siderolabs/image-factory v1.1.0 on GitHub

image-factory 1.1.0 (2026-04-17)

Welcome to the v1.1.0 release of image-factory!

Please try out the release binaries and report any issues at
https://github.com/siderolabs/image-factory/issues.

SPDX SBOM viewer

Added a new SPDX SBOM section to the Image Factory Enterprise.
Users can now request SBOMs for a specific Talos schematic directly from the Image Factory Enterprise interface.

Note: This feature is enterprise-only and is subject to the BUSL-1.1 license.

Contributors

Andrey Smirnov
Mateusz Urbanek
Noel Georgi
Mickaël Canévet
Orzelius
Dmitrii Sharshakov
Nico Berlee
Zadkiel AHARONIAN
Andreas Freund
Edward Sammut Alessi
Fritz Schaal
Max Makarov
Utku Ozdemir
Andreas Lüdeke
Ansgar Dahlen
Benoît Knecht
Daniil Kivenko
David Orman
Dharsan Baskar
Dmitrii Sharshakov
Dominik Pitz
Jan Paul
Justin Garrison
Kai Zhang
Kevin Tijssen
Laura Brehm
Spencer Smith
Sébastien Masset
arita
drew
lmacka
pythoner6

Changes

15 commits

81f9312 release(v1.1.0): prepare release
1b834b7 feat: add SHA-256 and SHA-512 checksum frontend
e775c36 feat: upgrade tailwind to v4
bb27d39 feat: update Talos to v1.13.0-rc.0
2a59890 fix: gsa signer pull during verify
fbc302f fix: support insecure registries for signature bundles
8e7d10e feat: add support for google service account signing
74afd80 fix: set correct Content-Type when downloading images
8372fe8 feat: add SPDX frontend
b379bf2 feat: switch schematic cache to LRU and negative TTL
0450038 chore: remove deuplicate k8s-down ci step
470cb2f chore: switch to large runners
713fc6e fix: memory usage when building images
0a25274 fix: excessive memory usage
0f9eb22 feat: update machinery doc links

Changes from siderolabs/crypto

1 commit

6d82f0c fix: bump minimum TLS version to v1.3

Changes from siderolabs/go-debug

1 commit

47fce68 feat: support Go 1.26, rekres

Changes from siderolabs/pkgs

51 commits

b121566 fix: support disabling module signature verification
a02d120 feat: update containerd to 2.2.3
a65a3e3 feat: enable CONFIG_UHID and CONFIG_INPUT_JOYDEV as modules
89776b8 feat: update runc to 1.4.2
9ab4f1b feat: update backportable dependencies
7c122c4 feat: update Go to 1.26.2 and small deps updates
ddd56d2 feat: disable dynamic SCS
5d027c4 feat: update Linux to 6.18.21
46c12db fix: libarchive install prefix
142b074 feat: update for musl 1.2.6
4ef2ff4 feat: update NVIDIA production to 595.58.03
1d3bbca feat: update Linux to 6.18.19
0982fac feat: update containerd patch verifier role
6d3cd66 feat: enable CHECKPOINT_RESTORE option
83f5bcd chore: update toolchain and tools
4f784de fix: install apparmor parser require config files
559b1be feat: enable AMD GPU peer-to-peer DMA
77194e4 fix: disable CONFIG_RT_GROUP_SCHED
02ee1e3 feat: backportable deps update
21af1c3 feat: bump deps
6935f6f feat(kernel): enable CONFIG_USB_UHCI_HCD on amd64
2c89e9f feat: update containerd to 2.2.2
866939b feat: update tools with LLVM 22.1
13d00e0 feat: enable dynamic preemption support
7d0cc32 feat: update Linux 6.18.16, NVIDIA, ZFS
ef3a7c8 feat: update Go to 1.26.1
8148601 feat: add containerd patch to verify images
b7c7ab2 feat: update Linux to 6.18.15
830fbac feat: enable CONFIG_USB_IPHETH kernel module
adc1714 feat: update Linux to 6.18.14
3c982f8 chore: update deps
d065c59 feat: update Linux firmware to 20260221
773ea3a feat: update Linux to 6.18.13
6ca02b3 fix: make udev rules read only
520141c feat: enable kernel irq time accounting
8f6df51 feat: enable CONFIG_HID_MULTITOUCH
6934b50 feat: add patch for Cilium BPF verifier rejection by the kernel
5760aa7 feat: enable MLX5 Scalable Functions and TC offload in kernel
c0c8bc5 feat: enable CONFIG_DRM_ACCEL and IVPU on amd64
b9cc39d feat: build kernel with Clang and ThinLTO, update Go to 1.26
3327386 chore: drop mellanox-ofed
9013985 feat: update dependencies
17196f5 feat: update NVIDIA LTS to 580.126.16
8f53ad2 feat: update Linux to 6.18.9
eff5ba0 feat: enable ip6_gre
605ac0d chore: update deps
7670ff4 feat: enable NFT_BRIDGE config
dc737a6 chore: update kernel
9b118b3 chore: update deps
a63c227 feat: update OpenSSL to v3.6.1
da7ab57 feat: add px-fuse pkg

Changes from siderolabs/talos

157 commits

1f949d9a5 release(v1.13.0-rc.0): prepare release
929ab7165 fix(machined): clear stale bond ARP/NS targets on decode
730937eee chore: bump tools
0f9d4b5b9 feat: update Kubernetes 1.36.0-rc.1
41e6866fd fix: encode extra args fields in resources with new id
5feeab90d chore(ci): nvidia try UKI boot
cd88cbd0c chore: bump tools
53609713f fix: upgrade API in maintenance mode (legacy)
2de7fb60d refactor: allow overriding out image name suffix
384b189a5 feat: update Kubernetes to 1.36.0-rc.0
9b8c1891b fix: panic in reading PCR values
67a34a6eb feat(ci): add nvidia arm64 matrix
cd73b4a82 feat: bump go to 1.26.2
77406ec31 fix: validate hostDNS forwarding requires hostDNS to be enabled
7d7776dca fix: handle boot failure
6dc97e8aa fix(talosctl): always use default GRPC dial options
db2c007ee fix: create correct blackhole routes for IPv4
6f8462849 refactor: propagate NAME properly, allow to set on build
6a0ec46b5 feat: add dis-vulncheck tool
4c79bd815 chore: bump some tool dependencies
cd8d70fb9 fix: set the minimum TLS version to 1.3
fe5b849ec refactor: remove manual shell completion and replace with cobra completion
fef5ef49e feat: allow more nvidia and nvme files from extensions
33b89cff7 feat: allow glibc ld files in etc
9be7bc025 fix: don't set xattrs while decompressing extensions
9cc735588 feat: add client-side Kubernetes node drain to reboot and upgrade commands
128c2c287 feat: update Flannel to v0.28.2
02d84f582 fix: handle ISOs with zeroes in volume labels
70c356bfd feat: add flag to force fallback to legacy upgrade
8499579f4 fix: add os:meta:writer role to the dashboard
dc59a7e94 fix: drop talosctl install
f7be2c598 feat: add resource view to talosctl dashboard
a47b76618 fix: unseal with "slow" TPM
3c79b432a fix: drop unused type from ExternalVolume schema
38d391e9d fix: always grow disks
f0c5cb517 fix: add metal-agent mode to runtime capabilities
213ecf2a5 release(v1.13.0-beta.1): prepare release
abc0ddf11 feat: bump musl to 1.2.6
fcdfeab2b fix: incorrect route source for on-link routes
a8f2a0af7 feat: update NVIDIA production drivers to 595.58.03
ccf1e0c27 test: fix the PKI mismatch test flake
7a9467306 test: fix cron failures for provision-1 & provision-2
797815209 fix: allow blockdevice wipe in maintenance mode
efc76f0bf test: fix the flakes in tests with trusted roots
7fa16b497 test: bump memory for Flannel netpolicy tests
576c26948 feat: add --platform=all support to image cache-create
ceec42f2a feat: update Linux to 6.18.19, CNI to 1.9.1
902c78a17 test: improve maintenance API provision tests
a4b0cbc49 feat: validate luks headers for tampering
281584b88 chore: update go-kubernetes library
b86360790 fix: add symlinks nvidia-ctk and nvidia-cdi-hook in /usr/bin
d82fada75 fix: unset rlimits for extension services
76931f409 feat: enforce PID check on connections to services over file sockets
df4e0e7f5 feat: update etcd to 3.6.9
08ba425e6 feat: update Kubernetes to 1.36.0-beta.0
1cb2a8b30 fix: update diff library to v1.0.1
5e171a3de test: fix the apid test against AWS/GCP
f98e76f8d fix: panics in diff algorithms
a544aea84 release(v1.13.0-beta.0): prepare release
f36f6ef54 chore: update pkgs and tools
b7d70cf62 feat: unify maintenance and regular APIs
13d6b4a03 fix: trim down cosign dependencies
5c39a8581 fix: drop aws & azure KMS APIs from the machined build
3d059754c fix: accept image cache volume encryption config
d2661d253 fix: apparmor parser config files
13ef0cfc9 fix: unmount pseudo-late recursively
e9d45671a fix: panic in hardware.SystemInfoController
a728bbd89 fix: validate missing apiVersion in config document decoder
c8a674afa fix: pull in a fix for dmesg timestamps
e7e21fe8e feat: bump dependencies
6bb5cf57a feat: implement routing rules support
a0b9d6e77 feat: bump kernel with uhci_hcd driver
1f0d2da39 feat: update containerd to 2.2.2
cff0f5782 fix(machined): support USERDATA legacy fallback in OpenNebula driver
5d3a326c8 feat(machined): add ONEGATE proxy route and deterministic interface iteration for OpenNebula
3bec5cc7b feat(machined): inherit IP6_METHOD from METHOD in OpenNebula driver
4f4ec9806 fix(machined): align OpenNebula hostname precedence with reference
4d0244ddf feat(machined): add IPv6 alias address support for OpenNebula (ETH*_ALIAS*_IP6)
5bb896230 feat(machined): support ETH*_IP6_METHOD (static/dhcp/auto/disable) for OpenNebula
469db18d3 refactor(machined): extract per-interface IPv4 helper in OpenNebula driver
ae61f5a5e fix(machined): use ParseFQDN for hostname parsing in OpenNebula
7adbbd2f8 feat(machined): support per-interface route metric for OpenNebula (ETH*_METRIC)
196658c41 feat(machined): add network alias support for OpenNebula (ETH*_ALIAS*)
e96766e81 feat(machined): merge global and per-interface DNS for OpenNebula
23c99a3cb feat(machined): add static routes support via ETH*_ROUTES for OpenNebula
ad3c59aad fix: prevent stale discovered volumes reads
fc9749b9e feat: pull in kernel with preemptible kernel
c14179e78 chore(ci): update nvidia test to use gpu-operator
da70cedfd refactor: drop apid file socket
ee53a18c8 fix: stop pulling wrong platform for images
17335107b fix: use non-sensitive resource for health check precondition
2fb6f6a16 feat: add symlinks needed by gpu-operator
f2bae55b8 feat: enable container device interface
451b13c1b feat: update Linux to 6.18.16
a02d578fa feat: add support for mirroring image signatures
57599fb87 fix: skip some readiness checks when the CNI is disabled
e6d8669fb feat: update Go to 1.26.1
7f2eb4856 feat: add image verification endpoint
1e4cd20d2 feat: add talosctl install command and upgrade via LifecycleService
275fa351c test: add integration tests for LifecycleService upgrade path
15a5ec998 feat: implement new install/upgrade API
720a2148a fix: correctly calculate end ranges for nftables sets
95287d2db fix: environment suite failures
10f49ca91 feat: add trusted roots generation to stdpatches
55b872185 fix: use correct dhcp option for unicast dhcp renewal
58e006461 feat: update Kubernetes to 1.36.0-alpha.2
ebcfafd4e feat: update Linux to 6.18.15
0ab84c2a1 fix: ignore image digest when doing upgrade-k8s
d417d68e0 feat: bring in new ssa logic
0bb6413ff fix: do not fail on RO virtiofs
bf2cd0a85 feat: update Linux to 6.18.14
ad29417ae fix(machined): opennebula: process ETH*_ vars regardless of NETWORK context flag
b551cb9b8 feat: allow dashboard mouse support
bfb98a9ca feat: bump kube-network-policy to v1.0.0
000c18d53 feat: implement blackhole route config
cc636f1dd fix: image cache test fails with 'no space left on device'
f0c51b280 feat: implement correct config patching for extraArgs fields
1da2b63ab feat: multi-doc support for configuring vrfs
c1d0a3360 fix: patch with delete for LinkConfigs
59311a792 release(v1.13.0-alpha.2): prepare release
009f0d6ca chore: update pkgs
ba56b0295 feat: include hid-multitouch.ko kernel module in rootfs
ae29a0dcc feat: update Linux to 6.18.13
7cf1de279 fix: bring in new version of go-cmd and go-blockdevice
c8800b41e fix: update path handling on talosctl cgroups
0a7b6eb2c chore: test extensions
8b1c974a2 refactor: drop termui-widgets library
5baa0028e fix: add owning inventory annotation to talos manifests
d3e793d14 fix: stop Kubernetes client from dynamically reloading the certs
6a5a0e3bd feat: support pattern link aliases
9758bd4fe feat: update Go to 1.26
e00aed0f6 feat: update Kubernetes v1.36.0-alpha.1
f20445ad0 chore: improve logging of disk encryption handling
f018fbe7b fix: handle raw encryption keys with \n properly
e5b0eb017 fix: hold user volumes root mountpoint
8a0e79774 refactor: split locate and provision
a59db0e92 fix: improve OpenStack bare metal network configuration reliability
659009ad8 fix: remove stale endpoints
dab0d4783 fix: allow static hosts in /etc/hosts without hostname
45f214154 feat: update go-kubernetes to use new Myers diff
35ad0448c fix: switch to better Myers algorithm implementation
0048464be feat: update etcd to v3.6.8
5df10f260 fix: use mcopy instead of diskfs to populate VFAT
ce53ffa90 fix: disks flag parsing and handling in create qemu command
3bd3dd7ca fix: memory overuse in imager VFAT
f118ee47e fix: read multi-doc machine config with newer talosctl
70c6c2154 feat: add filter for KubeSpan advertised networks
daf18abf4 fix: fix talosctl debug in enforcing mode
33b5b2565 fix: ignore volumes in wave calculation without provisioning
a16392559 feat: add explicit service account support to Talos client
4d531884e chore: update dependencies
406b8c83c feat: update doc links to docs.siderolabs.com
87615f551 feat: implement network policies with Flannel CNI
6995bc1b1 chore: update homebrew formula on release
7942d5a98 fix: image gc controller config
52e8727d0 feat: add IPv6 GRE support
9690dbad0 chore: bump tools (including linter)

Dependency Changes

cloud.google.com/go/auth v0.20.0 new
github.com/CalebQ42/squashfs v1.4.1 new
github.com/google/go-containerregistry v0.20.7 -> v0.21.5
github.com/in-toto/attestation v1.2.0 new
github.com/jellydator/ttlcache/v3 v3.4.0 new
github.com/klauspost/compress v1.18.3 -> v1.18.5
github.com/knadh/koanf/providers/file v1.2.0 -> v1.2.1
github.com/knadh/koanf/v2 v2.3.0 -> v2.3.4
github.com/minio/minio-go/v7 v7.0.97 -> v7.0.100
github.com/nicksnyder/go-i18n/v2 v2.6.0 -> v2.6.1
github.com/siderolabs/crypto v0.6.4 -> v0.6.5
github.com/siderolabs/go-blockdevice/v2 v2.0.23 -> v2.0.28
github.com/siderolabs/go-debug v0.6.1 -> v0.6.2
github.com/siderolabs/pkgs v1.13.0-alpha.0-40-g553e0fb -> v1.13.0-beta.0-14-gb121566
github.com/siderolabs/talos 2628eb2ece05 -> v1.13.0-rc.0
github.com/siderolabs/talos/pkg/machinery 2628eb2ece05 -> v1.13.0-rc.0
github.com/sigstore/cosign/v3 v3.0.4 -> v3.0.6
github.com/sigstore/protobuf-specs v0.5.1 new
github.com/sigstore/rekor v1.5.1 new
github.com/sigstore/sigstore v1.10.4 -> v1.10.5
github.com/sigstore/sigstore-go v1.1.4 new
github.com/spdx/tools-golang v0.5.7 new
github.com/u-root/u-root v0.15.0 -> v0.16.0
go.uber.org/goleak v1.3.0 new
go.yaml.in/yaml/v4 v4.0.0-rc.3 -> v4.0.0-rc.4
golang.org/x/sync v0.19.0 -> v0.20.0
golang.org/x/sys v0.40.0 -> v0.43.0
golang.org/x/text v0.33.0 -> v0.36.0
google.golang.org/protobuf f2248ac996af new

Previous release can be found at v1.0.3