chore: bump kernel to 5.15.49

Bump kernel to 5.15.49 Remove the `random.trust_cpu` kernel cmdline as it already enabled in Kconfig Ref: - https://github.com/siderolabs/pkgs/pull/520 - https://github.com/siderolabs/pkgs/pull/522 Signed-off-by: Noel Georgi <git@frezbo.dev>
2025-10-09 14:41:31 +02:00 · 2022-06-22 22:53:54 +05:30 · 2022-06-22 22:53:54 +05:30 · d4606c33ec
commit d4606c33ec
parent cfb640222b
6 changed files with 5 additions and 120 deletions
--- a/2
+++ b/2
@ -14,7 +14,7 @@ NAME = Talos

 ARTIFACTS := _out
 TOOLS ?= ghcr.io/siderolabs/tools:v1.2.0-alpha.0
-PKGS ?= v1.2.0-alpha.0-11-g6e1269e
+PKGS ?= v1.2.0-alpha.0-13-ged75c50
 EXTRAS ?= v1.2.0-alpha.0
 GO_VERSION ?= 1.18
 GOIMPORTS_VERSION ?= v0.1.10
--- a/hack/release.toml
+++ b/hack/release.toml
@ -15,124 +15,10 @@ preface = """\

 [notes]

-    [notes.sbc-rpi4]
-        title = "Raspberry Pi PoE hat fan"
-        description = """\
-Talos now enables the Raspberry Pi PoE fan control by pulling in the poe overlay that works with upstream kernel
-"""
-
    [notes.updates]
        title = "Component Updates"
        description="""\
-* Linux: 5.15.48
-* Containerd: v1.6.6
-* Kubernetes: 1.24.2
-* Flannel: 0.18.1
-* runc: 1.1.3
-* CoreDNS: v1.9.3
-
-Talos is built with Go 1.18.3
-"""
-
-    [notes.eudev]
-        title = "drop some default rules shipped by eudev"
-        description = """\
-Drops some default eudev rules that doesn't make sense in the context of Talos OS.
-Especially the ones around sound devices, cd-roms and renaming the network interfaces to be predictable
-"""
-
-    [notes.sbc-rockpi4]
-        title = "Support RockPi 4 variants A and B"
-        description = """\
-Talos now supports RockPi variants A and B in addition to RockPi 4C
-"""
-
-    [notes.dockeripv6]
-        title = "IPv6 in Docker-based Talos Clusters"
-        description="""\
-The command `talosctl cluster create` now enables IPv6 by default for the Docker containers
-created for Talos nodes. This allows to use IPv6 addresses in Kubernetes networking.
-
-If `talosctl cluster create` fails to work on Linux due to the lack of IPv6 support,
-please use the flag `--disable-docker-ipv6` to revert the change.
-"""
-
-    [notes.pod-security]
-        title = "Pod Security Admission"
-        description="""\
-[Pod Security Admission](https://kubernetes.io/docs/concepts/security/pod-security-admission/) controller is enabled by default with the following policy:
-
-```yaml
-apiVersion: apiserver.config.k8s.io/v1
-kind: AdmissionConfiguration
-plugins:
- configuration:
-    apiVersion: pod-security.admission.config.k8s.io/v1alpha1
-    defaults:
-      audit: restricted
-      audit-version: latest
-      enforce: baseline
-      enforce-version: latest
-      warn: restricted
-      warn-version: latest
-    exemptions:
-      namespaces:
-      - kube-system
-      runtimeClasses: []
-      usernames: []
-    kind: PodSecurityConfiguration
-  name: PodSecurity
-  path: ""
-```
-
-The policy is part of the Talos machine configuration, and it can be modified to suite your needs.
-"""
-
-    [notes.x86_64]
-        title = "x86-64 Architecture"
-        description="""\
-Talos is built for x86-64 architecture with support for [x86-64-v2 microarchitecture level](https://en.wikipedia.org/wiki/X86-64#Microarchitecture_levels),
-so Talos no longer runs on processors supporting only baseline `x86-64` microarchitecture (before 2009).
-"""
-
-    [notes.apply-config]
-        title = "Apply Config `--dry-run`"
-        description="""\
-The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support `--dry-run` flag.
-If enabled it just prints out the selected config application mode and the configuration diff.
-"""
-
-    [notes.apply-config-try]
-        title = "Apply Config `--mode=try`"
-        description="""\
-The commands `talosctl apply-config`, `talosctl patch mc` and `talosctl edit mc` now support the new mode called `try`.
-In this mode the config change is applied for a period of time and then reverted back to the state it was before the change.
-`--timeout` parameter can be used to customize the config rollback timeout.
-This new mode can be used only with the parts of the config that can be changed without a reboot and can help to check that
-the new configuration doesn't break the node.
-Can be especially useful to check network interfaces changes that may lead to the loss of connectivity to the node.
-"""
-
-    [notes.network-device-selector]
-        title = "Network Device Selector"
-        description="""\
-Talos machine configuration supports specifying network interfaces by selectors instead of interface name.
-See [documentation](https://www.talos.dev/v1.1/talos-guides/network/device-selector/) for more details.
-"""
-
-    [notes.anonymous]
-        title = "Kubernetes API Server Anonymous Auth"
-        description="""\
-Anonymous authentication is now disabled by default for the `kube-apiserver` (CIS compliance).
-
-To enable anonymous authentication, update the machine config with:
-
-```yaml
-cluster:
-    apiServer:
-        extraArgs:
-            anonymous-auth: true
-```
+* Linux: 5.15.49
 """

 [make_deps]
--- a/pkg/machinery/constants/constants.go
+++ b/pkg/machinery/constants/constants.go
@ -13,7 +13,7 @@ import (

 const (
 	// DefaultKernelVersion is the default Linux kernel version.
-	DefaultKernelVersion = "5.15.48-talos"
+	DefaultKernelVersion = "5.15.49-talos"

 	// KernelParamConfig is the kernel parameter name for specifying the URL.
 	// to the config.
--- a/pkg/machinery/gendata/data/pkgs
+++ b/pkg/machinery/gendata/data/pkgs
@ -1 +1 @@
-v1.2.0-alpha.0-11-g6e1269e
+v1.2.0-alpha.0-13-ged75c50
--- a/pkg/machinery/kernel/kernel.go
+++ b/pkg/machinery/kernel/kernel.go
@ -24,7 +24,6 @@ var DefaultArgs = []string{
 	// AWS recommends setting the nvme_core.io_timeout to the highest value possible.
 	// See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nvme-ebs-volumes.html.
 	"nvme_core.io_timeout=4294967295",
-	"random.trust_cpu=on",
 	// Disable rate limited printk
 	"printk.devkmsg=on",
 	"ima_template=ima-ng",
--- a/website/content/v1.2/talos-guides/configuration/logging.md
+++ b/website/content/v1.2/talos-guides/configuration/logging.md
@ -12,7 +12,7 @@ Kernel messages can be retrieved with `talosctl dmesg` command:
 ```sh
 $ talosctl -n 172.20.1.2 dmesg

-172.20.1.2: kern:    info: [2021-11-10T10:09:37.662764956Z]: Command line: init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 random.trust_cpu=on printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512 console=ttyS0 reboot=k panic=1 talos.shutdown=halt talos.platform=metal talos.config=http://172.20.1.1:40101/config.yaml
+172.20.1.2: kern:    info: [2021-11-10T10:09:37.662764956Z]: Command line: init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512 console=ttyS0 reboot=k panic=1 talos.shutdown=halt talos.platform=metal talos.config=http://172.20.1.1:40101/config.yaml
 [...]
 ```