summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
authorChristian Breunig <christian@breunig.cc>2024-07-04 13:40:18 +0200
committerGitHub <noreply@github.com>2024-07-04 13:40:18 +0200
commitec889a74217d8132874e571934866e08aaf11ba4 (patch)
tree4cb93a0bfdb2f5a810b2018e69fb73182e8ba251 /debian
parent18f6159536d67c8fdabf02fe1aa8b4e0e94986d8 (diff)
parent7aa420e5a5509793030350acb9c108eaef6c79ea (diff)
downloadvyos-1x-ec889a74217d8132874e571934866e08aaf11ba4.tar.gz
vyos-1x-ec889a74217d8132874e571934866e08aaf11ba4.zip
Merge pull request #3766 from vyos/mergify/bp/circinus/pr-3745
T6527: add legacy Vyatta interpreter files still in use (backport #3745)
Diffstat (limited to 'debian')
-rw-r--r--debian/control46
-rwxr-xr-xdebian/rules4
-rw-r--r--debian/vyos-1x.install2
-rw-r--r--debian/vyos-1x.postinst55
4 files changed, 100 insertions, 7 deletions
diff --git a/debian/control b/debian/control
index 329ed09eb..30e0c9b09 100644
--- a/debian/control
+++ b/debian/control
@@ -10,7 +10,6 @@ Build-Depends:
iproute2,
libvyosconfig0 (>= 0.0.7),
libzmq3-dev,
- procps,
python3 (>= 3.10),
# For QA
pylint,
@@ -32,14 +31,24 @@ Standards-Version: 3.9.6
Package: vyos-1x
Architecture: amd64 arm64
Pre-Depends:
+ libpam-runtime [amd64],
libnss-tacplus [amd64],
libpam-tacplus [amd64],
libpam-radius-auth [amd64]
Depends:
## Fundamentals
${python3:Depends} (>= 3.10),
+ dialog,
libvyosconfig0,
+ libpam-cap,
+ bash-completion,
+ ipvsadm,
+ udev,
+ less,
+ at,
+ rsync,
vyatta-bash,
+ vyatta-biosdevname,
vyatta-cfg,
vyos-http-api-tools,
vyos-utils,
@@ -66,6 +75,7 @@ Depends:
python3-zmq,
## End of Python libraries
## Basic System services and utilities
+ coreutils,
sudo,
systemd,
bsdmainutils,
@@ -78,7 +88,6 @@ Depends:
# ipaddrcheck is widely used in IP value validators
ipaddrcheck,
ethtool,
- fdisk,
lm-sensors,
procps,
netplug,
@@ -91,6 +100,14 @@ Depends:
grc,
## End of System services and utilities
## For the installer
+ fdisk,
+ gdisk,
+ mdadm,
+ efibootmgr,
+ libefivar1,
+ dosfstools,
+ grub-efi-amd64-bin [amd64],
+ grub-efi-arm64-bin [arm64],
# Image signature verification tool
minisign,
# Live filesystem tools
@@ -99,6 +116,7 @@ Depends:
## End installer
auditd,
iputils-arping,
+ iputils-ping,
isc-dhcp-client,
# For "vpn pptp", "vpn l2tp", "vpn sstp", "service ipoe-server"
accel-ppp,
@@ -137,7 +155,7 @@ Depends:
sstp-client,
# End "interfaces sstpc"
# For "protocols *"
- frr (>= 7.5),
+ frr (>= 9.1),
frr-pythontools,
frr-rpki-rtrlib,
frr-snmp,
@@ -171,9 +189,12 @@ Depends:
# For "service router-advert"
radvd,
# End "service route-advert"
-# For "high-availability reverse-proxy"
+# For "load-balancing reverse-proxy"
haproxy,
-# End "high-availability reverse-proxy"
+# End "load-balancing reverse-proxy"
+# For "load-balancing wan"
+ vyatta-wanloadbalance,
+# End "load-balancing wan"
# For "service dhcp-relay"
isc-dhcp-relay,
# For "service dhcp-server"
@@ -227,6 +248,9 @@ Depends:
# For "high-availability vrrp"
keepalived (>=2.0.5),
# End "high-availability-vrrp"
+# For "system console"
+ util-linux,
+# End "system console"
# For "system task-scheduler"
cron,
# End "system task-scheduler"
@@ -259,7 +283,7 @@ Depends:
# For "system conntrack modules rtsp"
nat-rtsp,
# End "system conntrack modules rtsp"
-# For "system ntp"
+# For "service ntp"
chrony,
# End "system ntp"
# For "vpn openconnect"
@@ -268,7 +292,13 @@ Depends:
# For "system flow-accounting"
pmacct (>= 1.6.0),
# End "system flow-accounting"
-# For container
+# For "system syslog"
+ rsyslog,
+# End "system syslog"
+# For "system option keyboard-layout"
+ kbd,
+# End "system option keyboard-layout"
+# For "container"
podman,
netavark,
aardvark-dns,
@@ -306,6 +336,8 @@ Depends:
ndisc6,
# For "run monitor bandwidth"
bmon,
+# For "run format disk"
+ parted,
# End Operational mode
## TPM tools
cryptsetup,
diff --git a/debian/rules b/debian/rules
index 9da40465f..df1d9e7f3 100755
--- a/debian/rules
+++ b/debian/rules
@@ -103,6 +103,10 @@ override_dh_auto_install:
mkdir -p $(DIR)/etc
cp -r src/etc/* $(DIR)/etc
+ # Install legacy Vyatta files
+ mkdir -p $(DIR)/opt
+ cp -r src/opt/* $(DIR)/opt
+
# Install PAM configuration snippets
mkdir -p $(DIR)/usr/share/pam-configs
cp -r src/pam-configs/* $(DIR)/usr/share/pam-configs
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index b3978d38a..7171911dc 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,4 +1,6 @@
+etc/bash_completion.d
etc/commit
+etc/default
etc/dhcp
etc/ipsec.d
etc/logrotate.d
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index 78e895d6e..26b81db6f 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -120,6 +120,61 @@ fi
# ensure the proxy user has a proper shell
chsh -s /bin/sh proxy
+# Set file capabilities
+setcap cap_net_admin=pe /sbin/ethtool
+setcap cap_net_admin=pe /sbin/tc
+setcap cap_net_admin=pe /bin/ip
+setcap cap_net_admin=pe /sbin/xtables-legacy-multi
+setcap cap_net_admin=pe /sbin/xtables-nft-multi
+setcap cap_net_admin=pe /usr/sbin/conntrack
+setcap cap_net_admin=pe /usr/sbin/arp
+setcap cap_net_raw=pe /usr/bin/tcpdump
+setcap cap_net_admin,cap_sys_admin=pe /sbin/sysctl
+setcap cap_sys_module=pe /bin/kmod
+setcap cap_sys_time=pe /bin/date
+
+# create needed directories
+mkdir -p /var/log/user
+mkdir -p /var/core
+mkdir -p /opt/vyatta/etc/config/auth
+mkdir -p /opt/vyatta/etc/config/scripts
+mkdir -p /opt/vyatta/etc/config/user-data
+mkdir -p /opt/vyatta/etc/config/support
+chown -R root:vyattacfg /opt/vyatta/etc/config
+chmod -R 775 /opt/vyatta/etc/config
+mkdir -p /opt/vyatta/etc/logrotate
+mkdir -p /opt/vyatta/etc/netdevice.d
+
+touch /etc/environment
+
+if [ ! -f /etc/bash_completion ]; then
+ echo "source /etc/bash_completion.d/10vyatta-op" > /etc/bash_completion
+ echo "source /etc/bash_completion.d/20vyatta-cfg" >> /etc/bash_completion
+fi
+
+sed -i 's/^set /builtin set /' /etc/bash_completion
+
+# Fix up PAM configuration for login so that invalid users are prompted
+# for password
+sed -i 's/requisite[ \t][ \t]*pam_securetty.so/required pam_securetty.so/' $rootfsdir/etc/pam.d/login
+
+# Change default shell for new accounts
+sed -i -e ':^DSHELL:s:/bin/bash:/bin/vbash:' /etc/adduser.conf
+
+# Do not allow users to change full name field (controlled by vyos-1x)
+sed -i -e 's/^CHFN_RESTRICT/#&/' /etc/login.defs
+
+# Only allow root to use passwd command
+if ! grep -q 'pam_succeed_if.so' /etc/pam.d/passwd ; then
+ sed -i -e '/^@include/i \
+password requisite pam_succeed_if.so user = root
+' /etc/pam.d/passwd
+fi
+
+# remove unnecessary ddclient script in /etc/ppp/ip-up.d/
+# this logs unnecessary messages trying to start ddclient
+rm -f /etc/ppp/ip-up.d/ddclient
+
# create /opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script
PRECONFIG_SCRIPT=/opt/vyatta/etc/config/scripts/vyos-preconfig-bootup.script
if [ ! -x $PRECONFIG_SCRIPT ]; then