Hi folks,

The 2026.06 tag has been pushed to master on gitlab.com/lava/lava.
.deb packages have been built in GitLab CI and are published at

  https://apt.lavasoftware.org/release

Docker images for amd64 and arm64 have been built in GitLab CI and
are available from

  https://registry.gitlab.com/

and

  https://hub.docker.com/u/lavasoftware


Changes in this release
==================

# Device-types

## New device-types

* lenovo-500e-gen5-rev3-nissa
* imx937-frdm
* imx941-19x19-lpddr4-evk
* imx942-19x19-lpddr4-evk
* tegra234-3737-0000+3701-0000
* devices deriving from the new `base-qdl` template (including
  qcs6490-rb3gen2, which now supports minimal, u-boot and fastboot boot on top
  of qdl flashing)

## Renamed and removed device-types

* `e850-96` renamed to `exynos850-e850-96` to follow the device tree name.
* `juno-r2` dropped in favour of `juno`. The `juno-r2` template was an empty
  alias with no overrides, and a single `juno` device-type covers all Juno
  revisions.

# Breaking changes

## VLANd support dropped

The VLANd code has been finally removed from LAVA. This feature has been
unmaintained for years and was no longer used by any active deployment.

# Dispatcher

## QDL deploy and boot

LAVA now supports [`qdl`](https://github.com/linux-msm/qdl/), the tool used to
flash Qualcomm devices. The typical device life cycle is:

* **deploy to qdl**: download a tarball containing all artifacts and add the
  LAVA overlay
* **boot to qdl**: flash the board using the tarball contents. This step can be
  repeated to flash the various storage types (spinor, nvme, ufs, emmc, ...)
* boot using another method depending on the software build (minimal, u-boot,
  fastboot, ...)

`boot-to-qdl` also detects the installed `qdl` version and enables options
accordingly (for example `--skipblock`, which is only available on v2.7 and
above). The minimal version required to work with modern boards is 2.0.

`qdl` is not yet packaged in Debian, so it must be available on the dispatcher
or inside the container. It has been added to the suggested packages of
`lava-dispatcher`.

Example job flashing and booting a `qcs6490-rb3gen2`:

```yaml
device_type: qcs6490-rb3gen2
job_name: qcs6490 qdl boot

timeouts:
  job:
    minutes: 210
visibility: public

actions:
- deploy:
    to: qdl
    rootfs_image: "disk-sdcard.img2"
    overlay_path: "/"
    qcomflash:
      url: 'https://example.com/qcomflash.tar.gz'
      apply-overlay: true
    timeout:
      minutes: 200
- boot:
    method: qdl
    firehose_program: "prog_firehose_ddr.elf"
    rawprogram: "rawprogram0.xml"
    patch: "patch0.xml"
    storage: "ufs"
    path: "."
    timeout:
      minutes: 5
- boot:
    method: minimal
    prompts:
    - root@debian
    timeout:
      minutes: 3
```

The device dictionary should include the right configuration to enter EDL mode.

```jinja
{% set board_qdl_id = 'BA9B2FEB' %}
{% set qdl_enter_commands = ['/usr/local/bin/tac-api.py --serial DP05DD00 --command bootToEDL'] %}
```

## rclone download support

A new `rclone` download backend allows downloading images via
[rclone](https://rclone.org/), giving access to 70+ cloud storage backends
(S3, Google Drive, Azure, SFTP, ...) through a unified URL scheme:

```yaml
- deploy:
    to: tmpfs
    images:
      rootfs:
        url: rclone://s3remote/bucket/images/rootfs.img.gz
        compression: gz
```

Configuration can be provided from environment variable or the secret block:

```yaml
secrets:
  rclone_env:
    RCLONE_CONFIG_S3REMOTE_TYPE: "s3"
    RCLONE_CONFIG_S3REMOTE_PROVIDER: "AWS"
    RCLONE_CONFIG_S3REMOTE_ACCESS_KEY_ID: "AKIAIOSFODNN7EXAMPLE"
    RCLONE_CONFIG_S3REMOTE_SECRET_ACCESS_KEY: "wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"
    RCLONE_CONFIG_S3REMOTE_REGION: "us-east-1"

actions:
- deploy:
    to: tmpfs
    images:
      rootfs:
        url: rclone://s3remote/bucket/images/rootfs.img.gz
        compression: gz
```

## Docker login support

LAVA is now able to pull docker image from private docker registry using
username and password credentials provided in the job definition.

To pull images from a password protected registry add a login section
with the registry domain name, username and password.

```yaml
- test:
    docker:
      image: example.com/my-adb-image
        login:
          registry: example.com
          user: foobar
          password: my_password
```

## Test definition tarballs: strip-components

Tarballs fetched via `from: url` (such as GitHub and GitLab archives) often wrap
their contents in a top-level directory.

LAVA now support a new optional `strip-components` parameter (passed through to
`tar --strip-components`), so the test definition path can be given relative to
the repository root.

This can be used with:

```yaml
- test:
    definitions:
    - name: smoke-tests
      from: url
      repository: https://github.com/Linaro/test-definitions/archive/2019.03.tar.gz
      compression: gz
      strip-components: 1
      path: automated/linux/smoke/smoke.yaml
```

## Faster tarball extraction

Test definition tarballs are now unpacked using the `tar` binary instead of the
pure-Python `tarfile` module. This is significantly faster and also allows
unpacking Zstd-compressed archives.

## flasher: skip image download

Add an option to the `flasher` deploy action to not download an image but to
make it available in the substitution.

```yaml
- deploy:
    to: flasher
    images:
      direct_url_image:
        url: https://example.com/image.img.xz
        download: false
```

The image is not downloaded; the URL from the job is passed directly to the
substitution. This avoids extra downloads and uploads when the flasher device
can fetch the image itself.

## Device metadata in the shell environment

LAVA test action now export the device hostname and device type as environment variables:

* `LAVA_DEVICE_HOSTNAME`
* `LAVA_DEVICE_TYPE`

## fastboot: pre-os-command always run

`pre-os-command` is now always run on `boot-to-fastboot`, including when the
action uses a Docker container. This fixes booting boards (such as RB1) using
fastboot with an NFS-mounted rootfs.

## Bug fixes

* **lava-test-runner**: use KMSG in the runner when the test definition uses it,
  so the `EXIT` signal cannot arrive before `ENDRUN` and cause a run to be
  wrongly marked as failed.
* **Overlay path**: `CompressOverlay` now stores the overlay under the full
  `lava_test_results_dir` instead of just its basename, fixing a path mismatch
  when the variable is overridden in the context.
* **QEMU overlay**: the guest overlay is now created as `ext2` again, so DUTs
  with older kernels can mount it (a recent `e2fsprogs` enables
  `metadata_csum_seed` by default).
* **vexpress**: default `test_character_delay` to `boot_character_delay` so
  tests are paced like boot and deploy, helping slow consoles (such as Juno's).

# Server

## Notifications: remote artifact tokens

Notification callbacks can now resolve secret tokens using the
`RemoteArtifactsAuth` table in addition to the legacy XML-RPC `AuthToken` table.
Previously only XML-RPC tokens could be used as callback secrets, which required
administrative privileges to set. Regular users can now manage their own
GitLab/API tokens for job notifications without administrative intervention.

# Packaging

## PEP 621 project metadata

The build now uses PEP 621 compliant project metadata and `setuptools-scm` for
automatic version derivation from git tags. Dependencies are organised by
component (dispatcher, server, dispatcher-host, coordinator) so only what is
needed can be installed, with a `full` extra pulling in everything:

```sh
uv sync --extra full --extra test
pip install lava[server]
```

Rgds

--
Rémi Duraffort
Principal Tech Lead
LAVA Tech Lead
Automation Software Team
Linaro