summaryrefslogtreecommitdiff
path: root/debian
diff options
context:
space:
mode:
Diffstat (limited to 'debian')
-rw-r--r--debian/control47
-rwxr-xr-xdebian/rules5
-rwxr-xr-xdebian/vyos-1x-smoketest.postinst17
-rw-r--r--debian/vyos-1x.install5
-rw-r--r--debian/vyos-1x.postinst16
-rw-r--r--debian/vyos-1x.preinst1
6 files changed, 69 insertions, 22 deletions
diff --git a/debian/control b/debian/control
index d1d1602ae..9b798eb97 100644
--- a/debian/control
+++ b/debian/control
@@ -8,7 +8,6 @@ Build-Depends:
fakeroot,
gcc,
iproute2,
- libvyosconfig0 (>= 0.0.7),
libzmq3-dev,
python3 (>= 3.10),
# For QA
@@ -16,6 +15,8 @@ Build-Depends:
# For generating command definitions
python3-lxml,
python3-xmltodict,
+# For generating serialization functions
+ protobuf-compiler,
# For running tests
python3-coverage,
python3-hurry.filesize,
@@ -40,7 +41,9 @@ Pre-Depends:
libpam-runtime [amd64],
libnss-tacplus [amd64],
libpam-tacplus [amd64],
- libpam-radius-auth [amd64]
+ vyos-libpam-radius-auth,
+ vyos-libnss-mapuser,
+ tzdata (>= 2025b)
Depends:
## Fundamentals
${python3:Depends} (>= 3.10),
@@ -70,6 +73,7 @@ Depends:
python3-netifaces,
python3-paramiko,
python3-passlib,
+ python3-protobuf,
python3-pyroute2,
python3-psutil,
python3-pyhumps,
@@ -77,6 +81,7 @@ Depends:
python3-pyudev,
python3-six,
python3-tabulate,
+ python3-tomli,
python3-voluptuous,
python3-xmltodict,
python3-zmq,
@@ -94,7 +99,7 @@ Depends:
linux-cpupower,
# ipaddrcheck is widely used in IP value validators
ipaddrcheck,
- ethtool,
+ ethtool (>= 6.10),
lm-sensors,
procps,
netplug,
@@ -115,7 +120,7 @@ Depends:
dosfstools,
grub-efi-amd64-signed [amd64],
grub-efi-arm64-bin [arm64],
- mokutil [amd64],
+ mokutil,
shim-signed [amd64],
sbsigntool [amd64],
# Image signature verification tool
@@ -123,6 +128,8 @@ Depends:
# Live filesystem tools
squashfs-tools,
fuse-overlayfs,
+# Tools for checking password strength
+ python3-cracklib,
## End installer
auditd,
iputils-arping,
@@ -166,14 +173,11 @@ Depends:
sstp-client,
# End "interfaces sstpc"
# For "protocols *"
- frr (>= 9.1),
+ frr (>= 10.2),
frr-pythontools,
frr-rpki-rtrlib,
frr-snmp,
# End "protocols *"
-# For "protocols nhrp" (part of DMVPN)
- opennhrp,
-# End "protocols nhrp"
# For "protocols igmp-proxy"
igmpproxy,
# End "protocols igmp-proxy"
@@ -192,7 +196,6 @@ Depends:
ddclient (>= 3.11.1),
# End "service dns dynamic"
# # For "service ids"
- fastnetmon [amd64],
suricata,
suricata-update,
# End "service ids"
@@ -200,14 +203,11 @@ Depends:
ndppd,
# End "service ndp-proxy"
# For "service router-advert"
- radvd,
+ radvd (>= 2.20),
# End "service route-advert"
-# For "load-balancing reverse-proxy"
+# For "load-balancing haproxy"
haproxy,
-# End "load-balancing reverse-proxy"
-# For "load-balancing wan"
- vyatta-wanloadbalance,
-# End "load-balancing wan"
+# End "load-balancing haproxy"
# For "service dhcp-relay"
isc-dhcp-relay,
# For "service dhcp-server"
@@ -235,6 +235,15 @@ Depends:
squidclient,
squidguard,
# End "service webproxy"
+# For "service monitoring prometheus node-exporter"
+ node-exporter,
+# End "service monitoring prometheus node-exporter"
+# For "service monitoring prometheus frr-exporter"
+ frr-exporter,
+# End "service monitoring prometheus frr-exporter"
+# For "service monitoring prometheus blackbox-exporter"
+ blackbox-exporter,
+# End "service monitoring prometheus blackbox-exporter"
# For "service monitoring telegraf"
telegraf (>= 1.20),
# End "service monitoring telegraf"
@@ -318,6 +327,14 @@ Depends:
# iptables is only used for containers now, not the the firewall CLI
iptables,
# End container
+# For "vpp"
+ libvppinfra,
+ python3-vpp-api,
+ vpp,
+ vpp-dev,
+ vpp-plugin-core,
+ vpp-plugin-dpdk,
+# End "vpp"
## End Configuration mode
## Operational mode
# Used for hypervisor model in "run show version"
diff --git a/debian/rules b/debian/rules
index df1d9e7f3..f579ffec9 100755
--- a/debian/rules
+++ b/debian/rules
@@ -9,6 +9,7 @@ VYOS_CFG_TMPL_DIR := opt/vyatta/share/vyatta-cfg/templates
VYOS_OP_TMPL_DIR := opt/vyatta/share/vyatta-op/templates
VYOS_MIBS_DIR := usr/share/snmp/mibs
VYOS_LOCALUI_DIR := srv/localui
+VYCONF_REFTREE_DIR := $(VYOS_LIBEXEC_DIR)/vyconf/reftree
MIGRATION_SCRIPTS_DIR := opt/vyatta/etc/config-migrate/migrate
ACTIVATION_SCRIPTS_DIR := usr/libexec/vyos/activate
@@ -89,8 +90,12 @@ override_dh_auto_install:
cp -r templates-op/* $(DIR)/$(VYOS_OP_TMPL_DIR)
# Install data files
+ mkdir -p $(DIR)/$(VYCONF_REFTREE_DIR)
+ cp -r data/reftree.cache $(DIR)/$(VYCONF_REFTREE_DIR)
mkdir -p $(DIR)/$(VYOS_DATA_DIR)
cp -r data/* $(DIR)/$(VYOS_DATA_DIR)
+ # Remove j2lint comments / linter configuration which would insert additional new-lines
+ find $(DIR)/$(VYOS_DATA_DIR) -name "*.j2" -type f | xargs sed -i -e '/^{#.*#}/d'
# Create localui dir
mkdir -p $(DIR)/$(VYOS_LOCALUI_DIR)
diff --git a/debian/vyos-1x-smoketest.postinst b/debian/vyos-1x-smoketest.postinst
index 18612804c..bff73796c 100755
--- a/debian/vyos-1x-smoketest.postinst
+++ b/debian/vyos-1x-smoketest.postinst
@@ -1,10 +1,19 @@
#!/bin/sh -e
BUSYBOX_TAG="docker.io/library/busybox:stable"
-OUTPUT_PATH="/usr/share/vyos/busybox-stable.tar"
+BUSYBOX_PATH="/usr/share/vyos/busybox-stable.tar"
+if [[ ! -f $BUSYBOX_PATH ]]; then
+ skopeo copy --additional-tag "$BUSYBOX_TAG" "docker://$BUSYBOX_TAG" "docker-archive:/$BUSYBOX_PATH"
+fi
-if [[ -f $OUTPUT_PATH ]]; then
- rm -f $OUTPUT_PATH
+TACPLUS_TAG="docker.io/lfkeitel/tacacs_plus:alpine"
+TACPLUS_PATH="/usr/share/vyos/tacplus-alpine.tar"
+if [[ ! -f $TACPLUS_PATH ]]; then
+ skopeo copy --additional-tag "$TACPLUS_TAG" "docker://$TACPLUS_TAG" "docker-archive:/$TACPLUS_PATH"
fi
-skopeo copy --additional-tag "$BUSYBOX_TAG" "docker://$BUSYBOX_TAG" "docker-archive:/$OUTPUT_PATH"
+RADIUS_TAG="docker.io/dchidell/radius-web:latest"
+RADIUS_PATH="/usr/share/vyos/radius-latest.tar"
+if [[ ! -f $RADIUS_PATH ]]; then
+ skopeo copy --additional-tag "$RADIUS_TAG" "docker://$RADIUS_TAG" "docker-archive:/$RADIUS_PATH"
+fi
diff --git a/debian/vyos-1x.install b/debian/vyos-1x.install
index 7171911dc..4e312a648 100644
--- a/debian/vyos-1x.install
+++ b/debian/vyos-1x.install
@@ -1,5 +1,6 @@
etc/bash_completion.d
etc/commit
+etc/cron.d
etc/default
etc/dhcp
etc/ipsec.d
@@ -8,7 +9,6 @@ etc/netplug
etc/opennhrp
etc/modprobe.d
etc/ppp
-etc/rsyslog.conf
etc/securetty
etc/security
etc/skel
@@ -25,9 +25,11 @@ srv/localui
usr/sbin
usr/bin/config-mgmt
usr/bin/initial-setup
+usr/bin/vyos-show-config
usr/bin/vyos-config-file-query
usr/bin/vyos-config-to-commands
usr/bin/vyos-config-to-json
+usr/bin/vyos-commands-to-config
usr/bin/vyos-hostsd-client
usr/lib
usr/libexec/vyos/activate
@@ -38,6 +40,7 @@ usr/libexec/vyos/op_mode
usr/libexec/vyos/services
usr/libexec/vyos/system
usr/libexec/vyos/validators
+usr/libexec/vyos/vyconf
usr/libexec/vyos/*.py
usr/libexec/vyos/*.sh
usr/share
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
index dc8ada267..798ecaa1b 100644
--- a/debian/vyos-1x.postinst
+++ b/debian/vyos-1x.postinst
@@ -21,6 +21,11 @@ if ! grep -q '^openvpn' /etc/passwd; then
adduser --quiet --firstuid 100 --system --group --shell /usr/sbin/nologin openvpn
fi
+# node_exporter should get its own user
+if ! grep -q '^node_exporter' /etc/passwd; then
+ adduser --quiet --firstuid 100 --system --group --shell /bin/false node_exporter
+fi
+
# We need to have a group for RADIUS service users to use it inside PAM rules
if ! grep -q '^radius' /etc/group; then
addgroup --firstgid 1000 --quiet radius
@@ -216,11 +221,9 @@ fi
# Remove unwanted daemon files from /etc
# conntackd
# pmacct
-# fastnetmon
# ntp
DELETE="/etc/logrotate.d/conntrackd.distrib /etc/init.d/conntrackd /etc/default/conntrackd
/etc/default/pmacctd /etc/pmacct
- /etc/networks_list /etc/networks_whitelist /etc/fastnetmon.conf
/etc/ntp.conf /etc/default/ssh /etc/avahi/avahi-daemon.conf /etc/avahi/hosts
/etc/powerdns /etc/default/pdns-recursor
/etc/ppp/ip-up.d/0000usepeerdns /etc/ppp/ip-down.d/0000usepeerdns"
@@ -262,3 +265,12 @@ fi
# T4287 - as we have a non-signed kernel use the upstream wireless reulatory database
update-alternatives --set regulatory.db /lib/firmware/regulatory.db-upstream
+
+# Restart vyos-configd to apply changes in Python scripts/templates
+if systemctl is-active --quiet vyos-configd; then
+ systemctl restart vyos-configd
+fi
+# Restart vyos-domain-resolver if running
+if systemctl is-active --quiet vyos-domain-resolver; then
+ systemctl restart vyos-domain-resolver
+fi
diff --git a/debian/vyos-1x.preinst b/debian/vyos-1x.preinst
index fbfc85566..08f48cac2 100644
--- a/debian/vyos-1x.preinst
+++ b/debian/vyos-1x.preinst
@@ -5,6 +5,7 @@ dpkg-divert --package vyos-1x --add --no-rename /etc/logrotate.d/conntrackd
dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.conf
dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.bashrc
dpkg-divert --package vyos-1x --add --no-rename /etc/skel/.profile
+dpkg-divert --package vyos-1x --add --no-rename /etc/sysctl.d/80-vpp.conf
dpkg-divert --package vyos-1x --add --no-rename /etc/netplug/netplugd.conf
dpkg-divert --package vyos-1x --add --no-rename /etc/netplug/netplug
dpkg-divert --package vyos-1x --add --no-rename /etc/rsyslog.d/45-frr.conf
generated by cgit v1.2.3 (git 2.39.1) at 2025-07-04 05:04:28 +0000