Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package talosctl for openSUSE:Factory checked in at 2026-01-23 17:33:30 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/talosctl (Old) and /work/SRC/openSUSE:Factory/.talosctl.new.1928 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "talosctl" Fri Jan 23 17:33:30 2026 rev:41 rq:1328797 version:1.12.2 Changes: -------- --- /work/SRC/openSUSE:Factory/talosctl/talosctl.changes 2026-01-12 10:35:12.283772048 +0100 +++ /work/SRC/openSUSE:Factory/.talosctl.new.1928/talosctl.changes 2026-01-23 17:33:45.619648755 +0100 @@ -1,0 +2,17 @@ +Fri Jan 23 06:20:31 UTC 2026 - Johannes Kastl <[email protected]> + +- update to 1.12.2: + https://github.com/siderolabs/talos/releases/tag/v1.12.2 + * talosctl images talos-bundle can ignore reaching to the + registry + The talosctl images talos-bundle command now accepts optional + --ovelays and --extensions flags. + If those are set to false, the command will not attempt to + reach out to the container registry to fetch the latest + versions and digests of the overlays and extensions. + * 9f8d938db fix: print talosctl images to release notes +- update to 1.12.1: + https://github.com/siderolabs/talos/releases/tag/v1.12.1 + * no CLI-related changes in the Changelog + +------------------------------------------------------------------- Old: ---- talosctl-1.12.0.obscpio New: ---- talosctl-1.12.1.obscpio talosctl-1.12.2.obscpio ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ talosctl.spec ++++++ --- /var/tmp/diff_new_pack.JtxWMb/_old 2026-01-23 17:33:46.907701838 +0100 +++ /var/tmp/diff_new_pack.JtxWMb/_new 2026-01-23 17:33:46.907701838 +0100 @@ -17,7 +17,7 @@ Name: talosctl -Version: 1.12.0 +Version: 1.12.2 Release: 0 Summary: CLI to interact with Talos Linux License: MPL-2.0 ++++++ _service ++++++ --- /var/tmp/diff_new_pack.JtxWMb/_old 2026-01-23 17:33:46.959703980 +0100 +++ /var/tmp/diff_new_pack.JtxWMb/_new 2026-01-23 17:33:46.967704310 +0100 @@ -4,7 +4,7 @@ <param name="scm">git</param> <param name="exclude">.git</param> <param name="exclude">go.work</param> - <param name="revision">v1.12.0</param> + <param name="revision">v1.12.2</param> <param name="match-tag">v*</param> <param name="versionformat">@PARENT_TAG@</param> <param name="versionrewrite-pattern">v(.*)</param> ++++++ talosctl-1.12.0.obscpio -> talosctl-1.12.1.obscpio ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/CHANGELOG.md new/talosctl-1.12.1/CHANGELOG.md --- old/talosctl-1.12.0/CHANGELOG.md 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/CHANGELOG.md 2026-01-05 12:50:33.000000000 +0100 @@ -1,3 +1,64 @@ +## [Talos 1.12.1](https://github.com/siderolabs/talos/releases/tag/v1.12.1) (2026-01-05) + +Welcome to the v1.12.1 release of Talos! + + + +Please try out the release binaries and report any issues at +https://github.com/siderolabs/talos/issues. + +### Component Updates + +Linux: 6.18.2 + +Talos is built with Go 1.25.5. + + +### Contributors + +* Andrey Smirnov +* Mateusz Urbanek +* Dmitrii Sharshakov + +### Changes +<details><summary>6 commits</summary> +<p> + +* [`78a785604`](https://github.com/siderolabs/talos/commit/78a785604ad40eb9f1634c9db5477bd6ce99428c) chore: run rekres and update dependencies +* [`c31067173`](https://github.com/siderolabs/talos/commit/c3106717392a34fcca959b414f5064d6c799eaa3) fix: disable swap for system services +* [`a7e8426cf`](https://github.com/siderolabs/talos/commit/a7e8426cfb46f4c46476243032e2f4ade1fe9dfc) test: skip the source bundle on exact tag +* [`943984167`](https://github.com/siderolabs/talos/commit/943984167c22af0853d2c956677a241acece807f) fix: probe small images correctly +* [`42df71637`](https://github.com/siderolabs/talos/commit/42df71637763b1bf10bdf0fe89f650c367605b8c) fix: invalid versions check in talos-bundle +* [`a3e90e445`](https://github.com/siderolabs/talos/commit/a3e90e445f0f99b050eb98fcd9565b2b5e3397bf) fix: make upgrade work with SELinux enforcing=1 +</p> +</details> + +### Changes from siderolabs/pkgs +<details><summary>2 commits</summary> +<p> + +* [`90ff196`](https://github.com/siderolabs/pkgs/commit/90ff1965cdb2ab54d8e826f3673324cd1b5c94da) chore: run rekres and update dependencies +* [`2b30517`](https://github.com/siderolabs/pkgs/commit/2b3051775ca0d7531f65b81572e391a96b4a2c04) feat: update Linux to 6.18.2 +</p> +</details> + +### Changes from siderolabs/tools +<details><summary>1 commit</summary> +<p> + +* [`5df8bae`](https://github.com/siderolabs/tools/commit/5df8baedd100b6f117f664f383944daaf3371804) chore: run rekres and update dependencies +</p> +</details> + +### Dependency Changes + +* **github.com/klauspost/compress** v1.18.1 -> v1.18.2 +* **github.com/siderolabs/go-blockdevice/v2** v2.0.20 -> v2.0.22 +* **github.com/siderolabs/pkgs** v1.12.0-23-ge0b78b8 -> v1.12.0-25-g90ff196 +* **github.com/siderolabs/tools** v1.12.0-2-g7d57df0 -> v1.12.0-3-g5df8bae + +Previous release can be found at [v1.12.0](https://github.com/siderolabs/talos/releases/tag/v1.12.0) + ## [Talos 1.12.0](https://github.com/siderolabs/talos/releases/tag/v1.12.0) (2025-12-22) Welcome to the v1.12.0 release of Talos! diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/Makefile new/talosctl-1.12.1/Makefile --- old/talosctl-1.12.0/Makefile 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/Makefile 2026-01-05 12:50:33.000000000 +0100 @@ -25,9 +25,9 @@ EMBED_TARGET ?= embed TOOLS_PREFIX ?= ghcr.io/siderolabs/tools -TOOLS ?= v1.12.0-2-g7d57df0 +TOOLS ?= v1.12.0-3-g5df8bae PKGS_PREFIX ?= ghcr.io/siderolabs -PKGS ?= v1.12.0-23-ge0b78b8 +PKGS ?= v1.12.0-25-g90ff196 GENERATE_VEX_PREFIX ?= ghcr.io/siderolabs/generate-vex GENERATE_VEX ?= latest diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/cmd/talosctl/cmd/talos/image.go new/talosctl-1.12.1/cmd/talosctl/cmd/talos/image.go --- old/talosctl-1.12.0/cmd/talosctl/cmd/talos/image.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/cmd/talosctl/cmd/talos/image.go 2026-01-05 12:50:33.000000000 +0100 @@ -198,6 +198,12 @@ panic(err) // panic, this should never happen } + maximumVersion.Patch = 0 + maximumVersion.Pre = nil + if err := maximumVersion.IncrementMinor(); err != nil { + panic(err) // panic, this should never happen + } + // If no version specified, use current version if len(args) == 0 { return nil @@ -205,13 +211,19 @@ tag := args[0] + if !strings.HasPrefix(tag, "v") { + return fmt.Errorf("invalid tag %q: must have \"v\" prefix", tag) + } + ver, err := semver.ParseTolerant(tag) if err != nil { - return fmt.Errorf("invalid argument %q for %q: tag must be a valid semver", tag, cmd.CommandPath()) + return fmt.Errorf("invalid argument %q: tag must be a valid semver", tag) } if !ver.GTE(minimumVersion) || !ver.LT(maximumVersion) { - return fmt.Errorf("invalid argument %q for %q: tag for the bundle must be within range \"v%s\" - \"v%s\"", tag, cmd.CommandPath(), minimumVersion, maximumVersion) + return fmt.Errorf( + "invalid tag %q: must be between v%s (inclusive) and v%s (exclusive)", tag, minimumVersion, maximumVersion, + ) } return nil diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/go.mod new/talosctl-1.12.1/go.mod --- old/talosctl-1.12.0/go.mod 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/go.mod 2026-01-05 12:50:33.000000000 +0100 @@ -103,7 +103,7 @@ github.com/jeromer/syslogparser v1.1.0 github.com/jsimonetti/rtnetlink/v2 v2.1.0 github.com/jxskiss/base62 v1.1.0 - github.com/klauspost/compress v1.18.1 + github.com/klauspost/compress v1.18.2 github.com/klauspost/cpuid/v2 v2.3.0 github.com/linode/go-metadata v0.2.2 github.com/martinlindhe/base36 v1.1.1 @@ -139,7 +139,7 @@ github.com/siderolabs/discovery-client v0.1.13 github.com/siderolabs/gen v0.8.6 github.com/siderolabs/go-api-signature v0.3.12 - github.com/siderolabs/go-blockdevice/v2 v2.0.20 + github.com/siderolabs/go-blockdevice/v2 v2.0.22 github.com/siderolabs/go-circular v0.2.3 github.com/siderolabs/go-cmd v0.1.3 github.com/siderolabs/go-copy v0.1.0 @@ -160,7 +160,7 @@ github.com/siderolabs/net v0.4.0 github.com/siderolabs/proto-codec v0.1.2 github.com/siderolabs/siderolink v0.3.15 - github.com/siderolabs/talos/pkg/machinery v1.12.0 + github.com/siderolabs/talos/pkg/machinery v1.12.1 github.com/sirupsen/logrus v1.9.3 github.com/spf13/cobra v1.10.1 github.com/spf13/pflag v1.0.10 diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/go.sum new/talosctl-1.12.1/go.sum --- old/talosctl-1.12.0/go.sum 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/go.sum 2026-01-05 12:50:33.000000000 +0100 @@ -410,8 +410,8 @@ github.com/keybase/go-keychain v0.0.1/go.mod h1:PdEILRW3i9D8JcdM+FmY6RwkHGnhHxXwkPPMeUgOK1k= github.com/kisielk/errcheck v1.5.0/go.mod h1:pFxgyoBC7bSaBwPgfKdkLd5X25qrDl4LWUI2bnpBCr8= github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+oQHNcck= -github.com/klauspost/compress v1.18.1 h1:bcSGx7UbpBqMChDtsF28Lw6v/G94LPrrbMbdC3JH2co= -github.com/klauspost/compress v1.18.1/go.mod h1:ZQFFVG+MdnR0P+l6wpXgIL4NTtwiKIdBnrBd8Nrxr+0= +github.com/klauspost/compress v1.18.2 h1:iiPHWW0YrcFgpBYhsA6D1+fqHssJscY/Tm/y2Uqnapk= +github.com/klauspost/compress v1.18.2/go.mod h1:R0h/fSBs8DE4ENlcrlib3PsXS61voFxhIs2DeRhCvJ4= github.com/klauspost/cpuid/v2 v2.3.0 h1:S4CRMLnYUhGeDFDqkGriYKdfoFlDnMtqTiI/sFzhA9Y= github.com/klauspost/cpuid/v2 v2.3.0/go.mod h1:hqwkgyIinND0mEev00jJYCxPNVRVXFQeu1XKlok6oO0= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -621,8 +621,8 @@ github.com/siderolabs/gen v0.8.6/go.mod h1:J9IbusbES2W6QWjtSHpDV9iPGZHc978h1+KJ4oQRspQ= github.com/siderolabs/go-api-signature v0.3.12 h1:i1X+kPh9fzo+lEjtEplZSbtq1p21vKv4FCWJcB/ozvk= github.com/siderolabs/go-api-signature v0.3.12/go.mod h1:dPLiXohup4qHX7KUgF/wwOE3lRU5uAr3ssEomNxiyxY= -github.com/siderolabs/go-blockdevice/v2 v2.0.20 h1:qlplJNbyrUTAOcvM7Lyi8HCCu1Mm+Sk5YLOZFDv2y40= -github.com/siderolabs/go-blockdevice/v2 v2.0.20/go.mod h1:nqUmQxOSex/Sg70x+QyhdE/VtXZ6Q53Z4FoR2RFBzZU= +github.com/siderolabs/go-blockdevice/v2 v2.0.22 h1:57SsdY/xWItgJCpF/++xwPp6jIllRO7q+IyX5xp4xB0= +github.com/siderolabs/go-blockdevice/v2 v2.0.22/go.mod h1:jtLk/1RMdhN9kIyVfFiSYwBvJx7Ule4lDLL+wM3tlIU= github.com/siderolabs/go-circular v0.2.3 h1:GKkA1Tw79kEFGtWdl7WTxEUTbwtklITeiRT0V1McHrA= github.com/siderolabs/go-circular v0.2.3/go.mod h1:YBN/q9YpQphUYnBtBgPsngauSHj1TEZfgQZWZVjk1WE= github.com/siderolabs/go-cmd v0.1.3 h1:JrgZwqhJQeoec3QRON0LK+fv+0y7d0DyY7zsfkO6ciw= diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/hack/release.toml new/talosctl-1.12.1/hack/release.toml --- old/talosctl-1.12.0/hack/release.toml 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/hack/release.toml 2026-01-05 12:50:33.000000000 +0100 @@ -7,7 +7,7 @@ ignore_deps = ["github.com/coredns/coredns"] # previous release -previous = "v1.11.0" +previous = "v1.12.0" pre_release = false @@ -18,212 +18,11 @@ [notes.updates] title = "Component Updates" description = """\ -Linux: 6.18.1 -Kubernetes: 1.35.0 -CNI Plugins: 1.9.0 -cryptsetup: 2.8.1 -LVM2: 2_03_37 -systemd-udevd: 257.8 -etcd: 3.6.7 -CoreDNS: 1.13.2 -Flannel: 0.27.4 -Flannel CNI plugin: v1.8.0-flannel2 -runc: 1.3.4 -containerd: 2.1.6 -zfs: 2.4.0 +Linux: 6.18.2 Talos is built with Go 1.25.5. """ - [notes.aaawhatsnew] - title = "What's New" - description = """\ -See also [What's new in Talos v1.12.0](https://docs.siderolabs.com/talos/v1.12/getting-started/what's-new-in-talos) in the documentation for a summary of the most notable changes in this release. -""" - - [notes.luks2] - title = "Encrypted Volumes" - description = """\ -Talos Linux now consistently provides mapped names for encrypted volumes in the format `/dev/mapper/luks2-<volume-id>`. -This change should not affect system or user volumes, but might allow easier identification of encrypted volumes, -and specifically for raw encrypted volumes. -""" - - [notes.disk-encryption] - title = "Disk Encryption" - description = """\ -Talos versions prior to v1.12 used the state of PCR 7 and signed policies locked to PCR 11 for TPM based disk encryption. - -Talos now supports configuring which PCRs states are to be used for TPM based disk encryption via the `options.pcrs` -field in the `tpm` section of the disk encryption configuration. - -If user doesn't specify any options Talos defaults to using PCR 7 for backwards compatibility with existing installations. - -This change was made to improve compatibility with systems that may have varying states in PCR 7 due to UEFI Secure Boot configurations -and users may wish to disable locking to PCR 7 state entirely. - -Signed PCR policies will still be bound to PCR 11. - -The currently used PCR's can be seen with `talosctl get volumestatus <volume> -o yaml` command. -""" - - [notes.kspp] - title = "Kernel Security Posture Profile (KSPP)" - description = """\ -Talos now enables a stricter set of KSPP sysctl settings by default. -The list of overridden settings is available with `talosctl get kernelparamstatus` command. -""" - - [notes.extra-binaries] - title = "Extra Binaries" - description = """\ -Talos Linux now ships with `nft` binary in the rootfs to support CNIs which shell out to `nft` command. -""" - - [notes.ethernet-config] - title = "Ethernet Configuration" - description = """\ -The Ethernet configuration now includes a `wakeOnLAN` field to enable Wake-on-LAN (WOL) support. -This field can be set to enable WOL and specify the desired WOL modes. -""" - - [notes.embedded-config] - title = "Embedded Config" - description = """\ -Talos Linux now supports [embedding the machine configuration](https://www.talos.dev/v1.12/talos-guides/configuration/acquire/) directly into the boot image. -""" - - [notes.feature-lock] - title = "Feature Lock" - description = """\ -Talos now ignores the following machine configuration fields: - -- `machine.features.rbac` (locked to true) -- `machine.features.apidCheckExtKeyUsage` (locked to true) -- `cluster.apiServer.disablePodSecurityPolicy` (locked to true) - -These fields were removed from the default machine configuration schema in v1.12 and are now always set to the locked values above. -""" - - [notes.etcd] - title = "etcd" - description = """\ -etcd container image is now pulled from `registry.k8s.io/etcd` instead of `gcr.io/etcd-development/etcd`. -""" - - [notes.talosctl] - title = "talosctl image cache-serve" - description = """\ -`talosctl` includes new subcommand `image cache-serve`. -It allows serving the created OCI image registry over HTTP/HTTPS. -It is a read-only registry, meaning images cannot be pushed to it, but the backing storage can be updated by re-running the `cache-create` command; - -Additionally `talosctl image cache-create` has some changes: - * new flag `--layout`: `oci` (_default_), `flat`: - * `oci` preserves current behavior; - * `flat` does not repack artifact layer, but moves it to a destination directory, allowing it to be served by `talosctl image cache-serve`; - * changed flag `--platform`: now can accept multiple os/arch combinations: - * comma separated (`--platform=linux/amd64,linux/arm64`); - * multiple instances (`--platform=linux/amd64 --platform=linux/arm64`); -""" - - [notes.force-reboot] - title = "Talos force reboot" - description = """\ -Talos now supports a "force" reboot mode, which allows skipping the graceful userland termination. -It can be used in situations where a userland service (e.g. the kubelet) gets stuck during graceful shutdown, causing the regular reboot flow to fail. - -In addition, `talosctl` was updated to support this feature via `talosctl reboot --mode force`. -""" - - [notes.kernel-module] - title = "Kernel Module" - description = """\ -Talos now supports optionally disabling kernel module signature verification by setting `module.sig_enforce=0` kernel parameter. -By default module signature verification is enabled (`module.sig_enforce=1`). -When using Factory or Imager supply as `-module.sig_enfore module.sig_enforce=0` kernel parameters to disable module signature enforcement. -""" - - [notes.grub] - title = "GRUB" - description = """\ -Talos Linux introduces new machine configuration option `.machine.install.grubUseUKICmdline` to control whether GRUB should use the kernel command line -provided by the boot assets (UKI) or to use the command line constructed by Talos itself (legacy behavior). - -This option defaults to `true` for new installations, which means that GRUB will use the command line from the UKI, making it easier to customize kernel parameters via boot asset generation. -For existing installations upgrading to v1.12, this option will default to `false` to preserve the legacy behavior. -""" - - [notes.directory-user-volumes] - title = "New User Volume type - bind" - description = """\ -New field in UserVolumeConfig - `volumeType` that defaults to `partition`, but can be set to `directory`. -When set to `directory`, provisioning and filesystem operations are skipped and a directory is created under `/var/mnt/<name>`. - -The `directory` type enables lightweight storage volumes backed by a host directory, instead of requiring a full block device partition. - -When `volumeType = "directory"`: -- A directory is created at `/var/mnt/<metadata.name>`; -- `provisioning`, `filesystem` and `encryption` are prohibited. - -Note: this mode does not provide filesystem-level isolation and inherits the EPHEMERAL partition capacity limits. -It should not be used for workloads requiring predictable storage quotas. -""" - - [notes.registry-configuration] - title = "CRI Registry Configuration" - description = """\ -The CRI registry configuration in v1apha1 legacy machine configuration under `.machine.registries` is now deprecated, but still supported for backwards compatibility. -New configuration documents `RegistryMirrorConfig`, `RegistryAuthConfig` and `RegistryTLSConfig` should be used instead. -""" - - [notes.disk-user-volumes] - title = "New User Volume type - disk" - description = """\ -`volumeType` in UserVolumeConfig can be set to `disk`. -When set to `disk`, a full block device is used for the volume. - -When `volumeType = "disk"`: -- Size specific settings are not allowed in the provisioning block (`minSize`, `maxSize`, `grow`). -""" - - [notes.uefi-boot] - title = "UEFI Boot" - description = """\ -When using UEFI boot with systemd-boot as bootloader (on new installs of Talos from 1.10+ onwards), Talos will now not touch the UEFI boot order. -Talos 1.11 made a fix to create UEFI boot entry and set the boot order as first entry, but this behavior caused issues on some systems. -To avoid further issues, Talos will now only create the UEFI boot entry if it does not exist, but will not modify the boot order. -""" - - [notes.network-configuration] - title = "Network Configuration" - description = """\ -The network configuration under `.machine.network` (with the exception of KubeSpan) has been deprecated, but it is still supported for backwards compatibility. -See [documentation](https://docs.siderolabs.com/talos/v1.12/networking/configuration/overview) for more information. -""" - - [notes.apiserver-cipher-suites] - title = "API Server Cipher Suites" - description = """\ -The Kubernetes API server in Talos has been updated to use a more secure set of TLS cipher suites by default. -This is in line with a set of best practices documented in CIS 1.12 benchmark. - -You can still expand the list of supported cipher suites via the `cluster.apiServer.extraArgs."tls-cipher-suites"` machine configuration field if needed. -""" - - [notes.kernel-log] - title = "Kernel Log" - description = """\ -The kernel log (dmesg) is now also available as the service log named `kernel` (`talosctl logs kernel`). -""" - - [notes.persistent-logs] - title = "Persistent logs" - description = """\ -Talos now stores system component logs in /var/log, featuring automatic log rotation and keeping two most -recent log files. This change allows collecting logs from Talos like on any other Linux system. -""" - [make_deps] [make_deps.tools] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/app/machined/pkg/system/runner/runner.go new/talosctl-1.12.1/internal/app/machined/pkg/system/runner/runner.go --- old/talosctl-1.12.0/internal/app/machined/pkg/system/runner/runner.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/app/machined/pkg/system/runner/runner.go 2026-01-05 12:50:33.000000000 +0100 @@ -6,18 +6,15 @@ package runner import ( - "context" "fmt" "io" "time" containerd "github.com/containerd/containerd/v2/client" - ocicontainers "github.com/containerd/containerd/v2/core/containers" "github.com/containerd/containerd/v2/pkg/oci" "github.com/opencontainers/runtime-spec/specs-go" "github.com/siderolabs/gen/maps" "github.com/siderolabs/gen/optional" - "github.com/siderolabs/go-pointer" "github.com/siderolabs/talos/internal/app/machined/pkg/runtime" "github.com/siderolabs/talos/internal/app/machined/pkg/runtime/logging" @@ -245,23 +242,6 @@ } } -// WithMemoryReservation sets the memory reservation limit as on OCI spec. -func WithMemoryReservation(limit uint64) oci.SpecOpts { - return func(_ context.Context, _ oci.Client, _ *ocicontainers.Container, s *oci.Spec) error { - if s.Linux.Resources == nil { - s.Linux.Resources = &specs.LinuxResources{} - } - - if s.Linux.Resources.Memory == nil { - s.Linux.Resources.Memory = &specs.LinuxMemory{} - } - - s.Linux.Resources.Memory.Reservation = pointer.To(int64(limit)) - - return nil - } -} - // WithPriority sets the priority of the process. func WithPriority(priority int) Option { return func(args *Options) { diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/app/machined/pkg/system/services/etcd.go new/talosctl-1.12.1/internal/app/machined/pkg/system/services/etcd.go --- old/talosctl-1.12.0/internal/app/machined/pkg/system/services/etcd.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/app/machined/pkg/system/services/etcd.go 2026-01-05 12:50:33.000000000 +0100 @@ -36,7 +36,6 @@ "github.com/siderolabs/talos/internal/app/machined/pkg/system/runner" "github.com/siderolabs/talos/internal/app/machined/pkg/system/runner/containerd" "github.com/siderolabs/talos/internal/app/machined/pkg/system/runner/restart" - "github.com/siderolabs/talos/internal/pkg/cgroup" "github.com/siderolabs/talos/internal/pkg/containers/image" "github.com/siderolabs/talos/internal/pkg/environment" "github.com/siderolabs/talos/internal/pkg/etcd" @@ -221,8 +220,6 @@ oci.WithHostNamespace(specs.NetworkNamespace), oci.WithMounts(mounts), oci.WithUser(fmt.Sprintf("%d:%d", constants.EtcdUserID, constants.EtcdUserID)), - runner.WithMemoryReservation(constants.CgroupEtcdReservedMemory), - oci.WithCPUShares(uint64(cgroup.MilliCoresToShares(constants.CgroupEtcdMillicores))), ), runner.WithOOMScoreAdj(-998), ), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/integration/cli/image.go new/talosctl-1.12.1/internal/integration/cli/image.go --- old/talosctl-1.12.0/internal/integration/cli/image.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/integration/cli/image.go 2026-01-05 12:50:33.000000000 +0100 @@ -11,11 +11,13 @@ "strings" "testing" + "github.com/blang/semver/v4" "github.com/siderolabs/gen/xslices" "github.com/stretchr/testify/assert" "github.com/siderolabs/talos/internal/integration/base" "github.com/siderolabs/talos/pkg/machinery/config/machine" + "github.com/siderolabs/talos/pkg/machinery/version" ) // ImageSuite verifies the image command. @@ -35,10 +37,20 @@ ) } +var versionRe = regexp.MustCompile(`^[v]?(\d+\.\d+\.\d+(?:-(?:alpha|beta|rc)\.\d+)?)`) + +func normalizeTag(tag string) string { + m := versionRe.FindStringSubmatch(tag) + if len(m) == 0 { + return tag + } + + return m[1] +} + // TestSourceBundle verifies talos-bundle Talos list of images. func (suite *ImageSuite) TestSourceBundle() { - suite.RunCLI([]string{"image", "talos-bundle", "v1.11.2"}, - base.StdoutShouldMatch(regexp.MustCompile(regexp.QuoteMeta(`ghcr.io/siderolabs/installer:v1.11.2 + out := `ghcr.io/siderolabs/installer:v1.11.2 ghcr.io/siderolabs/installer-base:v1.11.2 ghcr.io/siderolabs/imager:v1.11.2 ghcr.io/siderolabs/talos:v1.11.2 @@ -115,7 +127,36 @@ ghcr.io/siderolabs/xen-guest-agent:0.4.0-g5c274e6@sha256:91e08d9ae45e325bf20da77f251e265d0e72cb38751a6dcee930bf21c9adacc1 ghcr.io/siderolabs/youki:0.5.5@sha256:562ceabb69570203024dbb9b8673ba485af1ffdd082210656573e22557235372 ghcr.io/siderolabs/zerotier:1.16.0@sha256:9444baa3acdc665dba56ed16c8a983c81c3f37fc73877be8fd882f9cf8c9fa5a -ghcr.io/siderolabs/zfs:2.3.3-v1.11.2@sha256:73782571f334b18995ddf324d24b86ea9a11aa37661a468b4e077da63e0d9714`))), +ghcr.io/siderolabs/zfs:2.3.3-v1.11.2@sha256:73782571f334b18995ddf324d24b86ea9a11aa37661a468b4e077da63e0d9714` + + suite.RunCLI([]string{"image", "talos-bundle", "v1.11.2"}, + base.StdoutShouldMatch(regexp.MustCompile(regexp.QuoteMeta(out))), + ) + + tag, err := semver.ParseTolerant(normalizeTag(version.Tag)) + assert.NoError(suite.T(), err) + + suite.T().Log(normalizeTag(version.Tag)) + suite.T().Log(version.Tag) + + if strings.TrimLeft(version.Tag, "v") == normalizeTag(version.Tag) { + suite.T().Skip("skipping the test for the exact version tag") + } + + suite.RunCLI([]string{"image", "talos-bundle", "v" + tag.String()}, + base.StdoutShouldMatch(regexp.MustCompile(regexp.QuoteMeta("ghcr.io/siderolabs/talos:v"+tag.String()))), + ) + + suite.RunCLI([]string{"image", "talos-bundle", tag.String()}, + base.StdoutEmpty(), + base.ShouldFail(), + ) + + tag.Patch = 0 + assert.NoError(suite.T(), tag.IncrementMinor()) + suite.RunCLI([]string{"image", "talos-bundle", "v" + tag.FinalizeVersion()}, + base.StdoutEmpty(), + base.ShouldFail(), ) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/integration/provision/provision.go new/talosctl-1.12.1/internal/integration/provision/provision.go --- old/talosctl-1.12.0/internal/integration/provision/provision.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/integration/provision/provision.go 2026-01-05 12:50:33.000000000 +0100 @@ -23,6 +23,7 @@ "github.com/siderolabs/go-blockdevice/v2/encryption" "github.com/siderolabs/go-kubernetes/kubernetes/upgrade" "github.com/siderolabs/go-pointer" + "github.com/siderolabs/go-procfs/procfs" "github.com/siderolabs/go-retry/retry" sideronet "github.com/siderolabs/net" "github.com/stretchr/testify/suite" @@ -440,6 +441,8 @@ ControlplaneNodes int WorkerNodes int + InjectExtraKernelArgs *procfs.Cmdline + SourceKernelPath string SourceInitramfsPath string SourceDiskImagePath string @@ -648,7 +651,8 @@ Size: DefaultSettings.DiskGB * 1024 * 1024 * 1024, }, }, - Config: suite.configBundle.ControlPlane(), + Config: suite.configBundle.ControlPlane(), + SDStubKernelArgs: options.InjectExtraKernelArgs, }, ) } @@ -667,7 +671,8 @@ Size: DefaultSettings.DiskGB * 1024 * 1024 * 1024, }, }, - Config: suite.configBundle.Worker(), + Config: suite.configBundle.Worker(), + SDStubKernelArgs: options.InjectExtraKernelArgs, }, ) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/integration/provision/upgrade.go new/talosctl-1.12.1/internal/integration/provision/upgrade.go --- old/talosctl-1.12.0/internal/integration/provision/upgrade.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/integration/provision/upgrade.go 2026-01-05 12:50:33.000000000 +0100 @@ -10,16 +10,24 @@ "fmt" "path/filepath" + "github.com/cosi-project/runtime/pkg/resource/rtestutils" + "github.com/siderolabs/go-procfs/procfs" + "github.com/stretchr/testify/assert" + "github.com/siderolabs/talos/cmd/talosctl/pkg/mgmt/helpers" "github.com/siderolabs/talos/pkg/images" + talosclient "github.com/siderolabs/talos/pkg/machinery/client" "github.com/siderolabs/talos/pkg/machinery/config/machine" "github.com/siderolabs/talos/pkg/machinery/constants" + "github.com/siderolabs/talos/pkg/machinery/resources/runtime" ) //nolint:maligned type upgradeSpec struct { ShortName string + InjectExtraKernelArgs *procfs.Cmdline + SourceKernelPath string SourceInitramfsPath string SourceDiskImagePath string @@ -42,6 +50,7 @@ WithEncryption bool WithBios bool WithApplyConfig bool + WithEnforcing bool } const ( @@ -226,6 +235,38 @@ } } +func upgradeCurrentToCurrentEnforcing() upgradeSpec { + installerImage := fmt.Sprintf( + "%s/%s:%s", + DefaultSettings.TargetInstallImageRegistry, + images.DefaultInstallerImageName, + DefaultSettings.CurrentVersion, + ) + + return upgradeSpec{ + ShortName: fmt.Sprintf("%s-same-ver-enforcing", DefaultSettings.CurrentVersion), + + InjectExtraKernelArgs: procfs.NewCmdline("enforcing=1"), + + SourceISOPath: helpers.ArtifactPath("metal-amd64.iso"), + SourceInstallerImage: installerImage, + SourceVersion: DefaultSettings.CurrentVersion, + SourceK8sVersion: currentK8sVersion, + + TargetInstallerImage: installerImage, + TargetVersion: DefaultSettings.CurrentVersion, + TargetK8sVersion: currentK8sVersion, + + ControlplaneNodes: 1, + WorkerNodes: 0, + + TargetCmdlineContains: "enforcing=1", + + WithApplyConfig: true, + WithEnforcing: true, + } +} + // UpgradeSuite ... type UpgradeSuite struct { BaseSuite @@ -264,6 +305,8 @@ ControlplaneNodes: suite.spec.ControlplaneNodes, WorkerNodes: suite.spec.WorkerNodes, + InjectExtraKernelArgs: suite.spec.InjectExtraKernelArgs, + SourceKernelPath: suite.spec.SourceKernelPath, SourceInitramfsPath: suite.spec.SourceInitramfsPath, SourceDiskImagePath: suite.spec.SourceDiskImagePath, @@ -283,6 +326,18 @@ // verify initial cluster version suite.assertSameVersionCluster(client, suite.spec.SourceVersion) + // verify enforcing state + for _, node := range suite.Cluster.Info().Nodes { + rtestutils.AssertResource( + talosclient.WithNode(suite.ctx, node.IPs[0].String()), + suite.T(), client.COSI, + runtime.SecurityStateID, + func(r *runtime.SecurityState, asrt *assert.Assertions) { + asrt.Equal(suite.spec.WithEnforcing, r.TypedSpec().SELinuxState == runtime.SELinuxStateEnforcing) + }, + ) + } + options := upgradeOptions{ TargetInstallerImage: suite.spec.TargetInstallerImage, UpgradeStage: suite.spec.UpgradeStage, @@ -306,6 +361,18 @@ // verify final cluster version suite.assertSameVersionCluster(client, suite.spec.TargetVersion) + // verify enforcing state + for _, node := range suite.Cluster.Info().Nodes { + rtestutils.AssertResource( + talosclient.WithNode(suite.ctx, node.IPs[0].String()), + suite.T(), client.COSI, + runtime.SecurityStateID, + func(r *runtime.SecurityState, asrt *assert.Assertions) { + asrt.Equal(suite.spec.WithEnforcing, r.TypedSpec().SELinuxState == runtime.SELinuxStateEnforcing) + }, + ) + } + // upgrade Kubernetes if required suite.upgradeKubernetes(suite.spec.SourceK8sVersion, suite.spec.TargetK8sVersion, suite.spec.SkipKubeletUpgrade) @@ -337,5 +404,6 @@ &UpgradeSuite{specGen: upgradeCurrentToCurrentBios, track: 0}, &UpgradeSuite{specGen: upgradeStableToCurrentPreserveStage, track: 1}, &UpgradeSuite{specGen: upgradeCurrentToCurrentNewCmdline, track: 2}, + &UpgradeSuite{specGen: upgradeCurrentToCurrentEnforcing, track: 1}, ) } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/pkg/cgroup/cgroup.go new/talosctl-1.12.1/internal/pkg/cgroup/cgroup.go --- old/talosctl-1.12.0/internal/pkg/cgroup/cgroup.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/pkg/cgroup/cgroup.go 2026-01-05 12:50:33.000000000 +0100 @@ -88,8 +88,9 @@ case constants.CgroupInit: return &cgroup2.Resources{ Memory: &cgroup2.Memory{ - Min: pointer.To[int64](constants.CgroupInitReservedMemory), - Low: pointer.To[int64](constants.CgroupInitReservedMemory * 2), + Min: pointer.To[int64](constants.CgroupInitReservedMemory), + Low: pointer.To[int64](constants.CgroupInitReservedMemory * 2), + Swap: pointer.To[int64](0), }, CPU: &cgroup2.CPU{ Weight: pointer.To[uint64](MillicoresToCPUWeight(MilliCores(constants.CgroupInitMillicores))), @@ -108,8 +109,9 @@ case constants.CgroupSystemRuntime: return &cgroup2.Resources{ Memory: &cgroup2.Memory{ - Min: pointer.To[int64](constants.CgroupSystemRuntimeReservedMemory), - Low: pointer.To[int64](constants.CgroupSystemRuntimeReservedMemory * 2), + Min: pointer.To[int64](constants.CgroupSystemRuntimeReservedMemory), + Low: pointer.To[int64](constants.CgroupSystemRuntimeReservedMemory * 2), + Swap: pointer.To[int64](0), }, CPU: &cgroup2.CPU{ Weight: pointer.To[uint64](MillicoresToCPUWeight(MilliCores(constants.CgroupSystemRuntimeMillicores))), @@ -118,8 +120,9 @@ case constants.CgroupUdevd: return &cgroup2.Resources{ Memory: &cgroup2.Memory{ - Min: pointer.To[int64](constants.CgroupUdevdReservedMemory), - Low: pointer.To[int64](constants.CgroupUdevdReservedMemory * 2), + Min: pointer.To[int64](constants.CgroupUdevdReservedMemory), + Low: pointer.To[int64](constants.CgroupUdevdReservedMemory * 2), + Swap: pointer.To[int64](0), }, CPU: &cgroup2.CPU{ Weight: pointer.To[uint64](MillicoresToCPUWeight(MilliCores(constants.CgroupUdevdMillicores))), @@ -134,8 +137,9 @@ case constants.CgroupPodRuntime: return &cgroup2.Resources{ Memory: &cgroup2.Memory{ - Min: pointer.To[int64](constants.CgroupPodRuntimeReservedMemory), - Low: pointer.To[int64](constants.CgroupPodRuntimeReservedMemory * 2), + Min: pointer.To[int64](constants.CgroupPodRuntimeReservedMemory), + Low: pointer.To[int64](constants.CgroupPodRuntimeReservedMemory * 2), + Swap: pointer.To[int64](0), }, CPU: &cgroup2.CPU{ Weight: pointer.To[uint64](MillicoresToCPUWeight(MilliCores(constants.CgroupPodRuntimeMillicores))), @@ -144,13 +148,24 @@ case constants.CgroupKubelet: return &cgroup2.Resources{ Memory: &cgroup2.Memory{ - Min: pointer.To[int64](constants.CgroupKubeletReservedMemory), - Low: pointer.To[int64](constants.CgroupKubeletReservedMemory * 2), + Min: pointer.To[int64](constants.CgroupKubeletReservedMemory), + Low: pointer.To[int64](constants.CgroupKubeletReservedMemory * 2), + Swap: pointer.To[int64](0), }, CPU: &cgroup2.CPU{ Weight: pointer.To[uint64](MillicoresToCPUWeight(MilliCores(constants.CgroupKubeletMillicores))), }, } + case constants.CgroupEtcd: + return &cgroup2.Resources{ + Memory: &cgroup2.Memory{ + Low: pointer.To[int64](constants.CgroupEtcdReservedMemory), + Swap: pointer.To[int64](0), + }, + CPU: &cgroup2.CPU{ + Weight: pointer.To[uint64](MillicoresToCPUWeight(MilliCores(constants.CgroupEtcdMillicores))), + }, + } case constants.CgroupDashboard: return &cgroup2.Resources{ Memory: &cgroup2.Memory{ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/internal/pkg/install/pull.go new/talosctl-1.12.1/internal/pkg/install/pull.go --- old/talosctl-1.12.0/internal/pkg/install/pull.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/internal/pkg/install/pull.go 2026-01-05 12:50:33.000000000 +0100 @@ -16,6 +16,7 @@ "github.com/containerd/errdefs" "github.com/siderolabs/talos/internal/pkg/containers/image" + "github.com/siderolabs/talos/internal/pkg/selinux" "github.com/siderolabs/talos/pkg/machinery/constants" ) @@ -67,6 +68,10 @@ oci.WithProcessArgs(args...), } + if selinux.IsEnabled() { + specOpts = append(specOpts, oci.WithSelinuxLabel(constants.SelinuxLabelInstaller)) + } + containerOpts := []containerd.NewContainerOpts{ containerd.WithImage(img), containerd.WithNewSnapshot(containerID, img), diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/machinery/constants/constants.go new/talosctl-1.12.1/pkg/machinery/constants/constants.go --- old/talosctl-1.12.0/pkg/machinery/constants/constants.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/machinery/constants/constants.go 2026-01-05 12:50:33.000000000 +0100 @@ -14,7 +14,7 @@ const ( // DefaultKernelVersion is the default Linux kernel version. - DefaultKernelVersion = "6.18.1-talos" + DefaultKernelVersion = "6.18.2-talos" // KernelParamConfig is the kernel parameter name for specifying the URL. // to the config. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/machinery/gendata/data/pkgs new/talosctl-1.12.1/pkg/machinery/gendata/data/pkgs --- old/talosctl-1.12.0/pkg/machinery/gendata/data/pkgs 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/machinery/gendata/data/pkgs 2026-01-05 12:50:33.000000000 +0100 @@ -1 +1 @@ -v1.12.0-23-ge0b78b8 \ No newline at end of file +v1.12.0-25-g90ff196 \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/machinery/gendata/data/tag new/talosctl-1.12.1/pkg/machinery/gendata/data/tag --- old/talosctl-1.12.0/pkg/machinery/gendata/data/tag 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/machinery/gendata/data/tag 2026-01-05 12:50:33.000000000 +0100 @@ -1 +1 @@ -v1.12.0 \ No newline at end of file +v1.12.1 \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/machinery/gendata/data/tools new/talosctl-1.12.1/pkg/machinery/gendata/data/tools --- old/talosctl-1.12.0/pkg/machinery/gendata/data/tools 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/machinery/gendata/data/tools 2026-01-05 12:50:33.000000000 +0100 @@ -1 +1 @@ -v1.12.0-2-g7d57df0 \ No newline at end of file +v1.12.0-3-g5df8bae \ No newline at end of file diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/machinery/version/os-release new/talosctl-1.12.1/pkg/machinery/version/os-release --- old/talosctl-1.12.0/pkg/machinery/version/os-release 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/machinery/version/os-release 2026-01-05 12:50:33.000000000 +0100 @@ -1,7 +1,7 @@ NAME="Talos" ID=talos -VERSION_ID=v1.12.0 -PRETTY_NAME="Talos (v1.12.0)" +VERSION_ID=v1.12.1 +PRETTY_NAME="Talos (v1.12.1)" HOME_URL="https://www.talos.dev/"; BUG_REPORT_URL="https://github.com/siderolabs/talos/issues"; VENDOR_NAME="Sidero Labs" diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/provision/providers/qemu/launch.go new/talosctl-1.12.1/pkg/provision/providers/qemu/launch.go --- old/talosctl-1.12.0/pkg/provision/providers/qemu/launch.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/provision/providers/qemu/launch.go 2026-01-05 12:50:33.000000000 +0100 @@ -43,6 +43,7 @@ ExtraISOPath string PFlashImages []string KernelArgs string + SDStubKernelArgs string MonitorPath string DefaultBootOrder string BootloaderEnabled bool @@ -458,6 +459,10 @@ config.sdStubExtraCmdline = "console=ttyS0" + if config.SDStubKernelArgs != "" { + config.sdStubExtraCmdline += " " + config.SDStubKernelArgs + } + if strings.Contains(config.KernelArgs, "{TALOS_CONFIG_URL}") { config.KernelArgs = strings.ReplaceAll(config.KernelArgs, "{TALOS_CONFIG_URL}", fmt.Sprintf("http://%s/config.yaml";, configServerAddr)) config.sdStubExtraCmdlineConfig = fmt.Sprintf(" talos.config=http://%s/config.yaml";, httpServerAddr) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/provision/providers/qemu/node.go new/talosctl-1.12.1/pkg/provision/providers/qemu/node.go --- old/talosctl-1.12.0/pkg/provision/providers/qemu/node.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/provision/providers/qemu/node.go 2026-01-05 12:50:33.000000000 +0100 @@ -221,6 +221,10 @@ launchConfig.Network.Hostname = nodeReq.Name } + if nodeReq.SDStubKernelArgs != nil { + launchConfig.SDStubKernelArgs = nodeReq.SDStubKernelArgs.String() + } + if !nodeReq.PXEBooted && launchConfig.IPXEBootFileName == "" { launchConfig.KernelImagePath = strings.ReplaceAll(clusterReq.KernelPath, constants.ArchVariable, opts.TargetArch) launchConfig.InitrdPath = strings.ReplaceAll(clusterReq.InitramfsPath, constants.ArchVariable, opts.TargetArch) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/pkg/provision/request.go new/talosctl-1.12.1/pkg/provision/request.go --- old/talosctl-1.12.0/pkg/provision/request.go 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/pkg/provision/request.go 2026-01-05 12:50:33.000000000 +0100 @@ -218,6 +218,11 @@ // This doesn't apply to boots from ISO or from the disk image. ExtraKernelArgs *procfs.Cmdline + // SDStubKernelArgs passes additional kernel args via the systemd-stub. + // + // This applies to boots from ISO and from the disk image. + SDStubKernelArgs *procfs.Cmdline + // UUID allows to specify the UUID of the node (VMs only). // // If not specified, a random UUID will be generated. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/talosctl-1.12.0/website/content/v1.12/reference/cli.md new/talosctl-1.12.1/website/content/v1.12/reference/cli.md --- old/talosctl-1.12.0/website/content/v1.12/reference/cli.md 2025-12-22 11:11:18.000000000 +0100 +++ new/talosctl-1.12.1/website/content/v1.12/reference/cli.md 2026-01-05 12:50:33.000000000 +0100 @@ -134,7 +134,7 @@ --bad-rtc launch VM with bad RTC state --cidr string CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24") --cni-bin-path strings search path for CNI binaries (default [/home/user/.talos/cni/bin]) - --cni-bundle-url string URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.12.0/talosctl-cni-bundle-${ARCH}.tar.gz";) + --cni-bundle-url string URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.12.1/talosctl-cni-bundle-${ARCH}.tar.gz";) --cni-cache-dir string CNI cache directory path (default "/home/user/.talos/cni/cache") --cni-conf-dir string CNI config directory path (default "/home/user/.talos/cni/conf.d") --config-injection-method string a method to inject machine config: default is HTTP server, 'metal-iso' to mount an ISO @@ -346,7 +346,7 @@ --bad-rtc launch VM with bad RTC state --cidr string CIDR of the cluster network (IPv4, ULA network for IPv6 is derived in automated way) (default "10.5.0.0/24") --cni-bin-path strings search path for CNI binaries (default [/home/user/.talos/cni/bin]) - --cni-bundle-url string URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.12.0/talosctl-cni-bundle-${ARCH}.tar.gz";) + --cni-bundle-url string URL to download CNI bundle from (default "https://github.com/siderolabs/talos/releases/download/v1.12.1/talosctl-cni-bundle-${ARCH}.tar.gz";) --cni-cache-dir string CNI cache directory path (default "/home/user/.talos/cni/cache") --cni-conf-dir string CNI config directory path (default "/home/user/.talos/cni/conf.d") --config-injection-method string a method to inject machine config: default is HTTP server, 'metal-iso' to mount an ISO @@ -3252,7 +3252,7 @@ -e, --endpoints strings override default endpoints in Talos configuration -f, --force force the upgrade (skip checks on etcd health and members, might lead to data loss) -h, --help help for upgrade - -i, --image string the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.12.0") + -i, --image string the container image to use for performing the install (default "ghcr.io/siderolabs/installer:v1.12.1") --insecure upgrade using the insecure (encrypted with no auth) maintenance service -n, --nodes strings target the specified nodes -m, --reboot-mode string select the reboot mode during upgrade. Mode "powercycle" bypasses kexec. Valid values are: ["default" "powercycle"]. (default "default") ++++++ talosctl-1.12.0.obscpio -> talosctl-1.12.2.obscpio ++++++ ++++ 4339 lines of diff (skipped) ++++++ talosctl.obsinfo ++++++ --- /var/tmp/diff_new_pack.JtxWMb/_old 2026-01-23 17:33:51.683898672 +0100 +++ /var/tmp/diff_new_pack.JtxWMb/_new 2026-01-23 17:33:51.691899002 +0100 @@ -1,5 +1,5 @@ name: talosctl -version: 1.12.0 -mtime: 1766398278 -commit: ac91ade2c7e435e63ed2546244d428a81abd22ad +version: 1.12.2 +mtime: 1769015883 +commit: 54e5b438d8dcf6395e6424808d1155d02abf3bc0 ++++++ vendor.tar.gz ++++++ /work/SRC/openSUSE:Factory/talosctl/vendor.tar.gz /work/SRC/openSUSE:Factory/.talosctl.new.1928/vendor.tar.gz differ: char 13, line 1
