SUSE-RU-2022:1754-1: critical: Recommended update for ignition

sle-updates at lists.suse.com sle-updates at lists.suse.com
Thu May 19 19:16:55 UTC 2022 

   SUSE Recommended Update: Recommended update for ignition
______________________________________________________________________________

Announcement ID:    SUSE-RU-2022:1754-1
Rating:             critical
References:         #1196679 
Affected Products:
                    SUSE Linux Enterprise Micro 5.2
______________________________________________________________________________

   An update that has one recommended fix can now be installed.

Description:

   This update for ignition fixes the following issues:

   - Use /bin/sh instead of /usr/bin/sh (for backwards compatibility with SLE
     Micro 5.1) (bsc#1196679)

     - Don't ignore errors in loops
     - Unmount mount points recursively - a new submount may have appeared
     - Split umount part into own service file:
     - Unmounts the additional mounts as soon as they are not required for
       Ignition any more; the ExecStop operation is running quite late in
       initrd and may unmount essential mount points flagged with
       "x-initrd.mount" (e.g. when storing /usr on a separate mount point).
       In theory this will also affect Ignition itself, but it hasn't been
       reported as a problem so far.

   - Don't include non-MarkDown files in documentation

   - Add ignition-touch-selinux-autorelabel.conf: Trigger SELinux autorelabel
     after Ignition runs; Ignition would support SELinux itself, however this
     is a compile time option, so it can't be used here.
   - Filter commented lines in ignition-mount-initrd-fstab.service

   - Remove /var/lib/YaST2/reconfig_system if a config was provided:

   - Add support for NetworkManager in dracut:

   - Update to version 2.13.0:
     * news: add notes for 2.13.0
     * config/v3_4_exp: noProxy entries cannot be null
     * config/v3_4_exp: mark ignition.version as required
     * docs/supported-platforms: add some description about Nutanix
     * providers/nutanix: add Nutanix platform
     * tests: use umountPath as a thin wrapper around umountPartition
     * internal/providers: refactor handling of unmounting the mount path
     * tests: address gostatic-check warning
     * tests: Add base64 decoding test
     * Dockerfile.validate: build with Fedora 35
     * go.mod: update dataurl to 1.0.0
     * ci: give blackbox tests two hours to run
     * tests/filesystem: fix umountPartition retry loop
     * templates: skip vendoring the new version in favor of dependabot
     * go.mod: update vcontext
     * providers/virtualbox: read config from /Ignition/Config guest property
     * stages/filesystems: use mkfs.fat instead of mkfs.vfat
     * docs/supported-platforms: switch to Afterburn docs URL
     * docs/supported-platforms: drop reference to platform-specific agents
     * test: ensure all platforms are documented
     * docs/supported-platforms: add missing platforms
     * stages/files: rename `relabelDirsForFile` and add docstring
     * stages/files: make variable name follow Go convention
     * docs/supported-platforms: update platform names and URLs
     * docs/supported-platforms: sort by platform ID
     * docs/supported-platforms: add platform IDs
     * docs: Remove default layout from front matter
     * docs: Do not convert -- & --- to en/em-dash
     * internal/*: change the location of Ignition report
     * internal/exec/util: rename FindFirstMissingDirForFile and tweak docs
     * providers/qemu: start reporting progress reading fw_cfg after 10 s
     * providers/qemu: optimize fw_cfg read size
     * ci: use coreos-ci-lib helper for kola testiso
     * *: gofmt 1.17
     * workflows: bump Go and golangci-lint
     * config: update versions in comments
   - Removed obsolete ignition-rpmlintrc

   - Make sure to create /boot/writable (may not be present in some images)

   - is-live-image doesn't exist on *SUSE, and our live images don't use
     Ignition, so just add the Ignition device dependency to the service file
     directly.

   - Update to version 2.12.0:
     * news: add notes for 2.12.0
     * stages/files: add previousReport to result report
     * tests: fix linter warning
     * workflows: limit permissions to reading repo contents
     * workflows: bump linter version
     * go.mod: revendor
     * Drop EOL Go versions
     * internal/distro: drop DiskByIDDir
     * providers/azure: add support for azure gen2 VMs [bsc#1196679]
     * stages/mount: correctly relabel the root of a fresh ext4 filesystem
     * exec: fix permissions for mountpoints in home dirs
     * tests: drop os.ModeDir requirement in mode of output directories
     * examples: reboot with --force
     * exec/util: add blkid API to query block devices based on FSTYPE
     * stages/files: use IntToPtr() in createCrypttabEntries()
     * stages/files: write result report to /var/lib/ignition
     * engine: persist fetched config summaries in State
     * stages/disks: use State to persist keyfiles for files stage
     * *: add general mechanism for persisting state between stages
     * main: drop -clear-cache flag
     * engine: don't hardcode neednet path
     * fetch-offline: return ErrNeedNet if we need net
     * engine: switch Engine.logReport() to pointer receiver
     * engine: fix incorrect error in log message
     * dracut: drop ignition-setup-user.service
     * dracut: drop reference to ignition-setup-base.service
     * providers/gcp: access GCP metadata service by IP address
     * Remove ignition-firstboot-complete.service
     * OWNERS: remove
     * internal/exec/util: drop device argument from cResultToErr()
     * docs/config*: document storage.luks.clevis.threshold default
     * ci: disable spec bump external test workaround
     * docs: Add Ignition release / Spec version table
     * templates: update example releng signing ticket
     * templates: don't update %gotest lines
   * Provide ignition-firstboot-complete.service (removed by upstream due to
     correctly being considered distro spcific), based on the
     old upstream version; removed all non-SUSE specific stuff and integrated
      our own changes
   * Removed change-ignition-firstboot-path.conf (changes are integrated into
     ignition-firstboot-complete.service now).
   * Provide ignition-setup-user.service  (removed by upstream due to
     correctly being considered distro spcific), based on the old upstream
     version.
   * Renamed ignition-setup-user-suse.sh to ignition-setup-user.sh
   * Adapted ignition-generator-suse and module-setup.sh to use the custom
     ignition-setup-user.service (no overriding of parts of the service file
     necessary any more).
   * Synced ignition-kargs-helper script with upstream example
   * Raising minimum Go version to 1.15 as required by upstream


Patch Instructions:

   To install this SUSE Recommended Update use the SUSE recommended installation methods
   like YaST online_update or "zypper patch".

   Alternatively you can run the command listed for your product:

   - SUSE Linux Enterprise Micro 5.2:

      zypper in -t patch SUSE-SUSE-MicroOS-5.2-2022-1754=1



Package List:

   - SUSE Linux Enterprise Micro 5.2 (aarch64 s390x x86_64):

      ignition-2.13.0-150300.6.3.1
      ignition-debuginfo-2.13.0-150300.6.3.1
      ignition-dracut-grub2-2.13.0-150300.6.3.1


References:

   https://bugzilla.suse.com/1196679

More information about the sle-updates mailing list