| Age | Commit message (Collapse) | Author |
|---|
|
op-mode: T6503: "restart ssh" command not working
|
|
For every PR we will build the vyos-1x package and include it in a custom build
of the VyOS ISO image (generic flavor) in order to execute the commonly
available smoketests:
- make test (CLI smoketests)
- make testc (config load & migration tests)
- make testraid (Installation of RAID1 system with disk replacement)
This is a measure agains merged PRs that break the smoketests in the end.
|
|
The environment variable SUDO_USER is checked by system_login.py so as
to prevent deleting the current user. Provide from config session and
set within configd environment.
|
|
Commit e5af1f090 ("ssh: T6192: allow binding to multiple VRF instances")
switched the systemd unit file from ssh.service to ssh@*.service, this change
was not reflected in the "restart ssh" op-mode command.
|
|
op mode: T6498: move uptime helpers to vyos.utils.system
|
|
to be able to call them from the new tech-support script
|
|
snmp: T6489: use new Python wrapper to interact with config filesystem
|
|
op-mode: T5514: Allow safe reboots to config defaults when config.boot is deleted
|
|
Do no longer use my_set and my_delete as this prevents scripts beeing run under
supervision of vyos-configd.
|
|
T3900: firewall: fix for initial implementation
|
|
|
|
|
|
policy on OUTUT_raw
|
|
T5949: Add option to disable USB autosuspend
|
|
openconnect: T6500: add support for multiple ca-certificates
|
|
macsec: T5447: fix error message syntax - there is no tx and rx key, only key
|
|
|
|
|
|
Add possibility to provide a full CA chain to the openconnect server.
* Support multiple CA certificates
* For every CA certificate specified, always determine the full certificate
chain in the background and add the necessary SSL certificates
|
|
T6497: CGNAT delete conntrack entries if a pool is modified
|
|
|
|
|
|
deleted
* Added flag to vyos.config_mgmt.unsaved_commits() that will tolerate missing config.boot for specific circumstances
* Shutdown/reboot uses this flag; config will regenerate from defaults after a reboot
|
|
T6492: Check if all migrators have the executable bit set
|
|
wireless: T6425: Fixing VHT beamforming for 802.11ac
|
|
Commit 9e22ab6b2a ("wireless: T6318: move country-code to a system wide
configuration") removed the per wifi interface setting for a country-code. This
commit adjust the smoketests to the new design.
|
|
|
|
|
|
|
|
T6489: Add support for CLI config scripts that change the underlaying working configuration
|
|
wireless: T6318: add quotes for console speed in config-tests
|
|
|
|
pki: T6241: remove debug print statement about updated subsystems
|
|
pki: T4026: Only emit private keys when available
|
|
wireless: T6318: move country-code to a system wide configuration
|
|
|
|
T6494: Update sonarcloud.yml and add more branches for scanning
|
|
|
|
openvpn: T5487: Fix migration smoketests commands
|
|
|
|
Wireless devices are subject to regulations issued by authorities. For any
given AP or router, there will most likely be no case where one wireless NIC is
located in one country and another wireless NIC in the same device is located
in another country, resulting in different regulatory domains to apply to the
same box.
Currently, wireless regulatory domains in VyOS need to be configured per-NIC:
set interfaces wireless wlan0 country-code us
This leads to several side-effects:
* When operating multiple WiFi NICs, they all can have different regulatory
domains configured which might offend legislation.
* Some NICs need additional entries to /etc/modprobe.d/cfg80211.conf to apply
regulatory domain settings, such as: "options cfg80211 ieee80211_regdom=US"
This is true for the Compex WLE600VX. This setting cannot be done
per-interface.
Migrate the first found wireless module country-code from the wireless
interface CLI to: "system wireless country-code"
|
|
* install_certificate() code path handles private_key=None &
key_passphrase=None OK already
* file and console output paths will error trying to encode None as a key
* This is only an issue for a couple of the generate_*_sign() functions,
where having a null private key is possible
* Self-signing and CA creation always generate a private key
* Certreqs will generate a private key if not already provided
* Do not prompt for a private key passphrase if we aren't giving back a
private key
|
|
Commit 9f9891a2099 ("pki: T6241: Fix dependency updates on PKI changes") added
a print() statement which notified the users about the subsystems which got
supplied with an updated certificate.
Example:
> PKI: Updating config: interfaces openvpn vtun0 tls certificate openvpn_vtun0
> PKI: Updating config: interfaces openvpn vtun0 tls ca_certificate openvpn_vtun0_1
This is an informational message which should maybe (if needed) be sent to
syslog. But the main issue is that CLI paths are mangled (- to _) which makes
the about print output wrong and could potentially confuse users.
Statement has been commented to be re-enabled for debugging.
|
|
openvpn: T5487: make migration script executable
|
|
Migration script introduced in commit 0f669a226 ("openvpn: T5487: Remove
eprecated option --cipher for server and client mode") lacked executable
permission.
|
|
filesystem
|
|
|
|
my_set/my_delete
|
|
|
|
op-mode: T6480: must call pki.py helper as root to work with ACME certificates
|
