Pantavisor 028 Release

Pantavisor 028 is now stable. It closes out the 028 stream after 16 release candidates.

Most of the work this cycle went into the Pantavisor runtime itself, with new subsystems for container networking, lifecycle hooks, hardware-backed secrets, and syslog, alongside a round of performance and stability fixes. The BSP layer adds WiFi/BLE provisioning, NAND/UBI board support, factory-flash bundles for Toradex modules, a reorganized documentation site, and a parallel test setup that runs every suite under valgrind.

Pantavisor runtime

The runtime had 76 commits between 027 and 028 (156 files, +9,166 / −1,593). Full comparison: 357b041…bc7f0ca.

New subsystems:

• IPAM — container IP address management: pool allocation, static-IP reservation, nftables/iptables probing, and lease stability across auto-recovery restarts.

• Lifecycle hooks — a hooks subsystem for reacting to container and state transitions.

• Disks v3 and hardware-backed crypt — a lenient disks_v3 parser, DISK_DUAL bind-mount orchestration, a volume-disk backend, volume-to-disk name aliases, and CAAM/DCP mainline crypt support with a hardened volmount script and a dcp-blob-create key-migration tool.

• Syslog — RFC 3164 and RFC 5424 protocol support in the log server.

• libpvtx — pvtx split into a reusable libpvtx.so with an improved CLI and canonical-JSON validation.

Performance:

• The state machine now wakes on platform STARTED/READY/STOPPED transitions instead of polling.

• The first-tick WAIT delay was removed.

• Update paths that produce no logs skip the 5-second logs-wait.

Stability and robustness:

• cgroup: clean all hierarchy leaves on destroy, including HYBRID layout, across all init modes.

• xconnect: re-establish links when a peer container restarts; bound half-open proxy sessions to stop fd leaks.

• appengine: force-remove busy dm devices and generalize crypt-disk cleanup to all mapper devices.

• update: drive the FSM on the unclaimed path and keep pv_try set across a failing tryboot reboot.

• control plane: pvcontrol/pvcurl now stream object downloads to file, use a busybox-compatible body extractor, and process request bodies only after the full payload arrives.

• Several memory-leak fixes (trest client, progress_str, cert paths).

BSP and platform

WiFi and BLE provisioning

• pvwificonnect 1.6.x ships built from source, with BLE provisioning via improv-wifi — claim and connect a device from a phone, no console required.

• A new pv-avahi container, built in Yocto, publishes the device over mDNS so pvr device scan discovers it on the local network.

• Connectivity rounded out with alpine-connman integration and Pantavisor claim RPC.

Container networking (IPAM)

• A default pvcnet pool ships in every device.json, so containers get addresses out of the box.

• Two-pool NAT example and static-IP reservation support, with network.json wired into container-pvrexport.

• nftables is installed in appengine for NAT setup, with a testplan covering static IPs, pool isolation, and lease stability across stop/start.

Hardware and factory flashing

• Colibri iMX6ULL: new NAND/UBI boot support, on-device secrets, and WiFi/BT bring-up — the first fully NAND-based target in the matrix.

• Factory-flash bundles via UUU for Toradex Colibri iMX6ULL and Verdin iMX8MM.

• Raspberry Pi: correct WiFi firmware (rpidistro), Bluetooth across all Pi variants, and CONFIG_COMPAT_VDSO=y on arm64 kernels.

Secrets and disk management

• A new dm-internal-secrets volume backed by a volume-disk type, with a dm-versatile alias for portability across CAAM/DCP-equipped i.MX SoCs.

• The pv--firmware boot volume is now a default in device.json.

Documentation

• All content reorganized into a docs/ subtree (overview / how-to-build / how-to-install / examples / testing / ci).

• A merged HTML reference is generated via Sphinx from ordered Markdown, packaged by new pantavisor-docs and pantacor-component-docs bbclasses, and published to docs.pantavisor on every tag.

• A new rootfs manifest-audit (pv-manifest-audit / pv-manifest-strict) catches drift in the image manifest, with reference manifests for upstream machines.

Testing

• Parallel test execution via a slot allocator, with per-test retry and per-retry workspace isolation.

• Every suite now runs under valgrind, with structured logging, inline diffs, and failure evidence in the GitHub Actions summary.

• pvtests are bundled into the appengine distro; new pvtx unit-test support and a shipped libpvtx.so.

• A new pv-perf debug container bundles perf and strace for on-device profiling.

Notable fixes

• libevent: null-guard freed connection callbacks and demote a replacefd assert (aarch64 stability).

• rpi: isolate the compat-vDSO toolchain shim off PATH so it stops leaking into builds.

• pvtest: clean up orphan dm-crypt devices before each run; stable, sorted devmeta output.

• imx: add dm-versatile alias to CAAM/DCP disk overrides.

• distro: apply git-describe-based dynamic DISTRO_VERSION across all distro confs.

CI and release automation

• Release-tag mirroring, automated changelog generation, and workflow orchestration now drive the release pipeline.

• Per-test artifact uploads tagged with build SHA; changelog and docs decoupled from pvtest pass/fail.

Component versions

Downloads

Prebuilt images, PV exports, BSPs, and SDKs are published per machine for 13 targets, including Raspberry Pi (armv8 / rpi), Toradex Colibri iMX6ULL and Verdin iMX8MM, Variscite iMX8MM/iMX8MN, NXP iMX8QXP MEK, Radxa Rock 5A, several Orange Pi / Banana Pi boards, and docker-x86_64.

Download the images, pv exports, bsp and etc at Downloads - Pantavisor by Pantacor

Full changelog with per-machine download links and SHA256s: CHANGELOG-028.md.

Getting started

Full documentation, including build guides, local development, and per-board flashing instructions, is at docs.pantavisor.io.

Feedback, bug reports, and questions are welcome — reply here or open an issue on the meta-pantavisor repo. Thanks to everyone who tested the RCs.

Fantastic Release!