Recommended update for ignition

Announcement ID: SUSE-RU-2022:1753-1
Rating: critical
References:
Affected Products:
  • SUSE Linux Enterprise Micro 5.1

An update that has one fix can now be installed.

Description:

This update for ignition fixes the following issues:

  • Use /bin/sh instead of /usr/bin/sh (for backwards compatibility with SLE Micro 5.1) (bsc#1196679)

  • Don't ignore errors in loops

  • Unmount mount points recursively - a new submount may have appeared
  • Split umount part into own service file:

  • Unmounts the additional mounts as soon as they are not required for Ignition any more; the ExecStop operation is running quite late in initrd and may unmount essential mount points flagged with "x-initrd.mount" (e.g. when storing /usr on a separate mount point). In theory this will also affect Ignition itself, but it hasn't been reported as a problem so far.

  • Don't include non-MarkDown files in documentation

  • Add ignition-touch-selinux-autorelabel.conf: Trigger SELinux autorelabel after Ignition runs; Ignition would support SELinux itself, however this is a compile time option, so it can't be used here.

  • Filter commented lines in ignition-mount-initrd-fstab.service

  • Remove /var/lib/YaST2/reconfig_system if a config was provided

  • Add support for NetworkManager in dracut:

  • Update to version 2.13.0:

  • news: add notes for 2.13.0
  • config/v3_4_exp: noProxy entries cannot be null
  • config/v3_4_exp: mark ignition.version as required
  • docs/supported-platforms: add some description about Nutanix
  • providers/nutanix: add Nutanix platform
  • tests: use umountPath as a thin wrapper around umountPartition
  • internal/providers: refactor handling of unmounting the mount path
  • tests: address gostatic-check warning
  • tests: Add base64 decoding test
  • Dockerfile.validate: build with Fedora 35
  • go.mod: update dataurl to 1.0.0
  • ci: give blackbox tests two hours to run
  • tests/filesystem: fix umountPartition retry loop
  • templates: skip vendoring the new version in favor of dependabot
  • go.mod: update vcontext
  • providers/virtualbox: read config from /Ignition/Config guest property
  • stages/filesystems: use mkfs.fat instead of mkfs.vfat
  • docs/supported-platforms: switch to Afterburn docs URL
  • docs/supported-platforms: drop reference to platform-specific agents
  • test: ensure all platforms are documented
  • docs/supported-platforms: add missing platforms
  • stages/files: rename relabelDirsForFile and add docstring
  • stages/files: make variable name follow Go convention
  • docs/supported-platforms: update platform names and URLs
  • docs/supported-platforms: sort by platform ID
  • docs/supported-platforms: add platform IDs
  • docs: Remove default layout from front matter
  • docs: Do not convert -- & --- to en/em-dash
  • internal/*: change the location of Ignition report
  • internal/exec/util: rename FindFirstMissingDirForFile and tweak docs
  • providers/qemu: start reporting progress reading fw_cfg after 10 s
  • providers/qemu: optimize fw_cfg read size
  • ci: use coreos-ci-lib helper for kola testiso
  • *: gofmt 1.17
  • workflows: bump Go and golangci-lint
  • config: update versions in comments

  • Removed obsolete ignition-rpmlintrc

  • Make sure to create /boot/writable (may not be present in some images)

  • is-live-image doesn't exist on *SUSE, and our live images don't use Ignition, so just add the Ignition device dependency to the service file directly.

  • Update to version 2.12.0:

  • news: add notes for 2.12.0
  • stages/files: add previousReport to result report
  • tests: fix linter warning
  • workflows: limit permissions to reading repo contents
  • workflows: bump linter version
  • go.mod: revendor
  • Drop EOL Go versions
  • internal/distro: drop DiskByIDDir
  • providers/azure: add support for azure gen2 VMs [bsc#1196679]
  • stages/mount: correctly relabel the root of a fresh ext4 filesystem
  • exec: fix permissions for mountpoints in home dirs
  • tests: drop os.ModeDir requirement in mode of output directories
  • examples: reboot with --force
  • exec/util: add blkid API to query block devices based on FSTYPE
  • stages/files: use IntToPtr() in createCrypttabEntries()
  • stages/files: write result report to /var/lib/ignition
  • engine: persist fetched config summaries in State
  • stages/disks: use State to persist keyfiles for files stage
  • *: add general mechanism for persisting state between stages
  • main: drop -clear-cache flag
  • engine: don't hardcode neednet path
  • fetch-offline: return ErrNeedNet if we need net
  • engine: switch Engine.logReport() to pointer receiver
  • engine: fix incorrect error in log message
  • dracut: drop ignition-setup-user.service
  • dracut: drop reference to ignition-setup-base.service
  • providers/gcp: access GCP metadata service by IP address
  • Remove ignition-firstboot-complete.service
  • OWNERS: remove
  • internal/exec/util: drop device argument from cResultToErr()
  • docs/config*: document storage.luks.clevis.threshold default
  • ci: disable spec bump external test workaround
  • docs: Add Ignition release / Spec version table
  • templates: update example releng signing ticket
  • templates: don't update %gotest lines
  • Provide ignition-firstboot-complete.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version; removed all non-SUSE specific stuff and integrated our own changes
  • Removed change-ignition-firstboot-path.conf (changes are integrated into ignition-firstboot-complete.service now).
  • Provide ignition-setup-user.service (removed by upstream due to correctly being considered distro spcific), based on the old upstream version.
  • Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh
  • Adapted ignition-generator-suse and module-setup.sh to use the custom ignition-setup-user.service (no overriding of parts of the service file necessary any more).
  • Synced ignition-kargs-helper script with upstream example
  • Raising minimum Go version to 1.15 as required by upstream

Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:

  • SUSE Linux Enterprise Micro 5.1
    zypper in -t patch SUSE-SUSE-MicroOS-5.1-2022-1753=1

Package List:

  • SUSE Linux Enterprise Micro 5.1 (aarch64 s390x x86_64)
    • ignition-2.13.0-150300.4.3.1
    • ignition-debuginfo-2.13.0-150300.4.3.1
    • ignition-dracut-grub2-2.13.0-150300.4.3.1

References: