| Age | Commit message (Collapse) | Author |
|---|
|
grub: T7327: honor "system option kernel" settings during image upgrade
|
|
When performing an image upgrade and Linux Kernel command-line option that
should be passed via GRUB to the Linux Kernel are missing on the first boot.
This is because when generating the GRUB command-line via the op-mode scripts
the CLI nodes defining the options are not honored.
This commit re-implements the code-path in op-mode which generates the strings
passed via GRUB to the Linux Kernel command-line.
NOTE: If (for a yet unknown reason) a Kernel command-line option string changes
during a major - or minor - upgrade of the Linux Kernel, we will need to adapt
that logic and possibly call a helper from within the NEW updated image rootfs.
Thus we can ship future information back into the past like the "Grays Sports
Almanac" from Back to the Future Part II.
|
|
kea: T7281: Add ping-check, use built-in option for classless static routes
|
|
ids: T7241: remove Fastnetmon from the base system
|
|
T7353: T7360: netplug: behavior change 1.3.8 -> 1.4 when interface with DHCP address looses carrier
|
|
When an interface goes down - e.g. cable unplugged - the DHCPv6 assigned IPv6
address is not removed from said interface. We should provide the same behavior
as with IPv4. IPv6 address should be removed and dhcpv6 client restarted once
the interface goes operational up again.
|
|
The initial rewrite of vyos-netplug-dhcp-client by me tried to outsmart the
DHCP client implementation by re-using vyos.ifconfig.Interface(). This added
a regression where an interface loosing it's carrier no longer deconfigured
it's IP address. This was a change in behavior form VyOS 1.3.
In addition a bug is fixed as when a VLANs interface parent looses it's carrier
we now also stop the DHCP client process.
This script is now back to simply starting/stopping the DHCP client process.
|
|
firewall: T7333: Use separate cache keys per inet family
|
|
vyos-router: T7356: unset ANSI bold control character during boot
|
|
T7359: confirm image name is available before proceeding with image installation
|
|
It will eventually be moved to an addon
|
|
|
|
|
|
An attempt to reuse the name of an existing installed image should
prompt the user to re-enter a name, rather than allowing the
installation to fail.
|
|
With the Debian Upgrade from buster to bookworm during the 1.3 -> 1.4 cycle we
inherited a non nice looking ANSI bold setting on the terminal. The ANSI
bold control character is reset "\033[0m" in this commit.
|
|
Netplug daemon is started last after all interfaces got initialized to
properly monitor them for up/down events
|
|
vyos-grub-update service must have been started prior reaching systemd
vyos.target.
|
|
Some unused import statements sneaked into the codebase.
This is about cleaning them up
|
|
netplug: T7346: only call interface helpers if interface is not removed
|
|
When an interface is removed from the system also netplug is triggered. It
makes no sense to call vyos.ifconfig.Interface() and update it's configuration
when the interface was just recently removed.
This would in fact re-add an interface temporarily in it's worst case.
|
|
dns: T7277: fix service/dns/forwarding/dhcp not parsed
|
|
T7302: add vyos-commitd support for commit dry-run
|
|
T7254: op-mode: Add spanning-tree op-mode commands
|
|
Cache keys were shared by IPv4/IPv6 resolution, causing script to try populate ipv6 sets with ipv4 addresses
|
|
|
|
T7292: add Python module client library for vyconfd
|
|
group members
|
|
|
|
Fix the IPsec log level option processing
set vpn ipsec log level '2'
Render Jinja2 template to generate correct log for IPsec for
the file /etc/strongswan.d/charon-systemd.conf
|
|
login: T7159: limit the "not a production version" to dev builds
|
|
installer: T7301: remove support for GnuPG signatures
|
|
|
|
(as in, display it only if the build_type version data field is not "release")
|
|
pki: T7299: race condition for acme requested certificates / CA chain
|
|
Updated language of "VLANs are enabled/disabled" to "VLANs enabled/disabled"
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
Updated language of amRoot to " (This bridge is the root)"
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
When using the VyOS internal PKI subsystem to request a certificate using ACME,
the issuer CA is not automatically imported in the PKI subsystem on the first
run due to a race condition.
Issue is fixed by adding all newly requested and granted ACME certificates to
the list of ACME certificates "on disk" which are used to extract the issuing
CA certificate.
|
|
The service certbot expects symbolic links for
/config/auth/letsencrypt/live/<cert_name>/*.pem
however, the default behavior of copytree copies the linked files during
image upgrade. Set copytree argument to preserve symlinks.
|
|
Created stp.py to create output for spanning-tree info
Modified show-bridge.xml.in to add:
show bridge spanning-tree
show bridge spanning-tree detail
show bridge <interface> spanning-tree
show bridge <interface> spanning-tree detail
|
|
T7278: Remove cracklib hack from postconfig script template
|
|
firewall: T5493: Implement remote-group
|
|
|
|
|
|
|
|
T7138: Fix show qos
|
|
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
|
|
Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not
divide evenly by .75, so there's a padding character and the penultimate
character does not include the whole base64 alphabet.
Extend the base64 validator with an optional argument to define the length
to match of the decrypted Base64 encoded string.
Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html
|
|
|
|
T7121: Set up communication vyconfd to vyos-commitd
|
|
pki: T7249: fix shebang to support CLI backend
|
