Weekly status for the week of 7th October to 13th October.

Introduction

In the past week, LXD has received several features and bug fixes. The highlights are new a lxc command for creating files, symbolic links, and directories without specifying their source, and the ability to delete TLS and OIDC fine-grain identities. Additionally, new LXD Terraform provider release 2.4.0 brings support for managing storage buckets.

Thanks to all the contributors.

Allow removing TLS and OIDC identities

LXD now supports removal of TLS and OIDC identities. Note that all existing TLS identities are not fine-grained, therefore they cannot be removed. The ability to managed fine grained access controls for TLS identities is going to be added shortly.

# Remove an OIDC identity.
lxc auth identity delete oidc/my-user@example.com

Documentation (manpage): lxc auth identity delete

Create files and directories in instances (from Incus)

The lxc file CLI command now supports creating files, directories, and symbolic links in instances without the need to specify the source using the new create sub-command.

# Create a file /bar in instance foo.
lxc file create foo/bar

# Create a symlink /bar in instance foo whose target is baz.
lxc file create --type=symlink foo/bar baz

Documentation (manpage): lxc file create

Bugfixes

• Token pruning, which removes operations of canceled or expired tokens, now occurs each hour instead of each minute.

• Fixed an issue where the reported storage space for the PowerFlex driver used decimal units (GB/TB) instead of binary (GiB/TiB). Now, LXD reports the correct values, matching what is displayed in the PowerFlex UI.

• Fixed an issue with the rsync AppArmor profile that prevented writing files with security.* extended attributes.

• Fixed lxc auto-completion for storage volume copy command. Additionally, the lxc now also auto completes images in various commands, such as when launching an instance.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• build(deps): bump github.com/dell/goscaleio from 1.15.0 to 1.16.0
• Add lxc file create subcommand (from Incus)
• Auth: Implement identity deletion
• Replace go/ast deprecated types
• PKI test improvements
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.23 to 1.14.24
• build(deps): bump golang.org/x/crypto from 0.27.0 to 0.28.0
• build(deps): bump golang.org/x/sys from 0.25.0 to 0.26.0
• build(deps): bump golang.org/x/term from 0.24.0 to 0.25.0
• build(deps): bump golang.org/x/text from 0.18.0 to 0.19.0
• build(deps): bump github.com/openfga/openfga from 1.6.1 to 1.6.2 (stable-5.21)
• build(deps): bump github.com/mattn/go-sqlite3 from 1.14.23 to 1.14.24
• build(deps): bump github.com/go-acme/lego/v4 from 4.18.0 to 4.19.2
• build(deps): bump golang.org/x/term from 0.24.0 to 0.25.0
• Storage: Use the Net* response variables for PowerFlex pool stats
• gomod: Update dependencies
• lxd: Include CAP_SYS_ADMIN in rsync AppArmor profile
• Install Trivy with GitHub action
• Make MicroCeph setup a reusable action
• github: Workaround GHA download artifact bug
• Backports (stable-5.21)
• test: Add check for unpriv_binfmt support before testing feature
• Remove workaround for sphinx-tabs warnings
• Backports (stable-5.21)
• github: stop scanning Python through CodeQL
• lxc/completion: Add images and ubuntu remote completions
• Revert “github: Workaround GHA download artifact bug”
• github: move make doc-linkcheck to Tiobe TICS job
• github: only run CodeQL (go) on PRs and on weekly schedule
• test/suites: Improve grep usage in PKI tests. (stable-5.21)
• github: pin actions/* using SHA commit IDs
• Microceph action tweaks
• lxc exec: Fix exit codes for signaled processes
• lxd-user: Add callhook support for container stop hooks
• lxd: Change token pruning task to hourly.
• github: actions SHA pinning
• test/container_devices_nic_bridged_filtering: unload br_netfilter once done
• lxc/completion: lxc storage volume copy shell completion fixes and improvements to completions.go

LXD UI

• chore(deps): update dependency @canonical/react-components to v1.7.0
• feat: [WD-15296] Disable other devices for LXD 5.0
• chore(deps): update dependency vanilla-framework to v4.17.0
• fix(image) image creation, and export in custom projects

LXD Charm

• github: run update-libs job only once a week

LXD Terraform provider

LXD Terraform provider has received a new release 2.4.0. The highlight is added support for storage buckets.

• provider: Fix incorrect check for configured default remote
• Update changelog for 2.4.0

PyLXD

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

LXD snap

• bump snapd version requirement to 2.65 and remove hacky workaround
• LXD stop hook wrapper
• Revert bump to snapd 2.65
• lxd-ui: bump to 0.13 (latest-candidate)
• lxd-ui: bump to 0.8.4 (5.21-candidate)
• Revert lxd-stop-hook temporarily
• github: actions SHA pinning
• lxd-ui: include fix for image alias on custom project (5.21-candidate)
• Revert “snapcraft.yaml: enable unconfined mode in lxd-support interface”