summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2024-06-27Merge pull request #3715 from HollyGurza/T6313Christian Breunig
T6313: Add "NAT" to "generate" command for rule resequence
2024-06-27Merge pull request #3692 from jestabro/revise-migrationChristian Breunig
T6007: revise migration system
2024-06-27T6313: Add "NAT" to "generate" command for rule resequencekhramshinr
2024-06-27smoketest: T6510: remove build time test to check for /dev/input/event0Christian Breunig
The container used for the Jenkins package builds does not provide a /dev/input/event0 file, thus the build time test fails. Remove the test case as it's not mandatory.
2024-06-26migration: T6007: update run-config-migration scriptJohn Estabrook
2024-06-26migration: T6007: add util add_system_version to replace *_system_footerJohn Estabrook
2024-06-26migration: T6007: update vyos_net_nameJohn Estabrook
2024-06-26migration: T6007: update vyos-merge-config.pyJohn Estabrook
2024-06-26migration: T6007: update vyos-load-config.pyJohn Estabrook
2024-06-26migration: T6007: convert all migration scripts to load as moduleJohn Estabrook
2024-06-26T6510: remove shebang for "make test" testcasesChristian Breunig
Tests must run supervisioned by unittest framework and should not be executed manually
2024-06-26smoketest: T6510: make test_configd_inspect.py a build time testChristian Breunig
Rather then waiting for a fully assembled ISO image to validate if there is no incompatibility with vyos-configd - like more then one instance of Config(), make this a build time test case for "make test"
2024-06-26interfaces: T6519: harden config migration if ethernet interface is missingChristian Breunig
During a corner case where the configuration is migrated to a different system with fewer ethernet interfaces, migration will fail during an image upgrade. vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an exception that kills the migrator
2024-06-24Merge pull request #3718 from dmbaturin/T6514-system-storage-rawDaniil Baturin
op-mode: T6514: rework the "show system storage" code to handle live CD systems correctly
2024-06-24Merge pull request #3588 from HollyGurza/T5735Christian Breunig
T5735: Stunnel CLI and configuration
2024-06-24op-mode: T6514: rework the "show system storage" codeDaniil Baturin
to handle live CD systems correctly and allow reusing the functions from other scripts
2024-06-24T5735: Stunnel CLI and configurationkhramshinr
Add CLI commands Add config Add conf_mode Add systemd config Add stunnel smoketests Add log level config
2024-06-24Merge pull request #3701 from jestabro/configd-drop-env-sudoChristian Breunig
configd: T6504: send sudo_user on session init and set env variable
2024-06-24Merge pull request #3683 from dmbaturin/T6501-lsmod-on-steroidsJohn Estabrook
op mode: T6501: add "run show kernel modules"
2024-06-22Merge pull request #3679 from natali-rs1985/T3202-currentChristian Breunig
T3202: Enable wireguard debug messages
2024-06-21configd: T6504: send sudo_user on session init and set env variableJohn Estabrook
The environment variable SUDO_USER is checked by system_login.py so as to prevent deleting the current user. Provide from config session and set within configd environment.
2024-06-21Merge pull request #3684 from dmbaturin/T6498-uptime-helpersJohn Estabrook
op mode: T6498: move uptime helpers to vyos.utils.system
2024-06-21op mode: T6498: move uptime helpers to vyos.utils.systemDaniil Baturin
to be able to call them from the new tech-support script
2024-06-21Merge pull request #3694 from c-po/T6489-snmpdChristian Breunig
snmp: T6489: use new Python wrapper to interact with config filesystem
2024-06-20Merge pull request #3654 from talmakion/bugfix/T5514John Estabrook
op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted
2024-06-20snmp: T6489: use new Python wrapper to interact with config filesystemChristian Breunig
Do no longer use my_set and my_delete as this prevents scripts beeing run under supervision of vyos-configd.
2024-06-20T3202: add single variable for Kernel dynamic debug settingsChristian Breunig
2024-06-20T3202: Enable wireguard debug messagesNataliia Solomko
2024-06-20Merge pull request #3677 from HollyGurza/T5949Christian Breunig
T5949: Add option to disable USB autosuspend
2024-06-20Merge pull request #3682 from c-po/T6500-openconnect-multi-caChristian Breunig
openconnect: T6500: add support for multiple ca-certificates
2024-06-19macsec: T5447: fix error message syntax - there is no tx and rx key, only keyChristian Breunig
2024-06-19op mode: T6501: add "run show kernel modules"Daniil Baturin
2024-06-19openconnect: T6500: add support for multiple ca-certificatesChristian Breunig
Add possibility to provide a full CA chain to the openconnect server. * Support multiple CA certificates * For every CA certificate specified, always determine the full certificate chain in the background and add the necessary SSL certificates
2024-06-19T6497: CGNAT delete conntrack entries if a pool is modifiedViacheslav Hletenko
2024-06-19T5949: Add option to disable USB autosuspendkhramshinr
2024-06-19op-mode: T5514: Allow safe reboots to config defaults when config.boot is ↵Andrew Topp
deleted * Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances * Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
2024-06-17Merge pull request #3652 from c-po/T6489-unionfsChristian Breunig
T6489: Add support for CLI config scripts that change the underlaying working configuration
2024-06-17Merge pull request #3657 from c-po/pki-T6241-no-debugChristian Breunig
pki: T6241: remove debug print statement about updated subsystems
2024-06-17Merge pull request #3655 from talmakion/bugfix/T4026Daniil Baturin
pki: T4026: Only emit private keys when available
2024-06-17Merge pull request #3656 from c-po/wireless-regdomainDaniil Baturin
wireless: T6318: move country-code to a system wide configuration
2024-06-16wireless: T6318: move country-code to a system wide configurationChristian Breunig
Wireless devices are subject to regulations issued by authorities. For any given AP or router, there will most likely be no case where one wireless NIC is located in one country and another wireless NIC in the same device is located in another country, resulting in different regulatory domains to apply to the same box. Currently, wireless regulatory domains in VyOS need to be configured per-NIC: set interfaces wireless wlan0 country-code us This leads to several side-effects: * When operating multiple WiFi NICs, they all can have different regulatory domains configured which might offend legislation. * Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US" This is true for the Compex WLE600VX. This setting cannot be done per-interface. Migrate the first found wireless module country-code from the wireless interface CLI to: "system wireless country-code"
2024-06-16pki: T4026: Only emit private keys when availableAndrew Topp
* install_certificate() code path handles private_key=None & key_passphrase=None OK already * file and console output paths will error trying to encode None as a key * This is only an issue for a couple of the generate_*_sign() functions, where having a null private key is possible * Self-signing and CA creation always generate a private key * Certreqs will generate a private key if not already provided * Do not prompt for a private key passphrase if we aren't giving back a private key
2024-06-15pki: T6241: remove debug print statement about updated subsystemsChristian Breunig
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added a print() statement which notified the users about the subsystems which got supplied with an updated certificate. Example: > PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0 > PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1 This is an informational message which should maybe (if needed) be sent to syslog. But the main issue is that CLI paths are mangled (- to _) which makes the about print output wrong and could potentially confuse users. Statement has been commented to be re-enabled for debugging.
2024-06-15openvpn: T5487: make migration script executableChristian Breunig
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove eprecated option --cipher for server and client mode") lacked executable permission.
2024-06-15T6489: add abstraction vyos.utils.configfs to work natively with the config ↵Christian Breunig
filesystem
2024-06-15T6489: add abstraction vyos.utils.auth.get_current_user()Christian Breunig
2024-06-15login: T6489: add smarter way to interact with the working config instead of ↵Christian Breunig
my_set/my_delete
2024-06-14Merge pull request #3646 from c-po/pki-T6407Christian Breunig
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
2024-06-14op-mode: T6407: "generate pki" missed to mangle in ACME certificates when ↵Christian Breunig
required If the requested certificate to generate an Apple IOS profile was based on an ACME certificate, we also need to mangle in the ACME certs content to retrieve the certificates issuer name.
2024-06-13Merge pull request #3639 from natali-rs1985/T5487-currentDaniil Baturin
openvpn: T5487: Remove deprecated option --cipher for server and client mode