ hashes. This also
    adds support for $0$cleartext password according to ietf-system.yang
  • Issue #455: split CLI tutorial into multiple files for easy access
    from the CLI admin-exec context using the help command
  • Issue #478: add operational support for ietf-system.yang, reading
    actual hostname and passwords after issue #435
  • Merge infix-shell-types.yang with infix-system.yang
  • cli: improved error/warning message on missing or incomplete command

[yescrypt]: https://en.wikipedia.org/wiki/Yescrypt)

Fixes

  • Fix #424: regression, root user can log in without password
  • Fix build regressions in cn9130_crb_boot_defconfig caused by upgrade
    to Buildroot v2024.02 and recent multi-key support in RAUC and U-Boot
  • Fix provisioning script after changes to make GRUB loading more robust
  • Fix missing /etc/resolv.conf, as noticed by avahi-daemon, when a
    user calls no system from the CLI
  • Fix #428: loss of admin account after upgrade to v24.04
  • Fix #429: failing to load startup-config does not trigger the fail
    secure mode, causing the system to end up in an undefined state
  • Fix #453: fix inconsistent behavior of custom MAC address (interface
    phys-address for VETH pairs. Allows fixed MAC in containers
  • Fix #462: increase port column width for CLI show bridge mdb
  • Fix #468: non-admin users can get a POSIX shell as login shell, root
    cause was buggy Augeas library, replaced with plain C API.
  • Fix #469: non-admin users added to any group get administrator
    privileges (added to UNIX wheel group)
  • Fix #473: bridge interface with IPv6 SLAAC never get global prefix
  • Fix #476: Custom command for containers not working
  • Fix #479: timeout from underlying datastore when disabling containers
    in configuration. Only disabling (stopping) container now done in the
    configuration change, removal of container done in the background
  • Fix locking issue with standard counter groups on mv88e6xxx
  • Add missing LICENSE hash for factory reset tool
  • Fix timeout handling in container restart command
  • Fix MDB/ATU synchronization issue from IGMPv3/MLDv2 reports on
    mv88e6xxx systems
Assets 8
Loading