summaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2024-04-07login: T5875: fix corner case for KeyError: 'getpwuid(): uid not found: XXXX'Christian Breunig
Commit 1b364428f ("login: T5875: restore home directory permissions only when needed") added logic to chown the users home directory if it's UID changes. This might happen when a user account is deleted and re-added to the system. Under rar e circumstances it was possible that the implementation triggered Traceback (most recent call last): File "<stdin>", line 1, in <module> KeyError: 'getpwuid(): uid not found: XXXX' This has been fixed by re-arranging the code path with an additional try/except if the PW database information could not be retrieved leading to an implicit chown() of the home directory to the user beeing added. (cherry picked from commit 1165bb497ec2d6d1b3b12d6c03435b0210efe9e5)
2024-04-07Merge pull request #3268 from vyos/mergify/bp/sagitta/pr-3263Christian Breunig
ipoe: T6205: error in migration script logic while renaming mac-address to mac node (backport #3263)
2024-04-07Merge pull request #3273 from vyos/mergify/bp/sagitta/pr-3272Viacheslav Hletenko
container: T6208: fix AttributeError: 'ConfigDict' object has no attribute 'upper' (backport #3272)
2024-04-07container: T6208: fix AttributeError: 'ConfigDict' object has no attribute ↵Christian Breunig
'upper' Commit b30faa43c (container: T6208: rename "cap-add" CLI node to "capability") added an AttributeError referencing an out of scope variable. This has been fixed. (cherry picked from commit 2463bd292f14e46fdb26116791a89ca2eb651d17)
2024-04-07ipoe: T6205: fix conditional branch error in config migratorChristian Breunig
Commit a5ccc06c0 ("ipoe: T6205: error in migration script logic while renaming mac-address to mac node") added a conditional path into the config which could result in the migrated config not beeing written if precondition was not met. (cherry picked from commit 2bbded1e485614d40b2e95165629487537fd1757)
2024-04-07Merge pull request #3271 from vyos/mergify/bp/sagitta/pr-3269Christian Breunig
container: T6208: rename "cap-add" CLI node to "capability" (backport #3269)
2024-04-07container: T6208: rename "cap-add" CLI node to "capability"Christian Breunig
Containers have the ability to add Linux system capabilities to them, this is done using the "set container name <name> cap-add" command. The CLI node sounds off and rather should be "set container name <name> capability" instead as we use and pass a capability to a container and not add/invent new ones. (cherry picked from commit b30faa43c28b592febd83a7fd3a58247de6b27bc)
2024-04-06ipoe: T6205: error in migration script logic while renaming mac-address to ↵Christian Breunig
mac node The problem was introduced in [1] but the config migrator part unfortunately was added to the wrong version [2]. As IPoE config version 0 was only active during the 1.3 development cycle and VyOS 1.3.0 was already released with config version 1 we can safely drop the migrator 0-to-1 and move the code to 1-to-2 to properly support upgrades from VyOS 1.3 -> 1.4 or newer. 1: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-08291bf77870abe3af8bbe3e8ce4bbf344fd0498b2c5c75a75aa7235d381c88eL168 2: https://github.com/vyos/vyos-1x/commit/05df2a5f021f0c7aab7c06db645d210858b6e98d#diff-b8bb58b75607d3653e74d82eff02442f9f3ab82698f160ba37858f7cdf6c79ccR44-R46 (cherry picked from commit a5ccc06c08d3a9696f1c03c8d0c7de78ce1fd3c5)
2024-04-06Merge pull request #3258 from vyos/mergify/bp/sagitta/pr-3255Daniil Baturin
T6203: remove obsoleted xml lib (backport #3255)
2024-04-06Merge pull request #3267 from vyos/mergify/bp/sagitta/pr-3266Daniil Baturin
T6199: start validating smoketests against real CLI defaultValues (backport #3266)
2024-04-06Merge pull request #3264 from vyos/mergify/bp/sagitta/pr-3219Daniil Baturin
T6188: add description to show firewall (backport #3219)
2024-04-06Merge pull request #3262 from vyos/mergify/bp/sagitta/pr-3254Daniil Baturin
conntrack-sync: T1244: Support for StartupResync in conntrackd (backport #3254)
2024-04-06Merge pull request #3261 from vyos/mergify/bp/sagitta/pr-3260Daniil Baturin
T6199: remove unused Python imports from migration scripts (backport #3260)
2024-04-06T6199: start validating smoketests against real CLI defaultValuesChristian Breunig
Use vyos.xml_ref.default_value to query XML default values and take them into account when validating properly applied defaults in individual smoketests instead of using hardcoded values like 443 for https port. (cherry picked from commit d9d2e9c8ead29c173fefd1b565d191a85baaa071)
2024-04-06GitHub: run unused-imports ony for current and sagittaChristian Breunig
(cherry picked from commit 4c5afe0ba7853cf3fc4626933ecde70b321e9d67)
2024-04-06T6188: Add description to detail view onlyl0crian1
For readability in console sessions, moved the description column to only be shown in the detail view. Changed wrapping in the detail view for description to 65 characters to prevent full line wrapping in console sessions. (cherry picked from commit 4dba82c7517f4a93b9727d22104e4a339bad127a)
2024-04-06 T6188:l0crian1
- modified: src/op_mode/firewall.py Changed behavior of "show firewall" for specific rule to only show rule and not also default-action (cherry picked from commit a7c5205ab12e767c6c60887033694c597e01f21b)
2024-04-06 modified: op-mode-definitions/firewall.xml.inl0crian1
- Added show firewall <sections> detail paths modified: src/op_mode/firewall.py - Added Description as a header to normal "show firewall" commands - Added 'detail' view which shows the output in a list key-pair format Description column was added for these commands and their subsections: show firewall statistics show firewall groups show firewall <family> Detail view was added for these commands: show firewall bridge forward filter detail show firewall bridge forward filter rule <rule#> detail show firewall bridge name <chain> detail show firewall bridge name <chain> rule <rule#> detail show firewall ipv4 forward filter detail show firewall ipv4 forward filter rule <rule#> detail show firewall ipv4 input filter detail show firewall ipv4 input filter rule <rule#> detail show firewall ipv4 output filter detail show firewall ipv4 output filter rule <rule#> detail show firewall ipv4 name <chain> detail show firewall ipv4 name <chain> rule <rule#> detail show firewall ipv6 forward filter detail show firewall ipv6 forward filter rule <rule#> detail show firewall ipv6 input filter detail show firewall ipv6 input filter rule <rule#> detail show firewall ipv6 output filter detail show firewall ipv6 output filter rule <rule#> detail show firewall ipv6 name <chain> detail show firewall ipv6 name <chain> rule <rule#> detail show firewall group detail show firewall group <group> detail (cherry picked from commit 025438ccacc654274efbd3bea8b13fcc73ae08b6)
2024-04-06T6188: add description to show firewalll0crian1
(cherry picked from commit b2ced47bdc547ada59b37e6617422188e150282c)
2024-04-06conntrack-sync: T1244: add CLI support for StartupResyncNataliia Solomko
(cherry picked from commit 2eb7f96ca2038bf37dc1d274821ca6f619489b58)
2024-04-06Debian: T6199: add pylint do list of build dependenciesChristian Breunig
(cherry picked from commit 71786307eed6a0ebb42755f24c19dfd46b1b9696)
2024-04-06T6199: remove unused Python imports from migration scriptsChristian Breunig
(cherry picked from commit 489e6fababa60d9c0fbfdb421305cbe563432499) # Conflicts: # src/migration-scripts/dhcp-server/9-to-10 # src/migration-scripts/dhcpv6-server/3-to-4
2024-04-05T6203: remove obsoleted xml libJohn Estabrook
The vyos.xml functionality is replaced with vyos.xml_ref. (cherry picked from commit 28a7195d8e200418d2fdc3b8839f14f514d788e7)
2024-04-05op-mode: T6203: replace use of vyos.xml.defaults with automatic defaultsJohn Estabrook
(cherry picked from commit aa1fb0733f18dfb0ccdfb37df36839c6a358d8ee)
2024-04-05Merge pull request #3253 from HollyGurza/T6204-sagittaDaniil Baturin
T6204: cleanup shebang lines
2024-04-05T6204: cleanup shebang lineskhramshinr
2024-04-05Merge pull request #3248 from vyos/mergify/bp/sagitta/pr-3244Daniil Baturin
T6197: Fixed usage ipoe interface client-subnet without pools (backport #3244)
2024-04-05Merge pull request #3251 from vyos/mergify/bp/sagitta/pr-3249Daniil Baturin
ospf: T6089: fix invalid "ospf passive-interface default" (backport #3249)
2024-04-04ospf: T6089: fix invalid "ospf passive-interface default"Christian Breunig
The option "passive-interface default" was set even if it was not present in the previous version we are migrating from. Fix migration script to handle this with a conditional path. (cherry picked from commit ef8d9a73335bc685084e3ff97238836e452dfa8c)
2024-04-04GitHub: fix "on" trigger for unused-imports workflowChristian Breunig
(cherry picked from commit 44bd4c360dc032e4bde55b11423ddae0f042600e)
2024-04-04Merge pull request #3247 from vyos/mergify/bp/sagitta/pr-3246Christian Breunig
T6199: drop unused Python imports from graphql source (backport #3246)
2024-04-04T6197: Fixed usage ipoe interface client-subnet without poolsaapostoliuk
Allowed using ipoe interface client-subnet without client pools configuration. (cherry picked from commit 49d4df5926637ec3dfd33a1dfcaab364adc28c4c)
2024-04-04Makefile: improve "unused-imports" targetChristian Breunig
(cherry picked from commit faa153524f04ebe8ab5f12d7afe6df2a6eb3728a)
2024-04-04T6199: drop unused Python imports from graphql sourceChristian Breunig
(cherry picked from commit 9b4a3bc54ec6d2ff8e435add5e2de995a54dfc6a)
2024-04-04Merge pull request #3245 from vyos/mergify/bp/sagitta/pr-3238Christian Breunig
bgp: T5943: BGP Peer-group members must be all internal or all external (backport #3238)
2024-04-04bgp: T5943: BGP Peer-group members must be all internal or all externalkhramshinr
(cherry picked from commit d403117cdb5e7718c8590cfeb79a336cb5b67aac)
2024-04-04Merge pull request #3241 from c-po/spring-cleaning-sagittaDaniil Baturin
T6199: spring cleaning - drop unused Python imports (backport #3240)
2024-04-04Merge pull request #3239 from nicolas-fort/T6068-sagChristian Breunig
T6068: T6171: change <fail-over> node to <high-availability>; add <mode> parameter
2024-04-03GitHub: run unused imports action only for pull requestsChristian Breunig
(cherry picked from commit 8205e3cf918142a55e00c00dc241a6a30914fbd9)
2024-04-03GitHub: add action to check for unused importsChristian Breunig
(cherry picked from commit 74198e68a6edbdb36a6103a7666de530bdd71696)
2024-04-03T6199: drop unused Python importsChristian Breunig
found using "git ls-files *.py | xargs pylint | grep W0611" (cherry picked from commit 274b2da242acd1f1f64ff1dee471e34295137c5f)
2024-04-03T6199: replace netifaces.interfaces() with common custom helpersChristian Breunig
* Use interface_exists() outside of verify() * Use verify_interface_exists() in verify() to drop common error message (cherry picked from commit 4c7c168fe970b807750a05ceb66b70c0d8652535)
2024-04-03T6199: drop unused sphinx documentation folderChristian Breunig
(cherry picked from commit 86b632874288aa5707a94a4f28ca816e543823b9)
2024-04-03T6068: T6171: change <fail-over> node from dhcp-server to ↵Nicolas Fort
<high-availability>. Also, add <mode> parameter in order to configure active-active or active-passive behavior for HA.
2024-04-03Merge pull request #3235 from vyos/mergify/bp/sagitta/pr-3229Daniil Baturin
T6192: allow binding SSH to multiple VRF instances (backport #3229)
2024-04-02Merge pull request #3237 from vyos/mergify/bp/sagitta/pr-3236Christian Breunig
configverify: T6198: add common helper for PKI certificate validation (backport #3236)
2024-04-02configverify: T6198: add common helper for PKI certificate validationChristian Breunig
The next evolutional step after adding get_config_dict(..., with_pki=True) is to add a common verification function for the recurring task of validating SSL certificate existance in e.g. EAPoL, OpenConnect, SSTP or HTTPS. (cherry picked from commit 3b758d870449e92fece9e29c791b950b332e6e65)
2024-04-02Merge pull request #3233 from vyos/mergify/bp/sagitta/pr-3232Christian Breunig
T6196: Fixed applying parameters for aggregation in BGP (backport #3232)
2024-04-02Merge pull request #3234 from vyos/mergify/bp/sagitta/pr-3230Christian Breunig
firewall: nat: policy: vrf: nft call syntax and import cleanup (backport #3230)
2024-04-02ssh: T6192: allow binding to multiple VRF instancesChristian Breunig
Currently VyOS only supports binding a service to one individual VRF. It might become handy to have the services (initially it will be VRF, NTP and SNMP) be bound to multiple VRFs. Changed VRF from leafNode to multi leafNode with defaultValue: default - which is the name of the default VRF. (cherry picked from commit e5af1f0905991103b12302892e6f0070bbb7b770)