Age | Commit message (Collapse) | Author |
|
T6313: Add "NAT" to "generate" command for rule resequence
|
|
T6007: revise migration system
|
|
|
|
The container used for the Jenkins package builds does not provide a
/dev/input/event0 file, thus the build time test fails. Remove the test case
as it's not mandatory.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Tests must run supervisioned by unittest framework and should not be
executed manually
|
|
Rather then waiting for a fully assembled ISO image to validate if there is no
incompatibility with vyos-configd - like more then one instance of Config(),
make this a build time test case for "make test"
|
|
During a corner case where the configuration is migrated to a different system
with fewer ethernet interfaces, migration will fail during an image upgrade.
vyos.ethtool.Ethtool() is instantiated with an invalid interface leading to an
exception that kills the migrator
|
|
op-mode: T6514: rework the "show system storage" code to handle live CD systems correctly
|
|
T5735: Stunnel CLI and configuration
|
|
to handle live CD systems correctly
and allow reusing the functions from other scripts
|
|
Add CLI commands
Add config
Add conf_mode
Add systemd config
Add stunnel smoketests
Add log level config
|
|
configd: T6504: send sudo_user on session init and set env variable
|
|
op mode: T6501: add "run show kernel modules"
|
|
T3202: Enable wireguard debug messages
|
|
The environment variable SUDO_USER is checked by system_login.py so as
to prevent deleting the current user. Provide from config session and
set within configd environment.
|
|
op mode: T6498: move uptime helpers to vyos.utils.system
|
|
to be able to call them from the new tech-support script
|
|
snmp: T6489: use new Python wrapper to interact with config filesystem
|
|
op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted
|
|
Do no longer use my_set and my_delete as this prevents scripts beeing run under
supervision of vyos-configd.
|
|
|
|
|
|
T5949: Add option to disable USB autosuspend
|
|
openconnect: T6500: add support for multiple ca-certificates
|
|
|
|
|
|
Add possibility to provide a full CA chain to the openconnect server.
* Support multiple CA certificates
* For every CA certificate specified, always determine the full certificate
chain in the background and add the necessary SSL certificates
|
|
|
|
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
|
|
T6489: Add support for CLI config scripts that change the underlaying working configuration
|
|
pki: T6241: remove debug print statement about updated subsystems
|
|
pki: T4026: Only emit private keys when available
|
|
wireless: T6318: move country-code to a system wide configuration
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
|
|
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added
a print() statement which notified the users about the subsystems which got
supplied with an updated certificate.
Example:
> PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0
> PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1
This is an informational message which should maybe (if needed) be sent to
syslog. But the main issue is that CLI paths are mangled (- to _) which makes
the about print output wrong and could potentially confuse users.
Statement has been commented to be re-enabled for debugging.
|
|
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove
eprecated option --cipher for server and client mode") lacked executable
permission.
|
|
filesystem
|
|
|
|
my_set/my_delete
|
|
op-mode: T6407: "generate pki" missed to mangle in ACME certificates when required
|
|
required
If the requested certificate to generate an Apple IOS profile was based on an
ACME certificate, we also need to mangle in the ACME certs content to retrieve
the certificates issuer name.
|
|
openvpn: T5487: Remove deprecated option --cipher for server and client mode
|