Release Notes for Alpine 3.13.0: Difference between revisions
No edit summary |
|||
Line 69: | Line 69: | ||
=== spamassassin === | === spamassassin === | ||
The configuration file found at <code>/etc/conf.d/spamd</code> has been moved from the <code>spamassassin</code> to the <code>spamassassin-openrc</code> package | The configuration file found at <code>/etc/conf.d/spamd</code> has been moved from the <code>spamassassin</code> to the <code>spamassassin-openrc</code> package | ||
=== Wireguard === | |||
Wireguard is now included as a module in the kernel, so the <code>wireguard-lts</code> and <code>wireguard-virt</code> packages have been removed. If your kernel is not upgraded, make sure to remove these packages. | |||
== busybox == | == busybox == |
Revision as of 20:28, 23 January 2021
aports
musl 1.2
musl has been upgraded to 1.2. This release changes the definition of time_t
on 32-bit systems. See the musl time64 release notes for more details.
time64 requirements
The following important information applies for users of x86, armv7, and armhf (currently supported 32-bit architectures), including 32-bit Docker containers on 64-bit hosts.
All self-compiled packages must be manually rebuilt after upgrading, even if relocation/SONAME errors are not encountered.
musl 1.2 uses new time64-compatible system calls. Due to runc issue 2151, these system calls incorrectly return EPERM instead of ENOSYS when invoked under a Docker or libseccomp version predating their release. Therefore, Alpine Linux 3.13.0 requires the host Docker to be version 19.03.9 (which contains backported moby commit 89fabf0) or greater and the host libseccomp to be version 2.4.2 (which contains backported libseccomp commit bf747eb) or greater, compiled against Linux UAPI headers 5.4 (which contain time64 syscall definitions) or greater. Docker for Windows issue 8326 tracks the process of updating libseccomp in Docker for Windows.
Therefore, the following platforms are not suitable as Docker hosts for 32-bit Alpine Linux 3.13.0, due to containing out-of-date libseccomp: Amazon Linux 1 or 2, CentOS 7 or 8, Debian stable without debian-backports, Raspbian stable, Ubuntu 14.04 or earlier, and Windows. This applies regardless of whether the Linux distribution Docker packages or separate Docker package repositories are used.
To check if your host libseccomp is time64-compatible, invoke scmp_sys_resolver -a x86 clock_gettime64
for x86 containers, or scmp_sys_resolver -a arm clock_gettime64
for armhf or armv7 containers. If 403 is returned, time64 is supported. If -10214 is returned, time64 is not supported. Note that Docker must still be at least version 19.03.9, regardless of the result of this command.
In order to run under old Docker or libseccomp versions, the moby default seccomp profile should be downloaded and on line 2, defaultAction
changed to SCMP_ACT_TRACE
, then --seccomp-profile=default.json
can be passed to dockerd, or --security-opt=seccomp=default.json
passed to docker create
or docker run
. This will cause the system calls to return ENOSYS instead of EPERM, allowing the container to fall back to 32-bit time system calls. In this case, the container will not be compatible with dates past 2038.
Alternatively, --security-opt=seccomp=unconfined
can be passed with no default.json
required, but note that this will slightly decrease the security of the host against malicious code in the container.
Deprecation of Berkeley DB (BDB)
Oracle has changed the license of BDB to AGPL-3.0, making it unsuitable to link to packages with GPL-incompatible licenses. Since the old version is no longer maintained, the db
package is now deprecated. Alpine Linux packages are being transitioned to alternatives or, where no alternatives exist, removed entirely.
Support for Postfix hash
and btree
databases has been removed. lmdb
is the recommended replacement. Before upgrading, all tables in /etc/postfix/main.cf
using hash
and btree
must be changed to a supported alternative. See the Postfix lookup table documentation for more information.
cyrus sasldb now uses gdbm
instead of db
. The database must be created from scratch or manually migrated after upgrading to Alpine Linux 3.13.
Switching from busybox ifupdown to ifupdown-ng
The default ifupdown implementation has been switched from busybox to ifupdown-ng. ifupdown-ng is intended to be compatible with debian ifupdown and busybox ifupdown, but all users of /etc/network/interfaces
should read the ifupdown-ng readme and the ifupdown-ng admin guide before upgrading.
ifupdown-ng has native vlan support, so the vlan
package is no longer required and can be uninstalled. The bridge
and bond
packages are still required.
GCC 10
GCC has been upgraded to version 10. GCC 10 sets the -fno-common
option by default. All Alpine Linux packages have been fixed, but users compiling other software on Alpine Linux may need to make changes to their code. For more information, see the GCC 10 porting guide.
PHP 8.0
PHP 8.0 with a common set of extensions is now available as php8
. PHP 7.4 (php7
) remains the default.
xorg-server has moved to community
xorg-server and related packages have been moved from main to community. To install it, ensure /etc/apk/repositories contains the community repository.
Running setup-xorg-base
will automatically enable the community repo before installing xorg-server.
nextcloud updated from 18 to 20
Comapred to 3.12, the nextcloud aport skipped version 19. As a direct upgrade from 18 to 20 is not supported by nextcloud, the upgrade procedure is not as straight forward as usually.
- Take a note and remove all nextcloud-* aports
- Install corresponding the nextcloud19-* aports
- Run
occ upgrade
as any regular update - Verify everything still works
- Remove the nextcloud19-* aports again
- Install the regular nextcloud-* aports again
- Run Steps 3 and 4 again
- The upgrade should now be finished
As the last step you should visit your administrator settings overview page and run any missing db-updates as shown (e.g. db:add-missing-indices db:add-missing-primary-keys db:add-missing-columns db:convert-filecache-bigint
)
spamassassin
The configuration file found at /etc/conf.d/spamd
has been moved from the spamassassin
to the spamassassin-openrc
package
Wireguard
Wireguard is now included as a module in the kernel, so the wireguard-lts
and wireguard-virt
packages have been removed. If your kernel is not upgraded, make sure to remove these packages.
busybox
Removed applets
The following applets have been removed:
- hdparm: Missing many features. Use
hdparm
instead. - fdformat: Rarely used. Use
util-linux
instead. - readprofile: Rarely used. Consider
perf
or useutil-linux
instead. - lspci: Missing many features, such as hwdb support. Use
pciutils
orgrep . /sys/bus/pci/devices/*/*
instead. - conspy: Rarely used.
- smemcap: Rarely used.
- dumpleases: Rarely used.
Alternatives for conspy, smemcap, and dumpleases are not currently packaged due to a lack of interest. If you require these programs, please file an issue at Alpine GitLab.
Changes
The following applets now support long options:
- gzip
- install
- ipcalc
apk-tools
Man page
apk-tools now has an official man-page: apk-tools-docs
. If the docs
package is installed, man pages will automatically be installed and updated for all installed packages.