diff options
130 files changed, 137 insertions, 5227 deletions
diff --git a/.github/workflows/pr-auto-close.yml b/.github/workflows/pr-auto-close.yml new file mode 100644 index 00000000..40e13a25 --- /dev/null +++ b/.github/workflows/pr-auto-close.yml @@ -0,0 +1,18 @@ +name: Auto-Close Pull Requests Circinus + +on: + pull_request_target: + types: + - opened + branches: + - circinus + +jobs: + run: + runs-on: ubuntu-latest + steps: + - uses: superbrothers/close-pull-request@v3 + with: + # Optional. Post a issue comment just before closing a pull request. + comment: "Pull requests to this branch are not accepted and have been closed automatically." + github_token: ${{ secrets.PAT }} diff --git a/.github/workflows/trigger-pr.yml b/.github/workflows/trigger-pr.yml new file mode 100644 index 00000000..f88458a8 --- /dev/null +++ b/.github/workflows/trigger-pr.yml @@ -0,0 +1,19 @@ +name: Trigger PR + +on: + pull_request_target: + types: + - closed + branches: + - circinus + +jobs: + trigger-PR: + uses: vyos/.github/.github/workflows/trigger-pr.yml@current + with: + source_branch: 'circinus' + target_branch: 'circinus' + secrets: + REMOTE_REPO: ${{ secrets.REMOTE_REPO }} + REMOTE_OWNER: ${{ secrets.REMOTE_OWNER }} + PAT: ${{ secrets.PAT }} diff --git a/.github/workflows/trigger_rebuild_packages.yml b/.github/workflows/trigger_rebuild_packages.yml index 0ca9cc28..9d976cc4 100644 --- a/.github/workflows/trigger_rebuild_packages.yml +++ b/.github/workflows/trigger_rebuild_packages.yml @@ -76,6 +76,8 @@ jobs: - 'scripts/package-build/waagent/**' wide-dhcpv6: - 'scripts/package-build/wide-dhcpv6/**' + xen-guest-agent: + - 'scripts/package-build/xen-guest-agent/**' - name: Trigger builds for changed packages run: | @@ -196,3 +198,7 @@ jobs: if [ "${{ steps.changes.outputs.wide-dhcpv6 }}" == "true" ]; then trigger_build "ethtool" fi + + if [ "${{ steps.changes.outputs.xen-guest-agent }}" == "true" ]; then + trigger_build "xen-guest-agent" + fi diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 87e02ccc..00000000 --- a/Jenkinsfile +++ /dev/null @@ -1,220 +0,0 @@ -#!/usr/bin/env groovy -// Copyright (C) 2019-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ -setDescription() - -node('Docker') { - stage('Setup Container') { - script { - // create container name on demand - def branchName = getGitBranchName() - // Adjust PR target branch name so we can re-map it to the proper Docker image. - if (isPullRequest()) - branchName = env.CHANGE_TARGET.toLowerCase() - if (branchName.equals('master')) - branchName = 'current' - - env.DOCKER_IMAGE = 'vyos/vyos-build:' + branchName - - // Get the current UID and GID from the jenkins agent to allow use of the same UID inside Docker - env.USR_ID = sh(returnStdout: true, script: 'id -u').toString().trim() - env.GRP_ID = sh(returnStdout: true, script: 'id -g').toString().trim() - env.DOCKER_ARGS = '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=' + env.USR_ID + ' -e GOSU_GID=' + env.GRP_ID - env.BASE_VERSION = '1.5-rolling-' - } - } -} - -pipeline { - agent { - docker { - label "Docker" - args "${env.DOCKER_ARGS}" - image "${env.DOCKER_IMAGE}" - alwaysPull true - reuseNode true - } - } - parameters { - string(name: 'BUILD_BY', defaultValue: 'autobuild@vyos.net', description: 'Builder identifier (e.g. jrandomhacker@example.net)') - string(name: 'BUILD_VERSION', defaultValue: env.BASE_VERSION + 'ISO8601-TIMESTAMP', description: 'Version number (release builds only)') - booleanParam(name: 'BUILD_PUBLISH', defaultValue: false, description: 'Publish this build AWS S3') - booleanParam(name: 'BUILD_SNAPSHOT', defaultValue: false, description: 'Upload image to AWS S3 snapshot bucket') - booleanParam(name: 'TEST_SMOKETESTS', defaultValue: true, description: 'Run Smoketests after ISO build') - booleanParam(name: 'TEST_RAID1', defaultValue: true, description: 'Perform RAID1 installation tests') - } - options { - disableConcurrentBuilds() - timeout(time: 240, unit: 'MINUTES') - timestamps() - buildDiscarder(logRotator(numToKeepStr: '20')) - } - stages { - stage('Build ISO') { - when { - beforeOptions true - beforeAgent true - // Only run ISO image build process of explicit user request or - // once a night triggered by the timer. - anyOf { - triggeredBy 'TimerTrigger' - triggeredBy cause: "UserIdCause" - } - } - environment { - PYTHONDONTWRITEBYTECODE = 1 - } - steps { - script { - // Display Git commit Id used with the Jenkinsfile on the Job "Build History" pane - def commitId = sh(returnStdout: true, script: 'git rev-parse --short=11 HEAD').trim() - currentBuild.description = sprintf('Git SHA1: %s', commitId[-11..-1]) - - def CUSTOM_PACKAGES = '' - if (params.TEST_SMOKETESTS) - CUSTOM_PACKAGES = '--custom-package vyos-1x-smoketest' - - def VYOS_VERSION = params.BUILD_VERSION - if (params.BUILD_VERSION == env.BASE_VERSION + 'ISO8601-TIMESTAMP') - VYOS_VERSION = env.BASE_VERSION + sh(returnStdout: true, script: 'date -u +%Y%m%d%H%M').toString().trim() - - sh """ - sudo --preserve-env ./build-vyos-image \ - --build-by "${params.BUILD_BY}" \ - --debian-mirror http://deb.debian.org/debian/ \ - --build-type release \ - --version "${VYOS_VERSION}" ${CUSTOM_PACKAGES} generic - """ - - if (fileExists('build/live-image-amd64.hybrid.iso') == false) { - error('ISO build error') - } - } - } - } - stage('Smoketests for RAID-1 system installation') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - expression { return params.TEST_RAID1 } - } - steps { - sh "sudo make testraid" - } - } - stage('Smoketests for TPM config encryption') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - } - steps { - sh "sudo make testtpm" - } - } - stage('Smoketests') { - when { - expression { return params.TEST_SMOKETESTS } - } - parallel { - stage('CLI validation') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - } - steps { - sh "sudo make test" - } - } - stage('vyos-configd and arbitrary config loader') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - } - steps { - sh "sudo make testc" - } - } - } - } - } - post { - success { - script { - // only deploy ISO if build from official repository - if (isCustomBuild()) - return - - // always store local artifacts - archiveArtifacts artifacts: '**/build/vyos-*.iso, **/build/vyos-*.qcow2', - allowEmptyArchive: true - - // only deploy ISO if requested via parameter - if (!params.BUILD_PUBLISH) - return - - files = findFiles(glob: 'build/vyos*.iso') - // Publish ISO image to daily builds bucket - if (files) { - // Publish ISO image to snapshot bucket - if (files && params.BUILD_SNAPSHOT) { - withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { - s3Upload(bucket: 's3-us.vyos.io', path: 'snapshot/' + params.BUILD_VERSION + '/', workingDir: 'build', includePathPattern: 'vyos*.iso', - cacheControl: "public, max-age=2592000") - } - } else { - // Publish build result to AWS S3 rolling bucket - withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { - s3Upload(bucket: 's3-us.vyos.io', path: 'rolling/' + getGitBranchName() + '/', - workingDir: 'build', includePathPattern: 'vyos*.iso') - s3Copy(fromBucket: 's3-us.vyos.io', fromPath: 'rolling/' + getGitBranchName() + '/' + files[0].name, - toBucket: 's3-us.vyos.io', toPath: 'rolling/' + getGitBranchName() + '/vyos-rolling-latest.iso') - } - } - - // Trigger GitHub action which will re-build the static community website which - // also holds the AWS download links to the generated ISO images - withCredentials([string(credentialsId: 'vyos.net-build-trigger-token', variable: 'TOKEN')]) { - sh ''' - curl -X POST --header "Accept: application/vnd.github.v3+json" \ - --header "authorization: Bearer $TOKEN" --data '{"ref": "production"}' \ - https://api.github.com/repos/vyos/community.vyos.net/actions/workflows/main.yml/dispatches - ''' - } - } - - // Publish ISO image to snapshot bucket - if (files && params.BUILD_SNAPSHOT) { - withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { - s3Upload(bucket: 's3-us.vyos.io', path: 'snapshot/', - workingDir: 'build', includePathPattern: 'vyos*.iso') - } - } - } - } - failure { - archiveArtifacts artifacts: '**/build/vyos-*.iso, **/build/vyos-*.qcow2', - allowEmptyArchive: true - } - cleanup { - echo 'One way or another, I have finished' - // the 'build' directory got elevated permissions during the build - // cdjust permissions so it can be cleaned up by the regular user - sh 'sudo make purge' - deleteDir() /* cleanup our workspace */ - } - } -} @@ -26,7 +26,12 @@ test: checkiso .PHONY: test-no-interfaces .ONESHELL: test-no-interfaces: checkiso - scripts/check-qemu-install --debug --configd --match="$(MATCH)" --uefi --no-interfaces build/live-image-amd64.hybrid.iso + scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces build/live-image-amd64.hybrid.iso + +.PHONY: test-interfaces +.ONESHELL: +test-interfaces: checkiso + scripts/check-qemu-install --debug --configd --match="interfaces_" --smoketest --uefi build/live-image-amd64.hybrid.iso .PHONY: testc .ONESHELL: @@ -33,9 +33,8 @@ There are several directories with their own purpose: * `build/` Used for temporary files used for the build and for build artifacts * `data/` Data required for building the ISO (e.g. boot splash/configs) - * `packages/` This directory has two meanings. First it can hold arbitrary *.deb - packages which will be embeded into the resulting ISO, but it also - holds Jenkins Pipeline definitions for required VyOS packages. + * `packages/` This directory can hold arbitrary *.deb + packages which will be embeded into the resulting ISO. Among other things those packages will be: Linux Kernel, FRR, Netfiler... * `scripts/` Scripts that are used for the build process diff --git a/data/defaults.toml b/data/defaults.toml index dc794f58..63212d63 100644 --- a/data/defaults.toml +++ b/data/defaults.toml @@ -9,12 +9,12 @@ debian_security_mirror = "http://deb.debian.org/debian-security" debian_archive_areas = "main contrib non-free non-free-firmware" -vyos_mirror = "https://rolling-packages.vyos.net/current" +vyos_mirror = "https://packages.vyos.net/repositories/circinus" vyos_branch = "circinus" release_train = "circinus" -kernel_version = "6.6.49" +kernel_version = "6.6.54" bootloaders = "syslinux,grub-efi" squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery" diff --git a/docker/Dockerfile b/docker/Dockerfile index 9bcc234f..fe7ccc38 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -257,8 +257,8 @@ RUN pip install --break-system-packages \ quilt \ whois -# Go required for validators and vyos-xe-guest-utilities -RUN GO_VERSION_INSTALL="1.21.3" ; \ +# Go required for telegraf and prometheus exporters build +RUN GO_VERSION_INSTALL="1.23.2" ; \ wget -O /tmp/go${GO_VERSION_INSTALL}.linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION_INSTALL}.linux-$(dpkg-architecture -qDEB_HOST_ARCH).tar.gz ; \ tar -C /opt -xzf /tmp/go*.tar.gz && \ rm /tmp/go*.tar.gz diff --git a/packages/aws-gateway-load-balancer-tunnel-handler/.gitignore b/packages/aws-gateway-load-balancer-tunnel-handler/.gitignore deleted file mode 100644 index a3e428dc..00000000 --- a/packages/aws-gateway-load-balancer-tunnel-handler/.gitignore +++ /dev/null @@ -1 +0,0 @@ -aws-gwlbtun/ diff --git a/packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile b/packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile deleted file mode 100644 index cbf5a407..00000000 --- a/packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def timestamp = new Date().format('yyyyMMddhhmmss') -def commit_id = 'f78058a' - -def pkgList = [ - ['name': "aws-gwlbtun-${timestamp}-${commit_id}", - 'scmCommit': commit_id, - 'scmUrl': 'https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler', - 'buildCmd': "../build.py --package aws-gwlbtun --version ${timestamp}-${commit_id}"], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('aws-gateway-load-balancer-tunnel-handler', pkgList, null, true, "**/packages/aws-gateway-load-balancer-tunnel-handler/**") diff --git a/packages/aws-gateway-load-balancer-tunnel-handler/build.py b/packages/aws-gateway-load-balancer-tunnel-handler/build.py deleted file mode 100755 index a8c75aab..00000000 --- a/packages/aws-gateway-load-balancer-tunnel-handler/build.py +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env python3 - -from argparse import ArgumentParser -from pathlib import Path -from subprocess import run - - -def prepare_package() -> None: - """Prepare a package - """ - install_file = Path('./debian/install') - install_data = 'obj-*-linux-gnu/gwlbtun usr/sbin' - install_file.touch() - install_file.write_text(install_data) - - -def build_package(package_name: str, package_ver: str) -> bool: - """Build a package using commands from external file - - Args: - package_name (str): package name - package_ver (str): package version - - Returns: - bool: build status - """ - # prepare sources - debmake_cmd = [ - 'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p', - package_name, '-u', package_ver, '-t' - ] - run(debmake_cmd) - - prepare_package() - - # build a package - run('debuild') - - return True - - -# build a package -if __name__ == '__main__': - # prepare argument parser - arg_parser = ArgumentParser() - arg_parser.add_argument('--package', - required=True, - help='Package name to build') - arg_parser.add_argument('--version', - required=True, - help='Version for the package') - args = arg_parser.parse_args() - - if not build_package(args.package, args.version): - exit(1) - - exit() diff --git a/packages/ddclient/.gitignore b/packages/ddclient/.gitignore deleted file mode 100644 index 600e4cd1..00000000 --- a/packages/ddclient/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ddclient/ diff --git a/packages/ddclient/Jenkinsfile b/packages/ddclient/Jenkinsfile deleted file mode 100644 index b297db47..00000000 --- a/packages/ddclient/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2023-2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'ddclient', - 'scmCommit': 'debian/3.11.2-1', - 'scmUrl': 'https://salsa.debian.org/debian/ddclient', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ddclient', pkgList, null, null, "**/packages/ddclient/**") diff --git a/packages/dropbear/.gitignore b/packages/dropbear/.gitignore deleted file mode 100644 index 3f3a2a1c..00000000 --- a/packages/dropbear/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dropbear/ diff --git a/packages/dropbear/Jenkinsfile b/packages/dropbear/Jenkinsfile deleted file mode 100644 index 539d7578..00000000 --- a/packages/dropbear/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2022-2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'dropbear', - 'scmCommit': 'debian/2022.83-1+deb12u1', - 'scmUrl': 'https://salsa.debian.org/debian/dropbear.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('dropbear', pkgList, null, true, "**/packages/dropbear/**") diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh deleted file mode 100755 index 9376fa7a..00000000 --- a/packages/dropbear/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=dropbear -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series - done -fi - -cd ${SRC} - -echo "I: Installing build dependencies" -sudo apt-get install -y libpam0g-dev - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b diff --git a/packages/dropbear/patches/0001-Enable-PAM-support.patch b/packages/dropbear/patches/0001-Enable-PAM-support.patch deleted file mode 100644 index fa6cf620..00000000 --- a/packages/dropbear/patches/0001-Enable-PAM-support.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001 -From: Christian Breunig <christian@breunig.cc> -Date: Sun, 28 May 2023 15:45:32 +0200 -Subject: [PATCH] Enable PAM support - ---- - debian/control | 1 + - debian/rules | 2 +- - default_options.h | 4 ++-- - 3 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/debian/control b/debian/control -index 77ea036..b252b97 100644 ---- a/debian/control -+++ b/debian/control -@@ -6,6 +6,7 @@ Build-Depends: debhelper, - debhelper-compat (= 13), - libtomcrypt-dev (>= 1.18.2~), - libtommath-dev (>= 1.2.0~), -+ libpam0g-dev, - libz-dev - Rules-Requires-Root: no - Standards-Version: 4.6.1 -diff --git a/debian/rules b/debian/rules -index 7dab64c..ce11aa4 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -24,7 +24,7 @@ endif - dh $@ - - override_dh_auto_configure: -- dh_auto_configure -- --disable-bundled-libtom \ -+ dh_auto_configure -- --disable-bundled-libtom --enable-pam \ - CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS) - - execute_before_dh_auto_build: -diff --git a/default_options.h b/default_options.h -index 5132775..e7d274c 100644 ---- a/default_options.h -+++ b/default_options.h -@@ -223,7 +223,7 @@ group1 in Dropbear server too */ - - /* Authentication Types - at least one required. - RFC Draft requires pubkey auth, and recommends password */ --#define DROPBEAR_SVR_PASSWORD_AUTH 1 -+#define DROPBEAR_SVR_PASSWORD_AUTH 0 - - /* Note: PAM auth is quite simple and only works for PAM modules which just do - * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -231,7 +231,7 @@ group1 in Dropbear server too */ - * but there's an interface via a PAM module. It won't work for more complex - * PAM challenge/response. - * You can't enable both PASSWORD and PAM. */ --#define DROPBEAR_SVR_PAM_AUTH 0 -+#define DROPBEAR_SVR_PAM_AUTH 1 - - /* ~/.ssh/authorized_keys authentication. - * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ --- -2.30.2 - diff --git a/packages/ethtool/.gitignore b/packages/ethtool/.gitignore deleted file mode 100644 index 5967d5de..00000000 --- a/packages/ethtool/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ethtool/ diff --git a/packages/ethtool/Jenkinsfile b/packages/ethtool/Jenkinsfile deleted file mode 100644 index bddd3b63..00000000 --- a/packages/ethtool/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'ethtool', - 'scmCommit': 'debian/1%6.6-1', - 'scmUrl': 'https://salsa.debian.org/kernel-team/ethtool', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ethtool', pkgList, null, true, "**/packages/ethtool/**") diff --git a/packages/frr/.gitignore b/packages/frr/.gitignore deleted file mode 100644 index 8afd14e8..00000000 --- a/packages/frr/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -frr/ -rtrlib/ -libyang/ diff --git a/packages/frr/Jenkinsfile b/packages/frr/Jenkinsfile deleted file mode 100644 index 441b1681..00000000 --- a/packages/frr/Jenkinsfile +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (C) 2020-2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'libyang', - 'scmCommit': 'v2.1.148', - 'scmUrl': 'https://github.com/CESNET/libyang.git', - 'buildCmd': 'pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +'], - ['name': 'rtrlib', - 'scmCommit': 'v0.8.0', - 'scmUrl': 'https://github.com/rtrlib/rtrlib.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], - ['name': 'frr', - 'scmCommit': 'stable/9.1', - 'scmUrl': 'https://github.com/FRRouting/frr.git', - 'buildCmd': 'sudo dpkg -i ../*.deb; sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build-frr.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('FRRouting', pkgList, null, true, "**/packages/frr/**") diff --git a/packages/frr/build-frr.sh b/packages/frr/build-frr.sh deleted file mode 100755 index 7171a883..00000000 --- a/packages/frr/build-frr.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -FRR_SRC=frr - -if [ ! -d ${FRR_SRC} ]; then - echo "FRR source directory does not exists, please 'git clone'" - exit 1 -fi - -# VyOS requires some small FRR Patches - apply them here -# It's easier to habe them here and make use of the upstream -# repository instead of maintaining a full Fork. -# Saving time/resources is essential :-) -cd ${FRR_SRC} - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - echo "I: Apply FRRouting patches not in main repository:" - for patch in $(ls ${PATCH_DIR}) - do - if [ -z "$(git config --list | grep -e user.name -e user.email)" ]; then - # if git user.name and user.email is not set, -c sets temorary user.name and - # user.email variables as these is not set in the build container by default. - OPTS="-c user.name=VyOS-CI -c user.email=maintainers@vyos.io" - fi - git $OPTS am --committer-date-is-author-date ${PATCH_DIR}/${patch} - done -fi - -echo "I: Ensure Debian build dependencies are met" -sudo apt-get -y install chrpath gawk install-info libcap-dev libjson-c-dev librtr-dev -sudo apt-get -y install libpam-dev libprotobuf-c-dev libpython3-dev:native python3-sphinx:native libsnmp-dev protobuf-c-compiler python3-dev:native texinfo lua5.3 - -# Build Debian FRR package -echo "I: Build Debian FRR Package" -# extract "real" git commit for FRR version identifier -dch -v "$(git describe | cut -c5-)" "VyOS build - FRR" -dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua diff --git a/packages/hostap/.gitignore b/packages/hostap/.gitignore deleted file mode 100644 index d0133c0d..00000000 --- a/packages/hostap/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -hostap/ -wpa/ diff --git a/packages/hostap/Jenkinsfile b/packages/hostap/Jenkinsfile deleted file mode 100644 index 7eeff1bb..00000000 --- a/packages/hostap/Jenkinsfile +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (C) 2022-2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'wpa', - 'scmCommit': 'debian/2%2.10-12', - 'scmUrl': 'https://salsa.debian.org/debian/wpa', - 'buildCmd': '/bin/true'], - ['name': 'hostap', - 'scmCommit': 'e7172e26d', - 'scmUrl': 'git://w1.fi/srv/git/hostap.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('hostap', pkgList, null, true, "**/packages/hostap/**") diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh deleted file mode 100755 index c356672a..00000000 --- a/packages/hostap/build.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -CWD=$(pwd) -set -e - -SRC=hostap -SRC_DEB=wpa - -if [ ! -d ${SRC} ]; then - echo "${SRC} directory does not exists, please 'git clone'" - exit 1 -fi -if [ ! -d ${SRC_DEB} ]; then - echo "${SRC_DEB} directory does not exists, please 'git clone'" - exit 1 -fi - -echo "I: Copy Debian build instructions" -cp -a ${SRC_DEB}/debian ${SRC} -# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for -# compatibility with networks that use legacy crypto -cat > ${SRC}/debian/patches/series << EOF -allow-tlsv1.patch -allow-legacy-renegotiation.patch -EOF - -# Build Debian package -cd ${SRC} - -echo "I: Ensure Debian build dependencies are met" -sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb - -echo "I: Create new Debian Package version" -version="$(git describe --tags | tr _ .)" -dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b - -echo "I: Build Debian hostap Package" -DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \ - dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb diff --git a/packages/hsflowd/.gitignore b/packages/hsflowd/.gitignore deleted file mode 100644 index b3786b97..00000000 --- a/packages/hsflowd/.gitignore +++ /dev/null @@ -1 +0,0 @@ -host-sflow/ diff --git a/packages/hsflowd/Jenkinsfile b/packages/hsflowd/Jenkinsfile deleted file mode 100644 index bb9dd68d..00000000 --- a/packages/hsflowd/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'host-sflow', - 'scmCommit': 'v2.0.55-1', - 'scmUrl': 'https://github.com/sflow/host-sflow.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('hsflowd', pkgList, null, true, "**/packages/hsflowd/**") diff --git a/packages/hsflowd/build.sh b/packages/hsflowd/build.sh deleted file mode 100755 index 0b00c998..00000000 --- a/packages/hsflowd/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -CWD=$(pwd) -set -e - -SRC=host-sflow - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} - -echo "I: Ensure Debian build dependencies are met" -sudo apt-get install -y libpcap0.8-dev - -# Build hsflowd -# make deb FEATURES="NFLOG PCAP TCP DOCKER KVM OVS DBUS SYSTEMD DROPMON PSAMPLE DENT CONTAINERD" -echo "I: Build VyOS hsflowd Package" -make deb FEATURES="PCAP DROPMON DBUS" - -# hsflowd builds ARM package as aarch64 extension, rename to arm64 -for file in *.deb ; do mv $file ${file//aarch64/arm64} || true ; done - -# Do not confuse *.deb upload logic by removing build in debian packages ... -# ugly but works -find src -name "*.deb" -type f -exec rm {} \; diff --git a/packages/isc-dhcp/.gitignore b/packages/isc-dhcp/.gitignore deleted file mode 100644 index d2c5a2db..00000000 --- a/packages/isc-dhcp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -isc-dhcp/ diff --git a/packages/isc-dhcp/Jenkinsfile b/packages/isc-dhcp/Jenkinsfile deleted file mode 100644 index 02af15d9..00000000 --- a/packages/isc-dhcp/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'isc-dhcp', - 'scmCommit': 'debian/4.4.3-P1-4', - 'scmUrl': 'https://salsa.debian.org/debian/isc-dhcp', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('isc-dhcp', pkgList, null, true, "**/packages/isc-dhcp/**") diff --git a/packages/isc-dhcp/build.sh b/packages/isc-dhcp/build.sh deleted file mode 100755 index 0d206153..00000000 --- a/packages/isc-dhcp/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=isc-dhcp -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -PATCH_DIR=${CWD}/patches -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Copy patch: ${PATCH_DIR}/${patch}" - cp ${PATCH_DIR}/${patch} debian/patches/${patch} - echo ${patch} >> debian/patches/series -done - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch b/packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch deleted file mode 100644 index c13569ad..00000000 --- a/packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 8d9e8ace96ad9e2dba9f2d4069228dee5daf6772 Mon Sep 17 00:00:00 2001 -From: Loic Poulain <loic.poulain@linaro.org> -Date: Mon, 2 Nov 2020 06:42:12 -0500 -Subject: [PATCH 1/4] Add support for raw IP interface type -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Under linux some devices can expose raw IP interfaces, such as WWAN -modems. In that case IP data is not encapsulated in any lower level -protocol. - -dhclient does not support this currently and this patch adds support -for such pure IP interfaces. - -The original patch comes from Bjørn Mork on Network-Manage mailing list: -https://mail.gnome.org/archives/networkmanager-list/2015-December/msg00044.html - ---- - common/bpf.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++- - common/lpf.c | 59 +++++++++++++++++++++++++++++++++++++----------- - common/packet.c | 7 ++++++ - includes/dhcp.h | 1 + - 4 files changed, 113 insertions(+), 14 deletions(-) - -diff --git a/common/bpf.c b/common/bpf.c -index 658e5db..0c08574 100644 ---- a/common/bpf.c -+++ b/common/bpf.c -@@ -198,6 +198,34 @@ struct bpf_insn dhcp_bpf_filter [] = { - BPF_STMT (BPF_RET + BPF_K, 0), - }; - -+int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); -+ -+struct bpf_insn dhcp_bpf_pureip_filter [] = { -+ /* Make sure it's a UDP packet... */ -+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), -+ -+ /* Make sure this isn't a fragment... */ -+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), -+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), -+ -+ /* Get the IP header length... */ -+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0), -+ -+ /* Make sure it's to the right port... */ -+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ -+ /* If we passed all the tests, ask for the whole packet. */ -+ BPF_STMT(BPF_RET+BPF_K, (u_int)-1), -+ -+ /* Otherwise, drop it. */ -+ BPF_STMT(BPF_RET+BPF_K, 0), -+}; -+ -+int dhcp_bpf_pureip_filter_len = -+ sizeof dhcp_bpf_pureip_filter / sizeof (struct bpf_insn); -+ - #if defined(RELAY_PORT) - /* - * For relay port extension -@@ -235,13 +263,43 @@ struct bpf_insn dhcp_bpf_relay_filter [] = { - - int dhcp_bpf_relay_filter_len = - sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn); -+ -+struct bpf_insn dhcp_bpf_pureip_relay_filter [] = { -+ /* Make sure it's a UDP packet... */ -+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 8), -+ -+ /* Make sure this isn't a fragment... */ -+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), -+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 6, 0), -+ -+ /* Get the IP header length... */ -+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0), -+ -+ /* Make sure it's to the right port... */ -+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */ -+ -+ /* relay can have an alternative port... */ -+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ -+ /* If we passed all the tests, ask for the whole packet. */ -+ BPF_STMT (BPF_RET + BPF_K, (u_int)-1), -+ -+ /* Otherwise, drop it. */ -+ BPF_STMT (BPF_RET + BPF_K, 0), -+}; -+ -+int dhcp_bpf_pureip_relay_filter_len = -+ sizeof dhcp_bpf_pureip_relay_filter / sizeof (struct bpf_insn); -+ - #endif - - #if defined (DEC_FDDI) - struct bpf_insn *bpf_fddi_filter = NULL; - #endif - --int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); - #if defined (HAVE_TR_SUPPORT) - struct bpf_insn dhcp_bpf_tr_filter [] = { - /* accept all token ring packets due to variable length header */ -diff --git a/common/lpf.c b/common/lpf.c -index bb8822a..d8f34a4 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -177,9 +177,15 @@ void if_deregister_send (info) - extern struct sock_filter dhcp_bpf_filter []; - extern int dhcp_bpf_filter_len; - -+extern struct sock_filter dhcp_bpf_pureip_filter []; -+extern int dhcp_bpf_pureip_filter_len; -+ - #if defined(RELAY_PORT) - extern struct sock_filter dhcp_bpf_relay_filter []; - extern int dhcp_bpf_relay_filter_len; -+ -+extern struct sock_filter dhcp_bpf_pureip_relay_filter []; -+extern int dhcp_bpf_pureip_relay_filter_len; - #endif - - #if defined (HAVE_TR_SUPPORT) -@@ -249,31 +255,52 @@ void if_deregister_receive (info) - static void lpf_gen_filter_setup (info) - struct interface_info *info; - { -+ int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP; - struct sock_fprog p; - - memset(&p, 0, sizeof(p)); - -- /* Set up the bpf filter program structure. This is defined in -- bpf.c */ -- p.len = dhcp_bpf_filter_len; -- p.filter = dhcp_bpf_filter; -+ /* Set up the bpf filter program structure and patch port(s). -+ * -+ * This is defined in bpf.c, XXX changes to filter program may -+ * require changes to the insn number(s) used below! XXX -+ */ -+ -+ if (pure_ip) { -+ p.len = dhcp_bpf_pureip_filter_len; -+ p.filter = dhcp_bpf_pureip_filter; -+ -+ /* patch port */ -+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port); -+ } else { -+ p.len = dhcp_bpf_filter_len; -+ p.filter = dhcp_bpf_filter; -+ -+ /* patch port */ -+ dhcp_bpf_filter [8].k = ntohs (local_port); -+ } - -- /* Patch the server port into the LPF program... -- XXX changes to filter program may require changes -- to the insn number(s) used below! XXX */ - #if defined(RELAY_PORT) -- if (relay_port) { -- /* -- * If user defined relay UDP port, we need to filter -- * also on the user UDP port. -- */ -+ /* -+ * If user defined relay UDP port, we need to filter -+ * also on the user UDP port. -+ */ -+ if (relay_port && pure_ip) { -+ p.len = dhcp_bpf_pureip_relay_filter_len; -+ p.filter = dhcp_bpf_pureip_relay_filter; -+ -+ /* patch ports */ -+ dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port); -+ dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port); -+ } else if (relay_port) { - p.len = dhcp_bpf_relay_filter_len; - p.filter = dhcp_bpf_relay_filter; - -+ /* patch ports */ -+ dhcp_bpf_relay_filter [8].k = ntohs (local_port); - dhcp_bpf_relay_filter [10].k = ntohs (relay_port); - } - #endif -- dhcp_bpf_filter [8].k = ntohs (local_port); - - if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, - sizeof p) < 0) { -@@ -578,6 +605,12 @@ get_hw_addr(const char *name, struct hardware *hw) { - hw->hbuf[3] = 0xbe; - hw->hbuf[4] = 0xef; - break; -+#endif -+#ifdef ARPHRD_RAWIP -+ case ARPHRD_RAWIP: -+ hw->hlen = 1; -+ hw->hbuf[0] = HTYPE_PUREIP; -+ break; - #endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", -diff --git a/common/packet.c b/common/packet.c -index 49795c4..6745db7 100644 ---- a/common/packet.c -+++ b/common/packet.c -@@ -119,6 +119,10 @@ void assemble_hw_header (interface, buf, bufix, to) - case HTYPE_INFINIBAND: - log_error("Attempt to assemble hw header for infiniband"); - break; -+ case HTYPE_PUREIP: -+ /* Nothing to do, there is no hw header */ -+ *bufix = 0; -+ break; - case HTYPE_ETHER: - default: - assemble_ethernet_header(interface, buf, bufix, to); -@@ -219,6 +223,9 @@ ssize_t decode_hw_header (interface, buf, bufix, from) - case HTYPE_INFINIBAND: - log_error("Attempt to decode hw header for infiniband"); - return (0); -+ case HTYPE_PUREIP: -+ /* Nothing to do, there is no hw header */ -+ return 0; - case HTYPE_ETHER: - default: - return (decode_ethernet_header(interface, buf, bufix, from)); -diff --git a/includes/dhcp.h b/includes/dhcp.h -index d519821..75be1fb 100644 ---- a/includes/dhcp.h -+++ b/includes/dhcp.h -@@ -76,6 +76,7 @@ struct dhcp_packet { - #define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */ - #define HTYPE_FDDI 8 /* FDDI... */ - #define HTYPE_INFINIBAND 32 /* IP over Infiniband */ -+#define HTYPE_PUREIP 35 /* Pure IP */ - #define HTYPE_IPMP 255 /* IPMP - random hw address - there - * is no standard for this so we - * just steal a type */ --- -2.39.2 - diff --git a/packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch b/packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch deleted file mode 100644 index 60b693f6..00000000 --- a/packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch +++ /dev/null @@ -1,170 +0,0 @@ -From e67d1b6b4178f412084459c4cb7e54a8c0019bd2 Mon Sep 17 00:00:00 2001 -From: Francis Dupont <fdupont@isc.org> -Date: Fri, 6 Nov 2020 10:46:09 +0100 -Subject: [PATCH 2/4] Checkpoint: improved patch - ---- - common/bpf.c | 10 +++--- - common/lpf.c | 89 +++++++++++++++++++++++++++++++++++----------------- - 2 files changed, 65 insertions(+), 34 deletions(-) - -diff --git a/common/bpf.c b/common/bpf.c -index 0c08574..30dcaa5 100644 ---- a/common/bpf.c -+++ b/common/bpf.c -@@ -214,13 +214,13 @@ struct bpf_insn dhcp_bpf_pureip_filter [] = { - - /* Make sure it's to the right port... */ - BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2), -- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */ - - /* If we passed all the tests, ask for the whole packet. */ -- BPF_STMT(BPF_RET+BPF_K, (u_int)-1), -+ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), - - /* Otherwise, drop it. */ -- BPF_STMT(BPF_RET+BPF_K, 0), -+ BPF_STMT(BPF_RET + BPF_K, 0), - }; - - int dhcp_bpf_pureip_filter_len = -@@ -278,11 +278,11 @@ struct bpf_insn dhcp_bpf_pureip_relay_filter [] = { - - /* Make sure it's to the right port... */ - BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */ -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 2, 0), /* patch */ - - /* relay can have an alternative port... */ - BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */ - - /* If we passed all the tests, ask for the whole packet. */ - BPF_STMT (BPF_RET + BPF_K, (u_int)-1), -diff --git a/common/lpf.c b/common/lpf.c -index d8f34a4..75609f5 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -221,6 +221,9 @@ void if_register_receive (info) - lpf_tr_filter_setup (info); - else - #endif -+ if (info -> hw_address.hbuf [0] == HTYPE_PUREIP) -+ lpf_pureip_filter_setup (info); -+ else - lpf_gen_filter_setup (info); - - if (!quiet_interface_discovery) -@@ -255,50 +258,78 @@ void if_deregister_receive (info) - static void lpf_gen_filter_setup (info) - struct interface_info *info; - { -- int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP; - struct sock_fprog p; - - memset(&p, 0, sizeof(p)); - -- /* Set up the bpf filter program structure and patch port(s). -- * -- * This is defined in bpf.c, XXX changes to filter program may -- * require changes to the insn number(s) used below! XXX -- */ -+ /* Set up the bpf filter program structure. This is defined in -+ bpf.c */ -+ p.len = dhcp_bpf_filter_len; -+ p.filter = dhcp_bpf_filter; -+ -+ dhcp_bpf_filter [8].k = ntohs (local_port); - -- if (pure_ip) { -- p.len = dhcp_bpf_pureip_filter_len; -- p.filter = dhcp_bpf_pureip_filter; -+ /* Patch the server port into the LPF program... -+ XXX changes to filter program may require changes -+ to the insn number(s) used below! XXX */ -+#if defined(RELAY_PORT) -+ if (relay_port) { -+ /* -+ * If user defined relay UDP port, we need to filter -+ * also on the user UDP port. -+ */ -+ p.len = dhcp_bpf_relay_filter_len; -+ p.filter = dhcp_bpf_relay_filter; - -- /* patch port */ -- dhcp_bpf_pureip_filter [6].k = ntohs (local_port); -- } else { -- p.len = dhcp_bpf_filter_len; -- p.filter = dhcp_bpf_filter; -+ dhcp_bpf_relay_filter [8].k = ntohs (local_port); -+ dhcp_bpf_relay_filter [10].k = ntohs (relay_port); -+ } -+#endif - -- /* patch port */ -- dhcp_bpf_filter [8].k = ntohs (local_port); -+ if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, -+ sizeof p) < 0) { -+ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || -+ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || -+ errno == EAFNOSUPPORT) { -+ log_error ("socket: %m - make sure"); -+ log_error ("CONFIG_PACKET (Packet socket) %s", -+ "and CONFIG_FILTER"); -+ log_error ("(Socket Filtering) are enabled %s", -+ "in your kernel"); -+ log_fatal ("configuration!"); -+ } -+ log_fatal ("Can't install packet filter program: %m"); - } -+} -+ -+static void lpf_pureip_gen_filter_setup (info) -+ struct interface_info *info; -+{ -+ struct sock_fprog p; -+ -+ memset(&p, 0, sizeof(p)); -+ -+ /* Set up the bpf filter program structure. This is defined in -+ bpf.c */ -+ p.len = dhcp_bpf_pureip_filter_len; -+ p.filter = dhcp_bpf_pureip_filter; -+ -+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port); - -+ /* Patch the server port into the LPF program... -+ XXX changes to filter program may require changes -+ to the insn number(s) used below! XXX */ - #if defined(RELAY_PORT) -- /* -- * If user defined relay UDP port, we need to filter -- * also on the user UDP port. -- */ -- if (relay_port && pure_ip) { -+ if (relay_port) { -+ /* -+ * If user defined relay UDP port, we need to filter -+ * also on the user UDP port. -+ */ - p.len = dhcp_bpf_pureip_relay_filter_len; - p.filter = dhcp_bpf_pureip_relay_filter; - -- /* patch ports */ - dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port); - dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port); -- } else if (relay_port) { -- p.len = dhcp_bpf_relay_filter_len; -- p.filter = dhcp_bpf_relay_filter; -- -- /* patch ports */ -- dhcp_bpf_relay_filter [8].k = ntohs (local_port); -- dhcp_bpf_relay_filter [10].k = ntohs (relay_port); - } - #endif - --- -2.39.2 - diff --git a/packages/isc-dhcp/patches/0003-fix-compilation-errors.patch b/packages/isc-dhcp/patches/0003-fix-compilation-errors.patch deleted file mode 100644 index c66e0c7c..00000000 --- a/packages/isc-dhcp/patches/0003-fix-compilation-errors.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001 -From: Adam Smith <zero1three@gmail.com> -Date: Tue, 23 Jan 2024 21:47:00 -0500 -Subject: [PATCH 3/4] fix compilation errors - ---- - common/lpf.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/common/lpf.c b/common/lpf.c -index 75609f5..1561d71 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *); - #endif - - static void lpf_gen_filter_setup (struct interface_info *); -+static void lpf_pureip_gen_filter_setup (struct interface_info *); - - void if_register_receive (info) - struct interface_info *info; -@@ -215,14 +216,13 @@ void if_register_receive (info) - } - #endif - -- - #if defined (HAVE_TR_SUPPORT) - if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) - lpf_tr_filter_setup (info); - else - #endif - if (info -> hw_address.hbuf [0] == HTYPE_PUREIP) -- lpf_pureip_filter_setup (info); -+ lpf_pureip_gen_filter_setup (info); - else - lpf_gen_filter_setup (info); - -@@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info) - } - } - -+ - #if defined (HAVE_TR_SUPPORT) - static void lpf_tr_filter_setup (info) - struct interface_info *info; --- -2.39.2 - diff --git a/packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch b/packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch deleted file mode 100644 index 32089b4d..00000000 --- a/packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch +++ /dev/null @@ -1,29 +0,0 @@ -From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001 -From: Adam Smith <zero1three@gmail.com> -Date: Tue, 23 Jan 2024 22:35:54 -0500 -Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type - ---- - common/lpf.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/common/lpf.c b/common/lpf.c -index 1561d71..f7e84b1 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) { - hw->hlen = 1; - hw->hbuf[0] = HTYPE_PUREIP; - break; -+#endif -+#ifdef ARPHRD_NONE -+ case ARPHRD_NONE: -+ hw->hlen = 1; -+ hw->hbuf[0] = HTYPE_PUREIP; -+ break; - #endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", --- -2.39.2 - diff --git a/packages/kea/.gitignore b/packages/kea/.gitignore deleted file mode 100644 index 8a9161fe..00000000 --- a/packages/kea/.gitignore +++ /dev/null @@ -1 +0,0 @@ -isc-kea/ diff --git a/packages/kea/Jenkinsfile b/packages/kea/Jenkinsfile deleted file mode 100644 index d5b20040..00000000 --- a/packages/kea/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'isc-kea', - 'scmCommit': 'debian/2.4.1-1', - 'scmUrl': 'https://salsa.debian.org/debian/isc-kea', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ISC Kea', pkgList, null, true, "**/packages/kea/**") diff --git a/packages/kea/build.sh b/packages/kea/build.sh deleted file mode 100755 index ec46d293..00000000 --- a/packages/kea/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=isc-kea -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -PATCH_DIR=${CWD}/patches -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Apply patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} -done - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/keepalived/.gitignore b/packages/keepalived/.gitignore deleted file mode 100644 index 9503bdbd..00000000 --- a/packages/keepalived/.gitignore +++ /dev/null @@ -1 +0,0 @@ -keepalived/ diff --git a/packages/keepalived/Jenkinsfile b/packages/keepalived/Jenkinsfile deleted file mode 100644 index 0d886751..00000000 --- a/packages/keepalived/Jenkinsfile +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def package_name = 'keepalived' - -def pkgList = [ - ['name': "${package_name}", - 'scmCommit': 'debian/1%2.2.8-1', - 'scmUrl': 'https://salsa.debian.org/debian/pkg-keepalived.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; ../build.py'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage("${package_name}", pkgList, null, true, "**/packages/${package_name}/**") diff --git a/packages/keepalived/build.py b/packages/keepalived/build.py deleted file mode 100755 index 04f4791b..00000000 --- a/packages/keepalived/build.py +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - patches_dir = Path('../patches') - current_dir: str = Path.cwd().as_posix() - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True) - series_file = Path(f'{current_dir}/debian/patches/series') - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{current_dir}/debian/patches/') - if series_file.exists(): - series_data: str = series_file.read_text() - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() diff --git a/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch b/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch deleted file mode 100644 index b099dc7b..00000000 --- a/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch +++ /dev/null @@ -1,129 +0,0 @@ -From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage <quentin@armitage.org.uk> -Date: Sat, 14 Oct 2023 15:37:19 +0100 -Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs - -Setting arp_ignore to 1 ensures that the VMAC interface does not respond -to ARP requests for IPv4 addresses not configured on the VMAC. - -Signed-off-by: Quentin Armitage <quentin@armitage.org.uk> ---- - keepalived/include/vrrp_if_config.h | 2 +- - keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++-------- - keepalived/vrrp/vrrp_vmac.c | 5 ++--- - 3 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h -index 35465cd..c35e56e 100644 ---- a/keepalived/include/vrrp_if_config.h -+++ b/keepalived/include/vrrp_if_config.h -@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*); - extern void reset_promote_secondaries(interface_t*); - #ifdef _HAVE_VRRP_VMAC_ - extern void restore_rp_filter(void); --extern void set_interface_parameters(const interface_t*, interface_t*); -+extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t); - extern void reset_interface_parameters(interface_t*); - extern void link_set_ipv6(const interface_t*, bool); - #endif -diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c -index cfce7e2..fbfd34c 100644 ---- a/keepalived/vrrp/vrrp_if_config.c -+++ b/keepalived/vrrp/vrrp_if_config.c -@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = { - { 0, 0} - }; - -+static sysctl_opts_t vmac_sysctl_6[] = { -+ { IPV4_DEVCONF_ARP_IGNORE, 1 }, -+ { 0, 0} -+}; -+ - #endif - #endif - -@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts) - - #ifdef _HAVE_VRRP_VMAC_ - static inline int --netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl)) -+ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl)) - return -1; - -+ if (family == AF_INET6) -+ return 0; -+ - /* If the underlying interface is a MACVLAN that has been moved into - * a separate network namespace from the parent, we can't access the - * parent. */ -@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp) - } - - static inline void --set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_parameters(ifp, base_ifp)) -+ if (netlink_set_interface_parameters(ifp, base_ifp, family)) - log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname); - } - -@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp) - - #ifdef _HAVE_VRRP_VMAC_ - static inline void --set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - unsigned val; - - set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1); -+ -+ if (family == AF_INET6) -+ return; -+ - set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1); - set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0); - -@@ -524,15 +536,15 @@ restore_rp_filter(void) - } - - void --set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - if (all_rp_filter == UINT_MAX) - clear_rp_filter(); - - #ifdef _HAVE_IPV4_DEVCONF_ -- set_interface_parameters_devconf(ifp, base_ifp); -+ set_interface_parameters_devconf(ifp, base_ifp, family); - #else -- set_interface_parameters_sysctl(ifp, base_ifp); -+ set_interface_parameters_sysctl(ifp, base_ifp, family); - #endif - } - -diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c -index e5ff0e9..021953a 100644 ---- a/keepalived/vrrp/vrrp_vmac.c -+++ b/keepalived/vrrp/vrrp_vmac.c -@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface) - if (!ifp->ifindex) - return false; - -- if (vrrp->family == AF_INET && create_interface) { -+ if (create_interface) { - /* Set the necessary kernel parameters to make macvlans work for us */ --// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f -- set_interface_parameters(ifp, ifp->base_ifp); -+ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family); - } - - #ifdef _WITH_FIREWALL_ --- -2.34.1 - diff --git a/packages/linux-kernel/.gitignore b/packages/linux-kernel/.gitignore deleted file mode 100644 index 97e392e3..00000000 --- a/packages/linux-kernel/.gitignore +++ /dev/null @@ -1,25 +0,0 @@ -/linux -/wireguard -/wireguard-linux-compat -/accel-ppp -/intel-qat -/linux-firmware -/vyos-drivers-intel* -/vyos-drivers-realtek* -/ovpn-dco -/nat-rtsp -/jool* -/qat* -/QAT* -*.tar.xz -/*.postinst - -# Intel Driver source -i40e-*/ -igb-*/ -ixgbe-*/ -ixgbevf-*/ -vyos-intel-*/ -vyos-linux-firmware*/ -kernel-vars -r8152-*.tar.bz2 diff --git a/packages/linux-kernel/Jenkinsfile b/packages/linux-kernel/Jenkinsfile deleted file mode 100644 index 9d88663a..00000000 --- a/packages/linux-kernel/Jenkinsfile +++ /dev/null @@ -1,80 +0,0 @@ -// Copyright (C) 2020-2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - // The Linux Kernel - ['name': 'kernel', - 'buildCmd': ''' - # all scripts must be executed one level above ... - cd .. - - # read the required Kernel version - KERNEL_VER=\$(cat ../../data/defaults.toml | tomlq -r .kernel_version) - gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org - curl -OL https://www.kernel.org/pub/linux/kernel/v6.x/linux-${KERNEL_VER}.tar.xz - curl -OL https://www.kernel.org/pub/linux/kernel/v6.x/linux-${KERNEL_VER}.tar.sign - xz -cd linux-${KERNEL_VER}.tar.xz | gpg2 --verify linux-${KERNEL_VER}.tar.sign - - if [ $? -ne 0 ]; then - exit 1 - fi - - # Unpack Kernel source - tar xf linux-${KERNEL_VER}.tar.xz - ln -s linux-${KERNEL_VER} linux - # ... Build Kernel - ./build-kernel.sh - '''], - - // Firmware - ['name': 'linux-firmware', 'scmCommit': '20231211', - 'scmUrl': 'https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git', - 'buildCmd': 'cd ..; ./build-linux-firmware.sh'], - - // Accel-PPP - ['name': 'accel-ppp', 'scmCommit': '1.13.0', - 'scmUrl': 'https://github.com/accel-ppp/accel-ppp.git', - 'buildCmd': 'cd ..; pwd; ls -al; ./build-accel-ppp.sh'], - - // Intel QAT - ['name': 'qat', 'buildCmd': 'cd ..; ./build-intel-qat.sh'], - - // Intel IXGBE - ['name': 'ixgbe', 'buildCmd': 'cd ..; ./build-intel-ixgbe.sh'], - - // Intel IXGBEVF - ['name': 'ixgbevf', 'buildCmd': 'cd ..; ./build-intel-ixgbevf.sh'], - - // Jool - ['name': 'jool', 'buildCmd': 'cd ..; ./build-jool.py'], - - // OpenVPN DCO - ['name': 'ovpn-dco','scmCommit': 'v0.2.20231117', - 'scmUrl': 'https://github.com/OpenVPN/ovpn-dco', - 'buildCmd': 'cd ..; ./build-openvpn-dco.sh'], - - // RTSP netfilter helper - ['name': 'nat-rtsp', 'scmCommit': '475af0a', - 'scmUrl': 'https://github.com/maru-sama/rtsp-linux.git', - 'buildCmd': 'cd ..; ./build-nat-rtsp.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('Kernel', pkgList, null, true, "**/packages/linux-kernel/**") diff --git a/packages/linux-kernel/README.md b/packages/linux-kernel/README.md deleted file mode 100644 index ee9a5175..00000000 --- a/packages/linux-kernel/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# About - -VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing. -This repository holds a Jenkins Pipeline which is used to build the Custom -Kernel (x86_64/amd64 at the moment) and all required out-of tree modules. - -VyOS does not utilize the build in Intel Kernel drivers for its NICs as those -Kernels sometimes lack features e.g. configurable receive-side-scaling queues. -On the other hand we ship additional not mainlined features as WireGuard VPN. - -## Kernel - -The Kernel is build from the vanilla repositories hosted at https://git.kernel.org. -VyOS requires two additional patches to work which are stored in the patches/kernel -folder. - -### Config - -The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig) -which will be copied on demand during the Pipeline run into the `arch/x86/configs`i -direcotry of the Kernel source tree. - -Other configurations can be added in the future easily. - -### Modules - -VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel -network interface card drivers). Module source code is retrieved from the -upstream repository and - when needed - patched so it can be build using this -pipeline. - -In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and -Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla -repositories upgrading to new versions is very easy - only the branch/commit/tag -used when cloning the repository via [Jenkinsfile](Jenkinsfile) needs to be -adjusted. diff --git a/packages/linux-kernel/build-accel-ppp.sh b/packages/linux-kernel/build-accel-ppp.sh deleted file mode 100755 index 1685ff8d..00000000 --- a/packages/linux-kernel/build-accel-ppp.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -ACCEL_SRC=${CWD}/accel-ppp -if [ ! -d ${ACCEL_SRC} ]; then - echo "Accel-PPP source not found" - exit 1 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -PATCH_DIR=${CWD}/patches/accel-ppp -if [ -d $PATCH_DIR ]; then - cd ${ACCEL_SRC} - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} - done -fi - -. ${KERNEL_VAR_FILE} -mkdir -p ${ACCEL_SRC}/build -cd ${ACCEL_SRC}/build - -echo "I: Build Accel-PPP Debian package" -cmake -DBUILD_IPOE_DRIVER=TRUE \ - -DBUILD_VLAN_MON_DRIVER=TRUE \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DKDIR=${KERNEL_DIR} \ - -DLUA=5.3 \ - -DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \ - -DCPACK_TYPE=Debian12 .. -make -cpack -G DEB - -# rename resulting Debian package according git description -mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb diff --git a/packages/linux-kernel/build-intel-ixgbe.sh b/packages/linux-kernel/build-intel-ixgbe.sh deleted file mode 100755 index 5f45c62a..00000000 --- a/packages/linux-kernel/build-intel-ixgbe.sh +++ /dev/null @@ -1,107 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel ixgbe is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://sourceforge.net/projects/e1000/files/ixgbe%20stable/5.20.3/ixgbe-5.20.3.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="ixgbe" -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//') -DRIVER_VERSION_EXTRA="" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbe.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR}/src -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/ -echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel" -sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbe_main.c -sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbe_main.c - -# See https://vyos.dev/T6155 -echo "I: always enable allow_unsupported_sfp for all NICs by default" -patch -l -p1 < ../../patches/ixgbe/allow_unsupported_sfp.patch - -# See https://vyos.dev/T6162 -echo "I: add 1000BASE-BX support" -patch -l -p1 < ../../patches/ixgbe/add_1000base-bx_support.patch - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi diff --git a/packages/linux-kernel/build-intel-ixgbevf.sh b/packages/linux-kernel/build-intel-ixgbevf.sh deleted file mode 100755 index a965e0de..00000000 --- a/packages/linux-kernel/build-intel-ixgbevf.sh +++ /dev/null @@ -1,100 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel ixgbevf is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/4.18.9/ixgbevf-4.18.9.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="ixgbevf" -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//') -DRIVER_VERSION_EXTRA="" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbevf.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR}/src -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/ -echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel" -sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbevf_main.c -sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbevf_main.c - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi - diff --git a/packages/linux-kernel/build-intel-qat.sh b/packages/linux-kernel/build-intel-qat.sh deleted file mode 100755 index 765cea3f..00000000 --- a/packages/linux-kernel/build-intel-qat.sh +++ /dev/null @@ -1,111 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel-QAT is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://dev.packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="QAT" -DRIVER_NAME_EXTRA="L." -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | awk -F${DRIVER_NAME_EXTRA} '{print $2}') -DRIVER_VERSION_EXTRA="-0" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-qat.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR} -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -mkdir -p \ - ${DEBIAN_DIR}/lib/firmware \ - ${DEBIAN_DIR}/usr/sbin \ - ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu \ - ${DEBIAN_DIR}/etc/init.d -KERNEL_SOURCE_ROOT=${KERNEL_DIR} ./configure --enable-kapi --enable-qat-lkcf -make -j $(getconf _NPROCESSORS_ONLN) all -make INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} \ - qat-driver-install adf-ctl-all - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -cp quickassist/qat/fw/*.bin ${DEBIAN_DIR}/lib/firmware -cp build/*.so ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu -cp build/adf_ctl ${DEBIAN_DIR}/usr/sbin -cp quickassist/build_system/build_files/qat_service ${DEBIAN_DIR}/etc/init.d -cp build/usdm_drv.ko ${DEBIAN_DIR}/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/updates/drivers -chmod 644 ${DEBIAN_DIR}/lib/firmware/* -chmod 755 ${DEBIAN_DIR}/etc/init.d/* ${DEBIAN_DIR}/usr/local/bin/* - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION}${DRIVER_VERSION_EXTRA} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi diff --git a/packages/linux-kernel/build-jool.py b/packages/linux-kernel/build-jool.py deleted file mode 100755 index 1781a6c8..00000000 --- a/packages/linux-kernel/build-jool.py +++ /dev/null @@ -1,98 +0,0 @@ -#!/usr/bin/env python3 - -from tomllib import loads as toml_loads -from requests import get -from pathlib import Path -from subprocess import run - -def find_arch() -> str: - tmp=run(['dpkg-architecture', '-q', 'DEB_HOST_ARCH'], capture_output=True) - return tmp.stdout.decode().strip() - -# dependency modifier -def add_depends(package_dir: str, package_name: str, - depends: list[str]) -> None: - """Add dependencies to a package - - Args: - package_dir (str): a directory where package sources are located - package_name (str): a name of package - depends (list[str]): a list of dependencies to add - """ - depends_list: str = ', '.join(depends) - depends_line: str = f'misc:Depends={depends_list}\n' - - substvars_file = Path(f'{package_dir}/debian/{package_name}.substvars') - substvars_file.write_text(depends_line) - - -# find kernel version and source path -arch: str = find_arch() -defaults_file: str = Path('../../data/defaults.toml').read_text() -architecture_file: str = Path(f'../../data/architectures/{arch}.toml').read_text() -KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version') -KERNEL_FLAVOR: str = toml_loads(architecture_file).get('kernel_flavor') -KERNEL_SRC: str = Path.cwd().as_posix() + '/linux' - -# define variables -PACKAGE_NAME: str = 'jool' -PACKAGE_VERSION: str = '4.1.9+bf4c7e3669' -PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}' -SOURCES_ARCHIVE: str = 'jool-4.1.9+bf4c7e3669.tar.gz' -SOURCES_URL: str = f'https://github.com/NICMx/Jool/archive/7f08c42c615ed63cf0fdc1522d91aa0809f6d990.tar.gz' - -# download sources -sources_archive = Path(SOURCES_ARCHIVE) -sources_archive.write_bytes(get(SOURCES_URL).content) - -# prepare sources -debmake_cmd: list[str] = [ - 'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p', - PACKAGE_NAME, '-u', PACKAGE_VERSION, '-a', SOURCES_ARCHIVE -] -run(debmake_cmd) - -# add kernel to dependencies -add_depends(PACKAGE_DIR, PACKAGE_NAME, - [f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}']) - -# configure build rules -build_rules_text: str = f'''#!/usr/bin/make -f -# config -export KERNEL_DIR := {KERNEL_SRC} -PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME} -KVER := {KERNEL_VER}-{KERNEL_FLAVOR} -MODULES_DIR := extra - -# main packaging script based on dh7 syntax -%: - dh $@ - -override_dh_clean: - dh_clean --exclude=debian/{PACKAGE_NAME}.substvars - -override_dh_prep: - dh_prep --exclude=debian/{PACKAGE_NAME}.substvars - -# override_dh_auto_clean: -# make -C src/mod clean - -override_dh_auto_build: - dh_auto_build $@ - make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/common modules - make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/nat64 modules - make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/siit modules - -override_dh_auto_install: - dh_auto_install $@ - install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko - install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko - install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko - -''' -bild_rules = Path(f'{PACKAGE_DIR}/debian/rules') -bild_rules.write_text(build_rules_text) - -# build a package -debuild_cmd: list[str] = ['debuild'] -run(debuild_cmd, cwd=PACKAGE_DIR) diff --git a/packages/linux-kernel/build-kernel.sh b/packages/linux-kernel/build-kernel.sh deleted file mode 100755 index 2c02f5c3..00000000 --- a/packages/linux-kernel/build-kernel.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash -CWD=$(pwd) -KERNEL_SRC=linux - -set -e - -if [ ! -d ${KERNEL_SRC} ]; then - echo "Linux Kernel source directory does not exists, please 'git clone'" - exit 1 -fi - -echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source" -cp -rv arch/ ${KERNEL_SRC}/ - -cd ${KERNEL_SRC} - -echo "I: clean modified files" -git reset --hard HEAD - -KERNEL_VERSION=$(make kernelversion) -KERNEL_SUFFIX=-$(dpkg --print-architecture)-vyos - -# VyOS requires some small Kernel Patches - apply them here -# It's easier to habe them here and make use of the upstream -# repository instead of maintaining a full Kernel Fork. -# Saving time/resources is essential :-) -PATCH_DIR=${CWD}/patches/kernel -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} -done - -echo "I: make vyos_defconfig" -# Select Kernel configuration - currently there is only one -make vyos_defconfig - -echo "I: Generate environment file containing Kernel variable" -cat << EOF >${CWD}/kernel-vars -#!/bin/sh -export KERNEL_VERSION=${KERNEL_VERSION} -export KERNEL_SUFFIX=${KERNEL_SUFFIX} -export KERNEL_DIR=${CWD}/${KERNEL_SRC} -EOF - -echo "I: Build Debian Kernel package" -touch .scmversion -make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN) - -cd $CWD -if [[ $? == 0 ]]; then - for package in $(ls linux-*.deb) - do - ln -sf linux-kernel/$package .. - done -fi diff --git a/packages/linux-kernel/build-linux-firmware.sh b/packages/linux-kernel/build-linux-firmware.sh deleted file mode 100755 index 2b1fa7b7..00000000 --- a/packages/linux-kernel/build-linux-firmware.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash - -# All selected drivers are then precomfiled "make drivers/foo/bar.i" and we grep for -# the magic word "UNIQUE_ID_firmware" which identifies firmware files. - -CWD=$(pwd) -LINUX_SRC="linux" -LINUX_FIRMWARE="linux-firmware" -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if [ ! -d ${LINUX_SRC} ]; then - echo "Kernel source missing" - exit 1 -fi - -if [ ! -d ${LINUX_FIRMWARE} ]; then - echo "Linux firmware repository missing" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -result=() -# Retrieve firmware blobs from source files -FW_FILES=$(find ${LINUX_SRC}/debian/linux-image/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/kernel/drivers/net -name *.ko | xargs modinfo | grep "^firmware:" | awk '{print $2}') - -# Debian package will use the descriptive Git commit as version -GIT_COMMIT=$(cd ${CWD}/${LINUX_FIRMWARE}; git describe --always) -VYOS_FIRMWARE_NAME="vyos-linux-firmware" -VYOS_FIRMWARE_DIR="${VYOS_FIRMWARE_NAME}_${GIT_COMMIT}-0_all" -if [ -d ${VYOS_FIRMWARE_DIR} ]; then - # remove Debian package folder and deb file from previous runs - rm -rf ${VYOS_FIRMWARE_DIR}* -fi -mkdir -p ${VYOS_FIRMWARE_DIR} - -# Install firmware files to build directory -LINUX_FIRMWARE_BUILD_DIR="${LINUX_FIRMWARE}_${GIT_COMMIT}" - -if [ -d ${LINUX_FIRMWARE_BUILD_DIR} ]; then - rm -rf "${LINUX_FIRMWARE_BUILD_DIR}" -fi - -mkdir -p "${LINUX_FIRMWARE_BUILD_DIR}" - -( - cd ${LINUX_FIRMWARE} - ./copy-firmware.sh "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}" -) - -# Copy firmware file from linux firmware build directory into -# assembly folder for the vyos-firmware package -SED_REPLACE="s@${CWD}/${LINUX_FIRMWARE}/@@" -for FILE_PATTERN in ${FW_FILES}; do - find "${LINUX_FIRMWARE_BUILD_DIR}" -path "*/${FILE_PATTERN}" -print0 | while IFS= read -r -d $'\0' FILE; do - TARGET="$(echo "${FILE}" | sed "s/${LINUX_FIRMWARE_BUILD_DIR}\///g")" - TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${TARGET}")" - # If file is a symlink install the symlink target as well - if [ -h "${FILE}" ]; then - if [ ! -f "${TARGET_DIR}/$(basename "${TARGET}")" ]; then - if [ -f "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then - mkdir -p "${TARGET_DIR}" - - echo "I: install firmware: ${TARGET}" - cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}" - # If file links to other folder which this script not cover. Create folder and copy together. - if [ -L "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then - REALPATH_TARGET=$(realpath --relative-to="${CWD}/${LINUX_FIRMWARE_BUILD_DIR}" "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}") - REALPATH_TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${REALPATH_TARGET}")" - mkdir -p "${REALPATH_TARGET_DIR}" - echo "I: install firmware: ${REALPATH_TARGET}" - cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${REALPATH_TARGET}" "${REALPATH_TARGET_DIR}" - fi - else - echo "I: firmware file not found: ${TARGET}" - fi - fi - fi - - if [ -f "${FILE}" ]; then - mkdir -p "${TARGET_DIR}" - echo "I: install firmware: ${TARGET}" - cp -P "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}" - else - echo "I: firmware file not found: ${TARGET}" - fi - done -done - -echo "I: Create linux-firmware package" -rm -f ${VYOS_FIRMWARE_NAME}_*.deb -fpm --input-type dir --output-type deb --name ${VYOS_FIRMWARE_NAME} \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Binary firmware for various drivers in the Linux kernel" \ - --architecture all --version ${GIT_COMMIT} --deb-compression gz -C ${VYOS_FIRMWARE_DIR} - -rm -rf "${LINUX_FIRMWARE_BUILD_DIR}" -rm -rf ${VYOS_FIRMWARE_DIR} diff --git a/packages/linux-kernel/build-nat-rtsp.sh b/packages/linux-kernel/build-nat-rtsp.sh deleted file mode 100755 index ec7d19a6..00000000 --- a/packages/linux-kernel/build-nat-rtsp.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -SRC=${CWD}/nat-rtsp -if [ ! -d ${SRC} ]; then - echo "nat-rtsp source not found" - exit 1 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -cd ${SRC} && make KERNELDIR=$KERNEL_DIR - -# Copy binary to package directory -DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra -mkdir -p ${DEBIAN_DIR} -cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR} - -DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst" -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -# Build Debian Package -fpm --input-type dir --output-type deb --name nat-rtsp \ - --version $(git describe --tags --always) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Connection tracking and NAT support for RTSP" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --after-install ${DEBIAN_POSTINST} \ - --license "GPL2" --chdir tmp - -mv *.deb .. diff --git a/packages/linux-kernel/build-openvpn-dco.sh b/packages/linux-kernel/build-openvpn-dco.sh deleted file mode 100755 index fd427825..00000000 --- a/packages/linux-kernel/build-openvpn-dco.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -SRC=${CWD}/ovpn-dco -if [ ! -d ${SRC} ]; then - echo "OpenVPN DCO source not found" - exit 1 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -cd ${SRC} && make KERNEL_SRC=$KERNEL_DIR - -# Copy binary to package directory -DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra -mkdir -p ${DEBIAN_DIR} -cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR} - -# Build Debian Package -fpm --input-type dir --output-type deb --name openvpn-dco \ - --version $(git describe | sed s/^v//) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "OpenVPN Data Channel Offload" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" --chdir tmp - -mv *.deb .. diff --git a/packages/ndppd/.gitignore b/packages/ndppd/.gitignore deleted file mode 100644 index 0f24798d..00000000 --- a/packages/ndppd/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ndppd/ diff --git a/packages/ndppd/Jenkinsfile b/packages/ndppd/Jenkinsfile deleted file mode 100644 index f112ae38..00000000 --- a/packages/ndppd/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'ndppd', - 'scmCommit': 'debian/0.2.5-6', - 'scmUrl': 'https://salsa.debian.org/debian/ndppd', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ndppd', pkgList, null, true, "**/packages/ndppd/**") diff --git a/packages/ndppd/build.sh b/packages/ndppd/build.sh deleted file mode 100755 index 223cf52b..00000000 --- a/packages/ndppd/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=ndppd -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -PATCH_DIR=${CWD}/patches -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Apply patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} -done - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch b/packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch deleted file mode 100644 index df6d2e5c..00000000 --- a/packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch +++ /dev/null @@ -1,83 +0,0 @@ -From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001 -From: Henning Surmeier <me@hensur.de> -Date: Sun, 9 Jan 2022 20:35:15 +0100 -Subject: [PATCH 1/2] skip route table if there is no auto rule - ---- - src/ndppd.cc | 3 ++- - src/rule.cc | 8 ++++++++ - src/rule.h | 4 ++++ - 3 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/src/ndppd.cc b/src/ndppd.cc -index bec9656..b303721 100644 ---- a/src/ndppd.cc -+++ b/src/ndppd.cc -@@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[]) - t1.tv_sec = t2.tv_sec; - t1.tv_usec = t2.tv_usec; - -- route::update(elapsed_time); -+ if (rule::any_auto()) -+ route::update(elapsed_time); - session::update_all(elapsed_time); - } - -diff --git a/src/rule.cc b/src/rule.cc -index 9e72480..a1e8376 100644 ---- a/src/rule.cc -+++ b/src/rule.cc -@@ -24,6 +24,8 @@ - - NDPPD_NS_BEGIN - -+bool rule::_any_aut = false; -+ - rule::rule() - { - } -@@ -49,6 +51,7 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut) - ru->_pr = pr; - ru->_addr = addr; - ru->_aut = aut; -+ _any_aut = _any_aut || aut; - - logger::debug() - << "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr -@@ -57,6 +60,11 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut) - return ru; - } - -+bool rule::any_auto() -+{ -+ return _any_aut; -+} -+ - const address& rule::addr() const - { - return _addr; -diff --git a/src/rule.h b/src/rule.h -index 6663066..ca2aa36 100644 ---- a/src/rule.h -+++ b/src/rule.h -@@ -42,6 +42,8 @@ public: - - bool check(const address& addr) const; - -+ static bool any_auto(); -+ - private: - weak_ptr<rule> _ptr; - -@@ -53,6 +55,8 @@ private: - - bool _aut; - -+ static bool _any_aut; -+ - rule(); - }; - --- -2.34.1 - diff --git a/packages/ndppd/patches/0002-set-vyos-version.patch b/packages/ndppd/patches/0002-set-vyos-version.patch deleted file mode 100644 index 3fef87c4..00000000 --- a/packages/ndppd/patches/0002-set-vyos-version.patch +++ /dev/null @@ -1,25 +0,0 @@ -From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001 -From: Henning Surmeier <me@hensur.de> -Date: Tue, 11 Jan 2022 13:05:47 +0100 -Subject: [PATCH 2/2] set -vyos version - ---- - src/ndppd.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/ndppd.h b/src/ndppd.h -index 008726c..61ed950 100644 ---- a/src/ndppd.h -+++ b/src/ndppd.h -@@ -21,7 +21,7 @@ - #define NDPPD_NS_BEGIN namespace ndppd { - #define NDPPD_NS_END } - --#define NDPPD_VERSION "0.2.4" -+#define NDPPD_VERSION "0.2.5-vyos" - - #include <assert.h> - --- -2.34.1 - diff --git a/packages/net-snmp/.gitignore b/packages/net-snmp/.gitignore deleted file mode 100644 index 3f41bbac..00000000 --- a/packages/net-snmp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -net-snmp/ diff --git a/packages/net-snmp/Jenkinsfile b/packages/net-snmp/Jenkinsfile deleted file mode 100644 index 7cfcdfaa..00000000 --- a/packages/net-snmp/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@circinus')_ - -def pkgList = [ - ['name': 'net-snmp', - 'scmCommit': 'debian/5.9.4+dfsg-1', - 'scmUrl': 'https://salsa.debian.org/debian/net-snmp', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('net-snmp', pkgList, null, true, "**/packages/net-snmp/**") diff --git a/packages/net-snmp/build.sh b/packages/net-snmp/build.sh deleted file mode 100755 index ebaeb6eb..00000000 --- a/packages/net-snmp/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=net-snmp - -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - echo "I: Apply SNMP patches not in main repository:" - for patch in $(ls ${PATCH_DIR}) - do - cp ${PATCH_DIR}/${patch} debian/patches - echo ${patch} >> debian/patches/series - done -fi - -echo "I: Build Debian net-snmp Package" -# We need "|| true" to fix an issue wioth the make system -#make[2]: Leaving directory '/vyos/vyos-build/packages/net-snmp/net-snmp/snmplib' -#making clean in /vyos/vyos-build/packages/net-snmp/net-snmp/agent -#make[2]: Entering directory '/vyos/vyos-build/packages/net-snmp/net-snmp/agent' -#make[2]: *** No rule to make target 'clean'. Stop. -dpkg-buildpackage -us -uc -tc -b || true diff --git a/packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch b/packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch deleted file mode 100644 index b6dcd77a..00000000 --- a/packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch +++ /dev/null @@ -1,119 +0,0 @@ -From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001 -From: Philippe Troin <phil+github-commits@fifi.org> -Date: Sat, 3 Feb 2024 10:30:30 -0800 -Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp - -Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp. -This breaks the hard-coded assumptions about the Ip line length. -Add compatibility to parse Linux 6.7 Ip header while keep support -for previous versions. ---- - .../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++---- - 1 file changed, 37 insertions(+), 9 deletions(-) - -diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c -index 49e0a34d5c..f04e828a94 100644 ---- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c -+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c -@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void) - } - - /* -- /proc/net/snmp -+ /proc/net/snmp - Linux 6.6 and lower - - Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates - Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0 -@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void) - - Udp: InDatagrams NoPorts InErrors OutDatagrams - Udp: 1491094 122 0 1466178 -+* -+ /proc/net/snmp - Linux 6.7 and higher -+ -+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits -+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424 -+ -+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps -+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0 -+ -+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11 -+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484 -+ -+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors -+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0 -+ -+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors -+ Udp: 2257832 1422 0 2252835 0 0 0 84 0 -+ -+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors -+ UdpLite: 0 0 0 0 0 0 0 0 0 - */ - - -@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - FILE *devin; - char line[1024]; - netsnmp_systemstats_entry *entry = NULL; -- int scan_count; -+ int scan_count, expected_scan_count; - char *stats, *start = line; - int len; -- unsigned long long scan_vals[19]; -+ unsigned long long scan_vals[20]; - - DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n", - load_flags)); -@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - */ - NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin)); - len = strlen(line); -- if (224 != len) { -+ switch (len) { -+ case 224: -+ expected_scan_count = 19; -+ break; -+ case 237: -+ expected_scan_count = 20; -+ break; -+ default: - fclose(devin); - snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp." -- " %d != 224\n", len); -+ " %d not in { 224, 237 } \n", len); - return -4; - } - -@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - memset(scan_vals, 0x0, sizeof(scan_vals)); - scan_count = sscanf(stats, - "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu" -- "%llu %llu %llu %llu %llu %llu %llu %llu %llu", -+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", - &scan_vals[0],&scan_vals[1],&scan_vals[2], - &scan_vals[3],&scan_vals[4],&scan_vals[5], - &scan_vals[6],&scan_vals[7],&scan_vals[8], - &scan_vals[9],&scan_vals[10],&scan_vals[11], - &scan_vals[12],&scan_vals[13],&scan_vals[14], - &scan_vals[15],&scan_vals[16],&scan_vals[17], -- &scan_vals[18]); -+ &scan_vals[18],&scan_vals[19]); - DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count)); - -- if(scan_count != 19) { -+ if(scan_count != expected_scan_count) { - snmp_log(LOG_ERR, - "error scanning systemstats data (expected %d, got %d)\n", -- 19, scan_count); -+ expected_scan_count, scan_count); - netsnmp_access_systemstats_entry_free(entry); - return -4; - } -@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - entry->stats.HCOutFragFails.high = scan_vals[17] >> 32; - entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff; - entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32; -+ /* entry->stats. = scan_vals[19]; / * OutTransmits */ - - entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1; - entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1; diff --git a/packages/netfilter/.gitignore b/packages/netfilter/.gitignore deleted file mode 100644 index 8518afb9..00000000 --- a/packages/netfilter/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/pkg-libnftnl/ -/pkg-nftables/ - diff --git a/packages/netfilter/Jenkinsfile b/packages/netfilter/Jenkinsfile deleted file mode 100644 index 45fc6ed8..00000000 --- a/packages/netfilter/Jenkinsfile +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - // libnftnl - ['name': 'pkg-libnftnl', - 'scmCommit': 'debian/1.2.6-2', - 'scmUrl': 'https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], - - // nftables - ['name': 'pkg-nftables', - 'scmCommit': 'debian/1.0.9-1', - 'scmUrl': 'https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git', - 'buildCmd': '''sudo dpkg -i ../libnftnl*.deb; - sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; - ../build.py'''], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('Netfilter', pkgList, null, true) diff --git a/packages/netfilter/build.py b/packages/netfilter/build.py deleted file mode 100755 index 2851a679..00000000 --- a/packages/netfilter/build.py +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - package_dir: str = Path.cwd().name - current_dir: str = Path.cwd().as_posix() - patches_dir = Path(f'../patches/{package_dir}') - patches_dir_dst = Path(f'{current_dir}/debian/patches') - if not patches_dir_dst.exists(): - patches_dir_dst.mkdir(parents = True) - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - series_file = Path(f'{patches_dir_dst.as_posix()}/series') - if series_file.exists(): - series_data: str = series_file.read_text() - else: - - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{patches_dir_dst.as_posix()}') - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() - diff --git a/packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch b/packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch deleted file mode 100644 index dd466f1a..00000000 --- a/packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch +++ /dev/null @@ -1,118 +0,0 @@ -From d392ddf243dcbf8a34726c777d2c669b1e8bfa85 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Thu, 2 Nov 2023 15:34:13 +0100 -Subject: meta: fix hour decoding when timezone offset is negative - -Brian Davidson says: - - meta hour rules don't display properly after being created when the - hour is on or after 00:00 UTC. The netlink debug looks correct for - seconds past midnight UTC, but displaying the rules looks like an - overflow or a byte order problem. I am in UTC-0400, so today, 20:00 - and later exhibits the problem, while 19:00 and earlier hours are - fine. - -meta.c only ever worked when the delta to UTC is positive. -We need to add in case the second counter turns negative after -offset adjustment. - -Also add a test case for this. - -Fixes: f8f32deda31d ("meta: Introduce new conditions 'time', 'day' and 'hour'") -Reported-by: Brian Davidson <davidson.brian@gmail.com> -Signed-off-by: Florian Westphal <fw@strlen.de> ---- - src/meta.c | 11 ++++- - .../shell/testcases/listing/dumps/meta_time.nodump | 0 - tests/shell/testcases/listing/meta_time | 52 ++++++++++++++++++++++ - 3 files changed, 61 insertions(+), 2 deletions(-) - create mode 100644 tests/shell/testcases/listing/dumps/meta_time.nodump - create mode 100755 tests/shell/testcases/listing/meta_time - -diff --git a/src/meta.c b/src/meta.c -index b578d5e2..7846aefe 100644 ---- a/src/meta.c -+++ b/src/meta.c -@@ -495,9 +495,16 @@ static void hour_type_print(const struct expr *expr, struct output_ctx *octx) - - /* Obtain current tm, so that we can add tm_gmtoff */ - ts = time(NULL); -- if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm)) -- seconds = (seconds + cur_tm.tm_gmtoff) % SECONDS_PER_DAY; -+ if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm)) { -+ int32_t adj = seconds + cur_tm.tm_gmtoff; - -+ if (adj < 0) -+ adj += SECONDS_PER_DAY; -+ else if (adj >= SECONDS_PER_DAY) -+ adj -= SECONDS_PER_DAY; -+ -+ seconds = adj; -+ } - minutes = seconds / 60; - seconds %= 60; - hours = minutes / 60; -diff --git a/tests/shell/testcases/listing/dumps/meta_time.nodump b/tests/shell/testcases/listing/dumps/meta_time.nodump -new file mode 100644 -index 00000000..e69de29b -diff --git a/tests/shell/testcases/listing/meta_time b/tests/shell/testcases/listing/meta_time -new file mode 100755 -index 00000000..a9761998 ---- /dev/null -+++ b/tests/shell/testcases/listing/meta_time -@@ -0,0 +1,52 @@ -+#!/bin/bash -+ -+set -e -+ -+TMP1=$(mktemp) -+TMP2=$(mktemp) -+ -+cleanup() -+{ -+ rm -f "$TMP1" -+ rm -f "$TMP2" -+} -+ -+check_decode() -+{ -+ TZ=$1 $NFT list chain t c | grep meta > "$TMP2" -+ diff -u "$TMP1" "$TMP2" -+} -+ -+trap cleanup EXIT -+ -+$NFT -f - <<EOF -+table t { -+ chain c { -+ } -+} -+EOF -+ -+for i in $(seq -w 0 23); do -+ TZ=UTC $NFT add rule t c meta hour "$i:00"-"$i:59" -+done -+ -+# Check decoding in UTC, this mirrors 1:1 what should have been added. -+for i in $(seq 0 23); do -+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1" -+done -+ -+check_decode UTC -+ -+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 23 0 23 59 > "$TMP1" -+for i in $(seq 0 22); do -+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1" -+done -+check_decode UTC+1 -+ -+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 1 0 1 59 > "$TMP1" -+for i in $(seq 2 23); do -+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1" -+done -+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 0 0 0 59 >> "$TMP1" -+ -+check_decode UTC-1 --- -cgit v1.2.3 - diff --git a/packages/opennhrp/.gitignore b/packages/opennhrp/.gitignore deleted file mode 100644 index cc02948b..00000000 --- a/packages/opennhrp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -opennhrp/ diff --git a/packages/opennhrp/Jenkinsfile b/packages/opennhrp/Jenkinsfile deleted file mode 100644 index 637bcecb..00000000 --- a/packages/opennhrp/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'opennhrp', - 'scmCommit': '613277f', - 'scmUrl': 'https://git.code.sf.net/p/opennhrp/code', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('opennhrp', pkgList, null, true, "**/packages/opennhrp/**") diff --git a/packages/opennhrp/build.sh b/packages/opennhrp/build.sh deleted file mode 100755 index e12d4765..00000000 --- a/packages/opennhrp/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -SRC=opennhrp -if [ ! -d $SRC ]; then - echo "source directory $SRC does not exist!" - echo "$ git clone https://git.code.sf.net/p/opennhrp/code opennhrp" - exit 1 -fi -cd $SRC - -INSTALL_DIR=debian -if [ -d $INSTALL_DIR ]; then - rm -rf $INSTALL_DIR -fi - -make clean -make - -install --directory debian/etc debian/usr/sbin -install --mode 0644 etc/racoon-ph1dead.sh debian/etc -install --mode 0644 etc/racoon-ph1down.sh debian/etc -install --strip --mode 0755 nhrp/opennhrp debian/usr/sbin -install --strip --mode 0755 nhrp/opennhrpctl debian/usr/sbin - -# Version' field value 'v0.14-20-g613277f': version number does not start with digit -# "cut" first character from version string -fpm --input-type dir --output-type deb --name opennhrp \ - --version $(git describe --always | cut -c2-) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "NBMA Next Hop Resolution Protocol daemon" \ - --license "MIT" -C $INSTALL_DIR --package .. diff --git a/packages/openvpn-otp/.gitignore b/packages/openvpn-otp/.gitignore deleted file mode 100644 index 91d40208..00000000 --- a/packages/openvpn-otp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -openvpn-otp/ diff --git a/packages/openvpn-otp/Jenkinsfile b/packages/openvpn-otp/Jenkinsfile deleted file mode 100644 index 9e0de629..00000000 --- a/packages/openvpn-otp/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'openvpn-otp', - 'scmCommit': 'master', - 'scmUrl': 'https://github.com/evgeny-gridasov/openvpn-otp', - 'buildCmd': 'cd ..; ./build-openvpn-otp.sh'], -] -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('openvpn-otp', pkgList, null, true, "**/packages/openvpn-otp/**") diff --git a/packages/openvpn-otp/build-openvpn-otp.sh b/packages/openvpn-otp/build-openvpn-otp.sh deleted file mode 100755 index 6870db64..00000000 --- a/packages/openvpn-otp/build-openvpn-otp.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -set -e -CWD=$(pwd) -SRC=openvpn-otp - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -for pkt in debhelper libssl-dev openvpn -do - dpkg -s $pkt 2>&1 >/dev/null - if [ $? -ne 0 ]; then - echo "Package $pkt not installed - required" - exit 1 - fi -done - -# Build instructions as per https://github.com/evgeny-gridasov/openvpn-otp/blob/master/README.md -cd ${SRC} -./autogen.sh -./configure --prefix=/usr -make - -# install -mkdir -p usr/lib/openvpn -cp src/.libs/openvpn-otp.so usr/lib/openvpn - -fpm --input-type dir --output-type deb --name openvpn-otp \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "OpenVPN OTP Authentication support." \ - --depends openvpn --architecture $(dpkg --print-architecture) \ - --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr - -cp *.deb ${CWD} diff --git a/packages/owamp/.gitignore b/packages/owamp/.gitignore deleted file mode 100644 index 0826a5ef..00000000 --- a/packages/owamp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -owamp/ diff --git a/packages/owamp/Jenkinsfile b/packages/owamp/Jenkinsfile deleted file mode 100644 index 995c8c4c..00000000 --- a/packages/owamp/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2022 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'owamp', - 'scmCommit': 'v4.4.6', - 'scmUrl': 'https://github.com/perfsonar/owamp', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('owamp', pkgList, null, true, "**/packages/owamp/**") diff --git a/packages/owamp/build.sh b/packages/owamp/build.sh deleted file mode 100755 index 8c99f02d..00000000 --- a/packages/owamp/build.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -x -CWD=$(pwd) -set -e - -SRC=owamp - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -echo "I: Retrieve version information from Git" -# Build owamp-client owamp-server twamp-client twamp-server -echo "I: Build VyOS owamp Packages" -dpkg-buildpackage -us -uc -tc -b diff --git a/packages/pam_tacplus/.gitignore b/packages/pam_tacplus/.gitignore deleted file mode 100644 index 4c18b4a2..00000000 --- a/packages/pam_tacplus/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -pam_tacplus/ -pam_tacplus-debian/ diff --git a/packages/pam_tacplus/Jenkinsfile b/packages/pam_tacplus/Jenkinsfile deleted file mode 100644 index 89a5d529..00000000 --- a/packages/pam_tacplus/Jenkinsfile +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (C) 2022 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'pam_tacplus-debian', - 'scmCommit': '50c6fd7', - 'scmUrl': 'https://github.com/kravietz/pam_tacplus-debian', - 'buildCmd': '/bin/true'], - ['name': 'pam_tacplus', - 'scmCommit': '4f91b0d', - 'scmUrl': 'https://github.com/kravietz/pam_tacplus', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('pam_tacplus', pkgList, null, true, "**/packages/pam_tacplus/**") diff --git a/packages/pam_tacplus/build.sh b/packages/pam_tacplus/build.sh deleted file mode 100755 index 2aa69014..00000000 --- a/packages/pam_tacplus/build.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=pam_tacplus -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -cp -a ../pam_tacplus-debian debian -rm -f debian/compat - -sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/pmacct/.gitignore b/packages/pmacct/.gitignore deleted file mode 100644 index c2274717..00000000 --- a/packages/pmacct/.gitignore +++ /dev/null @@ -1 +0,0 @@ -pmacct/ diff --git a/packages/pmacct/Jenkinsfile b/packages/pmacct/Jenkinsfile deleted file mode 100644 index 19af2c9b..00000000 --- a/packages/pmacct/Jenkinsfile +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def package_name = 'pmacct' -// "sudo apt-get remove git -y" is necessary for solving this issue https://vyos.dev/T5663 -def pkgList = [ - ['name': "${package_name}", - 'scmCommit': 'debian/1.7.7-1', - 'scmUrl': 'https://salsa.debian.org/debian/pmacct.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get remove git -y; ../build.py'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage("${package_name}", pkgList, null, true, "**/packages/pmacct/**") diff --git a/packages/pmacct/build.py b/packages/pmacct/build.py deleted file mode 100755 index 0f666392..00000000 --- a/packages/pmacct/build.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - patches_dir = Path('../patches') - current_dir: str = Path.cwd().as_posix() - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - series_file = Path(f'{current_dir}/debian/patches/series') - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{current_dir}/debian/patches/') - if series_file.exists(): - series_data: str = series_file.read_text() - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() diff --git a/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch b/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch deleted file mode 100644 index cb5f7399..00000000 --- a/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001 -From: Paolo Lucente <pl+github@pmacct.net> -Date: Fri, 4 Mar 2022 22:07:29 +0000 -Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed - and 'flows' primitive was enabled. To address Issue #586 - ---- - src/nl.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/nl.c b/src/nl.c -index c42689ed..6a3da94b 100644 ---- a/src/nl.c -+++ b/src/nl.c -@@ -1,6 +1,6 @@ - /* - pmacct (Promiscuous mode IP Accounting package) -- pmacct is Copyright (C) 2003-2021 by Paolo Lucente -+ pmacct is Copyright (C) 2003-2022 by Paolo Lucente - */ - - /* -@@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs) - } - } - else { -- if (pptrs->l4_proto != IPPROTO_ICMP) { -- pptrs->tlh_ptr = dummy_tlhdr; -- } -- -+ pptrs->tlh_ptr = dummy_tlhdr; - if (off < caplen) pptrs->payload_ptr = ptr; - } - -@@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs) - } - } - else { -- if (pptrs->l4_proto != IPPROTO_ICMPV6) { -- pptrs->tlh_ptr = dummy_tlhdr; -- } -- -+ pptrs->tlh_ptr = dummy_tlhdr; - if (off < caplen) pptrs->payload_ptr = ptr; - } - --- -2.34.1 - diff --git a/packages/podman/.gitignore b/packages/podman/.gitignore deleted file mode 100644 index 1055abad..00000000 --- a/packages/podman/.gitignore +++ /dev/null @@ -1 +0,0 @@ -podman/ diff --git a/packages/podman/Jenkinsfile b/packages/podman/Jenkinsfile deleted file mode 100644 index cc787565..00000000 --- a/packages/podman/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'podman', - 'scmCommit': 'v4.9.5', - 'scmUrl': 'https://github.com/containers/podman', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('podman', pkgList, null, true, "**/packages/podman/**") diff --git a/packages/podman/build.sh b/packages/podman/build.sh deleted file mode 100755 index 251f8a48..00000000 --- a/packages/podman/build.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -export PATH=/opt/go/bin:$PATH - -SRC=podman -if [ ! -d $SRC ]; then - echo "source directory $SRC does not exist!" - exit 1 -fi - -sudo apt-get install -y libseccomp-dev libgpgme-dev - -cd $SRC - -echo "I: installing dependencies" -make install.tools -echo "I: building podman" -make podman-release - -tar xf podman-release-$(dpkg --print-architecture).tar.gz -# retrieve version number from podman archive folder: podman-v4.9.5/ -# remove leading podman string -VERSION=$(ls -d podman-v* | cut -c9-) - -fpm --input-type dir --output-type deb --name podman \ - --version $VERSION --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Engine to run OCI-based containers in Pods" \ - --depends conmon --depends crun --depends netavark --depends libgpgme11 \ - --depends fuse-overlayfs --depends golang-github-containers-common \ - --license "Apache License 2.0" -C podman-v$VERSION --package .. - diff --git a/packages/pyhumps/.gitignore b/packages/pyhumps/.gitignore deleted file mode 100644 index 0cf480fa..00000000 --- a/packages/pyhumps/.gitignore +++ /dev/null @@ -1 +0,0 @@ -humps/ diff --git a/packages/pyhumps/Jenkinsfile b/packages/pyhumps/Jenkinsfile deleted file mode 100644 index 523ffdde..00000000 --- a/packages/pyhumps/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2022 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'humps', - 'scmCommit': 'v3.8.0', - 'scmUrl': 'https://github.com/nficano/humps.git', - 'buildCmd': 'python setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb ..'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('humps', pkgList, null, false, "**/packages/pyhumps/**") diff --git a/packages/radvd/.gitignore b/packages/radvd/.gitignore deleted file mode 100644 index 142acc2d..00000000 --- a/packages/radvd/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -radvd/ -*.deb diff --git a/packages/radvd/Jenkinsfile b/packages/radvd/Jenkinsfile deleted file mode 100644 index 6b4f4a0b..00000000 --- a/packages/radvd/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'radvd', - 'scmCommit': 'f2de4764559', - 'scmUrl': 'https://github.com/radvd-project/radvd', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('radvd', pkgList, null, true, "**/packages/radvd/**") diff --git a/packages/radvd/build.sh b/packages/radvd/build.sh deleted file mode 100755 index 36057e27..00000000 --- a/packages/radvd/build.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -SRC=radvd -if [ ! -d $SRC ]; then - echo "source directory $SRC does not exist!" - echo "$ git clone https://github.com/radvd-project/radvd" - exit 1 -fi -cd $SRC - -INSTALL_DIR=debian -if [ -d $INSTALL_DIR ]; then - rm -rf $INSTALL_DIR -fi - -./autogen.sh -./configure -make - -install --directory debian/lib/systemd/system debian/usr/sbin -install --mode 0644 radvd.service debian/lib/systemd/system -install --strip --mode 0755 radvd debian/usr/sbin - -# Version' field value 'v0.14-20-g613277f': version number does not start with digit -# "cut" first character from version string -fpm --input-type dir --output-type deb --name radvd \ - --version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "RADVD router advertisement daemon" \ - --license "RADVD" -C $INSTALL_DIR --package .. diff --git a/packages/strongswan/.gitignore b/packages/strongswan/.gitignore deleted file mode 100644 index c6b0d6f0..00000000 --- a/packages/strongswan/.gitignore +++ /dev/null @@ -1 +0,0 @@ -strongswan/ diff --git a/packages/strongswan/Jenkinsfile b/packages/strongswan/Jenkinsfile deleted file mode 100644 index d79941d7..00000000 --- a/packages/strongswan/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2021-2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'strongswan', - 'scmCommit': 'debian/5.9.11-2', - 'scmUrl': 'https://salsa.debian.org/debian/strongswan.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('strongswan', pkgList, null, true, "**/packages/strongswan/**") diff --git a/packages/strongswan/build.sh b/packages/strongswan/build.sh deleted file mode 100755 index c0dab4d5..00000000 --- a/packages/strongswan/build.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -# extracted build dependencies, as autogenerationg and installing them will fail :/ -sudo apt-get install -y bison \ - bzip2 \ - debhelper-compat \ - dh-apparmor \ - dpkg-dev \ - flex \ - gperf \ - libiptc-dev \ - libcap-dev \ - libcurl3-dev \ - libgcrypt20-dev \ - libgmp3-dev \ - libkrb5-dev \ - libldap2-dev \ - libnm-dev \ - libpam0g-dev \ - libsqlite3-dev \ - libssl-dev \ - libsystemd-dev \ - libtool \ - libtss2-dev \ - libxml2-dev \ - pkg-config \ - po-debconf \ - systemd \ - libsystemd-dev \ - tzdata - -SRC=strongswan -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series - done -fi - -cd ${SRC} - -echo "I: bump version" -dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch b/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch deleted file mode 100644 index ceb47350..00000000 --- a/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch +++ /dev/null @@ -1,579 +0,0 @@ -From db627ec8a8e72bc6b23dc8ab00f4e6b4f448d01c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:41:58 +0300 -Subject: [PATCH 1/3] charon: add optional source and remote overrides for - initiate -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This introduces support for specifying optional IKE SA specific -source and remote address for child sa initiation. This allows -to initiate wildcard connection for known address via vici. - -In addition this allows impler implementation of trap-any patches -and is a prerequisite for dmvpn support. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/charon-cmd/cmd/cmd_connection.c | 2 +- - src/libcharon/control/controller.c | 42 +++++++++++- - src/libcharon/control/controller.h | 3 + - src/libcharon/plugins/stroke/stroke_control.c | 5 +- - src/libcharon/plugins/vici/vici_config.c | 2 +- - src/libcharon/plugins/vici/vici_control.c | 64 ++++++++++++++++--- - .../processing/jobs/start_action_job.c | 2 +- - src/libcharon/sa/ike_sa_manager.c | 50 ++++++++++++++- - src/libcharon/sa/ike_sa_manager.h | 8 ++- - src/libcharon/sa/trap_manager.c | 44 +++++-------- - src/swanctl/commands/initiate.c | 40 +++++++++++- - 11 files changed, 215 insertions(+), 47 deletions(-) - -diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c -index 2e2cb3c..b9369a8 100644 ---- a/src/charon-cmd/cmd/cmd_connection.c -+++ b/src/charon-cmd/cmd/cmd_connection.c -@@ -439,7 +439,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) - child_cfg = create_child_cfg(this, peer_cfg); - - if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS) -+ NULL, NULL, controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS) - { - terminate(pid); - } -diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c -index 027f48e..4ce8616 100644 ---- a/src/libcharon/control/controller.c -+++ b/src/libcharon/control/controller.c -@@ -15,6 +15,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include "controller.h" - - #include <sys/types.h> -@@ -107,6 +129,16 @@ struct interface_listener_t { - */ - ike_sa_t *ike_sa; - -+ /** -+ * Our host hint. -+ */ -+ host_t *my_host; -+ -+ /** -+ * Other host hint. -+ */ -+ host_t *other_host; -+ - /** - * unique ID, used for various methods - */ -@@ -417,10 +449,15 @@ METHOD(job_t, initiate_execute, job_requeue_t, - ike_sa_t *ike_sa; - interface_listener_t *listener = &job->listener; - peer_cfg_t *peer_cfg = listener->peer_cfg; -+ host_t *my_host = listener->my_host; -+ host_t *other_host = listener->other_host; - - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, -- peer_cfg); -+ peer_cfg, my_host, other_host); - peer_cfg->destroy(peer_cfg); -+ DESTROY_IF(my_host); -+ DESTROY_IF(other_host); -+ - if (!ike_sa) - { - DESTROY_IF(listener->child_cfg); -@@ -499,6 +536,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, - - METHOD(controller_t, initiate, status_t, - private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, -+ host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, level_t max_level, u_int timeout, - bool limits) - { -@@ -523,6 +561,8 @@ METHOD(controller_t, initiate, status_t, - .status = FAILED, - .child_cfg = child_cfg, - .peer_cfg = peer_cfg, -+ .my_host = my_host ? my_host->clone(my_host) : NULL, -+ .other_host = other_host ? other_host->clone(other_host) : NULL, - .lock = spinlock_create(), - .options.limits = limits, - }, -diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h -index 36a1d46..a130fbb 100644 ---- a/src/libcharon/control/controller.h -+++ b/src/libcharon/control/controller.h -@@ -81,6 +81,8 @@ struct controller_t { - * - * @param peer_cfg peer_cfg to use for IKE_SA setup - * @param child_cfg optional child_cfg to set up CHILD_SA from -+ * @param my_host optional address hint for source -+ * @param other_host optional address hint for destination - * @param cb logging callback - * @param param parameter to include in each call of cb - * @param max_level maximum log level for which cb is invoked -@@ -95,6 +97,7 @@ struct controller_t { - */ - status_t (*initiate)(controller_t *this, - peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, -+ host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, - level_t max_level, u_int timeout, bool limits); - -diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c -index 2824c93..21ff6b3 100644 ---- a/src/libcharon/plugins/stroke/stroke_control.c -+++ b/src/libcharon/plugins/stroke/stroke_control.c -@@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg - if (msg->output_verbosity < 0) - { - charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- NULL, NULL, 0, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, 0, FALSE); - } - else - { -@@ -117,7 +117,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg - status_t status; - - status = charon->controller->initiate(charon->controller, -- peer_cfg, child_cfg, (controller_cb_t)stroke_log, -+ peer_cfg, child_cfg, NULL, NULL, -+ (controller_cb_t)stroke_log, - &info, msg->output_verbosity, this->timeout, FALSE); - switch (status) - { -diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 5221225..b1486e3 100644 ---- a/src/libcharon/plugins/vici/vici_config.c -+++ b/src/libcharon/plugins/vici/vici_config.c -@@ -2252,7 +2252,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, - DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), -- NULL, NULL, 0, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, 0, FALSE); - } - } - -diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c -index 1c236d2..811d8db 100644 ---- a/src/libcharon/plugins/vici/vici_control.c -+++ b/src/libcharon/plugins/vici/vici_control.c -@@ -15,6 +15,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include "vici_control.h" - #include "vici_builder.h" - -@@ -173,9 +195,11 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out) - CALLBACK(initiate, vici_message_t*, - private_vici_control_t *this, char *name, u_int id, vici_message_t *request) - { -+ vici_message_t* msg; - peer_cfg_t *peer_cfg = NULL; - child_cfg_t *child_cfg; -- char *child, *ike, *type, *sa; -+ host_t *my_host = NULL, *other_host = NULL; -+ char *child, *ike, *type, *sa, *my_host_str, *other_host_str; - int timeout; - bool limits; - controller_cb_t log_cb = NULL; -@@ -189,6 +213,8 @@ CALLBACK(initiate, vici_message_t*, - timeout = request->get_int(request, 0, "timeout"); - limits = request->get_bool(request, FALSE, "init-limits"); - log.level = request->get_int(request, 1, "loglevel"); -+ my_host_str = request->get_str(request, NULL, "my-host"); -+ other_host_str = request->get_str(request, NULL, "other-host"); - - if (!child && !ike) - { -@@ -199,31 +225,52 @@ CALLBACK(initiate, vici_message_t*, - log_cb = (controller_cb_t)log_vici; - } - -+ if (my_host_str) -+ { -+ my_host = host_create_from_string(my_host_str, 0); -+ } -+ if (other_host_str) -+ { -+ other_host = host_create_from_string(other_host_str, 0); -+ } -+ -+ - type = child ? "CHILD_SA" : "IKE_SA"; - sa = child ?: ike; - - child_cfg = find_child_cfg(child, ike, &peer_cfg); - -- DBG1(DBG_CFG, "vici initiate %s '%s'", type, sa); -+ DBG1(DBG_CFG, "vici initiate %s '%s', me %H, other %H, limits %d", type, sa, my_host, other_host, limits); - if (!peer_cfg) - { -- return send_reply(this, "%s config '%s' not found", type, sa); -+ msg = send_reply(this, "%s config '%s' not found", type, sa); -+ goto ret; - } -- switch (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- log_cb, &log, log.level, timeout, limits)) -+ switch (charon->controller->initiate(charon->controller, -+ peer_cfg, child_cfg, -+ my_host, other_host, -+ log_cb, &log, log.level, timeout, limits)) - { - case SUCCESS: -- return send_reply(this, NULL); -+ msg = send_reply(this, NULL); -+ break; - case OUT_OF_RES: -- return send_reply(this, "%s '%s' not established after %dms", type, -+ msg = send_reply(this, "%s '%s' not established after %dms", type, - sa, timeout); -+ break; - case INVALID_STATE: -- return send_reply(this, "establishing %s '%s' not possible at the " -+ msg = send_reply(this, "establishing %s '%s' not possible at the " - "moment due to limits", type, sa); -+ break; - case FAILED: - default: -- return send_reply(this, "establishing %s '%s' failed", type, sa); -+ msg = send_reply(this, "establishing %s '%s' failed", type, sa); -+ break; - } -+ret: -+ if (my_host) my_host->destroy(my_host); -+ if (other_host) other_host->destroy(other_host); -+ return msg; - } - - /** -diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c -index 122e5ce..dec458c 100644 ---- a/src/libcharon/processing/jobs/start_action_job.c -+++ b/src/libcharon/processing/jobs/start_action_job.c -@@ -84,7 +84,7 @@ METHOD(job_t, execute, job_requeue_t, - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), - child_cfg->get_ref(child_cfg), -- NULL, NULL, 0, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, 0, FALSE); - } - } - children->destroy(children); -diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index fc31c2a..51e28bc 100644 ---- a/src/libcharon/sa/ike_sa_manager.c -+++ b/src/libcharon/sa/ike_sa_manager.c -@@ -16,6 +16,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include <string.h> - #include <inttypes.h> - -@@ -1497,7 +1519,8 @@ typedef struct { - } config_entry_t; - - METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, -- private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg) -+ private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg, -+ host_t *my_host, host_t *other_host) - { - enumerator_t *enumerator; - entry_t *entry; -@@ -1508,7 +1531,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - u_int segment; - int i; - -- DBG2(DBG_MGR, "checkout IKE_SA by config"); -+ if (my_host && my_host->get_port(my_host) == 0) -+ { -+ my_host->set_port(my_host, IKEV2_UDP_PORT); -+ } -+ if (other_host && other_host->get_port(other_host) == 0) -+ { -+ other_host->set_port(other_host, IKEV2_UDP_PORT); -+ } -+ -+ DBG2(DBG_MGR, "checkout IKE_SA by config '%s', me %H, other %H", -+ peer_cfg->get_name(peer_cfg), my_host, other_host); - - if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1) - { /* IKE_SA reuse disabled by config (not possible for IKEv1) */ -@@ -1566,6 +1599,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - continue; - } - -+ if (my_host && !my_host->ip_equals(my_host, entry->ike_sa->get_my_host(entry->ike_sa))) -+ { -+ continue; -+ } -+ if (other_host && !other_host->ip_equals(other_host, entry->ike_sa->get_other_host(entry->ike_sa))) -+ { -+ continue; -+ } -+ - current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); - if (current_peer && current_peer->equals(current_peer, peer_cfg)) - { -@@ -1592,6 +1634,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - { - ike_sa->set_peer_cfg(ike_sa, peer_cfg); - checkout_new(this, ike_sa); -+ if (my_host || other_host) -+ { -+ ike_sa->update_hosts(ike_sa, my_host, other_host, TRUE); -+ } - } - } - charon->bus->set_sa(charon->bus, ike_sa); -diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h -index 004cc22..50f8246 100644 ---- a/src/libcharon/sa/ike_sa_manager.h -+++ b/src/libcharon/sa/ike_sa_manager.h -@@ -123,7 +123,8 @@ struct ike_sa_manager_t { - ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message); - - /** -- * Checkout an IKE_SA for initiation by a peer_config. -+ * Checkout an IKE_SA for initiation by a peer_config and optional -+ * source and remote host addresses. - * - * To initiate, a CHILD_SA may be established within an existing IKE_SA. - * This call checks for an existing IKE_SA by comparing the configuration. -@@ -136,9 +137,12 @@ struct ike_sa_manager_t { - * @note The peer_config is always set on the returned IKE_SA. - * - * @param peer_cfg configuration used to find an existing IKE_SA -+ * @param my_host source host address for wildcard peer_cfg -+ * @param other_host remote host address for wildcard peer_cfg - * @return checked out/created IKE_SA - */ -- ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg); -+ ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg, -+ host_t *my_host, host_t *other_host); - - /** - * Reset initiator SPI. -diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c -index d8d8a42..e7c906e 100644 ---- a/src/libcharon/sa/trap_manager.c -+++ b/src/libcharon/sa/trap_manager.c -@@ -523,7 +523,7 @@ METHOD(trap_manager_t, acquire, void, - peer_cfg_t *peer; - child_cfg_t *child; - ike_sa_t *ike_sa; -- host_t *host; -+ host_t *host, *my_host = NULL, *other_host = NULL; - bool wildcard, ignore = FALSE; - - this->lock->read_lock(this->lock); -@@ -600,37 +600,27 @@ METHOD(trap_manager_t, acquire, void, - this->lock->unlock(this->lock); - - if (wildcard) -- { /* the peer config would match IKE_SAs with other peers */ -- ike_sa = charon->ike_sa_manager->create_new(charon->ike_sa_manager, -- peer->get_ike_version(peer), TRUE); -- if (ike_sa) -- { -- ike_cfg_t *ike_cfg; -- uint16_t port; -- uint8_t mask; -- -- ike_sa->set_peer_cfg(ike_sa, peer); -- ike_cfg = ike_sa->get_ike_cfg(ike_sa); -- -- port = ike_cfg->get_other_port(ike_cfg); -- data->dst->to_subnet(data->dst, &host, &mask); -- host->set_port(host, port); -- ike_sa->set_other_host(ike_sa, host); -- -- port = ike_cfg->get_my_port(ike_cfg); -- data->src->to_subnet(data->src, &host, &mask); -- host->set_port(host, port); -- ike_sa->set_my_host(ike_sa, host); -- -- charon->bus->set_sa(charon->bus, ike_sa); -- } -- } -- else - { -- ike_sa = charon->ike_sa_manager->checkout_by_config( -- charon->ike_sa_manager, peer); -+ ike_cfg_t *ike_cfg; -+ uint16_t port; -+ uint8_t mask; -+ -+ ike_cfg = peer->get_ike_cfg(peer); -+ -+ port = ike_cfg->get_other_port(ike_cfg); -+ data->dst->to_subnet(data->dst, &other_host, &mask); -+ other_host->set_port(other_host, port); -+ -+ port = ike_cfg->get_my_port(ike_cfg); -+ data->src->to_subnet(data->src, &my_host, &mask); -+ my_host->set_port(my_host, port); - } -+ ike_sa = charon->ike_sa_manager->checkout_by_config( -+ charon->ike_sa_manager, peer, -+ my_host, other_host); - peer->destroy(peer); -+ DESTROY_IF(my_host); -+ DESTROY_IF(other_host); - - if (ike_sa) - { -diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c -index e0fffb9..dcaded5 100644 ---- a/src/swanctl/commands/initiate.c -+++ b/src/swanctl/commands/initiate.c -@@ -14,6 +14,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include "command.h" - - #include <errno.h> -@@ -38,7 +60,7 @@ static int initiate(vici_conn_t *conn) - vici_req_t *req; - vici_res_t *res; - command_format_options_t format = COMMAND_FORMAT_NONE; -- char *arg, *child = NULL, *ike = NULL; -+ char *arg, *child = NULL, *ike = NULL, *my_host = NULL, *other_host = NULL; - int ret = 0, timeout = 0, level = 1; - - while (TRUE) -@@ -65,6 +87,12 @@ static int initiate(vici_conn_t *conn) - case 'l': - level = atoi(arg); - continue; -+ case 'S': -+ my_host = arg; -+ continue; -+ case 'R': -+ other_host = arg; -+ continue; - case EOF: - break; - default: -@@ -88,6 +116,14 @@ static int initiate(vici_conn_t *conn) - { - vici_add_key_valuef(req, "ike", "%s", ike); - } -+ if (my_host) -+ { -+ vici_add_key_valuef(req, "my-host", "%s", my_host); -+ } -+ if (other_host) -+ { -+ vici_add_key_valuef(req, "other-host", "%s", other_host); -+ } - if (timeout) - { - vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); -@@ -134,6 +170,8 @@ static void __attribute__ ((constructor))reg() - {"help", 'h', 0, "show usage information"}, - {"child", 'c', 1, "initiate a CHILD_SA configuration"}, - {"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"}, -+ {"source", 'S', 1, "override source address"}, -+ {"remote", 'R', 1, "override remote address"}, - {"timeout", 't', 1, "timeout in seconds before detaching"}, - {"raw", 'r', 0, "dump raw response message"}, - {"pretty", 'P', 0, "dump raw response message in pretty print"}, diff --git a/packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch b/packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch deleted file mode 100644 index 13e657e9..00000000 --- a/packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 39d537b875e907c63a54d5de8ba6d2ea0ede4604 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:42:05 +0300 -Subject: [PATCH 2/3] vici: send certificates for ike-sa events -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/libcharon/plugins/vici/vici_query.c | 50 +++++++++++++++++++++---- - 1 file changed, 42 insertions(+), 8 deletions(-) - -diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index bacb7b101..19acc0789 100644 ---- a/src/libcharon/plugins/vici/vici_query.c -+++ b/src/libcharon/plugins/vici/vici_query.c -@@ -402,7 +402,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b, - * List details of an IKE_SA - */ - static void list_ike(private_vici_query_t *this, vici_builder_t *b, -- ike_sa_t *ike_sa, time_t now) -+ ike_sa_t *ike_sa, time_t now, bool add_certs) - { - time_t t; - ike_sa_id_t *id; -@@ -411,6 +411,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, - uint32_t if_id; - uint16_t alg, ks; - host_t *host; -+ auth_cfg_t *auth_cfg; -+ enumerator_t *enumerator; - - b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa)); - b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa)); -@@ -420,11 +422,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, - b->add_kv(b, "local-host", "%H", host); - b->add_kv(b, "local-port", "%d", host->get_port(host)); - b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa)); -+ if (add_certs) -+ { -+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE); -+ if (enumerator->enumerate(enumerator, &auth_cfg)) -+ { -+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT); -+ chunk_t encoding; -+ -+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) -+ { -+ b->add(b, VICI_KEY_VALUE, "local-cert-data", encoding); -+ free(encoding.ptr); -+ } -+ } -+ enumerator->destroy(enumerator); -+ } - - host = ike_sa->get_other_host(ike_sa); - b->add_kv(b, "remote-host", "%H", host); - b->add_kv(b, "remote-port", "%d", host->get_port(host)); - b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa)); -+ if (add_certs) -+ { -+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE); -+ if (enumerator->enumerate(enumerator, &auth_cfg)) -+ { -+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT); -+ chunk_t encoding; -+ -+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) -+ { -+ b->add(b, VICI_KEY_VALUE, "remote-cert-data", encoding); -+ free(encoding.ptr); -+ } -+ } -+ enumerator->destroy(enumerator); -+ } - - eap = ike_sa->get_other_eap_id(ike_sa); - -@@ -556,7 +590,7 @@ CALLBACK(list_sas, vici_message_t*, - b = vici_builder_create(); - b->begin_section(b, ike_sa->get_name(ike_sa)); - -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - - b->begin_section(b, "child-sas"); - csas = ike_sa->create_child_sa_enumerator(ike_sa); -@@ -1774,7 +1808,7 @@ METHOD(listener_t, ike_updown, bool, - } - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, up); - b->end_section(b); - - this->dispatcher->raise_event(this->dispatcher, -@@ -1799,10 +1833,10 @@ METHOD(listener_t, ike_rekey, bool, - b = vici_builder_create(); - b->begin_section(b, old->get_name(old)); - b->begin_section(b, "old"); -- list_ike(this, b, old, now); -+ list_ike(this, b, old, now, TRUE); - b->end_section(b); - b->begin_section(b, "new"); -- list_ike(this, b, new, now); -+ list_ike(this, b, new, now, TRUE); - b->end_section(b); - b->end_section(b); - -@@ -1833,7 +1867,7 @@ METHOD(listener_t, ike_update, bool, - b->add_kv(b, "remote-port", "%d", remote->get_port(remote)); - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - b->end_section(b); - - this->dispatcher->raise_event(this->dispatcher, -@@ -1863,7 +1897,7 @@ METHOD(listener_t, child_updown, bool, - } - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, up); - b->begin_section(b, "child-sas"); - - snprintf(buf, sizeof(buf), "%s-%u", child_sa->get_name(child_sa), -@@ -1898,7 +1932,7 @@ METHOD(listener_t, child_rekey, bool, - b = vici_builder_create(); - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - b->begin_section(b, "child-sas"); - - b->begin_section(b, old->get_name(old)); --- -2.38.1 - diff --git a/packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch b/packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch deleted file mode 100644 index 45aadc72..00000000 --- a/packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch +++ /dev/null @@ -1,159 +0,0 @@ -From df6b501ed29b838efde0f1cb1c906ab9befc7b45 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:42:11 +0300 -Subject: [PATCH 3/3] vici: add support for individual sa state changes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Useful for monitoring and tracking full SA. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/libcharon/plugins/vici/vici_query.c | 105 ++++++++++++++++++++++++ - 1 file changed, 105 insertions(+) - -diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index 19acc0789..e008885f7 100644 ---- a/src/libcharon/plugins/vici/vici_query.c -+++ b/src/libcharon/plugins/vici/vici_query.c -@@ -1774,8 +1774,16 @@ static void manage_commands(private_vici_query_t *this, bool reg) - this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg); - this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg); - this->dispatcher->manage_event(this->dispatcher, "ike-update", reg); -+ this->dispatcher->manage_event(this->dispatcher, "ike-state-established", reg); -+ this->dispatcher->manage_event(this->dispatcher, "ike-state-destroying", reg); - this->dispatcher->manage_event(this->dispatcher, "child-updown", reg); - this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-installing", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-installed", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-updating", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-rekeying", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-rekeyed", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-destroying", reg); - manage_command(this, "list-sas", list_sas, reg); - manage_command(this, "list-policies", list_policies, reg); - manage_command(this, "list-conns", list_conns, reg); -@@ -1876,6 +1884,45 @@ METHOD(listener_t, ike_update, bool, - return TRUE; - } - -+METHOD(listener_t, ike_state_change, bool, -+ private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) -+{ -+ char *event; -+ vici_builder_t *b; -+ time_t now; -+ -+ switch (state) -+ { -+ case IKE_ESTABLISHED: -+ event = "ike-state-established"; -+ break; -+ case IKE_DESTROYING: -+ event = "ike-state-destroying"; -+ break; -+ default: -+ return TRUE; -+ } -+ -+ if (!this->dispatcher->has_event_listeners(this->dispatcher, event)) -+ { -+ return TRUE; -+ } -+ -+ now = time_monotonic(NULL); -+ -+ b = vici_builder_create(); -+ b->begin_section(b, ike_sa->get_name(ike_sa)); -+ list_ike(this, b, ike_sa, now, state != IKE_DESTROYING); -+ b->begin_section(b, "child-sas"); -+ b->end_section(b); -+ b->end_section(b); -+ -+ this->dispatcher->raise_event(this->dispatcher, -+ event, 0, b->finalize(b)); -+ -+ return TRUE; -+} -+ - METHOD(listener_t, child_updown, bool, - private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) - { -@@ -1955,6 +2002,62 @@ METHOD(listener_t, child_rekey, bool, - return TRUE; - } - -+METHOD(listener_t, child_state_change, bool, -+ private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state) -+{ -+ char *event; -+ vici_builder_t *b; -+ time_t now; -+ -+ switch (state) -+ { -+ case CHILD_INSTALLING: -+ event = "child-state-installing"; -+ break; -+ case CHILD_INSTALLED: -+ event = "child-state-installed"; -+ break; -+ case CHILD_UPDATING: -+ event = "child-state-updating"; -+ break; -+ case CHILD_REKEYING: -+ event = "child-state-rekeying"; -+ break; -+ case CHILD_REKEYED: -+ event = "child-state-rekeyed"; -+ break; -+ case CHILD_DESTROYING: -+ event = "child-state-destroying"; -+ break; -+ default: -+ return TRUE; -+ } -+ -+ if (!this->dispatcher->has_event_listeners(this->dispatcher, event)) -+ { -+ return TRUE; -+ } -+ -+ now = time_monotonic(NULL); -+ -+ b = vici_builder_create(); -+ b->begin_section(b, ike_sa->get_name(ike_sa)); -+ list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING); -+ b->begin_section(b, "child-sas"); -+ -+ b->begin_section(b, child_sa->get_name(child_sa)); -+ list_child(this, b, child_sa, now); -+ b->end_section(b); -+ -+ b->end_section(b); -+ b->end_section(b); -+ -+ this->dispatcher->raise_event(this->dispatcher, -+ event, 0, b->finalize(b)); -+ -+ return TRUE; -+} -+ - METHOD(vici_query_t, destroy, void, - private_vici_query_t *this) - { -@@ -1975,8 +2078,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) - .ike_updown = _ike_updown, - .ike_rekey = _ike_rekey, - .ike_update = _ike_update, -+ .ike_state_change = _ike_state_change, - .child_updown = _child_updown, - .child_rekey = _child_rekey, -+ .child_state_change = _child_state_change, - }, - .destroy = _destroy, - }, --- -2.38.1 - diff --git a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch b/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch deleted file mode 100644 index 57a622e8..00000000 --- a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch +++ /dev/null @@ -1,115 +0,0 @@ -From ee6c0b3ff6e3df5c7aef628621e19a813ff308ed Mon Sep 17 00:00:00 2001 -From: Christian Poessinger <christian@poessinger.com> -Date: Tue, 27 Dec 2022 13:36:43 +0000 -Subject: [PATCH] VyOS: disable options enabled by Debian that are unused - -VyOS does not implement CLI options for all options exposed by Debian. - -The following options need to be disabled for the DMVPN patchset: - - mediation - - nm - -In addition we have no LED, LDAP and SQL configuration knows, thus we spare -the plugins. ---- - debian/libcharon-extra-plugins.install | 3 --- - debian/libstrongswan-extra-plugins.install | 3 --- - debian/rules | 11 ++++++++++- - debian/strongswan-nm.install | 2 -- - 4 files changed, 10 insertions(+), 9 deletions(-) - -diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install -index 94fbabd88..068708ecb 100644 ---- a/debian/libcharon-extra-plugins.install -+++ b/debian/libcharon-extra-plugins.install -@@ -13,7 +13,6 @@ usr/lib/ipsec/plugins/libstrongswan-error-notify.so - usr/lib/ipsec/plugins/libstrongswan-forecast.so - usr/lib/ipsec/plugins/libstrongswan-ha.so - usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so --usr/lib/ipsec/plugins/libstrongswan-led.so - usr/lib/ipsec/plugins/libstrongswan-lookip.so - #usr/lib/ipsec/plugins/libstrongswan-medsrv.so - #usr/lib/ipsec/plugins/libstrongswan-medcli.so -@@ -36,7 +35,6 @@ usr/share/strongswan/templates/config/plugins/error-notify.conf - usr/share/strongswan/templates/config/plugins/forecast.conf - usr/share/strongswan/templates/config/plugins/ha.conf - usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf --usr/share/strongswan/templates/config/plugins/led.conf - usr/share/strongswan/templates/config/plugins/lookip.conf - #usr/share/strongswan/templates/config/plugins/medsrv.conf - #usr/share/strongswan/templates/config/plugins/medcli.conf -@@ -60,7 +58,6 @@ etc/strongswan.d/charon/error-notify.conf - etc/strongswan.d/charon/forecast.conf - etc/strongswan.d/charon/ha.conf - etc/strongswan.d/charon/kernel-libipsec.conf --etc/strongswan.d/charon/led.conf - etc/strongswan.d/charon/lookip.conf - #etc/strongswan.d/charon/medsrv.conf - #etc/strongswan.d/charon/medcli.conf -diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install -index 2846e2155..00cd0a146 100644 ---- a/debian/libstrongswan-extra-plugins.install -+++ b/debian/libstrongswan-extra-plugins.install -@@ -8,7 +8,6 @@ usr/lib/ipsec/plugins/libstrongswan-ctr.so - usr/lib/ipsec/plugins/libstrongswan-curl.so - usr/lib/ipsec/plugins/libstrongswan-curve25519.so - usr/lib/ipsec/plugins/libstrongswan-gcrypt.so --usr/lib/ipsec/plugins/libstrongswan-ldap.so - usr/lib/ipsec/plugins/libstrongswan-pkcs11.so - usr/lib/ipsec/plugins/libstrongswan-test-vectors.so - usr/lib/ipsec/plugins/libstrongswan-tpm.so -@@ -20,7 +19,6 @@ usr/share/strongswan/templates/config/plugins/ctr.conf - usr/share/strongswan/templates/config/plugins/curl.conf - usr/share/strongswan/templates/config/plugins/curve25519.conf - usr/share/strongswan/templates/config/plugins/gcrypt.conf --usr/share/strongswan/templates/config/plugins/ldap.conf - usr/share/strongswan/templates/config/plugins/pkcs11.conf - usr/share/strongswan/templates/config/plugins/test-vectors.conf - usr/share/strongswan/templates/config/plugins/tpm.conf -@@ -31,7 +29,6 @@ etc/strongswan.d/charon/ctr.conf - etc/strongswan.d/charon/curl.conf - etc/strongswan.d/charon/curve25519.conf - etc/strongswan.d/charon/gcrypt.conf --etc/strongswan.d/charon/ldap.conf - etc/strongswan.d/charon/pkcs11.conf - etc/strongswan.d/charon/test-vectors.conf - etc/strongswan.d/charon/tpm.conf -diff --git a/debian/rules b/debian/rules -index 2fed1f10f..fa0d21a0c 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -3,6 +3,15 @@ export DEB_LDFLAGS_MAINT_APPEND=-Wl,-O1 - #export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs - export DEB_BUILD_MAINT_OPTIONS=hardening=+all - -+CONFIGUREARGS_VYOS := --disable-warnings \ -+ --disable-ldap \ -+ --disable-led \ -+ --disable-nm \ -+ --disable-mediation \ -+ --disable-mysql \ -+ --disable-sqlite \ -+ --disable-sql -+ - CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ - --enable-addrblock \ - --enable-agent \ -@@ -88,7 +97,7 @@ ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) - deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,) - - override_dh_auto_configure: -- dh_auto_configure -- $(CONFIGUREARGS) -+ dh_auto_configure -- $(CONFIGUREARGS) $(CONFIGUREARGS_VYOS) - - override_dh_auto_clean: - dh_auto_clean -diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install -index b0c05d94f..e69de29bb 100644 ---- a/debian/strongswan-nm.install -+++ b/debian/strongswan-nm.install -@@ -1,2 +0,0 @@ --usr/lib/ipsec/charon-nm --usr/share/dbus-1/system.d/nm-strongswan-service.conf --- -2.30.2 - diff --git a/packages/telegraf/.gitignore b/packages/telegraf/.gitignore deleted file mode 100644 index 7e284c4f..00000000 --- a/packages/telegraf/.gitignore +++ /dev/null @@ -1 +0,0 @@ -telegraf/ diff --git a/packages/telegraf/Jenkinsfile b/packages/telegraf/Jenkinsfile deleted file mode 100644 index 873d3842..00000000 --- a/packages/telegraf/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'telegraf', - 'scmCommit': 'v1.28.3', - 'scmUrl': 'https://github.com/influxdata/telegraf.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('telegraf', pkgList, null, false, "**/packages/telegraf/**") diff --git a/packages/telegraf/build.sh b/packages/telegraf/build.sh deleted file mode 100755 index 2ba511d0..00000000 --- a/packages/telegraf/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH) - -SRC=telegraf -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PLUGIN_DIR=${CWD}/plugins - -echo "I: Selecting Input plugins" -cp ${PLUGIN_DIR}/inputs/all/all.go ${SRC}/plugins/inputs/all/all.go - -echo "I: Selecting Output plugins" -cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go - -echo "I: Build Debian ${BUILD_ARCH} package" -cd ${SRC} -export PATH=/opt/go/bin:$PATH - -# Generate default telegraf config -go run ./cmd/telegraf config > etc/telegraf.conf -LDFLAGS=-w make "${BUILD_ARCH}.deb" diff --git a/packages/telegraf/plugins/inputs/all/all.go b/packages/telegraf/plugins/inputs/all/all.go deleted file mode 100644 index 8265681b..00000000 --- a/packages/telegraf/plugins/inputs/all/all.go +++ /dev/null @@ -1,72 +0,0 @@ -package all - -import ( - //Blank imports for plugins to register themselves - _ "github.com/influxdata/telegraf/plugins/inputs/azure_storage_queue" - _ "github.com/influxdata/telegraf/plugins/inputs/bond" - _ "github.com/influxdata/telegraf/plugins/inputs/cgroup" - _ "github.com/influxdata/telegraf/plugins/inputs/chrony" - _ "github.com/influxdata/telegraf/plugins/inputs/conntrack" - _ "github.com/influxdata/telegraf/plugins/inputs/cpu" - _ "github.com/influxdata/telegraf/plugins/inputs/disk" - _ "github.com/influxdata/telegraf/plugins/inputs/diskio" - _ "github.com/influxdata/telegraf/plugins/inputs/disque" - _ "github.com/influxdata/telegraf/plugins/inputs/dmcache" - _ "github.com/influxdata/telegraf/plugins/inputs/dns_query" - _ "github.com/influxdata/telegraf/plugins/inputs/docker" - _ "github.com/influxdata/telegraf/plugins/inputs/docker_log" - _ "github.com/influxdata/telegraf/plugins/inputs/ethtool" - _ "github.com/influxdata/telegraf/plugins/inputs/exec" - _ "github.com/influxdata/telegraf/plugins/inputs/execd" - _ "github.com/influxdata/telegraf/plugins/inputs/file" - _ "github.com/influxdata/telegraf/plugins/inputs/filecount" - _ "github.com/influxdata/telegraf/plugins/inputs/filestat" - _ "github.com/influxdata/telegraf/plugins/inputs/fireboard" - _ "github.com/influxdata/telegraf/plugins/inputs/hddtemp" - _ "github.com/influxdata/telegraf/plugins/inputs/hugepages" - _ "github.com/influxdata/telegraf/plugins/inputs/influxdb" - _ "github.com/influxdata/telegraf/plugins/inputs/influxdb_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/influxdb_v2_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/intel_pmu" - _ "github.com/influxdata/telegraf/plugins/inputs/intel_powerstat" - _ "github.com/influxdata/telegraf/plugins/inputs/intel_rdt" - _ "github.com/influxdata/telegraf/plugins/inputs/internal" - _ "github.com/influxdata/telegraf/plugins/inputs/internet_speed" - _ "github.com/influxdata/telegraf/plugins/inputs/interrupts" - _ "github.com/influxdata/telegraf/plugins/inputs/ipmi_sensor" - _ "github.com/influxdata/telegraf/plugins/inputs/ipset" - _ "github.com/influxdata/telegraf/plugins/inputs/iptables" - _ "github.com/influxdata/telegraf/plugins/inputs/ipvs" - _ "github.com/influxdata/telegraf/plugins/inputs/kernel" - _ "github.com/influxdata/telegraf/plugins/inputs/kernel_vmstat" - _ "github.com/influxdata/telegraf/plugins/inputs/mdstat" - _ "github.com/influxdata/telegraf/plugins/inputs/mem" - _ "github.com/influxdata/telegraf/plugins/inputs/net" - _ "github.com/influxdata/telegraf/plugins/inputs/netstat" - _ "github.com/influxdata/telegraf/plugins/inputs/nstat" - _ "github.com/influxdata/telegraf/plugins/inputs/ping" - _ "github.com/influxdata/telegraf/plugins/inputs/powerdns_recursor" - _ "github.com/influxdata/telegraf/plugins/inputs/processes" - _ "github.com/influxdata/telegraf/plugins/inputs/procstat" - _ "github.com/influxdata/telegraf/plugins/inputs/sensors" - _ "github.com/influxdata/telegraf/plugins/inputs/sflow" - _ "github.com/influxdata/telegraf/plugins/inputs/slab" - _ "github.com/influxdata/telegraf/plugins/inputs/smart" - _ "github.com/influxdata/telegraf/plugins/inputs/snmp" - _ "github.com/influxdata/telegraf/plugins/inputs/snmp_legacy" - _ "github.com/influxdata/telegraf/plugins/inputs/snmp_trap" - _ "github.com/influxdata/telegraf/plugins/inputs/socket_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/socketstat" - _ "github.com/influxdata/telegraf/plugins/inputs/syslog" - _ "github.com/influxdata/telegraf/plugins/inputs/sysstat" - _ "github.com/influxdata/telegraf/plugins/inputs/system" - _ "github.com/influxdata/telegraf/plugins/inputs/systemd_units" - _ "github.com/influxdata/telegraf/plugins/inputs/tail" - _ "github.com/influxdata/telegraf/plugins/inputs/tcp_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/temp" - _ "github.com/influxdata/telegraf/plugins/inputs/twemproxy" - _ "github.com/influxdata/telegraf/plugins/inputs/udp_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/wireguard" - _ "github.com/influxdata/telegraf/plugins/inputs/wireless" - _ "github.com/influxdata/telegraf/plugins/inputs/x509_cert" -) diff --git a/packages/telegraf/plugins/outputs/all/all.go b/packages/telegraf/plugins/outputs/all/all.go deleted file mode 100644 index 49f7e63d..00000000 --- a/packages/telegraf/plugins/outputs/all/all.go +++ /dev/null @@ -1,9 +0,0 @@ -package all - -import ( - //Blank imports for plugins to register themselves - _ "github.com/influxdata/telegraf/plugins/outputs/azure_data_explorer" - _ "github.com/influxdata/telegraf/plugins/outputs/http" - _ "github.com/influxdata/telegraf/plugins/outputs/influxdb_v2" - _ "github.com/influxdata/telegraf/plugins/outputs/prometheus_client" -) diff --git a/packages/waagent/Jenkinsfile b/packages/waagent/Jenkinsfile deleted file mode 100644 index 79415d71..00000000 --- a/packages/waagent/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def package_name = 'waagent' -def pkgList = [ - ['name': "${package_name}", - 'scmCommit': 'debian/2.9.1.1-2', - 'scmUrl': 'https://salsa.debian.org/cloud-team/waagent.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get install --yes --no-install-recommends dpkg-source-gitarchive; ../build.py'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage("${package_name}", pkgList, null, false, "**/packages/waagent/**") diff --git a/packages/waagent/build.py b/packages/waagent/build.py deleted file mode 100755 index 04f4791b..00000000 --- a/packages/waagent/build.py +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - patches_dir = Path('../patches') - current_dir: str = Path.cwd().as_posix() - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True) - series_file = Path(f'{current_dir}/debian/patches/series') - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{current_dir}/debian/patches/') - if series_file.exists(): - series_data: str = series_file.read_text() - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() diff --git a/packages/wide-dhcpv6/.gitignore b/packages/wide-dhcpv6/.gitignore deleted file mode 100644 index 5fd2ad64..00000000 --- a/packages/wide-dhcpv6/.gitignore +++ /dev/null @@ -1 +0,0 @@ -wide-dhcpv6/ diff --git a/packages/wide-dhcpv6/Jenkinsfile b/packages/wide-dhcpv6/Jenkinsfile deleted file mode 100644 index 83954d97..00000000 --- a/packages/wide-dhcpv6/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'wide-dhcpv6', - 'scmCommit': 'debian/20080615-23', - 'scmUrl': 'https://salsa.debian.org/debian/wide-dhcpv6', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('wide-dhcpv6', pkgList, null, true, "**/packages/wide-dhcpv6/**") diff --git a/packages/wide-dhcpv6/build.sh b/packages/wide-dhcpv6/build.sh deleted file mode 100755 index 87cab92b..00000000 --- a/packages/wide-dhcpv6/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=wide-dhcpv6 -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series - done -fi - -cd ${SRC} -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b diff --git a/packages/wide-dhcpv6/patches/0023-dhcpc6-support-per-interface-client-DUIDs.patch b/packages/wide-dhcpv6/patches/0023-dhcpc6-support-per-interface-client-DUIDs.patch deleted file mode 100644 index c1e71f0c..00000000 --- a/packages/wide-dhcpv6/patches/0023-dhcpc6-support-per-interface-client-DUIDs.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 1e4a9a7b61090043924f2aa9359dcbc9f5e11bfc Mon Sep 17 00:00:00 2001 -From: Brandon Stepler <brandon@stepler.net> -Date: Mon, 25 Jan 2021 14:18:57 +0000 -Subject: [PATCH] dhcpc6: support per-interface client DUIDs - ---- - cfparse.y | 13 +++++++++++-- - cftoken.l | 10 ++++++++++ - config.c | 27 +++++++++++++++++++++++++++ - config.h | 3 ++- - dhcp6c.c | 11 ++++++++--- - dhcp6c.conf.5 | 6 ++++++ - 6 files changed, 64 insertions(+), 6 deletions(-) - -diff --git a/cfparse.y b/cfparse.y -index 9e685f4..244987c 100644 ---- a/cfparse.y -+++ b/cfparse.y -@@ -116,6 +116,7 @@ static void cleanup_cflist __P((struct cf_list *)); - %token BCMCS_SERVERS BCMCS_NAME - %token INFO_ONLY - %token SCRIPT DELAYEDKEY -+%token CLIENT_ID CLIENT_ID_DUID - %token AUTHENTICATION PROTOCOL ALGORITHM DELAYED RECONFIG HMACMD5 MONOCOUNTER - %token AUTHNAME RDM KEY - %token KEYINFO REALM KEYID SECRET KEYNAME EXPIRE -@@ -134,8 +135,8 @@ static void cleanup_cflist __P((struct cf_list *)); - struct dhcp6_poolspec *pool; - } - --%type <str> IFNAME HOSTNAME AUTHNAME KEYNAME DUID_ID STRING QSTRING IAID --%type <str> POOLNAME PROFILENAME -+%type <str> IFNAME HOSTNAME CLIENT_ID_DUID AUTHNAME KEYNAME DUID_ID -+%type <str> STRING QSTRING IAID POOLNAME PROFILENAME - %type <num> NUMBER duration authproto authalg authrdm - %type <list> declaration declarations dhcpoption ifparam ifparams - %type <list> address_list address_list_ent dhcpoption_list -@@ -639,6 +640,14 @@ dhcpoption: - /* no value */ - $$ = l; - } -+ | CLIENT_ID CLIENT_ID_DUID -+ { -+ struct cf_list *l; -+ -+ MAKE_CFLIST(l, DHCPOPT_CLIENT_ID, NULL, NULL); -+ l->ptr = $2; -+ $$ = l; -+ } - | AUTHENTICATION AUTHNAME - { - struct cf_list *l; -diff --git a/cftoken.l b/cftoken.l -index e266ac2..d7edd1f 100644 ---- a/cftoken.l -+++ b/cftoken.l -@@ -119,6 +119,7 @@ ecl \} - %s S_HOST - %s S_DUID - %s S_IA -+%s S_CID - %s S_AUTH - %s S_KEY - %s S_SECRET -@@ -249,6 +250,15 @@ ecl \} - /* duration */ - <S_CNF>infinity { DECHO; return (INFINITY); } - -+ /* client-id option */ -+<S_CNF>client-id { DECHO; BEGIN S_CID; return (CLIENT_ID); } -+<S_CID>{duid} { -+ DECHO; -+ yylval.str = strdup(yytext); -+ BEGIN S_CNF; -+ return (CLIENT_ID_DUID); -+} -+ - /* authentication option */ - <S_CNF>authentication { DECHO; BEGIN S_AUTH; return (AUTHENTICATION); } - <S_AUTH>{string} { -diff --git a/config.c b/config.c -index 70f6287..0cbe631 100644 ---- a/config.c -+++ b/config.c -@@ -100,6 +100,7 @@ struct dhcp6_ifconf { - struct dhcp6_ifconf *next; - - char *ifname; -+ struct duid duid; - - /* configuration flags */ - u_long send_flags; -@@ -1366,6 +1367,7 @@ configure_commit() - /* commit interface configuration */ - for (ifp = dhcp6_if; ifp; ifp = ifp->next) { - /* re-initialization */ -+ duidfree(&ifp->duid); - ifp->send_flags = 0; - ifp->allow_flags = 0; - dhcp6_clear_list(&ifp->reqopt_list); -@@ -1395,6 +1397,8 @@ configure_commit() - } - - /* copy new configuration */ -+ ifp->duid = ifc->duid; -+ ifc->duid.duid_id = NULL; - ifp->send_flags = ifc->send_flags; - ifp->allow_flags = ifc->allow_flags; - dhcp6_copy_list(&ifp->reqopt_list, &ifc->reqopt_list); -@@ -1505,6 +1509,7 @@ clear_ifconf(iflist) - ifc_next = ifc->next; - - free(ifc->ifname); -+ duidfree(&ifc->duid); - dhcp6_clear_list(&ifc->reqopt_list); - - clear_iaconf(&ifc->iaconf_list); -@@ -1635,6 +1640,28 @@ add_options(opcode, ifc, cfl0) - return (-1); - } - break; -+ case DHCPOPT_CLIENT_ID: -+ if (opcode != DHCPOPTCODE_SEND) { -+ debug_printf(LOG_ERR, FNAME, -+ "invalid operation (%d) " -+ "for option type (%d)", -+ opcode, cfl->type); -+ return (-1); -+ } -+ if (ifc->duid.duid_id != NULL) { -+ debug_printf(LOG_ERR, FNAME, "%s:%d " -+ "client-id is doubly specified on %s", -+ configfilename, cfl->line, ifc->ifname); -+ return (-1); -+ } -+ if ((configure_duid((char *)cfl->ptr, -+ &ifc->duid)) != 0) { -+ debug_printf(LOG_ERR, FNAME, "%s:%d " -+ "failed to configure DUID for %s", -+ configfilename, cfl->line, ifc->ifname); -+ return (-1); -+ } -+ break; - case DHCPOPT_AUTHINFO: - if (opcode != DHCPOPTCODE_SEND) { - debug_printf(LOG_ERR, FNAME, -diff --git a/config.h b/config.h -index 36a5aa3..cfcfdd5 100644 ---- a/config.h -+++ b/config.h -@@ -69,6 +69,7 @@ struct dhcp6_if { - u_int32_t linkid; /* to send link-local packets */ - /* multiple global address configuration is not supported now */ - struct in6_addr addr; /* global address */ -+ struct duid duid; - - /* configuration parameters */ - u_long send_flags; -@@ -267,7 +268,7 @@ enum { DECL_SEND, DECL_ALLOW, DECL_INFO_ONLY, DECL_REQUEST, DECL_DUID, - DECL_ADDRESS, - DECL_RANGE, DECL_ADDRESSPOOL, - IFPARAM_SLA_ID, IFPARAM_SLA_LEN, IFPARAM_IFID, IFPARAM_IFID_RAND, -- DHCPOPT_RAPID_COMMIT, DHCPOPT_AUTHINFO, -+ DHCPOPT_RAPID_COMMIT, DHCPOPT_CLIENT_ID, DHCPOPT_AUTHINFO, - DHCPOPT_DNS, DHCPOPT_DNSNAME, - DHCPOPT_IA_PD, DHCPOPT_IA_NA, DHCPOPT_NTP, - DHCPOPT_REFRESHTIME, -diff --git a/dhcp6c.c b/dhcp6c.c -index 849835e..875a147 100644 ---- a/dhcp6c.c -+++ b/dhcp6c.c -@@ -433,6 +433,11 @@ client6_start(ifp) - } - dhcp6_reset_timer(ev); - -+ if (!ifp->duid.duid_id && duidcpy(&ifp->duid, &client_duid)) { -+ debug_printf(LOG_ERR, FNAME, "failed to copy client DUID"); -+ return (-1); -+ } -+ - return (0); - } - -@@ -1249,7 +1254,7 @@ client6_send(ev) - } - - /* client ID */ -- if (duidcpy(&optinfo.clientID, &client_duid)) { -+ if (duidcpy(&optinfo.clientID, &ifp->duid)) { - debug_printf(LOG_ERR, FNAME, "failed to copy client ID"); - goto end; - } -@@ -1533,7 +1538,7 @@ client6_recvadvert(ifp, dh6, len, optinfo) - debug_printf(LOG_INFO, FNAME, "no client ID option"); - return (-1); - } -- if (duidcmp(&optinfo->clientID, &client_duid)) { -+ if (duidcmp(&optinfo->clientID, &ifp->duid)) { - debug_printf(LOG_INFO, FNAME, "client DUID mismatch"); - return (-1); - } -@@ -1805,7 +1810,7 @@ client6_recvreply(ifp, dh6, len, optinfo) - debug_printf(LOG_INFO, FNAME, "no client ID option"); - return (-1); - } -- if (duidcmp(&optinfo->clientID, &client_duid)) { -+ if (duidcmp(&optinfo->clientID, &ifp->duid)) { - debug_printf(LOG_INFO, FNAME, "client DUID mismatch"); - return (-1); - } -diff --git a/dhcp6c.conf.5 b/dhcp6c.conf.5 -index 5693fb8..589510a 100644 ---- a/dhcp6c.conf.5 -+++ b/dhcp6c.conf.5 -@@ -139,6 +139,12 @@ An - statement for - .Ar authname - must be provided. -+.It Ic client-id Ar ID -+means the client's DHCP unique identifier -+.Pq DUID . -+.Ar ID -+is a colon-separated hexadecimal sequence where each separated part -+must be composed of two hexadecimal values. - .El - .\" - .Sh Interface statement --- -2.20.1 - diff --git a/packages/wide-dhcpv6/patches/0024-bind-to-single-socket.patch b/packages/wide-dhcpv6/patches/0024-bind-to-single-socket.patch deleted file mode 100644 index b5751325..00000000 --- a/packages/wide-dhcpv6/patches/0024-bind-to-single-socket.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/dhcp6c.c b/dhcp6c.c -index 1caaaa5..04ce9c5 100644 ---- a/dhcp6c.c -+++ b/dhcp6c.c -@@ -217,6 +217,12 @@ main(argc, argv) - argv[0]); - exit(1); - } -+ -+ if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[0], strlen(argv[0])) != 0) { -+ debug_printf(LOG_ERR, FNAME, "failed to bind %s", argv[0]); -+ exit(1); -+ } -+ - argv++; - } - diff --git a/packages/wide-dhcpv6/patches/0025-option-to-prevent-ia-release.patch b/packages/wide-dhcpv6/patches/0025-option-to-prevent-ia-release.patch deleted file mode 100644 index 32c15814..00000000 --- a/packages/wide-dhcpv6/patches/0025-option-to-prevent-ia-release.patch +++ /dev/null @@ -1,155 +0,0 @@ -From: 1vivy <1vivy@tutanota.com> -Date: Sat, 22 Jul 2023 13:07:10 -0600 -Subject: wide-dhcpv6: T5387: Add a no release option '-n'. - -This prevents a release signal from being sent to the ISP causing a new PD or address to be allocated. - -Co-authored-by: MrLenin <909621+MrLenin@users.noreply.github.com> -Co-authored-by: marjohn56 <martin@queens-park.com> ---- wide-dhcpv6.orig/common.h -+++ wide-dhcpv6/common.h -@@ -120,6 +120,7 @@ sysdep_sa_len (const struct sockaddr *sa - extern int foreground; - extern int debug_thresh; - extern char *device; -+extern int opt_norelease; - - /* search option for dhcp6_find_listval() */ - #define MATCHLIST_PREFIXLEN 0x1 ---- wide-dhcpv6.orig/dhcp6c.8 -+++ wide-dhcpv6/dhcp6c.8 -@@ -88,6 +88,10 @@ is terminated. (suits for a use in shel - Since the configuration is internally generated, you cannot provide a configuration in this mode. If you want to have different actions for the stateless DHCPv6 information, you should write an appropriate configuration and invoke - .Nm - without this option. -+.It Fl n -+Prevent Release message from being sent to DHCPv6 server when -+.Nm -+stops. This is useful for preventing a new address from being configured by the DHCPv6 server when restarting the DHCPv6 client. - .It Fl p Ar pid-file - Use - .Ar pid-file -@@ -109,18 +113,22 @@ or - .Fl i - option is specified. - .Pp --Upon receipt of the --.Dv SIGHUP -+Upon receipt of a -+.Dv SIGHUP , -+.Dv SIGTERM , - or --.Dv SIGTERM --signals, --.Nm --will remove all stateful resources from the system. --In the former case the daemon will then reinvoke itself, --while it will stop running in the latter case. --In either case, -+.Dv SIGUSR1 -+signal, - .Nm --will send DHCPv6 Release messages to release resources assigned from servers. -+will remove all stateful resources from the system. After that, -+.Dv SIGHUP -+reinitializes the daemon, and -+.Dv SIGTERM -+stops the daemon. In both cases, DHCPv6 Release message will be sent to release resources assigned from servers. -+.Dv SIGUSR1 -+stops the daemon as -+.Dv SIGTERM -+does though DHCPv6 Release message will not be sent. - .\" - .Sh FILES - .Bl -tag -width /etc/wide-dhcpv6/dhcp6c.conf -compact ---- wide-dhcpv6.orig/dhcp6c.c -+++ wide-dhcpv6/dhcp6c.c -@@ -84,6 +84,7 @@ static int exit_ok = 0; - static sig_atomic_t sig_flags = 0; - #define SIGF_TERM 0x1 - #define SIGF_HUP 0x2 -+#define SIGF_USR1 0x4 - - const dhcp6_mode_t dhcp6_mode = DHCP6_MODE_CLIENT; - -@@ -108,6 +109,8 @@ static int ctldigestlen; - - static int infreq_mode = 0; - -+int opt_norelease; -+ - static inline int get_val32 __P((char **, int *, u_int32_t *)); - static inline int get_ifname __P((char **, int *, char *, int)); - -@@ -170,7 +173,7 @@ main(argc, argv) - else - progname++; - -- while ((ch = getopt(argc, argv, "c:dDfik:p:P:")) != -1) { -+ while ((ch = getopt(argc, argv, "c:dDfik:np:P:")) != -1) { - switch (ch) { - case 'c': - conffile = optarg; -@@ -190,6 +193,9 @@ main(argc, argv) - case 'k': - ctlkeyfile = optarg; - break; -+ case 'n': -+ opt_norelease = 1; -+ break; - case 'p': - pid_file = optarg; - break; -@@ -395,6 +401,11 @@ client6_init() - strerror(errno)); - exit(1); - } -+ if (signal(SIGUSR1, client6_signal) == SIG_ERR) { -+ debug_printf(LOG_WARNING, FNAME, "failed to set signal: %s", -+ strerror(errno)); -+ exit(1); -+ } - } - - int -@@ -525,6 +536,13 @@ process_signals() - free_resources(NULL); - client6_startall(1); - } -+ if ((sig_flags & SIGF_USR1)) { -+ debug_printf(LOG_INFO, FNAME, "exit without release"); -+ exit_ok = 1; -+ opt_norelease = 1; -+ free_resources(NULL); -+ check_exit(); -+ } - - sig_flags = 0; - } -@@ -1171,6 +1189,9 @@ client6_signal(sig) - case SIGHUP: - sig_flags |= SIGF_HUP; - break; -+ case SIGUSR1: -+ sig_flags |= SIGF_USR1; -+ break; - } - } - ---- wide-dhcpv6.orig/dhcp6c_ia.c -+++ wide-dhcpv6/dhcp6c_ia.c -@@ -420,7 +420,13 @@ release_all_ia(ifp) - for (ia = TAILQ_FIRST(&iac->iadata); ia; ia = ia_next) { - ia_next = TAILQ_NEXT(ia, link); - -- (void)release_ia(ia); -+ if (opt_norelease == 0) { -+ debug_printf(LOG_INFO, FNAME, "Start address " -+ "release"); -+ (void)release_ia(ia); -+ } else -+ debug_printf(LOG_INFO, FNAME, "Bypassing address " -+ "release because of -n flag"); - - /* - * The client MUST stop using all of the addresses diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index ea3aef63..050fa859 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -651,7 +651,7 @@ try: if args.match: # Remove tests that we don't want to run match_str = '-o '.join([f'-name "test_*{name}*.py" ' for name in args.match.split("|")]).strip() - c.sendline(f'sudo find /usr/libexec/vyos/tests/smoke/cli/test_* -type f ! \( {match_str} \) -delete') + c.sendline(f'sudo find /usr/libexec/vyos/tests/smoke -maxdepth 2 -type f -name test_* ! \( {match_str} \) -delete') c.expect(op_mode_prompt) if args.no_interfaces: # remove interface tests as they consume a lot of time diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image index c13d7607..6ee1c3e5 100755 --- a/scripts/image-build/build-vyos-image +++ b/scripts/image-build/build-vyos-image @@ -413,11 +413,6 @@ if __name__ == "__main__": # Release build, use the version from ./configure arguments version = build_config['version'] - if build_config['build_type'] == 'development': - lts_build = False - else: - lts_build = True - version_data = { 'version': version, 'flavor': build_config["build_flavor"], @@ -428,7 +423,7 @@ if __name__ == "__main__": 'build_branch': git_branch, 'release_train': build_config['release_train'], 'architecture': build_config['architecture'], - 'lts_build': lts_build, + 'build_type': build_config['build_type'], 'build_comment': build_config['build_comment'], 'bugtracker_url': build_config['bugtracker_url'], 'documentation_url': build_config['documentation_url'], @@ -438,19 +433,18 @@ if __name__ == "__main__": # Multi line strings needs to be un-indented to not have leading # whitespaces in the resulting file - os_release = f""" - PRETTY_NAME="VyOS {version} ({build_config['release_train']})" - NAME="VyOS" - VERSION_ID="{version}" - VERSION="{version} ({build_config['release_train']})" - VERSION_CODENAME={build_defaults['debian_distribution']} - ID=vyos - BUILD_ID="{build_git}" - HOME_URL="{build_defaults['website_url']}" - SUPPORT_URL="{build_defaults['support_url']}" - BUG_REPORT_URL="{build_defaults['bugtracker_url']}" - DOCUMENTATION_URL="{build_config['documentation_url']}" - """ + os_release = f"""PRETTY_NAME="VyOS {version} ({build_config['release_train']})" +NAME="VyOS" +VERSION_ID="{version}" +VERSION="{version} ({build_config['release_train']})" +VERSION_CODENAME={build_defaults['debian_distribution']} +ID=vyos +BUILD_ID="{build_git}" +HOME_URL="{build_defaults['website_url']}" +SUPPORT_URL="{build_defaults['support_url']}" +BUG_REPORT_URL="{build_defaults['bugtracker_url']}" +DOCUMENTATION_URL="{build_config['documentation_url']}" +""" # Reminder: all paths relative to the build dir, not to the repository root chroot_includes_dir = defaults.CHROOT_INCLUDES_DIR @@ -470,8 +464,8 @@ if __name__ == "__main__": print("Version: {0}".format(version), file=f) # Define variables that influence to welcome message on boot - os.makedirs(os.path.join(chroot_includes_dir, 'usr/lib/'), exist_ok=True) - with open(os.path.join(chroot_includes_dir, 'usr/lib/os-release'), 'w') as f: + os.makedirs(os.path.join(chroot_includes_dir, 'etc/'), exist_ok=True) + with open(os.path.join(chroot_includes_dir, 'etc/os-release'), 'w') as f: print(os_release, file=f) ## Clean up earlier build state and artifacts diff --git a/scripts/package-build/ethtool/package.toml b/scripts/package-build/ethtool/package.toml index 9468ed82..ec22a06c 100644 --- a/scripts/package-build/ethtool/package.toml +++ b/scripts/package-build/ethtool/package.toml @@ -1,4 +1,4 @@ [[packages]] name = "ethtool" -commit_id = "debian/1%6.6-1" +commit_id = "debian/1%6.10-1" scm_url = "https://salsa.debian.org/kernel-team/ethtool" diff --git a/scripts/package-build/linux-kernel/arch b/scripts/package-build/linux-kernel/arch deleted file mode 120000 index f5f81fdc..00000000 --- a/scripts/package-build/linux-kernel/arch +++ /dev/null @@ -1 +0,0 @@ -../../../packages/linux-kernel/arch
\ No newline at end of file diff --git a/packages/linux-kernel/arch/arm64/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig index 11abca82..11abca82 100644 --- a/packages/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig diff --git a/packages/linux-kernel/arch/x86/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig index a6ed937c..a6ed937c 100644 --- a/packages/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig diff --git a/scripts/package-build/linux-kernel/build-intel-qat.sh b/scripts/package-build/linux-kernel/build-intel-qat.sh index 765cea3f..8ef1744e 100755 --- a/scripts/package-build/linux-kernel/build-intel-qat.sh +++ b/scripts/package-build/linux-kernel/build-intel-qat.sh @@ -14,7 +14,7 @@ fi . ${KERNEL_VAR_FILE} -url="https://dev.packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz" +url="https://packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz" cd ${CWD} diff --git a/scripts/package-build/linux-kernel/patches b/scripts/package-build/linux-kernel/patches deleted file mode 120000 index fd016d35..00000000 --- a/scripts/package-build/linux-kernel/patches +++ /dev/null @@ -1 +0,0 @@ -../../../packages/linux-kernel/patches
\ No newline at end of file diff --git a/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch index 0c3141a0..0c3141a0 100644 --- a/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch diff --git a/packages/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch b/scripts/package-build/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch index 6c536c38..6c536c38 100644 --- a/packages/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch +++ b/scripts/package-build/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch diff --git a/packages/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch b/scripts/package-build/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch index 647fe4d5..647fe4d5 100644 --- a/packages/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch +++ b/scripts/package-build/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch diff --git a/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch index bedcec6e..bedcec6e 100644 --- a/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch diff --git a/packages/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch index b19a8d25..b19a8d25 100644 --- a/packages/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch diff --git a/scripts/package-build/netfilter/.gitignore b/scripts/package-build/netfilter/.gitignore index 8518afb9..9bf39f82 100644 --- a/scripts/package-build/netfilter/.gitignore +++ b/scripts/package-build/netfilter/.gitignore @@ -1,3 +1,8 @@ /pkg-libnftnl/ /pkg-nftables/ +*.buildinfo +*.build +*.changes +*.deb +*.dsc diff --git a/scripts/package-build/netfilter/package.toml b/scripts/package-build/netfilter/package.toml index 45752d08..a39ba8b7 100644 --- a/scripts/package-build/netfilter/package.toml +++ b/scripts/package-build/netfilter/package.toml @@ -2,10 +2,14 @@ name = "pkg-libnftnl" commit_id = "debian/1.2.6-2" scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git" -build_cmd = "sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends'; dpkg-buildpackage -uc -us -tc -b" [[packages]] name = "pkg-nftables" commit_id = "debian/1.0.9-1" scm_url = "https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git" -build_cmd = "sudo dpkg -i ../libnftnl*.deb; dpkg-buildpackage -uc -us -tc -b" + +build_cmd = """ +sudo dpkg -i ../libnftnl*.deb +sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends' +dpkg-buildpackage -uc -us -tc -b +""" diff --git a/scripts/package-build/strongswan/build-vici.sh b/scripts/package-build/strongswan/build-vici.sh index 5ad0ee80..75b180f0 100755 --- a/scripts/package-build/strongswan/build-vici.sh +++ b/scripts/package-build/strongswan/build-vici.sh @@ -4,7 +4,7 @@ set -e SRC="strongswan/src/libcharon/plugins/vici/python" if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" + echo "Source directory does not exist, please 'git clone'" exit 1 fi @@ -28,30 +28,31 @@ Depends: \${misc:Depends}, \${python3:Depends} Description: Native Python interface for strongSwan's VICI protocol EOF - # Create rules file -echo "I: create $SRC/rules" +echo "I: create $SRC/debian/rules" cat <<EOF > debian/rules #!/usr/bin/make -f %: dh \$@ --with python3 EOF -# Make the rules file executable chmod +x debian/rules echo '10' > debian/compat +# Add the 'install' file to copy the vici package to the correct directory +echo "I: create $SRC/debian/install" +cat <<EOF > debian/install +vici /usr/lib/python3/dist-packages/ +EOF + # Copy changelog cp ../../../../../debian/changelog debian/ - -ls -la -pwd - - +# Build the package echo "I: Build Debian Package" dpkg-buildpackage -uc -us -tc -b -d +# Copy the resulting .deb packages echo "I: copy packages" -cp ../*.deb ../../../../../../ +cp ../*.deb ../../../../../../ diff --git a/scripts/package-build/xen-guest-agent/.gitignore b/scripts/package-build/xen-guest-agent/.gitignore new file mode 100644 index 00000000..373bd76a --- /dev/null +++ b/scripts/package-build/xen-guest-agent/.gitignore @@ -0,0 +1,7 @@ +xen-guest-agent/ +*.buildinfo +*.build +*.changes +*.deb +*.dsc + diff --git a/scripts/package-build/xen-guest-agent/build.py b/scripts/package-build/xen-guest-agent/build.py new file mode 120000 index 00000000..3c76af73 --- /dev/null +++ b/scripts/package-build/xen-guest-agent/build.py @@ -0,0 +1 @@ +../build.py
\ No newline at end of file diff --git a/scripts/package-build/xen-guest-agent/package.toml b/scripts/package-build/xen-guest-agent/package.toml new file mode 100644 index 00000000..213425df --- /dev/null +++ b/scripts/package-build/xen-guest-agent/package.toml @@ -0,0 +1,34 @@ +[[packages]] +name = "xen-guest-agent" +commit_id = "0.4.0" +scm_url = "https://gitlab.com/xen-project/xen-guest-agent" + + +build_cmd = """ +# changelog +cat <<EOF > debian/changelog +xen-guest-agent (0.4.0) UNRELEASED; urgency=medium + + * Upstream package + + -- VyOS Maintainers <maintainers@vyos.io> Thu, 26 Sep 2024 12:35:47 +0000 + +EOF + +# Apply the patch to modify the debian/rules file +sed -i 's|../xen-guest-agent-$(UPSTREAM_VERSION)-linux-$(DEB_TARGET_GNU_CPU)|target/release/xen-guest-agent|' debian/rules + +sudo apt-get -y install --no-install-recommends libclang-dev libxen-dev +# Install rust +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable --profile default --no-modify-path + +# Set PATH for Cargo +export PATH="$HOME/.cargo/bin:$PATH" +rustup update +cd xen-guest-agent +cargo update + +# Build deb +cargo build -F static --profile release +dpkg-buildpackage -b -us -uc +""" |