September 21, 20178 yr Upgrading: We have changed the way one checks for new unRAID OS releases. Please refer to Update OS below. Bugs: If you want to report an issue, please start a new topic in this board. This is a bug-fix/improvement release. Notable changes (-rc9f): Improved handling of encryption passphrase/keyfile. When Starting array with encrypted volumes, you only need to enter the encryption passphrase once on the Encryption Settings page - no more confusing "passphrase confirmation". If no encrypted devices exist and you're trying to add some, then it will ask for passphrase confirmation. Introduce new Disk Setting called 'Restricted Start - Yes/No'. When set to 'Yes' then array will not Start if the encryption key is missing. If set to 'No' then array will Start (including autostart) but encrypted volumes will not be 'mounted', meaning shares and/or share data stored on them will not be accessible. The default (and normal) setting for this is 'Yes'. The Let's Encrypt SSL provisioning is only available when 'Use SSL/TLS' on Identification page is set to 'Auto'. Also, provisioning the cert no longer triggers complete restart of "services". If using 'https' all 'http' is redirected to 'https'. If not using 'https', all 'https' is redirected to 'http'. The result of this is you can always enter servername in browser address bar to get to webGui, for example "Tower/" or "Tower.local" should always get you to the webGui. In the case of SSL-enabled LE certificate, you will get redirected to the <hash>.unraid.net URL. Added an 'Update DNS' button on Identification page. If the IP address of your server changes and you're usng the LE certificate, you can click this button to tell unraid.net to update the DNS setting. We have set TTL to 60 seconds so it might take this long to see the update. Of course you have to already have the webGui open to do this. Finally fixed reporting of temperature for NVMe devices (hopefully). Updated OVMF firmware, tested with various OS types, seems to work. Other misc. fixes an improvements, refer to Changes below. We're at the end of life for linux kernel 4.12. Next release will move to 4.13 kernel. Secure Access (-rc8q): Probably some explanation is in order. The “major” feature we wanted to add into unRAID version 6.4 was block level device encryption. However to get there we realized there needs to exist a secure way of entering information such as passphrases. Hence phase 1 consisted of integrating nginx in order to leverage its support of SSL/TLS (https). Besides the benefit of https support, integration of nginx also lets us utilize websocket technology (which is an ongoing integration), and lets us greatly improve the overall responsiveness of the webGui. Phase 1 integration of nginx in unRAID only supports self-signed SSL certificates. While in general, this may be OK to provide encrypted connections between a browser and a server in a trusted LAN, relying on self-signed certs is not good practice and is theoretically vulnerable to MITM attacks. With this release we have completed Phase 2 of nginx https integration by providing the ability for our users to provision a free SSL Certficate from Let’s Encrypt. To obtain your certificate go to Settings/Identification, scroll to the bottom and click Provision. In one operation this will allocate your certificate, upload it to your server, and switch nginx to redirect all http to https. After clicking anywhere else in the webGui you should see a nice green lock icon in your browser address bar! The other thing you’ll notice in your address bar is a very funny looking URL consisting of a 40-hex-character subdomain of unraid.net. We have set up a LimeTech DNS server that will resolve that URL to your servers IP address on your local network. That FQDN is unique to your certificate. When your browser resolves that URL it is given your local IP address which it then uses to perform the https connection handshake. For this reason, we recommend that you give your server a static IP address because if the IP address changes, the browser will not be able to connect to your server. This is like locking your keys in the car! We plan on implementing a small daemon which wakes up upon such IP address change and tells the LimeTech DNS server to update its A-record, but this has not been done yet. NOTE: if you do lock your keys in the car, the coat-hanger fix to restore http access is to telnet/ssh into the server and type: rm /boot/config/ssl/certs/certificate_bundle.pem /etc/rc.d/rc.nginx reload (You might also have to clear your browser cache.) Following re-enable of http, you can again Provision a certificate which will update the DNS entry. Device block level encryption (-rc8q): We have implemented full-device encryption as follows. In unRAID, encryption is selected as another type of file system. For example, with array Stopped, click on a Device link and then click on File system type. Three new “types” are available: xfs – encrypted btrfs – encrypted reiserfs – encrypted [should we get rid of this one?] If you change the File system type to one of these and then Start the array you will notice the device appears Unmountable and the Format button is available. Formatting the device will result in creating an encrypted partition on that device with the specified file system type. ALL PREVIOUS DATA ON THAT DEVICE WILL BE DESTROYED. Hence it is not possible, in this release, to encrypt in-place. We plan to add a utility in a future release to accomplish this however. The other thing you’ll notice when you click Format is that it may fail because there is no encryption key. In this case, click on Settings/Encryption Settings and enter in a passphrase to be used to secure your encrypted devices. At present we let you enter either a passphrase or upload a file which contains your passphrase (or binary data). DO NOT FORGET YOUR PASSPHRASE OR LOSE YOUR KEYFILE. Once a partition is encrypted, if you forget your passphrase or lose your keyfile, your data is forever lost - unless you know someone very high up in the NSA Also note that array Autostart following server boot will not succeed if any devices are encrypted. This is because the keyfile (passphrase) is kept in RAM and thus lost upon reboot. This means that following system reboot you must log into the webGui, go to Tools/Encryption and enter your passphrase (or upload your keyfile). Yes this is a nuisance and we have a few ideas for automating this, but at least you now have secure https access! In the case of a btrfs cache pool, all devices comprising the pool will be encrypted. For this release, we highly recommend using encryption only on a test server with test data which has been backed up. We plan on many more refinements in future releases. 4Kn Device Support (-rc8q): Yeah should work now. Other notes (-rc8q): The /usr/local/sbin/emhttp line in your /boot/config/go file is no longer used to specify the ports where the webGui listens for connections. Instead you must configure these on the Identification page. Alternately if you need to set this up prior to server boot, you may add the port settings in /boot/config/ident.cfg. Please refer to /usr/local/sbin/emhttp script for more information if you care about this. It used to be that merely Starting the array would re-write a “unRAID standard partition layout”. This surprises some users because one would expect nothing to be written to a new device unless Format was invoked. This has been changed so that nothing is written to a device unless Format is invoked (except for Parity devices – those will still be written upon array Start if parity sync is indicated). Moving devices around between cache pool and array or unassigned is handled much better now. There are numerous webGui fixes and improvements. Upgraded linux kernel and several base packages. Where are releases -rc8a-rc8p you might ask? Those were non-public test releases. Credits (-rc8q): Thanks to @jonp for his work in securing us a Certifiate Authority (Let's Encrypt). Thanks to @eschultz for an incredible amount of work involved in setting up DNS servers and integrating with Let's Encrypt API, among other vital tasks in this release. Thanks to @bonienl for his continued dynamix amazing refinements and networking/IPv6 expertise. USB Flash boot device backup function (-rc7) Added "Flash backup" button on the flash device info page (Main/flash). Click this button to download a zip file with the entire contents of your USB Flash boot device. This zip file may be used to restore to a new unRAID USB Flash boot device either manually, or using our nifty new unRAID USB Creator tool. Linux 4.12 kernel (-rc7) - should provide better Ryzen support among other improvements. UEFI support (-rc5) It is now possible configure UEFI boot mode to boot unRAID OS. The make_bootable.bat (Windows), make_bootable_mac (MacOS) and make_bootable_linux (Linux) scripts will output a prompt: Permit UEFI boot mode [Y/N]: If answered with 'Y' a new directory is included on the USB flash boot device called 'EFI'. The presence of this directory along with its contents, and along with some additional linux kernel options permit UEFI boot. This is done in such a way that you could choose either BIOS (legacy) or UEFI to boot off your USB flash device (that is, even if you answer 'Y' here you can still configure your motherboard to use Legacy boot). If answered with 'N' the directory and contents are still created, but named 'EFI-' (a dash at the end). This will prevent UEFI firmware from considering this device. You can manually rename the 'EFI-' directory to 'EFI' and permit possible UEFI boot (and rename back to 'EFI-' to prevent it again). Note: Even if the 'EFI' directory exists, whether or not your motherboard actually uses UEFI to boot is determined by BIOS settings. In addition, some motherboards may present a strongly worded warning along the lines of "The system found unauthorized changes on the firmware, operating system or UEFI drivers." In this case look for a "Secure Boot" BIOS setting and change to "Other OS" or "Disable". If you update your server using Check for updates on the Plugin page, an 'EFI-' directory and files will be automatically created on your USB flash boot device. If you prepare a new USB flash using this release, the 'EFI-' directory and files will also be included. If you use the "manual" method of updating by copying the bz* files from the release zip, beware you will need to manually also copy over the 'EFI-' directory (and modify the first line of syslinux.cfg and copy it to 'EFI-/boot' directory). There is also a webGui setting to permit UEFI boot located on the 'flash' device information page in the 'Syslinux Configuration' section. Update OS (-rc5) Instead of bundling an "unRAID Server" plugin on the Plugins page, there is a new page on the Tools menu in the About section called 'Update OS'. Here you can check for a new unRAID OS release as well as switch between the latest release in the stable branch or the next branch. In addition there is a separate control on the Notification Settings page that configures whether or not to automatically check for updates. enabling https (-rc3) To enable https support it's necessary to edit your 'config/go' file on your USB flash boot device. Use the -p option to specify the port(s) and optionally include the -r option to redirect http request from your browser to using https. Here's the detailed usage: # Usage: # emhttp [-r] [-p port [,sslport]] [OPER] # OPER is start or stop. Default is start. # By default nginx will be setup to listen only at port 80 (http). # The -p option may be used to define different listening ports and/or setup nginx # to listen at a specified port for https. The -r option may be used to setup # nginx so that any http request is redirected to https (this requires that both # ports have been specified with -p option). For example, to have nginx listen # at both standard ports but redirect all http to https use: # emhttp -rp 80,443 # To listen at only port 443 use: # emhttp -p ,443 # Note: the stop operation is only "safe" if the array has already been stopped # (this will be fixed). Improved shfs/mover (-rc1) The LimeTech user share file system (shfs) has been improved in two areas. First, we now make use of FUSE read_buf/write_buf methods. This should result in significant throughput increases. Second, the mover script/move program no longer uses rsync to move files/directories between the cache pool and the parity array. Instead the move program invokes a new shfs ioctl() call. This should result in complete preservation of all metadata including atime and mtime. While this function has been fairly extensively tested, please keep an eye on mover activities - there shouldn't be any data loss, but it's a fairly significant code change. nginx http server (-rc1) We now use the nginx webserver as the front-end to the unRAID OS Management Utility (aka, webGui). The emhttp process has been changed to a daemon (emhttpd) listening at a unix socket. Incorporating nginx provides several features: Multi-threaded access, though emhttpd is still single-threaded. https (SSL) support. At present unRAID OS will generate a self-signed certificate. https works but you will get a scary warning from your browser about not being able to verify the certificate. No worries. nchan (websocket) support. We have only just begun the process of converting many of the browser javascript polling functions to an event-driven websocket paradigm. This opens the door for us to create something like a process manager where we can have several background operations in process, all monitored in real-time via webGui dashboard. IPv6 support (-rc1) We want to again, give a big "thank you" to bonienl who has greatly improved unRAID OS networking with the addition of IPv6 support. Give it a try and report any issues. Other (-rc1) Two new webGUI themes: Azure and Gray. Again, thanks to bonienl. Expanded driver support (QLogic) and more hardware monitoring support. Kernel modules and firmware are left on the Flash in a squashfs loopback and loaded into RAM on demand. Many more misc. improvements Changes Version 6.4.0-rc9f 2017-09-20 Base distro: updated OVMF firmware (20170905.b2950.g3281ebb4ae) Linux kernel: version 4.12.14 Management: rc.nginx: if USE_SSS=="yes" redirect http=>https if USE_SSL=="no" redirect https=>http declare stapling directives only for non-self-signed cert remove resolver directives emhttpd: fix bogus "bad luks header" reported on unrecognized partition layouts emhttpd: fix problem reading nvme device temperatures emhttpd: no need to restart services just to provision SSL cert or change ports webgui: Correction in display of notifications archive update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} webgui: Simplify SSL Certificate Settings page webgui: Get rid of 'Use SSL/TLS' 'only' setting. webgui: Permit LE provisioning only if 'Use SSL/TLS' is set to 'Auto' webgui: Add 'Update DNS' feature webgui: Fix encrypted file system types not permitting file system check. webgui: Corrected invalid links in Browse function webgui: Correct size calculation for unassigned disks webgui: Make sidebar scrolling consistent in all browsers for themes AZURE and GRAY webgui: Encryption support enhancements webgui: Include transition phases "Array Starting / Array Stopping" in footer webgui: Correct read/write speeds for 4K drives (fixed value of 512 bytes) Version 6.4.0-rc8q 2017-09-02 Base distro: aaa_elflibs: version 14.2 (rev31) avahi: version 0.7 btrfs-progs: version 4.12 curl: version 7.55.0 (CVE-2017-1000101, CVE-2017-1000100, CVE-2017-1000099) dbus: version 1.10.22 docker: version 17.07.0-ce e2fsprogs: version 1.43.6 gdk-pixbuf2: version 2.36.8 glew: version 2.1.0 glib2: version 2.52.3 (rev2) glibc-solibs: version 2.26 glibc: version 2.26 gnutls: version 3.6.0 gptfdisk: version 1.0.3 gtk+3: version 3.22.19 harfbuzz: version 1.5.0 iproute2: version 4.12.0 libarchive: version 3.3.2 libdrm: version 2.4.83 libedit: version 20170329_3.1 libgcrypt: version 1.8.1 libjpeg-turbo: version 1.5.2 libpng: version 1.6.32 librsvg: version 2.40.18 libtirpc: version 1.0.2 libxslt: version 1.1.29 (rev2) logrotate: version 3.12.3 lvm2: version 2.02.173 lz4: version 1.8.0 mesa: version 17.1.8 miniupnpc: version 2.0 mozilla-firefox: version 55.0.3 (CVE-2017-7798, CVE-2017-7800, CVE-2017-7801, CVE-2017-7809, CVE-2017-7784, CVE-2017-7802, CVE-2017-7785, CVE-2017-7786, CVE-2017-7806, CVE-2017-7753, CVE-2017-7787, CVE-2017-7807, CVE-2017-7792, CVE-2017-7804, CVE-2017-7791, CVE-2017-7808, CVE-2017-7782, CVE-2017-7781, CVE-2017-7794, CVE-2017-7803, CVE-2017-7799, CVE-2017-7783, CVE-2017-7788, CVE-2017-7789, CVE-2017-7790, CVE-2017-7796, CVE-2017-7797, CVE-2017-7780, CVE-2017-7779) nano: version 2.8.7 openssh: version 7.5p1 (rev2) openssl-solibs: version 1.0.2l openssl: version 1.0.2l pango: version 1.40.9 pciutils: version 3.5.5 php: version 7.1.9 qemu: version 2.10.0 rpcbind: version 0.2.4 rsyslog: version 8.29.0 samba: version 4.6.7 sqlite: version 3.20.1 sudo: version 1.8.21 util-linux: version 2.30.1 xfsprogs: version 4.12.0 xorg-server: version 1.19.3 (rev2) (CVE-2017-10971, CVE-2017-10972) Linux kernel: version 4.12.10 md/unraid version: 2.9.0 support partition-less access Update out-of-tree r750 driver to version 1.2.10.1 Management: fix: allow_unsafe_interrupts parameter is only valid for the vfio_iommu_type1 module; it was ignored in the kvm module update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} support letsencrypt certificate bundles emhttpd: support devices with 4K logical sector sizes emhttpd: LUKS encryption support emhttpd: several cache pool config enhancements emhttpd: only write MBR as part of Formatting emhttpd: fix problem recognizing registration change webgui: Encryption support webgui: Set max screen width of 1920 pixels for all themes webgui: Improved sorting in browse function webgui: multiple misc improvements and corrections Version 6.4.0-rc7a 2017-07-27 Base distro: aaa_elflibs: version 14.2 (rev30) at: version 3.1.20 at-spi2-atk: version 2.24.1 at-spi2-core: version 2.24.1 bash: version 4.4.012 ca-certificates: version 20161130 cairo: version 1.14.10 curl: version 7.54.1 diffutils: version 3.6 dnsmasq: version 2.77 eudev: version 3.2.2 (patched to correct /dev/disk/by-id entries) ethtool: version 4.11 file: version 5.31 fontconfig: version 2.12.4 freetype: version 2.8 glew: version 2.0.0 glibc: version 2.25 (rev3) (CVE-2017-1000366) glibc-solibs: version 2.25 (rev3) gmp: version 6.1.2 gnutls: version 3.5.14 grep: version 3.1 gtk+3: version 3.22.16 hdparm: version 9.52 iproute2: version 4.11.0 jemalloc: version 5.0.1 less: version 487 libaio: version 0.3.110 libcap-ng: version 0.7.8 libdrm: version 2.4.81 libepoxy: version 1.4.3 libevdev: version 1.5.7 libfastjson: version 0.99.6 libgcrypt: version 1.7.8 (CVE-2017-7526) libgpg-error: version 1.27 libmnl: version 1.0.4 libnl3: version 3.3.0 libpng: version 1.6.30 libtasn1: version 4.12 libtool: version 2.4.6 (rev5) libunistring: version 0.9.7 libvirt: version 3.5.0 libvirt-php: version 0.5.3 logrotate: version 3.12.2 lvm2: version 2.02.171 mesa: version 17.1.4 nano: version 2.8.5 network-scripts: version 14.2 (rev6) nginx: version 1.12.1 (CVE-2017-7529) pango: version 1.40.6 pcre: version 8.41 php: version 7.1.7 (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) reiserfsprogs: version 3.6.26 rsyslog: version 8.28.0 samba: version 4.6.6 (CVE-2017-11103) shared-mime-info: version 1.8 sqlite: version 3.19.3 sudo: version 1.8.20p2 (CVE-2017-1000367) sysvinit-scripts: version 2.0 (rev37) util-linux: version 2.30 wget: verion 1.19.1 (rev2) xfsprogs: version 4.11.0 xkbcomp: version 1.4.0 xkeyboard-config: version 2.21 xterm: version 330 Linux kernel: version 4.12.3 additional modules: CONFIG_AQTION: aQuantia AQtion(tm) Support CONFIG_AQUANTIA_PHY: Aquantia PHYs CONFIG_INTEL_RDT_A: Intel Resource Director Technology Allocation support CONFIG_X86_AMD_PLATFORM_DEVICE: AMD ACPI2Platform devices support possible kernel fix for Ryzen freezes: CONFIG_RCU_NOCB_CPU: Offload RCU callback processing from boot-selected CPUs CONFIG_RCU_NOCB_CPU_ALL: All CPUs are build_forced no-CBs CPUs added IA32 support added crypto support restore in-tree aacraid driver Management: update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} network: The parameter BONDING_MIIMON was missing when multiple bond interfaces are created. network: Fixed typo in the create_network_ini file: IPV4ALL should be IPV4LL emhttpd: introduce inotify MOVE_TO /var/local/emhttp event to autowrite to websocket publisher endpoint emhttpd: eliminate cmdStatus requirement on page load shfs: fix regression: share free space calculation not taking into account "potential" storage webgui: Fixed regression error in logging.htm and make coloring the same as all themes webgui: Changed popup windows to higher contrast and the same for all themes webgui: Aligned logging.htm buttons with popup buttons webgui: webGui: use JSON for Slack notifications since it is preferred and may work better for 3rd party webhooks (e.g. Discord) webgui: Auto-width reversed (not a good idea) webgui: Changed slider-width to auto - this allows for longer titles webgui: Made sidebar slide-out a little wider webgui: Fixed display of APPS on Dashboard for themes AZURE and GRAY webgui: Motion improvement of sidebar in themes AZURE and GRAY webgui: Show cpu pairs in VM creator and VM overview webgui: Added "shared" option to container path creation webgui: Automatic 2 or 3 column display on Dashboard page based on screen width webgui: Fixed missing server name in docker update notifications webgui: Fixed IP calculation in docker settings webgui: Suppress plugin online check when actions are done from plugin page itself webgui: Add LOG rotation option to docker settings webgui: Added "USB backup" function webgui: Added 'Description' field to VMs page. webgui: Prevent unassigned devices from spinning up unnecessary webgui: Remove '' header. webgui: Make unused columns invisible for Array Status on Dashboard page webgui: Add outstanding enhancements to diagnostics webgui: Fix virtio iso, libreelec and openelec download progress display webgui: Correct noVNC links to account for stricter same-origin policy. Version 6.4.0-rc6 2017-06-23 Linux kernel: additional modules: CONFIG_INTEL_POWERCLAMP: Intel PowerClamp idle injection driver CONFIG_CPU_FREQ_GOV_SCHEDUTIL: 'schedutil' cpufreq policy governor CONFIG_THERMAL_GOV_FAIR_SHARE: Fair-share thermal governor CONFIG_THERMAL_GOV_BANG_BANG: Bang Bang thermal governor CONFIG_THERMAL_GOV_POWER_ALLOCATOR: Power allocator thermal governor more components changed from built-in to module Management: webgui: More updates to plugin manager - remove dynamix check webgui: Fixed auto resize icons to 48px in plugins page webgui: Fixed incorrect name when plugin check is done webgui: Add "Check for Updates" button and disable auto-check as needed webgui: Remove the "Retry" button when communication failure webgui: Fixed regression error of double function declaration Version 6.4.0-rc5 2017-06-21 Base distro: ncurses: 6.0-3 samba: 4.6.5-1 Management: make_bootable for Windows, Linux, MacOS: now prompt for permitting UEFI boot update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} emhttp: remove extra slash in nginx http->https redirect directive emhttp: redirect default page to either Main or Tools/Registration emhttpd: restore /mnt/user0 mount point nginx: prevent logging password mismatch error messages syslinux: EFI directory named EFI- (to disable default UEFI boot) webgui: undo copy changes to /boot/syslinux/syslinux.cfg to /boot/EFI/boot/syslinux.cfg (different solution) webgui: Enhanced plugin manager with separate plugin and OS sections webgui: Added separate unRAID OS check schedule and associated notifications webgui: More consistent text in Notification settings webgui: Undo background css adjustments (fix regression) webgui: Fixed regression error in color display of used/free columns in rc4 webgui: Fixed time-zone not included in container updates webgui: fixed regression error preventing proper display of computed share size webgui: Improved connection checking for plugin updates webgui: Fixed bug in copying SMB settings to other shares webgui: Added UEFI boot mode option under syslinux page webgui: fix visual border around cpu cores on VM edit page when there are 6 cores webgui: improve reading docker template xml network settings Version 6.4.0-rc4 2017-06-17 Linux kernel: version 4.11.6 added EFI kernel options: CONFIG_EFI: EFI runtime service support CONFIG_EFI_STUB: EFI stub support CONFIG_EFIVAR_FS: EFI Variable filesystem CONFIG_FB: Support for frame buffer devices CONFIG_FB_EFI: EFI-based Framebuffer Support CONFIG_FB_VESA: VESA VGA graphics support CONFIG_FRAMEBUFFER_CONSOLE: Framebuffer Console support changed several components from built-in to module: CONFIG_9P_FS: Plan 9 Resource Sharing Support (9P2000) CONFIG_BLK_DEV_NBD: Network block device support CONFIG_CIFS: CIFS support (advanced network filesystem, SMBFS successor) CONFIG_EXT4_FS: The Extended 4 (ext4) filesystem CONFIG_HFSPLUS_FS: Apple Extended HFS file system support CONFIG_NFSD: NFS server support CONFIG_NFS_FS: NFS client support CONFIG_NFS_V2: NFS client support for NFS version 2 CONFIG_NFS_V3: NFS client support for NFS version 3 CONFIG_REISERFS_FS: Reiserfs support CONFIG_VMXNET3: VMware VMXNET3 ethernet driver CONFIG_XEN_BLKDEV_FRONTEND: Xen virtual block device support CONFIG_XEN_NETDEV_FRONTEND: Xen network device frontend driver CONFIG_XFS_FS: XFS filesystem support other: CONFIG_PMIC_OPREGION: PMIC (Power Management Integrated Circuit) operation region support Management: added syslinux EFI boot files; update plugin to create populated EFI directory upon upgrade mover: there are legit reason we cannot rmdir, so do not log these cases php-fpm: change log_level from default (notice) to (warning) to quiet down "child exited with code 0" messages webgui: Revert uppercase to boldcase in themes AZURE and GRAY webgui: Fixed regression error in display of custom banner introduced in rc3 webgui: Added theme support in popup windows; other 6.4 related theme changes webgui: copy changes to /boot/syslinux/syslinux.cfg to /boot/EFI/boot/syslinux.cfg (keep them in-sync) Version 6.4.0-rc3 2017-06-14 Linux kernel: version 4.11.5 md/unraid version: 2.8.1 bug fix: replacing "invalid" parity device does not check that size of new device is large enough Management: emhttp: by default have nginx listen only a port 80 (http); added -r option to redirect http to https emhttpd: fix mover logging enable/disable emhttpd: start nginx before docker and libvirt webgui: Add generation of custom icon in header (sidebar) for themes AZURE and GRAY webgui: Fixed IP address check and VLAN support in Docker service creation webgui: Enhanced Read/Write operations for easy cloning of user shares and disk shares webgui: More refinements in User shares and Disk shares webgui: Removed hardcoded width in share-edit webgui: Correction and update of clone functionality, now also available for AFP and NFS webgui: Fixed potential misbehavior of input element in themes AZURE and GRAY Version 6.4.0-rc2 2017-06-04 Management: emhttpd: fix mover invokation Version 6.4.0-rc1 2017-06-04 Base distro: acpid: version 2.0.28 adwaita-icon-theme: version 3.24.0 apcupsd: version 3.14.14 (rev2, added modbus-usb support) at-spi2-atk: version 2.24.0 at-spi2-core: version 2.24.0 atk: version 2.24.0 btrfs-progs: version 4.10.2 cairo: version 1.14.8 coreutils: version 8.27 cryptsetup: version 1.7.5 curl: version 7.54.0 (CVE-2017-7468, CVE-2017-2629) dbus: version 1.10.16 dejavu-fonts-ttf: version 2.37 dhcpcd: version 6.11.5 docker: version 17.05.0-ce dosfstools: version 4.1 e2fsprogs: version 1.43.4 etc: version 14.2 (rev10) ethtool: version 4.10 eudev: version 3.2.2 file: version 5.30 flex: version 2.6.4 fontconfig: version 2.12.1 freetype: version 2.7.1 gd: version 2.2.4 gdbm: version 1.13 gdk-pixbuf2: version 2.36.6 glibc: version 2.25 glibc-zoneinfo: version 2017b glib2: version 2.52.1 gnome-themes-standard: version 3.22.3 gnutls: version 3.5.10 (CVE-2017-5334, CVE-2017-5335, CVE-2017-5336, CVE-2017-5337) gptfdisk: version 1.0.1 grep: version 3.0 gtk+3: version 3.22.12 harfbuzz: version 1.4.6 hdparm: version 9.51 htop: version 2.0.2 iproute2: version 4.10.0 iptables: version 1.6.1 irqbalance: version 1.2.0 jemalloc: version 4.5.0 kernel-firmware: 20170330 keyutils: version 1.5.10 kmod: version 24 libarchive: version 3.3.1 libcroco: version 0.6.12 libdrm: version 2.4.80 libedit: version 20160903_3.1 libepoxy: version 1.4.2 libevdev: version 1.5.6 libevent: version 2.1.8 libgcrypt: version 1.7.5 libgudev: version 231 libjpeg-turbo: version 1.5.1 liblogging: version 1.0.6 libnetfilter_conntrack: version 1.0.6 libnftnl: version 1.0.7 libnl3: version 3.2.29 libpcap: version 1.8.1 libpciaccess: version 0.13.5 libpng: version 1.6.29 (CVE-2016-10087) libpthread-stubs: version 0.4 librsvg: version 2.40.17 libseccomp: version 2.3.2 libssh2: version 1.8.0 libtasn1: version 4.10 libusb-compat: version 0.1.5 libvirt: version 3.2.0 libX11: version 1.6.5 libXfont2: version 2.0.1 libXi: version 1.7.9 libXpm: version 3.5.12 lvm2: version 2.02.170 lz4: version 1.7.5 mc: version 4.8.19 mesa: version 17.0.5 mozilla-firefox: version 53.0.2 (CVE-2017-5031, CVE-2017-5433, CVE-2017-5435, CVE-2017-5436, CVE-2017-5461, CVE-2017-5459, CVE-2017-5466, CVE-2017-5434, CVE-2017-5432, CVE-2017-5460, CVE-2017-5438, CVE-2017-5439, CVE-2017-5440, CVE-2017-5441, CVE-2017-5442, CVE-2017-5464, CVE-2017-5443, CVE-2017-5444, CVE-2017-5446, CVE-2017-5447, CVE-2017-5465, CVE-2017-5448, CVE-2016-10196, CVE-2017-5454, CVE-2017-5455, CVE-2017-5456, CVE-2017-5469, CVE-2017-5445, CVE-2017-5449, CVE-2017-5450, CVE-2017-5451, CVE-2017-5462, CVE-2017-5463, CVE-2017-5467, CVE-2017-5452, CVE-2017-5453, CVE-2017-5458, CVE-2017-5468, CVE-2017-5430, CVE-2017-5429) nano: version 2.8.2 ncurses: version 6.0 netatalk: version 3.1.11 nettle: version 3.3 nfs-utils: version 2.1.1 nginx: version 1.12.0 ntfs-3g: version 2017.3.23 ntp: version 4.2.8p10 (CVE-2017-6464, CVE-2017-6463, CVE-2017-6458, CVE-2017-6460, CVE-2016-9042, CVE-2017-6462, CVE-2017-6451, CVE-2017-6455, CVE-2017-6452, CVE-2017-6459) openssh: version 7.5p1 (CVE-2016-10009, CVE-2016-10010, CVE-2016-10011, CVE-2016-10012) openssl: version 1.0.2k (CVE-2017-3731, CVE-2017-3732, CVE-2016-7055) pango: version 1.40.5 pciutils: version 3.5.4 php: version 7.1.4 procps-ng: version 3.3.12 qemu: version 2.9.0 (CVE-2017-2615, CVE-2017-2630) rsyslog: version 8.26.0 samba: version 4.6.4 (CVE-2017-7494, CVE-2017-2619) + patch for Time Machine fullsync support sed: version 4.4 sessreg: version 1.1.1 shadow: version 4.2.1 (rev2) (CVE-2017-2616) shared-mime-info: version 1.7 sqlite: version 3.16.2 sudo: version 1.8.19p2 util-linux: version 2.29.2 (CVE-2017-2616) wget: version 1.19.1 xauth: version 1.0.10 xf86-input-evdev: version 2.10.5 xf86-input-keyboard: version 1.9.0 xf86-input-mouse: version 1.9.2 xf86-input-synaptics: version 1.9.0 xf86-video-mga: version 1.6.5 xfsprogs: version 4.10.0 xorg-server: version 1.19.3 xterm: version 327 xz: version 5.2.3 zlib: version 1.2.11 Linux kernel: version 4.11.3 added IPv6 support added QLogic Ethernet support: CONFIG_BNA: QLogic BR-series 1010/1020/1860 10Gb Ethernet Driver support CONFIG_QLA3XXX: QLogic QLA3XXX Network Driver Support CONFIG_QLCNIC: QLOGIC QLCNIC 1/10Gb Converged Ethernet NIC Support CONFIG_QLGE: QLogic QLGE 10Gb Ethernet Driver Support CONFIG_NETXEN_NIC: NetXen Multi port (1/10) Gigabit Ethernet NIC added squashfs to support mounting /boot/bzmodules, /boot/bzfirmware additional config options: CONFIG_BLK_DEV_PCIESSD_MTIP32XX: Block Device Driver for Micron PCIe SSDs CONFIG_BNXT: Broadcom NetXtreme-C/E support CONFIG_CMA: Contiguous Memory Allocator CONFIG_MTD: Memory Technology Device support CONFIG_NUMA_BALANCING: Memory placement aware NUMA scheduler CONFIG_NUMA_BALANCING_DEFAULT_ENABLED: Automatically enable NUMA aware memory/task placement expanded set of included hwmonitor modules md/unraid version: 2.8.0 accommodate kernel 4.11 api changes bug fix: if one disabled disk and another invalid disk, should not be able to unassign third disk modules now compressed with XZ Management: create ntp and avahi users if missing replace cpuload daemon with websocket endpoint firmware now loaded on-demand from 'bzfirmware' file located on USB boot device force correcting-fsck on USB boot flash before mounting integrate nginx http-server including php-fpm and nchan support modules now loaded on-demand from 'bzmodules' file located on USB boot device support https with auto-generated self-signed certificates update smartmontools drivedb and hwdata/{pci.ids,usb.ids,oui.txt,manuf.txt} emhttp: detect "unraidsafemode" boot and prevent array autostart if set emhttp: eliminate "/mnt/user0" shfs mount point. emhttp: fix 'btrfs check' running status not detected correctly emhttp: if valid old key on same usb flash device as Trial key, offer to replace key emhttp: invoke emhttpd daemon listening on local unix socket shfs: Full atim/mtim preservation. shfs: implement ioctl() functions to move objects shfs: utilize FUSE read_buf/write_buf methods mover: use shfs ioctl() instead of 'rsync' webGui: added new themes 'Azure' and 'Gray' webGui: allow custom IP addresses for individual Docker containers webGui: changed screen width to automatic with minimum of 1080 webGui: networking now allows multi bonds and multi bridge groups webGui: new watchdog service with websockets instead of ajax polling webGui: utilize pubsub/cpuload nchan websocket endpoint to update cpu load info webGui: IPv6 networking and routing table management webGui: correct case of cache device assignment not being preserved across array restart webGui: Upgrade tooltipster to version 4.2.3 webGui: Fixed file read errors when system is started but array is stopped webGui: Fixed persisting the show banner value after applying disk settings webGui: Fixed regression error in erroneous display of disk table on Dashboard webGui: Registration page refinements
September 22, 20178 yr @limetech quick question about "We're at the end of life for linux kernel 4.12. Next release will move to 4.13 kernel. " Does that mean 6.4rc10 or is that for 6.5?
September 22, 20178 yr Author 8 minutes ago, BRiT said: @limetech quick question about "We're at the end of life for linux kernel 4.12. Next release will move to 4.13 kernel. " Does that mean 6.4rc10 or is that for 6.5? Why do you ask? Something in 4.13 you need?
September 22, 20178 yr Thanks for the update, my Plextor NVMe show temperature now. Edited September 22, 20178 yr by Benson
September 22, 20178 yr First boot from update, I have this on console: Quote chmod: cannot access 'etc/logrotate.d/tor*': No such file or directory
September 22, 20178 yr Updated to this. I didn't get the plugin update page bug before I updated so wondering if my "unclean shutdown" is coming from the bug. Anyways updated to this and so far things seem good.
September 22, 20178 yr 2 hours ago, limetech said: Why do you ask? Something in 4.13 you need? I'm just trying to figure out what was meant. I don't need anything, but ... There are other people on the IRC channel asking about Kernel versions and when various patches would be rolled into unRAID. The last few questions were about further AMD Zen patches and specifically AMD Ryzen/TheadRipper/Epyc Temperature Monitoring. However I don't think that would be in 4.14 and not certain how 4.15 is doing. Here's a Phoronix link that was shared in IRC about it -- https://www.phoronix.com/scan.php?page=news_item&px=AMD-Zen-Temps-Hwmon-Next
September 22, 20178 yr 8 hours ago, limetech said: Finally fixed reporting of temperature for NVMe devices (hopefully). Thank you, its working now. Upgrade worked with out an issue.
September 22, 20178 yr Hi, is there some way to turn SSL webgui completely off ?, collides now with my apache and apache needs 443 for update ssl certs ... currently i could switch ports, but on my last cert update i had to use 443 ... actually i cant find the trigger to turn it off thanks ahead
September 22, 20178 yr It is easy enough to change the port for SSL under Settings->Identification. Looks as if you can also disable SSL support from their although I have not tried it myself.
September 22, 20178 yr I just updated this morning. @limetech I was reading the 4.13 updates and saw that there are some updates for hwmon, but sadly left out the Ryzen temps for now (https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.13-Hwmon). BUT I would love to get the new it87 module ( https://github.com/groeck/it87 ), so I could finally read my pwms and temperatures for my Gigabyte AB350 D3H mobo! I've posted about this several times and apparently the new Ryzen boards are supported ( https://www.phoronix.com/forums/forum/software/general-linux-open-source/960997-hwmon-updates-submitted-for-linux-4-13-still-no-ryzen-epyc-temp-support ) I found someone with identical chips and they said that the new version supports it. This is me asking how to update, https://github.com/groeck/it87/issues/43 This is me posting here about it, Yes, I have been chewing on this for the month I've been on UnRaid, lol
September 22, 20178 yr 35 minutes ago, itimpi said: It is easy enough to change the port for SSL under Settings->Identification. Looks as if you can also disable SSL support from their although I have not tried it myself. thanks, there was the setting i was looking for
September 22, 20178 yr So I upgraded to the latest beta this morning. All 3 of my Pro servers are not responding to the web gui. 2 on custom ssl ports and 1 on the standard 80 and 443.
September 22, 20178 yr Author 2 minutes ago, morbidpete said: So I upgraded to the latest beta this morning. All 3 of my Pro servers are not responding to the web gui. 2 on custom ssl ports and 1 on the standard 80 and 443. You upgraded all three servers at the same time? What versions were they running before?
September 22, 20178 yr 12 minutes ago, limetech said: You upgraded all three servers at the same time? What versions were they running before? the previous beta. I like to live on the edge. I noticed they all keep reverting to the DNS name. This wont work with our remote server (the one using standard 80 and 443) as it is over the wan (our mikrotik only allows connections from our office and my home IP before people scream at me for opening it to the world lol) I moved the 2 of them back to 6.4.0 rc8q and will test with 1 that is my play box Edited September 22, 20178 yr by morbidpete
September 22, 20178 yr Author 6 minutes ago, morbidpete said: the previous beta. I like to live on the edge. I noticed they all keep reverting to the DNS name. This wont work with our remote server (the one using standard 80 and 443) as it is over the wan (our mikrotik only allows connections from our office and my home IP before people scream at me for opening it to the world lol) I have nothing to go on, you are going to have to provide more details. Maybe update your sig too.
September 22, 20178 yr Author 1 hour ago, RonUSMC said: I just updated this morning. @limetech I was reading the 4.13 updates and saw that there are some updates for hwmon, but sadly left out the Ryzen temps for now (https://www.phoronix.com/scan.php?page=news_item&px=Linux-4.13-Hwmon). BUT I would love to get the new it87 module ( https://github.com/groeck/it87 ), so I could finally read my pwms and temperatures for my Gigabyte AB350 D3H mobo! I've posted about this several times and apparently the new Ryzen boards are supported ( https://www.phoronix.com/forums/forum/software/general-linux-open-source/960997-hwmon-updates-submitted-for-linux-4-13-still-no-ryzen-epyc-temp-support ) I found someone with identical chips and they said that the new version supports it. This is me asking how to update, https://github.com/groeck/it87/issues/43 This is me posting here about it, Yes, I have been chewing on this for the month I've been on UnRaid, lol This says there is a hwmon patch: https://www.phoronix.com/forums/forum/software/general-linux-open-source/960997-hwmon-updates-submitted-for-linux-4-13-still-no-ryzen-epyc-temp-support for 4.13 kernel: http://lkml.iu.edu/hypermail/linux/kernel/1707.0/01229.html This says there's a k10temp patch for 4.15 kernel: https://www.phoronix.com/scan.php?page=news_item&px=AMD-Zen-Temps-Hwmon-Next Finally you referenced some guy's out-of-tree it87 module that works for some boards but which kernels?: https://github.com/groeck/it87 You see my reluctance to patch anything until these guys all get on the same page?
September 22, 20178 yr 1 minute ago, limetech said: I have nothing to go on, you are going to have to provide more details. Maybe update your sig too. So I have 3 pro servers. 1. in a datacenter in MA that was running 6.4.0-rc8q that i would access via https://publicip/. After upgrading to rc9q I could no longer access said server via http or https (80 & 443) when i hit the server via ip I was redirected to http://servername. this doesnt resolve via dns because its not a fqdn. I make a static DNS entry in my router with no luck. I ended up rolling this back to rc8q 2. same setup in my office as 1. but internal server on LAN. same issue. cant access via http or https. also redirects to server name. rolled back to rc8q 3. same as all the others. just leaving on rc9q while I figure this out.
September 22, 20178 yr Hello, I am trying to upgrade from the previous RC to this one... However, from the tools menu and upgrade OS I recieve a 502 bad gateway error when I try and check for the latest update release... Is there anything I can do befoer I try resettign my server? Thansk!
September 22, 20178 yr 2 minutes ago, airbillion said: Hello, I am trying to upgrade from the previous RC to this one... However, from the tools menu and upgrade OS I recieve a 502 bad gateway error when I try and check for the latest update release... Is there anything I can do befoer I try resettign my server? Thansk! from an ssh into the server, can you ping out? (8.8.8.8) is there a gateway set on your server?
September 22, 20178 yr Author 14 minutes ago, morbidpete said: So I have 3 pro servers. 1. in a datacenter in MA that was running 6.4.0-rc8q that i would access via https://publicip/. After upgrading to rc9q I could no longer access said server via http or https (80 & 443) when i hit the server via ip I was redirected to http://servername. this doesnt resolve via dns because its not a fqdn. I make a static DNS entry in my router with no luck. I ended up rolling this back to rc8q 2. same setup in my office as 1. but internal server on LAN. same issue. cant access via http or https. also redirects to server name. rolled back to rc8q 3. same as all the others. just leaving on rc9q while I figure this out. Are you using your own SSL certs? If possible, boot -rc9f on one of your local servers, and then use console to generate the diags. On command line type: diagnostics This will generate timestamped file on your flash in 'logs' directory.
September 22, 20178 yr Just now, limetech said: Are you using your own SSL certs? If possible, boot -rc9f on one of your local servers, and then use console to generate the diags. On command line type: diagnostics This will generate timestamped file on your flash in 'logs' directory. I was able to get into the local server on rc9f, I found an old port setup in the go file that looks like it was conflicting. removed that line from go and was able to get into the box. Thanks for all the help.
September 22, 20178 yr Author 15 minutes ago, morbidpete said: I was able to get into the local server on rc9f, I found an old port setup in the go file that looks like it was conflicting. removed that line from go and was able to get into the box. Thanks for all the help. What did you change? I ask because the port options in /usr/local/emhttp are still recognized (meaning they won't generate an error if present), but totally unused. It shouldn't matter if they are there or not.
September 22, 20178 yr Just now, limetech said: What did you change? I ask because the port options in /usr/local/emhttp are still recognized (meaning they won't generate an error if present), but totally unused. It shouldn't matter if they are there or not. i removed the lines that specified the port for http and https and if it would redirect or not. I found it odd that resolved the issue myself as they have been there since version 5. Could have been the reboot that fixed it also. IDK
Archived
This topic is now archived and is closed to further replies.