Release Notes for Alpine 3.12.0

From Alpine Linux

aports

python2 no longer provides python and python-devel

python2 no longer provides python and python-devel, nothing does, it is now required that you explicitly depend on either python2 or python3, any new contributions that depend on python2 will be rejected summarily, and python2 is in the process of being **completely** removed

llvm 10.0.0

llvm 10 is now the default in Alpine Linux.

commit


Initial support for DLang

We've added initial support for the D language with this release. We now have GDC, the D compiler frontend using GCC, available on all arches but ppc64le and LDC, a D compiler using the LLVM backend, on x86_64. Most things are built against ldc and as such only available on x86_64 right now due to GDC shipping a rather outdated version of the Phobos, the D standard library.

py3-setuptools now uses system python3 modules instead of vendored dependencies

py3-setuptools now installs py3-packaging, py3-parsing, py3-appdirs, py3-six and py3-ordered-set from the system.

The following commits are the ones responsible for this change:

ncurses fixes

A few fixes trickled in relating exclusively to Alpine Linux that affect ncurses:

With this commit the ncurses-lib package no longer depends on the ncurses-terminfo, which was too big at 7.5 MB, instead ncurses-lib now depends solely on the ncurses-terminfo-base package which weights at around 120 kB.

With this commit the ncurses-terminfo-base now includes the most common terminfo databases like tmux, screen, xterm-256color and also databases for packaged terminals like gnome-terminal, vte, konsole, alacritty, kitty, putty. All other terminfo databases are now in ncurses-terminfo.

With this commit all terminals that have their terminfo databases provided by the ncurses-terminfo-base now depend on it.

python3 no longer provides pip3, use py3-pip from community

Python3 is now built with --without-ensurepip which removes pip3 and its libraries from it. Instead use the py3-pip pacakge which uses system components.

BPF JIT support

> TODO: Small preamble about BPF

So it (BPF JIT) has been enabled by default in 3bf2313adc57fe6b36bf459ddca6d65a392609db, and unprivileged BPF JIT has been disabled in 4e286992d5ed751f6ca60eb18d77313bb0868513.

OpenRC now has a sane ordering of directories when configuring kernel parameters

Configuring kernel parameters is done by having configuration files in specific locations like /etc/sysctl.conf and files ending with .conf in certain directories like /etc/sysctl.d. Before 3.12.0 the ordering had no logical explanation and surprised users that expected a hierarchy.

Starting with 3.12.0 the ordering is as follows:

  1. /lib/sysctl.d/*.conf
  2. /usr/lib/sysctl.d/*.conf
  3. /run/sysctl.d/*.conf
  4. /etc/sysctl.conf
  5. /etc/sysctl.d/*.conf


/lib/sysctl.d and /usr/lib/sysctl.d are to be used by the distribution and packages. Alpine Linux installs its default configuration file in /lib/sysctl.d/00-alpine.conf. Software installed via our package manager will install to either of those places.

/run/sysctl.d holds configuration that is created at run-time by daemons/services or at very early-boot. Neither the distribution nor the packaged software will install configuration to it, primarily because /run is in temporary memory. Configuration in this location that matches names the locations used by the distribution and packages will cause the latter not to be read and applied by the sysctl service.

/etc/sysctl.d holds configuration that is created and maintained by the local administrator, neither Alpine nor its packaged software will touch it, and configuration in that has the same name as in the location reserved for the distribution and packages, or the location for run-time configuration from daemons/services, will cause the latter to not be read and applied by the sysctl service.

/etc/sysctl.conf is a historical location for this kind of configuration and is kept for the same reasons.

OpenRC now has a sane ordering of directories when loading kernel modules

Loading kernel modules during boot is done with the modules OpenRC service, which reads configuration files in certain locations and loads kernel modules with the modprobe utility from either busybox or util-linux.

Starting with 3.12.0 a more logical ordering is adopted for which configuration files to read and ignore:

  1. /lib/modules-load.d/*.conf
  2. /usr/lib/modules-load.d/*.conf
  3. /run/modules-load.d/*.conf
  4. /etc/modules
  5. /etc/modules-load.d/*.conf

/lib/modules-load.d and /usr/lib/modules-load.d are to be used by the distribution and packages. Software installed via our package manager will install to either of those places.

/run/modules-load.d holds configuration that is created at run-time by daemons/services or at very early-boot. Neither the distribution nor the packaged software will install configuration to it, primarily because /run is in temporary memory. Configuration in this location that matches names in the locations used by the distribution and packages will cause the latter not to be read and applied by the modules service.

/etc/modules-load.d holds configuration that is created and maintained by the local administrator, neither Alpine nor its packaged software will touch it, and configuration in that has the same name as in the location reserved for the distribution and packages, or locations reserved for the run-time configuration of daemons/services, will cause the latter to not be read and applied by the modules service.

/etc/modules is a historical location for this kind of configuration and is kept for the same reasons.

Telegram Desktop is now available in the community repo

See commit that moved the package to the community repo for explanation.

efitools and sbsigntool are now in main/

Those packages have lived in testing/ for a long time and have been successfully used by one of our developers to implement secure-boot in his system. They have been moved to main/ and will be available for others.

Packages which need libsecret's DBus API now depend a provider of its API via dbus:org.freedesktop.Secret

Previously it was possible to install a program which required the DBus API of libsecret (e.g. Fractal), but not install a secrets provider (e.g. gnome-keyring), so logins wouldn't be saved. This has been corrected and packages which require this API depend on the provider-package dbus:org.freedesktop:Secret now. It's provided by gnome-keyring, kwallet and keepassxc (in that order of importance, i.e. if none of these is pulled in gnome-keyring will be chosen by default). Right now we manually declared the provider for dbus:org.freedesktop.Secret, but eventually we should have an automatic detection for the DBus API packages provide to make this easier for other packages.

Preferring enchant2 over enchant

All packages which support enchant2 have been moved over to it instead of using enchant(1). enchant2 now also supports nuspell, which is a faster drop-in replacement for hunspell, which utilizes hunspell's dictionaries.

Firefox is now in community

Firefox finally left testing and will be in community, supported for 6 months.

moonjit is now luajit

Our luajit package switched to the alive moonjit fork which has, among other things, s390x support and actual development.

This commit switched luajit over to moonjit, the following commit removes our **HUGE** 46k s390x support patch which is now handled by upstream.

Support for YubiKeys

yubikey-manager and yubikey-manager-qt have been added to the community repos for using and managing your yubikeys. Installing yubikey-manager and enabling the pcscd service should make yubikeys functional.

abuild

Add default functions for subpackages that hold Bash, Zsh and Fish completion

abuild now provides default functions for $pkgname-bash-completion, $pkgname-zsh-completion and $pkgname-fish-completion subpackages.

Expected location of the completion files per shell:

  • Bash -> /usr/share/bash-completion/completions
  • Zsh -> /usr/share/zsh/site-functions
  • Fish -> /usr/share/fish/completions

Files must be installed in the expected location in relation to $pkgdir in pacakge().

Introduced in d5826968b713123a4f51d3dec1adb1225d0e194f.

newapkbuild when called with CMake (-C) does out-of-source builds by default

When packaging with newapkbuild and using the -C switch to pre-fill the apkbuild with skeleton functions for CMake now:

  • Adds -B build to the cmake call in build().
  • Adds -C build the make calls.

Doing out-of-source builds are recommended upstream to the point where warnings are printed when calling CMake on a project.

Introduced in e125a764896d884c69cc409e614b65cb336c15e8.

set CARGO_HOME to cache dependencies of rust packages

CARGO_HOME is now set to $SRCDEST/cargo and will cache all dependencies downloaded.

Introduced in af0c88e6abbb1e49224759f5c51b3068e6eab28b.

The "plain" buildtype for Meson and "None" buildtype for CMake are used now

We previously used the "release" or "debugoptimized" buildmode for Meson or "Release" or "RelWithDebInfo" for CMake. This caused Meson and CMake to ignore parts of our C{,XX}FLAGS, e.g. by setting -O2 or even -O3 instead of our default of -Os. We've changed to the "plain" buildtype and the "None" buildtype for CMake. This should result in smaller binaries since -Os is respected now. See the respective mailing list post