Lima Versions Save

On macOS hosts, Lima now asks the user to sign the QEMU binary with the com.apple.security.hypervisor entitlement if the binary is not properly signed:

$ limactl start
INFO[0000] Using the existing instance "default"        
WARN[0000] QEMU binary "/usr/local/bin/qemu-system-x86_64" is not properly signed with the "com.apple.security.hypervisor" entitlement  error="failed to run [codesign --verify /usr/local/bin/qemu-system-x86_64]: exit status 1 (out=\"/usr/local/bin/qemu-system-x86_64: invalid signature (code or signature have been modified)\\nIn architecture: x86_64\\n\")"
? Try to sign "/usr/local/bin/qemu-system-x86_64" with the "com.apple.security.hypervisor" entitlement? (Y/n)
...

Choose Y to sign the binary.

This signing is usually not needed on users' side. However, the Homebrew bottle of QEMU v8.0.4 needs this signing due to a temporary issue of Homebrew's build infrastructure:

• https://github.com/lima-vm/lima/issues/1742

The Homebrew bottle of QEMU v8.0.3 is not affected by this issue.

Changes

QEMU:

• Ask to sign QEMU binary when the binary is not properly signed (#1743)

Full changes: https://github.com/lima-vm/lima/milestone/37?closed=1 Thanks to @afbjorklund

Usage

[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5851291166

The sha256sum of the SHA256SUMS file itself is 006f022e19d2b03869c33ee30be694217937d8c774af7b9714e2d7659da31aa5 .

This release fixes incompatibility with Go 1.21 (#1729).

Changes

Misc:

• Support Go 1.21 (#1729)

Apptainer:

• apptainer.lima: Use APPTAINER_BINDPATH instead of APPTAINER_HOME (#1716, thanks to @afbjorklund)

Templates:

• Remove nomad, as Nomad is no longer free software (#1728)
• Update CentOS Stream 9 to 20230807.1 (#1730)
• Update Debian 11 and 12 to 20230802-1460 (#1730)
• Update Ubuntu 23.04 to release-20230810 (#1730)

Full changes: https://github.com/lima-vm/lima/milestone/36?closed=1 Thanks to @afbjorklund

Usage

[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5843580169

The sha256sum of the SHA256SUMS file itself is eb92c7f2bf0d3ed9787ac5130860900e09573c3ec7568bde151025038186b59e .

This release adds the limactl create command. Now it is discouraged (not deprecated) to use limactl start for creating new instances.

Discouraged form:

limactl start --name=foo template://docker

Recommended form:

limactl create --name=foo template://docker
limactl start foo

The limactl create command also takes several flags like --cpus=1 --memory=2 --vm-type=vz --mount-writable=true for modifying the template. Some of these flags are similar to the flags of colima start.

Changes

• limactl CLI:

  • Add limactl create (#1643, #1677).
  • Add --cpus, --memory, --mount-type, --vm-type, ..., --video (#1468, #1696, #1709)

• YAML:

  • Adjust the default CPUs and memory size depending on the host capacity (#1603)
  • Allow leaving additional disks unformatted (#1516, thanks to @afbjorklund)

• VZ:

  • Remove dependency on qemu-img binary for converting qcow2 to raw (#1507)
  • Enable virtiofs by default when vmType == vz (#1613)
  • Support video display (#1597, #1602, thanks to @balajiv113)

• QEMU:

  • Connect a virtio-serial device to serialv.log in the instance directory (#1674, #1693)
  • Connect a pci-serial device to serialp.log for making more boot logs visible on ARM (#1703)
  • Support virtiofs on Linux hosts (#1628, thanks to @refi64). macOS hosts still require VZ for using virtiofs.
  • Support armv7l (32-bit ARM) architecture (#1633)

• nerdctl:

  • Update from v1.4.0 to v1.5.0 (#1700)

• Templates:

  • CentOS Stream 8: update to 20230710.0 (#1700)
  • CentOS Stream 9: update to 20230720.0 (#1700)
  • Debian: update to 12 (#1635, #1700, thanks to @unidevel)
  • Oracle Linux: update to 8.8 and 9.2 (#1700)
  • Ubuntu: update to release-20230729 (#1700)
  • openSUSE: update to 15.5 (#1700)
  • Add template://experimental/rke2 (#1650, thanks to @Hirozy)
  • Promote template://docker to Tier 1 (#1694)

• Misc:

  • Makefile: add make minimal (#1673)
  • Rename "examples" to "templates" (#1679, #1707)

Full changes: https://github.com/lima-vm/lima/milestone/35?closed=1 Thanks to @ArmingLou @Hirozy @afbjorklund @a-palchikov @balajiv113 @fyuan1316 @jandubois @refi64 @unidevel

Usage

[macOS]$ limactl create
[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5757601750

The sha256sum of the SHA256SUMS file itself is 17389cba1ccc7429968fddea3427d85eddc1f37eaa3a57f3750c3552f661c4ed .

This release adds an experimental support for the user-v2 network driver: limactl start template://experimental/net-user-v2. The user-v2 network driver enables VM-to-VM networking without the root privilege on the host. This should be useful for simulating multi-node Kubernetes clusters on a laptop.

This release also fixes a relatively minor vulnerability CVE-2023-32684. This vulnerability is very unlikely to be exploitable as long as you are using the official templates of Lima.

Changes

• limactl CLI:
  • (Experimental) Add limactl snapshot (apply|create|delete|list) commands (#1054, thanks to @afbjorklund)
  • Escape only the value of env variables in limactl shell (#1501, thanks to @sam-berning)
• YAML:
  • Add "dependency" provisioning mode (#1105, thanks to @pendo324)
  • (Experimental) Add .audio.device (#1527, #1532, #1561, #1589, thanks to @afbjorklund @balajiv113)
• Documents:
  • Install man pages (#1521, thanks to @afbjorklund)
• Network:
  • (Experimental) Add user-v2 network driver to enable VM-to-VM networking without root (#1383, thanks to @balajiv113)
• nerdctl:
  • Update from v1.3.1 to v1.4.0 (#1559)
• Templates:
  • AlmaLinux: update to 9.2 (#1550)
  • Alpine: update to 3.18 and fix Rosetta support (#1560, #1580, thanks to @jandubois)
  • Arch Linux: update to 20230515.150700 (#1550)
  • Fedora: update to 38 (#1502, thanks to @cpach)
  • Nomad: update to v0.9.4 (#1552)
  • Rocky Linux: update to 9.2 and 8.8 (#1550, #1591)
  • Ubuntu: update to 23.04 (#1550)
• Misc:
  • Improve disk efficiency (#1411) for caches (#1544)

Full changes: https://github.com/lima-vm/lima/milestone/34?closed=1 Thanks to @afbjorklund @balajiv113 @bumpsoo063 @cpach @jandubois @pendo324 @sam-berning

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/5118006806

The sha256sum of the SHA256SUMS file itself is 2062c42688128dca55331fc1a8f4841cbf41ed9dd11867d48decdf6880afde87 .

This release adds support for QEMU 8.0.

Changes

• limactl CLI:
  • Improve the argument error message (#1391, thanks to @lobshunter)
  • Improve the "failed to download" error message (#1465)
  • Add --log-level flag (#1308, thanks to @afbjorklund)
  • limactl edit: add --set <YQ EXPRESSION> (#1412, thanks to @afbjorklund)
• YAML:
  • Allow rosetta fields to be overridden (#1413, thanks to @pendo324)
  • Support specifying compressed images (*.gz, *.bz2, *.xz, *.zst) (#1439, thanks to @afbjorklund)
• QEMU:
  • Fix broken state on QEMU ACPI shutdown (#1397, thanks to @balajiv113)
  • Disable pdppe1gb on Intel Mac, for supporting QEMU 8.0 (#1487)
• VZ:
  • Support mounting additional disks (#1405, thanks to @pendo324)
  • Fix panic during limactl stop (#1494, #1497, thanks to @balajiv113)
• nerdctl:
  • update from v1.2.1 to v1.3.1. (#1460, #1486) thanks to @ningziwen) Change logs: https://github.com/containerd/nerdctl/releases/tag/v1.3.0 https://github.com/containerd/nerdctl/releases/tag/v1.3.1
• Templates:
  • Alpine: setup apk cache on persistent volume (#1471, thanks to @jandubois)
  • Arch Linux: update to 20230415.143207 (#1498)
  • CentOS Stream 8: update to 20230404.0 (#1498)
  • CentOS Stream 9: update to 20230410.0 (#1498)
  • Ubuntu 22.04: update to release-20230302 (#1498)
  • Ubuntu 22.10: update to release-20230413 (#1498)
  • openSUSE: support aarch64 (#1450, #1462, thanks to @e-minguez)

Full changes: https://github.com/lima-vm/lima/milestone/33?closed=1 Thanks to @afbjorklund @balajiv113 @e-minguez @jandubois @lobshunter @ningziwen @pendo324

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/4709036669

The sha256sum of the SHA256SUMS file itself is 91cb421f8488916b6e7ae387446c21c86e4e972bda32a7e377eee58508699911 .

This release experimentally implements yq expressions for customizing the templates (#1359), e.g.,

limactl start --set='.cpus = 2 | .memory = "2GiB"'

This release is also remarkable for automatic forwarding of Kubernetes NodePorts and LoadBalancers (#1355).

Also, in this release we welcome new maintainers Anders F Björklund (@afbjorklund) and Balaji Vijayakumar (@balajiv113) :tada:

Upgrading notice

containerd <= v1.6.16 creates /etc/cni with permission 0700 when running in the rootful mode.

This causes an error like open /etc/cni/tuning/allowlist.conf: permission denied for CNI tuning plugin >= v1.2.0 when running in the rootless mode.

Lima users may face this error during upgrading nerdctl to >= v1.2.0 (Lima >= v0.15.0). Run lima sudo chmod 0755 /etc/cni to dismiss this error.

Changes

• limactl CLI

  • limactl start: Experimentally add limactl start --set <YQ EXPRESSION>: to customize the template (#1359, thanks to @afbjorklund). e.g., limactl start --set='.cpus = 2 | .memory = "2GiB"'
  • limactl list: Dynamically hide columns depending on the terminal width (#1266, thanks to @afbjorklund)

• YAML:

  • Add .copyToHost for copying files from the guest to the host (#1301, thanks to @afbjorklund)
  • Add .video.vnc for experimental VNC support (#1004, thanks to @afbjorklund)

• SSH:

  • Write ~/.lima/<INSTANCE>/ssh.config. The file can be passed to ssh -F. (#1326)

• QEMU:

  • Experimentally support VNC video display (#1004, thanks to @afbjorklund)
  • Fix binding multiple disks in M1 (#1332, thanks to @balajiv113)

• VZ:

  • Fix disk image corruption (#1315, thanks to @balajiv113)

• Kubernetes:

  • Support automatically forwarding Kubernets NodePorts and LoadBalancers (#1355, thanks to @lobshunter)
  • Add kubectl.lima script for wrapping kubectl (#1302, thanks to @afbjorklund)

• DNS:

  • Return NODATA for IPv6 AAAA queries (#1289, thanks to @Nino-K)
  • Don't log DNS queries by default (#1368, thanks to @jandubois)

• nerdctl:

  • update from v1.1.0 to v1.2.1 (#1388). Change logs: https://github.com/containerd/nerdctl/releases/tag/v1.2.0 https://github.com/containerd/nerdctl/releases/tag/v1.2.1

• Templates:

  • Alpine: update to alpine-lima 0.2.27 (#1369)
  • Arch Linux: update to 20230215.126932 (#1388)
  • CentOS Stream 9: update to 20230216.0 (#1388)
  • Debian 11: update to 20230124-1270 (#1388)
  • Rocky Linux 8.7: update to 20230215.0 (#1388)
  • Rocky Linux 9.1: update to 20230215.0 (#1388)
  • Ubuntu 22.04: update to 20230210 (#1388
  • Ubuntu 22.10: update to 20230215 (#1388)
  • openSUSE Tumbleweed: remove aarch64 image due to 404 (#1388)

• Project:

  • MAINTAINERS: add Anders F Björklund (@afbjorklund) and Balaji Vijayakumar (@balajiv113) (#1323)

Full changes: https://github.com/lima-vm/lima/milestone/30?closed=1 Thanks to @Nino-K @afbjorklund @balajiv113 @deitch @jandubois @lobshunter @pnasrat @ryancurrah @suyanhanx

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/4292802059

The sha256sum of the SHA256SUMS file itself is 50c50e8ab02b0187b2d795b191834bfcaa66757c6abbaa708be6a13658495d48 .

Changes

• VZ:

  • Fix NSInvalidArgumentException on headless hosts, such as EC2 mac2.metal (#1261)

• limactl CLI:

  • limactl start: support reading template from stdin (limactl start --name=NAME --tty=false -) (#1250, thanks to @deitch)
  • limactl info: add vmTypes []string to the JSON output (#1262)

• Templates:

  • Arch Linux: update to 20221215.111177 (#1257)

Full changes: https://github.com/lima-vm/lima/milestone/32?closed=1 Thanks to @deitch

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3766201229

The sha256sum of the SHA256SUMS file itself is 682c7d5e520914cc513d8af440de9ea3608817bbb475a45e893e238b7d14d0af .

This release fixes a regression #1242 in Lima v0.14.0: On colima, docker data, such as containers and images in /var/lib/docker were unmounted and they looked as if they were removed.

The actual data are not removed, and can be rescued by upgrading Lima to this v0.14.1 release (or downgrading to v0.13.0).

Only the following instances are known to have been affected:

• colima instances
• alpine instances that were created with Lima before v0.13.0

The default (ubuntu) instances are unaffected.

Changes

• Boot scripts:
  • Check if growpart is installed before calling it (#1243, thanks to @jandubois)
• VZ:
  • Fix nil pointer deference (#1245)
  • Validate disk format (#1245)
• Templates:
  • Alma Linux 9: fix 404 (#1244)
• Website:
  • Set up https://lima-vm.io/ (#1240)

Full changes: https://github.com/lima-vm/lima/milestone/31?closed=1 Thanks to @hftsin @jandubois

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3692334791

The sha256sum of the SHA256SUMS file itself is 11c0e020d62d8192e40249c9aa978f7dc15ea6e250aa8d66879045812b807d02 .

This release adds an experimental support for Apple's Virtualization.framework aka vz.

limactl start template://experimental/vz

Pros:

• Supports faster filesystem sharing (virtiofs)
• Supports faster emulation for running Linux/x86_64 ELF binaries on ARM (Rosetta 2)

Cons:

• No support for legacy BIOS
• The boot log is not available in serial.log
• The source code of Virtualization.framework does not seem available

Using Virtualization.framework with Lima needs macOS 13.0 or later. See also docs/vmtype.md.

Changes

• Virtualization.framework (VZ):

  • Support Virtualization.framework (#1147, etc., thanks to @balajiv113)
  • Support Rosetta for Linux (#1155, thanks to @chancez)
  • Support vzNAT networking (#1207)

• vmnet:

  • Support detecting Homebrew's socket_vmnet path (#1220)

• YAML:

  • Remove deprecated network and useHostResolver (#1186)

• limactl CLI:

  • Allow using $SSH as a custom SSH binary path (#1132, thanks to @antoineco)
  • Add limactl disk (create|delete|list) commands for attaching multiple disks to instances (#1065, thanks to @sam-berning)
  • Add limactl start --timeout=<TIMEOUT> for setting custom timeout (#1143, thanks to @antoineco)

• nerdctl:

  • Update to v1.1.0. Compose is significantly improved. (#1236)

• Templates: (#1159, #1194, #1215, #1236)

  • Alpine: update to 3.17.0
  • Arch Linux: update to 20221201.106936
  • Debian 11: update to 20221205-1220
  • EL derivatives: update to 8.7/9.1
  • Fedora: update to 37
  • Ubuntu 22.04: update to release-20221201
  • Ubuntu 22.10: update to release-20221201
  • openSUSE Tumbleweed: switch away from "JeOS" to "Minimal-VM"

• Misc:

  • Add Finch as an adopter of Lima (#1199, thanks to @estesp)

Full changes: https://github.com/lima-vm/lima/milestone/29?closed=1 Thanks to @afbjorklund @antoineco @balajiv113 @chancez @chrisx8 @estesp @jandubois @pendo324 @sam-berning

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3676969854

The sha256sum of the SHA256SUMS file itself is adcc4b9c798aba356c5c3a5140a77edf8443b8df9e195d7ba89d976ef5074ed3 .

This release adds an experimental support for Apple's Virtualization.framework aka vz.

limactl start template://experimental/vz

Pros:

• Supports faster filesystem sharing (virtiofs)
• Supports faster emulation for running Linux/x86_64 ELF binaries on ARM (Rosetta 2)

Cons:

• No support for legacy BIOS
• The boot log is not available in serial.log
• The source code of Virtualization.framework does not seem available

Using Virtualization.framework with Lima needs macOS 13.0 or later.

Changes

(To be documented) Since beta.0, the support for Rosetta was added.

Full changes: https://github.com/lima-vm/lima/milestone/29?closed=1 Thanks to @afbjorklund @antoineco @balajiv113 @chancez @chrisx8 @jandubois @pendo324 @sam-berning

Usage

[macOS]$ limactl start
...
INFO[0029] READY. Run `lima` to open the shell.

[macOS]$ lima uname
Linux

---

The binaries were built automatically on GitHub Actions. The build log is available for 90 days: https://github.com/lima-vm/lima/actions/runs/3531739770

The sha256sum of the SHA256SUMS file itself is daebd6289f6327f70abd14616747e906244cd3f5665b5662e93242d9b6368732 .