| Age | Commit message (Collapse) | Author |
|---|
|
- CHanging sysctl values should be done by out generic file
/etc/sysctl.d/30-vyatta-router.conf
- NTP config must not be restored from from /opt as it is entirely
rendered from scratch.
|
|
Commit ac2586bc ("T671: remove apparently unused scripts") dropped the
restricted-shell helper script which is not referenced by any other VyOS/Vyatta
shell script, but rather directly from C code [1].
Restore the file.
[1] https://github.com/vyos/libpam-radius-auth/blob/76ad405d374f70812/src/radius_shell.c#L125-L129
|
|
T671: remove apparently unused scripts.
|
|
|
|
migration: T3161: move XorpConfigParser.pm; remove ConfigLoad.pm
|
|
These scripts have been superseded by the cloud-init tools, and contain
legacy references to XorpConfigParser.pm (via
vyatta-cfg/scripts/vyatta-load-config.pl, via ConfigLoad.pm), which one
would like to retire.
|
|
The scripts:
vyatta_net_name
vyatta_interface_rescan
still require XorpConfigParser; all other uses have been rewritten, or
obviated. In order to retire the package vyatta-config-migrate in favor
of keeping migration scripts in vyos-1x, we need to move this module
into vyatta-cfg-system for use by the above mentioned scripts.
|
|
VyOS requires all system services to be disabled by default, this is a second
implementation of the same solution. We should stick with the general solution
in [1].
[1]: https://github.com/vyos/vyos-build/blob/current/data/live-build-config/hooks/live/18-enable-disable_services.chroot
|
|
|
|
|
|
|
|
interfaces: T3112: bump config version 16 -> 17
|
|
|
|
|
|
vyatta-cfg: T2713: Return original permissions for config-auth files
|
|
|
|
|
|
|
|
This is no longer required as we take care about the interfaces by ourselfs
through Python vyos.ifconfig module.
|
|
|
|
Updating a running VyOS installation by using the "add system image" command
pointing to https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
will break the validation due to filename missmatch.
The root cause for this is the sha256 checksum file itself. It contains the hash
and the filename used when hashing. When running "sha256sum --check" during the
upgrade it expects the "real" filename when calculating and verifying the hash.
The real filename differs when using the vyos-rolling-latest.iso symlink on the
webserver as it will tell the running VyOS installation a different filename and
the validation fails.
This is now fixed by not depending on the filename when verifying the hash. We
simply calculate the hash of the downloaded file and compare it to the has we
saved inside the checksum file and totally ignore the filename itself.
|
|
image: T2992: automatically verify sha256 checksum on ISO download
|
|
Good:
=====
vyos@vyos:~$ add system image http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
Trying to fetch ISO file from http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 309M 100 309M 0 0 25.1M 0 0:00:12 0:00:12 --:--:-- 25.2M
ISO download succeeded.
Checking SHA256 (256-bit) checksum...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 106 100 106 0 0 26500 0 --:--:-- --:--:-- --:--:-- 26500
Found it. Verifying checksum...
SHA256 checksum valid.
Checking for digital signature file...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found
Unable to fetch digital signature file.
Do you want to continue without signature check? (yes/no) [yes]
Bad:
====
vyos@vyos:~$ add system image http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
Trying to fetch ISO file from http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 309M 100 309M 0 0 25.8M 0 0:00:11 0:00:11 --:--:-- 25.8M
ISO download succeeded.
Checking SHA256 (256-bit) checksum...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 106 100 106 0 0 9636 0 --:--:-- --:--:-- --:--:-- 9636
Found it. Verifying checksum...
vyos-1.3-rolling-202010180826-amd64.iso: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
Signature check FAILED.
Installation will not be performed.
Exiting...
|
|
|
|
|
|
cfg-system: T2902: Fix regex that doesnt allow X in image name
|
|
|
|
|
|
cfg-system: T2896: Fix DHCP interface lease file name
|
|
|
|
|
|
This reverts commit c406852a0288f598a74a86cde553790f6a85537f.
|
|
|
|
|
|
conf-mode: T2423: Loadkey add insecure option
|
|
When you connect via SSH and run the "add system image" command, it is launched
inside the VRF you are currently connected to. This might become confusing as
the VRF context changes.
Change command to always run in "default" vrf unless "add system image" command
is invoked with the vrf option.
|
|
Optimize CLI interface for PD configuration
|
|
T2765: arm: vyatta-cfg-system is dependent on a amd64 only package
|
|
The vyatta-cfg-system package is dependent on the grub-efi-amd64-bin package to be installed.
This makes it unable to be built for any other platform as the package is amd64 only.
This commit changes the dependency to be a amd64 dependency only, thouse it will not be present on other architectures
|
|
Config must be cleared on boot, otherwise if one configures a cronjob
without explicit saving the config it will still be present on the next
reboot.
|
|
|
|
This makes it easier to add VRF support.
|
|
|
|
|
|
|
|
Commit a8f66736 ("tunnel: T2633: migrate to vyos-1x") unfortunately did not
remove all files and produced an invalid DEB containing the .git directory
for instance.
|
|
|
|
|
|
T2486: increase dns-forwarding and system config versions
|
|
|
