This release removes the legacy "torcx" image customisation and replaces this feature with systemd-sysext. Torcx enabled users to deploy custom docker versions; however, it required special packaging using the Flatcar SDK. Please refer to the "Changes" section below for details.
This release ships a major Docker update: Docker was upgraded to version 24 (from version 20 in the previous release). Please see the "Changes" section below for details.
Changes since Alpha 3760.0.0
Security fixes:
- Linux (CVE-2023-35827, CVE-2023-46813, CVE-2023-46862, CVE-2023-5178, CVE-2023-5717)
- VMWare: open-vm-tools (CVE-2023-34058, CVE-2023-34059)
- nghttp2 (CVE-2023-44487)
- samba (CVE-2023-4091)
- zlib (CVE-2023-45853)
Bug fixes:
- Fixed iterating over the OEM update payload signatures which prevented the AWS OEM update to 3745.x.y (update-engine#31)
- Made
sshkeys.service
more robust to only runcoreos-metadata-sshkeys@core.service
when not masked and also retry on failure (init#112) - Set TTY used for fetching server_context to RAW mode before running cloudinit on cloudsigma (scripts#1280)
Known issues:
- docker and containerd packages information are missing from
flatcar_production_image_packages.txt
(flatcar#1260)
Changes:
- Torcx, the mechanism to provide a custom Docker version, was replaced by systemd-sysext in the OS image. Learn more about sysext and how to customise OS images here.
- Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
(which is now also a legacy option because systemd-sysext offers a more robust and better structured way of customisation, including OS independent updates). - Torcx has been removed entirely; if you use Torcx to extend the Flatcar base OS image, please refer to our conversion script and to the sysext documentation mentioned above for migrating.
- Consequently,
update_engine
will not perform torcx sanity checks post-update anymore. - Relevant changes: scripts#1216, update_engine#30, Mantle#466, Mantle#465.
- Torcx entered deprecation 2 years ago in favour of deploying plain Docker binaries
- cri-tools, runc, containerd, docker, and docker-cli are now built from Gentoo upstream ebuilds. Docker received a major version upgrade - it was updated to Docker 24 (from Docker 20; see "updates").
- NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the
overlay2
driver
(changelog, upstream pr).
Using the btrfs driver can still be enforced by creating a respective docker config at/etc/docker/daemon.json
. - NOTE: If you are already using btrfs-backed Docker storage and are upgrading to this new version, Docker will automatically use the
btrfs
storage driver for backwards-compatibility with your deployment.- Docker will remove the
btrfs
driver entirely in a future version. Please consider migrating your deployments to theoverlay2
driver.
- Docker will remove the
- NOTE: The docker btrfs storage driver has been de-prioritised; BTRFS backed storage will now default to the
- Brightbox: The regular OpenStack image should now be used, it includes Afterburn for instance metadata attributes
- OpenStack: An uncompressed image is provided for simpler import (since the images use qcow2 inline compression, there is no benefit in using the
.gz
or.bz2
images)
Updates:
- Azure: WALinuxAgent (v2.9.1.1)
- DEV, AZURE: python (3.11.6)
- DEV: iperf (3.15)
- DEV: smartmontools (7.4)
- Go (1.20.11)
- Linux (6.1.62 (includes 6.1.61, 6.1.60 and 6.1.59))
- Linux Firmware (20231111 (includes 20231030))
- SDK: Rust (1.73.0)
- SDK: python packaging (23.2), platformdirs (3.11.0)
- VMWare: open-vm-tools (12.3.5)
- containerd (1.7.9 (includes 1.7.8))
- cri-tools (1.27.0)
- ding-libs (0.6.2)
- docker (24.0.6, includes changes from 23.0)
- ethtool (6.5)
- hwdata (v0.375 (includes 0.374))
- iproute2 (6.5.0)
- json-c (0.17)
- libffi (3.4.4 (includes 3.4.2 and 3.4.3))
- liblinear (246)
- libsodium (1.0.19)
- libunistring (1.1)
- mpc (1.3.1 (includes 1.3.0)
- mpfr (4.2.1)
- nghttp2 (1.57.0 (includes 1.52.0, 1.53.0, 1.54.0, 1.55.0, 1.55.1 and 1.56.0))
- nspr (4.35)
- ntp (4.2.8p17)
- nvme-cli (v2.6, libnvme v1.6)
- protobuf (21.12 (includes 21.10 and 21.11))
- samba (4.18.8)
- sqlite (3.43.2)
- thin-provisioning-tools (1.0.6)