summaryrefslogtreecommitdiff
path: root/debian/control
AgeCommit message (Collapse)Author
2024-01-08https: T5886: migrate https certbot to new "pki certificate" CLI treeChristian Breunig
(cherry picked from commit 9ab6665c80c30bf446d94620fc9d85b052d48072)
2024-01-08pki: T5886: add support for ACME protocol (LetsEncrypt)Christian Breunig
The "idea" of this PR is to add new CLI nodes under the pki subsystem to activate ACME for any given certificate. vyos@vyos# set pki certificate NAME acme Possible completions: + domain-name Domain Name email Email address to associate with certificate listen-address Local IPv4 addresses to listen on rsa-key-size Size of the RSA key (default: 2048) url Remote URL (default: https://acme-v02.api.letsencrypt.org/directory) Users choose if the CLI based custom certificates are used set pki certificate EXAMPLE acme certificate <base64> or if it should be generated via ACME. The ACME server URL defaults to LetsEncrypt but can be changed to their staging API for testing to not get blacklisted. set pki certificate EXAMPLE acme url https://acme-staging-v02.api.letsencrypt.org/directory Certificate retrieval has a certbot --dry-run stage in verify() to see if it can be generated. After successful generation, the certificate is stored in under /config/auth/letsencrypt. Once a certificate is referenced in the CLI (e.g. set interfaces ethernet eth0 eapol certificate EXAMPLE) we call vyos.config.get_config_dict() which will (if with_pki=True is set) blend in the base64 encoded certificate into the JSON data structure normally used when using a certificate set by the CLI. Using this "design" does not need any change to any other code referencing the PKI system, as the base64 encoded certificate is already there. certbot renewal will call the PKI python script to trigger dependency updates. (cherry picked from commit b8db1a9d7baf91b70c1b735e58710f1e2bc9fc7a) # Conflicts: # debian/control
2023-12-14T5826: ensure dmidecode is installed as a dependency of vyos-1xMathew McBride
dmicode is used in the "show hardware dmi" and to derive synthetic MAC addresses (see python/vyos/ifconfig/interface.py). On non-x86 platforms like arm64 it may not be pulled in explictly by other packages (like libparted2) so add it as an explicit dependency. (cherry picked from commit 46c929a99b7d507451d8385b315ae7ef9e7cbed5)
2023-12-07T160: Fix Debian control conflictsViacheslav Hletenko
2023-12-07nat64: T160: Implement Jool-based NAT64 translatorJoe Groocock
Signed-off-by: Joe Groocock <me@frebib.net> (cherry picked from commit 7d49f7079f1129c2fadc7f38ceb230804d89e177) # Conflicts: # debian/control
2023-11-30ddclient: T5708: Migration to 3.11.1 and related improvementsIndrajit Raychaudhuri
- Migrate to ddclient 3.11.1 and enforce debian/control dependency - Add dual stack support for additional protocols - Restrict usage of `porkbun` protocol, VyOS configuration structure isn't compatible with porkbun yet - Improve and cleanup error messages
2023-11-19T2405: add Git support to commit-archiveYun Zheng Hu
(cherry picked from commit a89243cfbfc90854a8cddd53c0ffc987f75abcee)
2023-11-09T1797: Remove vpp packages and mentionsViacheslav Hletenko
2023-08-09T5448: Add service zabbix-agent version 2Viacheslav Hletenko
Add service zabbix-agent set service zabbix-agent directory '/config/zabbix/' set service zabbix-agent limits buffer-flush-interval '8' set service zabbix-agent limits buffer-size '120' set service zabbix-agent log debug-level 'warning' set service zabbix-agent log size '1' set service zabbix-agent server '192.0.2.5' set service zabbix-agent server-active 192.0.2.5 port '10051' set service zabbix-agent server-active 2001:db8::123
2023-07-29vpp: T1797: change dependency to amd64 builds onlyChristian Breunig
2023-07-22Revert "Debian: T4974: add openvpn-dco dependency"Christian Breunig
This reverts commit 9f7b51370732606611253e2e6a16692bf706659b.
2023-07-15Debian: T4974: add openvpn-dco dependencyChristian Breunig
2023-07-12debian: T5003: add power management userspace toolsChristian Breunig
2023-07-12container: T5352: Fix missing dependency for netavarkYouyuan
There is a missing dependency iptables for netavark . Debian marked it as optional but should be a dependency. If not installed, container cannot be created with assigned network. The rolling release is built with package iptables so there is no bug. But if users build iso on their own, container will not work if container network is assigned.
2023-06-29Merge pull request #2059 from sever-sever/T1797-vppChristian Breunig
T1797: Add initial vpp configuration
2023-06-29tacacs: T141: tacacs is not available for arm64 (yet)Christian Breunig
2023-06-27VPP: T1797: Replaced CLI with APIViacheslav Hletenko
2023-06-27T1797: Add initial vpp configurationViacheslav Hletenko
Add initial configuration mode for VPP (PoC) set vpp cpu corelist-workers '2' set vpp cpu main-core '1' set vpp interface eth1 num-rx-desc '256' set vpp interface eth1 num-rx-queues '512' set vpp interface eth1 num-tx-desc '256' set vpp interface eth1 num-tx-queues '512' set vpp interface eth1 pci '0000:02:00.0' set vpp interface eth1 rx-mode 'polling' set vpp interface eth2 pci '0000:08:00.0' Limitation: - 'set vpp interface ethX pci auto' works only per first commit, then interface detached from default stack and creates tun interface 'ethX' to communicate with default stack. In this case we can't get PCI address via ethtool for 'tun' interfaces. But we can set pci address manualy. - Interface sync between default stack and VPP-DPDK stack After vpp change it doesn't trigger iproute2 for changes (should be written later) I.e. if we change something in vpp per each commit it restarts vpp.service it gets empty interface config as we don't configure vpp directly and it should be configured via iproute2 But then if we do any change on interface (for example description) it gets IP address, MTU, state, etc.
2023-06-21tacacs: T141: add debian package dependenciesChristian Breunig
2023-06-12Debian: T5286: cleanup dependenciesChristian Breunig
2023-06-12T5286: drop XDP support for ethernet and bonding interfacesChristian Breunig
... this is a step towards a new and better implementation that will utilize VPP.
2023-05-17T5222: Add load-balancing for web trafficViacheslav Hletenko
2023-04-21debian packaging: T5172: set minimum Python version to 3.10Daniil Baturin
since it's required for match statements and for op mode introspection
2023-04-14container: T5082: enable aardvark-dns supportChristian Breunig
With commit 0ea3e1420 ("container: T5082: switch to netavark network stack") moving to a new network stack we should also enable the new DNS plugin provided by default. TODO: add CLI nodes to manually disable DNS and/or supply external DNS servers to the container.
2023-04-04T5142: Add audit tool to monitor security-relevant eventsViacheslav Hletenko
2023-04-01container: T5082: switch to netavark network stackChristian Breunig
We now support assigning discrete IPv6 addresses to a container.
2023-03-16T5086: Add sFlow feature based on hsflowdViacheslav Hletenko
Add sFlow feature based on hsflowd According to user reviews, it works more stable and more productive than pmacct I haven't deleted 'pmacct' 'system flow-accounting sflow' yet It could be migrated or deprecated later set system sflow agent-address '192.0.2.14' set system sflow interface 'eth0' set system sflow interface 'eth1' set system sflow polling '30' set system sflow sampling-rate '100' set system sflow server 192.0.2.1 port '6343' set system sflow server 192.0.2.11 port '6343'
2023-03-12Revert "Debian: T2216: add netavark dependency for podman containers"Christian Breunig
This reverts commit 9ed4113d6c4809a0126d04c99d60eaa76a7b6b15.
2023-03-11container: T5003: add dependency on fuse-overlayfsChristian Breunig
Fix podman error about invalid storage: [graphdriver] prior storage driver overlay failed: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver" Error: 'overlay' is not supported over overlayfs, a mount_program is required: backing file system is unsupported for this graph driver.
2023-03-11Debian: T2216: add netavark dependency for podman containersChristian Breunig
2023-03-11Debian: remove python3-pyhumps from build dependencies, provided via pip in ↵Christian Breunig
container
2023-02-25python: T5026: Replace deprecated Python modules crypt, spwdsarthurdev
DeprecationWarning: 'crypt' is deprecated and slated for removal in Python 3.13 DeprecationWarning: 'spwd' is deprecated and slated for removal in Python 3.13
2023-02-15Merge pull request #1817 from sarthurdev/bookwormChristian Breunig
debian: T5003: Upgrade base system to Debian 12 "Bookworm"
2023-02-14strongSwan: T4593: move to charon-systemdChristian Breunig
2023-02-13debian: T5003: Build tests require iproute2sarthurdev
2023-02-13debian: T5003: Remove obsolete crda packagesarthurdev
Kernel now performs this function internally
2023-02-13debian: T5003: Update XDP for latest libbpfsarthurdev
2023-01-14ntp: T3008: migrate from ntpd to chronyChristian Breunig
* Move CLI from "system ntp" -> "service ntp" * Drop NTP server option preempt as not supported by chrony
2023-01-09Revert "strongSwan: T4593: add charon-systemd runtime dependency"Christian Poessinger
This reverts commit 36d16f531236a62b5afc6cdd5f04d20c2b1883e6.
2023-01-01qos: T4284: first implementation introducing a new vyos.qos moduleChristian Poessinger
2022-12-27strongSwan: T4593: add charon-systemd runtime dependencyChristian Poessinger
2022-12-11sstp: T4792: add sstp-client package dependencyChristian Poessinger
2022-11-07containers: T2216: Move skopeo and busybox image to smoketest post-installsarthurdev
2022-11-01op-mode: T4791: add python3-pyhumps as build dep for op-mode nosetestJohn Estabrook
Using humps.decamelize in vyos.opmode requires python3-pyhumps to be a build dependency for the nosetest test_op_mode.py.
2022-10-31T4786: Add package python3-pyhumpsViacheslav Hletenko
humps Convert strings (and dictionary keys) between snake case, camel case and pascal case in Python % decamelize('superTCPOption') 'super_tcp_option' % % decamelize({'ParamOption': 'one', 'fooBarBaz': True}) {'param_option': 'one', 'foo_bar_baz': True} %
2022-10-29T4783: add stunnel to the imageDaniil Baturin
2022-10-17xdp: T4284: libbpf-dev/libbpf0 is only available for VyOS on amd64Christian Poessinger
2022-10-16xdp: T4284: migrate to Debian libbpfChristian Poessinger
In order to properly retrieve JSON information in the Smoketests for the new QoS implementation we need a recent (>6.0) version of iproute2. This requires the libbpf-dev package and this small source-code change.
2022-09-15system login: T874: add libpam-google-authenticator package to provide 2FA ↵goodNETnick
support
2022-08-16Debian: T4584: remove version number from hostap package requirementChristian Poessinger