Announcing new release Alpha 4344.0.0

4 views
Skip to first unread message

Flatcar Container Linux User

unread,
May 28, 2025, 10:21:17 AMMay 28
to Flatcar Container Linux User
Hello,

We are pleased to announce a new Flatcar Container Linux release for the Alpha channel.

Changes since Alpha 4284.0.0

Breaking changes:
  • Azure: hv_fcopy_daemon binary and its service hv_fcopy_daemon.service have been renamed to respectively hv_fcopy_uio_daemon and hv_fcopy_uio_daemon.service following 6.12 Kernel update
Security fixes: Bug fixes:
  • Added back some BCC tools (scripts#2900)
  • Fixed path handling in the QEMU .sh launcher scripts. Given paths now are relative to the current directory and absolute paths work as you would expect. (scripts#2808)
  • Fixed the inclusion of Intel and AMD CPU microcode in the initrd. This was accidentally dropped some time ago. (scripts#2837)
  • update-ssh-keys: More intuitive --help text and the -n (no-replace) option has been fixed. (flatcar/Flatcar#1554)
Changes:
  • Added nftables-load.service and nftables-store.service services to load/store rules from/in /var/lib/nftables/rules-save (Flatcar#900)
  • Allow per-sysext USE flags and architecture-specific sysexts. (scripts#2798)
  • Always truncate hostnames on the first occurrence of . (cloud-init#32)
  • Compile OS-dependent NVIDIA kernel module sysexts signed for secure boot. (scripts#2798)
  • Enabled virtiofs and fuse-dax modules in the kernel for advaned Qemu usecases. Thank you @aaronk6! (Flatcar#2825)
  • Ensure hostnames never exceeds 63 characters, regardless of the metadata provider (cloud-init#31)
  • Provided an Incus Flatcar extension as optional systemd-sysext image with the release. Write 'incus' to /etc/flatcar/enabled-sysext.conf through Ignition and the sysext will be installed during provisioning. (scripts#1655)
  • Sign out-of-tree kernel modules using the ephemeral signing key so that ZFS and NVIDIA sysexts can work with secure boot. (scripts#2636)
  • The kernel image and its embedded initrd are now compressed with xz rather than zstd. This gives greater compression at the cost of decompression performance. Systems may therefore now be ever so slightly slower to boot, but this was necessary to avoid running out of space in the /boot partition. Further measures to address the space issue are planned, and perhaps we can switch back to zstd in a later release. (scripts#2835)
  • The qemu script (flatcar_production_qemu*.sh) received two new options. -D (or -image-disk-opts) can be used to add extra options to the virtio-blk-pci device for primary disk. -d (or -disk) can be used to add extra disks to the machine - this one takes a path to a raw or qcow2 image file and, after a comma, virtio-blk-pci options. To learn what disk options can be passed to -D or -d, call qemu-system-x86_64 -device virtio-blk-pci,help (qemu-system-aarch64 can be used too). (scripts#2847)
  • systemd now uses OpenSSL instead of gcrypt for cryptography to reduce the size of the initrd. This change disables systemd-journal's Forward Secure Sealing feature, but it is generally not useful for Flatcar. (scripts#2837)
Updates:
Best,
The Flatcar Container Linux Maintainers

Reply all
Reply to author
Forward
This conversation is locked
You cannot reply and perform actions on locked conversations.
0 new messages