v16.7.8

2024-12-18 21:27:54 +00:00 · 2024-11-28 21:23:30 +00:00 · 2024-11-28 21:23:30 +00:00 · 21becded50
commit 21becded50
parent f3aade7c06
6 changed files with 104 additions and 221 deletions
--- a/.versionbot/CHANGELOG.yml
+++ b/.versionbot/CHANGELOG.yml
@ -1,3 +1,37 @@
 - commits:
    - subject: Clean up remaining locks on state settle
      hash: 9c09329b86f08523501d4fbc54511cb2051b4bea
      body: |
        Locks could remain from a previous supervisor run that didn't get to
        settle the state. This ensures that cleanup will happen for remaining
        locks every time the state is settled.
      footer:
        Change-type: patch
        change-type: patch
      author: Felipe Lalanne
      nested: []
    - subject: Refactor update-locks implementation
      hash: 3c6e9dd209a259211ed3fd2e7bbe00f3235f87aa
      body: |
        The refactor simplifies the implementation and ensures that locks per
        app can only be held by one supervisor task at the time.
      footer:
        Change-type: patch
        change-type: patch
      author: Felipe Lalanne
      nested: []
    - subject: Refactor lockfile module
      hash: d8f54c05e7536096576ada4db3294785bef6b0ff
      body: |
        Updated interfaces for clarity
      footer:
        Change-type: patch
        change-type: patch
      author: Felipe Lalanne
      nested: []
  version: 16.7.8
  title: ""
  date: 2024-11-28T21:23:24.352Z
 - commits:
    - subject: "Firewall: allow DNS requests from custom Docker bridge networks"
      hash: 7e1cafa866d7ce04d983a990aa219dbd23de26c7
@ -1719,14 +1753,9 @@
 - commits:
    - subject: Remove dependency on @balena/happy-eyeballs
      hash: 08727ed2b5f67c55b2469d3ee5c5e2857119521b
-      body: >
+      body: |
        Node 20 now implements the happy eyeballs algorithm as part of its core
-
+        `net` module, with the [autoSelectFamily](https://nodejs.org/docs/latest-v20.x/api/net.html#netgetdefaultautoselectfamily) option of `socket.connect`. This option defaults to `true`, meaning that a separate
        `net` module, with the
        [autoSelectFamily](https://nodejs.org/docs/latest-v20.x/api/net.html#netgetdefaultautoselectfamily)
        option of `socket.connect`. This option defaults to `true`, meaning that
        a separate
        implementation of happy eyeballs is no longer needed.
      footer:
        Change-type: patch
@ -1817,15 +1846,10 @@
 - commits:
    - subject: Fix support for rsync deltas
      hash: 24e222045ac511cd4fbb3be66e57eb678a29d854
-      body: >
+      body: |
-        Rsync (v2) deltas have been broken since [Supervisor
+        Rsync (v2) deltas have been broken since [Supervisor v14](https://github.com/balena-os/balena-supervisor/commit/460c3ba0aab31d18a02e3f5dda1838691768c494). While considered legacy,
        v14](https://github.com/balena-os/balena-supervisor/commit/460c3ba0aab31d18a02e3f5dda1838691768c494).
        While considered legacy,
        they are still used by a few customers with devices running OS < 2.47.1.
        This should fix v2 delta support for those devices until we can
        completely remove rsync deltas from the supervisor
      footer:
        Change-type: patch
@ -1888,32 +1912,19 @@
 - commits:
    - subject: Add special case for base DTO params on RPI config
      hash: 6e6a796da5ecc846248eae4c8495bc626964c038
-      body: >
+      body: |
-        While ordering is important in the RPI firmware configuration file
+        While ordering is important in the RPI firmware configuration file (config.txt),
        (config.txt),
        some dt params are by default considered part of the base dt overlay
        if they are not used by other overlays.
-
+        Unfortunately the [list of dtparams](https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README#L133)
        Unfortunately the [list of
        dtparams](https://github.com/raspberrypi/firmware/blob/master/boot/overlays/README#L133)
        is too long to add all of them as exceptions, but we can add the params
        used in the default config.txt provided in OS images, to avoid reboots
        when updating to this new supervisor and correctly parsing the
        provisioning config.txt as variables.
        While this addition handles most common scenarios, there is still a
        chance a user may have use other base overlay dt params in the initial
        config, in which case those will be interpreted according to the
        relative ordering
      footer:
        Change-type: patch
@ -3334,21 +3345,13 @@
 - commits:
    - subject: Log uncaught promise exceptions on the app entry
      hash: 676464142690da2e36a810cb35e4ea4d0d751636
-      body: >
+      body: |
-        Node 15 [changed the way it treats unhandled promise
+        Node 15 [changed the way it treats unhandled promise rejections](https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md#throw-on-unhandled-rejections---33021) from a warning to a throw.
-        rejections](https://github.com/nodejs/node/blob/main/doc/changelogs/CHANGELOG_V15.md#throw-on-unhandled-rejections---33021)
+        For this reason errors like a corrupt migration directory, that happens when trying to
        from a warning to a throw.
        For this reason errors like a corrupt migration directory, that happens
        when trying to
        roll back to a previous supervisor version were no longer showing a
        message but dumping the full minimized code into the journal logs.
        This PR adds a catchall on app.ts to log the exception and throw an exit
        code of 1.
      footer:
        Change-type: patch
@ -3361,13 +3364,9 @@
 - commits:
    - subject: Fix assertion error in restart-service
      hash: b9e1464d96824f5332c71324d753d94ddbdecf90
-      body: >
+      body: |
-        From:
+        From: https://github.com/balena-os/balena-supervisor/pull/2153/commits/c0b4fafe842115933b1da9b4d68e601a19c3e4eb
-        https://github.com/balena-os/balena-supervisor/pull/2153/commits/c0b4fafe842115933b1da9b4d68e601a19c3e4eb
+        Restart-service checks that both services have restarted in its test assertion, which is
        Restart-service checks that both services have restarted in its test
        assertion, which is
        incorrect as restart-service should only restart one service.
      footer:
        Change-type: patch
@ -3666,33 +3665,21 @@
      nested: []
    - subject: Reference networks by Id instead of by name
      hash: 180c4ff31ad719fb2b00217548514d42a4b5c4cf
-      body: >
+      body: |
        We have seen a few times devices with duplicated network names for some
        reason. While we don't know the cause the networks get duplicates,
        this is disruptive of updates, as the supervisor usually queries
        resource by name, resulting in a 400 error from the engine because of
        the ambiguity.
        This replaces those queries by name to queries by id. This includes
        network removal. If a `removeNetwork` step is generated, the supervisor
        opts to remove all instances of the network with the same name as it
        cannot easily resolve the ambiguity.
        This doesn't solve the problem of ambiguous networks, because even if
        networks are referenced by id when creating a container, the engine will
-
+        throw an error (see https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871)
        throw an error (see
        https://github.com/balena-os/balena-supervisor/issues/590#issuecomment-1423557871)
      footer:
        Change-type: patch
        change-type: patch
@ -3766,37 +3753,22 @@
 - commits:
    - subject: Add SIGTERM listener on application start
      hash: 6683bca07da0e6b8f822dfcb22211b24a182dc16
-      body: >
+      body: |
        As reported by issue #2100, the supervisor was not correctly reacting to
        `SIGTERM` sent by the engine when terminating the process (for instance
        before a reboot). This would lead to the supervisor requiring an
        additional 10 seconds to terminate (after which the engine will send a
        `SIGKILL`).
        The reason for this is explained by the following info coming from Node
-
+        > Node.js was not designed to run as PID 1 which leads to unexpected behaviour when running inside of Docker. For example, a Node.js process running as PID 1 will not respond to `SIGINT` (`CTRL-C`) and similar signals. [reference](https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#handling-kernel-signals)
        > Node.js was not designed to run as PID 1 which leads to unexpected
        behaviour when running inside of Docker. For example, a Node.js process
        running as PID 1 will not respond to `SIGINT` (`CTRL-C`) and similar
        signals.
        [reference](https://github.com/nodejs/docker-node/blob/main/docs/BestPractices.md#handling-kernel-signals)
        On internal testing, it was discovered that simply adding a listener for
        the signal on the Node process was enough to handle the signal, even
        when the process runs as PID 1.
        This adds a listener for `SIGTERM` before starting the supervisor main
        loop.
      footer:
        Closes: "#2100"
@ -4200,35 +4172,21 @@
 - commits:
    - subject: Migrate all device config tests to integration.
      hash: 827f892c138dd05f9402d91e43125aa3a4dc35ac
-      body: >
+      body: |
        This means that configuration backend tests no longer use stubs and
        (mostly) avoid internal dependencies in the tests. Instead of stubs and
-
+        mock-fs, the tests use [testfs](https://github.com/balena-io-modules/mocha-pod#working-with-the-filesystem)
        mock-fs, the tests use
        [testfs](https://github.com/balena-io-modules/mocha-pod#working-with-the-filesystem)
        which allows working with a real filesystem and ensuring everything is
        re-set between tests.
-
+        This is the last change needed in order to be able to merge #1971. Here is the list of changes
        This is the last change needed in order to be able to merge #1971. Here
        is the list of changes
        - [x] Migrate splash image backend tests
        - [x] Migrate extlinux backend tests
        - [x] Migrate config.txt backend tests
        - [x] Migrate extra-uenv config tests
        - [x] Migrate odmdata config tests
        - [x] Migrate config utils tests
        - [x] Migrate device-config tests
      footer:
        Change-type: patch
@ -5791,19 +5749,12 @@
 - commits:
    - subject: Ignore selinux security opts when comparing services
      hash: 1b54ce8bfd5dd3d1f14f573a0bfe17ee1dd81630
-      body: >
+      body: |
-        The moby engine v20.x.y adds some selinux [security
+        The moby engine v20.x.y adds some selinux [security configurations](https://docs.docker.com/engine/reference/run/#security-configuration)
-        configurations](https://docs.docker.com/engine/reference/run/#security-configuration)
+        depending on the [container configuration](https://github.com/moby/moby/blob/master/daemon/create.go#L214).
        depending on the [container
        configuration](https://github.com/moby/moby/blob/master/daemon/create.go#L214).
        This would cause the supervisor to enter a service restart loop as the
        current and target service configurations will never match. The
        supervisor now ignores selinux specific security options since those are
        not supported by balenaOS.
      footer:
        Closes: "#1890"
@ -6041,19 +5992,12 @@
 - commits:
    - subject: Fix `.local` dns resolution when returning multiple addresses
      hash: 39c667803d93182c595870352a597b9c07e1c9d1
-      body: >
+      body: |
        The supervisor performs its own local resolution for `.local`
-
+        addresses due to a limitation in [musl](https://wiki.musl-libc.org/future-ideas.html).
        addresses due to a limitation in
        [musl](https://wiki.musl-libc.org/future-ideas.html).
        The resolution function was not following exactly the nodejs [dns.lookup
        specification](https://nodejs.org/api/dns.html#dnslookuphostname-options-callback)
-
+        which could cause certain clients to fail (in this case happy-eyeballs). This
        which could cause certain clients to fail (in this case happy-eyeballs).
        This
        updates the function to follow the specification.
      footer:
        Change-type: patch
@ -6642,40 +6586,25 @@
 - commits:
    - subject: Fix regression with local mode push
      hash: 6f5f3bc2f3aea1bf5e5772533be80c3bfbb4e3a9
-      body: >
+      body: |
        PR #1749 introduced a bug when pushing local target state. An update to
-
+        the [image name normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81)
        the [image name
        normalization](https://github.com/balena-os/balena-supervisor/blob/f1bd4b8d9bcef29e326cbf97eaddd837c2704d19/src/lib/docker-utils.ts#L81)
        failed to consider the local image name format. This results in mangling
        of image names in the database, i.e. the image `ubuntu:latest` is stored
        as `/ubuntu:latest`. This causes an exception to be returned by the
        dockerode `getImage('/ubuntu:latest').inspect()` call.
-
+        This sends the supervisor into a crash loop and is shown on the supervisor
        This sends the supervisor into a crash loop and is shown on the
        supervisor
        journal logs as
        ```
        getaddrinfo ENOTFOUND images
            at GetAddrInfoReqWrap.onlookup [as oncomplete] (dns.js:64:26)
        ```
        Unfortunately if this happens on a user device, since the mangled image
        name is already on the database, the easiest way to fix is to remove the
        supervisor database and let the supervisor recreate it. Deleting the
        database should be side effect free.
      footer:
        Change-type: patch
@ -6913,22 +6842,14 @@
 - commits:
    - subject: Bump color-string from 1.5.3 to 1.5.5
      hash: 4518c93fcaf77727663e4f91ed922b51a5d2f94f
-      body: >
+      body: |
-        Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to
+        Bumps [color-string](https://github.com/Qix-/color-string) from 1.5.3 to 1.5.5.
        1.5.5.
        - [Release notes](https://github.com/Qix-/color-string/releases)
-
+        - [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
        -
        [Changelog](https://github.com/Qix-/color-string/blob/master/CHANGELOG.md)
        - [Commits](https://github.com/Qix-/color-string/commits/1.5.5)
        ---
        updated-dependencies:
        - dependency-name: color-string
          dependency-type: indirect
        ...
@ -8033,16 +7954,10 @@
 - commits:
    - subject: "patch: bump @types/yargs from 15.0.5 to 15.0.12"
      hash: 2c61a961c1ac2e7467ef84ac1c0896ef8c60d4be
-      body: >
+      body: |
-        Bumps
+        Bumps [@types/yargs](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/yargs) from 15.0.5 to 15.0.12.
-        [@types/yargs](https://github.com/DefinitelyTyped/DefinitelyTyped/tree/HEAD/types/yargs)
+        - [Release notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
-        from 15.0.5 to 15.0.12.
+        - [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/yargs)
        - [Release
        notes](https://github.com/DefinitelyTyped/DefinitelyTyped/releases)
        -
        [Commits](https://github.com/DefinitelyTyped/DefinitelyTyped/commits/HEAD/types/yargs)
      footer:
        Change-type: patch
        change-type: patch
@ -8055,14 +7970,10 @@
 - commits:
    - subject: "patch: bump pretty-ms from 7.0.0 to 7.0.1"
      hash: 8a4369f8dfb5d8e77a022b82f25cbeb18edbf77e
-      body: >
+      body: |
-        Bumps [pretty-ms](https://github.com/sindresorhus/pretty-ms) from 7.0.0
+        Bumps [pretty-ms](https://github.com/sindresorhus/pretty-ms) from 7.0.0 to 7.0.1.
        to 7.0.1.
        - [Release notes](https://github.com/sindresorhus/pretty-ms/releases)
-
+        - [Commits](https://github.com/sindresorhus/pretty-ms/compare/v7.0.0...v7.0.1)
        -
        [Commits](https://github.com/sindresorhus/pretty-ms/compare/v7.0.0...v7.0.1)
      footer:
        Change-type: patch
        change-type: patch
@ -8096,17 +8007,10 @@
 - commits:
    - subject: Bump systeminformation from 4.30.5 to 4.31.1
      hash: 7ccbde985ee72296b189ba338bfa7ff49c3e6866
-      body: >
+      body: |
-        Bumps
+        Bumps [systeminformation](https://github.com/sebhildebrandt/systeminformation) from 4.30.5 to 4.31.1.
-        [systeminformation](https://github.com/sebhildebrandt/systeminformation)
+        - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases)
-        from 4.30.5 to 4.31.1.
+        - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
        - [Release
        notes](https://github.com/sebhildebrandt/systeminformation/releases)
        -
        [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
        - [Commits](https://github.com/sebhildebrandt/systeminformation/commits)
      footer:
        Change-type: patch
@ -8282,19 +8186,11 @@
 - commits:
    - subject: Bump systeminformation from 4.27.11 to 4.30.5
      hash: 8036d5147950a3dfb976aaceee46a75e0025c732
-      body: >
+      body: |
-        Bumps
+        Bumps [systeminformation](https://github.com/sebhildebrandt/systeminformation) from 4.27.11 to 4.30.5.
-        [systeminformation](https://github.com/sebhildebrandt/systeminformation)
+        - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases)
-        from 4.27.11 to 4.30.5.
+        - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
-
+        - [Commits](https://github.com/sebhildebrandt/systeminformation/compare/v4.27.11...v4.30.5)
        - [Release
        notes](https://github.com/sebhildebrandt/systeminformation/releases)
        -
        [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
        -
        [Commits](https://github.com/sebhildebrandt/systeminformation/compare/v4.27.11...v4.30.5)
      footer:
        Change-type: patch
        change-type: patch
@ -8334,17 +8230,10 @@
 - commits:
    - subject: Bump systeminformation from 4.27.3 to 4.27.11
      hash: 00b1bf8a7a66d4370cf1c7128184cfc0e2808178
-      body: >
+      body: |
-        Bumps
+        Bumps [systeminformation](https://github.com/sebhildebrandt/systeminformation) from 4.27.3 to 4.27.11.
-        [systeminformation](https://github.com/sebhildebrandt/systeminformation)
+        - [Release notes](https://github.com/sebhildebrandt/systeminformation/releases)
-        from 4.27.3 to 4.27.11.
+        - [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
        - [Release
        notes](https://github.com/sebhildebrandt/systeminformation/releases)
        -
        [Changelog](https://github.com/sebhildebrandt/systeminformation/blob/master/CHANGELOG.md)
        - [Commits](https://github.com/sebhildebrandt/systeminformation/commits)
      footer:
        Change-type: patch
@ -11001,26 +10890,17 @@
 - commits:
    - subject: Add label to expose gpu to container
      hash: ae646a07ec6a6c96f7cb91f1d37898a94dbab47a
-      body: >
+      body: |
-        In the absence of an upstream implementation of the DeviceRequest API
+        In the absence of an upstream implementation of the DeviceRequest API introduced
        introduced
        as part of Docker API v1.40 we roll our own using a feature label.
        As per my comment in the code, we fall back to the default behavior of
        docker cli's `--gpu` and request single device with the `gpu` capabilty.
        The only implementation at the moment is the NVIDIA driver; here:
        https://github.com/balena-os/balena-engine/blob/master/daemon/nvidia_linux.go
        Background on the composefile implementation:
        https://github.com/compose-spec/compose-spec/issues/74
        https://github.com/docker/compose/issues/6691
      footer:
        Change-type: patch
@ -13040,14 +12920,10 @@
      author: Cameron Diver
    - subject: Bump mixin-deep from 1.3.1 to 1.3.2
      hash: d0f35359b3f32a87804f760c1d5303c380ea730f
-      body: >
+      body: |
-        Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from
+        Bumps [mixin-deep](https://github.com/jonschlinkert/mixin-deep) from 1.3.1 to 1.3.2.
        1.3.1 to 1.3.2.
        - [Release notes](https://github.com/jonschlinkert/mixin-deep/releases)
-
+        - [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)
        -
        [Commits](https://github.com/jonschlinkert/mixin-deep/compare/1.3.1...1.3.2)
      footer:
        Change-type: patch
        change-type: patch
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,13 @@ All notable changes to this project will be documented in this file
 automatically by Versionist. DO NOT EDIT THIS FILE MANUALLY!
 This project adheres to [Semantic Versioning](http://semver.org/).
 # v16.7.8
 ## (2024-11-28)
 * Clean up remaining locks on state settle [Felipe Lalanne]
 * Refactor update-locks implementation [Felipe Lalanne]
 * Refactor lockfile module [Felipe Lalanne]
 # v16.7.7
 ## (2024-11-11)
--- a/2
+++ b/2
@ -1 +1 @@
-16.7.7
+16.7.8
--- a/balena.yml
+++ b/balena.yml
@ -2,6 +2,6 @@ name: balena-supervisor
 description: 'Balena Supervisor: balena''s agent on devices.'
 joinable: false
 type: sw.application
-version: 16.7.7
+version: 16.7.8
 provides:
  - slug: sw.compose.long-volume-syntax
--- a/package-lock.json
+++ b/package-lock.json
@ -1,12 +1,12 @@
 {
  "name": "balena-supervisor",
-  "version": "16.7.7",
+  "version": "16.7.8",
  "lockfileVersion": 3,
  "requires": true,
  "packages": {
    "": {
      "name": "balena-supervisor",
-      "version": "16.7.7",
+      "version": "16.7.8",
      "license": "Apache-2.0",
      "dependencies": {
        "@balena/systemd": "^0.5.0",
--- a/package.json
+++ b/package.json
@ -1,7 +1,7 @@
 {
  "name": "balena-supervisor",
  "description": "This is balena's Supervisor, a program that runs on IoT devices and has the task of running user Apps (which are Docker containers), and updating them as the balena API informs it to.",
-  "version": "16.7.7",
+  "version": "16.7.8",
  "license": "Apache-2.0",
  "repository": {
    "type": "git",
@ -135,6 +135,6 @@
    "yargs": "^17.7.2"
  },
  "versionist": {
-    "publishedAt": "2024-11-11T19:02:35.007Z"
+    "publishedAt": "2024-11-28T21:23:24.872Z"
  }
 }