Release Notes for Alpine 3.13.0: Difference between revisions

From Alpine Linux
m (Mentioning qemu-modules as a fix to install all the qemu modules together.)
(39 intermediate revisions by 5 users not shown)
Line 1: Line 1:
== aports ==
== aports ==


=== musl upgraded to 1.2 ===
=== musl 1.2 ===


musl has been upgraded to 1.2. This release changes the definition of <code>time_t</code> on 32-bit systems. See the [https://musl.libc.org/time64.html musl time64 release notes] for more details. All x86, armv7 and armhf packages have been rebuilt for this change. For users of these architectures, all self-compiled packages must be manually rebuilt after upgrading.
musl has been upgraded to 1.2. This release changes the definition of <code>time_t</code> on 32-bit systems. See the [https://musl.libc.org/time64.html musl time64 release notes] for more details.


=== Deprecation of berkeley db ===
==== time64 requirements ====


Oracle has changed the license of bdb to AGPL, making it unsuitable to link it to packages with GPL-incompatible licenses. Since the old version is no longer maintained, bdb has been removed from Alpine Linux and alternatives substituted.
The following important information applies for users of x86, armv7, and armhf (currently supported 32-bit architectures), including 32-bit Docker containers on 64-bit hosts.


For postfix, this means using lmdb and dropping support for <code>hash</code> and <code>btree</code> databases. Before upgrading, update all references of these types in <code>/etc/postfix/main.cf</code> to <code>lmdb</code>.
All self-compiled packages must be manually rebuilt after upgrading, even if relocation/SONAME errors are not encountered.
 
musl 1.2 uses new time64-compatible system calls. Due to [https://github.com/opencontainers/runc/issues/2151 runc issue 2151], these system calls incorrectly return EPERM instead of ENOSYS when invoked under a Docker or libseccomp version predating their release. Therefore, Alpine Linux 3.13.0 requires the host Docker to be version 19.03.9 (which contains backported [https://github.com/moby/moby/commit/89fabf0f241292e929fbb2fbb794d58d8d697ab5 moby commit 89fabf0]) or greater and the host libseccomp to be version 2.4.2 (which contains backported [https://github.com/seccomp/libseccomp/commit/bf747eb21e428c2b3ead6ebcca27951b681963a0 libseccomp commit bf747eb]) or greater. [https://github.com/docker/for-win/issues/8326 Docker for Windows issue 8326] tracks the process of updating libseccomp in Docker for Windows.
 
Therefore, the following platforms are not suitable as Docker hosts for 32-bit Alpine Linux 3.13.0, due to containing out-of-date libseccomp: Amazon Linux 1 or 2, CentOS 7 or 8, Debian stable without debian-backports, Raspbian stable, Ubuntu 14.04 or earlier, and Windows. This applies regardless of whether the Linux distribution Docker packages or separate Docker package repositories are used.
 
To check if your host libseccomp is time64-compatible, invoke <code>scmp_sys_resolver -a x86 clock_gettime64</code> for x86 containers, or <code>scmp_sys_resolver -a arm clock_gettime64</code> for armhf or armv7 containers. If 403 is returned, time64 is supported. If -1 is returned, time64 is not supported. Note that Docker must still be at least version 19.03.9, regardless of the result of this command.
 
In order to run under old Docker or libseccomp versions, [https://github.com/moby/moby/blob/master/profiles/seccomp/default.json the moby default seccomp profile] should be downloaded and on line 2, <code>defaultAction</code> changed to <code>SCMP_ACT_TRACE</code>, then <code>--seccomp-profile=default.json</code> can be passed to dockerd, or <code>--security-opt=seccomp=default.json</code> passed to <code>docker create</code> or <code>docker run</code>. This will cause the system calls to return ENOSYS instead of EPERM, allowing the container to fall back to 32-bit time system calls. In this case, the container will not be compatible with dates past 2038.
 
Alternatively, <code>--security-opt=seccomp=unconfined</code> can be passed with no <code>default.json</code> required, but note that this will reduce the security of the host against malicious code in the container.
 
=== Deprecation of Berkeley DB (BDB) ===
 
Oracle has changed the license of BDB to AGPL-3.0, making it unsuitable to link to packages with GPL-incompatible licenses. Since the old version is no longer maintained, the <code>db</code> package is now deprecated. Alpine Linux packages are being transitioned to alternatives or, where no alternatives exist, removed entirely.
 
Support for Postfix <code>hash</code> and <code>btree</code> databases has been removed. <code>lmdb</code> is the recommended replacement. Before upgrading, all tables in <code>/etc/postfix/main.cf</code> using <code>hash</code> and <code>btree</code> must be changed to a supported alternative. See the [http://www.postfix.org/DATABASE_README.html Postfix lookup table documentation] for more information.
 
cyrus sasldb now uses <code>gdbm</code> instead of <code>db</code>. The database must be created from scratch or manually migrated after upgrading to Alpine Linux 3.13.


=== Switching from busybox ifupdown to ifupdown-ng ===
=== Switching from busybox ifupdown to ifupdown-ng ===


Alpine Linux has switched the default ifupdown implementation from busybox to [https://github.com/ifupdown-ng/ifupdown-ng/ ifupdown-ng]. This version is compatible with debian ifupdown and busybox ifupdown, but please read the [https://github.com/ifupdown-ng/ifupdown-ng/blob/master/README.md readme] and the [https://github.com/ifupdown-ng/ifupdown-ng/blob/master/doc/ADMIN-GUIDE.md admin guide].
The default ifupdown implementation has been switched from busybox to [https://github.com/ifupdown-ng/ifupdown-ng/ ifupdown-ng]. ifupdown-ng is intended to be compatible with debian ifupdown and busybox ifupdown, but all users of <code>/etc/network/interfaces</code> should read the [https://github.com/ifupdown-ng/ifupdown-ng/blob/master/README.md ifupdown-ng readme] and the [https://github.com/ifupdown-ng/ifupdown-ng/blob/master/doc/ADMIN-GUIDE.md ifupdown-ng admin guide] before upgrading.


ifupdown-ng has native vlan support, so the <code>vlan</code> package is no longer required and can be uninstalled. The <code>bridge</code> and <code>bond</code> packages are still required.
ifupdown-ng has native vlan support, so the <code>vlan</code> package is no longer required and can be uninstalled. The <code>bridge</code> and <code>bond</code> packages are still required.
Line 19: Line 37:
=== GCC 10 ===
=== GCC 10 ===


GCC has been updated to version 10. GCC 10 sets the <code>-fno-common</code> option by default. All Alpine Linux packages have been fixed, but users compiling other packages on Alpine may need to fix their code. For more information, see the [https://gcc.gnu.org/gcc-10/porting_to.html GCC 10 porting guide].
GCC has been upgraded to version 10. GCC 10 sets the <code>-fno-common</code> option by default. All Alpine Linux packages have been fixed, but users compiling other software on Alpine Linux may need to make changes to their code. For more information, see the [https://gcc.gnu.org/gcc-10/porting_to.html GCC 10 porting guide].


===== PHP 8.0 =====
=== PHP 8.0 ===


PHP 8.0 with a common set of extensions is now available as <code>php8</code>. PHP 7.4 (<code>php7</code>) remains the default.
PHP 8.0 with a common set of extensions is now available as <code>php8</code>. PHP 7.4 (<code>php7</code>) remains the default.
=== xorg-server has moved to community ===
xorg-server and related packages have been moved from main to community. To install it, ensure {{Path|/etc/apk/repositories}} contains the community repository.
Running <code>setup-xorg-base</code> will automatically enable the community repo before installing xorg-server.
=== nextcloud 20 ===
Nextcloud has been updated to version 20. As a direct upgrade from 18 to 20 is [https://docs.nextcloud.com/server/latest/admin_manual/maintenance/upgrade.html not supported by nextcloud], Nextcloud 19 must be temporarily installed.
# Take a note and remove all nextcloud-* aports
# Install corresponding the nextcloud19-* aports
# Run <code>occ upgrade</code> as any regular update
# Verify everything still works
# Remove the nextcloud19-* aports again
# Install the regular nextcloud-* aports again
# Run Steps 3 and 4 again
# The upgrade should now be finished
As the last step you should visit your administrator settings overview page and run any missing db-updates as shown (e.g. <code>db:add-missing-indices db:add-missing-primary-keys db:add-missing-columns db:convert-filecache-bigint</code>)
=== spamassassin ===
<code>/etc/conf.d/spamd</code> has been moved from the <code>spamassassin</code> to the <code>spamassassin-openrc</code> package.
=== WireGuard upstreamed ===
WireGuard is now included in the standard Linux kernel since version 5.6, so the <code>wireguard-lts</code> and <code>wireguard-virt</code> packages have been removed.
=== QEMU packages split ===
Several features previously in the standard qemu package have been split into subpackages, including qemu-audio-*, qemu-block-*, qemu-hw-display-*, and qemu-ui-*.
The metapackage qemu-modules installs all of these.


== busybox ==
== busybox ==
Line 29: Line 80:
=== Removed applets ===
=== Removed applets ===


These applets have been removed due to poor feature compatibility and/or highly infrequent use:
The following applets have been removed:


* '''hdparm''': Use <code>hdparm</code>
* '''hdparm''': Missing many features. Use <code>hdparm</code> instead.
* '''conspy''': None
* '''fdformat''': Rarely used. Use <code>util-linux</code> instead.
* '''fdformat''': Use <code>util-linux</code>
* '''readprofile''': Rarely used. Consider <code>perf</code> or use <code>util-linux</code> instead.
* '''readprofile''': Use <code>util-linux</code>
* '''lspci''': Missing many features, such as hwdb support. Use <code>pciutils</code> or <code>grep . /sys/bus/pci/devices/*/*</code> instead.
* '''lspci''': Use <code>pciutils</code>
* '''conspy''': Rarely used.
* '''sendmail''': Use <code>ssmtp</code>, <code>opensmtpd</code>, <code>dma</code>, <code>exim</code>, <code>nullmailer</code>, or <code>postfix</code>
* '''smemcap''': Rarely used.
* '''smemcap''': None
* '''dumpleases''': Rarely used.
* '''dumpleases''': None


For conspy and smemcap, no alternative packages are currently available, but they can be packaged on request. Please file an issue at [https://gitlab.alpinelinux.org/alpine/aports/ Alpine GitLab] if you require these programs.
Alternatives for conspy, smemcap, and dumpleases are not currently packaged due to a lack of interest. If you require these programs, please file an issue at [https://gitlab.alpinelinux.org/alpine/aports/ Alpine GitLab].


=== Changes ===
=== Changes ===
Line 55: Line 105:


apk-tools now has an official man-page: <code>apk-tools-docs</code>. If the <code>docs</code> package is installed, man pages will automatically be installed and updated for all installed packages.
apk-tools now has an official man-page: <code>apk-tools-docs</code>. If the <code>docs</code> package is installed, man pages will automatically be installed and updated for all installed packages.
== Known issues ==
=== LVM boot scanning ===
Some users are reporting a regression in Alpine Linux 3.13 where nlplug-findfs fails to detect LVM PVs at boot. The current workaround is to temporarily downgrade to Linux 5.4 from Alpine Linux 3.12. This issue is being tracked in [https://gitlab.alpinelinux.org/alpine/aports/-/issues/12325 aports issue 12325].

Revision as of 20:32, 27 January 2021

aports

musl 1.2

musl has been upgraded to 1.2. This release changes the definition of time_t on 32-bit systems. See the musl time64 release notes for more details.

time64 requirements

The following important information applies for users of x86, armv7, and armhf (currently supported 32-bit architectures), including 32-bit Docker containers on 64-bit hosts.

All self-compiled packages must be manually rebuilt after upgrading, even if relocation/SONAME errors are not encountered.

musl 1.2 uses new time64-compatible system calls. Due to runc issue 2151, these system calls incorrectly return EPERM instead of ENOSYS when invoked under a Docker or libseccomp version predating their release. Therefore, Alpine Linux 3.13.0 requires the host Docker to be version 19.03.9 (which contains backported moby commit 89fabf0) or greater and the host libseccomp to be version 2.4.2 (which contains backported libseccomp commit bf747eb) or greater. Docker for Windows issue 8326 tracks the process of updating libseccomp in Docker for Windows.

Therefore, the following platforms are not suitable as Docker hosts for 32-bit Alpine Linux 3.13.0, due to containing out-of-date libseccomp: Amazon Linux 1 or 2, CentOS 7 or 8, Debian stable without debian-backports, Raspbian stable, Ubuntu 14.04 or earlier, and Windows. This applies regardless of whether the Linux distribution Docker packages or separate Docker package repositories are used.

To check if your host libseccomp is time64-compatible, invoke scmp_sys_resolver -a x86 clock_gettime64 for x86 containers, or scmp_sys_resolver -a arm clock_gettime64 for armhf or armv7 containers. If 403 is returned, time64 is supported. If -1 is returned, time64 is not supported. Note that Docker must still be at least version 19.03.9, regardless of the result of this command.

In order to run under old Docker or libseccomp versions, the moby default seccomp profile should be downloaded and on line 2, defaultAction changed to SCMP_ACT_TRACE, then --seccomp-profile=default.json can be passed to dockerd, or --security-opt=seccomp=default.json passed to docker create or docker run. This will cause the system calls to return ENOSYS instead of EPERM, allowing the container to fall back to 32-bit time system calls. In this case, the container will not be compatible with dates past 2038.

Alternatively, --security-opt=seccomp=unconfined can be passed with no default.json required, but note that this will reduce the security of the host against malicious code in the container.

Deprecation of Berkeley DB (BDB)

Oracle has changed the license of BDB to AGPL-3.0, making it unsuitable to link to packages with GPL-incompatible licenses. Since the old version is no longer maintained, the db package is now deprecated. Alpine Linux packages are being transitioned to alternatives or, where no alternatives exist, removed entirely.

Support for Postfix hash and btree databases has been removed. lmdb is the recommended replacement. Before upgrading, all tables in /etc/postfix/main.cf using hash and btree must be changed to a supported alternative. See the Postfix lookup table documentation for more information.

cyrus sasldb now uses gdbm instead of db. The database must be created from scratch or manually migrated after upgrading to Alpine Linux 3.13.

Switching from busybox ifupdown to ifupdown-ng

The default ifupdown implementation has been switched from busybox to ifupdown-ng. ifupdown-ng is intended to be compatible with debian ifupdown and busybox ifupdown, but all users of /etc/network/interfaces should read the ifupdown-ng readme and the ifupdown-ng admin guide before upgrading.

ifupdown-ng has native vlan support, so the vlan package is no longer required and can be uninstalled. The bridge and bond packages are still required.

GCC 10

GCC has been upgraded to version 10. GCC 10 sets the -fno-common option by default. All Alpine Linux packages have been fixed, but users compiling other software on Alpine Linux may need to make changes to their code. For more information, see the GCC 10 porting guide.

PHP 8.0

PHP 8.0 with a common set of extensions is now available as php8. PHP 7.4 (php7) remains the default.

xorg-server has moved to community

xorg-server and related packages have been moved from main to community. To install it, ensure /etc/apk/repositories contains the community repository.

Running setup-xorg-base will automatically enable the community repo before installing xorg-server.

nextcloud 20

Nextcloud has been updated to version 20. As a direct upgrade from 18 to 20 is not supported by nextcloud, Nextcloud 19 must be temporarily installed.

  1. Take a note and remove all nextcloud-* aports
  2. Install corresponding the nextcloud19-* aports
  3. Run occ upgrade as any regular update
  4. Verify everything still works
  5. Remove the nextcloud19-* aports again
  6. Install the regular nextcloud-* aports again
  7. Run Steps 3 and 4 again
  8. The upgrade should now be finished

As the last step you should visit your administrator settings overview page and run any missing db-updates as shown (e.g. db:add-missing-indices db:add-missing-primary-keys db:add-missing-columns db:convert-filecache-bigint)

spamassassin

/etc/conf.d/spamd has been moved from the spamassassin to the spamassassin-openrc package.

WireGuard upstreamed

WireGuard is now included in the standard Linux kernel since version 5.6, so the wireguard-lts and wireguard-virt packages have been removed.

QEMU packages split

Several features previously in the standard qemu package have been split into subpackages, including qemu-audio-*, qemu-block-*, qemu-hw-display-*, and qemu-ui-*. The metapackage qemu-modules installs all of these.

busybox

Removed applets

The following applets have been removed:

  • hdparm: Missing many features. Use hdparm instead.
  • fdformat: Rarely used. Use util-linux instead.
  • readprofile: Rarely used. Consider perf or use util-linux instead.
  • lspci: Missing many features, such as hwdb support. Use pciutils or grep . /sys/bus/pci/devices/*/* instead.
  • conspy: Rarely used.
  • smemcap: Rarely used.
  • dumpleases: Rarely used.

Alternatives for conspy, smemcap, and dumpleases are not currently packaged due to a lack of interest. If you require these programs, please file an issue at Alpine GitLab.

Changes

The following applets now support long options:

  • gzip
  • install
  • ipcalc

apk-tools

Man page

apk-tools now has an official man-page: apk-tools-docs. If the docs package is installed, man pages will automatically be installed and updated for all installed packages.

Known issues

LVM boot scanning

Some users are reporting a regression in Alpine Linux 3.13 where nlplug-findfs fails to detect LVM PVs at boot. The current workaround is to temporarily downgrade to Linux 5.4 from Alpine Linux 3.12. This issue is being tracked in aports issue 12325.