Skip to content

Infix v24.06.0
Compare
Choose a tag to compare
@github-actions github-actions released this 28 Jun 16:11
· 192 commits to main since this release
v24.06.0
a672074

Note: this release contains breaking changes in YANG models
that are incompatible with existing configuration files. So, after
upgrade, but before reboot, a factory reset is required!

Changes

  • Upgrade Buildroot to 2024.02.3 (LTS)
  • Upgrade Linux kernel to 6.6.34 (LTS)
  • Upgrade bundled curiOS httpd container to v24.05.0
  • Default web landing page refactored into a Buildroot package to make it possible to overload from customer repos.
  • Enable DCB support in aarch64 kernel (for EtherType prio override)
  • Topology mapper improvements, including option for deterministic reproduction of logical to physical mappings
  • New version of gencert tool, for self signed HTTPS certificates. This allows dropping dependency on building a host rust toolchain
  • Issue #374: add timestamps to dagger .log files
  • Add small delay in U-Boot to allow stopping boot on reference boards
  • Document how to provision the bootloader and Infix on a blank board
  • Use initial hostname from /etc/os-release as configuration fallback
  • Update documentation for use of VETH pairs in containers
  • Issue #454: create bridges in factory-config with IGMP/MLD snooping enabled by default
  • The following YANG models have been updated to newer draft versions: ietf-crypto-types, ietf-keystore, ietf-netconf-server, ietf-ssh-common, ietf-ssh-server, ietf-tcp-client, ietf-tcp-common, ietf-tcp-server, ietf-tcp-server, ietf-tcp-server, ietf-tcp-server. In these there are a lot of breaking changes, so you need to redo your configuration from factory-config!
  • The Augeas package has been dropped, so augtool is no longer available
  • VLAN interfaces can now map the incoming PCP value to the kernel-internal priority on ingress, and perform the reverse mapping on egress.
  • mv88e6xxx ports can now use Linux's priority information to select the appropriate egress queue, via the mqprio queuing discipline
  • Add logging of output from container start/stop action
  • Clean up stale directories after OCI container archive import
  • Add support for show leaf-node in CLI configure context
  • Allow non-admin users to use the CLI. NACM rules still apply
  • Ensure filesystem is sync'ed properly after a CLI copy command
  • Issue #178: add early boot script to migrate configuration files of older version to new syntax. Initial, rudimentary support, for the change in shell types
  • Issue #308: add version field to configuration file using a new model, infix-meta.yang. Used to trigger migration from older formats to newer on future breaking changes
  • Issue #432: extract YANG documentation at build time. Part of the release tarballs is now yangdoc.html for the complete tree of all YANG configuration, operational data, RPCs, and notification nodes
  • Issue #435: add support for $factory$ password hash. This allows backing up configuration files with device specific passwords. Upon restore to another device this ensures the replacement's password is used instead of the originals'
  • Issue #435: add support for hostname format specifiers. The default hostname configuration is now %h-%m to encode, infix-c0-ff-ee
  • Issue #435: support for "empty" NETCONF host keys. Primarily used in static factory-config setups. When a configuration is detected with this, the automatically generated, device specific 2048 bit RSA host key pair is used. With this, vendor/product specific factory-config is now fully supported. See src/confd/README.md
  • Issue #447: add support for yescrypt, $y$ hashes. This also adds support for $0$cleartext password according to ietf-system.yang
  • Issue #455: split CLI tutorial into multiple files for easy access from the CLI admin-exec context using the help command
  • Issue #478: add operational support for ietf-system.yang, reading actual hostname and passwords after issue #435
  • Merge infix-shell-types.yang with infix-system.yang
  • cli: improved error/warning message on missing or incomplete command

Fixes

  • Fix #424: regression, root user can log in without password
  • Fix build regressions in cn9130_crb_boot_defconfig caused by upgrade to Buildroot v2024.02 and recent multi-key support in RAUC and U-Boot
  • Fix provisioning script after changes to make GRUB loading more robust
  • Fix missing /etc/resolv.conf, as noticed by avahi-daemon, when a user calls no system from the CLI
  • Fix #428: loss of admin account after upgrade to v24.04
  • Fix #429: failing to load startup-config does not trigger the fail secure mode, causing the system to end up in an undefined state
  • Fix #453: fix inconsistent behavior of custom MAC address (interface phys-address for VETH pairs. Allows fixed MAC in containers
  • Fix #462: increase port column width for CLI show bridge mdb
  • Fix #468: non-admin users can get a POSIX shell as login shell, root cause was buggy Augeas library, replaced with plain C API.
  • Fix #469: non-admin users added to any group get administrator privileges (added to UNIX wheel group)
  • Fix #473: bridge interface with IPv6 SLAAC never get global prefix
  • Fix #476: Custom command for containers not working
  • Fix #479: timeout from underlying datastore when disabling containers in configuration. Only disabling (stopping) container now done in the configuration change, removal of container done in the background
  • Fix locking issue with standard counter groups on mv88e6xxx
  • Add missing LICENSE hash for factory reset tool
  • Fix timeout handling in container restart command
  • Fix MDB/ATU synchronization issue from IGMPv3/MLDv2 reports on mv88e6xxx systems
Assets 8
Loading