Get YOCTO version of balenaOS image

General
1

Hi, Balena team.

Do you have a list of yocto versions that are used to build the balenaOS images?

For example, I have noticed that suface-go 2.54.2+rev1 image uses yocto 5.2.10.
But up-board 2.54.2+rev1 image uses yocto 4.14.76?

The full list of the yocto version for each balenaOS image would be really helpful.

Cheers,
Shane.

4

Hey Shane, thats an interesting question. What exactly do you need that info for and how would you make use of it if available? I think currently there isn’t an easy way to get this, however, the yocto version names are listed on each device type in https://balena-io.github.io/balenaosversions/ . My colleague also put together a toy project here: https://balena-io-playground.github.io/balenaos-manifest/ which allows one to browse all the packages and their versions included in each OS version for a device type, which is why I asked about what you want to use the yocto version for, since I assume you are trying to figure out exact versions of specific components?

6

Hi, @shaunmulligan
Thanks for your quick reply!

Yeah, I want the exact YOCTO version to install the nvidia driver manually.
Please check the Dockerfile in this thread: Enable GPU on Container

It needs the exact yocto version!

Cheers,
Shane.

8

since you want to select based on kernel version, why not have a script that does something like this:

case "$(uname -r)" in
5.2.10*)   echo "5.x" ;;
4.14.76*)  echo "4.x" ;;
*)         echo "EINVAL" ;; 
esac
1 Like
10

Aha, yes.

I can use that. Thanks for your tip! :+1:

12

I know this is an old thread, but I’m wondering if anything has changed/improved with this.

The specific scenario I’m running into is that our IT team scanned a device with Nexpose and it reported a critical vulnerability with OpenSSH 8.9p1 (CVE-2024-6387). I can see in the Yocto build recipe that it is patching for this specific vulnerability, but I don’t have an easy way to draw a line from the BalenaOS on the device to that Yocto patch that will make my security team happy.

Even logging into the device and getting the OpenSSH version doesn’t show specific patches, so it’s not clear what has or hasn’t been patched in the Yocto build:

root@d04c3xx:~# sshd --help
unknown option -- -
OpenSSH_8.9p1, OpenSSL 3.0.16 11 Feb 2025

Somewhat related, but not as important, is that Nexpose identifies BalenaOS as “MikroTik MIKROTIK ROUTEROS 7.2 - 7.5 (LINUX 5.6.3) 7.2.” I’m guessing it is just doing some fingerprinting based on ports open or matching Yocto package numbers.

Thanks,

-mike