diff options
42 files changed, 623 insertions, 879 deletions
@@ -7,3 +7,4 @@ packages/* !packages/*/ testinstall*.img *.qcow2 +*.tar @@ -54,6 +54,16 @@ testc: checkiso testraid: checkiso scripts/check-qemu-install --debug --configd --raid --configtest build/live-image-amd64.hybrid.iso +.PHONY: qemu-live +.ONESHELL: +qemu-live: checkiso + scripts/check-qemu-install --qemu-cmd build/live-image-amd64.hybrid.iso + +.PHONE: oci +.ONESHELL: +oci: checkiso + scripts/iso-to-oci build/live-image-amd64.hybrid.iso + .PHONY: clean .ONESHELL: clean: diff --git a/data/defaults.toml b/data/defaults.toml index 4cae2b6d..5b90ffbd 100644 --- a/data/defaults.toml +++ b/data/defaults.toml @@ -14,7 +14,7 @@ vyos_mirror = "https://rolling-packages.vyos.net/current" vyos_branch = "current" release_train = "current" -kernel_version = "6.1.55" +kernel_version = "6.1.66" bootloaders = "syslinux,grub-efi" squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery" diff --git a/data/live-build-config/bootloaders/grub-pc/grub.cfg b/data/live-build-config/bootloaders/grub-pc/grub.cfg index 8837b8a2..4c46c89f 100644 --- a/data/live-build-config/bootloaders/grub-pc/grub.cfg +++ b/data/live-build-config/bootloaders/grub-pc/grub.cfg @@ -4,6 +4,7 @@ set timeout=10 insmod serial serial --unit=0 --speed=115200 +insmod gzio insmod part_msdos insmod ext2 insmod efi_gop diff --git a/data/live-build-config/hooks/live/18-enable-disable_services.chroot b/data/live-build-config/hooks/live/18-enable-disable_services.chroot index 1bea51b1..4dc880ca 100755 --- a/data/live-build-config/hooks/live/18-enable-disable_services.chroot +++ b/data/live-build-config/hooks/live/18-enable-disable_services.chroot @@ -1,6 +1,7 @@ #!/bin/sh echo I: Disabling services +systemctl disable arpwatch.service systemctl disable smartd.service systemctl disable kea-ctrl-agent.service systemctl disable kea-dhcp4-server.service @@ -80,6 +81,7 @@ systemctl enable vyos-hostsd.service systemctl enable acpid.service systemctl enable vyos-router.service systemctl enable vyos-configd.service +systemctl enable vyos-grub-update.service echo I: Masking services systemctl mask systemd-journald-audit.socket diff --git a/data/live-build-config/hooks/live/99-strip-symbols.chroot b/data/live-build-config/hooks/live/99-strip-symbols.chroot index ba3356ca..704f9cb3 100755 --- a/data/live-build-config/hooks/live/99-strip-symbols.chroot +++ b/data/live-build-config/hooks/live/99-strip-symbols.chroot @@ -27,16 +27,23 @@ STRIPDIR_UNNEEDED=" /usr/libx32 /usr/sbin " +STRIP_EXCLUDE=`dpkg-query -L libbinutils | grep '.so'` # Perform stuff. echo "Stripping symbols..." +# List excluded files. +echo "Exclude files: ${STRIP_EXCLUDE}" + # CMD: strip for DIR in ${STRIPDIR_REGULAR}; do echo "Parse dir (strip): ${DIR}" find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do - echo "Strip file (strip): ${FILE}" - ${STRIPCMD_REGULAR} ${FILE} + echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" + if [ $? -ne 0 ]; then + echo "Strip file (strip): ${FILE}" + ${STRIPCMD_REGULAR} ${FILE} + fi done done @@ -44,8 +51,11 @@ done for DIR in ${STRIPDIR_DEBUG}; do echo "Parse dir (strip-debug): ${DIR}" find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do - echo "Strip file (strip-debug): ${FILE}" - ${STRIPCMD_DEBUG} ${FILE} + echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" + if [ $? -ne 0 ]; then + echo "Strip file (strip-debug): ${FILE}" + ${STRIPCMD_DEBUG} ${FILE} + fi done done @@ -53,8 +63,11 @@ done for DIR in ${STRIPDIR_UNNEEDED}; do echo "Parse dir (strip-unneeded: ${DIR}" find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do - echo "Strip file (strip-unneeded): ${FILE}" - ${STRIPCMD_UNNEEDED} ${FILE} + echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" + if [ $? -ne 0 ]; then + echo "Strip file (strip-unneeded): ${FILE}" + ${STRIPCMD_UNNEEDED} ${FILE} + fi done done diff --git a/docker-vyos/Dockerfile b/docker-vyos/Dockerfile index cfe505ef..ef7621c6 100644 --- a/docker-vyos/Dockerfile +++ b/docker-vyos/Dockerfile @@ -1,6 +1,6 @@ # syntax = docker/dockerfile:1 -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -17,29 +17,48 @@ # Define arguments for VyOS image ARG VYOS_VERSION ARG BUILD_DATE -ARG DEBIAN_VERSION # Use Debian as base layer -FROM debian:${DEBIAN_VERSION}-slim +FROM debian:bookworm-slim + +LABEL authors="VyOS Maintainers <maintainers@vyos.io>" +ENV DEBIAN_FRONTEND noninteractive + +RUN /bin/echo -e 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommends + +# Base packaged needed to build packages and their package dependencies +RUN apt-get update && apt-get install -y \ + ca-certificates \ + gnupg \ + curl \ + fuse-overlayfs \ + jq \ + yq + # Copy installer script and default build settings -COPY [ "data/defaults.json", "data/live-build-config/archives/*", "docker-vyos/vyos_install_common.sh", "docker-vyos/vyos_install_stage_01.sh", "/tmp/" ] +COPY [ "data/defaults.toml", \ + "data/architectures/amd64.toml", \ + "data/live-build-config/archives/*", \ + "docker-vyos/vyos_install_common.sh", \ + "docker-vyos/vyos_install_stage_01.sh", \ + "/tmp/"] COPY [ "data/live-build-config/hooks/live/*", "/tmp/hooks/" ] - # Install VyOS dependencies WORKDIR /tmp RUN bash /tmp/vyos_install_stage_01.sh # Install VyOS specific software -COPY [ "data/defaults.json", "docker-vyos/vyos_install_common.sh", "docker-vyos/vyos_install_stage_02.sh", "/tmp/" ] +COPY [ "data/defaults.toml", \ + "data/architectures/amd64.toml", \ + "docker-vyos/vyos_install_common.sh", \ + "docker-vyos/vyos_install_stage_02.sh", "/tmp/" ] RUN bash /tmp/vyos_install_stage_02.sh # Tune system for VyOS COPY [ "docker-vyos/vyos_install_common.sh", "docker-vyos/vyos_install_stage_03.sh", "/tmp/" ] -# Copy skel for bash profile -COPY data/live-build-config/includes.chroot/etc/skel/.bashrc /etc/skel/.bashrc # Copy default config COPY data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default /opt/vyatta/etc/ diff --git a/docker-vyos/README.md b/docker-vyos/README.md index 7c1fb6a1..ad0c3881 100644 --- a/docker-vyos/README.md +++ b/docker-vyos/README.md @@ -2,58 +2,81 @@ VyOS can be run as a Docker container on a Linux host with a compatible kernel. +## Build Container -## Building Docker image +To build a Docker image you need to have the whole `vyos-build` repository, not +only a folder with Dockerfile, because some files from this repository are +required for building. -To build a Docker image you need to have the whole `vyos-build` repository, not only a folder with Dockerfile, because some files from this repository are required for building. Docker image with VyOS can be built on Linux host with the next command: -``` -docker build --compress -f Dockerfile -t vyos:version-`date -u +%Y%m%d%H%M%S` --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" --build-arg VYOS_VERSION=version --build-arg DEBIAN_VERSION=debian --progress plain .. +```console +docker build --compress --file Dockerfile \ + --tag vyos:version-`date -u +%Y%m%d%H%M%S` \ + --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \ + --build-arg VYOS_VERSION=version \ + --build-arg DEBIAN_VERSION=debian \ + --progress plain .. ``` Or, if you want to rebuild completely from the scratch (without cache): -``` -docker build --no-cache --pull --compress -f Dockerfile -t vyos:version-`date -u +%Y%m%d%H%M%S` --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" --build-arg VYOS_VERSION=version --build-arg DEBIAN_VERSION=debian --progress plain .. +```console +docker build --no-cache --pull --compress --file Dockerfile \ + --tag vyos:version-`date -u +%Y%m%d%H%M%S` \ + --build-arg BUILD_DATE="`date -u --rfc-3339=seconds`" \ + --build-arg VYOS_VERSION=version \ + --build-arg DEBIAN_VERSION=debian \ + --progress plain .. ``` -> **NOTE:** You must use proper version value for `DEBIAN_VERSION` variable. It can be only `jessie` (for VyOS 1.2) or `buster` (for VyOS 1.3). +> **_NOTE:_** You must use proper version value for `DEBIAN_VERSION` variable. + It can be only `jessie` (for VyOS 1.2) or `buster` (for VyOS 1.3). -## Running Docker image +## Run Container Docker container with VyOS can be running with the next command: -``` -docker run -v /lib/modules:/lib/modules --privileged --name vyos_inside_docker -d vyos:version +```console +docker run --privileged --detach \ + --volume /lib/modules:/lib/modules \ + --name vyos_inside_docker vyos:version ``` -You need to use the `--privileged` flag because the system actively interacts with a host kernel to perform routing operations and tune networking options. - +You need to use the `--privileged` flag because the system actively interacts +with a host kernel to perform routing operations and tune networking options. **Experimantal:** You can limit access to some system resources with: -``` -docker run --tmpfs /tmp --tmpfs /run --tmpfs /run/lock -v /sys/fs/cgroup:/sys/fs/cgroup:ro -v /lib/modules:/lib/modules --privileged --name vyos_inside_docker -d vyos:version +```console +docker run --privileged --detach \ + --tmpfs /tmp \ + --tmpfs /run \ + --tmpfs /run/lock \ + --volume /lib/modules:/lib/modules:ro \ + --volume /sys/fs/cgroup:/sys/fs/cgroup:ro \ + --name vyos_inside_docker vyos:version ``` -## Logging into a VyOS container +### Log into container -To open VyOS CLI, you can use SSH connection to the Docker container or run on host: +To open VyOS CLI, you can use SSH connection to the Docker container or run +on host: -``` +```console docker exec -it vyos_inside_docker su vyos ``` - ## Troubleshooting -If in VyOS appears IPv6-related errors, for example, it cannot assign an IPv6 for an interface, it is necessary to enable IPv6 support in Docker. This can be done, by editing `/etc/docker/daemon.json`: +If in VyOS appears IPv6-related errors, for example, it cannot assign an IPv6 +address for an interface, it is necessary to enable IPv6 support in Docker. -``` +This can be done, by editing `/etc/docker/daemon.json`: + +```console { "ipv6": true, "fixed-cidr-v6": "fe80::/64" } - ``` diff --git a/docker-vyos/vyos_install_common.sh b/docker-vyos/vyos_install_common.sh index 7c5360c0..7d2ed7e3 100644 --- a/docker-vyos/vyos_install_common.sh +++ b/docker-vyos/vyos_install_common.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -14,7 +14,6 @@ # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. - # Set environment variables export DEBIAN_FRONTEND="noninteractive" @@ -23,21 +22,21 @@ function prepare_apt() { # Update packages list apt-get update - # Install jq (required to easily extract variables from defaults.json) - apt-get install -y --no-install-recommends jq gnupg - # Add VyOS repository to the system - local APT_VYOS_MIRROR=`jq --raw-output .vyos_mirror /tmp/defaults.json` - local APT_VYOS_BRANCH=`jq --raw-output .vyos_branch /tmp/defaults.json` - local APT_ADDITIONAL_REPOS=`jq --raw-output .additional_repositories[] /tmp/defaults.json` - local RELEASE_TRAIN=`jq --raw-output .release_train /tmp/defaults.json` + local APT_VYOS_MIRROR=$(tomlq --raw-output .vyos_mirror /tmp/defaults.toml) + local APT_VYOS_BRANCH=$(tomlq --raw-output .vyos_branch /tmp/defaults.toml) + local APT_ADDITIONAL_REPOS=$(tomlq --raw-output .additional_repositories[] /tmp/amd64.toml) + local RELEASE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml) - if [[ "${RELEASE_TRAIN}" == "crux" ]]; then - echo -e "deb ${APT_VYOS_MIRROR}/vyos ${APT_VYOS_BRANCH} main\ndeb ${APT_VYOS_MIRROR}/debian ${APT_VYOS_BRANCH} main\n${APT_ADDITIONAL_REPOS}" > /etc/apt/sources.list.d/vyos.list - fi + echo "APT_VYOS_MIRROR : $APT_VYOS_MIRROR" + echo "APT_VYOS_BRANCH : $APT_VYOS_BRANCH" + echo "APT_ADDITIONAL_REPOS : $APT_ADDITIONAL_REPOS" + echo "RELEASE_TRAIN : $RELEASE_TRAIN" + + echo -e "deb ${APT_VYOS_MIRROR} ${APT_VYOS_BRANCH} main\n${APT_ADDITIONAL_REPOS}" > /etc/apt/sources.list.d/vyos.list + cat /etc/apt/sources.list.d/vyos.list - if [[ "${RELEASE_TRAIN}" == "equuleus" || "${RELEASE_TRAIN}" == "sagitta" ]]; then - echo -e "deb ${APT_VYOS_MIRROR} ${APT_VYOS_BRANCH} main\n${APT_ADDITIONAL_REPOS}" > /etc/apt/sources.list.d/vyos.list + if [ ${RELEASE_TRAIN} == "equuleus" ]; then # Add backports repository echo -e "deb http://deb.debian.org/debian buster-backports main\ndeb http://deb.debian.org/debian buster-backports non-free" >> /etc/apt/sources.list.d/vyos.list fi @@ -65,8 +64,6 @@ function prepare_apt() { # Cleanup APT after finish function cleanup_apt() { - # delete jq tool - dpkg -P jq # Clear APT cache apt-get clean rm -rf /var/lib/apt/lists/* diff --git a/docker-vyos/vyos_install_stage_01.sh b/docker-vyos/vyos_install_stage_01.sh index c793aa4e..ce9e9b53 100644 --- a/docker-vyos/vyos_install_stage_01.sh +++ b/docker-vyos/vyos_install_stage_01.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -58,6 +58,7 @@ ignore_list=( "cluster-glue" "resource-agents" "heartbeat" + "podman" ) # Get list of packages from VYOS repository diff --git a/docker-vyos/vyos_install_stage_02.sh b/docker-vyos/vyos_install_stage_02.sh index 1ec1676c..81a0975b 100644 --- a/docker-vyos/vyos_install_stage_02.sh +++ b/docker-vyos/vyos_install_stage_02.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -35,6 +35,8 @@ vyos_packages_filtered=("$(filter_list vyos_packages[@] vyos_packages_filter[@]) vyos_packages_filtered+=( "uuid" "jq" + "yq" + "systemd" ) echo "Packages for installing: ${vyos_packages_filtered[@]}" @@ -43,12 +45,12 @@ echo "Installing VyOS packages" apt-get install -y --no-install-recommends ${vyos_packages_filtered[@]} # Create VyOS version file -RELEASAE_TRAIN=`jq --raw-output .release_train /tmp/defaults.json` +RELEASAE_TRAIN=$(tomlq --raw-output .release_train /tmp/defaults.toml) apt-cache show vyos-1x | awk -v release_train=${RELEASAE_TRAIN} '{ if ($1 == "Version:") version = $2 } END { build_git = "unknown" ; built_by = "Sentrium S.L." ; built_on = strftime("%F %T UTC", systime(), utc) ; "uuid -v 4" | getline build_uuid ; printf("{\"version\": \"%s\", \"build_git\": \"%s\", \"built_on\": \"%s\", \"built_by\": \"%s\", \"build_uuid\": \"%s\", \"release_train\": \"%s\"}", version, build_git, built_on, built_by, build_uuid, release_train) }' | json_pp > /usr/share/vyos/version.json # Delete what we do not need inside Docker image (this step makes packages database inconsistent) echo "Deleting what is needless in containers" -dpkg -P --force-depends dosfstools efibootmgr jq gdisk grub-common grub-efi-amd64-bin initscripts installation-report laptop-detect libossp-uuid16 libparted2 libwireshark-data libwireshark5 mdadm parted tshark uuid vyos-qat-kernel-modules wireguard-modules +dpkg -P --force-depends dosfstools efibootmgr yq jq gdisk grub-common grub-efi-amd64-bin initscripts installation-report laptop-detect libossp-uuid16 libparted2 libwireshark-data libwireshark5 mdadm parted tshark uuid dpkg -l | awk '/linux-image-/ { system("dpkg -P --force-depends " $2) }' # Delete documentation diff --git a/docker-vyos/vyos_install_stage_03.sh b/docker-vyos/vyos_install_stage_03.sh index 90003a4f..e51ff089 100644 --- a/docker-vyos/vyos_install_stage_03.sh +++ b/docker-vyos/vyos_install_stage_03.sh @@ -1,6 +1,6 @@ #!/bin/bash -# Copyright (C) 2020 VyOS maintainers and contributors +# Copyright (C) 2020-2023 VyOS maintainers and contributors # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2 or later as @@ -20,6 +20,7 @@ . vyos_install_common.sh # Add config partition marker +mkdir -p /opt/vyatta/etc/config touch /opt/vyatta/etc/config/.vyatta_config # create folder for configuration mounting @@ -54,10 +55,9 @@ for hook in ${hooks_list[@]}; do done # Delete needless options from CLI -# CLI_DELETION=( -# "/opt/vyatta/share/vyatta-cfg/templates/system/host-name/" -# ) -# rm -rf ${CLI_DELETION[@]} - + CLI_DELETION=( + "/opt/vyatta/share/vyatta-cfg/templates/container/" + ) + rm -rf ${CLI_DELETION[@]} exit 0 diff --git a/docker/Dockerfile b/docker/Dockerfile index a1d22b26..953ea4c6 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -212,7 +212,7 @@ RUN export RTRLIB_VERSION="0.8.0" export ARCH=$(dpkg-architecture -qDEB_HOST_ARC dpkg-buildpackage -uc -us -tc -b && \ dpkg -i ../librtr0*_${ARCH}.deb ../librtr-dev*_${ARCH}.deb ../rtr-tools*_${ARCH}.deb -RUN export LIBYANG_VERSION="v2.1.80" export ARCH=$(dpkg-architecture -qDEB_HOST_ARCH) && \ +RUN export LIBYANG_VERSION="v2.1.128" export ARCH=$(dpkg-architecture -qDEB_HOST_ARCH) && \ git clone https://github.com/CESNET/libyang.git /tmp/libyang && cd /tmp/libyang && \ pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} + && \ dpkg -i ../libyang*.deb @@ -244,7 +244,7 @@ RUN pip install --break-system-packages \ whois # Go required for validators and vyos-xe-guest-utilities -RUN GO_VERSION_INSTALL="1.18.3" ; \ +RUN GO_VERSION_INSTALL="1.21.3" ; \ wget -O /tmp/go${GO_VERSION_INSTALL}.linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION_INSTALL}.linux-$(dpkg-architecture -qDEB_HOST_ARCH).tar.gz ; \ tar -C /opt -xzf /tmp/go*.tar.gz && \ rm /tmp/go*.tar.gz diff --git a/packages/ddclient/Jenkinsfile b/packages/ddclient/Jenkinsfile index a3decfa8..317362e9 100644 --- a/packages/ddclient/Jenkinsfile +++ b/packages/ddclient/Jenkinsfile @@ -20,10 +20,14 @@ @Library('vyos-build@current')_ def pkgList = [ - ['name': 'ddclient', + ['name': 'ddclient-debian', 'scmCommit': 'debian/3.10.0-3', 'scmUrl': 'https://salsa.debian.org/debian/ddclient', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], + 'buildCmd': '/bin/true'], + ['name': 'ddclient-github', + 'scmCommit': 'v3.11.2', + 'scmUrl': 'https://github.com/ddclient/ddclient', + 'buildCmd': 'cd ..; ./build.sh'], ] // Start package build using library function from https://github.com/vyos/vyos-build diff --git a/packages/ddclient/build.sh b/packages/ddclient/build.sh index 76a03815..82e9b899 100755 --- a/packages/ddclient/build.sh +++ b/packages/ddclient/build.sh @@ -1,26 +1,49 @@ -#!/bin/sh +#!/bin/bash CWD=$(pwd) set -e -SRC=ddclient -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" +SRC_DEBIAN=ddclient-debian +SRC_GITHUB=ddclient-github + +if [ ! -d ${SRC_DEBIAN} ]; then + echo "${SRC_DEBIAN} directory does not exists, please 'git clone'" + exit 1 +fi + +if [ ! -d ${SRC_GITHUB} ]; then + echo "${SRC_GITHUB} directory does not exists, please 'git clone'" exit 1 fi +echo "I: Copy Debian build instructions" +cp -a ${SRC_DEBIAN}/debian ${SRC_GITHUB} +# Preserve some of the Debian's default patches +cat > ${SRC_GITHUB}/debian/patches/series << EOF +maxinterval.diff +news.diff +EOF +# Remove vestigial documentation +sed -i '/README\.ssl/d' ${SRC_GITHUB}/debian/docs + PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then +if [ -d ${PATCH_DIR} ]; then for patch in $(ls ${PATCH_DIR}) do echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series + cp ${PATCH_DIR}/${patch} ${SRC_GITHUB}/debian/patches/ + echo ${patch} >> ${SRC_GITHUB}/debian/patches/series done fi -cd ${SRC} -echo "I: bump version" -dch -v "3.10.0-3+vyos0" "Patchset for miscellaneous fixes" +cd ${SRC_GITHUB} + +echo "I: Ensure Debian build dependencies are met" +sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" + +echo "I: Bump Debian Package version" +version="$(git describe --tags)" +dch -v "${version:1}+vyos0" "Patchset for miscellaneous fixes" +dch -a "Forward port to upstream version ${version:1}" echo "I: Build Debian Package" dpkg-buildpackage -uc -us -tc -b diff --git a/packages/ddclient/patches/z1_perhost-variable-new-style.patch b/packages/ddclient/patches/z1_perhost-variable-new-style.patch deleted file mode 100644 index cf8793f9..00000000 --- a/packages/ddclient/patches/z1_perhost-variable-new-style.patch +++ /dev/null @@ -1,47 +0,0 @@ -From 11a5bd5e7ef0d199c754947e24c0c8a736d18c48 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Thomas=20du=20Bo=C3=BFs?= <thomas@duboys.info> -Date: Sat, 28 Jan 2023 11:34:41 +0100 -Subject: [PATCH] define usev4, usev6 and dependancies as per-host config - -Ref: ddclient/ddclient#505 ---- - ddclient.in | 15 +++++++++++++++ - 1 file changed, 15 insertions(+) - -diff --git a/ddclient.in b/ddclient.in -index eff10fb4..ad7dee52 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -490,17 +490,32 @@ my %variables = ( - 'host' => setv(T_STRING,1, 1, '', undef), - - 'use' => setv(T_USE, 0, 0, 'ip', undef), -+ 'usev4' => setv(T_USEV4, 0, 0, 'disabled', undef), -+ 'usev6' => setv(T_USEV6, 0, 0, 'disabled', undef), - 'if' => setv(T_IF, 0, 0, 'ppp0', undef), -+ 'ifv4' => setv(T_IF, 0, 0, 'default', undef), -+ 'ifv6' => setv(T_IF, 0, 0, 'default', undef), - 'web' => setv(T_STRING,0, 0, 'dyndns', undef), - 'web-skip' => setv(T_STRING,0, 0, '', undef), - 'web-ssl-validate' => setv(T_BOOL, 0, 0, 1, undef), -+ 'webv4' => setv(T_STRING,0, 0, 'googledomains', undef), -+ 'webv4-skip' => setv(T_STRING,1, 0, '', undef), -+ 'webv6' => setv(T_STRING,0, 0, 'googledomains', undef), -+ 'webv6-skip' => setv(T_STRING,1, 0, '', undef), - 'fw' => setv(T_ANY, 0, 0, '', undef), - 'fw-skip' => setv(T_STRING,0, 0, '', undef), - 'fw-login' => setv(T_LOGIN, 0, 0, '', undef), - 'fw-password' => setv(T_PASSWD,0, 0, '', undef), - 'fw-ssl-validate' => setv(T_BOOL, 0, 0, 1, undef), -+ 'fwv4' => setv(T_ANY, 0, 0, '', undef), -+ 'fwv4-skip' => setv(T_STRING,1, 0, '', undef), -+ 'fwv6' => setv(T_ANY, 0, 0, '', undef), -+ 'fwv6-skip' => setv(T_STRING,1, 0, '', undef), - 'cmd' => setv(T_PROG, 0, 0, '', undef), - 'cmd-skip' => setv(T_STRING,0, 0, '', undef), -+ 'cmdv4' => setv(T_PROG, 0, 0, '', undef), -+ 'cmdv6' => setv(T_PROG, 0, 0, '', undef), -+ - 'ip' => setv(T_IP, 0, 1, undef, undef), #TODO remove from cache? - 'ipv4' => setv(T_IPV4, 0, 1, undef, undef), - 'ipv6' => setv(T_IPV6, 0, 1, undef, undef), diff --git a/packages/ddclient/patches/z2_dyndns2-ipv4-ipv6.patch b/packages/ddclient/patches/z2_dyndns2-ipv4-ipv6.patch deleted file mode 100644 index f43fa8e7..00000000 --- a/packages/ddclient/patches/z2_dyndns2-ipv4-ipv6.patch +++ /dev/null @@ -1,114 +0,0 @@ -From fa6c95f5110455b6e1ad80d1147086619ddbf7df Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Thomas=20du=20Bo=C3=BFs?= <thomas@duboys.info> -Date: Fri, 27 Jan 2023 17:58:26 +0100 -Subject: [PATCH 1/2] Update dyndns2 client to use new IPv4/IPv6 logic -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Thomas du BoĂ¿s <thomas@duboys.info> - -Ref: ddclient/ddclient#502 ---- - ddclient.in | 32 ++++++++++++++++++++++---------- - 1 file changed, 22 insertions(+), 10 deletions(-) - -diff --git a/ddclient.in b/ddclient.in -index eff10fb4..744d63ed 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -4069,10 +4069,13 @@ sub nic_dyndns2_update { - my @hosts = @{$groups{$sig}}; - my $hosts = join(',', @hosts); - my $h = $hosts[0]; -- my $ip = $config{$h}{'wantip'}; -- delete $config{$_}{'wantip'} foreach @hosts; -+ my $ipv4 = $config{$h}{'wantipv4'}; -+ my $ipv6 = $config{$h}{'wantipv6'}; -+ delete $config{$_}{'wantipv4'} foreach @hosts; -+ delete $config{$_}{'wantipv6'} foreach @hosts; - -- info("setting IP address to %s for %s", $ip, $hosts); -+ info("setting IPv4 address to %s for %s", $ipv4, $hosts) if $ipv4; -+ info("setting IPv6 address to %s for %s", $ipv6, $hosts) if $ipv6; - verbose("UPDATE:", "updating %s", $hosts); - - ## Select the DynDNS system to update -@@ -4091,7 +4094,11 @@ sub nic_dyndns2_update { - - $url .= "&hostname=$hosts"; - $url .= "&myip="; -- $url .= $ip if $ip; -+ $url .= $ipv4 if $ipv4; -+ if ($ipv6) { -+ $url .= "," if $ipv4; -+ $url .= $ipv6; -+ } - - ## some args are not valid for a custom domain. - $url .= "&wildcard=ON" if ynu($config{$h}{'wildcard'}, 1, 0, 0); -@@ -4114,7 +4121,6 @@ sub nic_dyndns2_update { - - my @reply = split /\n/, $reply; - my $state = 'header'; -- my $returnedip = $ip; - - foreach my $line (@reply) { - if ($state eq 'header') { -@@ -4128,22 +4134,28 @@ sub nic_dyndns2_update { - - # bug #10: some dyndns providers does not return the IP so - # we can't use the returned IP -- my ($status, $returnedip) = split / /, lc $line; -- $ip = $returnedip if (not $ip); -+ my ($status, $returnedips) = split / /, lc $line; - my $h = shift @hosts; - - $config{$h}{'status'} = $status; -+ $config{$h}{'status-ipv4'} = $status if $ipv4; -+ $config{$h}{'status-ipv6'} = $status if $ipv6; - if ($status eq 'good') { -- $config{$h}{'ip'} = $ip; -+ $config{$h}{'ipv4'} = $ipv4 if $ipv4; -+ $config{$h}{'ipv6'} = $ipv6 if $ipv6; - $config{$h}{'mtime'} = $now; -- success("updating %s: %s: IP address set to %s", $h, $status, $ip); -+ success("updating %s: %s: IPv4 address set to %s", $h, $status, $ipv4) if $ipv4; -+ success("updating %s: %s: IPv6 address set to %s", $h, $status, $ipv6) if $ipv6; - - } elsif (exists $errors{$status}) { - if ($status eq 'nochg') { - warning("updating %s: %s: %s", $h, $status, $errors{$status}); -- $config{$h}{'ip'} = $ip; -+ $config{$h}{'ipv4'} = $ipv4 if $ipv4; -+ $config{$h}{'ipv6'} = $ipv6 if $ipv6; - $config{$h}{'mtime'} = $now; - $config{$h}{'status'} = 'good'; -+ $config{$h}{'status-ipv4'} = 'good' if $ipv4; -+ $config{$h}{'status-ipv6'} = 'good' if $ipv6; - - } else { - failed("updating %s: %s: %s", $h, $status, $errors{$status}); - -From cca4291360ce31aff1ab0d877d2622c11510c1f3 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Thomas=20du=20Bo=C3=BFs?= <thomas@duboys.info> -Date: Sat, 28 Jan 2023 10:46:43 +0100 -Subject: [PATCH 2/2] fix ipv4 address on message log when address already set - ---- - ddclient.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/ddclient.in b/ddclient.in -index 744d63ed..a5e9c68c 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -3820,7 +3820,7 @@ sub nic_updateable { - success("%s: skipped: IP address was already set to %s.", $host, $ip); - } - if ($usev4 ne 'disabled') { -- success("%s: skipped: IPv4 address was already set to %s.", $host, $ipv6); -+ success("%s: skipped: IPv4 address was already set to %s.", $host, $ipv4); - } - if ($usev6 ne 'disabled') { - success("%s: skipped: IPv6 address was already set to %s.", $host, $ipv6); diff --git a/packages/ddclient/patches/z3_duckdns-reply-fix.patch b/packages/ddclient/patches/z3_duckdns-reply-fix.patch deleted file mode 100644 index ac51add9..00000000 --- a/packages/ddclient/patches/z3_duckdns-reply-fix.patch +++ /dev/null @@ -1,74 +0,0 @@ -From d35d62f3e753ffe15b151f7b7c5dea96bfa3ca7a Mon Sep 17 00:00:00 2001 -From: drinn <drinn@users.noreply.github.com> -Date: Sat, 28 Jan 2023 09:48:51 -0600 -Subject: [PATCH 1/2] updated nic_duckdns_update to account for extra lines in - duckdns reply - -Ref: ddclient/ddclient#506 ---- - ddclient.in | 30 +++++++++++++++++++++--------- - 1 file changed, 21 insertions(+), 9 deletions(-) - -diff --git a/ddclient.in b/ddclient.in -index eff10fb4..8797d7d4 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -6559,16 +6559,28 @@ sub nic_duckdns_update { - next if !header_ok($h, $reply); - - my @reply = split /\n/, $reply; -- my $returned = pop(@reply); -- if ($returned =~ /OK/) { -- $config{$h}{'ip'} = $ip; -- $config{$h}{'mtime'} = $now; -- $config{$h}{'status'} = 'good'; -- success("updating %s: good: IP address set to %s", $h, $ip); -- } else { -- $config{$h}{'status'} = 'failed'; -- failed("updating %s: Server said: '%s'", $h, $returned); -+ my $state = 'noresult'; -+ my $line = ''; -+ -+ foreach $line (@reply) { -+ if ($line eq 'OK') { -+ $config{$h}{'ip'} = $ip; -+ $config{$h}{'mtime'} = $now; -+ $config{$h}{'status'} = 'good'; -+ $state = 'result'; -+ success("updating %s: good: IP address set to %s", $h, $ip); -+ -+ } elsif ($line eq 'KO') { -+ $config{$h}{'status'} = 'failed'; -+ $state = 'result'; -+ failed("updating %s: Server said: '%s'", $h, $line); -+ } -+ } -+ -+ if ($state eq 'noresult') { -+ failed("updating %s: Server said: '%s'", $h, $line); - } -+ - } - } - - -From dbc40557d22b36a6847d0cd11e59185647516f7b Mon Sep 17 00:00:00 2001 -From: drinn <drinn@users.noreply.github.com> -Date: Sat, 28 Jan 2023 09:59:58 -0600 -Subject: [PATCH 2/2] removed empty space - ---- - ddclient.in | 1 - - 1 file changed, 1 deletion(-) - -diff --git a/ddclient.in b/ddclient.in -index 8797d7d4..b818ea6e 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -6580,7 +6580,6 @@ sub nic_duckdns_update { - if ($state eq 'noresult') { - failed("updating %s: Server said: '%s'", $h, $line); - } -- - } - } diff --git a/packages/ddclient/patches/z4_dyndns2-multiline-multihost-fix.patch b/packages/ddclient/patches/z4_dyndns2-multiline-multihost-fix.patch deleted file mode 100644 index 1c1a78ae..00000000 --- a/packages/ddclient/patches/z4_dyndns2-multiline-multihost-fix.patch +++ /dev/null @@ -1,111 +0,0 @@ -From 69347bd2a27cfb517d0749f1293ad5acdfcf34ad Mon Sep 17 00:00:00 2001 -From: Franco Fichtner <franco@opnsense.org> -Date: Thu, 1 Jun 2023 09:06:27 +0200 -Subject: [PATCH] dyndns2: fix multiline parsing and multiple host handling - -As seen in the wild with DynDNS.com -- status '14' is being stored -for the first host which is removed from @hosts ending up reading -empty host for next line causing 'nochg' to be misplaced in an empty -host. The same likely applies for multi-host handling so expand to -loop where writing to config and use $hosts when logging to catch all. - -RECEIVE: HTTP/1.1 200 OK -RECEIVE: Date: Thu, 01 Jun 2023 06:59:38 GMT -RECEIVE: Server: Apache/2.4.18 (Ubuntu) -RECEIVE: Strict-Transport-Security: max-age=31536000 -RECEIVE: X-UpdateCode: n -RECEIVE: Vary: Accept-Encoding -RECEIVE: Content-Type: text/plain -RECEIVE: Accept-Ranges: none -RECEIVE: X-User-Status: vip -RECEIVE: Connection: close -RECEIVE: Transfer-Encoding: chunked -RECEIVE: -RECEIVE: 14 -RECEIVE: nochg 192.168.178.20 -RECEIVE: 0 -RECEIVE: - -Ref: ddclient/ddclient#542 ---- - ddclient.in | 51 +++++++++++++++++++++++++++++++-------------------- - 1 file changed, 31 insertions(+), 20 deletions(-) - -diff --git a/ddclient.in b/ddclient.in -index a4464e2c..43eb3b15 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -4194,30 +4194,38 @@ sub nic_dyndns2_update { - # bug #10: some dyndns providers does not return the IP so - # we can't use the returned IP - my ($status, $returnedips) = split / /, lc $line; -- my $h = shift @hosts; - -- $config{$h}{'status'} = $status; -- $config{$h}{'status-ipv4'} = $status if $ipv4; -- $config{$h}{'status-ipv6'} = $status if $ipv6; -+ foreach my $h (@hosts) { -+ $config{$h}{'status'} = $status; -+ $config{$h}{'status-ipv4'} = $status if $ipv4; -+ $config{$h}{'status-ipv6'} = $status if $ipv6; -+ } -+ - if ($status eq 'good') { -- $config{$h}{'ipv4'} = $ipv4 if $ipv4; -- $config{$h}{'ipv6'} = $ipv6 if $ipv6; -- $config{$h}{'mtime'} = $now; -- success("updating %s: %s: IPv4 address set to %s", $h, $status, $ipv4) if $ipv4; -- success("updating %s: %s: IPv6 address set to %s", $h, $status, $ipv6) if $ipv6; -+ foreach my $h (@hosts) { -+ $config{$h}{'ipv4'} = $ipv4 if $ipv4; -+ $config{$h}{'ipv6'} = $ipv6 if $ipv6; -+ $config{$h}{'mtime'} = $now; -+ } -+ -+ success("updating %s: %s: IPv4 address set to %s", $hosts, $status, $ipv4) if $ipv4; -+ success("updating %s: %s: IPv6 address set to %s", $hosts, $status, $ipv6) if $ipv6; - - } elsif (exists $errors{$status}) { - if ($status eq 'nochg') { -- warning("updating %s: %s: %s", $h, $status, $errors{$status}); -- $config{$h}{'ipv4'} = $ipv4 if $ipv4; -- $config{$h}{'ipv6'} = $ipv6 if $ipv6; -- $config{$h}{'mtime'} = $now; -- $config{$h}{'status'} = 'good'; -- $config{$h}{'status-ipv4'} = 'good' if $ipv4; -- $config{$h}{'status-ipv6'} = 'good' if $ipv6; -+ warning("updating %s: %s: %s", $hosts, $status, $errors{$status}); -+ -+ foreach my $h (@hosts) { -+ $config{$h}{'ipv4'} = $ipv4 if $ipv4; -+ $config{$h}{'ipv6'} = $ipv6 if $ipv6; -+ $config{$h}{'mtime'} = $now; -+ $config{$h}{'status'} = 'good'; -+ $config{$h}{'status-ipv4'} = 'good' if $ipv4; -+ $config{$h}{'status-ipv6'} = 'good' if $ipv6; -+ } - - } else { -- failed("updating %s: %s: %s", $h, $status, $errors{$status}); -+ failed("updating %s: %s: %s", $hosts, $status, $errors{$status}); - } - - } elsif ($status =~ /w(\d+)(.)/) { -@@ -4229,11 +4237,14 @@ sub nic_dyndns2_update { - ($scale, $units) = (60*60, 'hours') if $units eq 'h'; - - $sec = $wait * $scale; -- $config{$h}{'wtime'} = $now + $sec; -- warning("updating %s: %s: wait %s %s before further updates", $h, $status, $wait, $units); -+ foreach my $h (@hosts) { -+ $config{$h}{'wtime'} = $now + $sec; -+ } -+ -+ warning("updating %s: %s: wait %s %s before further updates", $hosts, $status, $wait, $units); - - } else { -- failed("updating %s: unexpected status (%s)", $h, $line); -+ failed("updating %s: unexpected status (%s)", $hosts, $line); - } - } - } diff --git a/packages/ddclient/patches/z5_caching-1.patch b/packages/ddclient/patches/z5_caching-1.patch deleted file mode 100644 index 1962a2a2..00000000 --- a/packages/ddclient/patches/z5_caching-1.patch +++ /dev/null @@ -1,211 +0,0 @@ -From 00ae6ec809cd5db7a3b4418ad393c145252f1b75 Mon Sep 17 00:00:00 2001 -From: Lenard Hess <lenard@rrhess.de> -Date: Mon, 10 Jul 2023 18:57:02 +0200 -Subject: [PATCH 1/3] Fixed caching behaviour for new providers with legacy - 'use' logic - -Ref: https://github.com/rrthomas/ddclient/pull/10 ---- - ddclient.in | 12 ++++++++++++ - 1 file changed, 12 insertions(+) - -diff --git a/ddclient.in b/ddclient.in -index 9221a1c9..c871b5b6 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -1337,6 +1337,18 @@ sub update_nics { - if (@hosts) { - $0 = sprintf("%s - updating %s", $program, join(',', @hosts)); - &$update(@hosts); -+ -+ # Backwards compatibility: -+ # If we only have 'use', we set 'wantipv4' or 'wantipv6' depending on the IP type of -+ # 'wantip'. Newer provider implementations such as cloudflare only check 'wantipv*' -+ # and set 'status-ipv*' accordingly, ignoring 'wantip' and 'status'. -+ # For these we then load back the 'status' from 'status-ipv*' to ensure correct -+ # caching and updating behaviour. -+ foreach my $h (@hosts) { -+ $config{$h}{'status'} //= $config{$h}{'status-ipv4'}; -+ $config{$h}{'status'} //= $config{$h}{'status-ipv6'}; -+ } -+ - runpostscript(join ' ', keys %ipsv4, keys %ipsv6); - } - } - -From 240176c5de6360ed9202975fb5e72e9f4148540f Mon Sep 17 00:00:00 2001 -From: Lenard Hess <lenard@rrhess.de> -Date: Mon, 10 Jul 2023 21:48:27 +0200 -Subject: [PATCH 2/3] Added preliminary explanation for provider functions - ---- - ddclient.in | 19 +++++++++++++++++++ - 1 file changed, 19 insertions(+) - -diff --git a/ddclient.in b/ddclient.in -index c871b5b6..3a4a0780 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -3696,6 +3696,25 @@ sub header_ok { - } - return $ok; - } -+ -+###################################################################### -+## DDNS providers -+# A DDNS provider consists of an example function, the update -+# function, and an optional updateable function. -+# -+# The example function simply returns a string for the help message, -+# explaining how to configure the provider -+# -+# The update function performs the actual record update. -+# It receives an array of hosts as its argument. -+# -+# The updateable function allows a provider implementation to force -+# an update even if ddclient has itself determined no update is -+# necessary. The function shall return 1 if an update should be -+# performed, else 0. -+###################################################################### -+ -+ - ###################################################################### - ## nic_dyndns1_examples - ###################################################################### - -From 6c91b3ca2c868989ad5bf6535fa186dbae74ba14 Mon Sep 17 00:00:00 2001 -From: Lenard Hess <lenard@rrhess.de> -Date: Thu, 13 Jul 2023 14:10:44 +0200 -Subject: [PATCH 3/3] easydns, porkbun: Set status-ipv4 and status-ipv6 instead - of status - -This fixes caching issues when using the 'usev4' or 'usev6' parameters. -Without this, the "min-interval" and "warned-min-interval" limits will -not work. - -For the legacy 'use' parameter, the wrapping code takes care of -translating 'status-ipv*' to 'status'. ---- - ddclient.in | 31 ++++++++++++++++--------------- - 1 file changed, 16 insertions(+), 15 deletions(-) - -diff --git a/ddclient.in b/ddclient.in -index 3a4a0780..65076d26 100755 ---- a/ddclient.in -+++ b/ddclient.in -@@ -4747,7 +4747,8 @@ sub nic_easydns_update { - my ($status) = $line =~ /^(\S*)\b.*/; - my $h = shift @hosts; - -- $config{$h}{'status'} = $status; -+ $config{$h}{'status-ipv4'} = $status if $ipv4; -+ $config{$h}{'status-ipv6'} = $status if $ipv6; - if ($status eq 'NOERROR') { - $config{$h}{'ipv4'} = $ipv4; - $config{$h}{'ipv6'} = $ipv6; -@@ -7081,12 +7082,12 @@ sub nic_porkbun_update { - ); - # No response, declare as failed - if (!defined($reply) || !$reply) { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv4'} = "bad"; - failed("updating %s: Could not connect to porkbun.com.", $host); - next; - } - if (!header_ok($host, $reply)) { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv4'} = "bad"; - failed("updating %s: failed (%s)", $host, $reply); - next; - } -@@ -7095,12 +7096,12 @@ sub nic_porkbun_update { - $reply =~ qr/{(?:[^{}]*|(?R))*}/mp; - my $response = eval { decode_json(${^MATCH}) }; - if (!defined($response)) { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv4'} = "bad"; - failed("%s -- Unexpected service response.", $host); - next; - } - if ($response->{status} ne 'SUCCESS') { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv4'} = "bad"; - failed("%s -- Unexpected status. (status = %s)", $host, $response->{status}); - next; - } -@@ -7112,7 +7113,7 @@ sub nic_porkbun_update { - } - my $current_content = $records->[0]->{'content'}; - if ($current_content eq $ipv4) { -- $config{$host}{'status'} = "good"; -+ $config{$host}{'status-ipv4'} = "good"; - success("updating %s: skipped: IPv4 address was already set to %s.", $host, $ipv4); - next; - } -@@ -7144,11 +7145,11 @@ sub nic_porkbun_update { - failed("updating %s: failed (%s)", $host, $reply); - next; - } -- $config{$host}{'status'} = "good"; -+ $config{$host}{'status-ipv4'} = "good"; - success("updating %s: good: IPv4 address set to %s", $host, $ipv4); - next; - } else { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv4'} = "bad"; - failed("updating %s: No applicable existing records.", $host); - next; - } -@@ -7174,12 +7175,12 @@ sub nic_porkbun_update { - ); - # No response, declare as failed - if (!defined($reply) || !$reply) { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv6'} = "bad"; - failed("updating %s: Could not connect to porkbun.com.", $host); - next; - } - if (!header_ok($host, $reply)) { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv6'} = "bad"; - failed("updating %s: failed (%s)", $host, $reply); - next; - } -@@ -7188,12 +7189,12 @@ sub nic_porkbun_update { - $reply =~ qr/{(?:[^{}]*|(?R))*}/mp; - my $response = eval { decode_json(${^MATCH}) }; - if (!defined($response)) { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv6'} = "bad"; - failed("%s -- Unexpected service response.", $host); - next; - } - if ($response->{status} ne 'SUCCESS') { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv6'} = "bad"; - failed("%s -- Unexpected status. (status = %s)", $host, $response->{status}); - next; - } -@@ -7205,7 +7206,7 @@ sub nic_porkbun_update { - } - my $current_content = $records->[0]->{'content'}; - if ($current_content eq $ipv6) { -- $config{$host}{'status'} = "good"; -+ $config{$host}{'status-ipv6'} = "good"; - success("updating %s: skipped: IPv6 address was already set to %s.", $host, $ipv6); - next; - } -@@ -7237,11 +7238,11 @@ sub nic_porkbun_update { - failed("updating %s: failed (%s)", $host, $reply); - next; - } -- $config{$host}{'status'} = "good"; -+ $config{$host}{'status-ipv6'} = "good"; - success("updating %s: good: IPv6 address set to %s", $host, $ipv4); - next; - } else { -- $config{$host}{'status'} = "bad"; -+ $config{$host}{'status-ipv6'} = "bad"; - failed("updating %s: No applicable existing records.", $host); - next; - } diff --git a/packages/frr/Jenkinsfile b/packages/frr/Jenkinsfile index 269aaf9f..173b52da 100644 --- a/packages/frr/Jenkinsfile +++ b/packages/frr/Jenkinsfile @@ -22,7 +22,7 @@ def pkgList = [ ['name': 'libyang', - 'scmCommit': 'v2.1.80', + 'scmCommit': 'v2.1.128', 'scmUrl': 'https://github.com/CESNET/libyang.git', 'buildCmd': 'pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +'], ['name': 'rtrlib', diff --git a/packages/frr/build-frr.sh b/packages/frr/build-frr.sh index e03f54ba..8be3cb4b 100755 --- a/packages/frr/build-frr.sh +++ b/packages/frr/build-frr.sh @@ -29,8 +29,12 @@ if [ -d $PATCH_DIR ]; then done fi +echo "I: Ensure Debian build dependencies are met" +sudo apt-get -y install chrpath gawk install-info libcap-dev libjson-c-dev librtr-dev +sudo apt-get -y install libpam-dev libprotobuf-c-dev libpython3-dev:native libsnmp-dev protobuf-c-compiler python3-dev:native texinfo lua5.3 + # Build Debian FRR package echo "I: Build Debian FRR Package" # extract "real" git commit for FRR version identifier dch -v "$(git describe | cut -c5-)" "VyOS build - FRR" -dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib +dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua diff --git a/packages/keepalived/.gitignore b/packages/keepalived/.gitignore new file mode 100644 index 00000000..9503bdbd --- /dev/null +++ b/packages/keepalived/.gitignore @@ -0,0 +1 @@ +keepalived/ diff --git a/packages/keepalived/Jenkinsfile b/packages/keepalived/Jenkinsfile new file mode 100644 index 00000000..b91c927e --- /dev/null +++ b/packages/keepalived/Jenkinsfile @@ -0,0 +1,33 @@ +// Copyright (C) 2023 VyOS maintainers and contributors +// +// This program is free software; you can redistribute it and/or modify +// in order to easy exprort images built to "external" world +// it under the terms of the GNU General Public License version 2 or later as +// published by the Free Software Foundation. +// +// This program is distributed in the hope that it will be useful, +// but WITHOUT ANY WARRANTY; without even the implied warranty of +// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +// GNU General Public License for more details. +// +// You should have received a copy of the GNU General Public License +// along with this program. If not, see <http://www.gnu.org/licenses/>. + +@NonCPS + +// Using a version specifier library, use 'current' branch. The underscore (_) +// is not a typo! You need this underscore if the line immediately after the +// @Library annotation is not an import statement! +@Library('vyos-build@current')_ + +def package_name = 'keepalived' + +def pkgList = [ + ['name': "${package_name}", + 'scmCommit': 'debian/1%2.2.7-1', + 'scmUrl': 'https://salsa.debian.org/debian/pkg-keepalived.git', + 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; ../build.py'], +] + +// Start package build using library function from https://github.com/vyos/vyos-build +buildPackage("${package_name}", pkgList, null, true, "**/packages/${package_name}/**") diff --git a/packages/keepalived/build.py b/packages/keepalived/build.py new file mode 100755 index 00000000..04f4791b --- /dev/null +++ b/packages/keepalived/build.py @@ -0,0 +1,50 @@ +#!/usr/bin/env python3 + +from pathlib import Path +from shutil import copy as copy_file +from subprocess import run + + +# copy patches +def apply_deb_patches() -> None: + """Apply patches to sources directory + """ + patches_dir = Path('../patches') + current_dir: str = Path.cwd().as_posix() + if patches_dir.exists(): + patches_list = list(patches_dir.iterdir()) + patches_list.sort() + Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True) + series_file = Path(f'{current_dir}/debian/patches/series') + series_data = '' + for patch_file in patches_list: + print(f'Applying patch: {patch_file.name}') + copy_file(patch_file, f'{current_dir}/debian/patches/') + if series_file.exists(): + series_data: str = series_file.read_text() + series_data = f'{series_data}\n{patch_file.name}' + series_file.write_text(series_data) + + +def build_package() -> bool: + """Build a package + + Returns: + bool: build status + """ + build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] + build_status: int = run(build_cmd).returncode + + if build_status: + return False + return True + + +# build a package +if __name__ == '__main__': + apply_deb_patches() + + if not build_package(): + exit(1) + + exit() diff --git a/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch b/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch new file mode 100644 index 00000000..b099dc7b --- /dev/null +++ b/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch @@ -0,0 +1,129 @@ +From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001 +From: Quentin Armitage <quentin@armitage.org.uk> +Date: Sat, 14 Oct 2023 15:37:19 +0100 +Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs + +Setting arp_ignore to 1 ensures that the VMAC interface does not respond +to ARP requests for IPv4 addresses not configured on the VMAC. + +Signed-off-by: Quentin Armitage <quentin@armitage.org.uk> +--- + keepalived/include/vrrp_if_config.h | 2 +- + keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++-------- + keepalived/vrrp/vrrp_vmac.c | 5 ++--- + 3 files changed, 23 insertions(+), 12 deletions(-) + +diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h +index 35465cd..c35e56e 100644 +--- a/keepalived/include/vrrp_if_config.h ++++ b/keepalived/include/vrrp_if_config.h +@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*); + extern void reset_promote_secondaries(interface_t*); + #ifdef _HAVE_VRRP_VMAC_ + extern void restore_rp_filter(void); +-extern void set_interface_parameters(const interface_t*, interface_t*); ++extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t); + extern void reset_interface_parameters(interface_t*); + extern void link_set_ipv6(const interface_t*, bool); + #endif +diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c +index cfce7e2..fbfd34c 100644 +--- a/keepalived/vrrp/vrrp_if_config.c ++++ b/keepalived/vrrp/vrrp_if_config.c +@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = { + { 0, 0} + }; + ++static sysctl_opts_t vmac_sysctl_6[] = { ++ { IPV4_DEVCONF_ARP_IGNORE, 1 }, ++ { 0, 0} ++}; ++ + #endif + #endif + +@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts) + + #ifdef _HAVE_VRRP_VMAC_ + static inline int +-netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) ++netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) + { +- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl)) ++ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl)) + return -1; + ++ if (family == AF_INET6) ++ return 0; ++ + /* If the underlying interface is a MACVLAN that has been moved into + * a separate network namespace from the parent, we can't access the + * parent. */ +@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp) + } + + static inline void +-set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp) ++set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) + { +- if (netlink_set_interface_parameters(ifp, base_ifp)) ++ if (netlink_set_interface_parameters(ifp, base_ifp, family)) + log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname); + } + +@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp) + + #ifdef _HAVE_VRRP_VMAC_ + static inline void +-set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp) ++set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) + { + unsigned val; + + set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1); ++ ++ if (family == AF_INET6) ++ return; ++ + set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1); + set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0); + +@@ -524,15 +536,15 @@ restore_rp_filter(void) + } + + void +-set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) ++set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) + { + if (all_rp_filter == UINT_MAX) + clear_rp_filter(); + + #ifdef _HAVE_IPV4_DEVCONF_ +- set_interface_parameters_devconf(ifp, base_ifp); ++ set_interface_parameters_devconf(ifp, base_ifp, family); + #else +- set_interface_parameters_sysctl(ifp, base_ifp); ++ set_interface_parameters_sysctl(ifp, base_ifp, family); + #endif + } + +diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c +index e5ff0e9..021953a 100644 +--- a/keepalived/vrrp/vrrp_vmac.c ++++ b/keepalived/vrrp/vrrp_vmac.c +@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface) + if (!ifp->ifindex) + return false; + +- if (vrrp->family == AF_INET && create_interface) { ++ if (create_interface) { + /* Set the necessary kernel parameters to make macvlans work for us */ +-// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f +- set_interface_parameters(ifp, ifp->base_ifp); ++ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family); + } + + #ifdef _WITH_FIREWALL_ +-- +2.34.1 + diff --git a/packages/linux-kernel/Jenkinsfile b/packages/linux-kernel/Jenkinsfile index 73da9464..48f24577 100644 --- a/packages/linux-kernel/Jenkinsfile +++ b/packages/linux-kernel/Jenkinsfile @@ -49,7 +49,7 @@ def pkgList = [ 'buildCmd': 'cd ..; ./build-linux-firmware.sh'], // Accel-PPP - ['name': 'accel-ppp', 'scmCommit': 'b120b0d83e21', + ['name': 'accel-ppp', 'scmCommit': '9669bcb99adc', 'scmUrl': 'https://github.com/accel-ppp/accel-ppp.git', 'buildCmd': 'cd ..; pwd; ls -al; ./build-accel-ppp.sh'], diff --git a/packages/linux-kernel/arch/arm64/configs/vyos_defconfig b/packages/linux-kernel/arch/arm64/configs/vyos_defconfig index 8537751b..296ed754 100644 --- a/packages/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/packages/linux-kernel/arch/arm64/configs/vyos_defconfig @@ -2606,7 +2606,7 @@ CONFIG_USB_NET_GL620A=m CONFIG_USB_NET_NET1080=m CONFIG_USB_NET_PLUSB=m CONFIG_USB_NET_MCS7830=m -CONFIG_USB_NET_RNDIS_HOST=m +# CONFIG_USB_NET_RNDIS_HOST is not set CONFIG_USB_NET_CDC_SUBSET_ENABLE=m CONFIG_USB_NET_CDC_SUBSET=m CONFIG_USB_ALI_M5632=y @@ -2822,7 +2822,7 @@ CONFIG_ZD1211RW=m CONFIG_WLAN_VENDOR_QUANTENNA=y # CONFIG_QTNFMAC_PCIE is not set CONFIG_MAC80211_HWSIM=m -CONFIG_USB_NET_RNDIS_WLAN=m +# CONFIG_USB_NET_RNDIS_WLAN is not set # CONFIG_VIRT_WIFI is not set # @@ -5709,7 +5709,6 @@ CONFIG_USB_F_NCM=m CONFIG_USB_F_ECM=m CONFIG_USB_F_EEM=m CONFIG_USB_F_SUBSET=m -CONFIG_USB_F_RNDIS=m CONFIG_USB_F_MASS_STORAGE=m CONFIG_USB_F_FS=m CONFIG_USB_F_UAC1=m @@ -5725,7 +5724,6 @@ CONFIG_USB_CONFIGFS_OBEX=y CONFIG_USB_CONFIGFS_NCM=y CONFIG_USB_CONFIGFS_ECM=y CONFIG_USB_CONFIGFS_ECM_SUBSET=y -CONFIG_USB_CONFIGFS_RNDIS=y CONFIG_USB_CONFIGFS_EEM=y CONFIG_USB_CONFIGFS_MASS_STORAGE=y CONFIG_USB_CONFIGFS_F_LB_SS=y @@ -5745,7 +5743,6 @@ CONFIG_USB_ZERO=m CONFIG_USB_AUDIO=m # CONFIG_GADGET_UAC1 is not set CONFIG_USB_ETH=m -CONFIG_USB_ETH_RNDIS=y # CONFIG_USB_ETH_EEM is not set # CONFIG_USB_G_NCM is not set CONFIG_USB_GADGETFS=m @@ -5757,7 +5754,6 @@ CONFIG_USB_G_PRINTER=m CONFIG_USB_CDC_COMPOSITE=m CONFIG_USB_G_ACM_MS=m CONFIG_USB_G_MULTI=m -CONFIG_USB_G_MULTI_RNDIS=y # CONFIG_USB_G_MULTI_CDC is not set CONFIG_USB_G_HID=m # CONFIG_USB_G_DBGP is not set diff --git a/packages/linux-kernel/arch/x86/configs/vyos_defconfig b/packages/linux-kernel/arch/x86/configs/vyos_defconfig index 930ec830..1496b152 100644 --- a/packages/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/packages/linux-kernel/arch/x86/configs/vyos_defconfig @@ -184,6 +184,7 @@ CONFIG_ARCH_WANT_BATCHED_UNMAP_TLB_FLUSH=y CONFIG_CC_HAS_INT128=y CONFIG_CC_IMPLICIT_FALLTHROUGH="-Wimplicit-fallthrough=5" CONFIG_GCC11_NO_ARRAY_BOUNDS=y +CONFIG_GCC12_NO_ARRAY_BOUNDS=y CONFIG_CC_NO_ARRAY_BOUNDS=y CONFIG_ARCH_SUPPORTS_INT128=y CONFIG_NUMA_BALANCING=y @@ -2767,7 +2768,7 @@ CONFIG_USB_NET_SMSC95XX=m # CONFIG_USB_NET_NET1080 is not set # CONFIG_USB_NET_PLUSB is not set # CONFIG_USB_NET_MCS7830 is not set -CONFIG_USB_NET_RNDIS_HOST=m +# CONFIG_USB_NET_RNDIS_HOST is not set # CONFIG_USB_NET_CDC_SUBSET is not set # CONFIG_USB_NET_ZAURUS is not set # CONFIG_USB_NET_CX82310_ETH is not set @@ -4880,7 +4881,10 @@ CONFIG_UIO_PCI_GENERIC=m # CONFIG_UIO_PRUSS is not set # CONFIG_UIO_MF624 is not set # CONFIG_UIO_HV_GENERIC is not set -# CONFIG_VFIO is not set +CONFIG_VFIO=m +CONFIG_VFIO_PCI=m +CONFIG_VFIO_MDEV=m +CONFIG_MLX5_VFIO_PCI=m # CONFIG_VIRT_DRIVERS is not set CONFIG_VIRTIO_ANCHOR=y CONFIG_VIRTIO=m diff --git a/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch b/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch index 5efe2b92..38f611cf 100644 --- a/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch +++ b/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch @@ -17,11 +17,11 @@ Backport of earlier Vyatta patch. net/ipv6/route.c | 10 ++++++++++ 8 files changed, 34 insertions(+) -diff --git a/Documentation/networking/ip-sysctl.rst b/Documentation/networking/ip-sysctl.rst -index e7b3fa7bb3f7..081b344ea52b 100644 ---- a/Documentation/networking/ip-sysctl.rst -+++ b/Documentation/networking/ip-sysctl.rst -@@ -1592,6 +1592,17 @@ src_valid_mark - BOOLEAN +diff --git i/Documentation/networking/ip-sysctl.rst w/Documentation/networking/ip-sysctl.rst +index f5f7a464605f..1639ff3aa843 100644 +--- i/Documentation/networking/ip-sysctl.rst ++++ w/Documentation/networking/ip-sysctl.rst +@@ -1594,6 +1594,17 @@ src_valid_mark - BOOLEAN Default value is 0. @@ -39,10 +39,10 @@ index e7b3fa7bb3f7..081b344ea52b 100644 arp_filter - BOOLEAN - 1 - Allows you to have multiple network interfaces on the same subnet, and have the ARPs for each interface be answered -diff --git a/include/linux/inetdevice.h b/include/linux/inetdevice.h +diff --git i/include/linux/inetdevice.h w/include/linux/inetdevice.h index ddb27fc0ee8c..8ee3191d9558 100644 ---- a/include/linux/inetdevice.h -+++ b/include/linux/inetdevice.h +--- i/include/linux/inetdevice.h ++++ w/include/linux/inetdevice.h @@ -137,6 +137,7 @@ static inline void ipv4_devconf_setall(struct in_device *in_dev) #define IN_DEV_ARP_NOTIFY(in_dev) IN_DEV_MAXCONF((in_dev), ARP_NOTIFY) #define IN_DEV_ARP_EVICT_NOCARRIER(in_dev) IN_DEV_ANDCONF((in_dev), \ @@ -51,11 +51,11 @@ index ddb27fc0ee8c..8ee3191d9558 100644 struct in_ifaddr { struct hlist_node hash; -diff --git a/include/linux/ipv6.h b/include/linux/ipv6.h -index 37dfdcfcdd54..d549006be04c 100644 ---- a/include/linux/ipv6.h -+++ b/include/linux/ipv6.h -@@ -83,6 +83,7 @@ struct ipv6_devconf { +diff --git i/include/linux/ipv6.h w/include/linux/ipv6.h +index 9a44de45cc1f..78f0896ae755 100644 +--- i/include/linux/ipv6.h ++++ w/include/linux/ipv6.h +@@ -84,6 +84,7 @@ struct ipv6_devconf { __u8 ndisc_evict_nocarrier; struct ctl_table_header *sysctl_header; @@ -63,11 +63,11 @@ index 37dfdcfcdd54..d549006be04c 100644 }; struct ipv6_params { -diff --git a/include/uapi/linux/ip.h b/include/uapi/linux/ip.h -index 874a92349bf5..37a9c7c7b56c 100644 ---- a/include/uapi/linux/ip.h -+++ b/include/uapi/linux/ip.h -@@ -172,6 +172,7 @@ enum +diff --git i/include/uapi/linux/ip.h w/include/uapi/linux/ip.h +index 283dec7e3645..8067941a635e 100644 +--- i/include/uapi/linux/ip.h ++++ w/include/uapi/linux/ip.h +@@ -173,6 +173,7 @@ enum IPV4_DEVCONF_DROP_GRATUITOUS_ARP, IPV4_DEVCONF_BC_FORWARDING, IPV4_DEVCONF_ARP_EVICT_NOCARRIER, @@ -75,22 +75,22 @@ index 874a92349bf5..37a9c7c7b56c 100644 __IPV4_DEVCONF_MAX }; -diff --git a/include/uapi/linux/ipv6.h b/include/uapi/linux/ipv6.h -index 81f4243bebb1..9e001ea84841 100644 ---- a/include/uapi/linux/ipv6.h -+++ b/include/uapi/linux/ipv6.h -@@ -197,6 +197,7 @@ enum { - DEVCONF_IOAM6_ID_WIDE, +diff --git i/include/uapi/linux/ipv6.h w/include/uapi/linux/ipv6.h +index 4fa8511b1e35..5eefcb61018b 100644 +--- i/include/uapi/linux/ipv6.h ++++ w/include/uapi/linux/ipv6.h +@@ -199,6 +199,7 @@ enum { DEVCONF_NDISC_EVICT_NOCARRIER, DEVCONF_ACCEPT_UNTRACKED_NA, + DEVCONF_ACCEPT_RA_MIN_LFT, + DEVCONF_LINK_FILTER, DEVCONF_MAX }; -diff --git a/net/ipv4/devinet.c b/net/ipv4/devinet.c -index e8b9a9202fec..1bb48732e619 100644 ---- a/net/ipv4/devinet.c -+++ b/net/ipv4/devinet.c +diff --git i/net/ipv4/devinet.c w/net/ipv4/devinet.c +index 35d6e74be840..e67cf474630c 100644 +--- i/net/ipv4/devinet.c ++++ w/net/ipv4/devinet.c @@ -2561,6 +2561,7 @@ static struct devinet_sysctl_table { "route_localnet"), DEVINET_SYSCTL_FLUSHING_ENTRY(DROP_UNICAST_IN_L2_MULTICAST, @@ -99,19 +99,19 @@ index e8b9a9202fec..1bb48732e619 100644 }, }; -diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 9c3f5202a97b..fbc072c3534e 100644 ---- a/net/ipv6/addrconf.c -+++ b/net/ipv6/addrconf.c -@@ -5591,6 +5591,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, - array[DEVCONF_IOAM6_ID_WIDE] = cnf->ioam6_id_wide; +diff --git i/net/ipv6/addrconf.c w/net/ipv6/addrconf.c +index c63ccd39fc55..df228a1e8ecf 100644 +--- i/net/ipv6/addrconf.c ++++ w/net/ipv6/addrconf.c +@@ -5607,6 +5607,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, array[DEVCONF_NDISC_EVICT_NOCARRIER] = cnf->ndisc_evict_nocarrier; array[DEVCONF_ACCEPT_UNTRACKED_NA] = cnf->accept_untracked_na; + array[DEVCONF_ACCEPT_RA_MIN_LFT] = cnf->accept_ra_min_lft; + array[DEVCONF_LINK_FILTER] = cnf->link_filter; } static inline size_t inet6_ifla6_size(void) -@@ -7016,6 +7017,13 @@ static const struct ctl_table addrconf_sysctl[] = { +@@ -7039,6 +7040,13 @@ static const struct ctl_table addrconf_sysctl[] = { .extra1 = (void *)SYSCTL_ZERO, .extra2 = (void *)SYSCTL_ONE, }, @@ -125,11 +125,11 @@ index 9c3f5202a97b..fbc072c3534e 100644 { .procname = "ioam6_id", .data = &ipv6_devconf.ioam6_id, -diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 2f355f0ec32a..388e0342c989 100644 ---- a/net/ipv6/route.c -+++ b/net/ipv6/route.c -@@ -675,6 +675,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh) +diff --git i/net/ipv6/route.c w/net/ipv6/route.c +index 0bcdb675ba2c..dd770560d941 100644 +--- i/net/ipv6/route.c ++++ w/net/ipv6/route.c +@@ -678,6 +678,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh) } #endif @@ -144,7 +144,7 @@ index 2f355f0ec32a..388e0342c989 100644 /* * Default Router Selection (RFC 2461 6.3.6) */ -@@ -716,6 +724,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif, +@@ -719,6 +727,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif, if (!m && (strict & RT6_LOOKUP_F_IFACE)) return RT6_NUD_FAIL_HARD; @@ -153,6 +153,5 @@ index 2f355f0ec32a..388e0342c989 100644 #ifdef CONFIG_IPV6_ROUTER_PREF m |= IPV6_DECODE_PREF(IPV6_EXTRACT_PREF(fib6_flags)) << 2; #endif --- +-- 2.30.2 - diff --git a/packages/pmacct/Jenkinsfile b/packages/pmacct/Jenkinsfile index af767b32..19af2c9b 100644 --- a/packages/pmacct/Jenkinsfile +++ b/packages/pmacct/Jenkinsfile @@ -21,12 +21,12 @@ @Library('vyos-build@current')_ def package_name = 'pmacct' - +// "sudo apt-get remove git -y" is necessary for solving this issue https://vyos.dev/T5663 def pkgList = [ ['name': "${package_name}", 'scmCommit': 'debian/1.7.7-1', 'scmUrl': 'https://salsa.debian.org/debian/pmacct.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; ../build.py'], + 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get remove git -y; ../build.py'], ] // Start package build using library function from https://github.com/vyos/vyos-build diff --git a/packages/strongswan/Jenkinsfile b/packages/strongswan/Jenkinsfile index 13d6dd6c..d79941d7 100644 --- a/packages/strongswan/Jenkinsfile +++ b/packages/strongswan/Jenkinsfile @@ -21,9 +21,9 @@ def pkgList = [ ['name': 'strongswan', - 'scmCommit': 'debian/5.9.8-5', + 'scmCommit': 'debian/5.9.11-2', 'scmUrl': 'https://salsa.debian.org/debian/strongswan.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], + 'buildCmd': 'cd ..; ./build.sh'], ] // Start package build using library function from https://github.com/vyos/vyos-build diff --git a/packages/strongswan/build.sh b/packages/strongswan/build.sh index e5ffbffa..c0dab4d5 100755 --- a/packages/strongswan/build.sh +++ b/packages/strongswan/build.sh @@ -2,6 +2,35 @@ CWD=$(pwd) set -e +# extracted build dependencies, as autogenerationg and installing them will fail :/ +sudo apt-get install -y bison \ + bzip2 \ + debhelper-compat \ + dh-apparmor \ + dpkg-dev \ + flex \ + gperf \ + libiptc-dev \ + libcap-dev \ + libcurl3-dev \ + libgcrypt20-dev \ + libgmp3-dev \ + libkrb5-dev \ + libldap2-dev \ + libnm-dev \ + libpam0g-dev \ + libsqlite3-dev \ + libssl-dev \ + libsystemd-dev \ + libtool \ + libtss2-dev \ + libxml2-dev \ + pkg-config \ + po-debconf \ + systemd \ + libsystemd-dev \ + tzdata + SRC=strongswan if [ ! -d ${SRC} ]; then echo "Source directory does not exists, please 'git clone'" @@ -21,7 +50,7 @@ fi cd ${SRC} echo "I: bump version" -dch -v "5.9.8-5+vyos0" "Patchset for DMVPN support" -b +dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b +dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch b/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch index b791166a..ceb47350 100644 --- a/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch +++ b/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch @@ -30,20 +30,20 @@ Signed-off-by: Timo Teräs <timo.teras@iki.fi> 11 files changed, 215 insertions(+), 47 deletions(-) diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c -index 8c09cac89..8582798d2 100644 +index 2e2cb3c..b9369a8 100644 --- a/src/charon-cmd/cmd/cmd_connection.c +++ b/src/charon-cmd/cmd/cmd_connection.c @@ -439,7 +439,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) child_cfg = create_child_cfg(this, peer_cfg); if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- controller_cb_empty, NULL, 0, FALSE) != SUCCESS) -+ NULL, NULL, controller_cb_empty, NULL, 0, FALSE) != SUCCESS) +- controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS) ++ NULL, NULL, controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS) { terminate(pid); } diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c -index cff504966..9c5afe833 100644 +index 027f48e..4ce8616 100644 --- a/src/libcharon/control/controller.c +++ b/src/libcharon/control/controller.c @@ -15,6 +15,28 @@ @@ -75,7 +75,7 @@ index cff504966..9c5afe833 100644 #include "controller.h" #include <sys/types.h> -@@ -102,6 +124,16 @@ struct interface_listener_t { +@@ -107,6 +129,16 @@ struct interface_listener_t { */ ike_sa_t *ike_sa; @@ -92,7 +92,7 @@ index cff504966..9c5afe833 100644 /** * unique ID, used for various methods */ -@@ -414,10 +446,15 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -417,10 +449,15 @@ METHOD(job_t, initiate_execute, job_requeue_t, ike_sa_t *ike_sa; interface_listener_t *listener = &job->listener; peer_cfg_t *peer_cfg = listener->peer_cfg; @@ -109,15 +109,15 @@ index cff504966..9c5afe833 100644 if (!ike_sa) { DESTROY_IF(listener->child_cfg); -@@ -492,6 +529,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, +@@ -499,6 +536,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, METHOD(controller_t, initiate, status_t, private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, u_int timeout, bool limits) + controller_cb_t callback, void *param, level_t max_level, u_int timeout, + bool limits) { - interface_job_t *job; -@@ -514,6 +552,8 @@ METHOD(controller_t, initiate, status_t, +@@ -523,6 +561,8 @@ METHOD(controller_t, initiate, status_t, .status = FAILED, .child_cfg = child_cfg, .peer_cfg = peer_cfg, @@ -127,10 +127,10 @@ index cff504966..9c5afe833 100644 .options.limits = limits, }, diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h -index cdd3a5d43..507c19fb3 100644 +index 36a1d46..a130fbb 100644 --- a/src/libcharon/control/controller.h +++ b/src/libcharon/control/controller.h -@@ -80,6 +80,8 @@ struct controller_t { +@@ -81,6 +81,8 @@ struct controller_t { * * @param peer_cfg peer_cfg to use for IKE_SA setup * @param child_cfg optional child_cfg to set up CHILD_SA from @@ -138,25 +138,25 @@ index cdd3a5d43..507c19fb3 100644 + * @param other_host optional address hint for destination * @param cb logging callback * @param param parameter to include in each call of cb - * @param timeout timeout in ms to wait for callbacks, 0 to disable -@@ -93,6 +95,7 @@ struct controller_t { + * @param max_level maximum log level for which cb is invoked +@@ -95,6 +97,7 @@ struct controller_t { */ status_t (*initiate)(controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, + host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, u_int timeout, - bool limits); + controller_cb_t callback, void *param, + level_t max_level, u_int timeout, bool limits); diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c -index ba4e5bf9e..db2c6f00b 100644 +index 2824c93..21ff6b3 100644 --- a/src/libcharon/plugins/stroke/stroke_control.c +++ b/src/libcharon/plugins/stroke/stroke_control.c @@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg if (msg->output_verbosity < 0) { charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- NULL, NULL, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, FALSE); +- NULL, NULL, 0, 0, FALSE); ++ NULL, NULL, NULL, NULL, 0, 0, FALSE); } else { @@ -167,24 +167,24 @@ index ba4e5bf9e..db2c6f00b 100644 - peer_cfg, child_cfg, (controller_cb_t)stroke_log, + peer_cfg, child_cfg, NULL, NULL, + (controller_cb_t)stroke_log, - &info, this->timeout, FALSE); + &info, msg->output_verbosity, this->timeout, FALSE); switch (status) { diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 0c061d4b2..2da616700 100644 +index 5221225..b1486e3 100644 --- a/src/libcharon/plugins/vici/vici_config.c +++ b/src/libcharon/plugins/vici/vici_config.c -@@ -2215,7 +2215,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, +@@ -2252,7 +2252,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); charon->controller->initiate(charon->controller, peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), -- NULL, NULL, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, FALSE); +- NULL, NULL, 0, 0, FALSE); ++ NULL, NULL, NULL, NULL, 0, 0, FALSE); } } diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c -index 7b8ff1215..8d996c044 100644 +index 1c236d2..811d8db 100644 --- a/src/libcharon/plugins/vici/vici_control.c +++ b/src/libcharon/plugins/vici/vici_control.c @@ -15,6 +15,28 @@ @@ -238,7 +238,7 @@ index 7b8ff1215..8d996c044 100644 if (!child && !ike) { -@@ -199,31 +225,51 @@ CALLBACK(initiate, vici_message_t*, +@@ -199,31 +225,52 @@ CALLBACK(initiate, vici_message_t*, log_cb = (controller_cb_t)log_vici; } @@ -265,11 +265,12 @@ index 7b8ff1215..8d996c044 100644 + msg = send_reply(this, "%s config '%s' not found", type, sa); + goto ret; } -- switch (charon->controller->initiate(charon->controller, peer_cfg, -- child_cfg, log_cb, &log, timeout, limits)) +- switch (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, +- log_cb, &log, log.level, timeout, limits)) + switch (charon->controller->initiate(charon->controller, -+ peer_cfg, child_cfg, my_host, other_host, -+ log_cb, &log, timeout, limits)) ++ peer_cfg, child_cfg, ++ my_host, other_host, ++ log_cb, &log, log.level, timeout, limits)) { case SUCCESS: - return send_reply(this, NULL); @@ -297,22 +298,22 @@ index 7b8ff1215..8d996c044 100644 + return msg; } - CALLBACK(terminate, vici_message_t*, + /** diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c -index b966cd132..23ed1e01f 100644 +index 122e5ce..dec458c 100644 --- a/src/libcharon/processing/jobs/start_action_job.c +++ b/src/libcharon/processing/jobs/start_action_job.c @@ -84,7 +84,7 @@ METHOD(job_t, execute, job_requeue_t, charon->controller->initiate(charon->controller, peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), -- NULL, NULL, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, FALSE); +- NULL, NULL, 0, 0, FALSE); ++ NULL, NULL, NULL, NULL, 0, 0, FALSE); } } children->destroy(children); diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index c8d439630..d9c32d8cc 100644 +index fc31c2a..51e28bc 100644 --- a/src/libcharon/sa/ike_sa_manager.c +++ b/src/libcharon/sa/ike_sa_manager.c @@ -16,6 +16,28 @@ @@ -401,7 +402,7 @@ index c8d439630..d9c32d8cc 100644 } charon->bus->set_sa(charon->bus, ike_sa); diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h -index 004cc2216..50f8246f8 100644 +index 004cc22..50f8246 100644 --- a/src/libcharon/sa/ike_sa_manager.h +++ b/src/libcharon/sa/ike_sa_manager.h @@ -123,7 +123,8 @@ struct ike_sa_manager_t { @@ -429,7 +430,7 @@ index 004cc2216..50f8246f8 100644 /** * Reset initiator SPI. diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c -index d8d8a421a..e7c906eb7 100644 +index d8d8a42..e7c906e 100644 --- a/src/libcharon/sa/trap_manager.c +++ b/src/libcharon/sa/trap_manager.c @@ -523,7 +523,7 @@ METHOD(trap_manager_t, acquire, void, @@ -456,32 +457,34 @@ index d8d8a421a..e7c906eb7 100644 - - ike_sa->set_peer_cfg(ike_sa, peer); - ike_cfg = ike_sa->get_ike_cfg(ike_sa); -+ { -+ ike_cfg_t *ike_cfg; -+ uint16_t port; -+ uint8_t mask; - +- - port = ike_cfg->get_other_port(ike_cfg); - data->dst->to_subnet(data->dst, &host, &mask); - host->set_port(host, port); - ike_sa->set_other_host(ike_sa, host); -+ ike_cfg = peer->get_ike_cfg(peer); - +- - port = ike_cfg->get_my_port(ike_cfg); - data->src->to_subnet(data->src, &host, &mask); - host->set_port(host, port); - ike_sa->set_my_host(ike_sa, host); -+ port = ike_cfg->get_other_port(ike_cfg); -+ data->dst->to_subnet(data->dst, &other_host, &mask); -+ other_host->set_port(other_host, port); - +- - charon->bus->set_sa(charon->bus, ike_sa); - } - } - else -- { + { - ike_sa = charon->ike_sa_manager->checkout_by_config( - charon->ike_sa_manager, peer); ++ ike_cfg_t *ike_cfg; ++ uint16_t port; ++ uint8_t mask; ++ ++ ike_cfg = peer->get_ike_cfg(peer); ++ ++ port = ike_cfg->get_other_port(ike_cfg); ++ data->dst->to_subnet(data->dst, &other_host, &mask); ++ other_host->set_port(other_host, port); ++ + port = ike_cfg->get_my_port(ike_cfg); + data->src->to_subnet(data->src, &my_host, &mask); + my_host->set_port(my_host, port); @@ -496,7 +499,7 @@ index d8d8a421a..e7c906eb7 100644 if (ike_sa) { diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c -index e0fffb907..dcaded59d 100644 +index e0fffb9..dcaded5 100644 --- a/src/swanctl/commands/initiate.c +++ b/src/swanctl/commands/initiate.c @@ -14,6 +14,28 @@ @@ -574,6 +577,3 @@ index e0fffb907..dcaded59d 100644 {"timeout", 't', 1, "timeout in seconds before detaching"}, {"raw", 'r', 0, "dump raw response message"}, {"pretty", 'P', 0, "dump raw response message in pretty print"}, --- -2.38.1 - diff --git a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch b/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch index 085d1303..57a622e8 100644 --- a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch +++ b/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch @@ -95,7 +95,7 @@ index 2fed1f10f..fa0d21a0c 100755 --enable-addrblock \ --enable-agent \ @@ -88,7 +97,7 @@ ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) - endif + deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,) override_dh_auto_configure: - dh_auto_configure -- $(CONFIGUREARGS) diff --git a/packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch b/packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch deleted file mode 100644 index dc21a96d..00000000 --- a/packages/strongswan/patches/0005-vici-add-soft-lifetime-calculation-if-hard-lifetime-configured.patch +++ /dev/null @@ -1,97 +0,0 @@ -From a2b1e06f07569e8d3f08a37b68a206164b67fbe3 Mon Sep 17 00:00:00 2001 -From: Tobias Brunner <tobias@strongswan.org> -Date: Tue, 6 Dec 2022 17:33:20 +0100 -Subject: [PATCH] vici: Base default soft lifetime on hard lifetime if - configured - -Depending on the configured hard lifetime the default soft lifetime -might not make sense and could even cause rekeying to get disabled. -To avoid that, derive the soft lifetime from the hard lifetime so it's -10% higher than the soft lifetime. - -References strongswan/strongswan#1414 ---- - src/libcharon/plugins/vici/vici_config.c | 46 ++++++++++++++++++++---- - 1 file changed, 40 insertions(+), 6 deletions(-) - -diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 0c061d4b2d7..a59d799caf6 100644 ---- a/src/libcharon/plugins/vici/vici_config.c -+++ b/src/libcharon/plugins/vici/vici_config.c -@@ -1981,18 +1981,52 @@ CALLBACK(auth_sn, bool, - */ - static void check_lifetimes(lifetime_cfg_t *lft) - { -+ /* if no soft lifetime specified, set a default or base it on the hard lifetime */ -+ if (lft->time.rekey == LFT_UNDEFINED) -+ { -+ if (lft->time.life != LFT_UNDEFINED) -+ { -+ lft->time.rekey = lft->time.life / 1.1; -+ } -+ else -+ { -+ lft->time.rekey = LFT_DEFAULT_CHILD_REKEY_TIME; -+ } -+ } -+ if (lft->bytes.rekey == LFT_UNDEFINED) -+ { -+ if (lft->bytes.life != LFT_UNDEFINED) -+ { -+ lft->bytes.rekey = lft->bytes.life / 1.1; -+ } -+ else -+ { -+ lft->bytes.rekey = LFT_DEFAULT_CHILD_REKEY_BYTES; -+ } -+ } -+ if (lft->packets.rekey == LFT_UNDEFINED) -+ { -+ if (lft->packets.life != LFT_UNDEFINED) -+ { -+ lft->packets.rekey = lft->packets.life / 1.1; -+ } -+ else -+ { -+ lft->packets.rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS; -+ } -+ } - /* if no hard lifetime specified, add one at soft lifetime + 10% */ - if (lft->time.life == LFT_UNDEFINED) - { -- lft->time.life = lft->time.rekey * 110 / 100; -+ lft->time.life = lft->time.rekey * 1.1; - } - if (lft->bytes.life == LFT_UNDEFINED) - { -- lft->bytes.life = lft->bytes.rekey * 110 / 100; -+ lft->bytes.life = lft->bytes.rekey * 1.1; - } - if (lft->packets.life == LFT_UNDEFINED) - { -- lft->packets.life = lft->packets.rekey * 110 / 100; -+ lft->packets.life = lft->packets.rekey * 1.1; - } - /* if no rand time defined, use difference of hard and soft */ - if (lft->time.jitter == LFT_UNDEFINED) -@@ -2026,17 +2060,17 @@ CALLBACK(children_sn, bool, - .mode = MODE_TUNNEL, - .lifetime = { - .time = { -- .rekey = LFT_DEFAULT_CHILD_REKEY_TIME, -+ .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, - .bytes = { -- .rekey = LFT_DEFAULT_CHILD_REKEY_BYTES, -+ .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, - .packets = { -- .rekey = LFT_DEFAULT_CHILD_REKEY_PACKETS, -+ .rekey = LFT_UNDEFINED, - .life = LFT_UNDEFINED, - .jitter = LFT_UNDEFINED, - }, diff --git a/packages/telegraf/Jenkinsfile b/packages/telegraf/Jenkinsfile index b0bdd07e..873d3842 100644 --- a/packages/telegraf/Jenkinsfile +++ b/packages/telegraf/Jenkinsfile @@ -23,7 +23,7 @@ // and not via a DEB package def pkgList = [ ['name': 'telegraf', - 'scmCommit': 'v1.23.1', + 'scmCommit': 'v1.28.3', 'scmUrl': 'https://github.com/influxdata/telegraf.git', 'buildCmd': 'cd ..; ./build.sh'], ] diff --git a/packages/telegraf/build.sh b/packages/telegraf/build.sh index 46dfc88a..2ba511d0 100755 --- a/packages/telegraf/build.sh +++ b/packages/telegraf/build.sh @@ -21,4 +21,7 @@ cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go echo "I: Build Debian ${BUILD_ARCH} package" cd ${SRC} export PATH=/opt/go/bin:$PATH + +# Generate default telegraf config +go run ./cmd/telegraf config > etc/telegraf.conf LDFLAGS=-w make "${BUILD_ARCH}.deb" diff --git a/scripts/build-vyos-image b/scripts/build-vyos-image index afeed480..94ce417d 100755 --- a/scripts/build-vyos-image +++ b/scripts/build-vyos-image @@ -332,10 +332,13 @@ if __name__ == "__main__": """ chroot_includes_dir = os.path.join(defaults.BUILD_DIR, defaults.CHROOT_INCLUDES_DIR) + binary_includes_dir = os.path.join(defaults.BUILD_DIR, defaults.BINARY_INCLUDES_DIR) vyos_data_dir = os.path.join(chroot_includes_dir, "usr/share/vyos") os.makedirs(vyos_data_dir, exist_ok=True) with open(os.path.join(vyos_data_dir, 'version.json'), 'w') as f: json.dump(version_data, f) + with open(os.path.join(binary_includes_dir, 'version.json'), 'w') as f: + json.dump(version_data, f) # For backwards compatibility with 'add system image' script from older versions # we need a file in the old format so that script can find out the version of the image diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index 72ef4696..e8a7cc6f 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -272,7 +272,7 @@ gen_disk(args.disk) if args.qemu_cmd: tmp = get_qemu_cmd('TESTVM', kvm, args.uefi, args.disk, diskname_raid, args.iso) - print(tmp) + os.system(tmp) exit(0) test_timeout = 3 *3600 # 3 hours (in seconds) @@ -306,42 +306,29 @@ try: ################################################# log.info('Starting installer') c.sendline('install image') - c.expect('\nWould you like to continue?.*:') - c.sendline('yes') - - if args.raid: - c.expect('\nWould you like to configure RAID-1 mirroring on them?.*:') - c.sendline('yes') - # Erase all data on disks - c.expect('\nAre you sure you want to do this?.*:') - c.sendline('yes') - else: - log.info('Partitioning disk') - c.expect('\nPartition.*:') - c.sendline('') - c.expect('\nInstall the image on.*:') - c.sendline('') - c.expect(r'\nContinue\?.*:') - c.sendline('Yes') - c.expect('\nHow big of a root partition should I create?.*:') - c.sendline('') - - log.info('Disk(s) partitioned, installing...') - c.expect('\nWhat would you like to name this image?.*:', timeout=600) + c.expect('\nWould you like to continue?.*') + c.sendline('y') + c.expect('\nWhat would you like to name this image?.*') c.sendline('') - log.info('Copying files') - c.expect('\nWhich one should I copy to.*:', timeout=600) + c.expect(f'\nPlease enter a password for the "{default_user}" user.*') c.sendline('') - log.info('Files Copied!') - c.expect('\nEnter password for user.*:') - c.sendline(default_user) - c.expect('\nRetype password for user.*:') - c.sendline(default_password) + c.expect('\nWhat console should be used by default?.*') + c.sendline('S') - if not args.raid: - c.expect('\nWhich drive should GRUB modify the boot partition on.*:') + if args.raid: + c.expect('\nWould you like to configure RAID-1 mirroring??.*') + c.sendline('y') + c.expect('\nWould you like to configure RAID-1 mirroring on them?.*') + c.sendline('y') + c.expect('\nInstallation will delete all data on both drives. Continue?.*') + c.sendline('y') + else: + c.expect('\nWhich one should be used for installation?.*') c.sendline('') - c.expect(op_mode_prompt) + c.expect('\nInstallation will delete all data on the drive. Continue?.*') + c.sendline('y') + c.expect('\nWould you like to use all the free space on the drive?.*') + c.sendline('y') log.info('system installed, shutting down') @@ -458,7 +445,7 @@ try: c.expect(op_mode_prompt) log.info('Add member to RAID1 (md0)') - c.sendline('add raid md0 by-id member drive-hd1-part1') + c.sendline('add raid md0 by-id member drive-hd1-part3') c.expect(op_mode_prompt) log.info('Now we need to wait for re-sync to complete') diff --git a/scripts/iso-to-oci b/scripts/iso-to-oci new file mode 100755 index 00000000..c9396290 --- /dev/null +++ b/scripts/iso-to-oci @@ -0,0 +1,63 @@ +#!/bin/bash + +function cleanup() { + if [[ -d $ROOTFS ]]; then + rm -rf $ROOTFS + fi + if [[ -d $UNSQUASHFS ]]; then + rm -rf $UNSQUASHFS + fi +} + +if [[ $(/usr/bin/id -u) -ne 0 ]]; then + echo "Not running as root" + exit +fi + +if [ "$#" -ne 1 ]; then + echo "Illegal number of parameters" +fi + +ISO=$1 +ROOTFS=rootfs +UNSQUASHFS=unsquashfs + +# ensure clean working directory +cleanup + +mkdir $ROOTFS $UNSQUASHFS +echo "I: mount ISO $ISO" +mount -t iso9660 -o loop $ISO $ROOTFS/ >/dev/null 2>&1 + +# create directory, unpack squashfs filesystem, get ISO version +# and unmount ISO +echo "I: extracting squashfs content" +unsquashfs -follow -dest $UNSQUASHFS/ $ROOTFS/live/filesystem.squashfs >/dev/null 2>&1 +VERSION=$(jq --raw-output .version $ROOTFS/version.json) +umount $ROOTFS/ + +# fix locales for correct system configuration loading +sed -i 's/^LANG=.*$/LANG=C.UTF-8/' $UNSQUASHFS/etc/default/locale + +# optional step: Decrease docker image size by deleting not necessary files for container +rm -rf $UNSQUASHFS/boot/*.img +rm -rf $UNSQUASHFS/boot/*vyos* +rm -rf $UNSQUASHFS/boot/vmlinuz +rm -rf $UNSQUASHFS/lib/firmware/ +rm -rf $UNSQUASHFS/usr/lib/x86_64-linux-gnu/libwireshark.so* +rm -rf $UNSQUASHFS/lib/modules/*amd64-vyos +rm -rf $UNSQUASHFS/root/.gnupg + +# create a symbolic link to the configuration +ln -s /opt/vyatta/etc/config $UNSQUASHFS/config + +# create docker image +echo "I: generate OCI container image vyos-$VERSION.tar" +tar -C unsquashfs -c . -f vyos-$VERSION.tar + +echo "I: to import the previously generated OCI image to your local images run:" +echo "" +echo " docker import vyos-$VERSION.tar vyos:$VERSION --change 'CMD ["/sbin/init"]'" +echo "" + +cleanup diff --git a/scripts/vyos_build_defaults.py b/scripts/vyos_build_defaults.py index 975fcb71..1e153f4b 100644 --- a/scripts/vyos_build_defaults.py +++ b/scripts/vyos_build_defaults.py @@ -37,6 +37,7 @@ PBUILDER_DIR = 'pbuilder' LB_CONFIG_DIR = 'config' CHROOT_INCLUDES_DIR = 'config/includes.chroot' +BINARY_INCLUDES_DIR = 'config/includes.binary' ARCHIVES_DIR = 'config/archives/' VYOS_REPO_FILE = 'config/archives/vyos.list.chroot' |