2021.11 Public Release This release was produced using the Debian 10 based Docker build container configuration generated using Dedicated User Environment (DUE) version 2.4.0 Instructions and source for replicating this build environment are available at: https://github.com/CumulusNetworks/DUE Errata ======= ONLY the emulation platforms: kvm_x86_64 and qemu_armv8a are updated to build for this release using a Debian 10 container. Individual platforms will have to be updated and validated by their vendors to use the updated components and features. (see below) To build platforms for older releases, use a Debian 9 container and the 2021.08 branch. New Hardware Platforms ====================== qemu_armv8a now works Build and Release / Improvements ================================ Component upgrades (requires a Debian 10 build environment) Linux kernel 5.4.86 GRUB 2.04 kexec-tools 2.0.22 uClibc-ng 1.0.38 e2fsProgs 1.46.3 util-linux 2.37.2 efibootmgr 16 btrfs-progs 4.9.1 parted.make versions 3.1 and 3.4 for x86 and ARM64 Bug Fixes / Improvements ========================= Secure Boot Support Secure GRUB Support ONIE Password option UEFI Fallback recovery ./encryption directory added to demonstrate key generation and signed binaries ./emulation directory added to simplify running the kvm_x86_64 and qemu_armv8a targets. Closed #971, #972. Both were user build environment configuration issues. Misc: ===== A video tutorial demonstrating build with Secure Boot is available at: https://youtu.be/Oq4FWw9lkwQ Git Statistics from running: onie/contrib/git-stats 2021.08..HEAD quarterly --------------------------------------------------------------------------- Processed 63 csets from 1 developers 3 employers found A total of 32962 lines added, 659 removed (delta 32303) Developers with the most changesets Alex Doyle 63 (100.0%) Developers with the most changed lines Alex Doyle 32971 (100.0%) Developers with the most lines removed Developers with the most signoffs (total 88) Alex Doyle 74 (84.1%) Andriy Dobush 7 (8.0%) Michael Shych 4 (4.5%) Shi Lei 1 (1.1%) Andriy Dobush 1 (1.1%) Alexey Suslov 1 (1.1%) Developers with the most reviews (total 0) Developers with the most test credits (total 0) Developers who gave the most tested-by credits (total 0) Developers with the most report credits (total 0) Developers who gave the most report credits (total 0) Top changeset contributors by employer NVidia 40 (63.5%) alexddoyle@gmail.com 20 (31.7%) Cumulus Networks 3 (4.8%) Top lines changed by employer NVidia 28924 (87.7%) alexddoyle@gmail.com 4012 (12.2%) Cumulus Networks 35 (0.1%) Employers with the most signoffs (total 88) NVidia 71 (80.7%) alexddoyle@gmail.com 13 (14.8%) adoyle@nvida.com 1 (1.1%) alexey.s+git@ultibot.ru 1 (1.1%) andriyd@nivdia.com 1 (1.1%) Centec Networks 1 (1.1%) Employers with the most hackers (total 3) NVidia 1 (33.3%) alexddoyle@gmail.com 1 (33.3%) Cumulus Networks 1 (33.3%) As this is a fairly significant functional upgrade, all the commits since the August 2021 release ( 2021.08 ) are listed below: ------------------------------------------------------------------- 76da2d55 Emulation - updated in-directory documentation fb40d0ee Emulation - allow x86 to run without kvm 76a4a30f Emulation - Create USB drive only if it is requested. e9cf13eb Makefile - system-download-cache-update fix write permissions 4a44223a Emulation - use 'sudo' with 'losetup' to mount virtual USB drive. 2cb0def9 Encryption - remove stale variable from onie-encrypt.lib 969786c8 Emulation - Replace fxnWARN with 'echo' for failed loopback mount 227e2a75 Signing keys - add 'signing-keys-generate' as PHONY make target ad213f48 Emulation - add 'export-emulation' option to onie-vm 58b5737a Emulation onie-vm.sh - update emulation help with architecture specific examples. 87fee513 ARM64 emulation - use KVM if emulating on an ARM64 system. 6def5e8c Emulation - clean BIOS in onie-vm.sh 905482c2 ONIE Installer debug flag -j d9f6aa3b CSV files for ARM64 9682c4fe Emulation - run on an arm64 system 379dfc2e Makefile -add debian-prepare-build-host 3cfbe7cd Makefile - add make system-download-cache-update 009359f9 Makefile - add: make help-all 2e68a5ca Emulation script cleanup e3e7a5f4 emulation/onie-vm.lib - check for /sbin/mkdosfs before use 3dfad4e4 mk-part-table.py - Specify python2 to run in Debian 11 environment 7128c2df pesign - build with GCC 10 fixes 7b7362d0 grub2.04 - Build with GCC 10 fixes b852af48 emulation README - update for armv8a targets f1d5ec18 kexec-tools - upgrade from 2.0.9 to 2.0.22 3104dfeb uClibc-ng - upgrade from 1.0.35 to 1.0.38 59f133ac lvm2 - patch to add sysmacros.h to build with new libraries e202c1bb xtools-make - add option to run ulibc-menuconfig 1fbfb363 parted.make - support versions 3.1 and 3.4 bfec146d e2fsprogs, util-linux - upgrade 1.42.13->1.46.3 and 2.27->2.37.2 fa715d90 kernel.make - Add kernel-old-defconfig makefile target 4a966972 efibootmgr - Upgrade from version 15 to 16 1b6a50db btrfs-progs - Upgrade from 4.3.1 to 4.9.1 82eeae17 armv8 builds - upgrade to use 5.4.86 kernel, gcc 8.3 compiler. 4a8244d2 onie-vm - support x86 and armv8 emulation runs 7e8f9f4b (origin/component-upgrade-2020) emulation README-onie-vm.md Fix up markdown formatting. 19363481 kvm_x86_64 Allow non-Secure Boot builds. 1e0eb996 Demo OS: support Secure GRUB 0275da58 UEFI Fallback recovery 61026475 Shim - sign with efi-sign.sh script 82e087fd Grub config: serial port specification uses abstracted --unit d88d3664 Secure GRUB - password and file signature checking. c64f6ccc ONIE password support example, using kvm_x86_64 76d464fd Print Secure Boot status, if applicable, from init-arch d512ef48 Add infrastructure for managing keys and signing. 4ac01e50 Add encryption directory to collect signing tasks in one place. dcdc49d6 Emulation support script for KVM 180296e4 Merge branch 'master' into component-upgrade-2020 Re-sync before merging component-upgrade-2020 back into master. 5a55f6f8 Upgrade kernel to version 5.4.86 c70552fa Shim upgrade to version 15 6f24ddbd gnu-efi upgrade to version 3.0.12 f81ecaf3 pesign - upgrade from 0.112 to 113 3c4d187d Efivar 37 now builds with crosstool efivar headers 0f3f4ec2 Upgrade crosstool-ng components and x86 config file 4738c774 Set crosstool<arch>.config CT_LINUX_VERSION from makefile LINUX_VERSION 0472492b Update mokutil to version 0.4.0 ff1fd5e4 openssl to version 1.1.1g 56eb1dd6 Fix efivar 37 download a198734e Use kernel merge_config.sh to merge machine kernel configs 9a0f38d5 Kernel: support version 4.19.143 a4fd75f4 binutils upgrade to 2.32 00166d09 Grub 2.04 - upgrade with Debian patch set ee2298bc uclibc: Enable program/program invocation name 252b2de6 Upgraded crosstool-ng and GCC for x86