6 files changed, 95 insertions, 16 deletions

diff --git a/src/helpers/config_dependency.py b/src/helpers/config_dependency.py
index 50c72956e..817bcc65a 100755
--- a/src/helpers/config_dependency.py
+++ b/src/helpers/config_dependency.py
@@ -18,22 +18,75 @@
 
 import os
 import sys
+import json
 from argparse import ArgumentParser
 from argparse import ArgumentTypeError
-
-try:
-    from vyos.configdep import check_dependency_graph
-    from vyos.defaults import directories
-except ImportError:
-    # allow running during addon package build
-    _here = os.path.dirname(__file__)
-    sys.path.append(os.path.join(_here, '../../python/vyos'))
-    from configdep import check_dependency_graph
-    from defaults import directories
+from graphlib import TopologicalSorter, CycleError
 
 # addon packages will need to specify the dependency directory
-dependency_dir = os.path.join(directories['data'],
-                              'config-mode-dependencies')
+data_dir = '/usr/share/vyos/'
+dependency_dir = os.path.join(data_dir, 'config-mode-dependencies')
+
+def dict_merge(source, destination):
+    from copy import deepcopy
+    tmp = deepcopy(destination)
+
+    for key, value in source.items():
+        if key not in tmp:
+            tmp[key] = value
+        elif isinstance(source[key], dict):
+            tmp[key] = dict_merge(source[key], tmp[key])
+
+    return tmp
+
+def read_dependency_dict(dependency_dir: str = dependency_dir) -> dict:
+    res = {}
+    for dep_file in os.listdir(dependency_dir):
+        if not dep_file.endswith('.json'):
+            continue
+        path = os.path.join(dependency_dir, dep_file)
+        with open(path) as f:
+            d = json.load(f)
+        if dep_file == 'vyos-1x.json':
+            res = dict_merge(res, d)
+        else:
+            res = dict_merge(d, res)
+
+    return res
+
+def graph_from_dependency_dict(d: dict) -> dict:
+    g = {}
+    for k in list(d):
+        g[k] = set()
+        # add the dependencies for every sub-case; should there be cases
+        # that are mutally exclusive in the future, the graphs will be
+        # distinguished
+        for el in list(d[k]):
+            g[k] |= set(d[k][el])
+
+    return g
+
+def is_acyclic(d: dict) -> bool:
+    g = graph_from_dependency_dict(d)
+    ts = TopologicalSorter(g)
+    try:
+        # get node iterator
+        order = ts.static_order()
+        # try iteration
+        _ = [*order]
+    except CycleError:
+        return False
+
+    return True
+
+def check_dependency_graph(dependency_dir: str = dependency_dir,
+                           supplement: str = None) -> bool:
+    d = read_dependency_dict(dependency_dir=dependency_dir)
+    if supplement is not None:
+        with open(supplement) as f:
+            d = dict_merge(json.load(f), d)
+
+    return is_acyclic(d)
 
 def path_exists(s):
     if not os.path.exists(s):
@@ -50,8 +103,10 @@ def main():
     args = vars(parser.parse_args())
 
     if not check_dependency_graph(**args):
+        print("dependency error: cycle exists")
         sys.exit(1)
 
+    print("dependency graph acyclic")
     sys.exit(0)
 
 if __name__ == '__main__':
diff --git a/src/helpers/simple-download.py b/src/helpers/simple-download.py
new file mode 100755
index 000000000..501af75f5
--- /dev/null
+++ b/src/helpers/simple-download.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python3
+
+import sys
+from argparse import ArgumentParser
+from vyos.remote import download
+
+parser = ArgumentParser()
+parser.add_argument('--local-file', help='local file', required=True)
+parser.add_argument('--remote-path', help='remote path', required=True)
+
+args = parser.parse_args()
+
+try:
+    download(args.local_file, args.remote_path,
+             check_space=True, raise_error=True)
+except Exception as e:
+    print(e)
+    sys.exit(1)
+
+sys.exit()
diff --git a/src/helpers/strip-private.py b/src/helpers/strip-private.py
index eb584edaf..cb29069cf 100755
--- a/src/helpers/strip-private.py
+++ b/src/helpers/strip-private.py
@@ -1,6 +1,6 @@
 #!/usr/bin/python3
 
-# Copyright 2021-2022 VyOS maintainers and contributors <maintainers@vyos.io>
+# Copyright 2021-2023 VyOS maintainers and contributors <maintainers@vyos.io>
 #
 # This library is free software; you can redistribute it and/or
 # modify it under the terms of the GNU Lesser General Public
@@ -21,7 +21,6 @@ import sys
 
 from netaddr import IPNetwork, AddrFormatError
 
-
 parser = argparse.ArgumentParser(description='strip off private information from VyOS config')
 
 strictness = parser.add_mutually_exclusive_group()
@@ -119,6 +118,7 @@ if __name__ == "__main__":
         (True, re.compile(r'(shared-secret-key-file|ca-cert-file|cert-file|dh-file|key-file|client) (\S+)'), r'\1 xxxxxx'),
         # Strip IPSEC secrets
         (True, re.compile(r'pre-shared-secret \S+'), 'pre-shared-secret xxxxxx'),
+        (True, re.compile(r'secret \S+'), 'secret xxxxxx'),
         # Strip OSPF md5-key
         (True, re.compile(r'md5-key \S+'), 'md5-key xxxxxx'),
         # Strip WireGuard private-key
diff --git a/src/helpers/vyos-boot-config-loader.py b/src/helpers/vyos-boot-config-loader.py
index 01b06526d..42de696ce 100755
--- a/src/helpers/vyos-boot-config-loader.py
+++ b/src/helpers/vyos-boot-config-loader.py
@@ -102,7 +102,8 @@ def failsafe(config_file_name):
                                       'authentication',
                                       'encrypted-password'])
 
-    cmd(f"useradd -s /bin/bash -G 'users,sudo' -m -N -p '{passwd}' vyos")
+    cmd(f"useradd --create-home --no-user-group --shell /bin/vbash --password '{passwd}' "\
+        "--groups frr,frrvty,vyattacfg,sudo,adm,dip,disk vyos")
 
 if __name__ == '__main__':
     if len(sys.argv) < 2:
diff --git a/src/helpers/vyos-certbot-renew-pki.sh b/src/helpers/vyos-certbot-renew-pki.sh
new file mode 100755
index 000000000..d0b663f7b
--- /dev/null
+++ b/src/helpers/vyos-certbot-renew-pki.sh
@@ -0,0 +1,3 @@
+#!/bin/sh
+source /opt/vyatta/etc/functions/script-template
+/usr/libexec/vyos/conf_mode/pki.py certbot_renew
diff --git a/src/helpers/vyos-load-config.py b/src/helpers/vyos-load-config.py
index e579e81b2..4ec865454 100755
--- a/src/helpers/vyos-load-config.py
+++ b/src/helpers/vyos-load-config.py
@@ -66,7 +66,7 @@ def get_local_config(filename):
 
     return config_str
 
-if any(x in file_name for x in protocols):
+if any(file_name.startswith(f'{x}://') for x in protocols):
     config_string = vyos.remote.get_remote_config(file_name)
     if not config_string:
         sys.exit(f"No such config file at '{file_name}'")