Upgrade WALinuxAgent to the most recent release - 2.11.1.4.
Add patch to include azurelinux support into the agent. The patch should
be removed in the next 2.12 update.
Also because WALinuxAgent will automatically update at runtime, thus
removing the patched-in support for azurelinux, add another patch to
bump the version to 2.11.8.8 so further 2.11 hotfixes are not taken.
Since 2.12 will have azurelinux support, the agent will be able to
automatically upgrade to 2.12 at runtime.
fix: correct changelog date warning
fix: use /usr/bin and /usr/lib/systemd paths
In the upstream code's setup.py, the bin path and systemd path are set
through calls into the distro's osutil class. In our case, since we pass
--lnx-distro='mariner', the code will use the MarinerOsUtil derived
class for these paths, which are /usr/bin and /usr/lib/systemd
respectively.
In addition, now that the paths are set correctly again, remove the sed
operation to the waagent.service so the waagent path points to the
correct location again.
Also fix the ephemeral-disk-warning.service to use the proper path as
well.
Signed-off-by: Chris Co <chrco@microsoft.com>
Enable USB Test and Measurement Class driver as a loadable kernel
module. This module is used for many USB devices that meet the USB Test
and Measurement device specification, like HW and Power Analyzers.
Signed-off-by: Chris Co <chrco@microsoft.com>
Enable Multipath TCP (MPTCP) to allow using multiple interface paths to send and receive TCP packets for improving throughput and redundancy.
Signed-off-by: Chris Co <chrco@microsoft.com>
Enable the Extended Verification Module (EVM) support to allow the verification of security-related extended attributes like SELinux file labels or IMA hash
Signed-off-by: Chris Co <chrco@microsoft.com>
Co-authored-by: Chris Co <chrco@microsoft.com>
In PR #9932, a bug fix was made to ensure that GPT partitions don't receive a default label of "primary". Unfortunately, that change relies on a bug fix to `parted` that was made in v3.5, which is relatively recent.
For reference:
- Ubuntu 22.04: 3.4
- Ubuntu 24.04: 3.6
- Azure Linux 2.0: 3.4
- Azure Linux 3.0: 3.6
This change provides a workaround by giving partitions a default name of "primary", if the build host has an older version of parted.
Add tests for enabling and disabling services, both for services that exist and ones that don't exist.
Also, fix a bug in the `IsServiceEnabled` function where the disabled state isn't being properly distinguished from other types of errors.
1. Use either the `grub-install` or `grub2-install` command, whichever is available on the build host.
2. Add `grub2-install` to the image customizer prerequisites list in the README.
3. Add `grub2-install` to the image customizer container.
4. Remove the `grub2` package from the legacy boot config, since it isn't needed.
5. Allow the `USER` environment variable to be empty, which is the case in docker containers.
Enable FS-verity and Integrity Policy Enforcement LSM. These are useful security features that users/services can leverage to better secure their system.
Signed-off-by: Chris Co <chrco@microsoft.com>
1. When calling `cp`, include the last line of `stderr` in the error message.
2. Ensure that the `file.CopyDir` function adds useful information to the error message.
3. Add path information to error message for `.os.additionalDirs` errors.
Add DMI sysfs and EROFS module support. Additionally hooks for Secure Boot with dm-verity verification.
These kconfigs will also be necessary to onboard Azure Linux into upstream systemd's CI testing.
Signed-off-by: Chris Co <chrco@microsoft.com>
When creating partitions using `parted`, the API is:
- MBR: `parted mkpart <partition-type> <fs-type> ...`
- GPT: `parted mkpart <partition-label> <fs-type> ...`
But currently we are treating the first param as always being the `<partition-type>`, when for GPT it is `<partition-label>`. This has the effect that GPT partitions are given a default label of "primary", which is a tad silly. (If an explicit label is provided by the user, then the label is overridden in a subsequent step.)
This change fixes this behavior so that GPT partitions have a default label of nothing ("").
Moving batch of configs that were built-in to be modules to maintain flexibility, though reduce kernel size and boot speed.
These modules are already set as modules on x86 and only targeted to change on arm64.
Signed-off-by: Kelsey Steele <kelseysteele@microsoft.com>
Bala
sindhu-karri
Christopher Co
Trung
Daniel McIlvaney
Pawel Winogrodzki
Sumynwa
Andrew Phelps
Chris Gunn
Rachel Menge
Aditya Dubey
Riken Maharjan
KavyaSree2610
Muhammad Falak R Wani
CBL-Mariner-Bot
Harshit Gupta
Sam Meluch
Kelsey Steele