For users having non-English, and especially non-qwerty layouts, using the host
shell can be very awkward. There was no option to change the keymaps as they
haven't been installed in the OS, and the persistence couldn't have been
achieved because of read-only /etc.
With upstream patch merged in #4224, we have an option to put
/etc/vconsole.conf to a writable location and use the same approach as in the
timezone PR. This is needed because even if we only bind-mounted the file from
the overlay directory, the Systemd services which start early will still refer
to the inode on the read-only FS. Also, gzip is required as current version of
kbd in Buildroot (v2.6.4) always compresses the keymaps using gzip. We can get
rid of this after we bump to kbd v2.9.0 [1] or newer. The overall bloat in
local build of the OS is slightly over 1 MiB, so it is acceptable.
With these changes, the `localectl set-keymap` command can be used to use any
available keymap from the installed `kbd` package (refer to `localectl
list-keymaps` for complete lists) and persist it between reboots.
[1] https://github.com/legionus/kbd/releases/tag/v2.9.0Fixes#1775
To make system timezone configurable, we need to have /etc/localtime
writable, and it must be possible to atomically create a symlink from
this place, which means the whole parent folder must be writable. We
don't have /etc writable and can't use the usual bind mount for this.
Latest Systemd v258 has patch that allows setting an environment
variable that sets where the localtime should be written. This can be
persisted in the overlay partition, with a symlink from /etc/localtime
leading there, finally pointing to the actual zoneinfo file. If the
symlink doesn't exist, create it by hassos-overlay script (it's not
really needed as UTC is the default, but Systemd does the same if you
change from non-UTC timezone back to UTC).
Also disable BR2_TARGET_LOCALTIME, so /etc/localtime and /etc/timezone
(the latter is only informative and non-standard) are not written by the
tzdata package build.
* Bump buildroot to update package/pigz
* Enable parallel gzip for faster Docker pulls
Docker checks if unpigz is available, and if so uses it to unpack
container layers with multiple CPU cores. This should make Docker pulls
faster, especially on lower end hardware.
* Update Buildroot base to v2025.02
Packages updated:
* Added host-blake3 1.5.4
* Added host-go-src
* Added host-libxcrypt 4.4.38
* Added host-tar 1.35
* Added host-xxhash 0.8.3
* Added libtalloc 2.4.2
* Added libxcrypt 4.4.38
* apparmor updated from 3.1.2 to 3.1.7
* busybox updated from 1.36.1 to 1.37.0
* cifs-utils updated from 6.15 to 7.1
* containerd updated from 1.7.26 to 2.0.2
* dbus-broker updated from 35 to 36
* dropbear updated from 2024.85 to 2024.86
* e2fsprogs updated from 1.47.0 to 1.47.2
* expat updated from 2.6.4 to 2.7.0
* gcc-final updated from 12.4.0 to 13.3.0
* glibc updated from 2.38-81-gc8cb4d2b86ece572793e31a3422ea29e88d77df5 to 2.41-5-gcb7f20653724029be89224ed3a35d627cc5b4163
* gptfdisk updated from 1.0.9 to 1.0.10
* host-binutils updated from 2.40 to 2.43.1
* host-ccache updated from 4.8.2 to 4.10.2
* host-cmake updated from 3.28.3 to 3.31.5
* host-dtc updated from 1.7.0 to 1.7.2
* host-e2fsprogs updated from 1.47.0 to 1.47.2
* host-elfutils updated from 0.189 to 0.192
* host-expat updated from 2.6.4 to 2.7.0
* host-fakeroot updated from 1.32.1 to 1.36
* host-gawk updated from 5.3.0 to 5.3.1
* host-gcc-final updated from 12.4.0 to 13.3.0
* host-gcc-initial updated from 12.4.0 to 13.3.0
* host-genimage updated from 17 to 18
* host-go updated from 1.22.12 to unknown
* host-gptfdisk updated from 1.0.9 to 1.0.10
* host-kmod updated from 31 to 33
* host-libcap updated from 2.69 to 2.73
* host-libffi updated from 3.4.4 to 3.4.6
* host-libglib2 updated from 2.76.1 to 2.82.5
* host-libopenssl updated from 3.2.4 to 3.4.1
* host-libtirpc updated from 1.3.4 to 1.3.6
* host-libxml2 updated from 2.12.9 to 2.13.6
* host-lz4 updated from 1.9.4 to 1.10.0
* host-lzip updated from 1.23 to 1.25
* host-meson updated from 1.3.1 to 1.7.0
* host-mpc updated from 1.2.1 to 1.3.1
* host-mtools updated from 4.0.43 to 4.0.47
* host-nfs-utils updated from 2.6.4 to 2.8.2
* host-pcre2 updated from 10.42 to 10.44
* host-pkgconf updated from 1.6.3 to 2.3.0
* host-python3 updated from 3.11.11 to 3.12.9
* host-python-flit-core updated from 3.9.0 to 3.10.1
* host-python-jinja2 updated from 3.1.2 to 3.1.5
* host-python-markupsafe updated from 2.1.3 to 3.0.2
* host-python-packaging updated from 23.2 to 24.2
* host-python-pypa-build updated from 1.0.3 to 1.2.2
* host-python-pyproject-hooks updated from 1.0.0 to 1.2.0
* host-python-setuptools updated from 69.0.3 to 75.8.0
* host-python-wheel updated from 0.40.0 to 0.45.1
* host-rauc updated from 1.11.3 to 1.13
* host-sqlite updated from 3.44.2 to 3.48.0
* host-systemd updated from 254.13 to 256.7
* host-util-linux updated from 2.39.3 to 2.40.2
* host-xz updated from 5.4.5 to 5.6.4
* host-zstd updated from 1.5.5 to 1.5.7
* iproute2 updated from 6.7.0 to 6.13.0
* iptables updated from 1.8.9 to 1.8.11
* json-c updated from 0.17 to 0.18
* kmod updated from 31 to 33
* libapparmor updated from 3.1.2 to 3.1.7
* libblockdev updated from 3.1.1 to 3.3.0
* libbytesize updated from 2.7 to 2.10
* libcap-ng updated from 0.8.4 to 0.8.5
* libcap updated from 2.69 to 2.73
* libdnet updated from 1.16.4 to 1.18.0
* libffi updated from 3.4.4 to 3.4.6
* libglib2 updated from 2.76.1 to 2.82.5
* libgudev updated from 237 to 238
* libmicrohttpd updated from 0.9.77 to 1.0.1
* libnftnl updated from 1.2.6 to 1.2.7
* libnl updated from 3.9.0 to 3.11.0
* libnvme updated from 1.7.1 to 1.11.1
* libopenssl updated from 3.2.4 to 3.4.1
* libtirpc updated from 1.3.4 to 1.3.6
* libunistring updated from 1.1 to 1.3
* libusb updated from 1.0.26 to 1.0.27
* lvm2 updated from 2.03.14 to 2.03.27
* nettle updated from 3.9.1 to 3.10.1
* network-manager updated from 1.44.2 to 1.50.2
* nfs-utils updated from 2.6.4 to 2.8.2
* pcre2 updated from 10.42 to 10.44
* procps-ng updated from 4.0.4 to 4.0.5
* rauc updated from 1.11.3 to 1.13
* rpcbind updated from 1.2.6 to 1.2.7
* rtl8821cu updated from 1597dfeda6cefd2e603fc7020ceca226d05fb108 to 96c65c58b544241178638e810b333dcc9aa26b91
* sqlite updated from 3.44.2 to 3.48.0
* systemd updated from 254.13 to 256.7
* util-linux-libs updated from 2.39.3 to 2.40.2
* util-linux updated from 2.39.3 to 2.40.2
* wireless-regdb updated from 2023.09.01 to 2024.10.07
* wpa_supplicant updated from 2.10 to 2.11
* patches/genimage: drop upstreamed patches
* patches/systemd: drop merged patch
* patches/network-manager: drop upstreamed patch
* Add BR2_PACKAGE_HOST_LINUX_HEADERS_CUSTOM_* to defconfigs
Disable downstream option for linux-firmware compression. With #3877 it's not
needed for x86 anymore and other boards don't need it. Eventually the higher
EROFS compression for firmwares and modules can be enabled for other targets as
well.
Patch added in #3843 is not necessary anymore, as the missing reset names have
been added to DTS includes of the 6.12.y branch as patch
6c9cd0a70ccea8a505471062a85de5626ad07cec (released in v6.12.14).
Use auditd so logs from AppArmor and other audit events are processed by that
instead of printed to the Systemd journal. This will reduce the log spam from
BPF usually present in host logs and still preserve the audit logs for
debugging.
The default configs seems to be sane for our purpose, rotating up to 5 files of
8MiB each. The difference is that /var/log/audit will be now on tmpfs but given
how AppArmor is used on typical HA setup, we don't need to preserve the logs
over reboots.
