vyos-1x.git/debian/vyos-1x.preinst, branch sever-sever-patch-1

vyos-1x.git/debian/vyos-1x.preinst, branch sever-sever-patch-1 VyOS command definitions, scripts, and utilities (mirror of https://github.com/vyos/vyos-1x.git) https://git.amelek.net/vyos/vyos-1x.git/atom?h=sever-sever-patch-1 2025-01-30T17:46:03+00:00 T7106: Divert sysctl vpp settings (#4325) 2025-01-30T17:46:03+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2025-01-30T17:46:03+00:00 urn:sha1:170541686cab7c2ba3fc0f376353d665c9a3040b wireless: T4287: use Debian postinst over preinst when using update-alternatives 2024-07-04T18:07:08+00:00 Christian Breunig christian@breunig.cc 2024-07-04T18:07:08+00:00 urn:sha1:a414190447c32be0775a077cde13cef0cf2b8c54 This fixes an error during ISO assembly: update-alternatives: error: no alternatives for regulatory.db dpkg: error processing archive /tmp/apt-dpkg-install-PJplR3/00-vyos-1x_1.5dev0-1880-gecaa44498_amd64.deb (--unpack): new vyos-1x package pre-installation script subprocess returned error exit status 2 wireless: T4287: use upstream regulatory database due to kernel signing 2024-07-03T20:28:26+00:00 Christian Breunig christian@breunig.cc 2024-07-03T20:28:26+00:00 urn:sha1:9263965071289b6e51e22669b6d588a8d8fbcc1f Most likely b/c of our non signed Kernel binary we do not trust the Debian signed wireless regulatory database. Fallback to the upstream database instead. T1797: Remove vpp packages and mentions 2023-11-09T17:53:17+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-11-09T17:53:17+00:00 urn:sha1:e10cf9f42514799d10b9c495d585bb9f41fd2330 T5706: Add custom systemd udev rules to exclude dynamic interfaces 2023-11-04T12:15:38+00:00 Viacheslav Hletenko v.gletenko@vyos.io 2023-11-04T12:15:38+00:00 urn:sha1:ca9cc86233520eb495c17602bf7a110094c1d8e7 Add custom systemd udev rules to exclude some regular and dynamic interfaces from "systemd-sysctl" calls. It fixes high CPU utilization (100%) as we have a lot of calls per interface for dynamic interfaces like ppp|ipoe|sstp etc. /lib/systemd/systemd-udevd should not be called for those interfaces Merge pull request #2256 from zdc/T5577-circinus 2023-09-29T05:26:31+00:00 Christian Breunig christian@breunig.cc 2023-09-29T05:26:31+00:00 urn:sha1:400df973d3518e9f18cb84b52ca89e08a399e461 T5577: Optimized PAM configs for RADIUS/TACACS+ TACACS: T5577: Added `mandatory` and `optional` modes for TACACS+ 2023-09-13T18:02:32+00:00 zsdc taras@vyos.io 2023-09-13T10:16:20+00:00 urn:sha1:1c804685d05ad639bcb1a9ebce68a7a14268500f In CLI we can choose authentication logic: - `mandatory` - if TACACS+ answered with `REJECT`, authentication must be stopped and access denied immediately. - `optional` (default) - if TACACS+ answers with `REJECT`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if TACACS+ clearly answered that access should be denied (no user in TACACS+ database, wrong password, etc.). If TACACS+ is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode. RADIUS: T5577: Added `mandatory` and `optional` modes for RADIUS 2023-09-13T17:41:43+00:00 zsdc taras@vyos.io 2023-09-13T09:41:04+00:00 urn:sha1:5181ab60bb6d936505967d6667adc12c5ecb9b64 In CLI we can choose authentication logic: - `mandatory` - if RADIUS answered with `Access-Reject`, authentication must be stopped and access denied immediately. - `optional` (default) - if RADIUS answers with `Access-Reject`, authentication continues using the next module. In `mandatory` mode authentication will be stopped only if RADIUS clearly answered that access should be denied (no user in RADIUS database, wrong password, etc.). If RADIUS is not available or other errors happen, it will be skipped and authentication will continue with the next module, like in `optional` mode. frr: T5239: T2061: prevent writing logs to /var/log/frr/frr.log 2023-09-12T05:53:24+00:00 Christian Breunig christian@breunig.cc 2023-09-12T05:53:24+00:00 urn:sha1:d4b9b2aa5f5dda6a11b7038ab0ab52653531183d netplug: T5476: rewrite dhclient helper from Perl -> Python 2023-08-16T11:22:14+00:00 Christian Breunig christian@breunig.cc 2023-08-15T10:42:54+00:00 urn:sha1:1ab8166a5481c184ded9abf8da48dd0d391c8ae3 There are two hooks called for bridge, ethernet and bond interfaces if the link-state changes up -> down or down -> up. The helpers are: * /etc/netplug/linkdown.d/dhclient * /etc/netplug/linkup.d/dhclient As those helpers use Linux actions to start/restart the dhclient process in Perl it's time to rewrite it. First goal is to get rid of all Perl code and the second is that we now have a Proper Python library. Instead of checking if the process is running the then restarting it without even systemd noticing (yeah we might get two processes beeing alive) we should: * Add a Python helper that can be used for both up and down (see man 8 netplugd FILES section) * Query the VyOS CLI config if the interface in question has DHCP(v6) configured and is not disabled * Add IPv6 DHCPv6 support MAN page: https://linux.die.net/man/8/netplugd