| Age | Commit message (Collapse) | Author |
|---|
|
firewall: T7333: Use separate cache keys per inet family
|
|
vyos-router: T7356: unset ANSI bold control character during boot
|
|
T7359: confirm image name is available before proceeding with image installation
|
|
An attempt to reuse the name of an existing installed image should
prompt the user to re-enter a name, rather than allowing the
installation to fail.
|
|
With the Debian Upgrade from buster to bookworm during the 1.3 -> 1.4 cycle we
inherited a non nice looking ANSI bold setting on the terminal. The ANSI
bold control character is reset "\033[0m" in this commit.
|
|
Some unused import statements sneaked into the codebase.
This is about cleaning them up
|
|
netplug: T7346: only call interface helpers if interface is not removed
|
|
When an interface is removed from the system also netplug is triggered. It
makes no sense to call vyos.ifconfig.Interface() and update it's configuration
when the interface was just recently removed.
This would in fact re-add an interface temporarily in it's worst case.
|
|
dns: T7277: fix service/dns/forwarding/dhcp not parsed
|
|
T7302: add vyos-commitd support for commit dry-run
|
|
T7254: op-mode: Add spanning-tree op-mode commands
|
|
Cache keys were shared by IPv4/IPv6 resolution, causing script to try populate ipv6 sets with ipv4 addresses
|
|
|
|
T7292: add Python module client library for vyconfd
|
|
group members
|
|
|
|
Fix the IPsec log level option processing
set vpn ipsec log level '2'
Render Jinja2 template to generate correct log for IPsec for
the file /etc/strongswan.d/charon-systemd.conf
|
|
login: T7159: limit the "not a production version" to dev builds
|
|
installer: T7301: remove support for GnuPG signatures
|
|
|
|
(as in, display it only if the build_type version data field is not "release")
|
|
pki: T7299: race condition for acme requested certificates / CA chain
|
|
Updated language of "VLANs are enabled/disabled" to "VLANs enabled/disabled"
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
Updated language of amRoot to " (This bridge is the root)"
Co-authored-by: Christian Breunig <christian@breunig.cc>
|
|
When using the VyOS internal PKI subsystem to request a certificate using ACME,
the issuer CA is not automatically imported in the PKI subsystem on the first
run due to a race condition.
Issue is fixed by adding all newly requested and granted ACME certificates to
the list of ACME certificates "on disk" which are used to extract the issuing
CA certificate.
|
|
The service certbot expects symbolic links for
/config/auth/letsencrypt/live/<cert_name>/*.pem
however, the default behavior of copytree copies the linked files during
image upgrade. Set copytree argument to preserve symlinks.
|
|
Created stp.py to create output for spanning-tree info
Modified show-bridge.xml.in to add:
show bridge spanning-tree
show bridge spanning-tree detail
show bridge <interface> spanning-tree
show bridge <interface> spanning-tree detail
|
|
T7278: Remove cracklib hack from postconfig script template
|
|
firewall: T5493: Implement remote-group
|
|
|
|
|
|
|
|
T7138: Fix show qos
|
|
wireguard: T7246: verify Base64 encoded 32byte boundary on keys
|
|
Not 31 bytes or 33 bytes, but exactly 32. This matters, because 32 does not
divide evenly by .75, so there's a padding character and the penultimate
character does not include the whole base64 alphabet.
Extend the base64 validator with an optional argument to define the length
to match of the decrypted Base64 encoded string.
Source: https://lists.zx2c4.com/pipermail/wireguard/2020-December/006222.html
|
|
|
|
T7121: Set up communication vyconfd to vyos-commitd
|
|
pki: T7249: fix shebang to support CLI backend
|
|
* bgp: T7157: Allow using route-maps for VRF route leaking in BGP
Added the possibility of using route-map in route leaking.
* Improve the constraint error message
---------
Co-authored-by: Daniil Baturin <daniil@baturin.org>
|
|
Fixes an error:
interpreter/vyatta-cfg-run: line 162: `vyatta_config_commit-confirm': not a valid identifier
Which prevented to renew the certificates. This will only fix renewing of the
certificates. Nothing changed in how daemons will be restarted if a certificate
is updated.
|
|
|
|
|
|
This change corrects a behavior witnessed in T7138. If a policy name had a `-` in it, the command would fail, returning nothing.
|
|
|
|
vyos-commitd exchanges messages with vyconfd, to replace the shim
redirection of legacy commands to vyos-configd.
|
|
|
|
|
|
|
|
T7219: Add check for remote and group command to verify
|
|
T7092: Add Container Registry Mirror
|
