feat(mdadm): configure mdadm.conf path for use with extensionconfig

.conform.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-08-01T17:25:51Z by kres faf91e3.
+# Generated on 2024-09-13T08:39:30Z by kres 8be5fa7.
 
 policies:
   - type: commit
@@ -12,7 +12,7 @@ policies:
           gitHubOrganization: siderolabs
       spellcheck:
         locale: US
-      maximumOfOneCommit: true
+      maximumOfOneCommit: false
       header:
         length: 89
         imperative: true

.github/workflows/ci.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-08-29T14:13:04Z by kres b5ca957.
+# Generated on 2024-10-08T16:19:09Z by kres 34e72ac.
 
 name: default
 concurrency:
@@ -33,7 +33,7 @@ jobs:
       labels: ${{ steps.retrieve-pr-labels.outputs.result }}
     services:
       buildkitd:
-        image: moby/buildkit:v0.15.2
+        image: moby/buildkit:v0.16.0
         options: --privileged
         ports:
           - 1234:1234
@@ -143,7 +143,7 @@ jobs:
       - default
     services:
       buildkitd:
-        image: moby/buildkit:v0.15.2
+        image: moby/buildkit:v0.16.0
         options: --privileged
         ports:
           - 1234:1234

.github/workflows/weekly.yaml

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-08-29T14:13:04Z by kres b5ca957.
+# Generated on 2024-10-08T16:19:09Z by kres 34e72ac.
 
 name: weekly
 concurrency:
@@ -16,7 +16,7 @@ jobs:
       - pkgs
     services:
       buildkitd:
-        image: moby/buildkit:v0.15.2
+        image: moby/buildkit:v0.16.0
         options: --privileged
         ports:
           - 1234:1234

.kres.yaml

@@ -60,7 +60,7 @@ spec:
       - name: EXTENSIONS_IMAGE_REF
         defaultValue: $(REGISTRY_AND_USERNAME)/extensions:$(TAG)
       - name: PKGS
-        defaultValue: v1.8.0
+        defaultValue: v1.8.0-16-g71d23b4
       - name: PKGS_PREFIX
         defaultValue: ghcr.io/siderolabs
   useBldrPkgTagResolver: true
@@ -162,3 +162,7 @@ spec:
           cosign verify $$image --certificate-identity-regexp '@siderolabs\.com$$' --certificate-oidc-issuer https://accounts.google.com || \
             cosign sign --yes $$image; \
         done
+---
+kind: common.Repository
+spec:
+  conformMaximumOfOneCommit: false

Makefile

@@ -1,6 +1,6 @@
 # THIS FILE WAS AUTOMATICALLY GENERATED, PLEASE DO NOT EDIT.
 #
-# Generated on 2024-09-06T11:07:46Z by kres 8be5fa7.
+# Generated on 2024-10-08T16:19:09Z by kres 34e72ac.
 
 # common variables
 
@@ -48,7 +48,7 @@ COMMON_ARGS += --build-arg=PKGS_PREFIX="$(PKGS_PREFIX)"
 # extra variables
 
 EXTENSIONS_IMAGE_REF ?= $(REGISTRY_AND_USERNAME)/extensions:$(TAG)
-PKGS ?= v1.8.0
+PKGS ?= v1.8.0-16-g71d23b4
 PKGS_PREFIX ?= ghcr.io/siderolabs
 
 # targets defines all the available targets

Pkgfile

@@ -3,7 +3,7 @@
 format: v1alpha2
 
 vars:
-  LINUX_FIRMWARE_VERSION: "20240811" # update this when updating PKGS_VERSION in Makefile
+  LINUX_FIRMWARE_VERSION: "20240909" # update this when updating PKGS_VERSION in Makefile
   DRBD_DRIVER_VERSION: 9.2.11 # update this when updating PKGS_VERSION in Makefile
   ZFS_DRIVER_VERSION: 2.2.6 # update this when updating PKGS_VERSION in Makefile
   UTIL_LINUX_VERSION: 2.40.2 # update this when updating PKGS_VERSION in Makefile

container-runtime/crun/pkg.yaml

@@ -24,6 +24,10 @@ steps:
         mkdir -p /rootfs/usr/local/bin
         cp -av crun /rootfs/usr/local/bin/crun
         chmod +x /rootfs/usr/local/bin/crun
+
+      - |
+        mkdir -p /rootfs/etc/cri/conf.d
+        cp /pkg/crun.part /rootfs/etc/cri/conf.d/crun.part
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -36,5 +40,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/crun.part
-    to: /rootfs/etc/cri/conf.d/crun.part

container-runtime/gvisor/pkg.yaml

@@ -44,6 +44,11 @@ steps:
 
         cp ./bin/containerd-shim-runsc-v1 /rootfs/usr/local/bin/containerd-shim-runsc-v1
         chmod +x /rootfs/usr/local/bin/containerd-shim-runsc-v1
+
+      - |
+        mkdir -p /rootfs/etc/cri/conf.d
+
+        cp /pkg/gvisor.part /pkg/runsc.toml /pkg/gvisor-kvm.part /pkg/runsc-kvm.toml /rootfs/etc/cri/conf.d/
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -55,11 +60,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/gvisor.part
-    to: /rootfs/etc/cri/conf.d/gvisor.part
-  - from: /pkg/runsc.toml
-    to: /rootfs/etc/cri/conf.d/runsc.toml
-  - from: /pkg/gvisor-kvm.part
-    to: /rootfs/etc/cri/conf.d/gvisor-kvm.part
-  - from: /pkg/runsc-kvm.toml
-    to: /rootfs/etc/cri/conf.d/runsc-kvm.toml

container-runtime/kata-containers/pkg.yaml

@@ -59,6 +59,12 @@ steps:
       - |
         cd ${GOPATH}/src/github.com/kata-containers/src/runtime
         cp containerd-shim-kata-v2 /rootfs/usr/local/bin/containerd-shim-kata-v2
+      - |
+        mkdir -p /rootfs/etc/cri/conf.d
+        cp /pkg/kata-containers.part /rootfs/etc/cri/conf.d/kata-containers.part
+
+        mkdir -p /rootfs/usr/local/share/kata-containers
+        cp /pkg/configuration.toml /rootfs/usr/local/share/kata-containers/configuration.toml
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -70,7 +76,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/kata-containers.part
-    to: /rootfs/etc/cri/conf.d/kata-containers.part
-  - from: /pkg/configuration.toml
-    to: /rootfs/usr/local/share/kata-containers/configuration.toml

container-runtime/spin/pkg.yaml

@@ -24,6 +24,9 @@ steps:
         mkdir -p /rootfs/usr/local/bin
 
         tar xf containerd-shim-spin.tar.gz -C /rootfs/usr/local/bin
+      - |
+        mkdir -p /rootfs/etc/cri/conf.d
+        cp /pkg/spin.part /rootfs/etc/cri/conf.d/spin.part
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -35,5 +38,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/spin.part
-    to: /rootfs/etc/cri/conf.d/spin.part

container-runtime/stargz-snapshotter/pkg.yaml

@@ -41,6 +41,15 @@ steps:
 
         cp ./out/ctr-remote /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
         chmod +x /rootfs/usr/local/lib/containers/stargz-snapshotter/ctr-remote
+      - |
+        mkdir -p /rootfs/etc/cri/conf.d
+        cp /pkg/stargz-snapshotter.part /rootfs/etc/cri/conf.d/stargz-snapshotter.part
+
+        mkdir -p /rootfs/usr/local/etc/containerd-stargz-grpc
+        cp /pkg/config.toml /rootfs/usr/local/etc/containerd-stargz-grpc/config.toml
+
+        mkdir -p /rootfs/usr/local/etc/containers
+        cp /pkg/stargz-snapshotter.yaml /rootfs/usr/local/etc/containers/
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -52,9 +61,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/stargz-snapshotter.part
-    to: /rootfs/etc/cri/conf.d/stargz-snapshotter.part
-  - from: /pkg/config.toml
-    to: /rootfs/usr/local/etc/containerd-stargz-grpc/config.toml
-  - from: /pkg/stargz-snapshotter.yaml
-    to: /rootfs/usr/local/etc/containers/

examples/hello-world-service/pkg.yaml

@@ -20,10 +20,13 @@ steps:
         CGO_ENABLED=0 go build -o ./hello-world .
     install:
       - |
-        mkdir -p /rootfs/usr/local/etc/containers
         mkdir -p /rootfs/usr/local/lib/containers/hello-world
 
         cp -p /pkg/src/hello-world /rootfs/usr/local/lib/containers/hello-world/
+      - |
+        mkdir -p /rootfs/usr/local/etc/containers
+
+        cp /pkg/hello-world.yaml /rootfs/usr/local/etc/containers/
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -35,5 +38,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/hello-world.yaml
-    to: /rootfs/usr/local/etc/containers/

firmware/intel-ucode/pkg.yaml

@@ -7,8 +7,8 @@ steps:
   - sources:
       - url: https://github.com/intel/Intel-Linux-Processor-Microcode-Data-Files/archive/refs/tags/microcode-{{ .INTEL_UCODE_VERSION }}.tar.gz
         destination: intel-ucode.tar.gz
-        sha256: f46cfe1d8be8d3c2c5a0fb63fc4d48c7dd1444f34346f0e42ad92c706cb90e79
-        sha512: ba1fa7d9bed7d90756ea959f5878afca0deacc9b1e932a936a15d74a411b7efb6103a4af75dc3731d9cbb2e464439ce9a7d448f75bc6f38b616907ff6dec6ee3
+        sha256: 8b7582eac7e9a691356e18b3bdcbc7b2db09494e040ec980a4a5fb6d0da261bf
+        sha512: d996de4f045df33f4eb1a1dabfb2f55bd8941e8dc16241d7a6c361216f4b87b88c34ba57c88ee4d4b7b3cf2b3fac937c43806191681df031fa3d5cdd677a86fe
     prepare:
       - |
         sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml

firmware/vars.yaml

@@ -1,2 +1,2 @@
 # renovate: datasource=github-releases extractVersion=^microcode-(?<version>.*)$ depName=intel/Intel-Linux-Processor-Microcode-Data-Files
-INTEL_UCODE_VERSION: 20240813
+INTEL_UCODE_VERSION: 20240910

guest-agents/qemu-guest-agent/pkg.yaml

@@ -63,6 +63,9 @@ steps:
         rmdir /rootfs/usr/local/share
         rmdir /rootfs/var/run
         rmdir /rootfs/var
+      - |
+        mkdir -p /rootfs/usr/local/etc/containers
+        cp /pkg/qemu-guest-agent.yaml /rootfs/usr/local/etc/containers/
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -74,5 +77,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/qemu-guest-agent.yaml
-    to: /rootfs/usr/local/etc/containers/

guest-agents/xen-guest-agent/pkg.yaml

@@ -32,6 +32,10 @@ steps:
         containerRoot=/rootfs/usr/local/lib/containers/xen-guest-agent
         mkdir -p "$containerRoot"
         mv target/{{ .ARCH }}-alpine-linux-musl/release/xen-guest-agent "$containerRoot/xen-guest-agent"
+      - |
+        mkdir -p /rootfs/usr/local/etc/containers
+
+        cp /pkg/xen-guest-agent.yaml /rootfs/usr/local/etc/containers/
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -43,5 +47,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/xen-guest-agent.yaml
-    to: /rootfs/usr/local/etc/containers/

hack/release.toml

@@ -6,75 +6,15 @@ github_repo = "siderolabs/extensions"
 match_deps = "^github.com/((talos-systems|siderolabs)/[a-zA-Z0-9-]+)$"
 
 # previous release
-previous = "v1.7.0"
+previous = "v1.8.0"
 
-pre_release = true
+pre_release = false
 
 preface = """\
 See [Talos Linux documentation](https://www.talos.dev/v1.8/talos-guides/configuration/system-extensions/) for information on using system extensions.
 """
 
 [notes]
-    [notes.container-runtime-crun]
-        title = "CRUN Container Runtime"
-        description = """
-CRUN container runtime is now shipped as a Talos System Extension
-"""
-
-    [notes.container-runtime-gvisor]
-        title = "Gvisor Container Runtime"
-        description = """
-Gvisor now ships an additional runtime using `kvm` as the sandboxing mechanism.
-"""
-
-    [notes.intel-management-engine]
-        title = "Intel Management Engine"
-        description = """
-Intel Management Engine (IME) modules is now shipped as a Talos System Extension.
-"""
-
-    [notes.nvidia]
-        title = "NVIDIA Driver and Container Toolkit"
-        description = """
-The NVIDIA drivers and the container toolkits now ships an LTS and Production version as per https://docs.nvidia.com/datacenter/tesla/drivers/index.html#lifecycle.
-
-The new extensions are named below:
-
-* nvidia-container-toolkit-production
-* nvidia-container-toolkit-lts
-* nvidia-open-gpu-kernel-modules-production
-* nvidia-open-gpu-kernel-modules-lts
-* nonfree-kmod-nvidia-lts
-* nonfree-kmod-nvidia-production
-
-The extensions would ship the latest version of LTS/Production drivers available at the time of Talos release.
-
-Image Factory using an existing schematic id would upgrade the NVIDIA driver and container toolkit to the LTS version.
-
-If production version is required, the schematic id should be updated to the production version.
-"""
-
-[notes.updates]
-    title = "Component Updates"
-    description = """
-ZFS: 2.2.6
-DRBD: 9.2.11
-gasket: 5815ee3
-Tailscale: 1.70.0
-ecr-credential-provider: 1.31.0
-qemu-guest-agent: 9.1.0
-mdadm: 4.3
-Intel microcode: 20240813
-Linux firmware: 20240811
-Spin: 0.15.1
-Gvisor: 20240729.0
-Wasmedge: v0.4.0
-Kata Containers: 3.3.0
-NVIDIA container toolkit: v1.16.1
-iscsi-tools: v0.1.5
-vmtoolsd: v0.6.0
-util-linux-tools: 2.40.2
-"""
 
 
 [make_deps]

network/tailscale/pkg.yaml

@@ -37,6 +37,9 @@ steps:
         cp -pr dist/tailscale /rootfs/usr/local/lib/containers/tailscale/usr/local/bin
         cp -pr dist/tailscaled /rootfs/usr/local/lib/containers/tailscale/usr/local/bin
         cp -pr dist/containerboot /rootfs/usr/local/lib/containers/tailscale/usr/local/bin
+      - |
+        mkdir -p /rootfs/usr/local/etc/containers
+        cp /pkg/tailscale.yaml /rootfs/usr/local/etc/containers/
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -48,5 +51,3 @@ finalize:
     to: /rootfs
   - from: /pkg/manifest.yaml
     to: /
-  - from: /pkg/tailscale.yaml
-    to: /rootfs/usr/local/etc/containers/

nvidia-gpu/nvidia-container-toolkit/lts/pkg.yaml

@@ -18,7 +18,9 @@ steps:
         sed -i 's#$VERSION#{{ .VERSION }}#' /pkg/manifest.yaml
     install:
       - |
-        mkdir -p /rootfs
+        mkdir -p /rootfs/usr/local/etc/containers
+
+        cp /pkg/nvidia-persistenced.yaml /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
     test:
       - |
         mkdir -p /extensions-validator-rootfs
@@ -28,7 +30,5 @@ steps:
 finalize:
   - from: /rootfs
     to: /rootfs
-  - from: /pkg/nvidia-persistenced.yaml
-    to: /rootfs/usr/local/etc/containers/nvidia-persistenced.yaml
   - from: /pkg/manifest.yaml
     to: /