summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@vyos.io>2024-07-02 16:04:17 +0200
committerGitHub <noreply@github.com>2024-07-02 16:04:17 +0200
commitb1d74fe8e21e2a9725eefb517e7da63f8cd952f9 (patch)
tree1a77ced47217ee863f87ff224b54c5e00938e5e7 /debian
parentefe4e60f5b5620ad7ea342fc9ca1d069e8b9cc21 (diff)
parent72a704d2e2b06bfedc4f1ee841814f983fc34baa (diff)
downloadvyos-1x-b1d74fe8e21e2a9725eefb517e7da63f8cd952f9.tar.gz
vyos-1x-b1d74fe8e21e2a9725eefb517e7da63f8cd952f9.zip
Merge pull request #3745 from c-po/no-legacy
T6527: add legacy Vyatta interpreter files still in use
Diffstat (limited to 'debian')
-rw-r--r--debian/control46
-rwxr-xr-xdebian/rules4
-rw-r--r--debian/vyos-1x.install2
-rw-r--r--debian/vyos-1x.postinst55
4 files changed, 100 insertions, 7 deletions
diff --git a/debian/control b/debian/control
index 883e08649..189a959b0 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,6 @@ Build-Depends:
iproute2,
libvyosconfig0 (>= 0.0.7),
libzmq3-dev,
- procps,
python3 (>= 3.10),
# For QA
pylint,
@@ -38,14 +37,24 @@ Standards-Version: 3.9.6
Package: vyos-1x
Architecture: amd64 arm64
Pre-Depends:
+ libpam-runtime [amd64],
libnss-tacplus [amd64],
libpam-tacplus [amd64],
libpam-radius-auth [amd64]
Depends:
## Fundamentals
${python3:Depends} (>= 3.10),
+ dialog,
libvyosconfig0,
+ libpam-cap,
+ bash-completion,
+ ipvsadm,
+ udev,
+ less,
+ at,
+ rsync,
vyatta-bash,
+ vyatta-biosdevname,
vyatta-cfg,
vyos-http-api-tools,
vyos-utils,
@@ -72,6 +81,7 @@ Depends:
python3-zmq,
## End of Python libraries
## Basic System services and utilities
+ coreutils,
sudo,
systemd,
bsdmainutils,
@@ -84,7 +94,6 @@ Depends:
# ipaddrcheck is widely used in IP value validators
ipaddrcheck,
ethtool,
- fdisk,
lm-sensors,
procps,
netplug,
@@ -97,6 +106,14 @@ Depends:
grc,
## End of System services and utilities
## For the installer
+ fdisk,
+ gdisk,
+ mdadm,
+ efibootmgr,
+ libefivar1,
+ dosfstools,
+ grub-efi-amd64-bin [amd64],
+ grub-efi-arm64-bin [arm64],
# Image signature verification tool
minisign,
# Live filesystem tools
@@ -105,6 +122,7 @@ Depends:
## End installer
auditd,
iputils-arping,
+ iputils-ping,
isc-dhcp-client,
# For "vpn pptp", "vpn l2tp", "vpn sstp", "service ipoe-server"
accel-ppp,
@@ -143,7 +161,7 @@ Depends:
sstp-client,
# End "interfaces sstpc"
# For "protocols *"
- frr (>= 7.5),
+ frr (>= 9.1),
frr-pythontools,
frr-rpki-rtrlib,
frr-snmp,
@@ -179,9 +197,12 @@ Depends:
# For "service router-advert"
radvd,
# End "service route-advert"
-# For "high-availability reverse-proxy"
+# For "load-balancing reverse-proxy"
haproxy,
-# End "high-availability reverse-proxy"
+# End "load-balancing reverse-proxy"
+# For "load-balancing wan"
+ vyatta-wanloadbalance,
+# End "load-balancing wan"
# For "service dhcp-relay"
isc-dhcp-relay,
# For "service dhcp-server"
@@ -235,6 +256,9 @@ Depends:
# For "high-availability vrrp"
keepalived (>=2.0.5),
# End "high-availability-vrrp"
+# For "system console"
+ util-linux,
+# End "system console"
# For "system task-scheduler"
cron,
# End "system task-scheduler"
@@ -267,7 +291,7 @@ Depends:
# For "system conntrack modules rtsp"
nat-rtsp,
# End "system conntrack modules rtsp"
-# For "system ntp"
+# For "service ntp"
chrony,
# End "system ntp"
# For "vpn openconnect"
@@ -276,7 +300,13 @@ Depends:
# For "system flow-accounting"
pmacct (>= 1.6.0),
# End "system flow-accounting"
-# For container
+# For "system syslog"
+ rsyslog,
+# End "system syslog"
+# For "system option keyboard-layout"
+ kbd,
+# End "system option keyboard-layout"
+# For "container"
podman,
netavark,
aardvark-dns,
@@ -314,6 +344,8 @@ Depends:
ndisc6,
# For "run monitor bandwidth"
bmon,
+# For "run format disk"
+ parted,
# End Operational mode
## TPM tools
cryptsetup,
diff --git a/debian/rules b/debian/rules
index 9da40465f..df1d9e7f3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -103,6 +103,10 @@ override_dh_auto_install:
mkdir -p $(DIR)/etc
cp -r src/etc/* $(DIR)/etc
+ # Install legacy Vyatta files
+ mkdir -p $(DIR)/opt
+ cp -r src/opt/* $(DIR)/opt
+
# Install PAM configuration snippets
mkdir -p $(DIR)/usr/share/pam-configs
cp -r src/pam-configs/* $(DIR)/usr/share/pam-configs
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index b3978d38a..7171911dc 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,4 +1,6 @@
+etc/bash_completion.d
etc/commit
+etc/default
etc/dhcp
etc/ipsec.d
etc/logrotate.d
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 78e895d6e..26b81db6f 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -120,6 +120,61 @@ fi
# ensure the proxy user has a proper shell
chsh -s /bin/sh proxy
+# Set file capabilities
+setcap cap_net_admin=pe /sbin/ethtool
+setcap cap_net_admin=pe /sbin/tc
+setcap cap_net_admin=pe /bin/ip
+setcap cap_net_admin=pe /sbin/xtables-legacy-multi
+setcap cap_net_admin=pe /sbin/xtables-nft-multi
+setcap cap_net_admin=pe /usr/sbin/conntrack
+setcap cap_net_admin=pe /usr/sbin/arp
+setcap cap_net_raw=pe /usr/bin/tcpdump
+setcap cap_net_admin,cap_sys_admin=pe /sbin/sysctl
+setcap cap_sys_module=pe /bin/kmod
+setcap cap_sys_time=pe /bin/date
+
+# create needed directories
+mkdir -p /var/log/user
+mkdir -p /var/core
+mkdir -p /opt/vyatta/etc/config/auth
+mkdir -p /opt/vyatta/etc/config/scripts
+mkdir -p /opt/vyatta/etc/config/user-data
+mkdir -p /opt/vyatta/etc/config/support
+chown -R root:vyattacfg /opt/vyatta/etc/config
+chmod -R 775 /opt/vyatta/etc/config
+mkdir -p /opt/vyatta/etc/logrotate
+mkdir -p /opt/vyatta/etc/netdevice.d
+
+touch /etc/environment
+
+if [ ! -f /etc/bash_completion ]; then
+ echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion
+ echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion
+fi
+
+sed -i 's/^set /builtin set /' /etc/bash_completion
+
+# Fix up PAM configuration for login so that invalid users are prompted
+# for password
+sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login
+
+# Change default shell for new accounts
+sed -i -e ':^DSHELL:s:/bin/bash:/bin/vbash:' /etc/adduser.conf
+
+# Do not allow users to change full name field (controlled by vyos-1x)
+sed -i -e 's/^CHFN_RESTRICT/#&/' /etc/login.defs
+
+# Only allow root to use passwd command
+if ! grep -q 'pam_succeed_if.so' /etc/pam.d/passwd ; then
+ sed -i -e '/^@include/i \
+password requisite pam_succeed_if.so user = root
+' /etc/pam.d/passwd
+fi
+
+# remove unnecessary ddclient script in /etc/ppp/ip-up.d/
+# this logs unnecessary messages trying to start ddclient
+rm -f /etc/ppp/ip-up.d/ddclient
+
# create /opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script
PRECONFIG_SCRIPT=/opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script
if [ ! -x $PRECONFIG_SCRIPT ]; then