Release Notes for Alpine 3.12.0
secfixes
This is the last release that will have secfixes information embedded into the APKBUILD in the form of shell comments, future
versions will have a separate secfixes.yaml
file that resides in the same directory as the APKBUILD, it will be
a purely yaml file.
This removes the potentially troublesome operation of reading the APKBUILD and extracting the secfixes comment, allowing us to simplify secfixes-check from Leo/atools to validate the yaml by simply loading the separate yaml file.
aports
BPF JIT support
> TODO: Small preamble about BPF
So it (BPF JIT) has been enabled by default in 3bf2313adc57fe6b36bf459ddca6d65a392609db, and unprivileged BPF JIT has been disabled in 4e286992d5ed751f6ca60eb18d77313bb0868513.
OpenRC now has a sane ordering of directories when configuring kernel parameters
Configuring kernel parameters is done by having configuration files in specific locations like /etc/sysctl.conf
and files ending with .conf
in certain directories like /etc/sysctl.d
. Before 3.12.0 the ordering had no logical explanation and
surprised users that expected a hierarchy.
Starting with 3.12.0 the ordering is as follows:
- /lib/sysctl.d/*.conf
- /usr/lib/sysctl.d/*.conf
- /etc/sysctl.d/*.conf
- /etc/sysctl.conf
- /run/sysctl.d/*.conf
/lib/sysctl.d
and /usr/lib/sysctl.d
are to be used by the distribution and packages. Alpine Linux installs its default configuration file in /lib/sysctl.d/00-alpine.conf
. Software installed via our package manager will install to either of those places.
/etc/sysctl.d
holds configuration that is created and maintained by the local administrator, neither Alpine nor its packaged software will touch it, and configuration in that has the same name as in the location reserved for the distribution and packages will cause the latter to not be read and applied by the sysctl
service.
/etc/sysctl.conf
is a historical location for this kind of configuration and is kept for the same reasons.
/run/sysctl.d
holds configuration that is created at run-time by daemons/services or at very early-boot. Neither the distribution nor the packaged software will install configuration to it, primarily because /run is in temporary memory. Configuration in this location that matches names in the local administrator or the locations used by the distribution and packages will cause the latter not to be read and applied by the sysctl
service.
OpenRC now has a sane ordering of directories when loading kernel modules
Loading kernel modules during boot is done with the modules
OpenRC service, which reads configuration files in certain locations and loads kernel modules with the modprobe utility from either busybox or util-linux.
Starting with 3.12.0 a more logical ordering is adopted for which configuration files to read and ignore:
- /lib/modules-load.d/*.conf
- /usr/lib/modules-load.d/*.conf
- /etc/modules
- /etc/modules-load.d/*.conf
- /run/modules-load.d/*.conf
/lib/modules-load.d
and /usr/lib/modules-load.d
are to be used by the distribution and packages. Software installed via our package manager will install to either of those places.
/etc/modules-load.d
holds configuration that is created and maintained by the local administrator, neither Alpine nor its packaged software will touch it, and configuration in that has the same name as in the location reserved for the distribution and packages will cause the latter to not be read and applied by the modules
service.
/etc/modules
is a historical location for this kind of configuration and is kept for the same reasons.
/run/modules-load.d
holds configuration that is created at run-time by daemons/services or at very early-boot. Neither the distribution nor the packaged software will install configuration to it, primarily because /run is in temporary memory. Configuration in this location that matches names in the local administrator or the locations used by the distribution and packages will cause the latter not to be read and applied by the modules
service.
Telegram Desktop is now available in the community repo
See commit that moved the package to the community repo for explanation.
efitools and sbsigntool are now in main/
Those packages have lived in testing/ for a long time and have been successfully used by one of our developers to implement secure-boot in his system. They have been moved to main/ and will be available for others.
abuild
Add default functions for subpackages that hold Bash, Zsh and Fish completion
abuild now provides default functions for $pkgname-bash-completion, $pkgname-zsh-completion and $pkgname-fish-completion subpackages.
Expected location of the completion files per shell:
- Bash ->
/usr/share/bash-completion/completions
- Zsh ->
/usr/share/zsh/site-functions
- Fish ->
/usr/share/fish/completions
Files must be installed in the expected location in relation to $pkgdir in pacakge().
Introduced in d5826968b713123a4f51d3dec1adb1225d0e194f.
newapkbuild when called with CMake (-C) does out-of-source builds by default
When packaging with newapkbuild and using the -C switch to pre-fill the apkbuild with skeleton functions for CMake now:
- Adds
-B build
to thecmake
call in build(). - Adds
-C build
themake
calls.
Doing out-of-source builds are recommended upstream to the point where warnings are printed when calling CMake on a project.
Introduced in e125a764896d884c69cc409e614b65cb336c15e8.
set CARGO_HOME to cache dependencies of rust packages
CARGO_HOME is now set to $SRCDEST/cargo and will cache all dependencies downloaded.
Introduced in af0c88e6abbb1e49224759f5c51b3068e6eab28b.