7 files changed, 41 insertions, 50 deletions

diff --git a/data/templates/frr/daemons.frr.tmpl b/data/templates/frr/daemons.frr.tmpl
index c637e18bc..339b4e52f 100644
--- a/data/templates/frr/daemons.frr.tmpl
+++ b/data/templates/frr/daemons.frr.tmpl
@@ -101,7 +101,7 @@ pathd_options="  --daemon -A 127.0.0.1"
 #
 
 vtysh_enable=yes
-watchfrr_enable=no
+watchfrr_enable=yes
 valgrind_enable=no
 
 #watchfrr_options=""
diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i
index 5ca1d525f..68d1b172f 100644
--- a/interface-definitions/include/interface/dhcpv6-options.xml.i
+++ b/interface-definitions/include/interface/dhcpv6-options.xml.i
@@ -4,18 +4,7 @@
     <help>DHCPv6 client settings/options</help>
   </properties>
   <children>
-    <leafNode name="duid">
-      <properties>
-        <help>DHCP unique identifier (DUID) to be sent by dhcpv6 client</help>
-        <valueHelp>
-          <format>duid</format>
-          <description>DHCP unique identifier (DUID)</description>
-        </valueHelp>
-        <constraint>
-          <validator name="ipv6-duid"/>
-        </constraint>
-      </properties>
-    </leafNode>
+    #include <include/interface/duid.xml.i>
     <leafNode name="parameters-only">
       <properties>
         <help>Acquire only config parameters, no address</help>
diff --git a/interface-definitions/include/interface/duid.xml.i b/interface-definitions/include/interface/duid.xml.i
new file mode 100644
index 000000000..8d808696e
--- /dev/null
+++ b/interface-definitions/include/interface/duid.xml.i
@@ -0,0 +1,15 @@
+<!-- include start from interface/duid.xml.i -->
+<leafNode name="duid">
+  <properties>
+    <help>DHCP unique identifier (DUID) to be sent by client</help>
+    <valueHelp>
+      <format>duid</format>
+      <description>DHCP unique identifier</description>
+    </valueHelp>
+    <constraint>
+      <regex>([0-9A-Fa-f]{2}:){0,127}([0-9A-Fa-f]{2})</regex>
+    </constraint>
+    <constraintErrorMessage>Invalid DUID, must be in the format h[[:h]...]</constraintErrorMessage>
+  </properties>
+</leafNode>
+<!-- include end -->
diff --git a/python/vyos/system/grub.py b/python/vyos/system/grub.py
index 61a9c7749..a94729964 100644
--- a/python/vyos/system/grub.py
+++ b/python/vyos/system/grub.py
@@ -13,6 +13,8 @@
 # You should have received a copy of the GNU Lesser General Public
 # License along with this library.  If not, see <http://www.gnu.org/licenses/>.
 
+import platform
+
 from pathlib import Path
 from re import MULTILINE, compile as re_compile
 from typing import Union
@@ -57,16 +59,22 @@ def install(drive_path: str, boot_dir: str, efi_dir: str, id: str = 'VyOS') -> N
         boot_dir (str): a path to '/boot' directory
         efi_dir (str): a path to '/boot/efi' directory
     """
-    commands: list[str] = [
-        f'grub-install --no-floppy --target=i386-pc --boot-directory={boot_dir} \
-            {drive_path} --force',
-        f'grub-install --no-floppy --recheck --target=x86_64-efi \
+
+    efi_installation_arch = "x86_64"
+    if platform.machine() == "aarch64":
+        efi_installation_arch = "arm64"
+    elif platform.machine() == "x86_64":
+        cmd(
+            f'grub-install --no-floppy --target=i386-pc \
+            --boot-directory={boot_dir}  {drive_path} --force'
+        )
+
+    cmd(
+        f'grub-install --no-floppy --recheck --target={efi_installation_arch}-efi \
             --force-extra-removable --boot-directory={boot_dir} \
             --efi-directory={efi_dir} --bootloader-id="{id}" \
             --no-uefi-secure-boot'
-    ]
-    for command in commands:
-        cmd(command)
+    )
 
 
 def gen_version_uuid(version_name: str) -> str:
diff --git a/src/conf_mode/https.py b/src/conf_mode/https.py
index 40b7de557..3dc5dfc01 100755
--- a/src/conf_mode/https.py
+++ b/src/conf_mode/https.py
@@ -1,6 +1,6 @@
 #!/usr/bin/env python3
 #
-# Copyright (C) 2019-2022 VyOS maintainers and contributors
+# Copyright (C) 2019-2023 VyOS maintainers and contributors
 #
 # This program is free software; you can redistribute it and/or modify
 # it under the terms of the GNU General Public License version 2 or later as
@@ -24,6 +24,7 @@ from time import sleep
 import vyos.defaults
 import vyos.certbot_util
 
+from vyos.base import Warning
 from vyos.config import Config
 from vyos.configdiff import get_config_diff
 from vyos.configverify import verify_vrf
@@ -193,6 +194,9 @@ def verify(https):
         if (not valid_keys_exist) and (not jwt_auth):
             raise ConfigError('At least one HTTPS API key is required unless GraphQL token authentication is enabled')
 
+        if (not valid_keys_exist) and jwt_auth:
+            Warning(f'API keys are not configured: the classic (non-GraphQL) API will be unavailable.')
+
     return None
 
 def generate(https):
diff --git a/src/services/vyos-http-api-server b/src/services/vyos-http-api-server
index bfd50cc80..b64e58132 100755
--- a/src/services/vyos-http-api-server
+++ b/src/services/vyos-http-api-server
@@ -872,13 +872,15 @@ def initialization(session: ConfigSession, app: FastAPI = app):
     global server
     try:
         server_config = load_server_config()
-        keys = flatten_keys(server_config)
     except Exception as e:
         logger.critical(f'Failed to load the HTTP API server config: {e}')
         sys.exit(1)
 
     app.state.vyos_session = session
-    app.state.vyos_keys = keys
+    app.state.vyos_keys = []
+
+    if 'keys' in server_config:
+        app.state.vyos_keys = flatten_keys(server_config)
 
     app.state.vyos_debug = bool('debug' in server_config)
     app.state.vyos_strict = bool('strict' in server_config)
diff --git a/src/validators/ipv6-duid b/src/validators/ipv6-duid
deleted file mode 100755
index fd4728e50..000000000
--- a/src/validators/ipv6-duid
+++ /dev/null
@@ -1,27 +0,0 @@
-#!/usr/bin/env python3
-#
-# Copyright (C) 2021 VyOS maintainers and contributors
-#
-# This program is free software; you can redistribute it and/or modify
-# it under the terms of the GNU General Public License version 2 or later as
-# published by the Free Software Foundation.
-#
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-import re
-import sys
-
-pattern = "^([0-9A-Fa-f]{2}:){,127}([0-9A-Fa-f]{2})$"
-
-if __name__ == '__main__':
-    if len(sys.argv) != 2:
-        sys.exit(1)
-    if not re.match(pattern, sys.argv[1]):
-        sys.exit(1)
-    sys.exit(0)