Release notes for 6.0 (wrynose)

This document lists new features and enhancements for the Yocto Project 6.0 Release (codename “wrynose”). For a list of breaking changes and migration guides, see the Migration notes for 6.0 (wrynose) section.

The 6.0 (wrynose) release is the new LTS release after 5.0 (scarthgap). If you are migrating from the 5.0 version, be sure to read the previous migration guides:

• Release 5.1 (styhead)

• Release 5.2 (walnascar)

• Release 5.3 (whinlatter)

See also the list of new features and enhancements of the previous releases:

• Release notes for 5.1 (styhead)

• Release notes for 5.2 (walnascar)

• Release notes for 5.3 (whinlatter)

New Features / Enhancements in 6.0

• Linux kernel XXX, gcc XXX, glibc XXX, LLVM XXX, and over XXX other recipe upgrades

• Minimum Python version required on the host: XXX.

• New variables:

  • The OPENSSH_HOST_KEY_DIR variable can be used to specify the directory where OpenSSH host keys are stored. The default value is /etc/ssh (addd80d)

  • The OPENSSH_HOST_KEY_DIR_READONLY_CONFIG variable can be used to specify the directory where OpenSSH host keys are stored when the device uses a read-only filesystem. The default value is /var/run/ssh (addd80d)

  • The SPDX_INCLUDE_KERNEL_CONFIG can be set to “1” to export the Linux kernel configuration (CONFIG_* parameters) into the SPDX document when using the create-spdx class (228a968)

  • The SPDX_INCLUDE_PACKAGECONFIG variable can be set to “1” to export a recipe’s PACKAGECONFIG features (enabled/disabled) into the SPDX document when using the create-spdx class (228a968)

  • The SPDX_PACKAGE_URL allows specifying a space-separated list of Package URLs (purls) for the software Package when using the create-spdx class (874b2d3)

  • The SPDX_CONCLUDED_LICENSE allows specifying the hasConcludedLicense object of individual SBOM packages when using the create-spdx class (bb21c6a)

  • The FIT_MKIMAGE_EXTRA_OPTS variable allows passing extra options to the mkimage command when creating a FIT image with the kernel-fit-image class (d925d67)

  • The FIT_CONF_MAPPINGS variable allows mapping extra configurations to existing ones or rename an existing configuration in FIT images created with the kernel-fit-image class (e30f809)

  • The UBOOT_CONFIG_FRAGMENTS and UBOOT_FRAGMENTS allow supplying additional configuration fragments to the existing U-Boot configuration. See the definition of the variables for more information, and the documentation of the uboot-config class (9e96d3d)

  • The IMAGE_EXTRA_PARTITION_FILES allows specifying extra files from the deploy directory (DEPLOY_DIR_IMAGE) to install in a WIC partition created with the extra_partition plugin (e152607)

• Kernel-related changes:

• New core recipes:

  • libconfig: Import recipe from https://git.openembedded.org/meta-openembedded/, needed by one of the Mesa recipes (1a0196a)

  • python3-sphinxcontrib-svg2pdfconverter: Used for the generation of the Yocto Project documentation (f3f0019)

  • python3-pyzstd: Import from meta-python, needed by the ukify tool of systemd v258 (88a2713)

  • python3-uv-build: This recipe adds the uv Python build backend, required by python3-cryptography (0880cd2)

  • blueprint-compiler: Add the recipe as it became a dependency of the epiphany recipe after its upgrade to 49.2 (4212392)

• New core classes:

• Global configuration changes:

  • base-passwd: Add a clock group as systemd version v258 introduces this group to enable applications like linuxptp to open clocks without root privileges (aad8493)

  • lto.inc: Add a Clang specific LTO configuration (253da2e)

  • bitbake.conf:

    • remove DEBUG_PREFIX_MAP from TARGET_LDFLAGS (1797741)

    • The default definition of TARGET_LDFLAGS used to contain the value of DEBUG_PREFIX_MAP, to fix binary reproducibility issues. This was no longer needed after the originating GCC bug was fixed (1797741)

    • Switch BB_SIGNATURE_HANDLER to OEEquivHash and BB_HASHSERVE to auto by default (5596ea1, 4a38840)

  • The uninative class is now enabled by default. This allows reuse of native sstate built on one distro on another (722897f)

  • The no-static-libs.inc file, disabling most static libraries in various recipes, is now included by default in the default distro setup (appearing as the nodistro DISTRO) (03fc931)

  • The security_flags.inc file, adding various security related flags to the default compiler and linker, is now included by default in the default distro setup (appearing as nodistro DISTRO) (4c2d64c)

  • The yocto-space-optimize.inc file, adding various space optimization tweaks, is now included by default in the default distro setup (appearing as nodistro DISTRO) (175fcf9)

• Architecture-specific changes:

• QEMU / runqemu changes:

  • qemuboot`: Make the tap interface nameserver configurable through QB_TAP_NAMESERVER (0e8c258)

  • qemu: Disable the libkeyutils feature (30cc9f5)

  • runqemu-extract-sdk: Support the tar.zst format (650bb45)

  • qemurunner: Improve qmp module detection (a7386d0)

  • runqemu: Support .tar.zst, .tar,xz, .tar rootfs archive types (3a6172f)

• Documentation changes:

• Go changes:

  • go: Disable workspaces when building (GOWORK="off") (c52c5e8)

  • meta-go-toolchain: Disable support for the riscv32 and ppc32 architectures, as this was not supported (f554071)

• Rust changes:

  • Enable dynamic linking with llvm. This allows dynamically linking to libLLVM.so instead of linking statically (74ba238)

• Wic Image Creator changes:

  • wic/engine: Fix copying directories into wic image with ext* partitions (1ed38af)

• SDK-related changes:

• Testing-related changes:

  • ptest support was added for the following recipes:

    • libarchive (6e0bf90)

    • libassuan (1010abf)

    • libcheck (1bb06e2)

    • libconfig (f3e9d13)

    • libksba (f50a200)

    • libmd (4c0a413)

    • libsolv (f5432d1)

    • libyaml (ed2a345)

    • utfcpp (49314ca)

  • selftests: Use SHA256 keys for RPM tests (692919b)

  • oeqa: Open JSON files to parse in a context manager (e96baf5)

  • resulttool: Add ptest support to the JUnit output format (2abe2d7)

  • do_testimage: Print last lines of kernel log on test fail (fea3c44)

  • reproducible: Use the jQuery CDN instead of jquery-native (d3ee549)

  • selftest: Test installation of recipes with complex packaging (6f3aab6)

• Utility script changes:

  • bitbake-config-build: It is now possible to disable all fragments starting with a prefix by issuing bitbake-config-build disable-fragment <prefix>/ (573695d)

  • recipetool: Support PEP639-variant of license key in Python pyproject.toml files (9d1a7bb)

  • buildhistory:

    • Also show renamed directories (9bf2211)

    • Fix handling of RDEPENDS style strings (b013d62)

  • create-pull-request: Keep commit hash to be pulled in cover email (c78f5ae)

  • yocto-check-layer: Add messages in test_readme assertions (9fe883c)

• BitBake changes:

  • bitbake-layers:

    • Add a --show-variants option to the show-recipes subcommand to display BBCLASSEXTEND variants (353d5e9)

    • Fix the branch detection method of layerindex-fetch (af9dd01)

  • bitbake-setup:

    • Implement symlinking local sources into builds with the --use-local-source option of the init subcommand (ed5a3a0)

    • Convert print() calls to use a BitBake logger (6e511d0)

    • Correct several scenarios in layer updates (aa15cc7)

    • Source in the git-remote section can now be specified more simply with the uri property, instead of the remotes property (7941a5d). For example:

      "bitbake": {
          "git-remote": {
              "uri": "https://git.openembedded.org/bitbake",
              "branch": "master",
              "rev": "master"
          }
      }
      

    • Use the internal registry if run from a Git checkout, from a remote BitBake repository otherwise (675e907)

    • Fragments passed in the oe-fragments-one-of property can now contain descriptions (29f2cee)

    • Improve the readability of choices during the bitbake-setup init command (d970063)

    • Enable coloring of the diff outputs when using the bitbake-setup status or bitbake-setup update commands

  • cooker: Use BB_HASHSERVE_DB_DIR as hash server database location. If unset, the existing behavior is preserved (b339d05)

  • bitbake-getvar: Show close matches when no providers are found (1f8fa7c)

• Packaging changes:

• Clang/LLVM related changes:

  • compiler-rt:

    • Remove the need to depend on libgcc (f504b6b)

    • Always build C runtime (crt) files (56fe42a)

  • libcxx: Remove GNU runtime from dependencies (8034509)

  • libcxx/compiler-rt: Add support for llvm-libgcc, a drop-in replacement for libgcc and crt files (ed02230)

• SPDX-related changes:

  • spdx30_tasks: Fix SPDX_CUSTOM_ANNOTATION_VARS implementation (52ab3b6)

  • kernel: Add a task to export the kernel configuration to SPDX (228a968)

  • Add support for exporting the PACKAGECONFIG to SPDX (7ec61ac)

  • Add suport for package URLs (PURLs) through SPDX_PACKAGE_URL (874b2d3)

  • create-spdx-2.2: Add CVEs in CVE_CHECK_IGNORE to the list of fixed CVEs in the output SBOM (f852522)

• devtool changes:

  • ide-sdk: Find bitbake-setup’s init-build-env first, and oe-init-build-env if not found (6ab7e9e)

  • ide-sdk: Add gdbserver attach mode support (1191710)

  • ide-sdk: Support GDB pretty-printing for C++ STL types (a69e2ba)

• Patchtest-related changes:

  • Code refactoring and improvements (86d0b22, 317ef42, 6cdb5cb, ae787b3, a850252)

  • Reject Upstream-Status after scissors (2156ef9)

• insane / sanity classes related changes:

• Security changes:

  • A new document was added to the Yocto Project documentation: Yocto Project Security Reference. It is intended to document how to report vulnerabilities to the Yocto Project security team.

• cve-check-related changes:

  • cve-update-nvd2-native: Use maximum CVSS score when extracting it from multiple sources (4f6192f)

• New PACKAGECONFIG options for individual recipes:

  • curl: schannel

  • gstreamer1.0-plugins-good: qt6

  • libinput: lua, libwacom, mtdev

  • mesa: expat, zlib

  • openssl: legacy

  • opkg: acl, xattr

  • python3-cryptography: legacy-openssl

• systemd related changes:

  • Package ukify separately, with the systemd-ukify package name (e924274)

• U-Boot related changes:

  • uboot-config: Add support for generating the U-Boot initial environment in binary format using UBOOT_INITIAL_ENV_BINARY (cf11b14)

  • A new way of specifying multiple U-Boot configurations has been added (cd9e730). See U-Boot configuration flow changes (ref-classes-uboot-config)

• Miscellaneous changes:

  • curl: Ensure CURL_CA_BUNDLE from host environment is respected (545e43a)

  • weston: Add PipeWire as runtime dependency when pipewire is part of PACKAGECONFIG (9f52867)

  • uki: Use basename of device trees available via KERNEL_DEVICETREE (27a7fbb)

  • rpcbind: Set the owner of /run/rpcbind to rpc (80e4289)

  • archiver: Remove WORKDIR from the patch directory (c99d228)

  • gtk4: Convert to use the gnomebase class (fcd5e7c)

  • udev-extraconf: Split automount and autonet into seperate packages (udev-extraconf-automount and udev-extraconf-autonet) (08662d7)

  • e2fsprogs: Fix a bug for files larger than 2GB (683a1e7)

  • mesa: Add support for the virtio, gfxstream, hasvk Vulkan drivers (8e7ffdc, 3b56f14)

  • mesa: Drop VDPAU remnants in the recipe after upstream support was removed (3b05f58)

  • cross: Propagate dependencies to outhash, improving hash equivalence (267b651)

  • run-postinsts: Propagate exit status to the run-postinsts.service systemd service (7f74d88)

  • freetype: Use meson instead of autotools* (7395e4f)

  • wpa-supplicant:

    • Build with OWE support by default (d16c66b)

    • Build with 802.11be support by default (d16c66b)

  • overlayfs: Remove helper unit (623c20f)

  • patch: Show full path when a patch fails to apply (602e28b)

  • kea: Replace keactrl with kea daemons (kea-dhcp*) in initscripts (7f9d929), and remove keactrl from the recipe (08c3877)

  • initramfs-framework: Add handover of PID 1’s arguments to modules (a0ab3d1)

  • perl: Provide pod2man (in the recipe’s PROVIDES definition). This is used by many other recipes to produce man pages. This allows existing recipes to explicitly depend on pod2man-native to produce man pages (1d1e55d)

  • build-sysroots: Add sysroot tasks to default build and remove warning (e73f150)

  • Licenses and manifests are now deployed in the SDK when setting COPY_LIC_DIRS and/or COPY_LIC_MANIFEST, for both host and target sysroots (f757ae4)

  • openssl: Disable TLS 1.0/1.1 by default (d5501e7)

  • python3-cryptography: Disable legacy-openssl feature by default (1acd199)

  • openssl: Add support for config snippet includes. This can be done by installing extra configuration files in ${sysconfdir}/ssl/openssl.cnf.d/ (34bafcf)

  • busybox: Enable SELinux support if DISTRO_FEATURES contains selinux (c544f12)

  • coreutils: kill and uptime are no longer provided by the recipe (cedeb95)

Known Issues in 6.0

Recipe License changes in 6.0

The following changes have been made to the LICENSE values set by recipes:

Recipe	Previous value	New value
recipe name	Previous value	New value

Security Fixes in 6.0

The following CVEs have been fixed:

Recipe	CVE IDs
recipe name	CVE-xxx-xxxx, …

Recipe Upgrades in 6.0

The following recipes have been upgraded:

Recipe	Previous version	New version
recipe name	Previous version	New version

Contributors to 6.0

Thanks to the following people who contributed to this release:

Repositories / Downloads for Yocto-6.0