vyatta-cfg-system.git/scripts/install/install-image, branch 1.3.7

vyatta-cfg-system.git/scripts/install/install-image, branch 1.3.7 Vyatta system-level configuration templates/scripts (mirror of https://github.com/vyos/vyatta-cfg-system.git) https://git.amelek.net/vyos/vyatta-cfg-system.git/atom?h=1.3.7 2021-12-16T15:47:01+00:00 remote: T3356: Backport remote module use to Equuleus 2021-12-16T15:47:01+00:00 erkin e.altunbas@vyos.io 2021-12-16T15:47:01+00:00 urn:sha1:fbf8808f0a2ec1d1964af2c2243224d5ebffeb29 gpg: T3879: fix signature validation 2021-10-16T16:53:39+00:00 Christian Poessinger christian@poessinger.com 2021-10-16T16:53:39+00:00 urn:sha1:217c4b5c165e9e8a64bfe82d3ddade256b0990e0 install-image: T2108: use minisign backup key if primary key fails 2021-09-06T10:31:45+00:00 Christian Poessinger christian@poessinger.com 2021-09-06T10:31:45+00:00 urn:sha1:0c5edf1ced2872c495b190977db575deaf28fa1c install-image: remove whitespaces after . 2021-09-06T10:31:21+00:00 Christian Poessinger christian@poessinger.com 2021-09-06T10:31:21+00:00 urn:sha1:c36db1614b60fc180d016fd3b7f64d9342a503a6 T3351: Check for SHA256 files 2021-08-27T08:02:49+00:00 Lulu Cathrinus Grimalkin e.altunbas@vyos.io 2021-05-10T19:34:39+00:00 urn:sha1:ab2f850308b51ffe715a088051b9187069f8a6b1 Fall back to MD5 if SHA256 checksums could not be found Don't bother downloading .iso.sha256 files (cherry picked from commit 085d0148c3d7d22afc5ce4fc10750b67c8cdfe26) install-image: T2108: verify image by using minisign over GPG 2021-08-26T18:08:56+00:00 Christian Poessinger christian@poessinger.com 2021-08-26T18:08:56+00:00 urn:sha1:3a27a4fca63ed5d6310ff66ad1cf95992f2d5d39 We will first download and try to verify the image using the generated minisign signature. If this fails, we try to retrieve the GPG signature file. image: T3027: do not rely on the ISO filename when calculating sha256 hash 2020-10-28T16:25:23+00:00 Christian Poessinger christian@poessinger.com 2020-10-28T16:25:15+00:00 urn:sha1:840a815d620a629b093bd849b7d6e60f94f087e3 Updating a running VyOS installation by using the "add system image" command pointing to https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso will break the validation due to filename missmatch. The root cause for this is the sha256 checksum file itself. It contains the hash and the filename used when hashing. When running "sha256sum --check" during the upgrade it expects the "real" filename when calculating and verifying the hash. The real filename differs when using the vyos-rolling-latest.iso symlink on the webserver as it will tell the running VyOS installation a different filename and the validation fails. This is now fixed by not depending on the filename when verifying the hash. We simply calculate the hash of the downloaded file and compare it to the has we saved inside the checksum file and totally ignore the filename itself. image: T2992: automatically verify sha256 checksum on ISO download 2020-10-18T15:47:44+00:00 Christian Poessinger christian@poessinger.com 2020-10-18T15:44:36+00:00 urn:sha1:34b46ca2738fe6a9d15b0ee52deb3d3d5f76606e Good: ===== vyos@vyos:~$ add system image http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso Trying to fetch ISO file from http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 309M 100 309M 0 0 25.1M 0 0:00:12 0:00:12 --:--:-- 25.2M ISO download succeeded. Checking SHA256 (256-bit) checksum... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 106 100 106 0 0 26500 0 --:--:-- --:--:-- --:--:-- 26500 Found it. Verifying checksum... SHA256 checksum valid. Checking for digital signature file... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0 curl: (22) The requested URL returned error: 404 Not Found Unable to fetch digital signature file. Do you want to continue without signature check? (yes/no) [yes] Bad: ==== vyos@vyos:~$ add system image http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso Trying to fetch ISO file from http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 309M 100 309M 0 0 25.8M 0 0:00:11 0:00:11 --:--:-- 25.8M ISO download succeeded. Checking SHA256 (256-bit) checksum... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 106 100 106 0 0 9636 0 --:--:-- --:--:-- --:--:-- 9636 Found it. Verifying checksum... vyos-1.3-rolling-202010180826-amd64.iso: FAILED sha256sum: WARNING: 1 computed checksum did NOT match Signature check FAILED. Installation will not be performed. Exiting... install-image: T2690: T2762: always run in default VRF unless specified 2020-08-22T23:23:49+00:00 Christian Poessinger christian@poessinger.com 2020-08-22T23:23:28+00:00 urn:sha1:296ef04fc762548621401d4463151dfb4c8c3965 When you connect via SSH and run the "add system image" command, it is launched inside the VRF you are currently connected to. This might become confusing as the VRF context changes. Change command to always run in "default" vrf unless "add system image" command is invoked with the vrf option. install-image: T2690: add VRF support when installing new images 2020-08-01T12:29:13+00:00 Christian Poessinger christian@poessinger.com 2020-08-01T12:28:59+00:00 urn:sha1:2fb9fe00ac621038158b537c5abd312dff9ee2cb