SSH (client) verbosity config

* help debug random failures during test execution

change-type: patch

.github/renovate.json

@@ -1,27 +0,0 @@
-{
-  "extends": ["github>balena-io/renovate-config"],
-  "ignorePaths": [
-    "**/node_modules/**",
-    "**/bower_components/**",
-    "**/vendor/**",
-    "**/examples/**",
-    "**/__tests__/**",
-    "**/test/**",
-    "**/tests/suites/**",
-    "**/__fixtures__/**",
-    "**/Dockerfile.template"
-  ],
-  "customManagers": [
-    {
-      "customType": "regex",
-      "fileMatch": [
-        ".*"
-      ],
-      "matchStrings": [
-        ".*amiFilter=(?<packageName>.*?)\n(.*currentImageName=(?<currentDigest>.*?)\n)?(.*\n)?.*?(?<depName>[a-zA-Z0-9-_:]*)[ ]*?[:|=][ ]*?[\"|']?(?<currentValue>ami-[a-z0-9]{17})[\"|']?.*"
-      ],
-      "datasourceTemplate": "aws-machine-image",
-      "versioningTemplate": "aws-machine-image"
-    }
-  ]
-}

.github/workflows/flowzone.yml

@@ -8,11 +8,6 @@ on:
     types: [opened, synchronize, closed]
     branches: [main, master]
 
-permissions:
-  contents: read
-  id-token: "write"  # AWS GitHub OIDC required: write
-  packages: read
-
 jobs:
   flowzone:
     name: Flowzone
@@ -30,6 +25,15 @@ jobs:
     with:
       jobs_timeout_minutes: 60
       cloudflare_website: open-balena
+      custom_runs_on: |
+        [
+          [
+            "self-hosted",
+            "Linux",
+            "X64"
+          ]
+        ]
+
       balena_slugs: |
         balena/open-balena
 

.github/workflows/tests.yml

@@ -51,8 +51,8 @@ jobs:
             launch_template_version: ${{ vars.AWS_EC2_LT_VERSION || '6' }}
             # https://docs.renovatebot.com/modules/datasource/aws-machine-image/
             # amiFilter=[{"Name":"owner-id","Values":["099720109477"]},{"Name":"name","Values":["ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-*"]},{"region":"us-east-1"}]
-            # currentImageName=ubuntu/images/hvm-ssd-gp3/ubuntu-noble-24.04-amd64-server-20250610
-            ami: ami-020cba7c55df1f615
+            # currentImageName=unknown
+            ami: ami-04b70fa74e45c3917
             subdomain:  ${{ vars.DNS_SUBDOMAIN || 'auto' }}
             dns_tld: ${{ vars.DNS_TLD || 'balena-devices.com' }}
 
@@ -60,9 +60,9 @@ jobs:
           - target: balena-public-pki
             launch_template_version: ${{ vars.AWS_EC2_LT_VERSION || '6' }}
             # https://docs.renovatebot.com/modules/datasource/aws-machine-image/
-            # amiFilter=[{"Name":"owner-id","Values":["491725000532"]},{"Name":"name","Values":["balenaOS!(-secureboot)-*.*.*-generic-amd64"]},{"region":"us-east-1"}]
-            # currentImageName=balenaOS-6.5.29-generic-amd64
-            ami: ami-0ffdbd60c5229c1e2
+            # amiFilter=[{"Name":"owner-id","Values":["491725000532"]},{"Name":"name","Values":["balenaOS-installer-secureboot-*-generic-amd64"]},{"region":"us-east-1"}]
+            # currentImageName=unknown
+            ami: ami-03a3995797dee84fa
             # https://dash.cloudflare.com/001b3ed2352612aaa068aca1b0022736/balena-devices.com/dns
             subdomain:  ${{ vars.DNS_SUBDOMAIN || 'auto' }}
             dns_tld: ${{ vars.DNS_TLD || 'balena-devices.com' }}
@@ -73,16 +73,13 @@ jobs:
       name: ${{ matrix.target }}
 
     steps:
-    - uses: actions/checkout@09d2acae674a48949e3602304ab46fd20ae0c42f
-      with:
-        persist-credentials: false
-        ref: ${{ github.event.pull_request.head.sha }}
+    - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
 
     # https://github.com/unfor19/install-aws-cli-action
     - name: Setup awscli
       uses: unfor19/install-aws-cli-action@e8b481e524a99f37fbd39fdc1dcb3341ab091367 # v1
 
-    - uses: aws-actions/configure-aws-credentials@3bb878b6ab43ba8717918141cd07a0ea68cfe7ea
+    - uses: aws-actions/configure-aws-credentials@febab93d024649c3429d6b4609fe0a64bd9803f3
       with:
         aws-region: ${{ vars.AWS_REGION || 'us-east-1' }}
         role-session-name: github-${{ github.job }}-${{ github.run_id }}-${{ github.run_attempt }}
@@ -102,12 +99,10 @@ jobs:
 
     # https://github.com/balena-io-examples/setup-balena-action
     - name: Setup balena CLI
-      uses: balena-io-examples/setup-balena-action@a3dc55eb5a1efe3368778f19b9b8a2ac41ddf44c # v0.0.20
-      env:
-        # renovate: datasource=github-releases depName=balena-io/balena-cli
-        BALENA_CLI_VERSION: v22.1.1
+      uses: balena-io-examples/setup-balena-action@main
       with:
-        cli-version: ${{ env.BALENA_CLI_VERSION }}
+        # renovate: datasource=github-releases depName=balena-io/balena-cli
+        cli-version: v18.2.17
 
     # https://github.com/pdcastro/ssh-uuid#why
     # https://github.com/pdcastro/ssh-uuid#linux-debian-ubuntu-others
@@ -183,7 +178,7 @@ jobs:
         AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
 
     # https://github.com/webfactory/ssh-agent
-    - uses: webfactory/ssh-agent@a6f90b1f127823b31d4d4a8d96047790581349bd # v0.9.1
+    - uses: webfactory/ssh-agent@dc588b651fe13675774614f8e6a936a468676387 # v0.9.0
       with:
         ssh-private-key: ${{ steps.generate-key-pair.outputs.ssh_private_key }}
 
@@ -245,8 +240,9 @@ jobs:
         with_backoff balena login --token '${{ secrets.BALENA_API_KEY }}'
 
         pr_id='${{ github.event.pull_request.id }}'
+        head_sha='${{ github.event.pull_request.head.sha || github.event.head_commit.id }}'
         release_id="$(with_backoff balena releases '${{ matrix.fleet }}' --json \
-          | jq -r --arg pr_id "${pr_id}" --arg head_sha "${COMMIT}" '.[]
+          | jq -r --arg pr_id "${pr_id}" --arg head_sha "${head_sha}" '.[]
           | select(.release_tag[].tag_key=="balena-ci-commit-sha")
           | select(.release_tag[].value==$head_sha)
           | select(.release_tag[].tag_key=="balena-ci-id")
@@ -258,9 +254,6 @@ jobs:
 
         with_backoff balena device ${{ steps.register-test-device.outputs.balena_device_uuid }}
 
-      env:
-        COMMIT: ${{ github.event.pull_request.head.sha  }}
-
     - name: configure balenaOS test device environment
       if: matrix.target == 'balena-public-pki'
       run: |
@@ -392,10 +385,6 @@ jobs:
           --service cert-manager \
           --device '${{ steps.register-test-device.outputs.balena_device_uuid }}'
 
-        with_backoff balena env add AWS_SESSION_TOKEN '${{ env.AWS_SESSION_TOKEN }}' \
-          --service cert-manager \
-          --device '${{ steps.register-test-device.outputs.balena_device_uuid }}'
-
     - name: provision balenaOS ephemeral SUT
       id: balena-sut
       if: matrix.target == 'balena-public-pki'
@@ -809,14 +798,6 @@ jobs:
                 && rm -f "\${tmphosts}" \
                 && getent hosts api.${{ matrix.subdomain }}.${{ matrix.dns_tld }} | grep 127.0.1.1
 
-              sshd -T
-              service ssh restart
-
-          # https://forums.docker.com/t/docker-compose-through-ssh-failing-and-referring-to-docker-example-com/115165/18
-          - path: /etc/ssh/sshd_config.d/00-cloud-init
-            content: |
-              MaxStartups 100:0:100
-
         # cloud-init runs as root
         # (e.g.) https://cloudinit.readthedocs.io/en/latest/reference/merging.html#example-cloud-config
         runcmd:
@@ -858,13 +839,10 @@ jobs:
         aws ec2 wait instance-running --instance-ids "${instance_id}"
         with_backoff aws ec2 wait instance-status-ok --instance-ids "${instance_id}"
 
-        private_ip="$(aws ec2 describe-instances --instance-id "${instance_id}" \
-          | jq -r .Reservations[].Instances[].PrivateIpAddress)"
-        echo "private_ip=${private_ip}" >>"${GITHUB_OUTPUT}"
-
       env:
         ATTEMPTS: 2
         AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-east-1' }}
+        COMMIT: ${{ github.event.pull_request.head.sha || github.event.head_commit.id || github.event.pull_request.head.ref }}
 
     - name: SUT&DUT (Ubuntu/compose)
       if: matrix.target == 'compose-private-pki'
@@ -898,27 +876,19 @@ jobs:
         trap 'log_output' EXIT
 
         # https://docs.aws.amazon.com/systems-manager/latest/userguide/session-manager-getting-started-enable-ssh-connections.html
-        mkdir -p "${HOME}/.ssh/controlmasters"
         cat << EOF > "${HOME}/.ssh/config"
-        host *
-            StrictHostKeyChecking no
-            UserKnownHostsFile /dev/null
-
         host i-*
             StrictHostKeyChecking no
             UserKnownHostsFile /dev/null
-            TCPKeepAlive yes
-            ServerAliveInterval 5
-            ControlPath "${HOME}/.ssh/controlmasters/%r@%h:%p"
-            ControlMaster auto
-            ControlPersist 5m
             ProxyCommand sh -c "aws ssm start-session --target %h --document-name AWS-StartSSHSession --parameters 'portNumber=%p'"
+            # QUIET, FATAL, ERROR, INFO, VERBOSE, DEBUG, DEBUG1, DEBUG2, and DEBUG3
+            LogLevel ${{ vars.SSH_VERBOSE || 'ERROR' }}     
         EOF
 
         # docs/getting-started.md
         cmds="set -ax \
           && cloud-init status --wait --long && cat </var/log/cloud-init-output.log \
-          && sudo -u balena git clone https://token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.event.pull_request.head.repo.full_name }}.git /home/balena/open-balena \
+          && sudo -u balena git clone https://token:${{ secrets.GITHUB_TOKEN }}@github.com/${{ github.repository }}.git /home/balena/open-balena \
           && sudo -u balena git config --global --add safe.directory /home/balena/open-balena \
           && cd /home/balena/open-balena \
           && sudo -u balena git checkout ${COMMIT} \
@@ -1030,16 +1000,6 @@ jobs:
         with_backoff balena keys | grep ${{ steps.provision-ssh-key.outputs.key_id }} \
           | awk '{print $1}' | xargs --no-run-if-empty balena key rm --yes
 
-    - name: remove AWS/EC2 key-pair
-      if: always() && matrix.target == 'compose-private-pki'
-      continue-on-error: true
-      run: |
-        set -ue
-
-        [[ '${{ vars.VERBOSE }}' =~ on|On|Yes|yes|true|True ]] && set -x
-
-        aws ec2 delete-key-pair --key-name ${{ steps.generate-key-pair.outputs.key_name }}
-
     - name: delete balenaOS test device
       if: always() && matrix.target == 'balena-public-pki'
       continue-on-error: true

.pre-commit-config.yaml

@@ -1,17 +0,0 @@
-# See https://pre-commit.com for more information
-# See https://pre-commit.com/hooks.html for more hooks
-exclude: ^(.versionbot/|CHANGELOG.md|VERSION|README.md)
-repos:
--   repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v5.0.0
-    hooks:
-    -   id: trailing-whitespace
-    -   id: end-of-file-fixer
-    -   id: check-yaml
-        args: [--allow-multiple-documents]
-    -   id: check-added-large-files
-
--   repo: https://github.com/shellcheck-py/shellcheck-py
-    rev: v0.10.0.1
-    hooks:
-    -   id: shellcheck

Makefile

@@ -145,7 +145,7 @@ auto-pki: config # Start all services using LetsEncrypt and ACME
 	@docker compose up -d
 	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="/certs/export/chain.pem Certificate will not expire in [0-9] days"
 	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="subject=CN = ${DNS_TLD}"
-	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="issuer=C = US, O = Let's Encrypt, CN = .*"
+	@$(MAKE) waitlog SERVICE=cert-manager LOG_STRING="issuer=C = US, O = Let's Encrypt, CN = R3"
 	@$(MAKE) wait SERVICE=haproxy
 	@$(MAKE) showenv
 	@$(MAKE) showpass

README.md

@@ -16,23 +16,6 @@ images to your devices.
 
 To learn more about openBalena, visit [balena.io/open][open-balena-website].
 
-- [Features](#features)
-- [Getting Started](#getting-started)
-- [Compatibility](#compatibility)
-- [Documentation](#documentation)
-- [Getting Help](#getting-help)
-- [Contributing](#contributing)
-- [Roadmap](#roadmap)
-- [Differences between openBalena and balenaCloud](#differences-between-openbalena-and-balenacloud)
-- [License](#license)
-- [FAQ](#faq)
-  - [How do you ensure continuity of openBalena? Are there security patches on openBalena?](#how-do-you-ensure-continuity-of-openbalena-are-there-security-patches-on-openbalena)
-  - [How do you ensure the "Join" command actually works between openBalena and](#how-do-you-ensure-the-join-command-actually-works-between-openbalena-and)
-  - [Is it "production ready"?](#is-it-production-ready)
-  - [Can a new device type be added to openBalena?](#can-a-new-device-type-be-added-to-openbalena)
-  - [Are there open-source UI dashboards from the community for openBalena?](#are-there-open-source-ui-dashboards-from-the-community-for-openbalena)
-
-
 
 ## Features
 
@@ -176,7 +159,7 @@ While we actually have some rather large fleets using openBalena, we consider it
 perpetually in "beta". This means potentially introducing breaking changes between
 releases.
 
-### Can a new device type be added to openBalena?
+### Can new device type be added to openBalena?
 openBalena imports the following public [device-types] "out of the box". You can specify
 your own contracts repository by overriding `CONTRACTS_PUBLIC_REPO_NAME`,
 `CONTRACTS_PUBLIC_REPO_OWNER` and `IMAGE_STORAGE_BUCKET` environment variables on the API

VERSION

@@ -1 +1 @@
-4.1.450
+4.1.25

balena.yml

@@ -23,4 +23,4 @@ data:
     - generic-amd64
     - genericx86-64-ext
     - intel-nuc
-version: 4.1.450
+version: 4.1.25

docker-compose.yml

@@ -26,7 +26,7 @@ x-default-environment: &default-environment
   DB_PASSWORD: docker
   DB_USER: docker
   LOG_LEVEL: DEBUG
-  PRODUCTION_MODE: 'true'
+  PRODUCTION_MODE: 'false'
 
 x-default-healthcheck-trait: &with-default-healthcheck
   healthcheck:
@@ -79,7 +79,7 @@ services:
       *with-default-privileges,
       *with-default-volumes,
     ]
-    image: balena/open-balena-api:37.3.2
+    image: balena/open-balena-api:v25.1.29
     depends_on:
       - db
       - redis
@@ -119,7 +119,7 @@ services:
       *with-default-healthcheck,
       *with-default-privileges,
     ]
-    image: balena/open-balena-registry:2.42.0
+    image: balena/open-balena-registry:v2.39.60
     volumes:
       - certs-data:/certs
       - resin-data:/balena
@@ -146,7 +146,7 @@ services:
       *with-network-privileges,
       *with-default-privileges,
     ]
-    image: balena/open-balena-vpn:11.32.28
+    image: balena/open-balena-vpn:v11.30.23
     depends_on:
       - api
     environment:
@@ -156,13 +156,11 @@ services:
       VPN_PORT: 443
       # ensure correct service instance IP is registered with the API
       VPN_SERVICE_REGISTER_INTERFACE: eth0
-    devices:
-      - /dev/net/tun
 
   # https://github.com/balena-io/open-balena-db
   db:
     <<: *base-service
-    image: balena/open-balena-db:6.0.0
+    image: balena/open-balena-db:v5.2.2
     volumes:
       - db-data:/var/lib/postgresql/data
     environment:
@@ -177,7 +175,7 @@ services:
       *with-default-healthcheck,
       *with-default-privileges,
     ]
-    image: balena/open-balena-s3:2.28.75
+    image: balena/open-balena-s3:v2.28.48
     volumes:
       - s3-data:/export
       - certs-data:/certs
@@ -191,7 +189,7 @@ services:
   redis:
     <<: *base-service
     # https://redis.io/blog/what-redis-license-change-means-for-our-managed-service-providers/
-    image: redis:8.0-alpine
+    image: redis:7.2-alpine
     volumes:
       - redis-data:/data
     healthcheck:
@@ -235,7 +233,7 @@ services:
       ALIASES: api,ca,cloudlink,db,delta,logs,redis,registry2,s3,stats,tunnel
     labels:
       io.balena.features.balena-socket: 1
-      io.balena.features.supervisor-api: 1
+      io.balena.features.supervisor-api	: 1
 
   # https://github.com/balena-io/cert-manager
   # https://certbot.eff.org/docs/using.html
@@ -261,7 +259,7 @@ services:
   # https://github.com/cloudflare/cfssl/blob/master/doc/api/intro.txt
   balena-ca:
     <<: *base-service
-    image: balena/ca-private:0.0.15
+    image: balena/ca-private:v0.0.14
     volumes:
       - pki-data:/pki
       - certs-data:/certs
@@ -319,7 +317,7 @@ services:
       *with-extended-privileges,
       *with-network-privileges,
     ]
-    # https://hub.docker.com/r/qemux/qemu
+    # https://hub.docker.com/r/qemux/qemu-docker
     # https://github.com/qemus/qemu-docker
     build: src/test-device
     entrypoint:

src/balena-tests/Dockerfile

@@ -1,7 +1,7 @@
 FROM ubuntu:24.04
 
 # renovate: datasource=github-releases depName=balena-io/balena-cli
-ARG BALENA_CLI_VERSION=v22.1.1
+ARG BALENA_CLI_VERSION=v18.2.20
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
 	bash \
@@ -21,9 +21,11 @@ RUN curl -fsSL https://get.docker.com | sh
 WORKDIR /opt
 
 RUN set -x; arch=$(uname -m | sed 's/86_64/64/g') \
-    && wget -qO- "https://github.com/balena-io/balena-cli/releases/download/${BALENA_CLI_VERSION}/balena-cli-${BALENA_CLI_VERSION}-linux-${arch}-standalone.tar.gz" | tar -xzf -
+    && wget -q "https://github.com/balena-io/balena-cli/releases/download/${BALENA_CLI_VERSION}/balena-cli-${BALENA_CLI_VERSION}-linux-${arch}-standalone.zip" \
+    && unzip -q "balena-cli-${BALENA_CLI_VERSION}-linux-${arch}-standalone.zip" \
+    && rm -rf "balena-cli-${BALENA_CLI_VERSION}-linux-${arch}-standalone.zip"
 
-ENV PATH=/opt/balena/bin:${PATH}
+ENV PATH=/opt/balena-cli:${PATH}
 
 COPY functions balena.sh /usr/sbin/
 

src/balena-tests/balena.sh

@@ -1,17 +1,16 @@
 #!/usr/bin/env bash
 
-# shellcheck disable=SC2034,SC1090
+# shellcheck disable=SC2154,SC2034,SC1090
 set -aeu
 
-read -ra curl_opts <<<'--retry 3 --fail'
+curl_opts="--retry 3 --fail"
 if [[ $VERBOSE =~ on|On|Yes|yes|true|True ]]; then
     set -x
-    curl_opts+=('--verbose')
+    curl_opts="${curl_opts} --verbose"
 else
-    curl_opts+=('--silent')
+    curl_opts="${curl_opts} --silent"
 fi
 
-# shellcheck disable=SC1091
 source /usr/sbin/functions
 
 function remove_test_assets() {
@@ -50,10 +49,10 @@ function shutdown_dut() {
 
 function set_update_lock {
     if [[ -n "${BALENA_SUPERVISOR_ADDRESS:-}" ]] && [[ -n "${BALENA_SUPERVISOR_API_KEY:-}" ]]; then
-        while [[ $(curl "${curl_opts[@]}" "${BALENA_SUPERVISOR_ADDRESS}/v1/device?apikey=${BALENA_SUPERVISOR_API_KEY}" \
+        while [[ $(curl ${curl_opts} "${BALENA_SUPERVISOR_ADDRESS}/v1/device?apikey=${BALENA_SUPERVISOR_API_KEY}" \
           -H "Content-Type: application/json" | jq -r '.update_pending') == 'true' ]]; do
 
-            curl "${curl_opts[@]}" "${BALENA_SUPERVISOR_ADDRESS}/v1/device?apikey=${BALENA_SUPERVISOR_API_KEY}" \
+            curl ${curl_opts} "${BALENA_SUPERVISOR_ADDRESS}/v1/device?apikey=${BALENA_SUPERVISOR_API_KEY}" \
               -H "Content-Type: application/json" | jq -r
 
             sleep "$(( (RANDOM % 3) + 3 ))s"
@@ -90,7 +89,7 @@ function update_ca_certificates() {
 }
 
 function wait_for_api() {
-    while ! curl "${curl_opts[@]}" "https://api.${DNS_TLD}/ping"; do
+    while ! curl ${curl_opts} "https://api.${DNS_TLD}/ping"; do
         echo 'waiting for API...'
         sleep "$(( (RANDOM % 5) + 5 ))s"
     done
@@ -164,7 +163,7 @@ function check_device_status() {
         balena_device_uuid="$(cat </balena/config.json | jq -r .uuid)"
 
         if [[ -n $balena_device_uuid ]]; then
-            is_online="$(balena device list --json --fleet "${TEST_FLEET}" \
+            is_online="$(balena devices --json --fleet "${TEST_FLEET}" \
               | jq -r --arg uuid "${balena_device_uuid}" '.[] | select(.uuid==$uuid).is_online == true')"
 
             if [[ $is_online =~ true ]]; then
@@ -184,7 +183,6 @@ function registry_auth() {
     if [[ -n "${REGISTRY_USER:-}" ]] && [[ -n "${REGISTRY_PASS:-}" ]]; then
         with_backoff docker login -u "${REGISTRY_USER}" -p "${REGISTRY_PASS}"
 
-        # shellcheck disable=SC2016
         printf '{"https://index.docker.io/v1/": {"username":"%s", "password":"$s"}}' \
           "${REGISTRY_USER}" "${REGISTRY_PASS}" | jq -r > ~/.balena/secrets.json
     fi
@@ -208,21 +206,23 @@ function deploy_release() {
 }
 
 function get_releases() {
-      with_backoff balena release list --json "${TEST_FLEET}"
+      with_backoff balena releases --json "${TEST_FLEET}"
 }
 
 function get_release_commit() {
-      get_releases | jq -re \
-        '[.[] | select((.status=="success")
-        and (.is_invalidated==false)
-        and (.is_final==true))][0].commit'
+      echo "$(get_releases)" | jq -re \
+        'select((.[].status=="success")
+        and (.[].is_invalidated==false)
+        and (.[].is_final==true)
+        and (.[].release_type=="final"))[0].commit'
 }
 
 function get_release_id() {
-      get_releases | jq -re \
-        '[.[] | select((.status=="success")
-        and (.is_invalidated==false)
-        and (.is_final==true))][0].id'
+      echo "$(get_releases)" | jq -re \
+        'select((.[].status=="success")
+        and (.[].is_invalidated==false)
+        and (.[].is_final==true)
+        and (.[].release_type=="final"))[0].id'
 }
 
 function supervisor_update_target_state() {
@@ -230,7 +230,7 @@ function supervisor_update_target_state() {
     balena_device_uuid="$(cat </balena/config.json | jq -r .uuid)"
 
     if [[ -n "${balena_device_uuid:-}" ]]; then
-        while ! curl "${curl_opts[@]}" "https://api.${DNS_TLD}/supervisor/v1/update" \
+        while ! curl ${curl_opts} "https://api.${DNS_TLD}/supervisor/v1/update" \
           --header "Content-Type: application/json" \
           --header "Authorization: Bearer $(cat <~/.balena/token)" \
           --data "{\"uuid\": \"${balena_device_uuid}\", \"data\": {\"force\": true}}"; do
@@ -263,7 +263,7 @@ function check_running_release() {
 
 function get_os_version() {
     local BALENARC_BALENA_URL
-    BALENARC_BALENA_URL="${BALENA_API_URL//https:\/\/api\./}"
+    BALENARC_BALENA_URL="$(echo "${BALENA_API_URL}" | sed 's#https://api\.##g')"
 
     local os_version
     os_version=${OS_VERSION:-$(with_backoff balena os versions "${DEVICE_TYPE}" | head -n 1)}
@@ -276,13 +276,13 @@ function upload_release_asset() {
         release_id=${1:-1}
         release_asset="$(find / -type f -name '*.png' | head -n 1)"
 
-        curl "${curl_opts[@]}" "https://api.${DNS_TLD}/resin/release_asset" \
+        curl ${curl_opts} "https://api.${DNS_TLD}/resin/release_asset" \
           --header "Authorization: Bearer $(cat <~/.balena/token)" \
           --form "asset=@${release_asset}" \
           --form "release=${release_id}" \
-          --form "asset_key=$((RANDOM))-$(basename "${release_asset}")" \
+          --form "asset_key=$((RANDOM))-$(basename ${release_asset})" \
           | jq -re .asset.href \
-          | xargs curl "${curl_opts[@]}" -o "/tmp/$((RANDOM))-$(basename "${release_asset}")"
+          | xargs curl ${curl_opts} -o "/tmp/$((RANDOM))-$(basename ${release_asset})"
     fi
 }
 

src/cert-manager/Dockerfile

@@ -1,4 +1,4 @@
 # https://github.com/balena-io/cert-manager
-FROM balena/cert-manager:0.3.3
+FROM balena/cert-manager:v0.2.2
 
 COPY *.json /opt/

src/test-device/Dockerfile

@@ -1,10 +1,9 @@
-# https://hub.docker.com/r/qemux/qemu
+# https://hub.docker.com/r/qemux/qemu-docker
 # https://github.com/qemus/qemu-docker
-FROM ghcr.io/qemus/qemu:7.12
+FROM qemux/qemu-docker:5.16
 
 RUN apt-get update && apt-get install -y --no-install-recommends \
-    minicom \
-    netcat-openbsd \
+	minicom \
     && rm -rf /var/lib/apt/lists/*
 
 COPY balena.sh /usr/sbin/

src/test-device/balena.sh

@@ -21,14 +21,7 @@ until test -f "${GUEST_IMAGE%.*}.ready"; do sleep "$(( (RANDOM % 5) + 5 ))s"; do
 tmpimg="$(mktemp)"
 cat <"${GUEST_IMAGE}" >"${tmpimg}"
 
-# https://www.qemu.org/docs/master/system/qemu-manpage.html
-# .. depending on the target architecture: kvm, xen, hvf, nvmm, whpx (default: tcg)
-if test -r /dev/kvm && test -w /dev/kvm; then
-    accel=kvm
-fi
-
 exec /usr/bin/qemu-system-x86_64 \
-  -accel "${accel:-tcg}" \
   -bios /usr/share/ovmf/OVMF.fd \
   -chardev socket,id=serial0,path=/run/console.sock,server=on,wait=off \
   -cpu max \
@@ -37,7 +30,7 @@ exec /usr/bin/qemu-system-x86_64 \
   -device virtio-net-pci,netdev=n1 \
   -drive file="${tmpimg}",media=disk,cache=none,format=raw,if=none,id=disk \
   -m "${MEMORY}" \
-  -machine type=q35 \
+  -machine q35 \
   -netdev "user,id=n1,dns=127.0.0.1,guestfwd=tcp:10.0.2.100:80-cmd:netcat haproxy 80,guestfwd=tcp:10.0.2.100:443-cmd:netcat haproxy 443" \
   -nodefaults \
   -nographic \