* RaspberryPi: Update kernel to 6.12.75 - 89050b1059997d38d55462b323b099a6436dc10d
Raspberry devs now don't seem to care about updating any of the repositories
following a kernel release anymore so the hash for the latest release was
determined from the source package of the latest APT release.
* Update rpi-firmware
* buildroot d9cb724f06...be34a81850 (1):
> package/rpi-firmware: update to eb3ee43 (for 6.12.75)
* Add patch fixing serial in U-Boot, refresh patches
Change in DTS includes shadowed previous patch adding U-Boot-specific
compatible string for UARTs. Make sure that AMBA UARTs in device trees also
contain compatibles consumed by U-Boot as fallback.
Also, refresh RPi patches with --zero-commit.
For users having non-English, and especially non-qwerty layouts, using the host
shell can be very awkward. There was no option to change the keymaps as they
haven't been installed in the OS, and the persistence couldn't have been
achieved because of read-only /etc.
With upstream patch merged in #4224, we have an option to put
/etc/vconsole.conf to a writable location and use the same approach as in the
timezone PR. This is needed because even if we only bind-mounted the file from
the overlay directory, the Systemd services which start early will still refer
to the inode on the read-only FS. Also, gzip is required as current version of
kbd in Buildroot (v2.6.4) always compresses the keymaps using gzip. We can get
rid of this after we bump to kbd v2.9.0 [1] or newer. The overall bloat in
local build of the OS is slightly over 1 MiB, so it is acceptable.
With these changes, the `localectl set-keymap` command can be used to use any
available keymap from the installed `kbd` package (refer to `localectl
list-keymaps` for complete lists) and persist it between reboots.
[1] https://github.com/legionus/kbd/releases/tag/v2.9.0Fixes#1775
To make system timezone configurable, we need to have /etc/localtime
writable, and it must be possible to atomically create a symlink from
this place, which means the whole parent folder must be writable. We
don't have /etc writable and can't use the usual bind mount for this.
Latest Systemd v258 has patch that allows setting an environment
variable that sets where the localtime should be written. This can be
persisted in the overlay partition, with a symlink from /etc/localtime
leading there, finally pointing to the actual zoneinfo file. If the
symlink doesn't exist, create it by hassos-overlay script (it's not
really needed as UTC is the default, but Systemd does the same if you
change from non-UTC timezone back to UTC).
Also disable BR2_TARGET_LOCALTIME, so /etc/localtime and /etc/timezone
(the latter is only informative and non-standard) are not written by the
tzdata package build.
* Bump buildroot to update package/pigz
* Enable parallel gzip for faster Docker pulls
Docker checks if unpigz is available, and if so uses it to unpack
container layers with multiple CPU cores. This should make Docker pulls
faster, especially on lower end hardware.
* package/vcgencmd: add tool for RPi VideoCore commands
This tool is used by rpi-eeprom-update and is fairly lightweight binary without
dependencies. Use it as-is from raspberry/utils repo.
* package/rpi-eeprom: change package to install EEPROM userspace scripts
* configs: enable rpi-eeprom for rpi4, rpi4-64, rpi5-64 and yellow
On Pi5 and Yellow also enable flashrom so the firmware can be installed
directly without recovery being involved. On Yellow/CM4 this can't be done
without config.txt changes though (SPI and pinmuxing needs to be enabled) but
the image is shared there and users may eventually use the tools if they want,
so install BCM2711 on Yellow too. The "officially recommended" method is
rpiboot though, which is also documented in Yellow docs.
* Update RPi kernel to 6.12.20
Update to latest stable RPi kernel and remove unnecessary 6.6.y kernel config
fragments.
* Refresh RPi and Yellow patches
Rebase all patches on 6.12.20, remove patches that are already present
upstream.
* Update Yellow device trees for 6.12.20
Upstream changes broke our downstream device trees. While the CM4 fix was
trivial, there were more changes in the CM5 device tree due to adaptation to
upstream code. To simplify future maintenance, DTS was refactored to reuse CM5
DTS include and override only what's necessary.
* Bump buildroot to update to matching package/rpi-firmware
* buildroot ead21eb6d2...cd82256125 (1):
> package/rpi-firmware: bump version to f49a396 (1.20250326)
* Update Buildroot base to v2025.02
Packages updated:
* Added host-blake3 1.5.4
* Added host-go-src
* Added host-libxcrypt 4.4.38
* Added host-tar 1.35
* Added host-xxhash 0.8.3
* Added libtalloc 2.4.2
* Added libxcrypt 4.4.38
* apparmor updated from 3.1.2 to 3.1.7
* busybox updated from 1.36.1 to 1.37.0
* cifs-utils updated from 6.15 to 7.1
* containerd updated from 1.7.26 to 2.0.2
* dbus-broker updated from 35 to 36
* dropbear updated from 2024.85 to 2024.86
* e2fsprogs updated from 1.47.0 to 1.47.2
* expat updated from 2.6.4 to 2.7.0
* gcc-final updated from 12.4.0 to 13.3.0
* glibc updated from 2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5 to 2.41-5-gcb7f20653724029be89224ed3a35d627cc5b4163
* gptfdisk updated from 1.0.9 to 1.0.10
* host-binutils updated from 2.40 to 2.43.1
* host-ccache updated from 4.8.2 to 4.10.2
* host-cmake updated from 3.28.3 to 3.31.5
* host-dtc updated from 1.7.0 to 1.7.2
* host-e2fsprogs updated from 1.47.0 to 1.47.2
* host-elfutils updated from 0.189 to 0.192
* host-expat updated from 2.6.4 to 2.7.0
* host-fakeroot updated from 1.32.1 to 1.36
* host-gawk updated from 5.3.0 to 5.3.1
* host-gcc-final updated from 12.4.0 to 13.3.0
* host-gcc-initial updated from 12.4.0 to 13.3.0
* host-genimage updated from 17 to 18
* host-go updated from 1.22.12 to unknown
* host-gptfdisk updated from 1.0.9 to 1.0.10
* host-kmod updated from 31 to 33
* host-libcap updated from 2.69 to 2.73
* host-libffi updated from 3.4.4 to 3.4.6
* host-libglib2 updated from 2.76.1 to 2.82.5
* host-libopenssl updated from 3.2.4 to 3.4.1
* host-libtirpc updated from 1.3.4 to 1.3.6
* host-libxml2 updated from 2.12.9 to 2.13.6
* host-lz4 updated from 1.9.4 to 1.10.0
* host-lzip updated from 1.23 to 1.25
* host-meson updated from 1.3.1 to 1.7.0
* host-mpc updated from 1.2.1 to 1.3.1
* host-mtools updated from 4.0.43 to 4.0.47
* host-nfs-utils updated from 2.6.4 to 2.8.2
* host-pcre2 updated from 10.42 to 10.44
* host-pkgconf updated from 1.6.3 to 2.3.0
* host-python3 updated from 3.11.11 to 3.12.9
* host-python-flit-core updated from 3.9.0 to 3.10.1
* host-python-jinja2 updated from 3.1.2 to 3.1.5
* host-python-markupsafe updated from 2.1.3 to 3.0.2
* host-python-packaging updated from 23.2 to 24.2
* host-python-pypa-build updated from 1.0.3 to 1.2.2
* host-python-pyproject-hooks updated from 1.0.0 to 1.2.0
* host-python-setuptools updated from 69.0.3 to 75.8.0
* host-python-wheel updated from 0.40.0 to 0.45.1
* host-rauc updated from 1.11.3 to 1.13
* host-sqlite updated from 3.44.2 to 3.48.0
* host-systemd updated from 254.13 to 256.7
* host-util-linux updated from 2.39.3 to 2.40.2
* host-xz updated from 5.4.5 to 5.6.4
* host-zstd updated from 1.5.5 to 1.5.7
* iproute2 updated from 6.7.0 to 6.13.0
* iptables updated from 1.8.9 to 1.8.11
* json-c updated from 0.17 to 0.18
* kmod updated from 31 to 33
* libapparmor updated from 3.1.2 to 3.1.7
* libblockdev updated from 3.1.1 to 3.3.0
* libbytesize updated from 2.7 to 2.10
* libcap-ng updated from 0.8.4 to 0.8.5
* libcap updated from 2.69 to 2.73
* libdnet updated from 1.16.4 to 1.18.0
* libffi updated from 3.4.4 to 3.4.6
* libglib2 updated from 2.76.1 to 2.82.5
* libgudev updated from 237 to 238
* libmicrohttpd updated from 0.9.77 to 1.0.1
* libnftnl updated from 1.2.6 to 1.2.7
* libnl updated from 3.9.0 to 3.11.0
* libnvme updated from 1.7.1 to 1.11.1
* libopenssl updated from 3.2.4 to 3.4.1
* libtirpc updated from 1.3.4 to 1.3.6
* libunistring updated from 1.1 to 1.3
* libusb updated from 1.0.26 to 1.0.27
* lvm2 updated from 2.03.14 to 2.03.27
* nettle updated from 3.9.1 to 3.10.1
* network-manager updated from 1.44.2 to 1.50.2
* nfs-utils updated from 2.6.4 to 2.8.2
* pcre2 updated from 10.42 to 10.44
* procps-ng updated from 4.0.4 to 4.0.5
* rauc updated from 1.11.3 to 1.13
* rpcbind updated from 1.2.6 to 1.2.7
* rtl8821cu updated from 1597dfeda6cefd2e603fc7020ceca226d05fb108 to 96c65c58b544241178638e810b333dcc9aa26b91
* sqlite updated from 3.44.2 to 3.48.0
* systemd updated from 254.13 to 256.7
* util-linux-libs updated from 2.39.3 to 2.40.2
* util-linux updated from 2.39.3 to 2.40.2
* wireless-regdb updated from 2023.09.01 to 2024.10.07
* wpa_supplicant updated from 2.10 to 2.11
* patches/genimage: drop upstreamed patches
* patches/systemd: drop merged patch
* patches/network-manager: drop upstreamed patch
* Add BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_* to defconfigs
Disable downstream option for linux-firmware compression. With #3877 it's not
needed for x86 anymore and other boards don't need it. Eventually the higher
EROFS compression for firmwares and modules can be enabled for other targets as
well.
Use auditd so logs from AppArmor and other audit events are processed by that
instead of printed to the Systemd journal. This will reduce the log spam from
BPF usually present in host logs and still preserve the audit logs for
debugging.
The default configs seems to be sane for our purpose, rotating up to 5 files of
8MiB each. The difference is that /var/log/audit will be now on tmpfs but given
how AppArmor is used on typical HA setup, we don't need to preserve the logs
over reboots.
* RaspberryPi: Update kernel to 6.6.74 - stable_20250127
* Bump buildroot to update rpi-firmware
* buildroot 71cba6c610...014c3fad50 (1):
> package/rpi-firmware: bump to version 1.20250127 for kernel 6.6.74
* Update patch for disabling CQE on CM5
The bool has been changed to a cell, adding the possibility to change the value
via sd_cqe dt_param both on CM5 and Pi5. Set it to disabled by default on CM5.
Because of refactoring/code quality improvements in upstream, IPv6 reachability
patch no longer applied on 6.12 kernel. We added two versions of the patch to
address this initially, however, this requires updating of the patch directory
name on every kernel bump. Backport the patch causing collision instead to RPi
kernel, so we can carry only one version of the patch.
This also requires swapping of the patching order - now we first apply
board-specific patches, then the global ones. Unless there are collisions,
these operations should be idempontent, so at this point it shouldn't have any
side-effects.
RPi 5 images container only device tree for Pi 5 Model B. Add the other
remaining BCM2712 device trees to enable running on CM5 and other variants
supported upstream.
Fixes#3766
Instead of using in-tree module on RPi 5, build it as a module from the
original sources. This will give us better control over the version used and
will also allow us for easier way to add the module to other platforms.
This also makes 017d172 unnecessary anymore.
Add Hailo-8 firmware binary for Rasperry Pi AI accelerators. The version needs
to be determined from the Git history of the kernel sources, as the driver
source code is included in the RPi downstream kernel and the version string
can't be found in the code directly.
Fixes#3663
* RaspberryPi: Update kernel to 6.6.51 - stable_20241008
* Update rpi-firmware to version for kernel 6.6.51
* buildroot 2ffac68a74...19027bc796 (1):
> package/rpi-firmware: bump to version 1.20241008 for kernel 6.6.51
* Use name.sh functions for paths in genimage
Paths for images generated outside of genimage were not used in genimage
definitions. Use them as the single source of truth.
Images generated by genimage itself (e.g. kernel.img) don't need to use those
functions, so remove the unused ones.
* Use EROFS instead of SquashFS for root FS
* Enabled EROFS in common kernel fragment
* RootFS image switched to EROFS with options to get decent compression
* rootfstype removed from kernel command line
* Get size of correct FS image in GH build summary
* Use Genimage for declarative image layout instead of s[fg]disk and dd
* Change partition type to hybrid for M1, M1S and Green
This is what it really is, so just make sure only one "fix" function is
called.
* Change efi BOOT_SYS to gpt
There is no reason to have separate efi and boot sys, since all boards
that use efi also use grub as the loader.
* Change BOOT_SYS to more explanatory PARTITION_TABLE_TYPE
* Add units to DISK_SIZE
* Add forced-primary patch and use it in MBR images
* Avoid disabling SC2155, remove old comments
* RaspberryPi: Update kernel to 6.6.31 - stable_20240529
* Unify Linux patches after RPi update to non-conflicting 6.6.31
* Bump buildroot to update rpi-firmware
* buildroot 9af2384782...691077e577 (1):
> package/rpi-firmware: bump to version 1.20240529 for kernel 6.6.31
* RaspberryPi: Update kernel to 6.6.20 - 6f16847710cc0502450788b9f12f0a14d3429668
Used version specified in RPi OS release notes [1].
[1] https://downloads.raspberrypi.org/raspios_arm64/release_notes.txt
* Update RPi Buildroot defconfigs for v6.6.y kernel
* Update RPi kernel patches for v6.6.y kernel
* Amended old patches to accomodate for new DTS paths
* Removed 6.6.25 patches -> moved to the common folder
* Added patch to fix Yellow DTS compilation
* Bump buildroot to update rpi-firmware
* buildroot b45d671fe3...9f5750121a (1):
> package/rpi-firmware: bump to version for (untagged) kernel v6.6.20
* Remove kernel v6.1.y config fragments, as they're not needed anymore
Since buildroot commit 3ceb8c97bcb6753740fa27a58b8e0dc00dbbbd19, systemd
has new option BR2_PACKAGE_SYSTEMD_VCONSOLE_DEFAULT_KEYMAP which
defaults to "us". With this option specified, systemd-console depends on
kbd package and causes the following message to be printed during
startup on HAOS:
systemd-vconsole-setup[253]: sh: gzip: not found
This comes from the loadkeys call which tries to open the gzipped file,
so likely the kbd package should also depend on gzip. However, since we
don't want the kbd package at this point, I'm leaving this for later
investigation and simply unsetting the new option to revert to
pre-2024.02 setup.
* Update Buildroot to tag 2024.02 with rebased HAOS patchset
* udisks2: update to v2.10.1
* Updated to version 2.10.x compatible with libblockdev v3
* Rebased patches to new codebase
* Autoreconf patch is not needed anymore
* libblockdev-nvme is now hard dependency of udisks daemon
* patches/grub2: remove upstreamed efidisk patch
* patches/network-manager: update multiple gateway patch
* package/os-agent: fix go download
After the Go update, build fails with the following error on mod vendor:
GOPROXY list is not the empty string, but contains no entries
Turns out this step is not having the environment variables set, use
those used for download to fix it.
* package/xe-guest-utilities: set DL env for go mod vendor
* Bump buildroot to fix missing unit file from nfs-utils
* buildroot 3f950a1aee...a1b2d12f32 (1):
> package/nfs-utils: only install fsidd binary and unit file with enabled nfsd
* CI: install flake8 for pr-checks runner
Use distribution package, as it's what's used in Buidlroot's Gitlab CI
Docker image at buildroot/support/docker/Dockefile.
* Disable check for Upstream section in the patch header for now
It was introduced in latest BR - disable it for now and re-enable
for HAOS in a later separate PR.
* RaspberryPi: Update kernel to 6.1.73 - stable_20240124
* Bump rpi-firmware to version for RPi Linux 6.1.73
* buildroot f844f7f725...0ab96d7c0d (1):
> package/rpi-firmware: bump to version for stable_20240124 kernel
* Use separate path for v6.1.y and v6.6.y kernel config fragments
Since we're now maintaining Linux configs for two different versions,
it may happen that we want to add some options only to one of the
versions. While the Kconfig might figure the invalid options itself,
our config checking tooling would spam us with warnings. This commit
splits the configs to two directories. This pattern is used only for
the common fragments, more specific ones are usually sharing the same
Linux version anyway.
* Add back options removed in v6.6.y to v6.1.y kernel config fragments
* ../../../buildroot 55120df0b7...512a487366 (3):
> package/linux-firmware: add WiFi and BT firmware for MT7921 and MT7922
> package/dbus-broker: fix legal info
> package/rtl8821cu: fix legal info
* Remove all non-existing kernel config symbols
* Remove unapplied x86 Intel sound options
These are missing various subsystem dependencies and were never in fact
enabled, assuming they're rather exotic and removing them completely.
* Add missing dependencies, adjust tristate values, remove nonsense
* Use KERNEL_LZ4 only for non-aarch64
Since aarch64 doesn't use self-extracting kernel:
https://patchwork.kernel.org/project/linux-arm-kernel/patch/20190119185540.20526-1-tobias.johannes.klausmann@mni.thm.de/
* Extract PCI options to device-support-pci fragment (renamed from device-support-pcie)
RPi 4+ should use this fragment too, since CM4 has PCIe support.
* Rename RPi's kernel-32b fragment to kernel-armv7
Add new firmwares and enable them for all targets.
Bloat in rootfs in my x86_64 test build was ~2.16 MiB.
Buildroot bump:
* buildroot 8a75878da4...4c89661fd1 (2):
> package/linux-firmware: add WiFi and BT firmware for MT7921 and MT7922
> package/linux-firmware: add rtw89 firmware files
Compress firmware files from linux-firmware using ZSTD algorithm.
This should grant us some more space to add more firmwares and should
not have any major performance impact, because firmwares are not accessed
frequently.
Includes buildroot submodule bump:
* buildroot 07e08e01b2...8a75878da4 (1):
> linux-firmware: add option for firmware files compression
* Add initial Raspberry Pi 5 buildroot config
* Add machine-id support via cmdline.txt
* Add new entry if entry is missing
* Don't overwrite cmdline.txt when adding machine-id
Use sed to append the new cmdline parameter to the first line.
* Skeleton script for RAUC custom bootloader interface
* Deploy kernel/device-tree into a RAUC slot specific directory
This allows us to use the os_prefix feature to switch between slot A and
B. Compared to the boot_partition option, this option allows to use a
shared config.txt and cmdline.txt, which makes it more like how HAOS
currently works on other Raspberry Pis.
* Deploy new kernel/device-tree to correct slot on installation
* Increase boot size to 128MB
This makes sure we can store up to three kernels (slot A, B and an
temporary one while installing the OTA update).
* Initial tryboot implementation using os_prefix
* Make sure to delete the old slot completely
* Add Busybox xargs for tryboot bootloader script
* Compare tryboot bootloader file silently
* Revert "Increase boot size to 128MB"
This reverts commit 7f2c69b58f02f500d6aeee4f0a419046899b5e38.
* Use compressed kernel
* Address shellcheck
* Address shellcheck issue in rauc-hook
* Fix shellcheck for rpi-tryboot.sh
* Do not follow source - it gets checked separately
* Correctly set the slot to boot
* Apply suggestions from code review
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
* Drop serial console from default cmdline.txt
* Resync rpi5_64_defconfig with rpi4_64_defconfig
* Improve machine-id match
Only match actual hexadecimal characters.
* Deploy firmware overlays to OS prefix directory
* Add Raspberry Pi 5 to documentation
* Bump buildroot
* buildroot fd1dc86f40...f13ad03408 (1):
> linux: add in-tree device tree overlay support
* Install device tree overlays from Kernel sources
* Drop RPi RF modules for now
No Raspberry Pi 5 specific device tree overlays are available, drop RPi
RF mod for now.
* Use Raspberry 5 specific identifiers for Supervisor/OS Agent
* Bump buildroot
* buildroot f13ad03408...07e08e01b2 (1):
> linux: fix add in-tree device tree overlay support
* Revert "Drop RPi RF modules for now"
This reverts commit 46fc1701e4.
---------
Co-authored-by: Jan Čermák <sairon@users.noreply.github.com>
