Merge branch 'equuleus' of github.com:vyos/vyos-1x into currentvyos/1.3dev0

* 'equuleus' of github.com:vyos/vyos-1x:
  T1873: DHCP: add current year to copyright notice
  T1873: DHCP: fix service name in op-mode "show dhcp"
  T1873: DHCP: ship our own server init scripts
  vyos.config: T1862: restore regex after merge
  equuleus: T1862: Use regex pattern \s+ to split strings on whitespace
  [vyos.config] T1758: adjust regex for change in Python 3.7
  Jenkins: Docker: always pull container from Dockerhub
  ssh - T1719: ssh deprecated options removed
  Jenkins: assume dependencies are available in Docker container
  Jenkins: fix httpURI in isCustomBuild()
  openvpn: T1617: bugfix for server push-route
  openvpn: T1548: remove authy 2fa provider
  update Jenkins file for equuleus
  igmpproxy: remove init script which is already provided by Debian Buster

10 files changed, 140 insertions, 196 deletions

diff --git a/Jenkinsfile b/Jenkinsfile
index 7b6dc49e3..a169b8f2c 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -73,7 +73,7 @@ pipeline {
     agent {
         docker {
             args '--sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=1006 -e GOSU_GID=1006'
-            image 'vyos/vyos-build:current'
+            image 'vyos/vyos-build:equuleus'
             alwaysPull true
         }
     }
diff --git a/python/vyos/config.py b/python/vyos/config.py
index 27422786e..6aed8693c 100644
--- a/python/vyos/config.py
+++ b/python/vyos/config.py
@@ -126,7 +126,7 @@ class Config(object):
         # It may cause problems with exists() when it's used for checking values,
         # since values may contain whitespace.
         if isinstance(path, str):
-            path = re.split(r'\s*', path)
+            path = re.split(r'\s+', path)
         elif isinstance(path, list):
             pass
         else:
@@ -161,7 +161,7 @@ class Config(object):
         # XXX: for small strings in-place concatenation is not a problem
         if isinstance(path, str):
             if path:
-                self._level = re.split(r'\s*', path)
+                self._level = re.split(r'\s+', path)
             else:
                 self._level = []
         elif isinstance(path, list):
@@ -195,7 +195,7 @@ class Config(object):
             # libvyosconfig exists() works only for _nodes_, not _values_
             # libvyattacfg one also worked for values, so we emulate that case here
             if isinstance(path, str):
-                path = re.split(r'\s*', path)
+                path = re.split(r'\s+', path)
             path_without_value = path[:-1]
             path_str = " ".join(path_without_value)
             try:
diff --git a/src/conf_mode/dhcp_server.py b/src/conf_mode/dhcp_server.py
index c2a188812..bf86e484b 100755
--- a/src/conf_mode/dhcp_server.py
+++ b/src/conf_mode/dhcp_server.py
@@ -28,7 +28,8 @@ from vyos import ConfigError
 
 config_file = r'/etc/dhcp/dhcpd.conf'
 lease_file = r'/config/dhcpd.leases'
-daemon_config_file = r'/etc/default/isc-dhcp-server'
+pid_file = r'/var/run/dhcpd.pid'
+daemon_config_file = r'/etc/default/isc-dhcpv4-server'
 
 # Please be careful if you edit the template.
 config_tmpl = """
@@ -231,10 +232,10 @@ shared-network {{ network.name }} {
 daemon_tmpl = """
 ### Autogenerated by dhcp_server.py ###
 
-# sourced by /etc/init.d/isc-dhcp-server
+# sourced by /etc/init.d/isc-dhcpv4-server
 
-DHCPD_CONF=/etc/dhcp/dhcpd.conf
-DHCPD_PID=/var/run/dhcpd.pid
+DHCPD_CONF={{ config_file }}
+DHCPD_PID={{ pid_file }}
 OPTIONS="-4 -lf {{ lease_file }}"
 INTERFACES=""
 """
@@ -827,7 +828,7 @@ def generate(dhcp):
 def apply(dhcp):
     if (dhcp is None) or dhcp['disabled']:
         # DHCP server is removed in the commit
-        os.system('sudo systemctl stop isc-dhcp-server.service')
+        os.system('sudo systemctl stop isc-dhcpv4-server.service')
         if os.path.exists(config_file):
             os.unlink(config_file)
         if os.path.exists(daemon_config_file):
@@ -837,7 +838,7 @@ def apply(dhcp):
         if not os.path.exists(lease_file):
             os.mknod(lease_file)
 
-        os.system('sudo systemctl restart isc-dhcp-server.service')
+        os.system('sudo systemctl restart isc-dhcpv4-server.service')
 
     return None
 
diff --git a/src/conf_mode/dhcpv6_server.py b/src/conf_mode/dhcpv6_server.py
index 039321430..44a927789 100755
--- a/src/conf_mode/dhcpv6_server.py
+++ b/src/conf_mode/dhcpv6_server.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2019 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -29,6 +29,7 @@ from vyos import ConfigError
 
 config_file = r'/etc/dhcp/dhcpdv6.conf'
 lease_file = r'/config/dhcpdv6.leases'
+pid_file = r'/var/run/dhcpdv6.pid'
 daemon_config_file = r'/etc/default/isc-dhcpv6-server'
 
 # Please be careful if you edit the template.
@@ -115,12 +116,12 @@ shared-network {{ network.name }} {
 """
 
 daemon_tmpl = """
-### Autogenerated by dhcp_server.py ###
+### Autogenerated by dhcpv6_server.py ###
 
 # sourced by /etc/init.d/isc-dhcpv6-server
 
-DHCPD_CONF=/etc/dhcp/dhcpdv6.conf
-DHCPD_PID=/var/run/dhcpdv6.pid
+DHCPD_CONF={{ config_file }}
+DHCPD_PID={{ pid_file }}
 OPTIONS="-6 -lf {{ lease_file }}"
 INTERFACES=""
 """
diff --git a/src/conf_mode/ssh.py b/src/conf_mode/ssh.py
index e3b11b537..9fe22bfee 100755
--- a/src/conf_mode/ssh.py
+++ b/src/conf_mode/ssh.py
@@ -37,16 +37,11 @@ HostKey /etc/ssh/ssh_host_rsa_key
 HostKey /etc/ssh/ssh_host_dsa_key
 HostKey /etc/ssh/ssh_host_ecdsa_key
 HostKey /etc/ssh/ssh_host_ed25519_key
-UsePrivilegeSeparation yes
-KeyRegenerationInterval 3600
-ServerKeyBits 1024
 SyslogFacility AUTH
 LoginGraceTime 120
 StrictModes yes
-RSAAuthentication yes
 PubkeyAuthentication yes
 IgnoreRhosts yes
-RhostsRSAAuthentication no
 HostbasedAuthentication no
 PermitEmptyPasswords no
 ChallengeResponseAuthentication no
@@ -58,7 +53,7 @@ TCPKeepAlive yes
 Banner /etc/issue.net
 Subsystem sftp /usr/lib/openssh/sftp-server
 UsePAM yes
-HostKey /etc/ssh/ssh_host_key
+HostKey /etc/ssh/ssh_host_rsa_key
 
 # Specifies whether sshd should look up the remote host name,
 # and to check that the resolved host name for the remote IP
diff --git a/src/etc/init.d/igmpproxy b/src/etc/init.d/igmpproxy
deleted file mode 100755
index 4a2c94a4d..000000000
--- a/src/etc/init.d/igmpproxy
+++ /dev/null
@@ -1,166 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          igmpproxy
-# Required-Start:    $local_fs $network $remote_fs $syslog
-# Required-Stop:     $local_fs $network $remote_fs $syslog
-# Default-Start:     2 3 4 5
-# Default-Stop:      0 1 6
-# Short-Description: IGMP multicast routing daemon
-# Description:       IGMPproxy is a simple dynamic Multicast Routing Daemon
-#                    using only IGMP signalling. It's intended for simple
-#                    forwarding of Multicast traffic between networks.
-### END INIT INFO
-
-# Author: Pali Rohár <pali.rohar@gmail.com>
-
-# Do NOT "set -e"
-
-# PATH should only include /usr/* if it runs after the mountnfs.sh script
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-DESC="igmpproxy"
-NAME=igmpproxy
-DAEMON=/sbin/igmpproxy
-DAEMON_ARGS="/etc/igmpproxy.conf"
-PIDFILE=/var/run/$NAME.pid
-SCRIPTNAME=/etc/init.d/$NAME
-
-# Exit if the package is not installed
-[ -x "$DAEMON" ] || exit 0
-
-# Read configuration variable file if it is present
-[ -r /etc/default/$NAME ] && . /etc/default/$NAME
-
-# Load the VERBOSE setting and other rcS variables
-. /lib/init/vars.sh
-
-# Define LSB log_* functions.
-# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
-# and status_of_proc is working.
-. /lib/lsb/init-functions
-
-#
-# Function that starts the daemon/service
-#
-do_start()
-{
-	# Return
-	#   0 if daemon has been started
-	#   1 if daemon was already running
-	#   2 if daemon could not be started
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test > /dev/null \
-		|| return 1
-	start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON -b -m -- \
-		$DAEMON_OPTS $DAEMON_ARGS \
-		|| return 2
-	# The above code will not work for interpreted scripts, use the next
-	# six lines below instead (Ref: #643337, start-stop-daemon(8) )
-	#start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \
-	#	--name $NAME --test > /dev/null \
-	#	|| return 1
-	#start-stop-daemon --start --quiet --pidfile $PIDFILE --startas $DAEMON \
-	#	--name $NAME -- $DAEMON_ARGS \
-	#	|| return 2
-
-	# Add code here, if necessary, that waits for the process to be ready
-	# to handle requests from services started subsequently which depend
-	# on this one.  As a last resort, sleep for some time.
-}
-
-#
-# Function that stops the daemon/service
-#
-do_stop()
-{
-	# Return
-	#   0 if daemon has been stopped
-	#   1 if daemon was already stopped
-	#   2 if daemon could not be stopped
-	#   other if a failure occurred
-	start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME
-	RETVAL="$?"
-	[ "$RETVAL" = 2 ] && return 2
-	# Wait for children to finish too if this is a daemon that forks
-	# and if the daemon is only ever run from this initscript.
-	# If the above conditions are not satisfied then add some other code
-	# that waits for the process to drop all resources that could be
-	# needed by services started subsequently.  A last resort is to
-	# sleep for some time.
-	start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON
-	[ "$?" = 2 ] && return 2
-	# Many daemons don't delete their pidfiles when they exit.
-	rm -f $PIDFILE
-	return "$RETVAL"
-}
-
-#
-# Function that sends a SIGHUP to the daemon/service
-#
-do_reload() {
-	#
-	# If the daemon can reload its configuration without
-	# restarting (for example, when it is sent a SIGHUP),
-	# then implement that here.
-	#
-	start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME
-	return 0
-}
-
-case "$1" in
-  start)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC " "$NAME"
-	do_start
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  stop)
-	[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
-	do_stop
-	case "$?" in
-		0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
-		2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
-	esac
-	;;
-  status)
-	status_of_proc "$DAEMON" "$NAME" && exit 0 || exit $?
-	;;
-  #reload|force-reload)
-	#
-	# If do_reload() is not implemented then leave this commented out
-	# and leave 'force-reload' as an alias for 'restart'.
-	#
-	#log_daemon_msg "Reloading $DESC" "$NAME"
-	#do_reload
-	#log_end_msg $?
-	#;;
-  restart|force-reload)
-	#
-	# If the "reload" option is implemented then remove the
-	# 'force-reload' alias
-	#
-	log_daemon_msg "Restarting $DESC" "$NAME"
-	do_stop
-	case "$?" in
-	  0|1)
-		do_start
-		case "$?" in
-			0) log_end_msg 0 ;;
-			1) log_end_msg 1 ;; # Old process is still running
-			*) log_end_msg 1 ;; # Failed to start
-		esac
-		;;
-	  *)
-		# Failed to stop
-		log_end_msg 1
-		;;
-	esac
-	;;
-  *)
-	#echo "Usage: $SCRIPTNAME {start|stop|restart|reload|force-reload}" >&2
-	echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2
-	exit 3
-	;;
-esac
-
-:
diff --git a/src/etc/init.d/isc-dhcpv4-server b/src/etc/init.d/isc-dhcpv4-server
new file mode 100755
index 000000000..377634a13
--- /dev/null
+++ b/src/etc/init.d/isc-dhcpv4-server
@@ -0,0 +1,113 @@
+#!/bin/sh
+#
+#
+
+### BEGIN INIT INFO
+# Provides:          isc-dhcpv4-server
+# Required-Start:    $remote_fs $network $syslog
+# Required-Stop:     $remote_fs $network $syslog
+# Should-Start:      $local_fs slapd $named
+# Should-Stop:       $local_fs slapd
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: IPv4 DHCP server
+# Description:       Dynamic Host Configuration Protocol Server for IPv4
+### END INIT INFO
+
+PATH=/sbin:/bin:/usr/sbin:/usr/bin
+
+test -f /usr/sbin/dhcpd || exit 0
+
+DHCPD_DEFAULT="${DHCPD_DEFAULT:-/etc/default/isc-dhcpv4-server}"
+
+# It is not safe to start if we don't have a default configuration...
+if [ ! -f "$DHCPD_DEFAULT" ]; then
+	echo "$DHCPD_DEFAULT does not exist! - Aborting..."
+	exit 0
+fi
+
+. /lib/lsb/init-functions
+
+# Read init script configuration
+[ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
+
+NAME=dhcpd
+DESC="ISC DHCP server"
+# fallback to default config file
+DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
+# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+if [ -z "$DHCPD_PID" ]; then
+	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
+fi
+DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}"
+
+test_config()
+{
+	if ! /usr/sbin/dhcpd -t $OPTIONS -q -cf "$DHCPD_CONF" > /dev/null 2>&1; then
+		echo "dhcpd self-test failed. Please fix $DHCPD_CONF."
+		echo "The error was: "
+		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
+		exit 1
+	fi
+	touch /var/lib/dhcp/dhcpd.leases
+}
+
+# single arg is -v for messages, -q for none
+check_status()
+{
+    if [ ! -r "$DHCPD_PID" ]; then
+	test "$1" != -v || echo "$NAME is not running."
+	return 3
+    fi
+    if read pid < "$DHCPD_PID" && ps -p "$pid" > /dev/null 2>&1; then
+	test "$1" != -v || echo "$NAME is running."
+	return 0
+    else
+	test "$1" != -v || echo "$NAME is not running but $DHCPD_PID exists."
+	return 1
+    fi
+}
+
+case "$1" in
+	start)
+		test_config
+		log_daemon_msg "Starting $DESC" "$NAME"
+		start-stop-daemon --start --quiet --pidfile "$DHCPD_PID" \
+			--exec /usr/sbin/dhcpd -- \
+			-q $OPTIONS -cf "$DHCPD_CONF" -pf "$DHCPD_PID" $INTERFACES
+		sleep 2
+
+		if check_status -q; then
+			log_end_msg 0
+		else
+			log_failure_msg "check syslog for diagnostics."
+			log_end_msg 1
+			exit 1
+		fi
+		;;
+	stop)
+		log_daemon_msg "Stopping $DESC" "$NAME"
+		start-stop-daemon --stop --quiet --pidfile "$DHCPD_PID"
+		log_end_msg $?
+		rm -f "$DHCPD_PID"
+		;;
+	restart | force-reload)
+		test_config
+		$0 stop
+		sleep 2
+		$0 start
+		if [ "$?" != "0" ]; then
+			exit 1
+		fi
+		;;
+	status)
+		echo -n "Status of $DESC: "
+		check_status -v
+		exit "$?"
+		;;
+	*)
+		echo "Usage: $0 {start|stop|restart|force-reload|status}"
+		exit 1
+esac
+
+exit 0
diff --git a/src/etc/init.d/isc-dhcpv6-server b/src/etc/init.d/isc-dhcpv6-server
index 441827d5f..55f59b68e 100755
--- a/src/etc/init.d/isc-dhcpv6-server
+++ b/src/etc/init.d/isc-dhcpv6-server
@@ -31,15 +31,15 @@ fi
 # Read init script configuration
 [ -f "$DHCPD_DEFAULT" ] && . "$DHCPD_DEFAULT"
 
-NAME=dhcpd
-DESC="ISC DHCP server"
+NAME=dhcpdv6
+DESC="ISC DHCP server IPv6"
 # fallback to default config file
-DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpd.conf}
-# try to read pid file name from config file, with fallback to /var/run/dhcpd.pid
+DHCPD_CONF=${DHCPD_CONF:-/etc/dhcp/dhcpdv6.conf}
+# try to read pid file name from config file, with fallback to /var/run/dhcpdv6.pid
 if [ -z "$DHCPD_PID" ]; then
 	DHCPD_PID=$(sed -n -e 's/^[ \t]*pid-file-name[ \t]*"(.*)"[ \t]*;.*$/\1/p' < "$DHCPD_CONF" 2>/dev/null | head -n 1)
 fi
-DHCPD_PID="${DHCPD_PID:-/var/run/dhcpd.pid}"
+DHCPD_PID="${DHCPD_PID:-/var/run/dhcpdv6.pid}"
 
 test_config()
 {
@@ -49,7 +49,7 @@ test_config()
 		/usr/sbin/dhcpd -t $OPTIONS -cf "$DHCPD_CONF"
 		exit 1
 	fi
-	touch /var/lib/dhcp/dhcpd.leases
+	touch /var/lib/dhcp/dhcpdv6.leases
 }
 
 # single arg is -v for messages, -q for none
@@ -107,7 +107,7 @@ case "$1" in
 		;;
 	*)
 		echo "Usage: $0 {start|stop|restart|force-reload|status}"
-		exit 1 
+		exit 1
 esac
 
 exit 0
diff --git a/src/op_mode/show_dhcp.py b/src/op_mode/show_dhcp.py
index c2a05f516..f801ba753 100755
--- a/src/op_mode/show_dhcp.py
+++ b/src/op_mode/show_dhcp.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2019 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -190,7 +190,7 @@ if __name__ == '__main__':
         sys.exit(0)
 
     # if dhcp server is down, inactive leases may still be shown as active, so warn the user.
-    if os.system('systemctl -q is-active isc-dhcp-server.service') != 0:
+    if os.system('systemctl -q is-active isc-dhcpv4-server.service') != 0:
         print("WARNING: DHCP server is configured but not started. Data may be stale.")
 
     if args.leases:
diff --git a/src/op_mode/show_dhcpv6.py b/src/op_mode/show_dhcpv6.py
index 1a6ee62e6..ae63af39b 100755
--- a/src/op_mode/show_dhcpv6.py
+++ b/src/op_mode/show_dhcpv6.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2018 VyOS maintainers and contributors
+# Copyright (C) 2018-2019 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as