Prepare 16.3 #4378
Prepare 16.3 #4378
Conversation
…4267) Upstream commit [1] caused regression in IPv4 routing which can cause some routes becoming broadcast even though they should be routed as unicast, e.g.: # ip route get 1.1.1.1 broadcast 1.1.1.1 via 192.168.122.1 dev enp0s3 src 192.168.122.204 uid 0 cache <local,brd> It's not entirely clear yet why it happens but this behavior seems to be triggered for instance when the SSDP integration sends the broadcast packet on HA startup. While this behavior is not described in the regression report [1], the commit cherry-picked from Linux master fixes the problems for us as well. Patches moved to version-specific folder, as this one shouldn't be applied on Raspberry Pi targets. [1] https://lore.kernel.org/all/[email protected]/ [2] https://lore.kernel.org/stable/[email protected]/ Fixes #4265
Bumps [actions/stale](https://github.com/actions/stale) from 9.1.0 to 10.0.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@v9.1.0...v10.0.0) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.0.0 dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/github-script](https://github.com/actions/github-script) from 7 to 8. - [Release notes](https://github.com/actions/github-script/releases) - [Commits](actions/github-script@v7...v8) --- updated-dependencies: - dependency-name: actions/github-script dependency-version: '8' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Enable Pressure Stall Information PSI for more accurate detection of resource shortages. The psi feature identifies and quantifies the disruptions caused by CPU, memory or IO resource shortages and the time impact it has on complex workloads or even entire systems. - https://facebookmicrosites.github.io/psi/docs/overview - https://www.kernel.org/doc/html/latest/accounting/psi.html
Use the --cidfile Docker CLI argument when starting the container and bind-mount the generated file containing full ID of the container to the container itself. Using --mount instead of --volume is needed, as --volume is racy and creates empty directory volume at the destination path instead. This is prerequisite for home-assistant/supervisor#6006 but can come handy for other cases too.
The extra information printed when using the top-level makefile can clutter the output when it needs to be further processed, e.g. when running `make show-info | jq`. Make it respect the --silent flag (which also suppresses messages about changing directories which would break parsing as well).
* buildroot 49cc269143...9acb31819a (1): > Merge tag '2025.02.6' into 2025.02.x-haos
The URL in os-release still pointed to hass.io domain which is currently defunct. Point to the Home Assistant's main homepage instead. Fixes #4295
Needed to allow multi-touch gestures on touchscreens for the addon HAOSKiosk.
This change supports in kernel drivers for Chelsio T4, T5 & T6 adapters with PCI-E SR-IOV Virtual Functions.
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [docker/login-action](https://github.com/docker/login-action) from 3.5.0 to 3.6.0. - [Release notes](https://github.com/docker/login-action/releases) - [Commits](docker/login-action@184bdaa...5e57cd1) --- updated-dependencies: - dependency-name: docker/login-action dependency-version: 3.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Remove the list of boards and refer to the ADRs and developer documentation instead. Fixes #4316
RaspberryMatic was renamed to OpenCCU in OpenCCU/OpenCCU#3162. This caused change of the name of the directory in the source tarball, causing build failure when the archive wasn't cached.
* RaspberryPi: Update kernel to 6.12.47 - stable_20250916 * Remove patches merged in 6.12.47 * Update Buildroot rpi-firmware package for 6.12.47 * buildroot 9acb31819a...7ce414454b (1): > package/rpi-firmware: update to ba22330 (for stable_20250916)
* Improve UX of HA CLI wrapper and emergency console For many users, the emergency console gives feeling that the system is completely broken. However, there are various cases when the system just takes just a bit longer to start up and the emergency message is shown, while it finishes a proper startup shortly after. This change tries to improve the UX in several ways: * The limit before a forced emergency console startup is changed to 3 minutes * Waiting can be interrupted with Ctrl+C (reset counter is cleared then) * Some hints what to check have been added before starting the shell * Also, because if the HA CLI failed for 5 times in a row in quick succession, the CLI startup was then not retried anymore and user may have been left with a black screen, the restart limits timeouts have been adjusted only to back off and never mark the unit as failed Closes #4273 * Use /bin/sh and printf to silence linter errors
Add snd-ctxfi driver as module to generic PCI device support fragment. Fixes #4141
Bumps [actions/stale](https://github.com/actions/stale) from 10.0.0 to 10.1.0. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](actions/stale@3a9db7e...5f858e3) --- updated-dependencies: - dependency-name: actions/stale dependency-version: 10.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
The CPUfreq governor "powersave" sets the CPU statically to the lowest frequency within the borders of scaling_min_freq and scaling_max_freq. This can be useful if a particular power budget should not ever be crossed. Can be set using `cpufreq.default_governor=powersave`. Note that this obviously affects performance.
This might be required for some modern Intel processors (Meteor Lake and newer) which fail to boot Linux kernel without x2APIC controller when some features (e.g. VT-d or x2APIC itself) are enabled in the BIOS. Enable it also for OVA, as it can be emulated in virtual machines, even when the host CPU does not support it. Fixes #4337, fixes #4144, fixes #4345
…on (#4344) Use the version used in the docker-engine package to ensure it stays in sync. Although we haven't seen any issues related to the fact it was sometimes mismatching, reduce the burden of needing it to be synced manually.
* buildroot 7ce414454b...02f1553a34 (1): > Merge tag '2025.02.7' into 2025.02.x-haos
With home-assistant/cli#604, there is no --content-trust option anymore. Remove the call and only check if Supervisor is healthy and there are no issues. This replaces #4370 which is too broad. (cherry picked from commit 1d29f6b)
|
Note that this release cherry-picks the following PRs on top of 16.3.rc1: |
📝 WalkthroughWalkthroughMultiple GitHub Actions workflows are pinned to exact commit SHAs for reproducibility. Linux kernel versions upgraded across buildroot configurations. Kernel patches removed and added; Makefile refactored with silent mode support; shell scripts enhanced with improved error handling and Docker versioning; system service configurations updated; test suite modified to validate supervisor health. Changes
Sequence Diagram(s)sequenceDiagram
participant User
participant hassos-cli
participant ha-cli
participant Emergency Shell
User->>hassos-cli: Start (exec)
activate hassos-cli
hassos-cli->>hassos-cli: Set INT trap handler
loop Startup Wait (180s max)
hassos-cli->>hassos-cli: Print progress indicator
hassos-cli->>ha-cli: Spawn/wait for ha-cli
alt ha-cli exits with code 10
ha-cli-->>hassos-cli: Exit 10
hassos-cli->>hassos-cli: run_shell()
else CTRL+C pressed
User->>hassos-cli: SIGINT
hassos-cli->>hassos-cli: interrupt() handler
hassos-cli->>hassos-cli: Reset ha-cli service
else ha-cli exits with 130
ha-cli-->>hassos-cli: Exit 130
hassos-cli->>hassos-cli: Print interruption msg
else ha-cli exits with 143
ha-cli-->>hassos-cli: Exit 143
hassos-cli->>hassos-cli: Print termination msg
else Wait timeout reached
hassos-cli->>Emergency Shell: Escalate
Emergency Shell->>User: Interactive fallback
end
end
deactivate hassos-cli
sequenceDiagram
participant Build System
participant Makefile
participant Shell
participant Output
Build System->>Makefile: Invoke target with/without -s flag
activate Makefile
Makefile->>Makefile: Detect SILENT from MAKEFLAGS
alt Silent mode enabled
Makefile->>Makefile: SILENT=1
else Silent mode disabled
Makefile->>Makefile: SILENT=""
end
Makefile->>Shell: $(call print, message)
activate Shell
alt SILENT not set
Shell->>Output: Echo message
else SILENT is set
Shell->>Output: (suppress output)
end
deactivate Shell
deactivate Makefile
Estimated code review effort🎯 3 (Moderate) | ⏱️ ~20 minutes
Pre-merge checks and finishing touches✅ Passed checks (2 passed)
✨ Finishing touches
🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 2
🧹 Nitpick comments (3)
buildroot-external/board/pc/generic-x86-64/kernel.config (1)
49-49: LGTM: x2APIC support enabledEnabling x2APIC provides improved interrupt handling on modern x86 processors, which can benefit system performance and scalability.
Minor organizational note: This x2APIC config option is placed between MMC-related settings. While functionally correct, it could be moved near other x86-specific options (e.g., near the EDAC or LPC_ICH settings) for better logical grouping.
buildroot-external/package/hassio/create-data-partition.sh (1)
7-7: Consider adding validation for the docker_version parameter.If the parameter is empty or invalid, the docker run command will fail with a potentially unclear error message. Adding validation would improve debugging.
For example:
docker_version=$4 + +if [ -z "${docker_version}" ]; then + echo "Error: docker_version parameter is required" + exit 1 +fibuildroot-external/package/rpi-rf-mod/rpi-rf-mod.mk (1)
10-10: Consider updating the Codeload URL comment.The comment on Line 10 still references the old
jens-maus/RaspberryMaticrepository. While this appears to be a template comment, updating it to referenceOpenCCU/OpenCCUwould improve consistency.-# https://codeload.github.com/jens-maus/RaspberryMatic/tar.gz/COMMIT +# https://codeload.github.com/OpenCCU/OpenCCU/tar.gz/COMMIT
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
Cache: Disabled due to data retention organization setting
Knowledge base: Disabled due to data retention organization setting
📒 Files selected for processing (52)
.github/workflows/artifacts-index.yaml(1 hunks).github/workflows/build.yaml(12 hunks).github/workflows/label-actions.yml(1 hunks).github/workflows/lock.yml(1 hunks).github/workflows/pr-checks.yml(1 hunks).github/workflows/release-drafter.yml(1 hunks).github/workflows/stale.yml(1 hunks).github/workflows/test.yaml(4 hunks)Documentation/kernel.md(1 hunks)Makefile(3 hunks)README.md(1 hunks)buildroot(1 hunks)buildroot-external/board/asus/tinker/patches/linux/0009-Revert-can-ti_hecc-fix-Woverflow-compiler-warning.patch(0 hunks)buildroot-external/board/pc/generic-x86-64/kernel.config(2 hunks)buildroot-external/board/pc/ova/kernel.config(2 hunks)buildroot-external/board/raspberrypi/cmdline.txt(1 hunks)buildroot-external/board/raspberrypi/patches/linux/0004-usb-dwc2-masquerade-split-interrupt-transfers.patch(0 hunks)buildroot-external/board/raspberrypi/patches/linux/0005-Fixup-usb-dwc2-limit-maximum-packet-size-for-split-I.patch(0 hunks)buildroot-external/configs/generic_aarch64_defconfig(1 hunks)buildroot-external/configs/generic_x86_64_defconfig(1 hunks)buildroot-external/configs/green_defconfig(1 hunks)buildroot-external/configs/khadas_vim3_defconfig(1 hunks)buildroot-external/configs/odroid_c2_defconfig(1 hunks)buildroot-external/configs/odroid_c4_defconfig(1 hunks)buildroot-external/configs/odroid_m1_defconfig(1 hunks)buildroot-external/configs/odroid_m1s_defconfig(1 hunks)buildroot-external/configs/odroid_n2_defconfig(1 hunks)buildroot-external/configs/odroid_xu4_defconfig(1 hunks)buildroot-external/configs/ova_defconfig(1 hunks)buildroot-external/configs/rpi2_defconfig(1 hunks)buildroot-external/configs/rpi3_64_defconfig(1 hunks)buildroot-external/configs/rpi3_defconfig(1 hunks)buildroot-external/configs/rpi4_64_defconfig(1 hunks)buildroot-external/configs/rpi4_defconfig(1 hunks)buildroot-external/configs/rpi5_64_defconfig(1 hunks)buildroot-external/configs/tinker_defconfig(1 hunks)buildroot-external/configs/yellow_defconfig(1 hunks)buildroot-external/kernel/v6.12.y/device-support-pci.config(1 hunks)buildroot-external/kernel/v6.12.y/hassos.config(2 hunks)buildroot-external/meta(1 hunks)buildroot-external/package/hassio/create-data-partition.sh(2 hunks)buildroot-external/package/hassio/hassio.mk(1 hunks)buildroot-external/package/rpi-rf-mod/rpi-rf-mod.hash(1 hunks)buildroot-external/package/rpi-rf-mod/rpi-rf-mod.mk(1 hunks)buildroot-external/patches/docker-engine/0001-Unmap-IPv4-addresses-loaded-from-store.patch(1 hunks)buildroot-external/patches/linux/6.12.43/0001-ipv6-add-option-to-explicitly-enable-reachability-te.patch(0 hunks)buildroot-external/patches/linux/6.12.43/0002-net-ipv4-fix-regression-in-local-broadcast-routes.patch(0 hunks)buildroot-external/rootfs-overlay/usr/lib/systemd/system/[email protected](2 hunks)buildroot-external/rootfs-overlay/usr/sbin/hassos-cli(2 hunks)buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor(3 hunks)buildroot-external/scripts/post-build.sh(1 hunks)tests/supervisor_test/test_supervisor.py(1 hunks)
💤 Files with no reviewable changes (5)
- buildroot-external/board/raspberrypi/patches/linux/0004-usb-dwc2-masquerade-split-interrupt-transfers.patch
- buildroot-external/board/raspberrypi/patches/linux/0005-Fixup-usb-dwc2-limit-maximum-packet-size-for-split-I.patch
- buildroot-external/patches/linux/6.12.43/0001-ipv6-add-option-to-explicitly-enable-reachability-te.patch
- buildroot-external/patches/linux/6.12.43/0002-net-ipv4-fix-regression-in-local-broadcast-routes.patch
- buildroot-external/board/asus/tinker/patches/linux/0009-Revert-can-ti_hecc-fix-Woverflow-compiler-warning.patch
🧰 Additional context used
📓 Path-based instructions (1)
*/**(html|markdown|md)
⚙️ CodeRabbit configuration file
*/**(html|markdown|md): - For instructional content in documentation, use a direct and authoritative tone. Avoid expressions of politeness such as 'may' or 'please', and ensure the goal of the instruction is fronted.
- Apply the Microsoft Style Guide to ensure documentation maintains clarity and conciseness.
- In step-by-step instructions, front the location phrase in the instructional sentence.
- In step-by-step instructions, front the 'goal' in the instructional sentence.
- In step-by-step instructions, if in doubt what to front, front the 'goal' before the location phrase in the instructional sentence.
- do not hyphenate terms like 'top-right' or 'bottom-left' with 'corner'
*/**(html|markdown|md): - Use bold to mark UI strings.
If "" are used to mark UI strings, replace them by bold.
Be brief in your replies and don't add fluff like "thank you for..." and "Please let me know if"
Use sentence-style capitalization also in headings.
do not comment on HTML used for icons
Avoid flagging inline HTML for embedding videos in future reviews for this repository.
Files:
buildroot-external/metaDocumentation/kernel.md
🪛 LanguageTool
buildroot-external/board/raspberrypi/cmdline.txt
[grammar] ~1-~1: Aquí puede haber un error.
Context: ...8a:u,152d:a583:u,152d:a578:u,152d:0583:u
(QB_NEW_ES)
🔇 Additional comments (52)
buildroot-external/configs/odroid_c2_defconfig (1)
21-21: LGTM: Kernel version bump to 6.12.51.The kernel version update is clean and consistent with the PR's release preparation objectives.
buildroot-external/configs/generic_x86_64_defconfig (1)
21-21: LGTM: Kernel version bump to 6.12.51.The kernel version update matches the other defconfig files in this PR and aligns with the release preparation.
buildroot (1)
1-1: Submodule pointer update aligns with release objectives.The buildroot submodule is being updated to commit
02f1553a34c2b8f6e432fe4300bfe529897d5f3cas part of the 16.3 release preparation. Per the PR objectives, this update introduces multiple kernel upgrades (6.12.44–6.12.51), configuration enhancements (PSI, HID multitouch, Creative Sound Blaster X-Fi support, x2APIC, Chelsio SR-IOV VF support), and infrastructure improvements across buildroot-external.Please confirm that the target commit contains only the intended changes mentioned in the PR objectives and does not introduce unexpected breaking changes. You may verify by inspecting the buildroot repository at commit
02f1553a34c2b8f6e432fe4300bfe529897d5f3cor by running the build locally to validate all kernel and configuration changes are as expected.buildroot-external/kernel/v6.12.y/hassos.config (2)
15-15: LGTM: PSI (Pressure Stall Information) enabledThis addition enables kernel tracking of resource pressure stalls, which can help Home Assistant OS monitor system health and resource contention.
208-208: LGTM: HID multitouch support enabledAdding multitouch support as a module extends hardware compatibility for touchscreen devices.
buildroot-external/configs/rpi4_64_defconfig (1)
22-22: LGTM: Raspberry Pi kernel tarball updated to stable_20250916The tarball source has been updated consistently with other Raspberry Pi configurations in this PR.
buildroot-external/configs/odroid_xu4_defconfig (1)
22-22: LGTM: Kernel version bumped to 6.12.51This version update is consistent with the kernel version bumps across other defconfigs in this PR.
buildroot-external/kernel/v6.12.y/device-support-pci.config (1)
42-42: LGTM: Creative Sound Blaster X-Fi driver enabledAdding this PCI sound driver as a module expands audio hardware support as described in the PR objectives.
buildroot-external/board/pc/generic-x86-64/kernel.config (1)
13-13: LGTM: Power-saving CPU frequency governor enabledThis enables the powersave governor, allowing dynamic CPU frequency scaling for better energy efficiency on x86-64 systems.
buildroot-external/configs/odroid_m1_defconfig (1)
21-21: LGTM: Kernel version bumped to 6.12.51This version update maintains consistency with the kernel version bumps across other board configurations in this PR.
buildroot-external/configs/rpi5_64_defconfig (1)
22-22: LGTM: Raspberry Pi kernel tarball updated to stable_20250916The tarball source update is consistent with other Raspberry Pi configurations in this PR.
buildroot-external/configs/rpi2_defconfig (1)
23-23: LGTM: Raspberry Pi kernel tarball updated to stable_20250916This completes the consistent Raspberry Pi kernel tarball updates across all RPi board configurations.
buildroot-external/meta (1)
2-2: LGTM! Version bump to 16.3 is consistent with release preparation.The minor version increment aligns with the PR objectives.
buildroot-external/board/pc/ova/kernel.config (2)
100-100: LGTM! Enabling x2APIC support for OVA.Extended APIC support is beneficial for virtualization environments, improving interrupt handling scalability.
120-120: LGTM! Adding Chelsio T4/T5/T6 VF support.Enabling the Chelsio virtual function driver as a module provides SR-IOV support for Chelsio adapters in virtualized environments.
buildroot-external/configs/yellow_defconfig (1)
22-22: LGTM! Raspberry Pi kernel tarball updated consistently.The kernel tarball location update matches other Raspberry Pi defconfig files in this PR, ensuring consistency across all RPi-based board configurations.
buildroot-external/configs/rpi3_64_defconfig (1)
22-22: LGTM! Raspberry Pi kernel tarball updated consistently.The kernel tarball location update is consistent with other Raspberry Pi configurations in this PR.
buildroot-external/scripts/post-build.sh (1)
30-30: URL change verified and approved.The HOME_URL update to
https://www.home-assistant.io/aligns with the project's current web presence and is confirmed accessible (HTTP 200).buildroot-external/configs/rpi3_defconfig (1)
23-23: Tarball verified as accessible.The new Raspberry Pi kernel tarball at
stable_20250916is accessible (HTTP 200). The update is valid and consistent with other defconfig changes in this PR.buildroot-external/configs/generic_aarch64_defconfig (1)
21-21: LGTM! Kernel version updated to 6.12.51.Kernel version verified and exists on kernel.org. The version bump is consistent with the broader kernel updates mentioned in the PR objectives.
buildroot-external/configs/odroid_n2_defconfig (1)
21-21: Kernel version bump looks good.The update from 6.12.43 to 6.12.51 aligns with the coordinated version bump across multiple boards documented in the PR objectives.
buildroot-external/rootfs-overlay/usr/lib/systemd/system/[email protected] (1)
18-31: Improved restart resilience with exponential backoff.The restart configuration now implements graduated delays (100ms → 3s over 3 steps) which prevents tight restart loops while enabling quick recovery. The
StartLimitIntervalSec=3smatchingRestartMaxDelaySec=3sis well-documented and prevents premature service failure marking..github/workflows/lock.yml (1)
17-17: SHA pinning improves supply chain security.Pinning the action to a specific commit hash ensures reproducibility and protects against tag manipulation, while the version comment maintains readability.
.github/workflows/label-actions.yml (1)
17-17: SHA pinning enhances workflow security.Consistent with the broader effort to pin actions to specific commits for reproducibility and supply chain security.
Documentation/kernel.md (1)
6-24: Kernel version documentation updated correctly.The version table accurately reflects the kernel bump: Raspberry Pi boards to 6.12.47 and other boards to 6.12.51, aligning with the corresponding defconfig updates throughout the PR.
buildroot-external/configs/tinker_defconfig (1)
23-23: Kernel version bump looks good.Consistent with the coordinated kernel update to 6.12.51 across multiple board configurations.
buildroot-external/configs/odroid_m1s_defconfig (1)
21-21: Kernel version bump looks good.The update to 6.12.51 is consistent with the other ODROID and mainline board configurations.
.github/workflows/stale.yml (1)
22-22: Action updated and pinned to SHA.This combines a version upgrade (v9.1.0 → v10.1.0) with SHA pinning for both improved functionality and supply chain security.
buildroot-external/patches/docker-engine/0001-Unmap-IPv4-addresses-loaded-from-store.patch (1)
1-33: LGTM! Critical Docker networking fix.This patch correctly addresses the IPv4-mapped IPv6 address issue in Docker's bridge networking by adding the
Unmap()call. The fix is minimal, well-attributed with proper cherry-pick/backport metadata, and aligns with the PR's objective to fix broken outgoing connections.buildroot-external/configs/rpi4_defconfig (1)
23-23: LGTM! Raspberry Pi kernel tarball update.The kernel source tarball update from
stable_20250702tostable_20250916is consistent with the PR objectives for Raspberry Pi kernel updates.buildroot-external/board/raspberrypi/cmdline.txt (1)
1-1: LGTM! USB storage quirk for JMicron device.Adding the
152d:0583:uquirk disables UAS for this JMicron USB bridge, which aligns with the PR's objective to address USB storage stability issues on Raspberry Pi..github/workflows/test.yaml (1)
35-35: LGTM! GitHub Actions pinned for reproducibility.All actions are properly pinned to exact commit SHAs with version comments, following security best practices and ensuring build reproducibility. This aligns with the PR-wide pattern of deterministic action pinning.
Also applies to: 45-45, 60-60, 80-80, 88-88, 96-96
buildroot-external/configs/ova_defconfig (1)
21-21: LGTM! Kernel version bump.The kernel version update from 6.12.43 to 6.12.51 is consistent with the PR's kernel update objectives across multiple platforms.
.github/workflows/artifacts-index.yaml (1)
42-42: LGTM! Actions pinned to exact commits.Properly pins actions to specific commit SHAs for reproducibility and security, consistent with the PR-wide pinning strategy.
Also applies to: 47-47
.github/workflows/pr-checks.yml (1)
18-18: LGTM! Actions pinned and hadolint switched to official source.All actions are properly pinned to commit SHAs. Additionally, line 23 switches from
brpaz/hadolint-actionto the officialhadolint/hadolint-action, which is a good practice for using maintained, official actions.Also applies to: 23-23, 28-28
.github/workflows/build.yaml (1)
58-58: LGTM! Comprehensive action pinning across build workflow.All GitHub Actions throughout the build workflow are properly pinned to exact commit SHAs with version comments. This includes:
- Checkout, setup-python, and github-script actions
- Docker-related actions (setup-buildx, login, build-push)
- Artifact management (upload/download)
- Cache operations (restore/save)
- Release asset uploads
This ensures deterministic, reproducible builds and follows security best practices.
Also applies to: 150-150, 180-180, 182-182, 188-188, 210-210, 230-230, 237-237, 263-263, 284-284, 332-332, 347-347, 380-380, 389-389, 397-397, 405-405, 414-414, 422-422, 430-430, 469-469
tests/supervisor_test/test_supervisor.py (1)
120-133: LGTM! Health check validation looks solid.The new test appropriately validates Supervisor health and resolution state, checking both the health check result and ensuring no unhealthy or unsupported entries exist. The logging will aid troubleshooting.
Makefile (3)
19-23: LGTM! Silent mode support implemented correctly.The
SILENTvariable detection and-sflag). The conditional output using$(info ...)is the idiomatic approach for this functionality.
37-37: LGTM! Consistent use of new print macro.The fallback target now uses the centralized
51-55: LGTM! Build target messaging now respects silent mode.Both the config and build target rules consistently use the new
buildroot-external/rootfs-overlay/usr/sbin/hassos-cli (3)
6-20: LGTM! Excellent UX improvements for startup failures.The new helper functions significantly improve the user experience:
interruptproperly resets service state before dropping to shellemergency_shellprovides clear troubleshooting guidance with actionable commandsThe emergency console messaging is particularly helpful for users facing startup delays.
22-40: LGTM! Improved startup resilience with progress feedback.The interrupt trap and animated progress indicator enhance UX. The 3-minute timeout (180s) before triggering the emergency shell is reasonable for slow startup scenarios. The backspace-based animation provides good visual feedback without cluttering output.
47-66: LGTM! Exit code handling is robust and informative.The case statement properly handles all exit scenarios with appropriate actions:
- Code 10: drops to shell as intended
- Code 130: resets failed service state and provides user feedback
- Code 143: graceful termination handling
- Consistent use of
printffor all messagingbuildroot-external/configs/odroid_c4_defconfig (1)
21-21: LGTM! Kernel version bump to 6.12.51.The kernel version update is consistent with the broader PR objective of upgrading to Linux 6.12.51 across multiple platform configurations.
buildroot-external/configs/green_defconfig (1)
21-21: LGTM! Kernel version bump to 6.12.51.Consistent with the kernel version updates across other platform configurations in this PR.
buildroot-external/package/rpi-rf-mod/rpi-rf-mod.hash (1)
2-2: LGTM! Hash file updated for new rpi-rf-mod version.The hash file correctly reflects the new tarball (version e1404d6b2...). The hash will be automatically verified during the build process when the tarball is downloaded.
buildroot-external/configs/khadas_vim3_defconfig (1)
21-21: LGTM! Kernel version bump to 6.12.51.Another platform config updated to the new kernel version as part of the coordinated upgrade across all boards.
buildroot-external/package/hassio/hassio.mk (1)
40-40: LGTM! Docker version parameter added for DinD setup.The addition of
$(DOCKER_ENGINE_VERSION)as a parameter to the data partition creation script aligns with the PR objective of using a matching DinD daemon version. This ensures version consistency between the Docker engine and the Docker-in-Docker daemon used during partition creation.buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor (2)
14-14: LGTM!The CID file path is properly defined using the existing
SUPERVISOR_DATAdirectory.
91-93: LGTM!Properly removes the CID file before container creation to prevent Docker from refusing to start. The conditional check and comment clearly explain the reasoning.
buildroot-external/package/rpi-rf-mod/rpi-rf-mod.mk (1)
17-18: Repository migration verified.The new repository
OpenCCU/OpenCCUis accessible, the commite1404d6b2400589a1956d7429ad16227c8db6771exists, and the tarball is downloadable. The migration is valid.README.md (1)
19-22: External documentation links verified and valid.All referenced resources are confirmed accessible:
- ADR-0015 and ADR-0017 are both present in the Home Assistant architecture repository and marked as accepted
- The Board support section is available in the Home Assistant Developer Docs
The refactoring of the hardware list to centralize policy in ADRs improves maintainability without introducing broken references.
| runs-on: ubuntu-latest | ||
| steps: | ||
| - uses: release-drafter/release-drafter@v6 | ||
| - uses: release-drafter/release-drafter@b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 # v6.1.0 |
There was a problem hiding this comment.
🧩 Analysis chain
LGTM! Pinning action to commit SHA enhances security.
Pinning GitHub Actions to specific commit SHAs prevents tag-based supply chain attacks and ensures reproducible builds.
Optionally verify the SHA corresponds to v6.1.0:
🏁 Script executed:
#!/bin/bash
# Verify the SHA corresponds to the v6.1.0 tag
gh api repos/release-drafter/release-drafter/git/refs/tags/v6.1.0 | jq -r '.object.sha'Length of output: 40
I found a discrepancy. Let me verify what version the pinned SHA actually corresponds to:
Let me search for the release history to find what version that commit belongs to:
Let me query the GitHub API to find all releases and match the SHA:
---
🏁 Script executed:
```shell
#!/bin/bash
# Get all releases for release-drafter to find which one matches the workflow SHA
gh api repos/release-drafter/release-drafter/releases --paginate | jq -r '.[] | "\(.tag_name): \(.target_commitish)"' | head -20
Length of output: 444
Let me query for the actual commit SHAs for these tags:
---
🏁 Script executed:
```shell
#!/bin/bash
# Get commit SHAs for recent tags to find the one matching b1476f6e6eb133afa41ed8589daba6dc69b4d3f5
for tag in v6.1.0 v6.0.0 v5.25.0; do
sha=$(gh api repos/release-drafter/release-drafter/git/refs/tags/$tag | jq -r '.object.sha')
echo "$tag: $sha"
done
Length of output: 147
Let me search through more tags to find which one actually corresponds to the workflow SHA:
---
🏁 Script executed:
```shell
#!/bin/bash
# Get all tags and their commit SHAs to find the match
gh api repos/release-drafter/release-drafter/git/refs/tags --paginate | jq -r '.[] | "\(.ref | gsub("refs/tags/"; "")): \(.object.sha)"' | grep 'b1476f6e6eb133afa41ed8589daba6dc69b4d3f5'
Length of output: 44
Update inline comment: SHA corresponds to v6, not v6.1.0.
Verification revealed the pinned SHA b1476f6e6eb133afa41ed8589daba6dc69b4d3f5 corresponds to the v6 tag, not v6.1.0 as indicated in the comment. The actual v6.1.0 SHA is 7cf306f56b79636bb76931494ccf29fc893763bd. Either update the comment to reflect v6, or pin to the correct v6.1.0 SHA instead.
| --cidfile "${SUPERVISOR_CIDFILE}" \ | ||
| --mount type=bind,src="${SUPERVISOR_CIDFILE}",dst=/run/cid,readonly \ |
There was a problem hiding this comment.
🧩 Analysis chain
Verify the CID file mount timing.
The CID file is both created by Docker (via --cidfile) and mounted into the container. Docker writes the CID file after container creation, but the mount is specified during creation. Verify that this doesn't cause a timing issue where the mount fails because the file doesn't exist yet.
Run the following test to verify the behavior:
🏁 Script executed:
#!/bin/bash
# Test if Docker can create a container with --cidfile and mount it simultaneously
# Create test directory
TEST_DIR=$(mktemp -d)
TEST_CIDFILE="${TEST_DIR}/test.cid"
# Try to create a container with cidfile and mount
if docker container create \
--name test_cid_mount \
--cidfile "${TEST_CIDFILE}" \
--mount type=bind,src="${TEST_CIDFILE}",dst=/run/cid,readonly \
busybox:latest sleep 1 2>&1; then
echo "SUCCESS: Container created with cidfile and mount"
docker rm test_cid_mount
else
echo "FAILURE: Cannot mount cidfile during container creation"
fi
# Cleanup
rm -rf "${TEST_DIR}"Length of output: 100
Based on Docker's official documentation, I found a critical issue with the review comment's code.
When using the --mount flag, Docker produces an error if the bind source path does not exist on the host. Since --mount does not automatically create a directory if the specified mount path does not exist on the host, but --cidfile writes the container ID file after container creation, this sequence fails: Docker tries to validate and mount the non-existent CID file during container creation, which would result in an error.
Review comment verification confirmed—this is a critical issue that needs to be fixed.
Remove the read-only bind mount or create the CID file before mounting it.
The --cidfile flag writes the container ID after creation, but --mount type=bind requires the source file to exist. Either:
- Create the CID file beforehand before container creation, or
- Remove the
--mountfor the CID file and access it through the host filesystem after the container is created
Lines 101–102 cannot coexist as written.
🤖 Prompt for AI Agents
In buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor around lines
101-102, the script uses --cidfile to write the container ID after creation
while also attempting a read-only bind mount of that same path with --mount,
which fails because Docker requires the bind source to exist at container
creation; either pre-create the CID file path before invoking Docker so the bind
mount is valid, or remove the --mount bind for the CID file and rely solely on
--cidfile (or read the CID from the container via docker/nerdctl after
creation); implement one of these two fixes and ensure the chosen approach
removes the conflicting option so Docker no longer errors on mount validation.
Summary by CodeRabbit
New Features
Bug Fixes
Chores