5 files changed, 36 insertions, 12 deletions

diff --git a/debian/compat b/debian/compat
index f599e28b8..48082f72f 100644
--- a/debian/compat
+++ b/debian/compat
@@ -1 +1 @@
-10
+12
diff --git a/debian/control b/debian/control
index 7e69003ff..4a2706fc3 100644
--- a/debian/control
+++ b/debian/control
@@ -8,6 +8,7 @@ Build-Depends:
   fakeroot,
   gcc-multilib [amd64],
   clang [amd64],
+  iproute2,
   llvm [amd64],
   libbpf-dev [amd64],
   libelf-dev (>= 0.2) [amd64],
@@ -15,7 +16,7 @@ Build-Depends:
   build-essential,
   libvyosconfig0 (>= 0.0.7),
   libzmq3-dev,
-  python3,
+  python3 (>= 3.10),
   python3-coverage,
   python3-lxml,
   python3-netifaces,
@@ -25,7 +26,6 @@ Build-Depends:
   python3-setuptools,
   python3-sphinx,
   python3-xmltodict,
-  python3-pyhumps,
   quilt,
   whois
 Standards-Version: 3.9.6
@@ -33,18 +33,20 @@ Standards-Version: 3.9.6
 Package: vyos-1x
 Architecture: amd64 arm64
 Depends:
-  ${python3:Depends},
+  ${python3:Depends} (>= 3.10),
+  aardvark-dns,
   accel-ppp,
+  auditd,
   avahi-daemon,
   beep,
   bmon,
   bsdmainutils,
+  charon-systemd,
   conntrack,
   conntrackd,
   conserver-client,
   conserver-server,
   console-data,
-  crda,
   cron,
   curl,
   dbus,
@@ -60,15 +62,17 @@ Depends:
   frr-pythontools,
   frr-rpki-rtrlib,
   frr-snmp,
+  fuse-overlayfs,
   libpam-google-authenticator,
   grc,
   hostapd,
+  hsflowd,
   hvinfo,
   igmpproxy,
   ipaddrcheck,
   iperf,
   iperf3,
-  iproute2,
+  iproute2 (>= 6.0.0),
   iputils-arping,
   isc-dhcp-client,
   isc-dhcp-relay,
@@ -78,7 +82,8 @@ Depends:
   lcdproc,
   lcdproc-extra-drivers,
   libatomic1,
-  libbpf0 [amd64],
+  libauparse0,
+  libbpf1 [amd64],
   libcharon-extra-plugins (>=5.9),
   libcharon-extauth-plugins (>=5.9),
   libndp-tools,
@@ -97,12 +102,12 @@ Depends:
   mtr-tiny,
   ndisc6,
   ndppd,
+  netavark,
   netplug,
   nfct,
   nftables (>= 0.9.3),
   nginx-light,
-  ntp,
-  ntpdate,
+  chrony,
   nvme-cli,
   ocserv,
   opennhrp,
@@ -131,6 +136,7 @@ Depends:
   python3-netaddr,
   python3-netifaces,
   python3-paramiko,
+  python3-passlib,
   python3-psutil,
   python3-pyhumps,
   python3-pystache,
diff --git a/debian/rules b/debian/rules
index 5a58aeeb6..55e02fae6 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,6 +8,7 @@ VYOS_DATA_DIR := usr/share/vyos
 VYOS_CFG_TMPL_DIR := opt/vyatta/share/vyatta-cfg/templates
 VYOS_OP_TMPL_DIR := opt/vyatta/share/vyatta-op/templates
 VYOS_MIBS_DIR := usr/share/snmp/mibs
+VYOS_LOCALUI_DIR := srv/localui
 
 MIGRATION_SCRIPTS_DIR := opt/vyatta/etc/config-migrate/migrate
 SYSTEM_SCRIPTS_DIR := usr/libexec/vyos/system
@@ -89,6 +90,9 @@ override_dh_auto_install:
 	mkdir -p $(DIR)/$(VYOS_DATA_DIR)
 	cp -r data/* $(DIR)/$(VYOS_DATA_DIR)
 
+	# Create localui dir
+	mkdir -p $(DIR)/$(VYOS_LOCALUI_DIR)
+
 	# Install SNMP MIBs
 	mkdir -p $(DIR)/$(VYOS_MIBS_DIR)
 	cp -d mibs/* $(DIR)/$(VYOS_MIBS_DIR)
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index edd090993..98d1bc0cd 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,8 +1,10 @@
+etc/commit
 etc/dhcp
 etc/ipsec.d
 etc/logrotate.d
 etc/netplug
 etc/opennhrp
+etc/modprobe.d
 etc/ppp
 etc/rsyslog.d
 etc/securetty
@@ -16,7 +18,9 @@ etc/update-motd.d
 etc/vyos
 lib/
 opt/
+srv/localui
 usr/sbin
+usr/bin/config-mgmt
 usr/bin/initial-setup
 usr/bin/vyos-config-file-query
 usr/bin/vyos-config-to-commands
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index d5f5cbbc7..ddc189508 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -24,9 +24,9 @@ fi
 # Enable 2FA/MFA support for SSH and local logins
 for file in /etc/pam.d/sshd /etc/pam.d/login
 do
-    PAM_CONFIG="auth       required     pam_google_authenticator.so nullok"
-    grep -qF -- "${PAM_CONFIG}" $file || \
-    sed -i "/^@include common-auth/a # Check 2FA/MFA authentication token if enabled (per user)\n${PAM_CONFIG}" $file
+    PAM_CONFIG="# Check 2FA/MFA authentication token if enabled (per user)\nauth       required     pam_google_authenticator.so nullok forward_pass\n"
+    grep -qF -- "pam_google_authenticator.so" $file || \
+    sed -i "/^# Standard Un\*x authentication\./i${PAM_CONFIG}" $file
 done
 
 # Add RADIUS operator user for RADIUS authenticated users to map to
@@ -114,3 +114,13 @@ done
 # Remove logrotate items controlled via CLI and VyOS defaults
 sed -i '/^\/var\/log\/messages$/d' /etc/logrotate.d/rsyslog
 sed -i '/^\/var\/log\/auth.log$/d' /etc/logrotate.d/rsyslog
+
+# Fix FRR pam.d "vtysh_pam" vtysh_pam: Failed in account validation T5110
+if test -f /etc/pam.d/frr; then
+    if grep -q 'pam_rootok.so' /etc/pam.d/frr; then
+        sed -i -re 's/rootok/permit/' /etc/pam.d/frr
+    fi
+fi
+
+# Generate API GraphQL schema
+/usr/libexec/vyos/services/api/graphql/generate/generate_schema.py