summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniil Baturin <daniil@baturin.org>2018-11-05 01:10:36 +0100
committerDaniil Baturin <daniil@baturin.org>2018-11-05 01:10:36 +0100
commit7713fb958f606672804789ff431aa1f691ef4a46 (patch)
treec19972185118dfa2c8d2f76974a86e1d44feb7d5
parentaf3a5142dce9fb3d6f3fecdbccfd1cae23b31c62 (diff)
parentd6c39f624a2ced96015d1e915d90e80acda3babb (diff)
downloadvyos-1x-7713fb958f606672804789ff431aa1f691ef4a46.tar.gz
vyos-1x-7713fb958f606672804789ff431aa1f691ef4a46.zip
Merge branch 'current' of https://github.com/vyos/vyos-1x into current
-rw-r--r--debian/changelog5
-rw-r--r--interface-definitions/dhcp-relay.xml13
-rw-r--r--interface-definitions/dhcpv6-relay.xml13
-rw-r--r--interface-definitions/wireguard.xml4
-rw-r--r--op-mode-definitions/show-systemintegrity.xml14
-rw-r--r--python/vyos/component_versions.py57
-rwxr-xr-xsrc/conf_mode/dhcp_relay.py8
-rwxr-xr-xsrc/conf_mode/dhcpv6_relay.py8
-rwxr-xr-xsrc/conf_mode/wireguard.py11
-rwxr-xr-xsrc/migration-scripts/dhcp-relay/1-to-235
-rwxr-xr-xsrc/op_mode/system_integrity.py69
11 files changed, 187 insertions, 50 deletions
diff --git a/debian/changelog b/debian/changelog
index 1d0d37d51..d60c36316 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,8 @@
+vyos-1x (1.2.0-4) unstable; urgency=medium
+
+ * T240 adds feature system integrity check
+
+ -- hagbard <vyosdev@derith.de> Mon, 29 Oct 2018 11:10:18 -0700
vyos-1x (1.2.0-3) unstable; urgency=medium
* T933: adding vmac_xmit_base if use_vmac has been chosen
diff --git a/interface-definitions/dhcp-relay.xml b/interface-definitions/dhcp-relay.xml
index c918d25a3..f4cb36eea 100644
--- a/interface-definitions/dhcp-relay.xml
+++ b/interface-definitions/dhcp-relay.xml
@@ -49,19 +49,6 @@
<constraintErrorMessage>max-size must be a value between 64 and 1400</constraintErrorMessage>
</properties>
</leafNode>
- <leafNode name="port">
- <properties>
- <help>Port number to listen on</help>
- <valueHelp>
- <format>1-65535</format>
- <description>Port to listen on</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- <constraintErrorMessage>port must be a value between 1 and 65535</constraintErrorMessage>
- </properties>
- </leafNode>
<leafNode name="relay-agents-packets">
<properties>
<help>Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward)</help>
diff --git a/interface-definitions/dhcpv6-relay.xml b/interface-definitions/dhcpv6-relay.xml
index d6e6daf51..15c76a098 100644
--- a/interface-definitions/dhcpv6-relay.xml
+++ b/interface-definitions/dhcpv6-relay.xml
@@ -31,19 +31,6 @@
</leafNode>
</children>
</tagNode>
- <leafNode name="listen-port">
- <properties>
- <help>UDP port to listen for requests on</help>
- <valueHelp>
- <format>1-65535</format>
- <description>Port to listen on</description>
- </valueHelp>
- <constraint>
- <validator name="numeric" argument="--range 1-65535"/>
- </constraint>
- <constraintErrorMessage>port must be a value between 1 and 65535</constraintErrorMessage>
- </properties>
- </leafNode>
<leafNode name="max-hop-count">
<properties>
<help>Maximum hop count for which requests will be processed</help>
diff --git a/interface-definitions/wireguard.xml b/interface-definitions/wireguard.xml
index 575637ac9..3bf7bcd33 100644
--- a/interface-definitions/wireguard.xml
+++ b/interface-definitions/wireguard.xml
@@ -34,7 +34,7 @@
<properties>
<help>description</help>
<constraint>
- <regex>.[^ ]{1,100}$</regex>
+ <regex>[^ ]{1,100}$</regex>
</constraint>
<constraintErrorMessage>interface description is too long (limit 100 characters)</constraintErrorMessage>
</properties>
@@ -71,7 +71,7 @@
<properties>
<help>peer alias</help>
<constraint>
- <regex>.[^ ]{1,100}$</regex>
+ <regex>[^ ]{1,100}$</regex>
</constraint>
<constraintErrorMessage>peer alias too long (limit 100 characters)</constraintErrorMessage>
</properties>
diff --git a/op-mode-definitions/show-systemintegrity.xml b/op-mode-definitions/show-systemintegrity.xml
new file mode 100644
index 000000000..44b5faf68
--- /dev/null
+++ b/op-mode-definitions/show-systemintegrity.xml
@@ -0,0 +1,14 @@
+<?xml version="1.0"?>
+
+<interfaceDefinition>
+ <node name="show">
+ <children>
+ <leafNode name= "system-integrity">
+ <properties>
+ <help>checks the integrity of the system</help>
+ </properties>
+ <command>sudo ${vyos_op_scripts_dir}/system_integrity.py</command>
+ </leafNode>
+ </children>
+ </node>
+</interfaceDefinition>
diff --git a/python/vyos/component_versions.py b/python/vyos/component_versions.py
new file mode 100644
index 000000000..ec54a1576
--- /dev/null
+++ b/python/vyos/component_versions.py
@@ -0,0 +1,57 @@
+# Copyright 2017 VyOS maintainers and contributors <maintainers@vyos.io>
+#
+# This library is free software; you can redistribute it and/or
+# modify it under the terms of the GNU Lesser General Public
+# License as published by the Free Software Foundation; either
+# version 2.1 of the License, or (at your option) any later version.
+#
+# This library is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# Lesser General Public License for more details.
+#
+# You should have received a copy of the GNU Lesser General Public
+# License along with this library. If not, see <http://www.gnu.org/licenses/>.
+
+"""
+The version data looks like:
+
+/* Warning: Do not remove the following line. */
+/* === vyatta-config-version:
+"cluster@1:config-management@1:conntrack-sync@1:conntrack@1:dhcp-relay@1:dhcp-server@4:firewall@5:ipsec@4:nat@4:qos@1:quagga@2:system@8:vrrp@1:wanloadbalance@3:webgui@1:webproxy@1:zone-policy@1"
+=== */
+/* Release version: 1.2.0-rolling+201806131737 */
+"""
+
+import re
+
+def get_component_version(string_line):
+ """
+ Get component version dictionary from string
+ return empty dictionary if string contains no config information
+ or raise error if component version string malformed
+ """
+ return_value = {}
+ if re.match(r'/\* === vyatta-config-version:.+=== \*/$', string_line):
+
+ if not re.match(r'/\* === vyatta-config-version:\s+"([\w,-]+@\d+:)+([\w,-]+@\d+)"\s+=== \*/$', string_line):
+ raise ValueError("malformed configuration string: " + str(string_line))
+
+ for pair in re.findall(r'([\w,-]+)@(\d+)', string_line):
+ if pair[0] in return_value.keys():
+ raise ValueError("duplicate unit name: \"" + str(pair[0]) + "\" in string: \"" + string_line + "\"")
+ return_value[pair[0]] = int(pair[1])
+
+ return return_value
+
+
+def get_component_versions_from_file(config_file_name='/opt/vyatta/etc/config/config.boot'):
+ """
+ Get component version dictionary parsing config file line by line
+ """
+ f = open(config_file_name, 'r')
+ for line_in_config in f:
+ component_version = return_version(line_in_config)
+ if component_version:
+ return component_version
+ raise ValueError("no config string in file:", config_file_name)
diff --git a/src/conf_mode/dhcp_relay.py b/src/conf_mode/dhcp_relay.py
index 61b494b7e..1b2abed9e 100755
--- a/src/conf_mode/dhcp_relay.py
+++ b/src/conf_mode/dhcp_relay.py
@@ -43,14 +43,13 @@ SERVERS="{{ server | join(' ') }}"
INTERFACES="{{ interface | join(' ') }}"
# Additional options that are passed to the DHCP relay daemon?
-OPTIONS="-4 {% if port -%} -p {{ port }}{%- endif %} {{ options | join(' ') }}"
+OPTIONS="-4 {{ options | join(' ') }}"
"""
default_config_data = {
'interface': [],
'server': [],
'options': [],
- 'port': '',
'hop_count': '10',
'relay_agent_packets': 'forward'
}
@@ -86,11 +85,6 @@ def get_config():
size = '-A ' + conf.return_value('max-size')
relay['options'].append(size)
- # Listen and transmit on port <xy>. This is mostly useful for debugging
- # purposes. Default is port 67 for DHCPv4/BOOTP, or port 547 for DHCPv6.
- if conf.exists('port'):
- relay['port'] = conf.return_value('port')
-
# Control the handling of incoming DHCPv4 packets which already contain
# relay agent options. If such a packet does not have giaddr set in its
# header, the DHCP standard requires that the packet be discarded. However,
diff --git a/src/conf_mode/dhcpv6_relay.py b/src/conf_mode/dhcpv6_relay.py
index 959bf0496..86e3f8265 100755
--- a/src/conf_mode/dhcpv6_relay.py
+++ b/src/conf_mode/dhcpv6_relay.py
@@ -31,13 +31,12 @@ config_tmpl = """
# Defaults for isc-dhcpv6-relay initscript sourced by /etc/init.d/isc-dhcpv6-relay
-OPTIONS="-6 -l {{ listen_addr | join('-l ') }} {% if port -%} -p {{ port }}{%- endif %} {{ options | join(' ') }} -u {{ upstream_addr | join('-u ') }}"
+OPTIONS="-6 -l {{ listen_addr | join('-l ') }} {{ options | join(' ') }} -u {{ upstream_addr | join('-u ') }}"
"""
default_config_data = {
'listen_addr': [],
'upstream_addr': [],
- 'port': '',
'options': [],
}
@@ -65,11 +64,6 @@ def get_config():
server = addr + '%' + intf
relay['upstream_addr'].append(server)
- # Listen and transmit on port <xy>. This is mostly useful for debugging
- # purposes. Default is port 67 for DHCPv4/BOOTP, or port 547 for DHCPv6.
- if conf.exists('listen-port'):
- relay['port'] = conf.return_value('listen-port')
-
# Maximum hop count. When forwarding packets, dhcrelay discards packets
# which have reached a hop count of COUNT. Default is 10. Maximum is 255.
if conf.exists('max-hop-count'):
diff --git a/src/conf_mode/wireguard.py b/src/conf_mode/wireguard.py
index c6440ad81..3c8ade1db 100755
--- a/src/conf_mode/wireguard.py
+++ b/src/conf_mode/wireguard.py
@@ -295,18 +295,13 @@ def configure_interface(c, intf):
os.remove(psk_file)
def add_addr(intf, addr):
+ # see https://phabricator.vyos.net/T949
ret = subprocess.call(['ip a a dev ' + intf + ' ' + addr + ' &>/dev/null'], shell=True)
- if ret != 0:
- raise ConfigError('Can\'t set IP ' + addr + ' on ' + intf)
- else:
- sl.syslog(sl.LOG_NOTICE, "ip a a dev " + intf + " " + addr)
+ sl.syslog(sl.LOG_NOTICE, "ip a a dev " + intf + " " + addr)
def del_addr(intf, addr):
ret = subprocess.call(['ip a d dev ' + intf + ' ' + addr + ' &>/dev/null'], shell=True)
- if ret != 0:
- raise ConfigError('Can\'t delete IP ' + addr + ' on ' + intf)
- else:
- sl.syslog(sl.LOG_NOTICE, "ip a d dev " + intf + " " + addr)
+ sl.syslog(sl.LOG_NOTICE, "ip a d dev " + intf + " " + addr)
if __name__ == '__main__':
try:
diff --git a/src/migration-scripts/dhcp-relay/1-to-2 b/src/migration-scripts/dhcp-relay/1-to-2
new file mode 100755
index 000000000..b72da1028
--- /dev/null
+++ b/src/migration-scripts/dhcp-relay/1-to-2
@@ -0,0 +1,35 @@
+#!/usr/bin/env python3
+
+# Delete "set service dhcp-relay relay-options port" option
+# Delete "set service dhcpv6-relay listen-port" option
+
+import sys
+
+from vyos.configtree import ConfigTree
+
+if (len(sys.argv) < 1):
+ print("Must specify file name!")
+ sys.exit(1)
+
+file_name = sys.argv[1]
+
+with open(file_name, 'r') as f:
+ config_file = f.read()
+
+config = ConfigTree(config_file)
+
+if not (config.exists(['service', 'dhcp-relay', 'relay-options', 'port']) or config.exists(['service', 'dhcpv6-relay', 'listen-port'])):
+ # Nothing to do
+ sys.exit(0)
+else:
+ # Delete abandoned node
+ config.delete(['service', 'dhcp-relay', 'relay-options', 'port'])
+ # Delete abandoned node
+ config.delete(['service', 'dhcpv6-relay', 'listen-port'])
+
+ try:
+ with open(file_name, 'w') as f:
+ f.write(config.to_string())
+ except OSError as e:
+ print("Failed to save the modified config: {}".format(e))
+ sys.exit(1)
diff --git a/src/op_mode/system_integrity.py b/src/op_mode/system_integrity.py
new file mode 100755
index 000000000..886d94f16
--- /dev/null
+++ b/src/op_mode/system_integrity.py
@@ -0,0 +1,69 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2018 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+#
+
+import sys
+import os
+import subprocess
+import re
+import itertools
+from datetime import datetime, timedelta
+
+verf = r'/usr/libexec/vyos/op_mode/version.py'
+
+def get_sys_build_version():
+ if not os.path.exists(verf):
+ return None
+
+ a = subprocess.check_output(['/usr/libexec/vyos/op_mode/version.py']).decode()
+ if re.search('^Built on:.+',a, re.M) == None:
+ return None
+
+ dt = ( re.sub('Built on: +','', re.search('^Built on:.+',a, re.M).group(0)) )
+ return datetime.strptime(dt,'%a %d %b %Y %H:%M %Z')
+
+def check_pkgs(dt):
+ pkg_diffs = {
+ 'buildtime' : str(dt),
+ 'pkg' : {}
+ }
+
+ pkg_info = os.listdir('/var/lib/dpkg/info/')
+ for file in pkg_info:
+ if re.search('\.list$', file):
+ fts = os.stat('/var/lib/dpkg/info/' + file).st_mtime
+ dt_str = (datetime.utcfromtimestamp(fts).strftime('%Y-%m-%d %H:%M:%S'))
+ fdt = datetime.strptime(dt_str, '%Y-%m-%d %H:%M:%S')
+ if fdt > dt:
+ pkg_diffs['pkg'].update( { str(re.sub('\.list','',file)) : str(fdt)})
+
+ if len(pkg_diffs['pkg']) != 0:
+ return pkg_diffs
+ else:
+ return None
+
+def main():
+ dt = get_sys_build_version()
+ pkgs = check_pkgs(dt)
+ if pkgs != None:
+ print ("The following packages don\'t fit the image creation time\nbuild time:\t" + pkgs['buildtime'])
+ for k, v in pkgs['pkg'].items():
+ print ("installed: " + v + '\t' + k)
+
+if __name__ == '__main__':
+ sys.exit( main() )
+