Release Notes for Alpine 3.15.0: Difference between revisions

From Alpine Linux
(Add UEFI Secure Boot)
m (Add to category)
 
(25 intermediate revisions by 7 users not shown)
Line 1: Line 1:
== aports ==
== Important changes ==


=== 5.15 LTS kernels ===  
=== New package signing keys ===
 
New signing keys have been generated for v3.15 ongoing. The key size has been increased from 2048 bits to 4096 bits. Make sure you have <code>alpine-keys-2.4-r0</code> or later before upgrading to 3.15 (or downgrading from edge).
 
You can run:
 
<pre>
apk add -X http://dl-cdn.alpinelinux.org/alpine/v3.14/main -u alpine-keys
</pre>


linux-lts and linux-virt upgraded to 5.15
to update the keys to the required version.


=== QtWebKit was removed due to lack of upstream support ===
=== MIPS64 discontinued ===


qt5-qtwebkit, kdewebkit, wkhtmltopdf, and py3-pdfkit have been removed due to known vulnerabilities and lack of upstream support for qtwebkit. Other programs have been adjusted to use qt5-qtwebengine where appropriate. The most direct replacement for wkhtmltopdf is weasyprint, which is available in the Alpine Linux community repository. puppeteer and pandoc are also options, depending on your needs. See [https://gitlab.alpinelinux.org/alpine/aports/-/issues/12888 #12888] for more information.
The build hardware we use for building the packages is broken and the architecture is EOL, so there is no new hardware available anymore. As a consequence, there will be no v3.15 release for mips64, and existing releases can no longer receive security updates, so continued use of this architecture is not recommended.


=== radvd no longer enables ipv6 forwarding ===
=== radvd no longer enables ipv6 forwarding ===
Line 13: Line 21:
The radvd init script no longer enables ipv6 forwarding. To enable ipv6 forwarding (necessary for most networks), add <code>net.ipv6.conf.all.forwarding=1</code> to {{path|/etc/sysctl.conf}} or to a file in {{path|/etc/sysctl.d}}.
The radvd init script no longer enables ipv6 forwarding. To enable ipv6 forwarding (necessary for most networks), add <code>net.ipv6.conf.all.forwarding=1</code> to {{path|/etc/sysctl.conf}} or to a file in {{path|/etc/sysctl.d}}.


=== New package signing keys ===
=== Move from sudo to doas ===
 
doas is the default temporary privilege escalation tool.  You are advised to migrate from sudo to doas as 3.15 will be the last release to support sudo throughout its full lifecycle, in 3.16 sudo will be moved from main to community.
 
=== PipeWire doesn't auto-start a session manager anymore ===
 
In 3.14 and earlier the PipeWire default config was edited in packaging to auto-start pipewire-media-session as the default session manager. Since we now have wireplumber available as an alternative session manager, this has been changed in favor of a launch wrapper for pipewire at <code>/usr/libexec/pipewire-launcher</code>. When executed this will launch pipewire, pipewire-media-session or wireplumber, and pipewire-pulse, depending on what modules are available. If you were launching <code>/usr/bin/pipewire</code> and the session manager manually before, please use the new launcher wrapper instead. WirePlumber can now also be used as a proper alternative for pipewire-media-session.
 
== New features and noteworthy new packages ==
 
=== Compressed kernel modules ===
 
Kernel modules are now compressed using gzip.
 
=== UEFI Secure Boot ===
 
Complete support for [[UEFI Secure Boot]] realized by package {{pkg|secureboot-hook}} and {{pkg|efi-mkkeys}}.
 
=== Support overlaytmpfs mount options ===
 
It is now possible to use tmpfs(5) mount options with <code> overlaytmpfsflags</code>, when using <code>overlaytmpfs</code>, see mkinitfs-bootparams(7).  Also, <code>rootflags</code> and <code>rootfstype</code> options are now picked up for the underlying rootfs mount.
 
=== Support for out-of-tree kernel modules built from source ===
 
Alpine Kernel Module Support ({{pkg|akms}}) – support for building out-of-tree Linux kernel modules from source in an automated and organized fashion. It’s like DKMS, but designed specifically for Alpine Linux.
 
=== PostgreSQL multiple major versions ===
 
PostgreSQL packaging has been reworked to allow multiple major versions of PostgreSQL server to be installed side by side. This makes it possible to allow to upgrade PostgreSQL cluster from one major version to the next using <code>pg_upgrade</code> tool, and also to run an older major version of PostgreSQL on the latest version of Alpine Linux. The latest PostgreSQL version can be installed simply with <code>apk add postgresql</code> as before. If you need an older major version, install the specific package, e.g. {{pkg|postgresql13}}. You can switch between installed major versions using command <code>pg_versions</code>.
 
See [https://gitlab.alpinelinux.org/alpine/aports/-/merge_requests/27275 MR #27275] for more information.
 
=== Rofi for Wayland ===
 
Rofi can now be used on Wayland desktops thanks to the fork {{pkg|rofi-wayland}}.
 
=== Encrypted Data Disk and System Disk modes ===
 
<code>setup-disk</code> ({{pkg|alpine-conf}}) now supports encrypted Data Disk and System Disk modes.
 
== Significant updates ==
 
=== 5.15 LTS kernels ===  
 
linux-lts and linux-virt upgraded to 5.15


New signing keys have been generated for v3.15 ongoing. The key size has been increased from 2048 bits to 4096 bits. Make sure you have <code>alpine-keys-2.4-r0</code> or later before upgrading to 3.15 (or downgrading from edge).
'''Note:''' If you are using ''ZFS'' and depend on symlinks under /dev/zvol/ some are sporadically not created during boot, this is known upstream by ''OpenZFS'' and we track the issue [https://gitlab.alpinelinux.org/alpine/aports/-/issues/13198 here].


=== Ruby 3.0.2 ===
=== Ruby 3.0.2 ===


Ruby has been upgraded to version 3.0.2.
Ruby has been upgraded to version 3.0.2.
Packages {{pkg|ruby-minitest}}, {{pkg|ruby-net-telnet}}, {{pkg|ruby-power_assert}}, {{pkg|ruby-sdbm}}, {{pkg|ruby-test-unit}}, {{pkg|ruby-xmlrpc}}, {{pkg|ruby-webrick}} has been moved from ruby aport to separate aports. Please note that since they don’t inherit the version from the ruby aport anymore, their new (real) version is ''lower'' than before!
Subpackages ruby-bigdecimal, ruby-etc, ruby-fiddle, ruby-gdbm, ruby-io-console, ruby-irb, and ruby-json have been merged into ruby-libs.


=== LLVM12 added ===
=== LLVM12 added ===
Line 39: Line 95:
Transition to 8.0 is not finished yet as some app still require old version.
Transition to 8.0 is not finished yet as some app still require old version.


=== Postgresql 14 ===
=== PostgreSQL 14 ===
 
PostgreSQL has been upgraded to version 14.0. Since this release, multiple major versions are provided, currently: 12, 13, and 14.
 
Support for Just-in-time compilation (JIT) has been moved into subpackage {{pkg|postgresql-jit}}.


Postgresql has been upgraded to version 14.0.
{{pkg|libpq}} is now built without LDAP support which reduces number of installed dependencies. Note that this does ''not'' affect the LDAP support in PostgreSQL server, it’s preserved.


=== Mercurial ===
=== Mercurial ===


mercurial has been upgraded to 5.9.3  
mercurial has been upgraded to 5.9.3  
=== MIPS64 discontinued ===
The build hardware we use for building the packages is broken and the architecture is EOL, so there is no new hardware available anymore. As a consequence, there will be no v3.15 release for mips64, and existing releases can no longer receive security updates, so continued use of this architecture is not recommended.


=== Dlang build tools (DMD, DUB, LDC) have been updated ===
=== Dlang build tools (DMD, DUB, LDC) have been updated ===
Line 65: Line 121:
Most GNOME packages have been upgraded to version 41.
Most GNOME packages have been upgraded to version 41.


== New Features ==
=== Crystal ===
 
{{pkg|crystal}} has been upgraded to version 1.2.2.
 
=== Kea ===
 
{{pkg|kea}} has been upgraded to version 2.0.0.
 
=== OpenLDAP ===
 
{{pkg|openldap}} has been upgraded to version 2.6.0.
 
=== Rust ===
 
{{pkg|rust}} has been upgraded to version 1.56.1.
 
== Significant removals ==
 
=== QtWebKit was removed due to lack of upstream support ===
 
qt5-qtwebkit, kdewebkit, wkhtmltopdf, and py3-pdfkit have been removed due to known vulnerabilities and lack of upstream support for qtwebkit. Other programs have been adjusted to use qt5-qtwebengine where appropriate. The most direct replacement for wkhtmltopdf is weasyprint, which is available in the Alpine Linux community repository. puppeteer and pandoc are also options, depending on your needs. See [https://gitlab.alpinelinux.org/alpine/aports/-/issues/12888 #12888] for more information.
 
=== unrar moved to non-free ===
 
The unrar program from Alexander Roshal is distributed under a non-free license. Therefore, the unrar package has been moved to the non-free repository. Most RAR files can be unpacked using the bsdtar program from libarchive-tools; otherwise, users can compile and install the unrar package separately.
 
== Development-related changes ==
 
=== PostgreSQL ===
 
{{pkg|postgresql-dev}} has been split into {{pkg|libpq-dev}}, {{pkg|libecpg-dev}}, and <code>postgresql-dev</code> (this is ''provided'' by {{pkg|postgresql14-dev}}, {{pkg|postgresql13-dev}} etc.). Basically, only PostgreSQL extensions should use {{pkg|postgresql-dev}} in <code>makedepends</code>; all other aports should use {{pkg|libpq-dev}} and/or {{pkg|libecpg-dev}} (there are some exceptions though).
 
PostgreSQL extensions (typically packages with <code>postgresql-</code> prefix) should use {{pkg|postgresql-dev}} in <code>makedepends</code> – this will install the latest <code>postgresql<majorver>-dev</code> package, unless there’s a dependency on a specific postgresql version in the dependency graph (which shouldn’t be).
 
Each aport providing a PostgreSQL extension must explicitly depend on specific <code>postgresql<majorver></code> package, not <code>postgresql</code> provider. This should be solved by adding the following into the <code>package</code> function (!) in each aport that provides PostgreSQL extension:
 
<pre>
depends="postgresql$(pg_config --major-version)"
</pre>


* Complete support for [[UEFI Secure Boot]] realized by package {{pkg|secureboot-hook}} and {{pkg|efi-mkkeys}}.
[[Category:News]]

Latest revision as of 14:12, 19 February 2023

Important changes

New package signing keys

New signing keys have been generated for v3.15 ongoing. The key size has been increased from 2048 bits to 4096 bits. Make sure you have alpine-keys-2.4-r0 or later before upgrading to 3.15 (or downgrading from edge).

You can run:

apk add -X http://dl-cdn.alpinelinux.org/alpine/v3.14/main -u alpine-keys

to update the keys to the required version.

MIPS64 discontinued

The build hardware we use for building the packages is broken and the architecture is EOL, so there is no new hardware available anymore. As a consequence, there will be no v3.15 release for mips64, and existing releases can no longer receive security updates, so continued use of this architecture is not recommended.

radvd no longer enables ipv6 forwarding

The radvd init script no longer enables ipv6 forwarding. To enable ipv6 forwarding (necessary for most networks), add net.ipv6.conf.all.forwarding=1 to /etc/sysctl.conf or to a file in /etc/sysctl.d.

Move from sudo to doas

doas is the default temporary privilege escalation tool. You are advised to migrate from sudo to doas as 3.15 will be the last release to support sudo throughout its full lifecycle, in 3.16 sudo will be moved from main to community.

PipeWire doesn't auto-start a session manager anymore

In 3.14 and earlier the PipeWire default config was edited in packaging to auto-start pipewire-media-session as the default session manager. Since we now have wireplumber available as an alternative session manager, this has been changed in favor of a launch wrapper for pipewire at /usr/libexec/pipewire-launcher. When executed this will launch pipewire, pipewire-media-session or wireplumber, and pipewire-pulse, depending on what modules are available. If you were launching /usr/bin/pipewire and the session manager manually before, please use the new launcher wrapper instead. WirePlumber can now also be used as a proper alternative for pipewire-media-session.

New features and noteworthy new packages

Compressed kernel modules

Kernel modules are now compressed using gzip.

UEFI Secure Boot

Complete support for UEFI Secure Boot realized by package secureboot-hook and efi-mkkeys.

Support overlaytmpfs mount options

It is now possible to use tmpfs(5) mount options with overlaytmpfsflags, when using overlaytmpfs, see mkinitfs-bootparams(7). Also, rootflags and rootfstype options are now picked up for the underlying rootfs mount.

Support for out-of-tree kernel modules built from source

Alpine Kernel Module Support (akms) – support for building out-of-tree Linux kernel modules from source in an automated and organized fashion. It’s like DKMS, but designed specifically for Alpine Linux.

PostgreSQL multiple major versions

PostgreSQL packaging has been reworked to allow multiple major versions of PostgreSQL server to be installed side by side. This makes it possible to allow to upgrade PostgreSQL cluster from one major version to the next using pg_upgrade tool, and also to run an older major version of PostgreSQL on the latest version of Alpine Linux. The latest PostgreSQL version can be installed simply with apk add postgresql as before. If you need an older major version, install the specific package, e.g. postgresql13. You can switch between installed major versions using command pg_versions.

See MR #27275 for more information.

Rofi for Wayland

Rofi can now be used on Wayland desktops thanks to the fork rofi-wayland.

Encrypted Data Disk and System Disk modes

setup-disk (alpine-conf) now supports encrypted Data Disk and System Disk modes.

Significant updates

5.15 LTS kernels

linux-lts and linux-virt upgraded to 5.15

Note: If you are using ZFS and depend on symlinks under /dev/zvol/ some are sporadically not created during boot, this is known upstream by OpenZFS and we track the issue here.

Ruby 3.0.2

Ruby has been upgraded to version 3.0.2.

Packages ruby-minitest, ruby-net-telnet, ruby-power_assert, ruby-sdbm, ruby-test-unit, ruby-xmlrpc, ruby-webrick has been moved from ruby aport to separate aports. Please note that since they don’t inherit the version from the ruby aport anymore, their new (real) version is lower than before!

Subpackages ruby-bigdecimal, ruby-etc, ruby-fiddle, ruby-gdbm, ruby-io-console, ruby-irb, and ruby-json have been merged into ruby-libs.

LLVM12 added

LLVM12 is now available.

KDE

KDE Plasma has been upgraded to version 5.23, and KDE Applications have been upgraded to 21.08. Plasma Mobile Gear has been upgraded to 21.10.

Node.js

Node.js (LTS) has been upgraded to version 16.13.0. nodejs-current has been upgraded to 17.0.1.

PHP

PHP 7.4 started to phase out (1 year of security support left). Transition to 8.0 is not finished yet as some app still require old version.

PostgreSQL 14

PostgreSQL has been upgraded to version 14.0. Since this release, multiple major versions are provided, currently: 12, 13, and 14.

Support for Just-in-time compilation (JIT) has been moved into subpackage postgresql-jit.

libpq is now built without LDAP support which reduces number of installed dependencies. Note that this does not affect the LDAP support in PostgreSQL server, it’s preserved.

Mercurial

mercurial has been upgraded to 5.9.3

Dlang build tools (DMD, DUB, LDC) have been updated

Both compilers have been updated to frontend version v2.098.0 (LDC equivalent: v1.28.0). Dub has been updated to v1.27.0. LDC now always uses `--export-dynamic` so that code compiled without debug infos (`-g`) will still have the function name in its stack trace.

OpenJDK 17 added

The latest OpenJDK LTS version (17) has been added to this release and is available via the community repository.

GNOME 41

Most GNOME packages have been upgraded to version 41.

Crystal

crystal has been upgraded to version 1.2.2.

Kea

kea has been upgraded to version 2.0.0.

OpenLDAP

openldap has been upgraded to version 2.6.0.

Rust

rust has been upgraded to version 1.56.1.

Significant removals

QtWebKit was removed due to lack of upstream support

qt5-qtwebkit, kdewebkit, wkhtmltopdf, and py3-pdfkit have been removed due to known vulnerabilities and lack of upstream support for qtwebkit. Other programs have been adjusted to use qt5-qtwebengine where appropriate. The most direct replacement for wkhtmltopdf is weasyprint, which is available in the Alpine Linux community repository. puppeteer and pandoc are also options, depending on your needs. See #12888 for more information.

unrar moved to non-free

The unrar program from Alexander Roshal is distributed under a non-free license. Therefore, the unrar package has been moved to the non-free repository. Most RAR files can be unpacked using the bsdtar program from libarchive-tools; otherwise, users can compile and install the unrar package separately.

Development-related changes

PostgreSQL

postgresql-dev has been split into libpq-dev, libecpg-dev, and postgresql-dev (this is provided by postgresql14-dev, postgresql13-dev etc.). Basically, only PostgreSQL extensions should use postgresql-dev in makedepends; all other aports should use libpq-dev and/or libecpg-dev (there are some exceptions though).

PostgreSQL extensions (typically packages with postgresql- prefix) should use postgresql-dev in makedepends – this will install the latest postgresql<majorver>-dev package, unless there’s a dependency on a specific postgresql version in the dependency graph (which shouldn’t be).

Each aport providing a PostgreSQL extension must explicitly depend on specific postgresql<majorver> package, not postgresql provider. This should be solved by adding the following into the package function (!) in each aport that provides PostgreSQL extension:

depends="postgresql$(pg_config --major-version)"