7 files changed, 82 insertions, 7 deletions

diff --git a/.github/workflows/pr-conflicts.yml b/.github/workflows/pr-conflicts.yml
index 96040cd6..2fd0bb42 100644
--- a/.github/workflows/pr-conflicts.yml
+++ b/.github/workflows/pr-conflicts.yml
@@ -6,10 +6,10 @@ on:
 jobs:
   Conflict_Check:
     name: 'Check PR status: conflicts and resolution'
-    runs-on: ubuntu-22.04
+    runs-on: ubuntu-latest
     steps:
       - name: check if PRs are dirty
-        uses: eps1lon/actions-label-merge-conflict@releases/2.x
+        uses: eps1lon/actions-label-merge-conflict@v3
         with:
           dirtyLabel: "state: conflict"
           removeOnDirtyLabel: "state: conflict resolved"
diff --git a/data/defaults.toml b/data/defaults.toml
index 75eaf61d..e8518d26 100644
--- a/data/defaults.toml
+++ b/data/defaults.toml
@@ -14,7 +14,7 @@ vyos_mirror = "https://rolling-packages.vyos.net/current"
 vyos_branch = "current"
 release_train = "current"
 
-kernel_version = "6.6.25"
+kernel_version = "6.6.27"
 bootloaders = "syslinux,grub-efi"
 
 squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery"
diff --git a/data/live-build-config/hooks/live/18-enable-disable_services.chroot b/data/live-build-config/hooks/live/18-enable-disable_services.chroot
index 08404a62..4680c869 100755
--- a/data/live-build-config/hooks/live/18-enable-disable_services.chroot
+++ b/data/live-build-config/hooks/live/18-enable-disable_services.chroot
@@ -21,7 +21,6 @@ systemctl disable conntrackd.service
 systemctl disable 'udp-broadcast-relay@*.service'
 systemctl disable pdns-recursor.service
 systemctl disable tftpd-hpa.service
-systemctl disable logd.service
 systemctl disable frr.service
 systemctl disable salt-minion.service
 systemctl disable certbot.service
@@ -29,7 +28,6 @@ systemctl disable certbot.timer
 systemctl disable nginx.service
 systemctl disable wpa_supplicant.service
 systemctl disable squid.service
-systemctl disable heartbeat.service
 systemctl disable apt-daily.service
 systemctl disable apt-daily.timer
 systemctl disable apt-daily-upgrade.timer
@@ -70,7 +68,6 @@ systemctl disable podman-auto-update.timer
 systemctl disable podman-restart.service
 systemctl disable vyos-wan-load-balance.service
 systemctl disable nvmf-autoconnect.service
-systemctl disable vpp.service
 systemctl disable dpkg-db-backup.timer
 systemctl disable dpkg-db-backup.service
 systemctl disable zabbix-agent2.service
diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default b/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default
index 7123ef54..c3ff6c79 100644
--- a/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default
+++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/config.boot.default
@@ -19,6 +19,16 @@ system {
         }
     }
     ntp {
+        allow-client {
+            address 127.0.0.0/8
+            address 169.254.0.0/16
+            address 10.0.0.0/8
+            address 172.16.0.0/12
+            address 192.168.0.0/16
+            address ::1/128
+            address fe80::/10
+            address fc00::/7
+        }
         server "time1.vyos.net"
         server "time2.vyos.net"
         server "time3.vyos.net"
diff --git a/scripts/check-pr-title-and-commit-messages.py b/scripts/check-pr-title-and-commit-messages.py
new file mode 100755
index 00000000..f7376e98
--- /dev/null
+++ b/scripts/check-pr-title-and-commit-messages.py
@@ -0,0 +1,54 @@
+#!/usr/bin/env python3
+
+import re
+import sys
+import time
+
+import requests
+
+# Use the same regex for PR title and commit messages for now
+title_regex = r'^(([a-zA-Z\-_.]+:\s)?)T\d+:\s+[^\s]+.*'
+commit_regex = title_regex
+
+
+def check_pr_title(title):
+    if not re.match(title_regex, title):
+        print(f"PR title '{title}' does not match the required format!")
+        print("Valid title example: T99999: make IPsec secure")
+        sys.exit(1)
+
+
+def check_commit_message(title):
+    if not re.match(commit_regex, title):
+        print(f"Commit title '{title}' does not match the required format!")
+        print("Valid title example: T99999: make IPsec secure")
+        sys.exit(1)
+
+
+if __name__ == '__main__':
+    if len(sys.argv) < 2:
+        print("Please specify pull request URL!")
+        sys.exit(1)
+
+    # There seems to be a race condition that causes this scripts to receive
+    # an incomplete PR object that is missing certain fields,
+    # which causes temporary CI failures that require re-running the script
+    #
+    # It's probably better to add a small delay to prevent that
+    time.sleep(5)
+
+    # Get the pull request object
+    pr = requests.get(sys.argv[1]).json()
+    if "title" not in pr:
+        print("The PR object does not have a title field!")
+        print("Did not receive a valid pull request object, please check the URL!")
+        sys.exit(1)
+
+    check_pr_title(pr["title"])
+
+    # Get the list of commits
+    commits = requests.get(pr["commits_url"]).json()
+    for c in commits:
+        # Retrieve every individual commit and check its title
+        co = requests.get(c["url"]).json()
+        check_commit_message(co["commit"]["message"])
diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install
index 41c566e6..b8f3806b 100755
--- a/scripts/check-qemu-install
+++ b/scripts/check-qemu-install
@@ -336,7 +336,9 @@ try:
     c.expect('\nWhat would you like to name this image?.*')
     c.sendline('')
     c.expect(f'\nPlease enter a password for the "{default_user}" user.*')
-    c.sendline('')
+    c.sendline('vyos')
+    c.expect(f'\nPlease confirm password for the "{default_user}" user.*')
+    c.sendline('vyos')
     c.expect('\nWhat console should be used by default?.*')
     c.sendline('S')
 
@@ -347,6 +349,8 @@ try:
         c.sendline('y')
         c.expect('\nInstallation will delete all data on both drives. Continue?.*')
         c.sendline('y')
+        c.expect('\nWhich file would you like as boot config?.*')
+        c.sendline('')
     else:
         c.expect('\nWhich one should be used for installation?.*')
         c.sendline('')
@@ -354,6 +358,8 @@ try:
         c.sendline('y')
         c.expect('\nWould you like to use all the free space on the drive?.*')
         c.sendline('y')
+        c.expect('\nWhich file would you like as boot config?.*')
+        c.sendline('')
 
     log.info('system installed, shutting down')
 
diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image
index 61431c16..893e0016 100755
--- a/scripts/image-build/build-vyos-image
+++ b/scripts/image-build/build-vyos-image
@@ -30,6 +30,7 @@ import platform
 import argparse
 import datetime
 import functools
+import string
 
 # Import third-party modules
 try:
@@ -275,6 +276,13 @@ if __name__ == "__main__":
             print("Use --build-type=release option if you want to set version number")
             sys.exit(1)
 
+    # Validate characters in version name
+    if 'version' in args and args['version'] != None:
+        allowed = string.ascii_letters + string.digits + '.' + '-' + '+'
+        if not set(args['version']) <= set(allowed):
+            print(f'Version contained illegal character(s), allowed: {allowed}')
+            sys.exit(1)
+
     ## Inject some useful hardcoded options
     args['build_dir'] = defaults.BUILD_DIR
     args['pbuilder_config'] = os.path.join(defaults.BUILD_DIR, defaults.PBUILDER_CONFIG)