Update release-drafter.yml

[skip ci]

.github/release-drafter.yml

@@ -0,0 +1,15 @@
+categories:
+  - title: 'HassOS Core'
+    label: 'os'
+  - title: 'Build'
+    label: 'build'
+  - title: 'Raspberry Pi'
+    label: 'board/raspberry'
+  - title: 'Open Virtual Appliance'
+    label: 'board/ova'
+  - title: 'Intel-Nuc'
+    label: 'board/intel-nuc'
+template: |
+  ## Changes
+
+  $CHANGES

.github/stale.yml

@@ -0,0 +1,17 @@
+# Number of days of inactivity before an issue becomes stale
+daysUntilStale: 60
+# Number of days of inactivity before a stale issue is closed
+daysUntilClose: 7
+# Issues with these labels will never be considered stale
+exemptLabels:
+  - pinned
+  - security
+# Label to use when marking an issue as stale
+staleLabel: wontfix
+# Comment to post when marking an issue as stale. Set to `false` to disable
+markComment: >
+  This issue has been automatically marked as stale because it has not had
+  recent activity. It will be closed if no further activity occurs. Thank you
+  for your contributions.
+# Comment to post when closing a stale issue. Set to `false` to disable
+closeComment: false

.hadolint.yaml

@@ -0,0 +1,2 @@
+ignored:
+  - DL3008

.travis.yml

@@ -1,25 +0,0 @@
-language: bash
-
-sudo: required
-service: docker
-
-addons:
-  apt:
-    packages:
-     - docker-ce
-
-before_install:
-  - shopt -s globstar
-  - docker pull koalaman/shellcheck
-
-script:
- - docker run -v $(pwd):/mnt koalaman/shellcheck scripts/*.sh
- - docker run -v $(pwd):/mnt koalaman/shellcheck buildroot-external/scripts/*.sh
- - docker run -v $(pwd):/mnt koalaman/shellcheck buildroot-external/scripts/*.sh
- - docker run -v $(pwd):/mnt koalaman/shellcheck buildroot-external/board/**/*.sh
- - docker run -v $(pwd):/mnt koalaman/shellcheck buildroot-external/rootfs-overlay/usr/sbin/*
- - docker run -v $(pwd):/mnt koalaman/shellcheck buildroot-external/rootfs-overlay/usr/libexec/*
- - docker run -v $(pwd):/mnt koalaman/shellcheck buildroot-external/rootfs-overlay/usr/lib/rauc/*
-
-matrix:
-  fast_finish: true

Dockerfile

@@ -1,7 +1,10 @@
 FROM ubuntu:18.04
 
+# Set shell
+SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+
 # Docker
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
         apt-transport-https \
         ca-certificates \
         curl \
@@ -9,11 +12,12 @@ RUN apt-get update && apt-get install -y \
     && rm -rf /var/lib/apt/lists/* \
     && curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add - \
     && add-apt-repository "deb https://download.docker.com/linux/ubuntu $(lsb_release -cs) stable" \
-    && apt-get update && apt-get install -y docker-ce \
+    && apt-get update && apt-get install -y --no-install-recommends \
+        docker-ce \
     && rm -rf /var/lib/apt/lists/*
 
 # Build Tools
-RUN apt-get update && apt-get install -y \
+RUN apt-get update && apt-get install -y --no-install-recommends \
         wget patch vim cpio python unzip rsync bc bzip2 ncurses-dev \
         git make g++ file perl bash binutils locales qemu-utils bison flex \
     && rm -rf /var/lib/apt/lists/*

Documentation/boards/odroid-xu4.md

@@ -0,0 +1,27 @@
+# Odroid-XU4
+
+## eMMC
+
+The Odroid XU4 has a hidden boot sector that is only visible on the Odroid itself (can't be written by a card reader). There are a couple possibilities:
+1) If the eMMC already had a working image before flashing HassOS:
+* It will be booting to uBoot (but no further). 
+    * If you have the serial adapter, you should be able to enter `distro_bootcmd` at the uboot prompt to continue booting.
+    * If not, flash the HassOS image to an SD card and boot off that temporarily (while the eMMC is also plugged in).
+* Once booted, login at the prompts and then enter `dd if=/dev/mmcblk0 of=/dev/mmcblk0boot0 bs=512 skip=63 seek=62 count=1440` at the linux prompt.
+* Reboot with eMMC (don't forget to flip the boot switch to eMMC)
+2) Clean/wiped/corruped boot sector:
+* You'll need to follow [Hardkernel's instructions](https://forum.odroid.com/viewtopic.php?f=53&t=6173) to get a working boot sector. Then flash HassOS and follow instructions above.
+* Alternatively, you can try flash HassOS to both an SD and eMMC, then boot off the SD with the eMMC also plugged in, then run `dd if=/dev/mmcblk1 of=/dev/mmcblk0boot0 bs=512 skip=1 seek=0 count=16381` at the Linux prompt. Note that this is untested, but in theory should work..
+
+If you are getting permissions issues when using the dd command, try disabling RO:
+`echo 0 > /sys/block/mmcblk0boot0/force_ro`
+to re-enable after running dd:
+`echo 1 > /sys/block/mmcblk0boot0/force_ro`
+## Console
+
+By default, console access is granted over the serial header and over HDMI. Certain startup messages will only appear on the serial console by default. To show the messages on the HDMI console instead, swap the order of the two consoles in the `cmdline.txt` file on the boot partition. You can also delete the SAC2 console if you don't plan on using the serial adapter.
+eg. `console=tty1 console=ttySAC2,115200`
+
+## GPIO
+
+Refer to [the odroid wiki](https://wiki.odroid.com/odroid-xu4/hardware/expansion_connectors).

Documentation/boards/tinker.md

@@ -7,11 +7,11 @@ Supported Hardware:
 | Tinker RK3288 | tinker |
 | Tinker S RK3288 | tinker |
 
-## EMMC
+## eMMC
 
-Actual we support only SD cards. The support for EMMC will follow.
+eMMC support is provided transparently. Just flash the image to the eMMC by connecting your Tinker Board S to your PC via Micro-USB.
 
 ## Serial console
 
-For access to terminal over serial console, add `console=ttyS2,115200` to `cmdline.txt`. GPIO pins are: 34 = GND / 32 = UART TXD / 33 = UART RXD.
+To access the terminal over serial console, add `console=ttyS2,115200` to `cmdline.txt`. GPIO pins are: 34 = GND / 32 = UART TXD / 33 = UART RXD.
 

Documentation/configuration.md

@@ -8,18 +8,20 @@ Format a USB stick with FAT32/EXT4/NTFS and name it `CONFIG`. Alternative you ca
 ```text
 network/
 modules/
+modprobe/
 udev/
 authorized_keys
 timesyncd.conf
 hassos-xy.raucb
 ```
 
-- The `network` folder can contain any kind of NetworkManager connection files. For more information see [Network][network.md]. 
+- The `network` folder can contain any kind of NetworkManager connection files. For more information see [Network][network.md].
 - The `modules` folder is for modules-load configuration files.
+- The `modprobe` folder is for modules configuration files (/etc/modprobe.d)
 - The `udev` folder is for udev rules files.
 - The `authorized_keys` file activates debug SSH access on port `22222`. See [Debugging Hassio][debug-hassio].
 - The `timesyncd.conf` file allow you to set different NTP servers. HassOS won't boot without correct working time servers!
-- The `hassos-*.raucb` file is a firmware OTA update which will be installed. These can be found on on the [release][hassos-release] page. 
+- The `hassos-*.raucb` file is a firmware OTA update which will be installed. These can be found on on the [release][hassos-release] page.
 
 You can put this USB stick into the device and it will be read on startup. You can also trigger this process later over the
 API/UI or by calling `systemctl restart hassos-config` on the host.
@@ -32,7 +34,7 @@ You can edit or create a `cmdline.txt` in your boot partition. That will be read
 
 ### Kernel-Module
 
-The kernel module folder `/etc/modules-load.d` is persistent and you can add your configuration files there. See [Systemd modules load][systemd-modules].
+The kernel module folder `/etc/modules-load.d` is persistent and you can add your configuration files there. See [Systemd modules load][systemd-modules]. You can add the modules configuration files in `/etc/modprobe.d` that is also persistent.
 
 ### Udev rules
 

Documentation/kernel.md

@@ -4,7 +4,7 @@
 | Board | Version |
 |-------|---------|
 | Open Virtual Applicance | 4.19.20 |
-| Raspberry Pi | 4.14.81 |
+| Raspberry Pi | 4.14.98 |
 | Tinker Board | 4.19.20 |
 | Odroid-C2 | 4.19.15 |
 | Odroid-XU4 | 4.19.15 |

azure-pipelines.yml

@@ -0,0 +1,52 @@
+# https://dev.azure.com/home-assistant
+
+trigger:
+  batch: true
+  branches:
+    include:
+    - dev
+  tags:
+    include:
+    - '*'
+    exclude:
+    - untagged*
+pr:
+- dev
+
+variables:
+  - name: versionHadolint
+    value: 'v1.16.3'
+  - name: versionShellCheck
+    value: 'v0.6.0'
+
+jobs:
+
+- job: 'Hadolint'
+  pool:
+    vmImage: 'ubuntu-16.04'
+  steps:
+  - script: sudo docker pull hadolint/hadolint:$(versionHadolint)
+    displayName: 'Install Hadolint'
+  - script: |
+      sudo docker run --rm -i \
+        -v $(pwd)/.hadolint.yaml:/.hadolint.yaml:ro \
+        hadolint/hadolint:$(versionHadolint) < Dockerfile
+    displayName: 'Run Hadolint'
+
+
+- job: 'ShellCheck'
+  pool:
+    vmImage: 'ubuntu-16.04'
+  steps:
+  - script: sudo docker pull koalaman/shellcheck:$(versionShellCheck)
+    displayName: 'Install ShellCheck'
+  - script: |
+      sudo docker run --rm -i \
+        -v $(pwd):/mnt:ro koalaman/shellcheck:$(versionShellCheck) \
+          scripts/*.sh \
+          buildroot-external/scripts/*.sh \
+          buildroot-external/board/**/*.sh \
+          buildroot-external/rootfs-overlay/usr/sbin/* \
+          buildroot-external/rootfs-overlay/usr/libexec/* \
+          buildroot-external/rootfs-overlay/usr/lib/rauc/*
+    displayName: 'Run ShellCheck'

buildroot-external/board/hardkernel/odroid-xu4/patches/linux/000-arm-exynos_change_the_default_dma_coherent_pool_size.patch

@@ -0,0 +1,42 @@
+diff --git a/arch/arm/include/asm/dma-mapping.h b/arch/arm/include/asm/dma-mapping.h
+index bf02dbd9ccda3..8029e21eee149 100644
+--- a/arch/arm/include/asm/dma-mapping.h
++++ b/arch/arm/include/asm/dma-mapping.h
+@@ -5,7 +5,9 @@
+ 
+ #include <linux/mm_types.h>
+ #include <linux/scatterlist.h>
++#include <linux/device.h>
+ #include <linux/dma-debug.h>
++#include <linux/dma-direction.h>
+ 
+ #include <asm/memory.h>
+ 
+diff --git a/arch/arm/mach-exynos/firmware.c b/arch/arm/mach-exynos/firmware.c
+index fd6da5419b510..5b3abc935e7fc 100644
+--- a/arch/arm/mach-exynos/firmware.c
++++ b/arch/arm/mach-exynos/firmware.c
+@@ -13,12 +13,14 @@
+ #include <linux/init.h>
+ #include <linux/of.h>
+ #include <linux/of_address.h>
++#include <linux/sizes.h>
+ 
+ #include <asm/cacheflush.h>
+ #include <asm/cputype.h>
+ #include <asm/firmware.h>
+ #include <asm/hardware/cache-l2x0.h>
+ #include <asm/suspend.h>
++#include <asm/dma-mapping.h>
+ 
+ #include "common.h"
+ #include "smc.h"
+@@ -225,6 +227,8 @@ void __init exynos_firmware_init(void)
+ 		outer_cache.write_sec = exynos_l2_write_sec;
+ 		outer_cache.configure = exynos_l2_configure;
+ 	}
++
++	init_dma_coherent_pool_size(SZ_1M);
+ }
+ 
+ #define REG_CPU_STATE_ADDR	(sysram_ns_base_addr + 0x28)

buildroot-external/board/intel/ova/kernel.config

@@ -1,5 +1,11 @@
 CONFIG_EFI_STUB=y
 
+CONFIG_VMXNET3=y
+CONFIG_VMWARE_PVSCSI=y
+CONFIG_VMWARE_VMCI_VSOCKETS=y
+CONFIG_VMWARE_VMCI=y
+CONFIG_VMWARE_BALLOON=y
+
 CONFIG_VIRTIO=y
 CONFIG_VIRTIO_PCI=y
 CONFIG_VIRTIO_NET=y

buildroot-external/configs/intel_nuc_defconfig

@@ -28,6 +28,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -74,6 +75,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -93,12 +95,12 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/amd64-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/intel-nuc-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/amd64-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/odroid_c2_defconfig

@@ -30,6 +30,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -66,6 +67,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -86,12 +88,12 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/aarch64-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/odroid-c2-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/aarch64-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/odroid_xu4_defconfig

@@ -36,6 +36,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -72,6 +73,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -93,13 +95,13 @@ BR2_PACKAGE_HOST_GPTFDISK=y
 BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
-BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armhf-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armv7-hassio-supervisor"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/odroid-xu-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
-BR2_PACKAGE_HASSOS_CLI="homeassistant/armhf-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI="homeassistant/armv7-hassio-cli"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/opi_prime_defconfig

@@ -52,6 +52,7 @@ BR2_ROOTFS_POST_IMAGE_SCRIPT="$(BR2_EXTERNAL_HASSOS_PATH)/scripts/post-image.sh"
 BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/orangepi/prime $(BR2_EXTERNAL_HASSOS_PATH)/board/orangepi/hassos-hook.sh"
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -88,6 +89,7 @@ BR2_PACKAGE_RAUC_NETWORK=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -101,12 +103,12 @@ BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HOST_SWIG=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/aarch64-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/orangepi-prime-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/aarch64-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/ova_defconfig

@@ -27,6 +27,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -62,6 +63,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -81,12 +83,12 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/amd64-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/qemux86-64-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/amd64-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/rpi0_w_defconfig

@@ -23,7 +23,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/rpi0-
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="f6878de4d2818c2256b2a340eaeeabfb0b24c71b"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="877656cd145497db7c09a7de06ea85db98bd72a3"
 BR2_LINUX_KERNEL_DEFCONFIG="bcmrpi"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/kernel.config"
 BR2_LINUX_KERNEL_LZ4=y
@@ -33,6 +33,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -70,6 +71,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -90,12 +92,12 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armhf-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/raspberrypi-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/armhf-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/rpi2_defconfig

@@ -23,7 +23,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/rpi2
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="f6878de4d2818c2256b2a340eaeeabfb0b24c71b"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="877656cd145497db7c09a7de06ea85db98bd72a3"
 BR2_LINUX_KERNEL_DEFCONFIG="bcm2709"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/kernel.config"
 BR2_LINUX_KERNEL_LZ4=y
@@ -33,6 +33,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -69,6 +70,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -88,13 +90,13 @@ BR2_PACKAGE_HOST_GPTFDISK=y
 BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
-BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armhf-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armv7-hassio-supervisor"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/raspberrypi2-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
-BR2_PACKAGE_HASSOS_CLI="homeassistant/armhf-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI="homeassistant/armv7-hassio-cli"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/rpi3_64_defconfig

@@ -23,7 +23,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/rpi3-
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="f6878de4d2818c2256b2a340eaeeabfb0b24c71b"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="877656cd145497db7c09a7de06ea85db98bd72a3"
 BR2_LINUX_KERNEL_DEFCONFIG="bcmrpi3"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/kernel.config"
 BR2_LINUX_KERNEL_LZ4=y
@@ -33,6 +33,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -70,6 +71,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -90,12 +92,12 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/aarch64-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/raspberrypi3-64-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/aarch64-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/rpi3_defconfig

@@ -23,7 +23,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/rpi3
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="f6878de4d2818c2256b2a340eaeeabfb0b24c71b"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="877656cd145497db7c09a7de06ea85db98bd72a3"
 BR2_LINUX_KERNEL_DEFCONFIG="bcm2709"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/kernel.config"
 BR2_LINUX_KERNEL_LZ4=y
@@ -33,6 +33,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -70,6 +71,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -89,13 +91,13 @@ BR2_PACKAGE_HOST_GPTFDISK=y
 BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
-BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armhf-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armv7-hassio-supervisor"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/raspberrypi3-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
-BR2_PACKAGE_HASSOS_CLI="homeassistant/armhf-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI="homeassistant/armv7-hassio-cli"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/rpi_defconfig

@@ -23,7 +23,7 @@ BR2_ROOTFS_POST_SCRIPT_ARGS="$(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/rpi $
 BR2_LINUX_KERNEL=y
 BR2_LINUX_KERNEL_CUSTOM_GIT=y
 BR2_LINUX_KERNEL_CUSTOM_REPO_URL="https://github.com/raspberrypi/linux"
-BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="f6878de4d2818c2256b2a340eaeeabfb0b24c71b"
+BR2_LINUX_KERNEL_CUSTOM_REPO_VERSION="877656cd145497db7c09a7de06ea85db98bd72a3"
 BR2_LINUX_KERNEL_DEFCONFIG="bcmrpi"
 BR2_LINUX_KERNEL_CONFIG_FRAGMENT_FILES="$(BR2_EXTERNAL_HASSOS_PATH)/kernel/hassos.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/docker.config $(BR2_EXTERNAL_HASSOS_PATH)/kernel/device-support.config $(BR2_EXTERNAL_HASSOS_PATH)/board/raspberrypi/kernel.config"
 BR2_LINUX_KERNEL_LZ4=y
@@ -33,6 +33,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -69,6 +70,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -89,12 +91,12 @@ BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
 BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armhf-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/raspberrypi-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
 BR2_PACKAGE_HASSOS_CLI="homeassistant/armhf-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/configs/tinker_defconfig

@@ -32,6 +32,7 @@ BR2_LINUX_KERNEL_NEEDS_HOST_OPENSSL=y
 BR2_LINUX_KERNEL_NEEDS_HOST_LIBELF=y
 BR2_PACKAGE_BUSYBOX_CONFIG="$(BR2_EXTERNAL_HASSOS_PATH)/busybox.config"
 BR2_PACKAGE_BUSYBOX_INDIVIDUAL_BINARIES=y
+BR2_PACKAGE_PROCPS_NG=y
 BR2_PACKAGE_JQ=y
 BR2_PACKAGE_E2FSPROGS=y
 BR2_PACKAGE_E2FSPROGS_RESIZE2FS=y
@@ -69,6 +70,7 @@ BR2_PACKAGE_RNG_TOOLS=y
 # BR2_PACKAGE_SYSTEMD_NETWORKD is not set
 BR2_PACKAGE_SYSTEMD_RANDOMSEED=y
 # BR2_PACKAGE_SYSTEMD_RESOLVED is not set
+BR2_PACKAGE_SYSTEMD_COREDUMP=y
 BR2_PACKAGE_UTIL_LINUX_PARTX=y
 BR2_PACKAGE_UTIL_LINUX_ZRAMCTL=y
 BR2_TARGET_ROOTFS_SQUASHFS=y
@@ -92,13 +94,13 @@ BR2_PACKAGE_HOST_GPTFDISK=y
 BR2_PACKAGE_HOST_MTOOLS=y
 BR2_PACKAGE_HOST_RAUC=y
 BR2_PACKAGE_HASSOS=y
-BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armhf-hassio-supervisor"
-BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="142"
+BR2_PACKAGE_HASSOS_SUPERVISOR="homeassistant/armv7-hassio-supervisor"
+BR2_PACKAGE_HASSOS_SUPERVISOR_VERSION="144"
 BR2_PACKAGE_HASSOS_SUPERVISOR_ARGS="-e HOMEASSISTANT_REPOSITORY=homeassistant/tinker-homeassistant"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE="hassio-supervisor"
 BR2_PACKAGE_HASSOS_SUPERVISOR_PROFILE_URL="http://s3.amazonaws.com/hassio-version/apparmor.txt"
-BR2_PACKAGE_HASSOS_CLI="homeassistant/armhf-hassio-cli"
-BR2_PACKAGE_HASSOS_CLI_VERSION="8"
+BR2_PACKAGE_HASSOS_CLI="homeassistant/armv7-hassio-cli"
+BR2_PACKAGE_HASSOS_CLI_VERSION="9"
 BR2_PACKAGE_HASSOS_CLI_ARGS="--network=hassio --add-host hassio:172.30.32.2"
 BR2_PACKAGE_HASSOS_CLI_PROFILE="docker-default"
 BR2_PACKAGE_HASSOS_APPARMOR_DIR="supervisor/apparmor"

buildroot-external/kernel/hassos.config

@@ -30,6 +30,7 @@ CONFIG_MSDOS_PARTITION=y
 # CONFIG_DEBUG_STACK_USAGE is not set
 # CONFIG_BTRFS_FS is not set
 
+CONFIG_TUN=y
 CONFIG_VLAN_8021Q=m
 CONFIG_VLAN_8021Q_GVRP=y
 CONFIG_VLAN_8021Q_MVRP=y

buildroot-external/meta

@@ -1,7 +1,7 @@
-VERSION_MAJOR=2
-VERSION_BUILD=9
+VERSION_MAJOR=3
+VERSION_BUILD=1
 
 HASSOS_NAME="HassOS"
 HASSOS_ID="hassos"
 
-DEPLOYMENT="production"
+DEPLOYMENT="development"

buildroot-external/patches/runc/0048-nsenter-clone-proc-self-exe-to-avoid-exposing-host-b.patch

@@ -0,0 +1,337 @@
+From 0a8e4117e7f715d5fbeef398405813ce8e88558b Mon Sep 17 00:00:00 2001
+From: Aleksa Sarai <asarai@suse.de>
+Date: Wed, 9 Jan 2019 13:40:01 +1100
+Subject: [PATCH 48/50] nsenter: clone /proc/self/exe to avoid exposing host
+ binary to container
+
+There are quite a few circumstances where /proc/self/exe pointing to a
+pretty important container binary is a _bad_ thing, so to avoid this we
+have to make a copy (preferably doing self-clean-up and not being
+writeable).
+
+We require memfd_create(2) -- though there is an O_TMPFILE fallback --
+but we can always extend this to use a scratch MNT_DETACH overlayfs or
+tmpfs. The main downside to this approach is no page-cache sharing for
+the runc binary (which overlayfs would give us) but this is far less
+complicated.
+
+This is only done during nsenter so that it happens transparently to the
+Go code, and any libcontainer users benefit from it. This also makes
+ExtraFiles and --preserve-fds handling trivial (because we don't need to
+worry about it).
+
+Fixes: CVE-2019-5736
+Co-developed-by: Christian Brauner <christian.brauner@ubuntu.com>
+Signed-off-by: Aleksa Sarai <asarai@suse.de>
+---
+ libcontainer/nsenter/cloned_binary.c | 268 +++++++++++++++++++++++++++
+ libcontainer/nsenter/nsexec.c        |  11 ++
+ 2 files changed, 279 insertions(+)
+ create mode 100644 libcontainer/nsenter/cloned_binary.c
+
+diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
+new file mode 100644
+index 00000000..c8a42c23
+--- /dev/null
++++ b/libcontainer/nsenter/cloned_binary.c
+@@ -0,0 +1,268 @@
++/*
++ * Copyright (C) 2019 Aleksa Sarai <cyphar@cyphar.com>
++ * Copyright (C) 2019 SUSE LLC
++ *
++ * Licensed under the Apache License, Version 2.0 (the "License");
++ * you may not use this file except in compliance with the License.
++ * You may obtain a copy of the License at
++ *
++ *     http://www.apache.org/licenses/LICENSE-2.0
++ *
++ * Unless required by applicable law or agreed to in writing, software
++ * distributed under the License is distributed on an "AS IS" BASIS,
++ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
++ * See the License for the specific language governing permissions and
++ * limitations under the License.
++ */
++
++#define _GNU_SOURCE
++#include <unistd.h>
++#include <stdio.h>
++#include <stdlib.h>
++#include <stdbool.h>
++#include <string.h>
++#include <limits.h>
++#include <fcntl.h>
++#include <errno.h>
++
++#include <sys/types.h>
++#include <sys/stat.h>
++#include <sys/vfs.h>
++#include <sys/mman.h>
++#include <sys/sendfile.h>
++#include <sys/syscall.h>
++
++/* Use our own wrapper for memfd_create. */
++#if !defined(SYS_memfd_create) && defined(__NR_memfd_create)
++#  define SYS_memfd_create __NR_memfd_create
++#endif
++#ifdef SYS_memfd_create
++#  define HAVE_MEMFD_CREATE
++/* memfd_create(2) flags -- copied from <linux/memfd.h>. */
++#  ifndef MFD_CLOEXEC
++#    define MFD_CLOEXEC       0x0001U
++#    define MFD_ALLOW_SEALING 0x0002U
++#  endif
++int memfd_create(const char *name, unsigned int flags)
++{
++	return syscall(SYS_memfd_create, name, flags);
++}
++#endif
++
++/* This comes directly from <linux/fcntl.h>. */
++#ifndef F_LINUX_SPECIFIC_BASE
++#  define F_LINUX_SPECIFIC_BASE 1024
++#endif
++#ifndef F_ADD_SEALS
++#  define F_ADD_SEALS (F_LINUX_SPECIFIC_BASE + 9)
++#  define F_GET_SEALS (F_LINUX_SPECIFIC_BASE + 10)
++#endif
++#ifndef F_SEAL_SEAL
++#  define F_SEAL_SEAL   0x0001	/* prevent further seals from being set */
++#  define F_SEAL_SHRINK 0x0002	/* prevent file from shrinking */
++#  define F_SEAL_GROW   0x0004	/* prevent file from growing */
++#  define F_SEAL_WRITE  0x0008	/* prevent writes */
++#endif
++
++#define RUNC_SENDFILE_MAX 0x7FFFF000 /* sendfile(2) is limited to 2GB. */
++#ifdef HAVE_MEMFD_CREATE
++#  define RUNC_MEMFD_COMMENT "runc_cloned:/proc/self/exe"
++#  define RUNC_MEMFD_SEALS \
++	(F_SEAL_SEAL | F_SEAL_SHRINK | F_SEAL_GROW | F_SEAL_WRITE)
++#endif
++
++static void *must_realloc(void *ptr, size_t size)
++{
++	void *old = ptr;
++	do {
++		ptr = realloc(old, size);
++	} while(!ptr);
++	return ptr;
++}
++
++/*
++ * Verify whether we are currently in a self-cloned program (namely, is
++ * /proc/self/exe a memfd). F_GET_SEALS will only succeed for memfds (or rather
++ * for shmem files), and we want to be sure it's actually sealed.
++ */
++static int is_self_cloned(void)
++{
++	int fd, ret, is_cloned = 0;
++
++	fd = open("/proc/self/exe", O_RDONLY|O_CLOEXEC);
++	if (fd < 0)
++		return -ENOTRECOVERABLE;
++
++#ifdef HAVE_MEMFD_CREATE
++	ret = fcntl(fd, F_GET_SEALS);
++	is_cloned = (ret == RUNC_MEMFD_SEALS);
++#else
++	struct stat statbuf = {0};
++	ret = fstat(fd, &statbuf);
++	if (ret >= 0)
++		is_cloned = (statbuf.st_nlink == 0);
++#endif
++	close(fd);
++	return is_cloned;
++}
++
++/*
++ * Basic wrapper around mmap(2) that gives you the file length so you can
++ * safely treat it as an ordinary buffer. Only gives you read access.
++ */
++static char *read_file(char *path, size_t *length)
++{
++	int fd;
++	char buf[4096], *copy = NULL;
++
++	if (!length)
++		return NULL;
++
++	fd = open(path, O_RDONLY | O_CLOEXEC);
++	if (fd < 0)
++		return NULL;
++
++	*length = 0;
++	for (;;) {
++		int n;
++
++		n = read(fd, buf, sizeof(buf));
++		if (n < 0)
++			goto error;
++		if (!n)
++			break;
++
++		copy = must_realloc(copy, (*length + n) * sizeof(*copy));
++		memcpy(copy + *length, buf, n);
++		*length += n;
++	}
++	close(fd);
++	return copy;
++
++error:
++	close(fd);
++	free(copy);
++	return NULL;
++}
++
++/*
++ * A poor-man's version of "xargs -0". Basically parses a given block of
++ * NUL-delimited data, within the given length and adds a pointer to each entry
++ * to the array of pointers.
++ */
++static int parse_xargs(char *data, int data_length, char ***output)
++{
++	int num = 0;
++	char *cur = data;
++
++	if (!data || *output != NULL)
++		return -1;
++
++	while (cur < data + data_length) {
++		num++;
++		*output = must_realloc(*output, (num + 1) * sizeof(**output));
++		(*output)[num - 1] = cur;
++		cur += strlen(cur) + 1;
++	}
++	(*output)[num] = NULL;
++	return num;
++}
++
++/*
++ * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ.
++ * This is necessary because we are running in a context where we don't have a
++ * main() that we can just get the arguments from.
++ */
++static int fetchve(char ***argv, char ***envp)
++{
++	char *cmdline = NULL, *environ = NULL;
++	size_t cmdline_size, environ_size;
++
++	cmdline = read_file("/proc/self/cmdline", &cmdline_size);
++	if (!cmdline)
++		goto error;
++	environ = read_file("/proc/self/environ", &environ_size);
++	if (!environ)
++		goto error;
++
++	if (parse_xargs(cmdline, cmdline_size, argv) <= 0)
++		goto error;
++	if (parse_xargs(environ, environ_size, envp) <= 0)
++		goto error;
++
++	return 0;
++
++error:
++	free(environ);
++	free(cmdline);
++	return -EINVAL;
++}
++
++static int clone_binary(void)
++{
++	int binfd, memfd;
++	ssize_t sent = 0;
++
++#ifdef HAVE_MEMFD_CREATE
++	memfd = memfd_create(RUNC_MEMFD_COMMENT, MFD_CLOEXEC | MFD_ALLOW_SEALING);
++#else
++	memfd = open("/tmp", O_TMPFILE | O_EXCL | O_RDWR | O_CLOEXEC, 0711);
++#endif
++	if (memfd < 0)
++		return -ENOTRECOVERABLE;
++
++	binfd = open("/proc/self/exe", O_RDONLY | O_CLOEXEC);
++	if (binfd < 0)
++		goto error;
++
++	sent = sendfile(memfd, binfd, NULL, RUNC_SENDFILE_MAX);
++	close(binfd);
++	if (sent < 0)
++		goto error;
++
++#ifdef HAVE_MEMFD_CREATE
++	int err = fcntl(memfd, F_ADD_SEALS, RUNC_MEMFD_SEALS);
++	if (err < 0)
++		goto error;
++#else
++	/* Need to re-open "memfd" as read-only to avoid execve(2) giving -EXTBUSY. */
++	int newfd;
++	char *fdpath = NULL;
++
++	if (asprintf(&fdpath, "/proc/self/fd/%d", memfd) < 0)
++		goto error;
++	newfd = open(fdpath, O_RDONLY | O_CLOEXEC);
++	free(fdpath);
++	if (newfd < 0)
++		goto error;
++
++	close(memfd);
++	memfd = newfd;
++#endif
++	return memfd;
++
++error:
++	close(memfd);
++	return -EIO;
++}
++
++int ensure_cloned_binary(void)
++{
++	int execfd;
++	char **argv = NULL, **envp = NULL;
++
++	/* Check that we're not self-cloned, and if we are then bail. */
++	int cloned = is_self_cloned();
++	if (cloned > 0 || cloned == -ENOTRECOVERABLE)
++		return cloned;
++
++	if (fetchve(&argv, &envp) < 0)
++		return -EINVAL;
++
++	execfd = clone_binary();
++	if (execfd < 0)
++		return -EIO;
++
++	fexecve(execfd, argv, envp);
++	return -ENOEXEC;
++}
+diff --git a/libcontainer/nsenter/nsexec.c b/libcontainer/nsenter/nsexec.c
+index 28269dfc..7750af35 100644
+--- a/libcontainer/nsenter/nsexec.c
++++ b/libcontainer/nsenter/nsexec.c
+@@ -534,6 +534,9 @@ void join_namespaces(char *nslist)
+ 	free(namespaces);
+ }
+ 
++/* Defined in cloned_binary.c. */
++extern int ensure_cloned_binary(void);
++
+ void nsexec(void)
+ {
+ 	int pipenum;
+@@ -549,6 +552,14 @@ void nsexec(void)
+ 	if (pipenum == -1)
+ 		return;
+ 
++	/*
++	 * We need to re-exec if we are not in a cloned binary. This is necessary
++	 * to ensure that containers won't be able to access the host binary
++	 * through /proc/self/exe. See CVE-2019-5736.
++	 */
++	if (ensure_cloned_binary() < 0)
++		bail("could not ensure we are a cloned binary");
++
+ 	/* Parse all of the netlink configuration. */
+ 	nl_parse(pipenum, &config);
+ 
+-- 
+2.17.1
+

buildroot-external/patches/runc/0050-nsexec-CVE-2019-5736-avoid-parsing-environ.patch

@@ -0,0 +1,106 @@
+From bb7d8b1f41f7bf0399204d54009d6da57c3cc775 Mon Sep 17 00:00:00 2001
+From: Christian Brauner <christian.brauner@ubuntu.com>
+Date: Thu, 14 Feb 2019 15:56:26 +0100
+Subject: [PATCH 50/50] nsexec (CVE-2019-5736): avoid parsing environ
+
+My first attempt to simplify this and make it less costly focussed on
+the way constructors are called. I was under the impression that the ELF
+specification mandated that arg, argv, and actually even envp need to be
+passed to functions located in the .init_arry section (aka
+"constructors"). Actually, the specifications is (cf. [2]):
+
+SHT_INIT_ARRAY
+This section contains an array of pointers to initialization functions,
+as described in ``Initialization and Termination Functions'' in Chapter
+5. Each pointer in the array is taken as a parameterless procedure with
+a void return.
+
+which means that this becomes a libc specific decision. Glibc passes
+down those args, musl doesn't. So this approach can't work. However, we
+can at least remove the environment parsing part based on POSIX since
+[1] mandates that there should be an environ variable defined in
+unistd.h which provides access to the environment. See also the relevant
+Open Group specification [1].
+
+[1]: http://pubs.opengroup.org/onlinepubs/9699919799/
+[2]: http://www.sco.com/developers/gabi/latest/ch4.sheader.html#init_array
+
+Fixes: CVE-2019-5736
+Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
+---
+ libcontainer/nsenter/cloned_binary.c | 23 ++++++++++-------------
+ 1 file changed, 10 insertions(+), 13 deletions(-)
+
+diff --git a/libcontainer/nsenter/cloned_binary.c b/libcontainer/nsenter/cloned_binary.c
+index c8a42c23..c97dfcb7 100644
+--- a/libcontainer/nsenter/cloned_binary.c
++++ b/libcontainer/nsenter/cloned_binary.c
+@@ -169,31 +169,25 @@ static int parse_xargs(char *data, int data_length, char ***output)
+ }
+ 
+ /*
+- * "Parse" out argv and envp from /proc/self/cmdline and /proc/self/environ.
++ * "Parse" out argv from /proc/self/cmdline.
+  * This is necessary because we are running in a context where we don't have a
+  * main() that we can just get the arguments from.
+  */
+-static int fetchve(char ***argv, char ***envp)
++static int fetchve(char ***argv)
+ {
+-	char *cmdline = NULL, *environ = NULL;
+-	size_t cmdline_size, environ_size;
++	char *cmdline = NULL;
++	size_t cmdline_size;
+ 
+ 	cmdline = read_file("/proc/self/cmdline", &cmdline_size);
+ 	if (!cmdline)
+ 		goto error;
+-	environ = read_file("/proc/self/environ", &environ_size);
+-	if (!environ)
+-		goto error;
+ 
+ 	if (parse_xargs(cmdline, cmdline_size, argv) <= 0)
+ 		goto error;
+-	if (parse_xargs(environ, environ_size, envp) <= 0)
+-		goto error;
+ 
+ 	return 0;
+ 
+ error:
+-	free(environ);
+ 	free(cmdline);
+ 	return -EINVAL;
+ }
+@@ -246,23 +240,26 @@ error:
+ 	return -EIO;
+ }
+ 
++/* Get cheap access to the environment. */
++extern char **environ;
++
+ int ensure_cloned_binary(void)
+ {
+ 	int execfd;
+-	char **argv = NULL, **envp = NULL;
++	char **argv = NULL;
+ 
+ 	/* Check that we're not self-cloned, and if we are then bail. */
+ 	int cloned = is_self_cloned();
+ 	if (cloned > 0 || cloned == -ENOTRECOVERABLE)
+ 		return cloned;
+ 
+-	if (fetchve(&argv, &envp) < 0)
++	if (fetchve(&argv) < 0)
+ 		return -EINVAL;
+ 
+ 	execfd = clone_binary();
+ 	if (execfd < 0)
+ 		return -EIO;
+ 
+-	fexecve(execfd, argv, envp);
++	fexecve(execfd, argv, environ);
+ 	return -ENOEXEC;
+ }
+-- 
+2.17.1
+

buildroot-external/rootfs-overlay/etc/systemd/coredump.conf

@@ -0,0 +1,3 @@
+[Coredump]
+Storage=none
+ProcessSizeMax=0

buildroot-external/rootfs-overlay/etc/systemd/system/docker.service.d/hassos.conf

@@ -1,5 +1,5 @@
 [Unit]
-RequiresMountsFor=/etc/docker /var/lib/docker
+RequiresMountsFor=/etc/docker /mnt/data
 
 [Service]
 ExecStart=

buildroot-external/rootfs-overlay/etc/systemd/system/systemd-modules-load.service.d/hassos.conf

@@ -1,2 +1,2 @@
 [Unit]
-RequiresMountsFor=/etc/modules-load.d
+RequiresMountsFor=/etc/modules-load.d /etc/modprobe.d

buildroot-external/rootfs-overlay/usr/lib/systemd/system/etc-modprobe.d.mount

@@ -0,0 +1,14 @@
+[Unit]
+Description=Kernel persistent modprobe.d
+Requires=mnt-overlay.mount
+After=mnt-overlay.mount
+Before=systemd-modules-load.service hassos-config.service
+
+[Mount]
+What=/mnt/overlay/etc/modprobe.d
+Where=/etc/modprobe.d
+Type=None
+Options=bind
+
+[Install]
+WantedBy=hassos-bind.target

buildroot-external/rootfs-overlay/usr/libexec/hassos-zram

@@ -51,9 +51,9 @@ else
     exit 1
 fi
 
-# Calc 20% of memory for ZRAM swap partition
+# Calc 25% of memory for ZRAM swap partition
 if [ "$TYPE" = "swap" ] && [ "$SIZE" -eq "0" ]; then
-    SIZE="$(awk '/MemTotal/{ print $2 * 0.20 }' /proc/meminfo)K"
+    SIZE="$(awk '/MemTotal/{ print $2 * 0.25 }' /proc/meminfo)K"
 fi
 
 # Init device

buildroot-external/rootfs-overlay/usr/sbin/hassos-config

@@ -44,12 +44,21 @@ fi
 ##
 # Modules
 if [ -d "${CONFIG_DIR}/modules" ]; then
-    echo "[Info] Update Modules configuration!"
+    echo "[Info] Update Modules autoload!"
 
     rm -rf /etc/modules-load.d/*
     cp -f ${CONFIG_DIR}/modules/* /etc/modules-load.d/
 fi
 
+##
+# Modules configuration
+if [ -d "${CONFIG_DIR}/modprobe" ]; then
+    echo "[Info] Update Modules configuration!"
+
+    rm -rf /etc/modprobe.d/*
+    cp -f ${CONFIG_DIR}/modprobe/* /etc/modprobe.d/
+fi
+
 ##
 # Udev
 if [ -d "${CONFIG_DIR}/udev" ]; then

buildroot-external/rootfs-overlay/usr/sbin/hassos-supervisor

@@ -23,7 +23,7 @@ runSupervisor() {
 
     # shellcheck disable=SC2086
     docker container run --name hassos_supervisor \
-        --security-opt apparmor="${APPARMOR}" \
+        --privileged --security-opt apparmor="${APPARMOR}" \
         -v /var/run/docker.sock:/var/run/docker.sock \
         -v /var/run/dbus:/var/run/dbus \
         -v /etc/machine-id:/etc/machine-id:ro \

buildroot-external/scripts/rauc.sh

@@ -78,6 +78,7 @@ function install_rauc_certs() {
 
 function install_bootloader_config() {
     if [ "${BOOTLOADER}" == "uboot" ]; then
+    	# shellcheck disable=SC1117
         echo -e "/dev/disk/by-partlabel/hassos-bootstate\t0x0000\t${BOOT_ENV_SIZE}" > "${TARGET_DIR}/etc/fw_env.config"
     else
         cp -f "${BR2_EXTERNAL_HASSOS_PATH}/misc/barebox-state-efi.dtb" "${TARGET_DIR}/etc/barebox-state.dtb"

buildroot-external/scripts/rootfs-layer.sh

@@ -29,6 +29,7 @@ function fix_rootfs() {
 
 function install_hassos_cli() {
 
+    # shellcheck disable=SC1117
     sed -i "s|\(root.*\)/bin/sh|\1/usr/sbin/hassos-cli|" "${TARGET_DIR}/etc/passwd"
     
     if ! grep "hassos-cli" "${TARGET_DIR}/etc/shells"; then

buildroot-patches/0001-docker-containerd-bump-to-v1.2.4.patch

@@ -1,7 +1,7 @@
 From 0484ba124482874b9612563887b22ce454026f7e Mon Sep 17 00:00:00 2001
 From: Pascal Vizeli <pvizeli@syshack.ch>
 Date: Mon, 26 Nov 2018 14:38:19 +0000
-Subject: [PATCH 1/1] docker-containerd: bump to v1.2.0
+Subject: [PATCH 1/1] docker-containerd: bump to v1.2.4
 
 Signed-off-by: Pascal Vizeli <pvizeli@syshack.ch>
 ---
@@ -16,7 +16,7 @@ index a530873..71cd5e5 100644
 @@ -1,3 +1,3 @@
  # Computed locally
 -sha256	a946f4614d92d60361213ef18deab04ee73599e4567f1ff26f7a72841afe4fa2	docker-containerd-v1.1.3.tar.gz
-+sha256	8565a655345f3db2f7b78b77a2cd3103895229aa44cd0e4c710ba3559e344b5a	docker-containerd-v1.2.0.tar.gz
++sha256	5b23bd330f9e59e14f7dced9e3106f37f5b552e527bb6c1503001d90e853c155	docker-containerd-v1.2.4.tar.gz
  sha256  4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4	LICENSE
 diff --git a/package/docker-containerd/docker-containerd.mk b/package/docker-containerd/docker-containerd.mk
 index 121ef09..36f4a25 100644
@@ -27,7 +27,7 @@ index 121ef09..36f4a25 100644
  ################################################################################
  
 -DOCKER_CONTAINERD_VERSION = v1.1.3
-+DOCKER_CONTAINERD_VERSION = v1.2.0
++DOCKER_CONTAINERD_VERSION = v1.2.4
  DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,$(DOCKER_CONTAINERD_VERSION))
  DOCKER_CONTAINERD_LICENSE = Apache-2.0
  DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

buildroot-patches/0005-Pump-raspberry-pi-firmware-for-kernel-4.14.patch

@@ -16,7 +16,7 @@ index 4854deae03..3a9f21e877 100644
 @@ -1,2 +1,2 @@
  # Locally computed
 -sha256 57c56e9e41a2d9b1ce660aa7887db5c4b44f768fc63c6b6ef1d2fe460a090d85 rpi-firmware-fbad6408c4596d3d671736ee0571aae444f24e68.tar.gz
-+sha256 8939476badeb1d28adc60b46315f1511cd83c1942fbde5ef2e04c4f1b9591da6 rpi-firmware-91e955e3786a807f4af8ae7e4a4bbf9ec470b843.tar.gz
++sha256 9a34ccc4a51695a33206cc6c8534f615ba5a30fcbce5fa3add400ecc6b80ad8a rpi-firmware-83977fe3b6ef54c1d29c83b0a778d330f523441f.tar.gz
 diff --git a/package/rpi-firmware/rpi-firmware.mk b/package/rpi-firmware/rpi-firmware.mk
 index eab4c5d307..cb2e9d6cd8 100644
 --- a/package/rpi-firmware/rpi-firmware.mk
@@ -26,7 +26,7 @@ index eab4c5d307..cb2e9d6cd8 100644
  ################################################################################
  
 -RPI_FIRMWARE_VERSION = fbad6408c4596d3d671736ee0571aae444f24e68
-+RPI_FIRMWARE_VERSION = 91e955e3786a807f4af8ae7e4a4bbf9ec470b843
++RPI_FIRMWARE_VERSION = 83977fe3b6ef54c1d29c83b0a778d330f523441f
  RPI_FIRMWARE_SITE = $(call github,raspberrypi,firmware,$(RPI_FIRMWARE_VERSION))
  RPI_FIRMWARE_LICENSE = BSD-3-Clause
  RPI_FIRMWARE_LICENSE_FILES = boot/LICENCE.broadcom

buildroot/package/docker-containerd/docker-containerd.hash

@@ -1,3 +1,3 @@
 # Computed locally
-sha256	8565a655345f3db2f7b78b77a2cd3103895229aa44cd0e4c710ba3559e344b5a	docker-containerd-v1.2.0.tar.gz
+sha256	5b23bd330f9e59e14f7dced9e3106f37f5b552e527bb6c1503001d90e853c155	docker-containerd-v1.2.4.tar.gz
 sha256  4bbe3b885e8cd1907ab4cf9a41e862e74e24b5422297a4f2fe524e6a30ada2b4	LICENSE

buildroot/package/docker-containerd/docker-containerd.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-DOCKER_CONTAINERD_VERSION = v1.2.0
+DOCKER_CONTAINERD_VERSION = v1.2.4
 DOCKER_CONTAINERD_SITE = $(call github,containerd,containerd,$(DOCKER_CONTAINERD_VERSION))
 DOCKER_CONTAINERD_LICENSE = Apache-2.0
 DOCKER_CONTAINERD_LICENSE_FILES = LICENSE

buildroot/package/rpi-firmware/rpi-firmware.hash

@@ -1,2 +1,2 @@
 # Locally computed
-sha256 8939476badeb1d28adc60b46315f1511cd83c1942fbde5ef2e04c4f1b9591da6 rpi-firmware-91e955e3786a807f4af8ae7e4a4bbf9ec470b843.tar.gz
+sha256 9a34ccc4a51695a33206cc6c8534f615ba5a30fcbce5fa3add400ecc6b80ad8a rpi-firmware-83977fe3b6ef54c1d29c83b0a778d330f523441f.tar.gz

buildroot/package/rpi-firmware/rpi-firmware.mk

@@ -4,7 +4,7 @@
 #
 ################################################################################
 
-RPI_FIRMWARE_VERSION = 91e955e3786a807f4af8ae7e4a4bbf9ec470b843
+RPI_FIRMWARE_VERSION = 83977fe3b6ef54c1d29c83b0a778d330f523441f
 RPI_FIRMWARE_SITE = $(call github,raspberrypi,firmware,$(RPI_FIRMWARE_VERSION))
 RPI_FIRMWARE_LICENSE = BSD-3-Clause
 RPI_FIRMWARE_LICENSE_FILES = boot/LICENCE.broadcom