Age | Commit message (Collapse) | Author | |
---|---|---|---|
6 days | T7499: call commit only if session_changed | John Estabrook | |
6 days | T7499: clean up cache files | John Estabrook | |
6 days | T7499: add download/uncompress to vyconf load/merge | John Estabrook | |
6 days | T7499: add utility to download/uncompress config file, for load/merge | John Estabrook | |
6 days | T7499: formatting | John Estabrook | |
6 days | T7499: expose direct request to http-api | John Estabrook | |
6 days | T7499: generated output for adding field 'destructive' to merge function | John Estabrook | |
6 days | T7499: use direct request to vyconfd to avoid re-validating | John Estabrook | |
6 days | T7499: expose destructive merge in http-api | John Estabrook | |
6 days | T7499: generated output for adding field 'cached' to load function | John Estabrook | |
6 days | T7499: load from internal representation to avoid re-parsing | John Estabrook | |
6 days | T7499: fix typo in configtree write_cache | John Estabrook | |
6 days | T7499: update vyos-merge-config.py script to use tree merge function | John Estabrook | |
6 days | T7499: add interface for (non-)destructive configtree merge | John Estabrook | |
11 days | T7588: detach commit-confirm-notify from calling process | John Estabrook | |
As we now await the call to commit-confirm, do not run commit-confirm-notify from a subshell. | |||
11 days | T7588: add missing path arg | John Estabrook | |
11 days | T7588: restart vyos-commitd, http-api, after setting vyconf_backend | John Estabrook | |
11 days | Merge pull request #4585 from c-po/copyright-notice | Daniil Baturin | |
T7591: remove copyright years from source files | |||
13 days | Merge pull request #4584 from factor2431/add-cake-features | Daniil Baturin | |
T7589: Add no-split-gso and ack-filter for CAKE | |||
13 days | Merge pull request #4580 from ↵ | Daniil Baturin | |
dmbaturin/T7580-op-cache-generator-standalone-virtual build: T7580: add support for standalone and virtual tag nodes to the op mode cache generator | |||
2025-06-29 | T7589: Add no-split-gso and ack-filter for CAKE | factor2431 | |
2025-06-29 | Merge pull request #4581 from talmakion/bugfix/T7544/escape-vrfif-nftables | Christian Breunig | |
vrf: T7544: Ensure correct quoting for VRF ifnames in nftables | |||
2025-06-28 | T7591: remove copyright years from source files | Christian Breunig | |
The legal team says years are not necessary so we can go ahead with it, since it will simplify backporting. Automatically removed using: git ls-files | grep -v libvyosconfig | xargs sed -i -E \ 's/^# Copyright (19|20)[0-9]{2}(-[0-9]{4})? VyOS maintainers.*/# Copyright VyOS maintainers and contributors <maintainers@vyos.io>/g' In addition we will error-out during "make" if someone re-adds a legacy copyright notice | |||
2025-06-26 | build: T7578: fail the package build if there are non-unique op mode nodes | Daniil Baturin | |
to ensure that the JSON cache is usable for command lookup | |||
2025-06-27 | vrf: T7544: Ensure correct quoting for VRF ifnames in nftables | Andrew Topp | |
* For VRF create/delete: * Simple dquoting, as before, was parsed away by the shell * Just escaping the double quotes could cause issues with the shell mangling VRF names (however unlikely) * Wrapping original quotes in shell-escaped single quotes is a quick & easy way to guard against both improper shell parsing and string names being taken as nft keywords. * Firewall configuration: * Firewall "interface name" rules support VRF ifnames and used them unquoted, fixed for nft_rule template tags (parse_rule) * Went through and quoted all iif/oifname usage by zones and interface groups. VRF ifnames weren't available for all cases, but there is no harm in completeness. * For this, also created a simple quoted_join template filter to replace any use of |join(',') * PBR calls nft but doesn't mind the "vni" name - table IDs used instead I may have missed some niche nft use-cases that would be exposed to this problem. | |||
2025-06-26 | build: T7580: add support for standalone and virtual tag nodes to the op ↵ | Daniil Baturin | |
mode cache generator | |||
2025-06-24 | Merge pull request #4562 from jestabro/op-mode-data | Daniil Baturin | |
T7561: simplify op-mode-definitions XML cache generation | |||
2025-06-24 | Merge pull request #4573 from c-po/pki-T7574 | Daniil Baturin | |
pki: T7574: add optional force argument to renew certbot-issued certificates | |||
2025-06-23 | pki: T7574: add optional force argument to renew certbot-issued certificates | Christian Breunig | |
Certbot renewal command in op-mode "renew certbot" only works if any of the certificates is up for renewal. There is no CLI option to forcefully renew a certificate. This is about adding a force option to the CLI and with this addition move the entire certbot renew handling to new-style op-mode commands. vyos@vyos:~$ renew certbot force - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Processing /config/auth/letsencrypt/renewal/vyos.conf - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Renewing an existing certificate for vyos.io - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Congratulations, all renewals succeeded: /config/auth/letsencrypt/live/vyos/fullchain.pem (success) - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Hook 'post-hook' ran with output: Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done. | |||
2025-06-23 | T7355: periodical cleanup of unused Python3 import statements | Christian Breunig | |
2025-06-21 | T7561: generate json if no ambiguous paths in (a subset of) XML files | John Estabrook | |
2025-06-20 | T7561: add option --check-path-ambiguity to show duplicate paths | John Estabrook | |
2025-06-20 | T7561: refine xml consistency report to ignore children and file fields | John Estabrook | |
2025-06-20 | T7561: minimize risk of collision with possible node names | John Estabrook | |
2025-06-20 | T7561: simplify op-mode-definitions XML cache and add interface methods | John Estabrook | |
The original implementation of the op-mode XML cache generation resulted in a structure that was difficult to use, for example, in documentation generation. The source of complication is that, unlike the XML of interface-definitions, path names are not unique: the same path may occur as both a regular node and as a tag node. Here we simplify the underlying structure by enriching path names with type information, thus disambiguating paths. An interface to the cache is provided by explicit generator and lookup functions. | |||
2025-06-19 | Merge pull request #4564 from factor2431/fix-wireguard-fwmark | Christian Breunig | |
T7554: fix wireguard fwmark parsing | |||
2025-06-19 | Merge pull request #4558 from natali-rs1985/T6951 | Daniil Baturin | |
firewall: T6951: Add a configuration command for ethertypes that bridge firewalls should always accept | |||
2025-06-18 | T7554: fix wireguard fwmark parsing | factor2431 | |
2025-06-17 | firewall: T6951: Add a configuration command for ethertypes that bridge ↵ | Nataliia Solomko | |
firewalls should always accept | |||
2025-06-12 | Merge pull request #4552 from jestabro/reset-section | Viacheslav Hletenko | |
T7488: add utility for automatic rollback of section on apply stage error | |||
2025-06-12 | Merge pull request #4497 from yzguy/T7432 | Daniil Baturin | |
T7432: RPKI VRF Support | |||
2025-06-10 | T7488: add utility for automatic rollback of section on apply stage err | John Estabrook | |
2025-06-09 | T7365: add env var used by post-commit scripts | John Estabrook | |
2025-06-09 | T7365: call commit hooks in vyconf session | John Estabrook | |
2025-06-04 | Merge pull request #4533 from jestabro/api-commit-confirm | Viacheslav Hletenko | |
http-api: T3955: add commit-confirm to endpoints /configure /config-file | |||
2025-05-30 | config-mgmt: T7508: use recursive defaults to read commit-confirm action | John Estabrook | |
2025-05-29 | http-api: T3955: add commit-confirm to endpoints /configure /config-file | John Estabrook | |
2025-05-29 | Merge pull request #4266 from takehaya/T6013-trusted-ca-keys | Christian Breunig | |
T6013: Add support for AuthorizedPrincipalsFile to trusted_user_ca_key | |||
2025-05-29 | Merge pull request #4531 from jestabro/commit-confirm-reboot | Christian Breunig | |
config-mgmt: T7500: fix typo preventing commit-confirm hard rollback | |||
2025-05-29 | Merge pull request #4530 from jestabro/api-extend-load-merge | Christian Breunig | |
http-api: T7498: allow passing config string in body of 'load' or 'merge' request |