Weekly status for the week of 12th February to 18th February.

Introduction

We continue to prepare for the LXD 5.21.0 LTS release with additional changes to support the forthcoming new fine grained IAM and Dell Powerflex functionality.

LXD

Storage volume UUID setting

All storage volumes in LXD now have a volatile.uuid setting which can be used by the storage driver (if needed). The initial use case for this was to support using longer storage volume names with the forthcoming Dell Powerflex driver, which has a limitation of 31 characters.

Added loki.instance support from Incus

Adds a new loki.instance server configuration key to customize the instance field in Loki events.
This can be used to expose the name of the cluster rather than the individual system name sending the event as that’s usually already covered by the location field.

UEFI shell disabled when Secure Boot is enabled in snap package

When VM secure boot is enabled, the UEFI shell is now disabled.
This is to address the CVE-2023-48733 security vulnerability.

New boot screen logo in snap package

The new LXD logo has been applied to the EDK2 boot screen in the snap package.

Snap 5.0/edge channel has moved to core22 base snap

Now that LXD 5.0.3 LTS has been released we have moved the 5.0/edge channel to use the newer core22 base snap and are continuing testing before we roll this out in due course to 5.0/candidate.

All changes

The items listed below is all of the work which happened over the past week and which will be included in the next release.

LXD

• Auth: Add OIDC identities to identity cache and extract identity provider groups
• Storage: Set volatile.uuid for all volumes and snapshots
• Auth: Add an “entity type” representation that can be used everywhere.
• Add API instructions for the server/client section
• Auth: Candid RBAC removal follow up.
• test/lint: Temporarily remove --whole-files flag.
• build(deps): bump golang.org/x/oauth2 from 0.16.0 to 0.17.0
• build(deps): bump golang.org/x/crypto from 0.18.0 to 0.19.0
• build(deps): bump golang.org/x/term from 0.16.0 to 0.17.0
• Storage: Support passing down extra information to drivers
• Auth: Replace authorization objects with entity types and URLs.
• Auth: Use email address as identifier for OIDC users.
• Add support for loki.instance from Incus
• github: update CI to run most tests with Go 1.21 with build/compat test with 1.19 (stable-5.0)
• github: run tests (minus code-tests) with Go 1.22
• Replace madmin SDK with mc CLI shim
• Doc: Add some device examples
• Instance: Handle SELinux for VM LXD agent
• Smaller lxc and lxd-migrate binaries
• Smaller clients bis
• Storage: Don’t use storage name when creating source snapshots
• gomod: Update dependencies
• Dependabot and labeler update
• Storage: Populate custom volume snapshot creation date
• Instance: Temporarily host the instance type preset files on Github
• lxd-generate: Return helpful error instead of panicking.
• doc/instances: update links to instance type lists
• DB: Refactor entity URL methods
• doc/profiles: link to instance configuration
• Storage: Fix regression when copying VMs
• test: Check whole codebase for non-permissive imports
• Project: Don’t panic on StorageVolumeParts

LXD Charm

• Nothing to report this week

Distribution work

This section is used to track the work done in downstream Linux distributions to ship the latest LXD as well as work to get various software to work properly inside containers.

Ubuntu

• Nothing to report this week.

Snap

LXD snap

• Move to core 22 (5.0-edge)
• snapcraft: edk2: update logo
• snapcraft: edk2: update to stable202311
• Apparmor unprivileged restrictions disable
• Expect directory for minio.path
• edk2: disable shell when Secure Boot is enabled
• edk2 updates (5.0-edge)
• Dependency updates
• snapcraft: drop the dup minio.path description
• Sync latest/edge to latest/candidate for LXD 5.21 (latest-candidate)
• dqlite: Bump to v1.16.2 (latest-candidate)
• Bring known to be missing libs (5.0-edge)
• github: add labeler config