| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
the default was still set to "Yes"
|
|
Fall back to MD5 if SHA256 checksums could not be found
Don't bother downloading .iso.sha256 files
(cherry picked from commit 085d0148c3d7d22afc5ce4fc10750b67c8cdfe26)
|
|
We will first download and try to verify the image using the generated minisign
signature. If this fails, we try to retrieve the GPG signature file.
|
|
menuentry
|
|
(#159)
* add search for same drive size if more than 2 drives are installed
* add ability to configure RAID-1 by selecting 2 drives
* cleaning up sysconf/filecaps rights
* cleaning up sysconf/filecaps rights xtables-monitor
|
|
(cherry picked from commit 6019ab063d8f26172ffc3993fa25a57fcd5782aa)
|
|
- CHanging sysctl values should be done by out generic file
/etc/sysctl.d/30-vyatta-router.conf
- NTP config must not be restored from from /opt as it is entirely
rendered from scratch.
(cherry picked from commit b74daed7c3d2e302426fd5c6ace7e299d4278ca0)
|
|
The scripts:
vyatta_net_name
vyatta_interface_rescan
still require XorpConfigParser; all other uses have been rewritten, or
obviated. In order to retire the package vyatta-config-migrate in favor
of keeping migration scripts in vyos-1x, we need to move this module
into vyatta-cfg-system for use by the above mentioned scripts.
|
|
These scripts have been superseded by the cloud-init tools, and contain
legacy references to XorpConfigParser.pm (via
vyatta-cfg/scripts/vyatta-load-config.pl, via ConfigLoad.pm), which one
would like to retire.
|
|
|
|
|
|
Updating a running VyOS installation by using the "add system image" command
pointing to https://downloads.vyos.io/rolling/current/amd64/vyos-rolling-latest.iso
will break the validation due to filename missmatch.
The root cause for this is the sha256 checksum file itself. It contains the hash
and the filename used when hashing. When running "sha256sum --check" during the
upgrade it expects the "real" filename when calculating and verifying the hash.
The real filename differs when using the vyos-rolling-latest.iso symlink on the
webserver as it will tell the running VyOS installation a different filename and
the validation fails.
This is now fixed by not depending on the filename when verifying the hash. We
simply calculate the hash of the downloaded file and compare it to the has we
saved inside the checksum file and totally ignore the filename itself.
|
|
Good:
=====
vyos@vyos:~$ add system image http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
Trying to fetch ISO file from http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 309M 100 309M 0 0 25.1M 0 0:00:12 0:00:12 --:--:-- 25.2M
ISO download succeeded.
Checking SHA256 (256-bit) checksum...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 106 100 106 0 0 26500 0 --:--:-- --:--:-- --:--:-- 26500
Found it. Verifying checksum...
SHA256 checksum valid.
Checking for digital signature file...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
curl: (22) The requested URL returned error: 404 Not Found
Unable to fetch digital signature file.
Do you want to continue without signature check? (yes/no) [yes]
Bad:
====
vyos@vyos:~$ add system image http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
Trying to fetch ISO file from http://foo.com/vyos-1.3-rolling-202010180826-amd64.iso
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 309M 100 309M 0 0 25.8M 0 0:00:11 0:00:11 --:--:-- 25.8M
ISO download succeeded.
Checking SHA256 (256-bit) checksum...
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 106 100 106 0 0 9636 0 --:--:-- --:--:-- --:--:-- 9636
Found it. Verifying checksum...
vyos-1.3-rolling-202010180826-amd64.iso: FAILED
sha256sum: WARNING: 1 computed checksum did NOT match
Signature check FAILED.
Installation will not be performed.
Exiting...
|
|
|
|
|
|
This reverts commit c406852a0288f598a74a86cde553790f6a85537f.
|
|
|
|
conf-mode: T2423: Loadkey add insecure option
|
|
When you connect via SSH and run the "add system image" command, it is launched
inside the VRF you are currently connected to. This might become confusing as
the VRF context changes.
Change command to always run in "default" vrf unless "add system image" command
is invoked with the vrf option.
|
|
Config must be cleared on boot, otherwise if one configures a cronjob
without explicit saving the config it will still be present on the next
reboot.
|
|
|
|
This makes it easier to add VRF support.
|
|
|
|
|
|
|
|
|
|
The configuration of SSHd is rendered from a template each time the service
changes. Thus it is not required that the boot process touches the config.
|
|
|
|
|
|
|
|
|
|
* 'current' of github.com:vyos/vyatta-cfg-system:
syslog: T1845: migration script support bumps system to 12
syslog: T1845: migration script support bumps system to 12
Revert "syslog: T1845 bumping system version for migration script"
syslog: T1845 bumping system version for migration script
Fix rootdev regex to support mmcblk devices
geneve: T1799: add Generic Network Virtualization Encapsulation
|
|
|
|
Auto-merging scripts/rl-system.init
Auto-merging scripts/install/install-image
Auto-merging Jenkinsfile
|
|
|
|
|
|
|
|
The IPv6 DFZ is now approaching 80k routes. Time to bump VyOS's default up, because otherwise it is a nasty surprise that's tricky to debug.
|
|
* 'current' of github.com:vyos/vyatta-cfg-system:
T1616: fix DHCPv6 script behaviour in op mode.
openvpn: T1630: add system user openvpn
vxlan: T1636: initial rewrite with XML and Python
Makefile.am: fix after removing files for bridge and bonding
bridge: T1615: remove old vyatta-bridge.pl
bonding: T1614: increase config version from interfaces 1 -> 2
bonding: T1614: remove old style node.def files in favour of XML/Python rewrite
bridge: T1556: migrate bridge config to XML/Python
[tunnel] T1593: Added ip6gre encapsulation for tunnel interfaces
loopback: T1601: rewrite using XML/Python definitions
powerdns: T1595: add config migrator to remove 'listen-on'
powerdns: T1524: support setting allow-from network
dummy: T1580: rewrite in new style XML/Python
|
|
|
|
|
|
|
|
|
|
|
|
Debian live-config (>= 5.0) will set the default to 'autologin' when
booting in live mode, unless explicitly set.
|
|
|
