vyos-1x.git/src/op_mode, branch 1.4.0-rc2

T5857: Fix op-mode show interfaces wireless info unconf message

2024-01-12T18:58:07+00:00

When a router does not have wireless interfaces the proper unconfigured message must be exist (cherry picked from commit c97955b963ecc3da9638717485fe4d2c8599565c)

image-tools: T5910: explicitly set transmission speed of serial console

2024-01-12T16:47:56+00:00

GRUB defaults to 9600 in case of serial console; explicitly set to 115200. (cherry picked from commit 70122bef58eaa0084695f89c410992f8d7c1f9f6)

T5915:firewall: re-add opmode command for zone based firewall

2024-01-11T15:10:14+00:00

(cherry picked from commit 62f10e0ec8075634e1515d6cecc822d87053bccb)

image-tools: T5917: annotate image list with (running)/(default boot)

2024-01-10T21:57:26+00:00

(cherry picked from commit 17a1d31299e8960d9eba528e04c418b4c1007eb2)

pki: T5886: add support for ACME protocol (LetsEncrypt)

2024-01-08T20:11:13+00:00

The "idea" of this PR is to add new CLI nodes under the pki subsystem to activate ACME for any given certificate. vyos@vyos# set pki certificate NAME acme Possible completions: + domain-name Domain Name email Email address to associate with certificate listen-address Local IPv4 addresses to listen on rsa-key-size Size of the RSA key (default: 2048) url Remote URL (default: https://acme-v02.api.letsencrypt.org/directory) Users choose if the CLI based custom certificates are used set pki certificate EXAMPLE acme certificate or if it should be generated via ACME. The ACME server URL defaults to LetsEncrypt but can be changed to their staging API for testing to not get blacklisted. set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory Certificate retrieval has a certbot --dry-run stage in verify() to see if it can be generated. After successful generation, the certificate is stored in under /config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set interfaces ethernet eth0 eapol certificate EXAMPLE) we call vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the base64 encoded certificate into the JSON data structure normally used when using a certificate set by the CLI. Using this "design" does not need any change to any other code referencing the PKI system, as the base64 encoded certificate is already there. certbot renewal will call the PKI python script to trigger dependency updates. (cherry picked from commit b8db1a9d7baf91b70c1b735e58710f1e2bc9fc7a) # Conflicts: # debian/control

image-tools: T5883: preserve file owner in /config on add system update

2024-01-01T16:58:57+00:00

(cherry picked from commit 9f66b9ccfa25f56c209d90a0ad5ad779f3963bee)

T5474: establish common file name pattern for XML conf mode commands

2024-01-01T08:25:32+00:00

We will use _ as CLI level divider. The XML definition filename and also the Python helper should match the CLI node. Example: set interfaces ethernet -> interfaces_ethernet.xml.in set interfaces bond -> interfaces_bond.xml.in set service dhcp-server -> service_dhcp-server-xml.in (cherry picked from commit 4ef110fd2c501b718344c72d495ad7e16d2bd465)

image-tools: T5825: restore authentication for add system image

2023-12-17T02:37:11+00:00

(cherry picked from commit 7ee9297a90625609e568394c9f5ea63e8c95a54b)

T5827: moved sys image sort to grub version_list

2023-12-17T02:37:11+00:00

(cherry picked from commit d01aba1f5055cdaa43c8429a2c13580679ec12f7)

T5827: made show system image alphabetical

2023-12-17T02:37:11+00:00

(cherry picked from commit d2b29be237b790bb1a258647adf30c8b96c0b526)