File incus.changes of Package incus
-------------------------------------------------------------------
Sat Jul 5 16:29:35 UTC 2025 - Aleksa Sarai <asarai@suse.com>
- Update to Incus 6.14. See upstream changelog online at
<https://discuss.linuxcontainers.org/t/incus-6-14-has-been-released/24092>
* This release fixes two security issues reported by Olivier BAL-PETRE of
ANSSI (French Cybersecurity Agency):
- CVE-2025-52889 bsc#1245365
- CVE-2025-52890 bsc#1245367
+ S3 upload of instance and volume backups
+ Customizable expiry on snapshot creation
+ Alternative default expiry for manually created snapshots
+ Live migration tweaks and progress reporting
+ Reporting of CPU address sizes in the resources API
* Database logic moved to our code generator
-------------------------------------------------------------------
Fri May 30 09:40:21 UTC 2025 - Aleksa Sarai <asarai@suse.com>
- Update to Incus 6.13. See upstream changelog online at
<https://github.com/lxc/incus/releases/tag/v6.13.0>
- Remove upstreamed patches:
+ 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch
-------------------------------------------------------------------
Thu May 22 15:03:34 UTC 2025 - Aleksa Sarai <asarai@suse.com>
- Add backport of <https://github.com/lxc/incus/pull/2136> to fix a bug with
proxy devices using bind=container and listen=unix:... addresses.
+ 0001-incusd-forkproxy-join-the-correct-mntns-for-listen.patch
-------------------------------------------------------------------
Tue Apr 29 05:12:07 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 6.12:
* doc: Fix missing OCI section by @stgraber in #1855
* doc: Fix config option reference on LINSTOR driver by @luissimas in #1857
* Add support for server-side filtering by instance name by @presztak in #1856
* incusd/instance/lxc: Fix max gid when in a privileged container by @stgraber in #1859
* Fix some static analysis nits by @stgraber in #1860
* README: Fix typo by @stgraber in #1861
* Docs: correct restriction on path option by @gwenya in #1862
* lxd-to-incus: Fix typo in trigger by @stgraber in #1865
* incusd/instance/edk2: Limit test to UEFI architectures by @stgraber in #1866
* doc: Tweak ACME documentation by @stgraber in #1868
* instances/drivers/qemu: update user parameter for QEMU v9.1+ by @dnegreira in #1871
* OCI improvements by @stgraber in #1873
* Support server-side filtering by @presztak in #1872
* Enable filtering with the all-projects flag when listing images by @presztak in #1874
* Improve migration by @stgraber in #1878
* incusd/storage: Add missing forwarding on snapshot list by @stgraber in #1882
* incusd/instance/common: Fix concurrent restarts by @stgraber in #1884
* Fix all static analysis in client/, shared/ and cmd/incus/ by @stgraber in #1883
* generate-database: Fix documentation for ignore by @breml in #1885
* incusd/response: Remove redundant line break in error by @stgraber in #1886
* RFC 3442 compliance in forknet dhcp client by @gwenya in #1887
* incus-agent: Retry mounts to avoid kernel races by @stgraber in #1888
* Address sets for nftables and OVN by @irhndt in #1728
* incusd/operations: Fix WaitGet on op failure by @stgraber in #1894
* Update list of compresors by @stgraber in #1892
* Add snapshot pre-fetching support by @stgraber in #1891
* incusd/instance/lxc: Use pre-existing PATH when not overridden by @stgraber in #1895
* incusd/acme: Include CA in generate certificate by @stgraber in #1897
* Usability improvements to incus-migrate by @stgraber in #1898
* client/incus: Fix non-constant format strings by @c4t3l in #1899
* docs: mDNS setup for cluster HA by @MOZGIII in #1896
* Support filtering storage volumes by a single keyword by @presztak in #1915
* incusd/instance/qemu: Clean leftover sockets on startup by @stgraber in #1916
* incusd: Implement Incus OS API forwarding by @stgraber in #1918
* Add generated documentation for network bridge by @NathanChase22 in #1920
* doc: Use $USER instead of YOUR-USERNAME by @bjackman in #1922
* doc: Ignore link that's blocking Azure by @stgraber in #1924
* Storage bugfixes by @bensmrs in #1923
* incusd/patches: Refresh OpenFGA model for address sets by @stgraber in #1925
* Add generated documentation for network forwards by @tonyn10 in #1926
* Add support for configurable logging targets by @presztak in #1903
* Port tpm device documentation to gendoc by @saahirN in #1929
* Allow basic connectivity under nftables by @stgraber in #1930
* incusd/storage/zfs: Make CacheVolumeSnapshots failures non-fatal by @stgraber in #1931
* incusd/instance/lxc: Restrict unprivileged ping to recent kernels by @stgraber in #1934
* Implement SNAT as part of network forwards by @stgraber in #1935
* incusd/apparmor/lxc: Allow write access to /proc/sys/user by @zgttotev in #1937
* incusd/instance/lxc: Defer calls to the scheduler by @stgraber in #1938
* shared/archive: Prevent xattr errors from crashing unsquashfs by @zgttotev in #1939
* Extend use of ZFS pre-caching by @stgraber in #1941
* Add common aliases for add/create remove/delete/rm in the CLI by @joecwilson in #1943
* feat: support access_token query parameter as JWT fallback by @irtaza9 in #1940
* Memory hotplug support for VMs by @presztak in #1945
* incusd: Remove old routing logic by @stgraber in #1947
* Fix refresh migrations in cluster and speed up ZFS startup by @stgraber in #1946
* incusd/devices: Don't require a serial number for USB hotplug by @stgraber in #1949
* Move tls testing functions to tlstest by @nanjj in #1948
* Remove Rican7/retry dependency by @nanjj in #1952
* Port proxy device documentation to gendoc by @Abdomash in #1953
* Port gpu device documentation to gendoc by @kmxtn in #1954
* Port nic device documentation to gendoc by @rahafjrw in #1956
* Remove arping dependency by @ahmetfturhan in #1958
* Remove gocapability dependency by @nanjj in #1957
* Infiniband Device Documentation Ported to GenDoc by @AbhinavTiruvee in #1962
* Replace rebfig/cron/v3 with adhocore/gronx by @nanjj in #1959
* Update help of incus storage list by @stgraber in #1968
* shared/api/scriptlet: Add yaml struct tags by @breml in #1973
* incusd/storage/migration: Check instance size during migration by @stgraber in #1971
* Logfile for forknet dhcp by @gwenya in #1976
* Add dhcp static routes via 0.0.0.0 with link scope in forknet by @gwenya in #1977
* incusd/device/disk: Fix registration of custom volumes by @stgraber in #1980
* Add server side filtering for incus profile list by @Abdomash in #1982
* Fix reference passing when yaml unmarshal by @nanjj in #1984
* Various fixes by @stgraber in #1983
* scriptlet: Return proper error by @breml in #1986
* incusd/instance: Also consider local CPU flags by @stgraber in #1987
* Cap maximum VM memory to match host memory total by @stgraber in #1988
-------------------------------------------------------------------
Mon Apr 14 11:10:09 UTC 2025 - Richard Rahl <rrahl0@opensuse.org>
- update to 6.11:
* Allow ICMP and low ports for unprivileged users in OCI containers by @gwenya in #1706
* doc: Clarify virtiofsd requirements by @stgraber in #1718
* Fix generate-database usage for incusd/db by @breml in #1719
* Do not allow mounting of custom block volume snapshots by @presztak in #1720
* generate-database: Abstract db connection / db transaction by @breml in #1721
* Fix snapshot size handling in cross-pool copy/move by @presztak in #1717
* generate-database: Accept interface in PrepareStmts by @breml in #1725
* Simplify evaluateShorthandFilter by reducing nesting levels by @presztak in #1727
* incusd/storage: Don't use sparse writer on thick LVM by @stgraber in #1729
* generate-database: Add support for marshal to JSON by @breml in #1731
* Fixed incus edk2 path overwrite issue by @nanjj in #1726
* Do not download instance types if cache loadable by @nanjj in #1732
* Clarify security.secureboot setting by @gwenya in #1740
* Fix DNS for isolated OVN networks by @gwenya in #1738
* Allow announcing extra routes through DHCPv4 by @gwenya in #1734
* Fix link parsing failure on non-ethernet devices by @stgraber in #1742
* Fix revert on OCI container creation failure by @gwenya in #1744
* generate-database: Handle non tx DB connections by @breml in #1745
* incus file edit extension by @gwenya in #1746
* Cleanup internal API endpoints by @stgraber in #1747
* Tweak help message for rebuild by @stgraber in #1754
* Use lego binary for DNS-01 challenge by @accuser in #1753
* incusd/storage/zfs: Fix ZFS CreateVolume deletes pre-existing data on failure by @mrstux in #1749
* incus/file: Always use 1MB chunks for SFTP by @stgraber in #1758
* Use the correct path for ingesting DNS-01 challenge certificate outputs by @accuser in #1759
* incusd/bgp: Rework start/stop logic by @stgraber in #1761
* incusd/network/ovn: Skip existing static routes by @stgraber in #1762
* incusd/instance/qemu: Set caching-mode with intel-iommu by @stgraber in #1772
* incus-agent: Improve SFTP performance by @stgraber in #1773
* incusd/network/ovn: Keep getting router name when network none by @diegofernandes in #1771
* make incus copy --device xx,type=none drop remaining device properties by @schnoddelbotz in #1764
* incusd/instance/qemu: rtc base localtime for windows by @nanjj in #1767
* Add option to configure DNS server for bridge and OVN networks by @gwenya in #1739
* Use lego binary for http 01 challenge by @accuser in #1770
* Handle live migration between QEMU versions by @stgraber in #1775
* incusd/instance/qemu: Skip to link nvram to itself by @nanjj in #1760
* Switch to new MAC address prefix by @stgraber in #1776
* client: Fix spelling errors found by codespell by @cjwatson in #1777
* Add ipv4.dhcp.expiry option for ovn networks by @gwenya in #1781
* Configure DHCP on existing instance interfaces when it is enabled on a network by @gwenya in #1780
* incusd/instance/edk2: Select SecureBoot capable firmware on Debian by @stgraber in #1782
* Fix some go vet warnings by @stgraber in #1784
* Clear gofumpt by @stgraber in #1803
* Fix some BGP issues by @stgraber in #1805
* incusd/instance/qemu: bad pid check by @nanjj in #1806
* Fix spelling errors and run codespell automatically by @cjwatson in #1778
* incus/file: Properly handle relative source paths by @stgraber in #1809
* cmd/storage: incorrect CLI syntax in storage pool creation examples by @ViniRodrig in #1810
* Improve DB performance by @stgraber in #1811
* incusd/network/ovn: Fix default DNS IPv4 server by @stgraber in #1812
* Extend OS detection logic by @stgraber in #1813
* Add allocated CPU time to instance state by @bensmrs in #1807
* incusd/certificates: Properly handle bad PEM data by @stgraber in #1816
* Extra generate-database features by @masnax in #1817
* incusd/network/common: Handle missing BGP peer by @stgraber in #1818
* incusd/cluster/evacuate: Don't live-migrate stopped instances by @stgraber in #1819
* Fix generator table pluralization by @masnax in #1823
* incusd/instance/qemu enable s4 by default by @nanjj in #1820
* Add support for USB NICs by @bensmrs in #1814
* incusd/storage/s3 Fixed minio client mc too ambious issue by @nanjj in #1821
* incusd/networks: Validate configuration on join too by @stgraber in #1824
* Update gomod for go-jwt vulnerability by @stgraber in #1825
* cmd/generate-database/db: Fix GetNames spacing by @masnax in #1826
* github: Rework issue templates by @stgraber in #1827
* Update Debian installation documentation by @gibmat in #1830
* Extend minio client naming by @gibmat in #1829
* Various fixes from address set PR by @stgraber in #1831
* incusd/instance/lxc: Cleanup OCI mount paths by @stgraber in #1834
* Add io.bus=usb for disks by @bensmrs in #1835
* golangci: Upgrade to version 2 by @stgraber in #1836
* golangci: Disable STI005 error checks by @stgraber in #1841
* Standalone changes from the Linstor branch by @stgraber in #1842
* incusd/storage/s3 minio client check enhancement by @nanjj in #1839
* incusd/network/ovn: Remove internal routes to forward/load-balancers by @stgraber in #1843
* incusd/instance/edk2: Always prefer the EDK2 override by @stgraber in #1847
* Fixes from Linstor branch by @stgraber in #1846
* Add linstor storage driver by @luissimas in #1621
* Add linstor.remove_snapshots config option by @luissimas in #1848
* doc/support: Update feature release version by @bensmrs in #1853
* incusd/instance: Don't enforce device/config validation on snapshots by @stgraber in #1854
* OCI entrypoint configuration by @gwenya in #1845
- update to 6.10.1:
* incusd/network/bridge: Fix deletion of tunnels and dummy devices by @montag451 in #1698
* Translations update from Hosted Weblate by @weblate in #1710
* Provide the RBD keeyring to QEMU by @stgraber in #1709
* incusd/storage/ceph: Re-introduce keyring parsing by @stgraber in #1716
* Move IOMMU handling under configuration option by @stgraber in #1715
- update to 6.10:
* incusd/instance/drivers/qmp: Handle missing log directory by @stgraber in #1604
* incus-user: keep track of socket path used to connect to the server by @bboozzoo in #1607
* incus-user: unify logging, support --verbose and --debug by @bboozzoo in #1606
* Add project support to profiles in preseed init by @megheaiulian in #1608
* incusd/network/ovn: Fix bad route check by @stgraber in #1616
* incus/file/pull: Ensure we have a leading / in all paths by @stgraber in #1617
* incus/file/pull: Read files in chunks by @stgraber in #1623
* doc/installing: mention incus group on NixOS by @dawidd6 in #1622
* incus/file/pull: Actually make read buffer 1MiB by @stgraber in #1624
* Translations update from Hosted Weblate by @weblate in #1639
* incusd/device/disk: Allow virtiofsd on non-x86 by @stgraber in #1638
* Translations update from Hosted Weblate by @weblate in #1640
* Translations update from Hosted Weblate by @weblate in #1642
* incusd/instance/drivers/qemu: Add IOMMU device by @stgraber in #1644
* incus/file: Remove unused function by @stgraber in #1645
* Translations update from Hosted Weblate by @weblate in #1646
* incus/network/info (ovn): Fix object not found. by @rxtom in #1628
* incusd/instance/drivers: Improve NUMA balancing by @lnutimura in #1626
* incusd/network/bridge: Fix deletion of tunnels and dummy devices by @montag451 in #1627
* incus/file: Move from path to filepath by @stgraber in #1647
* Added LZ4 support for incus import by @Spitfireap in #1611
* Add vrf parameter for routed-nic devices by @ibot3 in #1615
* Translations update from Hosted Weblate by @weblate in #1648
* Translations update from Hosted Weblate by @weblate in #1651
* Move generators to the cmd package by @stgraber in #1652
* Fix incorrect volume group naming when vg_name is not specified by @presztak in #1653
* Rename incus-generate and incus-doc by @breml in #1654
* Implement smbios11 config keys by @stgraber in #1655
* Fix instance copy error when using '--refresh' flag by @presztak in #1658
* Fix docs for load balancer create backend by @gwenya in #1661
* incusd/instance/utils: Only check uid/gid for containers by @stgraber in #1662
* incusd/main_nsexec: Fix change_namespaces fallback to handle multiple… by @stgraber in #1664
* Check if disk is remote when migrating with an extra disk by @presztak in #1669
* incusd/instance/edk2: Look for bios.bin in /usr/share/seabios by @stgraber in #1672
* Replace ast.Package with types.Package by @breml in #1665
* list/format: provide more information on error by @rxtom in #1666
* Add additional validation when joining a new cluster member by @presztak in #1680
* Upgrade flosch/pongo2 to v6 by @nanjj in #1677
* incusd/resources: Prevent concurrent runs and cache data for 10s by @stgraber in #1681
* Fix importing from older backups by @stgraber in #1683
* fix: Don't attempt to download signatures for oci by @m2Giles in #1685
* Ensure directories have 755 permissions in incus file push -p command by @presztak in #1687
* devcontainer: Update Go to 1.23 by @breml in #1689
* Make "Code generated" comments for generate-database Go conformant by @breml in #1690
* Disclaimer internal tool for generate-database and generate-config by @breml in #1694
* Truncate the block file during custom volume migration by @presztak in #1696
* Rework virtiofsd uid/gid map handling by @stgraber in #1692
* Remove unused arguments and parameters by @presztak in #1699
* generate-database: Use deferred func to map errors & make generated code self-sufficient by @breml in #1695
* incus/top: Fix handling of all-projects by @stgraber in #1701
* Ceph refactor by @MadnessASAP in #1538
* incus/file: Port remaining functions to SFTP by @HassanAlsamahi in #1649
* Add filtering to all API collections by @gwenya in #1679
* Add provider for DNS-01 ACME challenge by @accuser in #1668
-------------------------------------------------------------------
Sat Jan 25 19:32:34 UTC 2025 - Maciej Borzecki <maciek.borzecki@gmail.com>
- update to 6.9:
* Translations update from Hosted Weblate by @weblate in #1506
* Refactor scriptlet loader and improve checks by @bensmrs in #1507
* Translations update from Hosted Weblate by @weblate in #1511
* incusd/storage/drivers: Force blkdiscard and ignore errors by @stgraber in #1513
* incusd/auth: fix FGA online data race by @breml in #1515
* incusd/storage/drivers: Log on blkdiscard failure by @stgraber in #1517
* Fix issue with live-migration between storage pools by @presztak in #1518
* Add uplink addresses for OVN network by @winiciusallan in #1512
* Add --description flag to create type CLI commands by @luissimas in #1498
* client: Propagate HTTP TLS dialer to websocket by @stgraber in #1519
* Fix QEMU scriptlet parameter name by @bensmrs in #1524
* Add shell.nix by @MadnessASAP in #1526
* client: add proxy host to skopoe inspect by @winiciusallan in #1525
* incusd/cluster: Add missing error handling by @stgraber in #1528
* incusd/instance/qemu: Fix QMP arguments typing by @bensmrs in #1531
* Encode mc alias for storage buckets to match allowed characters by @monkz in #1535
* doc: Contributing section restructuring by @bensmrs in #1534
* internal/server: allow creation of OVN network with no uplink by @winiciusallan in #1533
* Translations update from Hosted Weblate by @weblate in #1540
* Translations update from Hosted Weblate by @weblate in #1541
* lxd-to-incus: Clear volatile.uuid from instances by @stgraber in #1546
* Translations update from Hosted Weblate by @weblate in #1548
* Translations update from Hosted Weblate by @weblate in #1550
* Translations update from Hosted Weblate by @weblate in #1551
* Translations update from Hosted Weblate by @weblate in #1553
* Tweak Github Actions and add arm64 tests by @stgraber in #1555
* Translations update from Hosted Weblate by @weblate in #1556
* incusd/networks: Tweak dnsmasq startup condition by @alex14641 in #1544
* Tweak namespace attach logic in forkproxy and forkfile by @stgraber in #1557
* Expand block reset logic by @stgraber in #1560
* Discard blocks on LVM resize by @stgraber in #1561
* incusd/storage/lvm: Run ClearBlock on all new thick block volumes by @stgraber in #1565
* Improve format flag by @breml in #1564
* devcontainer: initial version by @breml in #1566
* incusd/network/ovn: Skip remote peers when iterating peer networks by @stgraber in #1568
* Fix discard logic on LVM resize and optimize image unpacking by @stgraber in #1569
* incusd/main_cluster: Tweak to have help refer to correct command name by @stgraber in #1576
* Docs: Fixed link to point to correct manpage. by @foxtrotcz in #1581
* incusd/device/disk: Better handle partitions by @stgraber in #1578
* incusd/storage/drivers: Handle 4k sector sizes by @stgraber in #1585
* lxd-to-incus: Be more lenient on database changes by @stgraber in #1582
* incusd/dnsmasq: Don't put the project name in the DNS record by @stgraber in #1586
* Remove virtfs-proxy-helper dependency by @bensmrs in #1547
* Add new config hook by @bensmrs in #1577
* github: Switch to Github's hosted arm64 runners by @stgraber in #1589
* Support for ACLs for bridge NIC device when using nftables driver by @stgraber in #1587
* doc: typo by @eebssk1 in #1591
* Added unit for minimum ZFS blocksize by @Spitfireap in #1593
* incus/file/pull: Port to SFTP by @HassanAlsamahi in #1592
* incusd/device/disk: Update correct mount options by @stgraber in #1594
* doc: Force white background for swagger API by @stgraber in #1599
* Implement a VM memory dump API by @SpiffyEight77 in #1596
* gomod: Update dependencies by @stgraber in #1600
* incus/init: Add support for storage volumes in preseed init by @megheaiulian in #1595
* incusd/instance/qemu: Fix device_id warning on 9.2.x by @stgraber in #1601
* incus: Fix example description for debug dump-memory command by @SpiffyEight77 in #1602
-------------------------------------------------------------------
Wed Jan 8 11:25:54 UTC 2025 - Aleksa Sarai <asarai@suse.com>
- Add missing Requires for OCI support. bsc#1234300
-------------------------------------------------------------------
Wed Dec 25 20:17:42 UTC 2024 - Callum Farmer <gmbr3@opensuse.org>
- Migrate to single LXD/Incus OVMF handling (lxd-ovmf-setup):
* Allow aarch64 arch_vm_support
* Remove OVMF symlinks
* Require the new lxd-ovmf-setup packages
-------------------------------------------------------------------
Fri Dec 13 07:07:01 UTC 2024 - Johannes Kastl <opensuse_buildservice@ojkastl.de>
- update to 6.8:
* exec: Consume websocket pings for stderr by @stefanor in #1380
* incus-simplestreams: Add prune command by @presztak in #1381
* internal/instance: Fix validation of volatile.cpu.nodes by
@stgraber in #1394
* Add a function to clone map and use it where appropriate by
@montag451 in #1397
* cgo/process_utils: fix 32bit builds by @brauner in #1398
* Start using goimports by @stgraber in #1399
* instance/config: Mark user keys as live updatable by @stgraber
in #1404
* incus/internal/server/instance/drivers/: Fix incorrect Vars
file mapping in edk2 driver by @cmspam in #1406
* zfs: load keys for encrypted datasets during pool import by
@cyphar in #1384
* incusd/instance: Lock image access by @stgraber in #1408
* incus/image: Make use of server-side alias handling by
@stgraber in #1409
* incusd/cluster: Validate cluster HTTPS address on join too by
@stgraber in #1411
* Remove metadata info from space usage calculation by @presztak
in #1417
* Add ability to set the initial owner of a custom volume by
@presztak in #1415
* Allow local live-migration between storage pools by @presztak
in #1410
* incus: Add aliases completion by @montag451 in #1385
* golangci: Add local prefixes for goimports by @breml in #1401
* client: invalidate simple streams cache by @breml in #1424
* incusd/instances_post: Fix cluster internal migrations by
@stgraber in #1427
* Fix DHCP client keeping container up by @stgraber in #1430
* Add support for VGA console screenshots by @breml in #1431
* Add --reuse to incus image import by @presztak in #1428
* Fix random ETag values due to map ordering by @stgraber in
#1432
* incusd/task: Fix wait group logic (more entries than running
tasks) by @stgraber in #1433
* Allow setting aliases during raw image upload by @stgraber in
#1434
* Fixes an issue when copying a custom volume using the --refresh
flag by @presztak in #1437
* Openfga improvements by @stgraber in #1435
* doc/instance/properties: Add missing instance properties by
@stgraber in #1439
* incusd/daemon_storage: Ensure corect symlinks for
images/backups by @stgraber in #1441
* incusd/storage/lvm: Handle newer LVM by @stgraber in #1442
* Tweak rendering of manpage in doc by @stgraber in #1443
* incusd/storage/lvm: Require 512-bytes physical block size for
VM images by @stgraber in #1444
* incusd: Fill ExpiryDate and remove LastUsedDate in
volumeSnapshotToProtobuf by @presztak in #1448
* incusd/device/tpm: Wait for swtpm to be ready by @stgraber in
#1447
* incus: Improve completion for file push and file pull by
@montag451 in #1445
* incusd/auth/tls: Restrict config access to non-admin by
@stgraber in #1451
* incusd/storage: Handle default disk size in GetInstanceUsage by
@stgraber in #1452
* incus: Improve completion for some file sub-commmands by
@montag451 in #1453
* incus: Fix completion for profile copy by @montag451 in #1454
* incus: Add completion for image alias subcommands by @montag451
in #1457
* doc/installing: Update Fedora instructions by @stgraber in
#1456
* Fix gap in validation of pre-existing certificates when
switching to PKI mode by @stgraber in #1458
* doc/network_forwards: Split configuration into own table by
@stgraber in #1460
* chore: Happy path on the left, early return by @breml in #1461
* incus: Fix completion for image alias create by @montag451 in
#1459
* incus/top: Ignore CPU idle time by @stgraber in #1462
* incus: Display the alias expansion when execution of an alias
fails by @montag451 in #1464
* lint: disallow restricted licenses in go-licenses by @breml in
#1466
* chore: code structure, Go identifier shaddowing by @breml in
#1465
* incus: Fix alias arguments handling by @montag451 in #1463
* incus/file/push Use SFTP client instead of file API by
@HassanAlsamahi in #1468
* Fix TPM fd leaks and OpenFGA patching issue by @stgraber in
#1469
* Clarify device override syntax by @stgraber in #1471
* incusd/auth/openfga: refresh model before applying patches by
@stgraber in #1472
* Add authorization scriptlet by @bensmrs in #1412
* doc: add openSUSE installation instructions by @cyphar in #1475
* OCI image debugging improvements by @danbiagini in #1478
* Add function checks to scriptlet validation by @bensmrs in
#1484
* incus/project: Fix handling of default (unset) project in
get-current by @irhndt in #1476
* Translations update from Hosted Weblate by @weblate in #1492
* Add --force flag to the console command by @presztak in #1491
* Accept io.Writer in RenderTable by @breml in #1490
* doc/network_bridge: Fix missing escaping around variable by
@irhndt in #1493
* incusd/cluster: Skip project restrictions during join by
@stgraber in #1497
* incusd/instance/lxc: Skip instances without idmap allocation
yet by @stgraber in #1495
* incusd/storage/drivers/common: Truncate/Discard ahead of sparse
write by @stgraber in #1496
* Add AskPassword/AskPasswordOnce to Asker by @breml in #1499
* Add additional check to Cancel method for ConsoleShow operation
by @presztak in #1500
* Improve console disconnections by @stgraber in #1501
* Fix duplicate OVN load-balancer entries by @stgraber in #1502
* Improve SFTP performance by @stgraber in #1503
* incusd/instance_post: Expand profiles in scriptlet context by
@stgraber in #1504
- remove patches:
* 0001-incusd-storage-zfs-Fix-deletion-of-unavailable-pools.patch
* 0002-zfs-load-keys-for-encrypted-datasets-during-pool-imp.patch
-------------------------------------------------------------------
Fri Nov 22 13:36:58 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Remove the incus.sysctl drop-in file. This setting file overlaps with lxd's
sysctl settings, and setting these sysctls on boot even if you aren't running
containers is suboptimal.
We could come up with a complicated scheme for loading the rules once Incus
starts, as suggested in bsc#1233410, but ultimately these settings are only
really useful for production servers with >100 containers, at which point
admins are expected to tune their servers anyway.
So we can just remove it.
-------------------------------------------------------------------
Fri Nov 22 13:31:58 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Backport patches to fix encrypted ZFS datasets having their keys be unloaded
on Incus daemon restarts. <https://github.com/lxc/incus/pull/1384>
+ 0001-incusd-storage-zfs-Fix-deletion-of-unavailable-pools.patch
+ 0002-zfs-load-keys-for-encrypted-datasets-during-pool-imp.patch
-------------------------------------------------------------------
Fri Nov 21 15:24:17 UTC 2024 - Charles Miller <charlesmillerspam@gmail.com>
- Fix secureboot VMs by switching to passing the correct environment variable
(INCUS_EDK2_PATH) and updating the ovmf symlinks to point to the correct
blobs. There is an upstream bug here, so we will need to fix this again later
once <https://github.com/lxc/incus/pull/1406> is merged.
-------------------------------------------------------------------
Fri Nov 15 18:53:50 UTC 2024 - Jeff Kowalczyk <jkowalczyk@suse.com>
- Update to version 6.7:
* fix live update VM's limits.memory configuration when use a percentage value #1287
* fix: fix slice init length #1285
* incusd/instance/lxc: Remove restrictions on /run #1288
* Correct macvlan mode names #1284
* Translations update from Hosted Weblate #1290
* Translations update from Hosted Weblate #1295
* Translations update from Hosted Weblate #1304
* incus-simplestreams: Fix list -f json #1310
* Profile performance improvements #1314
* incus-agent: Add timeout for DNS query #1313
* incusd/instance/qemu: Don't fail on console retrival issue #1316
* Allow changing the parent value on physical networks #1317
* incus: Fix display of current project in projects list #1318
* Add --format to incus admin sql #1319
* incusd/internal/server/instance/drivers: support for Chimera Linux (qemu/edk2) pkg layout #1298
* incusd/instance/common: Cleanup volatile on device add failure #1323
* incusd/network/bgp: Only advertise networks with BGP configuration #1325
* Make revert library shared #1326
* Fix to the cluster resources caching mechanism #1324
* Fix idmap issues #1327
* Make ask library shared #1329
* doc/network/resolved: Add disabling DNSSEC and DNSOverTLS #1328
* Add some application container documentation #1331
* incusd/device/nic/bridged: Handle invalid configuration #1330
* Fix handling of custom volume snapshot patterns #1333
* Add OCI DHCP renewal #1334
* doc/installing: Update for Chimera Linux #1335
* shared/cgo: Don't use strlcpy #1337
* Implement incus webui #1338
* incusd/scriptlet: Make set_target fail with invalid members #1339
* Export QMP functions #1340
* incusd/network/ovn: Add support to ipv4.dhcp.ranges #1341
* internal/server: Log QMP interaction to a file #1345
* incusd/instance/qemu: Log QEMU command line #1346
* Improve cluster instance placement #1344
* incusd/instance_logs: Update log file list #1347
* Add infrastructure for OVN events #1349
* Fix QEMU feature checks during startup #1350
* incusd/instance/lxc: Fix LXCFS per-instance path #1352
* doc/idmap: Clarify subuid/subgid configuration #1353
* incusd/instance/qmp: Fix logging with no log file #1355
* Add a GetOIDCTokens() method #1357
* Add get-current to show current project #1356
* incus/file/create: Use SFTP client instead of file API #1354
* internal/instance: Allow 0 as value to limits.cpu.nodes #1358
* Translations update from Hosted Weblate #1361
* Translations update from Hosted Weblate #1362
* Translations update from Hosted Weblate #1368
* Improve agent interface listing performance #1367
* Make incus top output configurable through options #1370
* Automatic live-migration to balance load on cluster #1369
* gomod: Update dependencies #1372
* Add refresh-exclude-older flag to only transfer new snapshots during instance/volume refresh #1365
* incusd/instances/publish: Fix base metadata #1374
* Fix TPM with long instance names #1377
* Don't BGP advertise OVN load-balancers when all backends are offline #1376
* incusd/instance/qemu: Don't take over operations on console retrieval #1379
* Tweak to cluster internal relocation #1378
-------------------------------------------------------------------
Thu Nov 14 13:31:11 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Move some binaries to sbin to match upstream packaging recommendations.
- Update VM-related dependencies to make VMs work properly.
-------------------------------------------------------------------
Wed Oct 23 10:11:25 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Fix %_libexecdir usage for Leap 15.x (Leap 15.x still uses /usr/lib, so we
need to replace the usage of /usr/libexec in our scripts with a token that we
can replace during build).
-------------------------------------------------------------------
Mon Oct 21 05:02:17 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Rework packaging to match recommended packaging from doc/packaging.md and
<https://github.com/zabbly/incus/tree/stable/systemd>.
-------------------------------------------------------------------
Fri Oct 18 11:33:24 UTC 2024 - Aleksa Sarai <asarai@suse.com>
- Package Incus 6.6, based on the LXD 5.21 package. The primary differences are
that we no longer need to do ELF patching to work around having a custom
sqlite fork (instead we can use libcowsql, which is packaged for openSUSE
already).
