summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
12 daysMerge pull request #4435 from jestabro/commit-dry-runDaniil Baturin
T7302: add vyos-commitd support for commit dry-run
13 daysMerge pull request #4422 from l0crian1/T7254-add-stp-op-commandsChristian Breunig
T7254: op-mode: Add spanning-tree op-mode commands
2025-04-08T7302: implement commit dry-run for vyconfd/commitdJohn Estabrook
2025-04-08Merge pull request #4427 from jestabro/commit-postDaniil Baturin
T7292: add Python module client library for vyconfd
2025-04-04T7314: firewal op-mode: implement better detail view of remote-groups and ↵Mark Hayes
group members
2025-04-03T7272: drop unneeded fieldsJohn Estabrook
2025-04-02T7290: Fix VPN IPsec log level processingViacheslav Hletenko
Fix the IPsec log level option processing set vpn ipsec log level '2' Render Jinja2 template to generate correct log for IPsec for the file /etc/strongswan.d/charon-systemd.conf
2025-04-01Merge pull request #4428 from dmbaturin/T7159-conditional-nonproduction-bannerChristian Breunig
login: T7159: limit the "not a production version" to dev builds
2025-04-01Merge pull request #4429 from dmbaturin/T7301-goodbye-gnupgChristian Breunig
installer: T7301: remove support for GnuPG signatures
2025-03-31installer: T7301: remove support for GnuPG signaturesDaniil Baturin
2025-03-31login: T7159: limit the "not a production version" to dev buildsDaniil Baturin
(as in, display it only if the build_type version data field is not "release")
2025-03-31Merge pull request #4424 from c-po/acme-race-T7299Christian Breunig
pki: T7299: race condition for acme requested certificates / CA chain
2025-03-30Update src/op_mode/stp.py l0crian1
Updated language of "VLANs are enabled/disabled" to "VLANs enabled/disabled" Co-authored-by: Christian Breunig <christian@breunig.cc>
2025-03-30Update src/op_mode/stp.py l0crian1
Updated language of amRoot to " (This bridge is the root)" Co-authored-by: Christian Breunig <christian@breunig.cc>
2025-03-30pki: T7299: race condition for acme requested certificates / CA chainChristian Breunig
When using the VyOS internal PKI subsystem to request a certificate using ACME, the issuer CA is not automatically imported in the PKI subsystem on the first run due to a race condition. Issue is fixed by adding all newly requested and granted ACME certificates to the list of ACME certificates "on disk" which are used to extract the issuing CA certificate.
2025-03-28T7294: preserve /config symlinks on image upgradeJohn Estabrook
The service certbot expects symbolic links for /config/auth/letsencrypt/live/<cert_name>/*.pem however, the default behavior of copytree copies the linked files during image upgrade. Set copytree argument to preserve symlinks.
2025-03-28T7254: op-mode: Add Spanning Tree op-mode commandsl0crian1
Created stp.py to create output for spanning-tree info Modified show-bridge.xml.in to add: show bridge spanning-tree show bridge spanning-tree detail show bridge <interface> spanning-tree show bridge <interface> spanning-tree detail
2025-03-25Merge pull request #4413 from oniko94/fix/T7278-fix-cracklib-dep-buildJohn Estabrook
T7278: Remove cracklib hack from postconfig script template
2025-03-25Merge pull request #4326 from Embezzle/T5493Daniil Baturin
firewall: T5493: Implement remote-group
2025-03-25T7278: Remove cracklib hack from postinstall script templateoniko94
2025-03-21firewall: T5493: Implement remote-groupAlex W
2025-03-21Merge pull request #4400 from l0crian1/currentChristian Breunig
T7138: Fix show qos
2025-03-20Merge pull request #4402 from c-po/wireguard-key-T7246Christian Breunig
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
2025-03-20wireguard: T7246: verify Base64 encoded 32byte boundary on keysChristian Breunig
Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not divide evenly by .75, so there's a padding character and the penultimate character does not include the whole base64 alphabet. Extend the base64 validator with an optional argument to define the length to match of the decrypted Base64 encoded string. Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html
2025-03-20T7246: update libvyosconfig hash and add nosetestJohn Estabrook
2025-03-18Merge pull request #4398 from jestabro/commitdDaniil Baturin
T7121: Set up communication vyconfd to vyos-commitd
2025-03-18Merge pull request #4405 from c-po/certbot-T7249Daniil Baturin
pki: T7249: fix shebang to support CLI backend
2025-03-18bgp: T7157: Allow using route-maps for VRF route leaking in BGP (#4404)aapostoliuk
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP Added the possibility of using route-map in route leaking. * Improve the constraint error message --------- Co-authored-by: Daniil Baturin <daniil@baturin.org>
2025-03-18pki: T7249: fix shebang to support CLI backendChristian Breunig
Fixes an error: interpreter/vyatta-cfg-run: line 162: `vyatta_config_commit-confirm': not a valid identifier Which prevented to renew the certificates. This will only fix renewing of the certificates. Nothing changed in how daemons will be restarted if a certificate is updated.
2025-03-18T6353: Add password strength check and user warningoniko94
2025-03-17console-server: T7217: generate Dropbear SSH keys if they do not existDaniil Baturin
2025-03-17T7138: Fix show qosl0crian1
This change corrects a behavior witnessed in T7138. If a policy name had a `-` in it, the command would fail, returning nothing.
2025-03-16T7121: add test_commit wrapper and test scriptJohn Estabrook
2025-03-16T7121: add vyos-commitd service as emergent replacement for vyos-configdJohn Estabrook
vyos-commitd exchanges messages with vyconfd, to replace the shim redirection of legacy commands to vyos-configd.
2025-03-16T7121: use dunder equal instead of string rep comparison, where possibleJohn Estabrook
2025-03-16T6946: add wrapper for show_commit_data and test functionJohn Estabrook
2025-03-13ipsec: T7242: Add check for encryption algorithms that do not work with VPPNataliia Solomko
2025-03-11Merge pull request #4383 from oniko94/fix/T7219-fix-vxlan-verifyViacheslav Hletenko
T7219: Add check for remote and group command to verify
2025-03-11Merge pull request #4321 from sskaje/T7092Daniil Baturin
T7092: Add Container Registry Mirror
2025-03-11T7219: Add check for remote and group command to verifyoniko94
2025-03-11T7092: Change validators: regex to host-name|address + port + pathsskaje
2025-03-06T4406: Add public API endpoint to display informationoniko94
2025-02-27Merge pull request #4237 from indrajitr/hostd-updateViacheslav Hletenko
T6948: Keep DHCP server leases in sync with hostd records
2025-02-27Merge pull request #4369 from natali-rs1985/T7166Daniil Baturin
wireguard: T7166: Call vxlan dependency if interface exist
2025-02-27wireguard: T7166: Call vxlan dependency if interface existNataliia Solomko
2025-02-27Merge pull request #4371 from talmakion/bugfix/T7116/remove-obsolete-communityChristian Breunig
policy: T7116: Remove unsupported use of BGP community "internet"
2025-02-26wlb: T7196: Migrate interface wildcards to nftables formatSimon
* wlb: T7196: Migrate interface wildcards to nftables format * wlb: T7196: Fix exclude/interface verify check * wlb: T7196: Extra sanity check on ipv4 address function
2025-02-26policy: T7116: migrate legacy use of "internet" as a well-known community nameAndrew Topp
This has been split into a separate commit in case this is overkill for the fix. 1.2 and 1.3 installs predate the change to FRR that removed support, but "internet" is already broken on 1.4.
2025-02-25snmp: T7180: Fixed verification of engineid in snmpv3 (#4366)aapostoliuk
* snmp: T7180: Fixed verification of engineid in snmpv3 EngineID must be configured if snmpv3 user is configured. Fixed engineid help string.
2025-02-25Merge pull request #4365 from c-po/lldp-t7165Daniil Baturin
lldp: T7165: add support to enable only rx/tx on specific interfaces
generated by cgit v1.2.3 (git 2.39.1) at 2025-04-23 01:28:08 +0000