Debian 13

.github/workflows/docker.yaml

@@ -24,7 +24,7 @@ jobs:
       matrix:
         os:
           - name: debian
-            version: 12
+            version: 13
           - name: ubuntu
             version: 24.04
 

.github/workflows/release.yaml

@@ -41,21 +41,21 @@ jobs:
       - run: |
           # copy supported images (entire stable folder cannot be copied as a whole because it contains obsolete images as well)
           gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/almalinux/9 gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/almalinux/9
-          gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/debian/12 gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/debian/12
-          gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/debian-nvidia/12 gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/debian-nvidia/12
+          gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/debian/13 gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/debian/13
+          gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/debian-nvidia/13 gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/debian-nvidia/13
           gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/firewall/3.0-ubuntu gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/firewall/3.0-ubuntu
           gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/ubuntu/24.04 gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/ubuntu/24.04
           gsutil -m cp -r gs://$GCS_BUCKET/metal-os/stable/capms-ubuntu/ gs://$GCS_BUCKET/metal-os/${GITHUB_REF##*/}/capms-ubuntu
 
-          docker pull ghcr.io/metal-stack/debian:12-stable
-          docker tag ghcr.io/metal-stack/debian:12-stable ghcr.io/metal-stack/debian:12
-          docker tag ghcr.io/metal-stack/debian:12-stable ghcr.io/metal-stack/debian:latest
-          docker push ghcr.io/metal-stack/debian:12
+          docker pull ghcr.io/metal-stack/debian:13-stable
+          docker tag ghcr.io/metal-stack/debian:13-stable ghcr.io/metal-stack/debian:13
+          docker tag ghcr.io/metal-stack/debian:13-stable ghcr.io/metal-stack/debian:latest
+          docker push ghcr.io/metal-stack/debian:13
 
-          docker pull ghcr.io/metal-stack/debian-nvidia:12-stable
-          docker tag ghcr.io/metal-stack/debian-nvidia:12-stable ghcr.io/metal-stack/debian-nvidia:12
-          docker tag ghcr.io/metal-stack/debian-nvidia:12-stable ghcr.io/metal-stack/debian-nvidia:latest
-          docker push ghcr.io/metal-stack/debian-nvidia:12
+          docker pull ghcr.io/metal-stack/debian-nvidia:13-stable
+          docker tag ghcr.io/metal-stack/debian-nvidia:13-stable ghcr.io/metal-stack/debian-nvidia:13
+          docker tag ghcr.io/metal-stack/debian-nvidia:13-stable ghcr.io/metal-stack/debian-nvidia:latest
+          docker push ghcr.io/metal-stack/debian-nvidia:13
 
           docker pull ghcr.io/metal-stack/ubuntu:24.04-stable
           docker tag ghcr.io/metal-stack/ubuntu:24.04-stable ghcr.io/metal-stack/ubuntu:24.04

Makefile

@@ -50,14 +50,14 @@ test:
 
 .PHONY: debian
 debian: binary
-	mkdir -p "images/debian/12"
-	OS_NAME=debian OUTPUT_FOLDER="" SEMVER_MAJOR_MINOR=12 docker buildx bake --no-cache debian
-	OS_NAME=debian OUTPUT_FOLDER="" CIS_VERSION=v4.1-4 SEMVER_MAJOR_MINOR=12 ./test.sh
+	mkdir -p "images/debian/13"
+	OS_NAME=debian OUTPUT_FOLDER="" SEMVER_MAJOR_MINOR=13 docker buildx bake --no-cache debian
+	OS_NAME=debian OUTPUT_FOLDER="" CIS_VERSION=v4.1-4 SEMVER_MAJOR_MINOR=13 ./test.sh
 
 .PHONY: nvidia
 nvidia:
-	mkdir -p "images/nvidia/12"
-	OS_NAME=nvidia OUTPUT_FOLDER="" SEMVER_MAJOR_MINOR=12 docker buildx bake --no-cache debian-nvidia
+	mkdir -p "images/nvidia/13"
+	OS_NAME=nvidia OUTPUT_FOLDER="" SEMVER_MAJOR_MINOR=13 docker buildx bake --no-cache debian-nvidia
 
 .PHONY: ubuntu
 ubuntu: binary

debian-nvidia/Dockerfile

@@ -8,15 +8,10 @@ COPY --from=ctx . /
 RUN set -ex \
  && rm -f /.dockerenv \
  && apt-get update \
- && apt-get remove --yes linux-image-*-amd64 \
- && apt-get install --yes -t bookworm-backports \
-    linux-image-amd64 \
-    linux-headers-amd64 \
+ && apt-get install --yes \
     dkms \
-    software-properties-common \
  && curl -fsSL https://developer.download.nvidia.com/compute/cuda/repos/debian12/x86_64/cuda-keyring_1.1-1_all.deb -o cuda-keyring_1.1-1_all.deb \
  && dpkg -i cuda-keyring_1.1-1_all.deb \
- && add-apt-repository contrib \
  && apt-get update \
  && apt-get install --yes \
     cuda-drivers

debian/Dockerfile

@@ -1,5 +1,5 @@
 ARG BASE_OS_NAME=debian
-ARG BASE_OS_VERSION=bookworm
+ARG BASE_OS_VERSION=trixie
 
 FROM golang:1.22-bookworm AS ignition-builder
 ARG IGNITION_BRANCH
@@ -48,7 +48,6 @@ RUN set -ex \
     apt-utils \
     ca-certificates \
     cloud-init \
-    cpufrequtils \
     curl \
     cryptsetup \
     dbus \
@@ -90,8 +89,11 @@ RUN set -ex \
  && userdel -f ubuntu || true \
  && curl -fLsS https://github.com/metal-stack/go-lldpd/releases/download/${GOLLDPD_VERSION}/go-lldpd.tgz -o /tmp/go-lldpd.tgz \
  && tar -xf /tmp/go-lldpd.tgz \
- && curl -fLsS ${DOCKER_URL}/linux/${DOCKER_APT_OS}/gpg | apt-key add - \
- && echo "deb [arch=amd64] ${DOCKER_URL}/linux/${DOCKER_APT_OS} ${DOCKER_APT_CHANNEL} stable" > /etc/apt/sources.list.d/docker.list \
+ && curl -fLsS ${DOCKER_URL}/linux/${DOCKER_APT_OS}/gpg -o /etc/apt/keyrings/docker.asc \
+ && chmod a+r /etc/apt/keyrings/docker.asc \
+ && echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/$(. /etc/os-release && echo "$ID") \
+    $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | \
+    sudo tee /etc/apt/sources.list.d/docker.list > /dev/null \
  && apt-get update \
  && apt-get install --yes --no-install-recommends containerd.io=${CONTAINERD_VERSION} \
  # generate a default containerd config because the one coming with the package prevents GNA to create a proper config for cgroup v2

debian/context/kernel-installation.sh

@@ -16,17 +16,18 @@ if [ "${ID}" = "ubuntu" ] ; then
     apt-get install --yes \
         /tmp/linux-image* \
         /tmp/linux-modules* \
+        cpufrequtils \
         intel-microcode
 else
     echo "Debian - Install kernel"
 
     cat <<EOF > /etc/apt/sources.list
-deb http://deb.debian.org/debian bookworm main contrib non-free-firmware
-deb http://deb.debian.org/debian bookworm-updates main contrib non-free-firmware
-deb http://security.debian.org/debian-security bookworm-security main contrib non-free-firmware
+deb http://deb.debian.org/debian trixie main contrib non-free-firmware
+deb http://deb.debian.org/debian trixie-updates main contrib non-free-firmware
+deb http://security.debian.org/debian-security trixie-security main contrib non-free-firmware
 EOF
 
-    apt update && apt install -y intel-microcode linux-image-${KERNEL_VERSION}-amd64
+    apt update && apt install -y intel-microcode linux-image-${KERNEL_VERSION}-amd64 linux-cpupower
 fi
 
 # Remove WIFI, netronome, v4l and liquidio firmware to save ~300MB image size

docker-bake.hcl

@@ -46,17 +46,15 @@ target "debian" {
     }
     args = {
         BASE_OS_NAME = "debian"
-        BASE_OS_VERSION = "bookworm"
+        BASE_OS_VERSION = "trixie"
         DOCKER_APT_OS = "debian"
-        DOCKER_APT_CHANNEL ="bookworm"
+        DOCKER_APT_CHANNEL ="trixie"
         FRR_VERSION ="frr-10.4"
-        FRR_VERSION_DETAIL ="10.4.2-0~deb12u1"
-        FRR_APT_CHANNEL ="bookworm"
-      # see https://packages.debian.org/bookworm/kernel/ for available versions
-      # upgrade to > 6.1.0-40 actually not possible because it breaks calico:
-      # see https://github.com/projectcalico/calico/issues/11302#issuecomment-3526431095
-        KERNEL_VERSION = "6.1.0-40"
-        CONTAINERD_VERSION = "2.1.5-1~debian.12~bookworm"
+        FRR_VERSION_DETAIL ="10.4.2-0~deb13u1"
+        FRR_APT_CHANNEL ="trixie"
+      # see https://packages.debian.org/trixie/kernel/ for available versions
+        KERNEL_VERSION = "6.12.63+deb13"
+        CONTAINERD_VERSION = "2.1.5-1~debian.13~trixie"
     }
     tags = ["ghcr.io/metal-stack/debian:${SEMVER_MAJOR_MINOR}${SEMVER_PATCH}"]
 }
@@ -97,7 +95,7 @@ target "ubuntu" {
         FRR_VERSION_DETAIL ="10.4.2-0~ubuntu24.04.1"
         FRR_APT_CHANNEL ="noble"
         # see https://kernel.ubuntu.com/mainline for available versions
-        UBUNTU_MAINLINE_KERNEL_VERSION = "v6.12.56"
+        UBUNTU_MAINLINE_KERNEL_VERSION = "v6.12.64"
         CONTAINERD_VERSION = "2.1.5-1~ubuntu.24.04~noble"
     }
     tags = ["ghcr.io/metal-stack/ubuntu:${SEMVER_MAJOR_MINOR}${SEMVER_PATCH}"]

test.sh

@@ -6,9 +6,9 @@ set -ex
 # uses cloud-hypervisor to spin up a thin VM based on the docker image of a metal-image
 # examples:
 # WORKS						OS_NAME=ubuntu ./test.sh ghcr.io/metal-stack/ubuntu:24.04-stable
-# WORKS 					OS_NAME=debian CIS_VERSION=v4.1-4 ./test.sh ghcr.io/metal-stack/debian:12-stable
-# WORKS_WITH_METAL_KERNEL   OS_NAME=debian-nvidia ./test.sh ghcr.io/metal-stack/debian-nvidia:12-stable
-# WORKS_WITH_METAL_KERNEL   OS_NAME=debian ./test.sh ghcr.io/metal-stack/debian:12-stable
+# WORKS 					OS_NAME=debian CIS_VERSION=v4.1-4 ./test.sh ghcr.io/metal-stack/debian:13-stable
+# WORKS_WITH_METAL_KERNEL   OS_NAME=debian-nvidia ./test.sh ghcr.io/metal-stack/debian-nvidia:13-stable
+# WORKS_WITH_METAL_KERNEL   OS_NAME=debian ./test.sh ghcr.io/metal-stack/debian:13-stable
 # WORKS					    OS_NAME=firewall ./test.sh ghcr.io/metal-stack/firewall:3.0-ubuntu-stable
 # WORKS                     OS_NAME=almalinux ./test.sh ghcr.io/metal-stack/almalinux:9-stable