From bab23d7cb8291192c74519f7cca2ee0044992723 Mon Sep 17 00:00:00 2001 From: Mohit Mehta Date: Wed, 17 Sep 2008 19:27:17 -0700 Subject: Fix Bug 3607 Error setting DNS forwarding to use DHCP --- scripts/dns-forwarding/vyatta-dns-forwarding.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/dns-forwarding/vyatta-dns-forwarding.pl b/scripts/dns-forwarding/vyatta-dns-forwarding.pl index 4a011b6a..38f5ee67 100644 --- a/scripts/dns-forwarding/vyatta-dns-forwarding.pl +++ b/scripts/dns-forwarding/vyatta-dns-forwarding.pl @@ -119,7 +119,7 @@ sub dnsforwarding_get_values { if (@use_dhcp_nameservers != 0) { $use_dnsmasq_conf = 1; foreach my $interface (@use_dhcp_nameservers) { - my $dhcp_nameserver_count=`grep nameserver /etc/resolv.conf.dhclient-new-$interface | wc -l`; + my $dhcp_nameserver_count=`grep nameserver /etc/resolv.conf.dhclient-new-$interface 2>/dev/null | wc -l`; if ($dhcp_nameserver_count > 0) { my @dhcp_nameservers = `grep nameserver /etc/resolv.conf.dhclient-new-$interface`; for my $each_nameserver (@dhcp_nameservers) { @@ -149,7 +149,7 @@ sub dnsforwarding_write_file { sub check_nameserver { - my $cmd = `grep nameserver /etc/resolv.conf|wc -l`; + my $cmd = `grep nameserver /etc/resolv.conf 2>/dev/null | wc -l`; return $cmd; } -- cgit v1.2.3 From 3e1bdbdad99e5c019b4797bb906e89858e504b95 Mon Sep 17 00:00:00 2001 From: Rick Balocca Date: Mon, 22 Sep 2008 10:27:19 -0700 Subject: Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3694 --- scripts/install-system | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) mode change 100755 => 100644 scripts/install-system diff --git a/scripts/install-system b/scripts/install-system old mode 100755 new mode 100644 index 77384d56..7229cfda --- a/scripts/install-system +++ b/scripts/install-system @@ -417,12 +417,16 @@ select_drive () { display="$display $drive\t$size"MB"\n" done - # Display the drives and ask the user which one to install to - echo -e "$display" - echo - echo -n "$1 [$INSTALL_DRIVE]:" + while true + do + # Display the drives and ask the user which one to install to + echo -e "$display" + echo + echo -n "$1 [$INSTALL_DRIVE]:" + response=$(get_response "$INSTALL_DRIVE" "$drives") && break + done + INSTALL_DRIVE="$response" - INSTALL_DRIVE=$(get_response "$INSTALL_DRIVE" "$drives") echo # Assume no dma if the disk is smaller than 10G (such as a CF drive) -- cgit v1.2.3 From 29916bd39344088c84221a4ec2da387b28029097 Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 22 Sep 2008 14:07:09 -0700 Subject: Allow any number of tunnel devices The CLI should not be enforcing arbitrary restrictions on the number of devices. The limit should be based on the resources of the system and only the kernel would know that. So let the user try and make 10000 tunnel devices, maybe its on a 2000 core machine with 64G of memory. Any failure will show up when the attempt is made to create the tunnel device. --- templates/interfaces/tunnel/node.def | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/interfaces/tunnel/node.def b/templates/interfaces/tunnel/node.def index d152dbe5..89ee200c 100644 --- a/templates/interfaces/tunnel/node.def +++ b/templates/interfaces/tunnel/node.def @@ -2,7 +2,8 @@ tag: type: txt help: Set tunnel interface -syntax:expression: exec "echo $VAR(@) | grep \"tun[0-9][0-9]\\{0,2\\}\$\" > /dev/null "; "tunnel must be (tun0-tun999)" +syntax:expression: pattern $VAR(@) "^tun[0-9]+$" \ + ; "tunnel must be (tun0-tun999)" commit:expression: $VAR(./local-ip/) != "" ; \ "Must configure the tunnel local-ip for $VAR(@)" -- cgit v1.2.3 From 3d4b0dcf7e73f6a245c6c2b0a84a9fadad2ccaaf Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Mon, 22 Sep 2008 14:09:54 -0700 Subject: Allow any number of bridge devices The CLI should not be enforcing arbitrary restrictions on the number of devices. The limit should be based on the resources of the system and only the kernel would know that. So let the user try and make 10000 bridge devices, maybe its on a 2000 core machine with 64G of memory. Any failure will show up when the attempt is made to create the tunnel device. --- templates/interfaces/bridge/node.def | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/templates/interfaces/bridge/node.def b/templates/interfaces/bridge/node.def index 0dc3670c..641d369d 100644 --- a/templates/interfaces/bridge/node.def +++ b/templates/interfaces/bridge/node.def @@ -2,7 +2,7 @@ tag: type: txt help: Set bridge interface -syntax:expression: $VAR(@) in "br0", "br1", "br2", "br3", "br4", "br5", "br6", "br7", "br8", "br9" ; "Must be (br0 - br9)" +syntax:expression: pattern $VAR(@) "^br[0-9]+$" ; "Must be (br0 - br999)" create: sudo brctl addbr $VAR(@) @@ -13,4 +13,4 @@ delete: if [ -n "`/usr/sbin/brctl show | grep $VAR(@) | grep eth`" ]; then sudo ip link set $VAR(@) down; sudo brctl delbr $VAR(@); -comp_help: "Enter bridge interface name (br0 - br9)" +comp_help: "Enter bridge interface name (br0 - br999)" -- cgit v1.2.3 From 5a2549a7bc30dfcaf1b8e9c3cedf68bd470a717f Mon Sep 17 00:00:00 2001 From: Stephen Hemminger Date: Tue, 23 Sep 2008 16:40:37 -0700 Subject: No longer need to turn off SACK The TCP MD5 code is fixed to handle SACK correctly. --- sysconf/vyatta-sysctl.conf | 3 --- 1 file changed, 3 deletions(-) diff --git a/sysconf/vyatta-sysctl.conf b/sysconf/vyatta-sysctl.conf index fae11945..a021c42a 100644 --- a/sysconf/vyatta-sysctl.conf +++ b/sysconf/vyatta-sysctl.conf @@ -22,8 +22,5 @@ net.ipv4.icmp_ignore_bogus_error_responses=1 # Send ICMP responses with primary address of exiting interface net.ipv4.icmp_errors_use_inbound_ifaddr=1 -# Turn off SACK since it causes problems with MD5 due to lack of options space -net.ipv4.tcp_sack=0 - # Enable packet forwarding for IPv6 net.ipv6.conf.all.forwarding=1 -- cgit v1.2.3 From 5b12b1bc33ccafdbfafdafe71740ccb9e8977cc0 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 24 Sep 2008 16:14:19 -0700 Subject: Bugfix: 3703 Add an item to the grub menu to boot diagnostics if we find a partition that looks to be the diag partition. --- scripts/grub-setup | 63 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 51 insertions(+), 12 deletions(-) diff --git a/scripts/grub-setup b/scripts/grub-setup index 70da564e..1bf47dde 100755 --- a/scripts/grub-setup +++ b/scripts/grub-setup @@ -71,26 +71,26 @@ serial_console="console=tty0 console=ttyS0,9600" # vga_logo="vga=785" - # get list of kernels, except Xen - kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) +# get list of kernels, except Xen +kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) - # get xen kernel info - xen_kernel_version=$(ls $ROOTFSDIR/boot/vmlinuz*xen 2> /dev/null | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) - xen_version=$(ls $ROOTFSDIR/boot/xen-* 2> /dev/null | awk -F/ '{ print $5 }' | sort -r) +# get xen kernel info +xen_kernel_version=$(ls $ROOTFSDIR/boot/vmlinuz*xen 2> /dev/null | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) +xen_version=$(ls $ROOTFSDIR/boot/xen-* 2> /dev/null | awk -F/ '{ print $5 }' | sort -r) - # Figure out whether we are running on the serial or KVM console: - if [ "`tty`" == "/dev/ttyS0" ]; then +# Figure out whether we are running on the serial or KVM console: +if [ "`tty`" == "/dev/ttyS0" ]; then # Since user is running on serial console, make that the default. default_console=1 - else +else # Since user is running on KVM console, make that the default default_console=0 - fi +fi - if eval "$UNION"; then +if eval "$UNION"; then GRUB_OPTIONS="boot=live live-media-path=/boot/$livedir module=$livedir quiet persistent noautologin nonetworking nouser hostname=vyatta" union_kernel_versions=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $6 }' | sed 's/vmlinuz//g' | sort -r) - else +else # Read UUID off of filesystem and use it to tell GRUB where to mount drive # This allows device to move around and grub will still find it uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') @@ -102,7 +102,37 @@ vga_logo="vga=785" else GRUB_OPTIONS="$GRUB_OPTIONS root=UUID=$uuid ro" fi - fi +fi + +# Check for diagnostic partition residing in first partition of drive +# holding the root partition. + +diag_drive_number="" + +if [ ${ROOT_PARTITION:0:2} = "md" ]; then + # Select the first disk in the RAID group to look for diag partition on + root_disks=`echo /sys/block/$ROOT_PARTITION/slaves/*` + root_disk=`echo ${root_disks} | awk '{ print $1 }'` + root_disk=${root_disk##*/} + root_disk=${root_disk:0:${#root_disk}-1} +else + # Shave off the partition number to get the disk name + root_disk=${ROOT_PARTITION:0:${#ROOT_PARTITION}-1} +fi + +# If the root partition is not occupying the first partition, then we +# can look for a diag partition there. +if [ "$ROOT_PARTITION" != "${root_disk}1" ]; then + first_part_fstype=`fdisk -l /dev/$root_disk | grep ^/dev/${root_disk}1 | awk '{ print $6 }'` + + if [ "$first_part_fstype" = "FAT16" -o "$first_part_fstype" = "Dell" ]; then + # Translate the Linux drive letter (e.g. the "a" in "/dev/sda") into + # a drive number that grub uses. i.e. "a" = 0, "b" = 1, etc. + diag_drive_letter=${root_disk:2:1} + diag_drive_number=`echo $diag_drive_letter | od -t u1 -N 1 | awk '{ print $2 }'` + let diag_drive_number-=97 + fi +fi ( # create the grub.cfg file for grub @@ -208,6 +238,15 @@ vga_logo="vga=785" echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" echo -e "\tinitrd /boot/initrd.img" echo -e "}" + + if [ -n "$diag_drive_number" ]; then + echo + echo -e "menuentry \"Diagnostics\" {" + echo -e "\tchainloader (hd$diag_drive_number,1)+1" + echo -e "}" + fi + + ) >"$ROOTFSDIR"/boot/grub/grub.cfg ( [ -s /boot/grub/menu.lst ] && -- cgit v1.2.3 From 8397f27caa34ab83a9e4546a10800cffea4397f2 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Thu, 25 Sep 2008 11:34:43 -0700 Subject: Bugfix: 3515 Accept an encrypted-password field with or without a trailing colon character. --- scripts/standalone_root_pw_reset | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/standalone_root_pw_reset b/scripts/standalone_root_pw_reset index 336d534d..65af7e55 100755 --- a/scripts/standalone_root_pw_reset +++ b/scripts/standalone_root_pw_reset @@ -76,7 +76,7 @@ usermod --password "$newpwd" root # escape / in encrypted passwd pw=$(echo $newpwd | sed 's:/:\\/:g') sed -i \ - -e "/^.* user root {/,/}/s/encrypted-password .*\$/encrypted-password \"$pw\"/" \ + -e "/^.* user root {/,/}/s/encrypted-password:* .*\$/encrypted-password \"$pw\"/" \ $CF echo $(date "+%b%e %T") $(hostname) "Root password reset to factory value" \ -- cgit v1.2.3 From e353784221348c589a0351903094e1b62cbdd40f Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Mon, 29 Sep 2008 09:48:39 -0700 Subject: Bugfix: 3492 Add "admin" and "operator" level users to the "dip" group so that they can execute CLI commands that bring up and take down PPP connections. --- scripts/system/vyatta_update_login.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/system/vyatta_update_login.pl b/scripts/system/vyatta_update_login.pl index bd103c57..dbe4e338 100755 --- a/scripts/system/vyatta_update_login.pl +++ b/scripts/system/vyatta_update_login.pl @@ -53,8 +53,8 @@ my %reasons = ( # Map of level to additional groups my %level_map = ( - 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', ], - 'operator' => [ 'quaggavty', 'operator', 'adm', ], + 'admin' => [ 'quaggavty', 'vyattacfg', 'sudo', 'adm', 'dip', ], + 'operator' => [ 'quaggavty', 'operator', 'adm', 'dip', ], ); # we have some users -- cgit v1.2.3 From 519607f4202a0e0a4b22992d17836fd3753dd0ff Mon Sep 17 00:00:00 2001 From: rbalocca Date: Tue, 30 Sep 2008 13:31:55 -0700 Subject: Fix for bug http://bugzilla.vyatta.com/show_bug.cgi?id=3712 --- Makefile.am | 2 +- scripts/grub-setup | 255 ------------------------------------------------- scripts/install-system | 4 +- 3 files changed, 3 insertions(+), 258 deletions(-) delete mode 100755 scripts/grub-setup diff --git a/Makefile.am b/Makefile.am index 27152ff0..9e66286c 100644 --- a/Makefile.am +++ b/Makefile.am @@ -15,7 +15,7 @@ bin_SCRIPTS += scripts/vyatta-functions sbin_SCRIPTS += scripts/init-floppy sbin_SCRIPTS += scripts/rl-system.init sbin_SCRIPTS += scripts/install-system -sbin_SCRIPTS += scripts/grub-setup +sbin_SCRIPTS += scripts/vyatta-grub-setup sbin_SCRIPTS += scripts/quick-install sbin_SCRIPTS += scripts/standalone_root_pw_reset sbin_SCRIPTS += scripts/vyatta-passwd-sync diff --git a/scripts/grub-setup b/scripts/grub-setup deleted file mode 100755 index 1bf47dde..00000000 --- a/scripts/grub-setup +++ /dev/null @@ -1,255 +0,0 @@ -#!/bin/sh -# -# Module: grup-setup -# -# **** License **** -# This program is free software; you can redistribute it and/or modify -# it under the terms of the GNU General Public License version 2 as -# published by the Free Software Foundation. -# -# This program is distributed in the hope that it will be useful, but -# WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU -# General Public License for more details. -# -# This code was originally developed by Vyatta, Inc. -# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. -# All Rights Reserved. -# -# Author: Robert Bays -# Date: 2006 -# Description: -# -# **** End License **** -# -# Vyatta grub customization setup script. -# -# - -UNION="false" -while getopts u: c -do - case $c in - u) UNION=true; - livedir=$OPTARG;; - esac -done -shift `expr $OPTIND - 1` - -ROOT_PARTITION="$1" -GRUB_OPTIONS="$2" -ROOTFSDIR="$3" - -[ "$ROOT_PARTITION" ] || exit 1 - -# Grub options -if [ "$GRUB_OPTIONS" ] -then - GRUB_OPTIONS="$GRUB_OPTIONS quiet" -else - GRUB_OPTIONS=quiet -fi - -# Path to standalone root password reset script -pass_reset=/opt/vyatta/sbin/standalone_root_pw_reset - -# Output to both console (last device is /dev/console) -vty_console="console=ttyS0,9600 console=tty0" -serial_console="console=tty0 console=ttyS0,9600" - -# If vga_logo is set, enable use of the VGA monitor for displaying the -# logo during boot. The "vga=" boot command specifies a VGA mode that -# is encoded as shown below. We pick a value that is likely to work -# on most systems: -# -# Color depth | 640x480 | 800x600 | 1024x768 | 1280x1024 -# -----------------+---------+---------+----------+---------- -# 256 (8bit) | 769 771 773 775 -# 32000 (15bit) | 784 787 790 793 -# 65000 (16bit) | 785 788 791 794 -# 16.7 Mill.(24bit)| 786 789 792 795 -# -vga_logo="vga=785" - -# get list of kernels, except Xen -kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) - -# get xen kernel info -xen_kernel_version=$(ls $ROOTFSDIR/boot/vmlinuz*xen 2> /dev/null | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) -xen_version=$(ls $ROOTFSDIR/boot/xen-* 2> /dev/null | awk -F/ '{ print $5 }' | sort -r) - -# Figure out whether we are running on the serial or KVM console: -if [ "`tty`" == "/dev/ttyS0" ]; then - # Since user is running on serial console, make that the default. - default_console=1 -else - # Since user is running on KVM console, make that the default - default_console=0 -fi - -if eval "$UNION"; then - GRUB_OPTIONS="boot=live live-media-path=/boot/$livedir module=$livedir quiet persistent noautologin nonetworking nouser hostname=vyatta" - union_kernel_versions=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $6 }' | sed 's/vmlinuz//g' | sort -r) -else - # Read UUID off of filesystem and use it to tell GRUB where to mount drive - # This allows device to move around and grub will still find it - uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') - if [ -z "$uuid" ] - then - # TODO: use /proc/mount if dumpe2fs fails - echo "Unable to read filesystem UUID. Exiting." - exit 1 - else - GRUB_OPTIONS="$GRUB_OPTIONS root=UUID=$uuid ro" - fi -fi - -# Check for diagnostic partition residing in first partition of drive -# holding the root partition. - -diag_drive_number="" - -if [ ${ROOT_PARTITION:0:2} = "md" ]; then - # Select the first disk in the RAID group to look for diag partition on - root_disks=`echo /sys/block/$ROOT_PARTITION/slaves/*` - root_disk=`echo ${root_disks} | awk '{ print $1 }'` - root_disk=${root_disk##*/} - root_disk=${root_disk:0:${#root_disk}-1} -else - # Shave off the partition number to get the disk name - root_disk=${ROOT_PARTITION:0:${#ROOT_PARTITION}-1} -fi - -# If the root partition is not occupying the first partition, then we -# can look for a diag partition there. -if [ "$ROOT_PARTITION" != "${root_disk}1" ]; then - first_part_fstype=`fdisk -l /dev/$root_disk | grep ^/dev/${root_disk}1 | awk '{ print $6 }'` - - if [ "$first_part_fstype" = "FAT16" -o "$first_part_fstype" = "Dell" ]; then - # Translate the Linux drive letter (e.g. the "a" in "/dev/sda") into - # a drive number that grub uses. i.e. "a" = 0, "b" = 1, etc. - diag_drive_letter=${root_disk:2:1} - diag_drive_number=`echo $diag_drive_letter | od -t u1 -N 1 | awk '{ print $2 }'` - let diag_drive_number-=97 - fi -fi - -( - # create the grub.cfg file for grub - # The "default=" line selects which boot option will be used by default. - # Numbering starts at 0 for the first option. - echo -e "set default=$default_console" - echo "set timeout=5" - # set serial console options - echo -e "serial --unit=0 --speed=9600" - echo "terminal serial" - - if [ ${ROOT_PARTITION:0:2} = "md" ]; then - echo "" - echo -e "insmod raid" - echo -e "root ($ROOT_PARTITION)" - fi - - echo "" - echo "echo -n Press ESC to enter the Grub menu..." - echo "if sleep --verbose --interruptible 5 ; then" - echo -e "\tterminal console" - echo -e "\techo -n Press the ESC key to enter the Grub menu..." - echo -e "\tif sleep --verbose --interruptible 5 ; then" - echo -e "\t\tterminal serial" - ## don't set timeout here. causes boot problem on 64-bit - # echo -e "\t\tset timeout=0" - echo -e "\tfi" - echo "fi" - echo "" - - # create xen kernels if they exist - if [ -n "$xen_kernel_version" ]; then - for xversion in $xen_kernel_version; do - echo - echo - echo -e "menuentry \"Vyatta Xen linux$xversion dom0\" {" - echo -e "\tmultiboot /boot/$xen_version " - echo -e "\tmodule /boot/vmlinuz$xversion $GRUB_OPTIONS $vga_logo $vty_console" - echo -e "\tmodule /boot/initrd.img$xversion" - echo -e "}" - done - fi - - if [ -f "$ROOTFSDIR/boot/vmlinuz" ] && ! eval $UNION ; then - # Set first system boot option. Make KVM the default console in this one. - echo -e "menuentry \"Vyatta OFR (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console" - echo -e "\tinitrd /boot/initrd.img" - echo -e "}" - - # Set the second system boot option. Make the serial port be the default - # console in this one. - echo - echo -e "menuentry \"Vyatta OFR (Serial console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console" - echo -e "\tinitrd /boot/initrd.img" - echo -e "}" - fi - - # create union kernels if they exist - if [ -n "$union_kernel_versions" ]; then - for kversion in $union_kernel_versions; do - echo - echo -e "menuentry \"Vyatta OFR linux$kversion (KVM console)\" {" - echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $vga_logo $vty_console" - echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" - echo -e "}" - echo - echo -e "menuentry \"Vyatta OFR linux$kversion (Serial console)\" {" - echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $serial_console" - echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" - echo -e "}" - done - fi - - # create other kernels if they exist - if [ -n "$kernel_versions" ]; then - for kversion in $kernel_versions; do - echo - echo -e "menuentry \"Vyatta OFR linux$kversion (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $vga_logo $vty_console" - echo -e "\tinitrd /boot/initrd.img$kversion" - echo -e "}" - echo - echo -e "menuentry \"Vyatta OFR linux$kversion (Serial console)\" {" - echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $serial_console" - echo -e "\tinitrd /boot/initrd.img$kversion" - echo -e "}" - done - fi - - # Set options for root password reset. Offer - # options for both serial and KVM console. - - echo - echo -e "menuentry \"Root password reset to factory (KVM console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset" - echo -e "\tinitrd /boot/initrd.img" - echo -e "}" - - echo - echo -e "menuentry \"Root password reset to factory (Serial console)\" {" - echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" - echo -e "\tinitrd /boot/initrd.img" - echo -e "}" - - if [ -n "$diag_drive_number" ]; then - echo - echo -e "menuentry \"Diagnostics\" {" - echo -e "\tchainloader (hd$diag_drive_number,1)+1" - echo -e "}" - fi - - -) >"$ROOTFSDIR"/boot/grub/grub.cfg - -( [ -s /boot/grub/menu.lst ] && - upgrade-from-grub-legacy && - rm -f /boot/grub/menu.lst* -) || true diff --git a/scripts/install-system b/scripts/install-system index 7229cfda..15a4285e 100644 --- a/scripts/install-system +++ b/scripts/install-system @@ -897,12 +897,12 @@ install_grub () { fi fi - # if union install tell grub-setup + # if union install tell vyatta-grub-setup if eval "$UNION"; then version=$(egrep -i version /opt/vyatta/etc/version | awk '{ print $3 }') grub_args="-u $version" fi - if /opt/vyatta/sbin/grub-setup $grub_args "$ROOT_PARTITION" "$grub_options" /mnt/rootfs >>$INSTALL_LOG + if /opt/vyatta/sbin/vyatta-grub-setup $grub_args "$ROOT_PARTITION" "$grub_options" /mnt/rootfs >>$INSTALL_LOG then echo "OK" else -- cgit v1.2.3 From 4ecc05bc5ac7d5a8661306ec8d85b763d02976ba Mon Sep 17 00:00:00 2001 From: rbalocca Date: Tue, 30 Sep 2008 14:51:42 -0700 Subject: Add vyatta-grub-setup --- scripts/vyatta-grub-setup | 255 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 255 insertions(+) create mode 100755 scripts/vyatta-grub-setup diff --git a/scripts/vyatta-grub-setup b/scripts/vyatta-grub-setup new file mode 100755 index 00000000..1bf47dde --- /dev/null +++ b/scripts/vyatta-grub-setup @@ -0,0 +1,255 @@ +#!/bin/sh +# +# Module: grup-setup +# +# **** License **** +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, but +# WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +# General Public License for more details. +# +# This code was originally developed by Vyatta, Inc. +# Portions created by Vyatta are Copyright (C) 2006, 2007 Vyatta, Inc. +# All Rights Reserved. +# +# Author: Robert Bays +# Date: 2006 +# Description: +# +# **** End License **** +# +# Vyatta grub customization setup script. +# +# + +UNION="false" +while getopts u: c +do + case $c in + u) UNION=true; + livedir=$OPTARG;; + esac +done +shift `expr $OPTIND - 1` + +ROOT_PARTITION="$1" +GRUB_OPTIONS="$2" +ROOTFSDIR="$3" + +[ "$ROOT_PARTITION" ] || exit 1 + +# Grub options +if [ "$GRUB_OPTIONS" ] +then + GRUB_OPTIONS="$GRUB_OPTIONS quiet" +else + GRUB_OPTIONS=quiet +fi + +# Path to standalone root password reset script +pass_reset=/opt/vyatta/sbin/standalone_root_pw_reset + +# Output to both console (last device is /dev/console) +vty_console="console=ttyS0,9600 console=tty0" +serial_console="console=tty0 console=ttyS0,9600" + +# If vga_logo is set, enable use of the VGA monitor for displaying the +# logo during boot. The "vga=" boot command specifies a VGA mode that +# is encoded as shown below. We pick a value that is likely to work +# on most systems: +# +# Color depth | 640x480 | 800x600 | 1024x768 | 1280x1024 +# -----------------+---------+---------+----------+---------- +# 256 (8bit) | 769 771 773 775 +# 32000 (15bit) | 784 787 790 793 +# 65000 (16bit) | 785 788 791 794 +# 16.7 Mill.(24bit)| 786 789 792 795 +# +vga_logo="vga=785" + +# get list of kernels, except Xen +kernel_versions=$(ls $ROOTFSDIR/boot/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) + +# get xen kernel info +xen_kernel_version=$(ls $ROOTFSDIR/boot/vmlinuz*xen 2> /dev/null | awk -F/ '{ print $5 }' | sed 's/vmlinuz//g' | sort -r) +xen_version=$(ls $ROOTFSDIR/boot/xen-* 2> /dev/null | awk -F/ '{ print $5 }' | sort -r) + +# Figure out whether we are running on the serial or KVM console: +if [ "`tty`" == "/dev/ttyS0" ]; then + # Since user is running on serial console, make that the default. + default_console=1 +else + # Since user is running on KVM console, make that the default + default_console=0 +fi + +if eval "$UNION"; then + GRUB_OPTIONS="boot=live live-media-path=/boot/$livedir module=$livedir quiet persistent noautologin nonetworking nouser hostname=vyatta" + union_kernel_versions=$(ls $ROOTFSDIR/boot/$livedir/vmlinuz-* 2> /dev/null | grep -v xen | awk -F/ '{ print $6 }' | sed 's/vmlinuz//g' | sort -r) +else + # Read UUID off of filesystem and use it to tell GRUB where to mount drive + # This allows device to move around and grub will still find it + uuid=$(dumpe2fs -h /dev/${ROOT_PARTITION} 2>/dev/null | awk '/^Filesystem UUID/ {print $3}') + if [ -z "$uuid" ] + then + # TODO: use /proc/mount if dumpe2fs fails + echo "Unable to read filesystem UUID. Exiting." + exit 1 + else + GRUB_OPTIONS="$GRUB_OPTIONS root=UUID=$uuid ro" + fi +fi + +# Check for diagnostic partition residing in first partition of drive +# holding the root partition. + +diag_drive_number="" + +if [ ${ROOT_PARTITION:0:2} = "md" ]; then + # Select the first disk in the RAID group to look for diag partition on + root_disks=`echo /sys/block/$ROOT_PARTITION/slaves/*` + root_disk=`echo ${root_disks} | awk '{ print $1 }'` + root_disk=${root_disk##*/} + root_disk=${root_disk:0:${#root_disk}-1} +else + # Shave off the partition number to get the disk name + root_disk=${ROOT_PARTITION:0:${#ROOT_PARTITION}-1} +fi + +# If the root partition is not occupying the first partition, then we +# can look for a diag partition there. +if [ "$ROOT_PARTITION" != "${root_disk}1" ]; then + first_part_fstype=`fdisk -l /dev/$root_disk | grep ^/dev/${root_disk}1 | awk '{ print $6 }'` + + if [ "$first_part_fstype" = "FAT16" -o "$first_part_fstype" = "Dell" ]; then + # Translate the Linux drive letter (e.g. the "a" in "/dev/sda") into + # a drive number that grub uses. i.e. "a" = 0, "b" = 1, etc. + diag_drive_letter=${root_disk:2:1} + diag_drive_number=`echo $diag_drive_letter | od -t u1 -N 1 | awk '{ print $2 }'` + let diag_drive_number-=97 + fi +fi + +( + # create the grub.cfg file for grub + # The "default=" line selects which boot option will be used by default. + # Numbering starts at 0 for the first option. + echo -e "set default=$default_console" + echo "set timeout=5" + # set serial console options + echo -e "serial --unit=0 --speed=9600" + echo "terminal serial" + + if [ ${ROOT_PARTITION:0:2} = "md" ]; then + echo "" + echo -e "insmod raid" + echo -e "root ($ROOT_PARTITION)" + fi + + echo "" + echo "echo -n Press ESC to enter the Grub menu..." + echo "if sleep --verbose --interruptible 5 ; then" + echo -e "\tterminal console" + echo -e "\techo -n Press the ESC key to enter the Grub menu..." + echo -e "\tif sleep --verbose --interruptible 5 ; then" + echo -e "\t\tterminal serial" + ## don't set timeout here. causes boot problem on 64-bit + # echo -e "\t\tset timeout=0" + echo -e "\tfi" + echo "fi" + echo "" + + # create xen kernels if they exist + if [ -n "$xen_kernel_version" ]; then + for xversion in $xen_kernel_version; do + echo + echo + echo -e "menuentry \"Vyatta Xen linux$xversion dom0\" {" + echo -e "\tmultiboot /boot/$xen_version " + echo -e "\tmodule /boot/vmlinuz$xversion $GRUB_OPTIONS $vga_logo $vty_console" + echo -e "\tmodule /boot/initrd.img$xversion" + echo -e "}" + done + fi + + if [ -f "$ROOTFSDIR/boot/vmlinuz" ] && ! eval $UNION ; then + # Set first system boot option. Make KVM the default console in this one. + echo -e "menuentry \"Vyatta OFR (KVM console)\" {" + echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console" + echo -e "\tinitrd /boot/initrd.img" + echo -e "}" + + # Set the second system boot option. Make the serial port be the default + # console in this one. + echo + echo -e "menuentry \"Vyatta OFR (Serial console)\" {" + echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console" + echo -e "\tinitrd /boot/initrd.img" + echo -e "}" + fi + + # create union kernels if they exist + if [ -n "$union_kernel_versions" ]; then + for kversion in $union_kernel_versions; do + echo + echo -e "menuentry \"Vyatta OFR linux$kversion (KVM console)\" {" + echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $vga_logo $vty_console" + echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" + echo -e "}" + echo + echo -e "menuentry \"Vyatta OFR linux$kversion (Serial console)\" {" + echo -e "\tlinux /boot/$livedir/vmlinuz$kversion $GRUB_OPTIONS $serial_console" + echo -e "\tinitrd /boot/$livedir/initrd.img$kversion" + echo -e "}" + done + fi + + # create other kernels if they exist + if [ -n "$kernel_versions" ]; then + for kversion in $kernel_versions; do + echo + echo -e "menuentry \"Vyatta OFR linux$kversion (KVM console)\" {" + echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $vga_logo $vty_console" + echo -e "\tinitrd /boot/initrd.img$kversion" + echo -e "}" + echo + echo -e "menuentry \"Vyatta OFR linux$kversion (Serial console)\" {" + echo -e "\tlinux /boot/vmlinuz$kversion $GRUB_OPTIONS $serial_console" + echo -e "\tinitrd /boot/initrd.img$kversion" + echo -e "}" + done + fi + + # Set options for root password reset. Offer + # options for both serial and KVM console. + + echo + echo -e "menuentry \"Root password reset to factory (KVM console)\" {" + echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $vga_logo $vty_console init=$pass_reset" + echo -e "\tinitrd /boot/initrd.img" + echo -e "}" + + echo + echo -e "menuentry \"Root password reset to factory (Serial console)\" {" + echo -e "\tlinux /boot/vmlinuz $GRUB_OPTIONS $serial_console init=$pass_reset" + echo -e "\tinitrd /boot/initrd.img" + echo -e "}" + + if [ -n "$diag_drive_number" ]; then + echo + echo -e "menuentry \"Diagnostics\" {" + echo -e "\tchainloader (hd$diag_drive_number,1)+1" + echo -e "}" + fi + + +) >"$ROOTFSDIR"/boot/grub/grub.cfg + +( [ -s /boot/grub/menu.lst ] && + upgrade-from-grub-legacy && + rm -f /boot/grub/menu.lst* +) || true -- cgit v1.2.3 From bae23e34cfbf5cfb28e7077239ca16b795f4e9a3 Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 1 Oct 2008 16:18:14 -0700 Subject: Bugfix: 3572 In the postinstall step, change the PAM configuration for login so that the user is prompted for password even if the username entered is invalid. This prevents people from easily determining whether a username exists or not. --- debian/vyatta-cfg-system.postinst.in | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/debian/vyatta-cfg-system.postinst.in b/debian/vyatta-cfg-system.postinst.in index 2cb0643c..925edcb5 100644 --- a/debian/vyatta-cfg-system.postinst.in +++ b/debian/vyatta-cfg-system.postinst.in @@ -87,6 +87,11 @@ fi sed -i 's/^set /builtin set /' /etc/bash_completion +# Fix up PAM configuration for login so that invalid users are prompted +# for password +sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login + + # Local Variables: # mode: shell-script # sh-indentation: 4 -- cgit v1.2.3 From 21031c67393d26a814298a8755d4bea43b0834de Mon Sep 17 00:00:00 2001 From: Bob Gilligan Date: Wed, 1 Oct 2008 17:58:47 -0700 Subject: Bugfix: 3727 In the case when we are using a pre-existing RAID group, warn the user of dire consequences before over-writing the disks. --- scripts/install-system | 35 ++++++++++++++++++++++------------- 1 file changed, 22 insertions(+), 13 deletions(-) diff --git a/scripts/install-system b/scripts/install-system index 15a4285e..5543fecb 100644 --- a/scripts/install-system +++ b/scripts/install-system @@ -206,6 +206,24 @@ probe_drives () { } +warn_of_dire_consequences () { + # Give the user a requisite warning that we are about to nuke their drive + response='' + while [ -z $response ] + do + echo "This will destroy all data on /dev/$INSTALL_DRIVE." + echo -n "Continue? (Yes/No) [No]: " + response=$(get_response "No" "Yes No Y N") + + if [ "$response" == "no" ] || [ "$response" == "n" ]; then + echo "Ok then. Exiting..." + exit 1 + fi + done +} + + + check_for_old_raid () { # First, trigger construction of previously configured RAID groups echo -n "Looking for pre-existing RAID groups..." @@ -264,6 +282,9 @@ check_for_old_raid () { fi echo "Using RAID partition $INSTALL_DRIVE" + + warn_of_dire_consequences + ROOT_PARTITION=$INSTALL_DRIVE # make sure we aren't working on a mounted part @@ -997,19 +1018,7 @@ setup_method_auto() { fi done - # Give the user a requisite warning that we are about to nuke their drive - response='' - while [ -z $response ] - do - echo "This will destroy all data on /dev/$INSTALL_DRIVE." - echo -n "Continue? (Yes/No) [No]: " - response=$(get_response "No" "Yes No Y N") - - if [ "$response" == "no" ] || [ "$response" == "n" ]; then - echo "Ok then. Exiting..." - exit 1 - fi - done + warn_of_dire_consequences echo -- cgit v1.2.3