diff options
163 files changed, 654 insertions, 5345 deletions
diff --git a/.github/workflows/trigger-docker-image-build.yml b/.github/workflows/trigger-docker-image-build.yml new file mode 100644 index 00000000..5e0b07ef --- /dev/null +++ b/.github/workflows/trigger-docker-image-build.yml @@ -0,0 +1,47 @@ +name: Trigger Docker image build
+
+on:
+ pull_request_target:
+ types:
+ - closed
+ branches:
+ - current
+
+permissions:
+ packages: write
+ contents: read
+ attestations: write
+ id-token: write
+ pull-requests: read
+
+jobs:
+ track-changes:
+ if: github.event.pull_request.merged == true
+ runs-on: ubuntu-latest
+
+ env:
+ REF: main # Used for curl to trigger image build
+
+ steps:
+ - name: Checkout vyos/vyos-build repo
+ uses: actions/checkout@v4
+ with:
+ ref: ${{ github.ref_name }}
+
+ - uses: dorny/paths-filter@v3
+ id: changes
+ with:
+ filters: |
+ docker-dir:
+ - 'docker/**'
+
+ - name: "Trigger Docker image build for ${{ github.ref_name }}"
+ if: ${{ steps.changes.outputs.docker-dir == 'true' }} + run: |
+ curl -L \
+ -X POST \
+ -H "Accept: application/vnd.github+json" \
+ -H "Authorization: Bearer ${{ secrets.PAT }}" \
+ -H "X-GitHub-Api-Version: 2022-11-28" \
+ https://api.github.com/repos/${{ secrets.REMOTE_OWNER }}/${{ secrets.REMOTE_REUSE_REPO }}/actions/workflows/build-docker-image.yml/dispatches \
+ -d '{"ref": "${{ env.REF }}", "inputs":{"branch":"${{ github.ref_name }}", "environment":"production"}}'
\ No newline at end of file diff --git a/.github/workflows/trigger_rebuild_packages.yml b/.github/workflows/trigger_rebuild_packages.yml index 2be662e8..4355ecb8 100644 --- a/.github/workflows/trigger_rebuild_packages.yml +++ b/.github/workflows/trigger_rebuild_packages.yml @@ -33,6 +33,8 @@ jobs: - 'scripts/package-build/ethtool/**' frr: - 'scripts/package-build/frr/**' + frr_exporter: + - 'scripts/package-build/frr_exporter/**' hostap: - 'scripts/package-build/hostap/**' hsflowd: @@ -52,6 +54,8 @@ jobs: - 'scripts/package-build/net-snmp/**' netfilter: - 'scripts/package-build/netfilter/**' + node_exporter: + - 'scripts/package-build/node_exporter/**' opennhrp: - 'scripts/package-build/opennhrp/**' openvpn-otp: @@ -76,6 +80,8 @@ jobs: - 'scripts/package-build/waagent/**' wide-dhcpv6: - 'scripts/package-build/wide-dhcpv6/**' + xen-guest-agent: + - 'scripts/package-build/xen-guest-agent/**' - name: Trigger builds for changed packages run: | @@ -113,6 +119,10 @@ jobs: trigger_build "frr" fi + if [ "${{ steps.changes.outputs.frr_exporter }}" == "true" ]; then + trigger_build "frr_exporter" + fi + if [ "${{ steps.changes.outputs.hostap }}" == "true" ]; then trigger_build "hostap" fi @@ -149,6 +159,10 @@ jobs: trigger_build "netfilter" fi + if [ "${{ steps.changes.outputs.node_exporter }}" == "true" ]; then + trigger_build "node_exporter" + fi + if [ "${{ steps.changes.outputs.opennhrp }}" == "true" ]; then trigger_build "opennhrp" fi @@ -196,3 +210,7 @@ jobs: if [ "${{ steps.changes.outputs.wide-dhcpv6 }}" == "true" ]; then trigger_build "ethtool" fi + + if [ "${{ steps.changes.outputs.xen-guest-agent }}" == "true" ]; then + trigger_build "xen-guest-agent" + fi diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 87e02ccc..00000000 --- a/Jenkinsfile +++ /dev/null @@ -1,220 +0,0 @@ -#!/usr/bin/env groovy -// Copyright (C) 2019-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ -setDescription() - -node('Docker') { - stage('Setup Container') { - script { - // create container name on demand - def branchName = getGitBranchName() - // Adjust PR target branch name so we can re-map it to the proper Docker image. - if (isPullRequest()) - branchName = env.CHANGE_TARGET.toLowerCase() - if (branchName.equals('master')) - branchName = 'current' - - env.DOCKER_IMAGE = 'vyos/vyos-build:' + branchName - - // Get the current UID and GID from the jenkins agent to allow use of the same UID inside Docker - env.USR_ID = sh(returnStdout: true, script: 'id -u').toString().trim() - env.GRP_ID = sh(returnStdout: true, script: 'id -g').toString().trim() - env.DOCKER_ARGS = '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=' + env.USR_ID + ' -e GOSU_GID=' + env.GRP_ID - env.BASE_VERSION = '1.5-rolling-' - } - } -} - -pipeline { - agent { - docker { - label "Docker" - args "${env.DOCKER_ARGS}" - image "${env.DOCKER_IMAGE}" - alwaysPull true - reuseNode true - } - } - parameters { - string(name: 'BUILD_BY', defaultValue: 'autobuild@vyos.net', description: 'Builder identifier (e.g. jrandomhacker@example.net)') - string(name: 'BUILD_VERSION', defaultValue: env.BASE_VERSION + 'ISO8601-TIMESTAMP', description: 'Version number (release builds only)') - booleanParam(name: 'BUILD_PUBLISH', defaultValue: false, description: 'Publish this build AWS S3') - booleanParam(name: 'BUILD_SNAPSHOT', defaultValue: false, description: 'Upload image to AWS S3 snapshot bucket') - booleanParam(name: 'TEST_SMOKETESTS', defaultValue: true, description: 'Run Smoketests after ISO build') - booleanParam(name: 'TEST_RAID1', defaultValue: true, description: 'Perform RAID1 installation tests') - } - options { - disableConcurrentBuilds() - timeout(time: 240, unit: 'MINUTES') - timestamps() - buildDiscarder(logRotator(numToKeepStr: '20')) - } - stages { - stage('Build ISO') { - when { - beforeOptions true - beforeAgent true - // Only run ISO image build process of explicit user request or - // once a night triggered by the timer. - anyOf { - triggeredBy 'TimerTrigger' - triggeredBy cause: "UserIdCause" - } - } - environment { - PYTHONDONTWRITEBYTECODE = 1 - } - steps { - script { - // Display Git commit Id used with the Jenkinsfile on the Job "Build History" pane - def commitId = sh(returnStdout: true, script: 'git rev-parse --short=11 HEAD').trim() - currentBuild.description = sprintf('Git SHA1: %s', commitId[-11..-1]) - - def CUSTOM_PACKAGES = '' - if (params.TEST_SMOKETESTS) - CUSTOM_PACKAGES = '--custom-package vyos-1x-smoketest' - - def VYOS_VERSION = params.BUILD_VERSION - if (params.BUILD_VERSION == env.BASE_VERSION + 'ISO8601-TIMESTAMP') - VYOS_VERSION = env.BASE_VERSION + sh(returnStdout: true, script: 'date -u +%Y%m%d%H%M').toString().trim() - - sh """ - sudo --preserve-env ./build-vyos-image \ - --build-by "${params.BUILD_BY}" \ - --debian-mirror http://deb.debian.org/debian/ \ - --build-type release \ - --version "${VYOS_VERSION}" ${CUSTOM_PACKAGES} generic - """ - - if (fileExists('build/live-image-amd64.hybrid.iso') == false) { - error('ISO build error') - } - } - } - } - stage('Smoketests for RAID-1 system installation') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - expression { return params.TEST_RAID1 } - } - steps { - sh "sudo make testraid" - } - } - stage('Smoketests for TPM config encryption') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - } - steps { - sh "sudo make testtpm" - } - } - stage('Smoketests') { - when { - expression { return params.TEST_SMOKETESTS } - } - parallel { - stage('CLI validation') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - } - steps { - sh "sudo make test" - } - } - stage('vyos-configd and arbitrary config loader') { - when { - expression { fileExists 'build/live-image-amd64.hybrid.iso' } - } - steps { - sh "sudo make testc" - } - } - } - } - } - post { - success { - script { - // only deploy ISO if build from official repository - if (isCustomBuild()) - return - - // always store local artifacts - archiveArtifacts artifacts: '**/build/vyos-*.iso, **/build/vyos-*.qcow2', - allowEmptyArchive: true - - // only deploy ISO if requested via parameter - if (!params.BUILD_PUBLISH) - return - - files = findFiles(glob: 'build/vyos*.iso') - // Publish ISO image to daily builds bucket - if (files) { - // Publish ISO image to snapshot bucket - if (files && params.BUILD_SNAPSHOT) { - withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { - s3Upload(bucket: 's3-us.vyos.io', path: 'snapshot/' + params.BUILD_VERSION + '/', workingDir: 'build', includePathPattern: 'vyos*.iso', - cacheControl: "public, max-age=2592000") - } - } else { - // Publish build result to AWS S3 rolling bucket - withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { - s3Upload(bucket: 's3-us.vyos.io', path: 'rolling/' + getGitBranchName() + '/', - workingDir: 'build', includePathPattern: 'vyos*.iso') - s3Copy(fromBucket: 's3-us.vyos.io', fromPath: 'rolling/' + getGitBranchName() + '/' + files[0].name, - toBucket: 's3-us.vyos.io', toPath: 'rolling/' + getGitBranchName() + '/vyos-rolling-latest.iso') - } - } - - // Trigger GitHub action which will re-build the static community website which - // also holds the AWS download links to the generated ISO images - withCredentials([string(credentialsId: 'vyos.net-build-trigger-token', variable: 'TOKEN')]) { - sh ''' - curl -X POST --header "Accept: application/vnd.github.v3+json" \ - --header "authorization: Bearer $TOKEN" --data '{"ref": "production"}' \ - https://api.github.com/repos/vyos/community.vyos.net/actions/workflows/main.yml/dispatches - ''' - } - } - - // Publish ISO image to snapshot bucket - if (files && params.BUILD_SNAPSHOT) { - withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { - s3Upload(bucket: 's3-us.vyos.io', path: 'snapshot/', - workingDir: 'build', includePathPattern: 'vyos*.iso') - } - } - } - } - failure { - archiveArtifacts artifacts: '**/build/vyos-*.iso, **/build/vyos-*.qcow2', - allowEmptyArchive: true - } - cleanup { - echo 'One way or another, I have finished' - // the 'build' directory got elevated permissions during the build - // cdjust permissions so it can be cleaned up by the regular user - sh 'sudo make purge' - deleteDir() /* cleanup our workspace */ - } - } -} @@ -26,7 +26,12 @@ test: checkiso .PHONY: test-no-interfaces .ONESHELL: test-no-interfaces: checkiso - scripts/check-qemu-install --debug --configd --match="$(MATCH)" --smoketest --uefi --no-interfaces build/live-image-amd64.hybrid.iso + scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces build/live-image-amd64.hybrid.iso + +.PHONY: test-interfaces +.ONESHELL: +test-interfaces: checkiso + scripts/check-qemu-install --debug --configd --match="interfaces_" --smoketest --uefi build/live-image-amd64.hybrid.iso .PHONY: testc .ONESHELL: @@ -33,9 +33,8 @@ There are several directories with their own purpose: * `build/` Used for temporary files used for the build and for build artifacts * `data/` Data required for building the ISO (e.g. boot splash/configs) - * `packages/` This directory has two meanings. First it can hold arbitrary *.deb - packages which will be embeded into the resulting ISO, but it also - holds Jenkins Pipeline definitions for required VyOS packages. + * `packages/` This directory can hold arbitrary *.deb + packages which will be embeded into the resulting ISO. Among other things those packages will be: Linux Kernel, FRR, Netfiler... * `scripts/` Scripts that are used for the build process diff --git a/data/architectures/amd64.toml b/data/architectures/amd64.toml index e85b4158..9ab1c03b 100644 --- a/data/architectures/amd64.toml +++ b/data/architectures/amd64.toml @@ -1,15 +1,18 @@ -additional_repositories = [ - "deb [arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3005 bullseye main" -] - # Packages added to images for x86 by default packages = [ "grub2", "grub-pc", + "vyos-drivers-realtek-r8152", "vyos-linux-firmware", "vyos-intel-qat", "vyos-intel-ixgbe", "vyos-intel-ixgbevf", - "mlnx-ofed-kernel-modules", - "mlnx-tools", ] + +[additional_repositories.salt] + architecture = "amd64" + url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005" + distribution = "bullseye" + +[additional_repositories.zabbix] + url = "https://repo.zabbix.com/zabbix/6.0/debian" diff --git a/data/architectures/arm64.toml b/data/architectures/arm64.toml index 228d0f3f..ebf14ef4 100644 --- a/data/architectures/arm64.toml +++ b/data/architectures/arm64.toml @@ -1,9 +1,13 @@ -additional_repositories = [ - "deb [arch=arm64] https://repo.saltproject.io/py3/debian/11/arm64/3005 bullseye main" -] - # Packages included in ARM64 images by default packages = [ "grub-efi-arm64", ] bootloaders = "grub-efi" + +[additional_repositories.salt] + architecture = "arm64" + url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005" + distribution = "bullseye" + +[additional_repositories.zabbix] + url = "https://repo.zabbix.com/zabbix/6.0/debian-arm64" diff --git a/data/architectures/armhf.toml b/data/architectures/armhf.toml index de5e62f4..8cf2d763 100644 --- a/data/architectures/armhf.toml +++ b/data/architectures/armhf.toml @@ -1,5 +1,5 @@ additional_repositories = [ - "deb [arch=armhf] https://repo.saltproject.io/py3/debian/11/armhf/3005 bullseye main" + "deb [arch=armhf] https://packages.vyos.net/saltproject/debian/11/arm64/3005 bullseye main" ] # Packages included in armhf images by default diff --git a/data/defaults.toml b/data/defaults.toml index efe6399f..f0a7d83d 100644 --- a/data/defaults.toml +++ b/data/defaults.toml @@ -9,12 +9,12 @@ debian_security_mirror = "http://deb.debian.org/debian-security" debian_archive_areas = "main contrib non-free non-free-firmware" -vyos_mirror = "https://rolling-packages.vyos.net/current" +vyos_mirror = "https://packages.vyos.net/repositories/current" vyos_branch = "current" release_train = "current" -kernel_version = "6.6.51" +kernel_version = "6.6.56" kernel_flavor = "vyos" bootloaders = "syslinux,grub-efi" diff --git a/data/live-build-config/archives/zabbix-official-repo.key.chroot b/data/live-build-config/archives/zabbix-official-repo.key.chroot Binary files differnew file mode 100644 index 00000000..660c453a --- /dev/null +++ b/data/live-build-config/archives/zabbix-official-repo.key.chroot diff --git a/data/live-build-config/hooks/live/01-live-serial.binary b/data/live-build-config/hooks/live/01-live-serial.binary index e138b20d..05785da7 100755 --- a/data/live-build-config/hooks/live/01-live-serial.binary +++ b/data/live-build-config/hooks/live/01-live-serial.binary @@ -10,22 +10,22 @@ SERIAL_CONSOLE="console=tty0 console=ttyS0,115200" GRUB_MENUENTRY=$(sed -e '/menuentry.*hotkey.*/,/^}/!d' -e 's/--hotkey=l//g' $GRUB_PATH) # Update KVM menuentry name -sed -i 's/"Live system \((.*-vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH +sed -i 's/"Live system \((.*vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH # Insert serial menuentry echo "$GRUB_MENUENTRY" | sed \ - -e 's/"Live system \((.*-vyos)\)"/"Live system \1 - Serial console"/' \ + -e 's/"Live system \((.*vyos)\)"/"Live system \1 - Serial console"/' \ -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $GRUB_PATH # Live.cfg Update ISOLINUX_MENUENTRY=$(sed -e '/label live-\(.*\)-vyos$/,/^\tappend.*/!d' $ISOLINUX_PATH) # Update KVM menuentry name -sed -i 's/Live system \((.*-vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH +sed -i 's/Live system \((.*vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH # Insert serial menuentry echo "\n$ISOLINUX_MENUENTRY" | sed \ -e 's/live-\(.*\)-vyos/live-\1-vyos-serial/' \ -e '/^\tmenu default/d' \ - -e 's/Live system \((.*-vyos)\)/Live system \1 - Serial console/' \ + -e 's/Live system \((.*vyos)\)/Live system \1 - Serial console/' \ -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $ISOLINUX_PATH diff --git a/data/live-build-config/hooks/live/19-kernel_symlinks.chroot b/data/live-build-config/hooks/live/19-kernel_symlinks.chroot index e63ca263..a7e95e0e 100755 --- a/data/live-build-config/hooks/live/19-kernel_symlinks.chroot +++ b/data/live-build-config/hooks/live/19-kernel_symlinks.chroot @@ -1,6 +1,9 @@ #!/bin/sh -echo I: Creating kernel symlinks. +echo I: Creating Linux Kernel symbolic links cd /boot ln -s initrd.img-* initrd.img ln -s vmlinuz-* vmlinuz + +echo I: Remove Linux Kernel symbolic link to source folder +rm -rf /lib/modules/*/build diff --git a/data/live-build-config/hooks/live/92-strip-symbols.chroot b/data/live-build-config/hooks/live/92-strip-symbols.chroot index 704f9cb3..f44cb01d 100755 --- a/data/live-build-config/hooks/live/92-strip-symbols.chroot +++ b/data/live-build-config/hooks/live/92-strip-symbols.chroot @@ -15,7 +15,6 @@ STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-sec STRIPDIR_REGULAR=" " STRIPDIR_DEBUG=" -/usr/lib/modules " STRIPDIR_UNNEEDED=" /etc/hsflowd/modules diff --git a/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot b/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot new file mode 100755 index 00000000..1dc03186 --- /dev/null +++ b/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot @@ -0,0 +1,22 @@ +#!/bin/sh +SIGN_FILE=$(find /usr/lib -name sign-file) +MOK_KEY="/var/lib/shim-signed/mok/MOK.key" +MOK_CERT="/var/lib/shim-signed/mok/MOK.pem" +VMLINUZ=$(readlink /boot/vmlinuz) + +# All Linux Kernel modules need to be cryptographically signed +find /lib/modules -type f -name \*.ko | while read MODULE; do + modinfo ${MODULE} | grep -q "signer:" + if [ $? != 0 ]; then + echo "E: Module ${MODULE} is not signed!" + read -n 1 -s -r -p "Press any key to continue" + fi +done + +if [ ! -f ${MOK_KEY} ]; then + echo "I: Signing key for Linux Kernel not found - Secure Boot not possible" +else + echo "I: Signing Linux Kernel for Secure Boot" + sbsign --key ${MOK_KEY} --cert ${MOK_CERT} /boot/${VMLINUZ} --output /boot/${VMLINUZ} + sbverify --list /boot/${VMLINUZ} +fi diff --git a/data/live-build-config/hooks/live/93-sign-kernel.chroot b/data/live-build-config/hooks/live/93-sign-kernel.chroot deleted file mode 100755 index 031db10d..00000000 --- a/data/live-build-config/hooks/live/93-sign-kernel.chroot +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -SIGN_FILE=$(find /usr/lib -name sign-file) -MOK_KEY="/var/lib/shim-signed/mok/kernel.key" -MOK_CERT="/var/lib/shim-signed/mok/kernel.pem" -kernel_elf=$(readlink /boot/vmlinuz) - -if [ ! -f ${MOK_KEY} ]; then - echo "I: Signing key for Linux Kernel not found - Secure Boot not possible" -else - echo "I: Signing Linux Kernel for Secure Boot" - - sbsign --key $MOK_KEY --cert $MOK_CERT /boot/${kernel_elf} --output /boot/${kernel_elf} - sbverify --list /boot/${kernel_elf} - - find /lib/modules -type f -name \*.ko -o -name \*.ko.xz | while read module; do - $SIGN_FILE sha512 $MOK_KEY $MOK_CERT $module - done -fi diff --git a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md b/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md index 5a6edbba..abaaa97a 100644 --- a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md +++ b/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md @@ -6,17 +6,6 @@ Create Certificate Authority used for Kernel signing. CA is loaded into the Machine Owner Key store on the target system. ```bash -openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes +openssl req -new -x509 -newkey rsa:4096 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes openssl x509 -inform der -in MOK.der -out MOK.pem ``` - -## Kernel Module Signing Key - -We do not make use of ephemeral keys for Kernel module signing. Instead a key -is generated and signed by the VyOS Secure Boot CA which signs all the Kernel -modules during ISO assembly if present. - -```bash -openssl req -newkey rsa:2048 -keyout kernel.key -out kernel.csr -subj "/CN=VyOS Secure Boot Signer 2024 - linux/" -nodes -openssl x509 -req -in kernel.csr -CA MOK.pem -CAkey MOK.key -CAcreateserial -out kernel.pem -days 730 -sha256 -``` diff --git a/docker/Dockerfile b/docker/Dockerfile index 498dd69a..ddda5ff8 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -154,7 +154,7 @@ RUN eval $(opam env --root=/opt/opam --set-root) && opam install -y \ # Build VyConf which is required to build libvyosconfig RUN eval $(opam env --root=/opt/opam --set-root) && \ - opam pin add vyos1x-config https://github.com/vyos/vyos1x-config.git#fc327ecd76 -y + opam pin add vyos1x-config https://github.com/vyos/vyos1x-config.git#d7260e772e39bc6a3a2d76d629567e03bbad16b5 -y # Packages needed for libvyosconfig RUN apt-get update && apt-get install -y \ @@ -165,7 +165,7 @@ RUN apt-get update && apt-get install -y \ # Build libvyosconfig RUN eval $(opam env --root=/opt/opam --set-root) && \ git clone https://github.com/vyos/libvyosconfig.git /tmp/libvyosconfig && \ - cd /tmp/libvyosconfig && git checkout c6141d97 && \ + cd /tmp/libvyosconfig && git checkout 9e4f6c1494fcff64ad22503b704dbdd43347b0a6 && \ dpkg-buildpackage -uc -us -tc -b && \ dpkg -i /tmp/libvyosconfig0_*_$(dpkg-architecture -qDEB_HOST_ARCH).deb @@ -270,8 +270,8 @@ RUN pip install --break-system-packages \ quilt \ whois -# Go required for validators and vyos-xe-guest-utilities -RUN GO_VERSION_INSTALL="1.21.3" ; \ +# Go required for telegraf and prometheus exporters build +RUN GO_VERSION_INSTALL="1.23.2" ; \ wget -O /tmp/go${GO_VERSION_INSTALL}.linux-amd64.tar.gz https://go.dev/dl/go${GO_VERSION_INSTALL}.linux-$(dpkg-architecture -qDEB_HOST_ARCH).tar.gz ; \ tar -C /opt -xzf /tmp/go*.tar.gz && \ rm /tmp/go*.tar.gz diff --git a/docker/patches/live-build/0001-save-package-info.patch b/docker/patches/live-build/0001-save-package-info.patch index abb4308d..3ce22fe1 100644 --- a/docker/patches/live-build/0001-save-package-info.patch +++ b/docker/patches/live-build/0001-save-package-info.patch @@ -1,33 +1,36 @@ -From 3ddf0e979c352f2917be6a949fb8dd37b5c9f2b7 Mon Sep 17 00:00:00 2001 +From 9dacc8bf99310b2216be24a42f2c0475080cf039 Mon Sep 17 00:00:00 2001 From: khramshinr <khramshinr@gmail.com> -Date: Wed, 28 Aug 2024 14:38:15 +0600 +Date: Thu, 24 Oct 2024 14:22:57 +0600 Subject: [PATCH] T6684: new Debian package repo snapshot logic -save information about all installed packages and teir source repo, including temporary packages +Save information about all installed packages and teir source repo, including temporary packages +Added functionality to store version information for temporarily installed packages. --- - functions/packages.sh | 7 +++++++ + functions/packages.sh | 9 +++++++++ scripts/build/chroot | 6 ++++++ scripts/build/clean | 2 +- - 3 files changed, 14 insertions(+), 1 deletion(-) + 3 files changed, 16 insertions(+), 1 deletion(-) diff --git a/functions/packages.sh b/functions/packages.sh -index 9e25df5f3..4d1fa695e 100755 +index 2481edc25..a6c2c1e8d 100755 --- a/functions/packages.sh +++ b/functions/packages.sh -@@ -60,6 +60,13 @@ Install_packages () +@@ -60,6 +60,15 @@ Install_packages () Chroot chroot "aptitude install --without-recommends ${APTITUDE_OPTIONS} ${_LB_PACKAGES}" ;; esac + + # save information about all temporary installed packages and source repos + for PACKAGE in ${_LB_PACKAGES}; do -+ Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | awk -v pkg="${PACKAGE}" '{print $2" "$3" "pkg}' >> chroot.packages.all.info ++ INSTALLED_VERSION=$(Chroot chroot "apt-cache policy ${PACKAGE}" | grep 'Installed:' | awk '{print $2}') ++ Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | \ ++ awk -v pkg="${PACKAGE}" -v version="${INSTALLED_VERSION}" '{print $2" "$3" "pkg" "version}' >> chroot.packages.all.info + + done + unset _LB_PACKAGES # Can clear this now } - + diff --git a/scripts/build/chroot b/scripts/build/chroot index a0aa10be0..700762e78 100755 --- a/scripts/build/chroot @@ -35,7 +38,7 @@ index a0aa10be0..700762e78 100755 @@ -48,6 +48,12 @@ for _PASS in install live; do fi done - + +# save information about all installed packages and source repos +Chroot chroot "dpkg-query -W" | while read PACKAGE; do + Chroot chroot "apt-cache policy ${PACKAGE}" | sed -n '/\*\*\*/,$p' | grep -P 'http:|https:' -m 1 | awk -v pkg="${PACKAGE}" '{print $2" "$3" "pkg}' >> chroot.packages.all.info @@ -50,11 +53,12 @@ index 6549fc635..4376d7525 100755 --- a/scripts/build/clean +++ b/scripts/build/clean @@ -159,7 +159,7 @@ if [ "${RM_CHROOT}" = "true" ]; then - + rm -rf chroot chroot.tmp - + - rm -f chroot.packages.live chroot.packages.install + rm -f chroot.packages.live chroot.packages.install chroot.packages.all.info rm -f chroot.files + + rm -f "$(Installed_tmp_packages_file)" - rm -f "$(Installed_tmp_packages_file)"
\ No newline at end of file diff --git a/packages/.gitignore b/packages/.gitignore index db1547bf..33662f55 100644 --- a/packages/.gitignore +++ b/packages/.gitignore @@ -1,6 +1 @@ -*.tar.gz -*.deb -*.dsc -*.buildinfo -*.changes -*.git +/* diff --git a/packages/aws-gateway-load-balancer-tunnel-handler/.gitignore b/packages/aws-gateway-load-balancer-tunnel-handler/.gitignore deleted file mode 100644 index a3e428dc..00000000 --- a/packages/aws-gateway-load-balancer-tunnel-handler/.gitignore +++ /dev/null @@ -1 +0,0 @@ -aws-gwlbtun/ diff --git a/packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile b/packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile deleted file mode 100644 index cbf5a407..00000000 --- a/packages/aws-gateway-load-balancer-tunnel-handler/Jenkinsfile +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def timestamp = new Date().format('yyyyMMddhhmmss') -def commit_id = 'f78058a' - -def pkgList = [ - ['name': "aws-gwlbtun-${timestamp}-${commit_id}", - 'scmCommit': commit_id, - 'scmUrl': 'https://github.com/aws-samples/aws-gateway-load-balancer-tunnel-handler', - 'buildCmd': "../build.py --package aws-gwlbtun --version ${timestamp}-${commit_id}"], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('aws-gateway-load-balancer-tunnel-handler', pkgList, null, true, "**/packages/aws-gateway-load-balancer-tunnel-handler/**") diff --git a/packages/aws-gateway-load-balancer-tunnel-handler/build.py b/packages/aws-gateway-load-balancer-tunnel-handler/build.py deleted file mode 100755 index a8c75aab..00000000 --- a/packages/aws-gateway-load-balancer-tunnel-handler/build.py +++ /dev/null @@ -1,57 +0,0 @@ -#!/usr/bin/env python3 - -from argparse import ArgumentParser -from pathlib import Path -from subprocess import run - - -def prepare_package() -> None: - """Prepare a package - """ - install_file = Path('./debian/install') - install_data = 'obj-*-linux-gnu/gwlbtun usr/sbin' - install_file.touch() - install_file.write_text(install_data) - - -def build_package(package_name: str, package_ver: str) -> bool: - """Build a package using commands from external file - - Args: - package_name (str): package name - package_ver (str): package version - - Returns: - bool: build status - """ - # prepare sources - debmake_cmd = [ - 'debmake', '-e', 'support@vyos.io', '-f', 'VyOS Support', '-p', - package_name, '-u', package_ver, '-t' - ] - run(debmake_cmd) - - prepare_package() - - # build a package - run('debuild') - - return True - - -# build a package -if __name__ == '__main__': - # prepare argument parser - arg_parser = ArgumentParser() - arg_parser.add_argument('--package', - required=True, - help='Package name to build') - arg_parser.add_argument('--version', - required=True, - help='Version for the package') - args = arg_parser.parse_args() - - if not build_package(args.package, args.version): - exit(1) - - exit() diff --git a/packages/ddclient/.gitignore b/packages/ddclient/.gitignore deleted file mode 100644 index 600e4cd1..00000000 --- a/packages/ddclient/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ddclient/ diff --git a/packages/ddclient/Jenkinsfile b/packages/ddclient/Jenkinsfile deleted file mode 100644 index b297db47..00000000 --- a/packages/ddclient/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2023-2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'ddclient', - 'scmCommit': 'debian/3.11.2-1', - 'scmUrl': 'https://salsa.debian.org/debian/ddclient', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ddclient', pkgList, null, null, "**/packages/ddclient/**") diff --git a/packages/dropbear/.gitignore b/packages/dropbear/.gitignore deleted file mode 100644 index 3f3a2a1c..00000000 --- a/packages/dropbear/.gitignore +++ /dev/null @@ -1 +0,0 @@ -dropbear/ diff --git a/packages/dropbear/Jenkinsfile b/packages/dropbear/Jenkinsfile deleted file mode 100644 index 539d7578..00000000 --- a/packages/dropbear/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2022-2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'dropbear', - 'scmCommit': 'debian/2022.83-1+deb12u1', - 'scmUrl': 'https://salsa.debian.org/debian/dropbear.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('dropbear', pkgList, null, true, "**/packages/dropbear/**") diff --git a/packages/dropbear/build.sh b/packages/dropbear/build.sh deleted file mode 100755 index 9376fa7a..00000000 --- a/packages/dropbear/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=dropbear -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series - done -fi - -cd ${SRC} - -echo "I: Installing build dependencies" -sudo apt-get install -y libpam0g-dev - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b diff --git a/packages/dropbear/patches/0001-Enable-PAM-support.patch b/packages/dropbear/patches/0001-Enable-PAM-support.patch deleted file mode 100644 index fa6cf620..00000000 --- a/packages/dropbear/patches/0001-Enable-PAM-support.patch +++ /dev/null @@ -1,61 +0,0 @@ -From 861bfb53de5909e25a952a83654c63de61af02b5 Mon Sep 17 00:00:00 2001 -From: Christian Breunig <christian@breunig.cc> -Date: Sun, 28 May 2023 15:45:32 +0200 -Subject: [PATCH] Enable PAM support - ---- - debian/control | 1 + - debian/rules | 2 +- - default_options.h | 4 ++-- - 3 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/debian/control b/debian/control -index 77ea036..b252b97 100644 ---- a/debian/control -+++ b/debian/control -@@ -6,6 +6,7 @@ Build-Depends: debhelper, - debhelper-compat (= 13), - libtomcrypt-dev (>= 1.18.2~), - libtommath-dev (>= 1.2.0~), -+ libpam0g-dev, - libz-dev - Rules-Requires-Root: no - Standards-Version: 4.6.1 -diff --git a/debian/rules b/debian/rules -index 7dab64c..ce11aa4 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -24,7 +24,7 @@ endif - dh $@ - - override_dh_auto_configure: -- dh_auto_configure -- --disable-bundled-libtom \ -+ dh_auto_configure -- --disable-bundled-libtom --enable-pam \ - CC='$(CC)' CFLAGS='$(CFLAGS)' $(CONFFLAGS) - - execute_before_dh_auto_build: -diff --git a/default_options.h b/default_options.h -index 5132775..e7d274c 100644 ---- a/default_options.h -+++ b/default_options.h -@@ -223,7 +223,7 @@ group1 in Dropbear server too */ - - /* Authentication Types - at least one required. - RFC Draft requires pubkey auth, and recommends password */ --#define DROPBEAR_SVR_PASSWORD_AUTH 1 -+#define DROPBEAR_SVR_PASSWORD_AUTH 0 - - /* Note: PAM auth is quite simple and only works for PAM modules which just do - * a simple "Login: " "Password: " (you can edit the strings in svr-authpam.c). -@@ -231,7 +231,7 @@ group1 in Dropbear server too */ - * but there's an interface via a PAM module. It won't work for more complex - * PAM challenge/response. - * You can't enable both PASSWORD and PAM. */ --#define DROPBEAR_SVR_PAM_AUTH 0 -+#define DROPBEAR_SVR_PAM_AUTH 1 - - /* ~/.ssh/authorized_keys authentication. - * You must define DROPBEAR_SVR_PUBKEY_AUTH in order to use plugins. */ --- -2.30.2 - diff --git a/packages/ethtool/.gitignore b/packages/ethtool/.gitignore deleted file mode 100644 index 5967d5de..00000000 --- a/packages/ethtool/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ethtool/ diff --git a/packages/ethtool/Jenkinsfile b/packages/ethtool/Jenkinsfile deleted file mode 100644 index bddd3b63..00000000 --- a/packages/ethtool/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'ethtool', - 'scmCommit': 'debian/1%6.6-1', - 'scmUrl': 'https://salsa.debian.org/kernel-team/ethtool', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ethtool', pkgList, null, true, "**/packages/ethtool/**") diff --git a/packages/frr/.gitignore b/packages/frr/.gitignore deleted file mode 100644 index 8afd14e8..00000000 --- a/packages/frr/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -frr/ -rtrlib/ -libyang/ diff --git a/packages/frr/Jenkinsfile b/packages/frr/Jenkinsfile deleted file mode 100644 index 441b1681..00000000 --- a/packages/frr/Jenkinsfile +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (C) 2020-2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'libyang', - 'scmCommit': 'v2.1.148', - 'scmUrl': 'https://github.com/CESNET/libyang.git', - 'buildCmd': 'pipx run apkg build -i && find pkg/pkgs -type f -name *.deb -exec mv -t .. {} +'], - ['name': 'rtrlib', - 'scmCommit': 'v0.8.0', - 'scmUrl': 'https://github.com/rtrlib/rtrlib.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], - ['name': 'frr', - 'scmCommit': 'stable/9.1', - 'scmUrl': 'https://github.com/FRRouting/frr.git', - 'buildCmd': 'sudo dpkg -i ../*.deb; sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build-frr.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('FRRouting', pkgList, null, true, "**/packages/frr/**") diff --git a/packages/frr/build-frr.sh b/packages/frr/build-frr.sh deleted file mode 100755 index 7171a883..00000000 --- a/packages/frr/build-frr.sh +++ /dev/null @@ -1,40 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -FRR_SRC=frr - -if [ ! -d ${FRR_SRC} ]; then - echo "FRR source directory does not exists, please 'git clone'" - exit 1 -fi - -# VyOS requires some small FRR Patches - apply them here -# It's easier to habe them here and make use of the upstream -# repository instead of maintaining a full Fork. -# Saving time/resources is essential :-) -cd ${FRR_SRC} - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - echo "I: Apply FRRouting patches not in main repository:" - for patch in $(ls ${PATCH_DIR}) - do - if [ -z "$(git config --list | grep -e user.name -e user.email)" ]; then - # if git user.name and user.email is not set, -c sets temorary user.name and - # user.email variables as these is not set in the build container by default. - OPTS="-c user.name=VyOS-CI -c user.email=maintainers@vyos.io" - fi - git $OPTS am --committer-date-is-author-date ${PATCH_DIR}/${patch} - done -fi - -echo "I: Ensure Debian build dependencies are met" -sudo apt-get -y install chrpath gawk install-info libcap-dev libjson-c-dev librtr-dev -sudo apt-get -y install libpam-dev libprotobuf-c-dev libpython3-dev:native python3-sphinx:native libsnmp-dev protobuf-c-compiler python3-dev:native texinfo lua5.3 - -# Build Debian FRR package -echo "I: Build Debian FRR Package" -# extract "real" git commit for FRR version identifier -dch -v "$(git describe | cut -c5-)" "VyOS build - FRR" -dpkg-buildpackage -us -uc -tc -b -Ppkg.frr.rtrlib,pkg.frr.lua diff --git a/packages/hostap/.gitignore b/packages/hostap/.gitignore deleted file mode 100644 index d0133c0d..00000000 --- a/packages/hostap/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -hostap/ -wpa/ diff --git a/packages/hostap/Jenkinsfile b/packages/hostap/Jenkinsfile deleted file mode 100644 index 7eeff1bb..00000000 --- a/packages/hostap/Jenkinsfile +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (C) 2022-2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'wpa', - 'scmCommit': 'debian/2%2.10-12', - 'scmUrl': 'https://salsa.debian.org/debian/wpa', - 'buildCmd': '/bin/true'], - ['name': 'hostap', - 'scmCommit': 'e7172e26d', - 'scmUrl': 'git://w1.fi/srv/git/hostap.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('hostap', pkgList, null, true, "**/packages/hostap/**") diff --git a/packages/hostap/build.sh b/packages/hostap/build.sh deleted file mode 100755 index c356672a..00000000 --- a/packages/hostap/build.sh +++ /dev/null @@ -1,38 +0,0 @@ -#!/bin/bash -CWD=$(pwd) -set -e - -SRC=hostap -SRC_DEB=wpa - -if [ ! -d ${SRC} ]; then - echo "${SRC} directory does not exists, please 'git clone'" - exit 1 -fi -if [ ! -d ${SRC_DEB} ]; then - echo "${SRC_DEB} directory does not exists, please 'git clone'" - exit 1 -fi - -echo "I: Copy Debian build instructions" -cp -a ${SRC_DEB}/debian ${SRC} -# Preserve Debian's default of allowing TLSv1.0 and legacy renegotiation for -# compatibility with networks that use legacy crypto -cat > ${SRC}/debian/patches/series << EOF -allow-tlsv1.patch -allow-legacy-renegotiation.patch -EOF - -# Build Debian package -cd ${SRC} - -echo "I: Ensure Debian build dependencies are met" -sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -Ppkg.wpa.nogui,noudeb - -echo "I: Create new Debian Package version" -version="$(git describe --tags | tr _ .)" -dch -v ${version:7} "New version to support AES-GCM-256 for MACsec" -b - -echo "I: Build Debian hostap Package" -DEB_CPPFLAGS_SET="-Wno-use-after-free -Wno-deprecated-declarations" \ - dpkg-buildpackage -us -uc -tc -b -Ppkg.wpa.nogui,noudeb diff --git a/packages/hsflowd/.gitignore b/packages/hsflowd/.gitignore deleted file mode 100644 index b3786b97..00000000 --- a/packages/hsflowd/.gitignore +++ /dev/null @@ -1 +0,0 @@ -host-sflow/ diff --git a/packages/hsflowd/Jenkinsfile b/packages/hsflowd/Jenkinsfile deleted file mode 100644 index bb9dd68d..00000000 --- a/packages/hsflowd/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'host-sflow', - 'scmCommit': 'v2.0.55-1', - 'scmUrl': 'https://github.com/sflow/host-sflow.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('hsflowd', pkgList, null, true, "**/packages/hsflowd/**") diff --git a/packages/hsflowd/build.sh b/packages/hsflowd/build.sh deleted file mode 100755 index 0b00c998..00000000 --- a/packages/hsflowd/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/bash -CWD=$(pwd) -set -e - -SRC=host-sflow - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} - -echo "I: Ensure Debian build dependencies are met" -sudo apt-get install -y libpcap0.8-dev - -# Build hsflowd -# make deb FEATURES="NFLOG PCAP TCP DOCKER KVM OVS DBUS SYSTEMD DROPMON PSAMPLE DENT CONTAINERD" -echo "I: Build VyOS hsflowd Package" -make deb FEATURES="PCAP DROPMON DBUS" - -# hsflowd builds ARM package as aarch64 extension, rename to arm64 -for file in *.deb ; do mv $file ${file//aarch64/arm64} || true ; done - -# Do not confuse *.deb upload logic by removing build in debian packages ... -# ugly but works -find src -name "*.deb" -type f -exec rm {} \; diff --git a/packages/isc-dhcp/.gitignore b/packages/isc-dhcp/.gitignore deleted file mode 100644 index d2c5a2db..00000000 --- a/packages/isc-dhcp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -isc-dhcp/ diff --git a/packages/isc-dhcp/Jenkinsfile b/packages/isc-dhcp/Jenkinsfile deleted file mode 100644 index 02af15d9..00000000 --- a/packages/isc-dhcp/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'isc-dhcp', - 'scmCommit': 'debian/4.4.3-P1-4', - 'scmUrl': 'https://salsa.debian.org/debian/isc-dhcp', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('isc-dhcp', pkgList, null, true, "**/packages/isc-dhcp/**") diff --git a/packages/isc-dhcp/build.sh b/packages/isc-dhcp/build.sh deleted file mode 100755 index 0d206153..00000000 --- a/packages/isc-dhcp/build.sh +++ /dev/null @@ -1,21 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=isc-dhcp -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -PATCH_DIR=${CWD}/patches -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Copy patch: ${PATCH_DIR}/${patch}" - cp ${PATCH_DIR}/${patch} debian/patches/${patch} - echo ${patch} >> debian/patches/series -done - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch b/packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch deleted file mode 100644 index c13569ad..00000000 --- a/packages/isc-dhcp/patches/0001-Add-support-for-raw-IP-interface-type.patch +++ /dev/null @@ -1,248 +0,0 @@ -From 8d9e8ace96ad9e2dba9f2d4069228dee5daf6772 Mon Sep 17 00:00:00 2001 -From: Loic Poulain <loic.poulain@linaro.org> -Date: Mon, 2 Nov 2020 06:42:12 -0500 -Subject: [PATCH 1/4] Add support for raw IP interface type -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Under linux some devices can expose raw IP interfaces, such as WWAN -modems. In that case IP data is not encapsulated in any lower level -protocol. - -dhclient does not support this currently and this patch adds support -for such pure IP interfaces. - -The original patch comes from Bjørn Mork on Network-Manage mailing list: -https://mail.gnome.org/archives/networkmanager-list/2015-December/msg00044.html - ---- - common/bpf.c | 60 ++++++++++++++++++++++++++++++++++++++++++++++++- - common/lpf.c | 59 +++++++++++++++++++++++++++++++++++++----------- - common/packet.c | 7 ++++++ - includes/dhcp.h | 1 + - 4 files changed, 113 insertions(+), 14 deletions(-) - -diff --git a/common/bpf.c b/common/bpf.c -index 658e5db..0c08574 100644 ---- a/common/bpf.c -+++ b/common/bpf.c -@@ -198,6 +198,34 @@ struct bpf_insn dhcp_bpf_filter [] = { - BPF_STMT (BPF_RET + BPF_K, 0), - }; - -+int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); -+ -+struct bpf_insn dhcp_bpf_pureip_filter [] = { -+ /* Make sure it's a UDP packet... */ -+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 6), -+ -+ /* Make sure this isn't a fragment... */ -+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), -+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 4, 0), -+ -+ /* Get the IP header length... */ -+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0), -+ -+ /* Make sure it's to the right port... */ -+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ -+ /* If we passed all the tests, ask for the whole packet. */ -+ BPF_STMT(BPF_RET+BPF_K, (u_int)-1), -+ -+ /* Otherwise, drop it. */ -+ BPF_STMT(BPF_RET+BPF_K, 0), -+}; -+ -+int dhcp_bpf_pureip_filter_len = -+ sizeof dhcp_bpf_pureip_filter / sizeof (struct bpf_insn); -+ - #if defined(RELAY_PORT) - /* - * For relay port extension -@@ -235,13 +263,43 @@ struct bpf_insn dhcp_bpf_relay_filter [] = { - - int dhcp_bpf_relay_filter_len = - sizeof dhcp_bpf_relay_filter / sizeof (struct bpf_insn); -+ -+struct bpf_insn dhcp_bpf_pureip_relay_filter [] = { -+ /* Make sure it's a UDP packet... */ -+ BPF_STMT (BPF_LD + BPF_B + BPF_ABS, 9), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, IPPROTO_UDP, 0, 8), -+ -+ /* Make sure this isn't a fragment... */ -+ BPF_STMT(BPF_LD + BPF_H + BPF_ABS, 6), -+ BPF_JUMP(BPF_JMP + BPF_JSET + BPF_K, 0x1fff, 6, 0), -+ -+ /* Get the IP header length... */ -+ BPF_STMT (BPF_LDX + BPF_B + BPF_MSH, 0), -+ -+ /* Make sure it's to the right port... */ -+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */ -+ -+ /* relay can have an alternative port... */ -+ BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ -+ /* If we passed all the tests, ask for the whole packet. */ -+ BPF_STMT (BPF_RET + BPF_K, (u_int)-1), -+ -+ /* Otherwise, drop it. */ -+ BPF_STMT (BPF_RET + BPF_K, 0), -+}; -+ -+int dhcp_bpf_pureip_relay_filter_len = -+ sizeof dhcp_bpf_pureip_relay_filter / sizeof (struct bpf_insn); -+ - #endif - - #if defined (DEC_FDDI) - struct bpf_insn *bpf_fddi_filter = NULL; - #endif - --int dhcp_bpf_filter_len = sizeof dhcp_bpf_filter / sizeof (struct bpf_insn); - #if defined (HAVE_TR_SUPPORT) - struct bpf_insn dhcp_bpf_tr_filter [] = { - /* accept all token ring packets due to variable length header */ -diff --git a/common/lpf.c b/common/lpf.c -index bb8822a..d8f34a4 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -177,9 +177,15 @@ void if_deregister_send (info) - extern struct sock_filter dhcp_bpf_filter []; - extern int dhcp_bpf_filter_len; - -+extern struct sock_filter dhcp_bpf_pureip_filter []; -+extern int dhcp_bpf_pureip_filter_len; -+ - #if defined(RELAY_PORT) - extern struct sock_filter dhcp_bpf_relay_filter []; - extern int dhcp_bpf_relay_filter_len; -+ -+extern struct sock_filter dhcp_bpf_pureip_relay_filter []; -+extern int dhcp_bpf_pureip_relay_filter_len; - #endif - - #if defined (HAVE_TR_SUPPORT) -@@ -249,31 +255,52 @@ void if_deregister_receive (info) - static void lpf_gen_filter_setup (info) - struct interface_info *info; - { -+ int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP; - struct sock_fprog p; - - memset(&p, 0, sizeof(p)); - -- /* Set up the bpf filter program structure. This is defined in -- bpf.c */ -- p.len = dhcp_bpf_filter_len; -- p.filter = dhcp_bpf_filter; -+ /* Set up the bpf filter program structure and patch port(s). -+ * -+ * This is defined in bpf.c, XXX changes to filter program may -+ * require changes to the insn number(s) used below! XXX -+ */ -+ -+ if (pure_ip) { -+ p.len = dhcp_bpf_pureip_filter_len; -+ p.filter = dhcp_bpf_pureip_filter; -+ -+ /* patch port */ -+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port); -+ } else { -+ p.len = dhcp_bpf_filter_len; -+ p.filter = dhcp_bpf_filter; -+ -+ /* patch port */ -+ dhcp_bpf_filter [8].k = ntohs (local_port); -+ } - -- /* Patch the server port into the LPF program... -- XXX changes to filter program may require changes -- to the insn number(s) used below! XXX */ - #if defined(RELAY_PORT) -- if (relay_port) { -- /* -- * If user defined relay UDP port, we need to filter -- * also on the user UDP port. -- */ -+ /* -+ * If user defined relay UDP port, we need to filter -+ * also on the user UDP port. -+ */ -+ if (relay_port && pure_ip) { -+ p.len = dhcp_bpf_pureip_relay_filter_len; -+ p.filter = dhcp_bpf_pureip_relay_filter; -+ -+ /* patch ports */ -+ dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port); -+ dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port); -+ } else if (relay_port) { - p.len = dhcp_bpf_relay_filter_len; - p.filter = dhcp_bpf_relay_filter; - -+ /* patch ports */ -+ dhcp_bpf_relay_filter [8].k = ntohs (local_port); - dhcp_bpf_relay_filter [10].k = ntohs (relay_port); - } - #endif -- dhcp_bpf_filter [8].k = ntohs (local_port); - - if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, - sizeof p) < 0) { -@@ -578,6 +605,12 @@ get_hw_addr(const char *name, struct hardware *hw) { - hw->hbuf[3] = 0xbe; - hw->hbuf[4] = 0xef; - break; -+#endif -+#ifdef ARPHRD_RAWIP -+ case ARPHRD_RAWIP: -+ hw->hlen = 1; -+ hw->hbuf[0] = HTYPE_PUREIP; -+ break; - #endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", -diff --git a/common/packet.c b/common/packet.c -index 49795c4..6745db7 100644 ---- a/common/packet.c -+++ b/common/packet.c -@@ -119,6 +119,10 @@ void assemble_hw_header (interface, buf, bufix, to) - case HTYPE_INFINIBAND: - log_error("Attempt to assemble hw header for infiniband"); - break; -+ case HTYPE_PUREIP: -+ /* Nothing to do, there is no hw header */ -+ *bufix = 0; -+ break; - case HTYPE_ETHER: - default: - assemble_ethernet_header(interface, buf, bufix, to); -@@ -219,6 +223,9 @@ ssize_t decode_hw_header (interface, buf, bufix, from) - case HTYPE_INFINIBAND: - log_error("Attempt to decode hw header for infiniband"); - return (0); -+ case HTYPE_PUREIP: -+ /* Nothing to do, there is no hw header */ -+ return 0; - case HTYPE_ETHER: - default: - return (decode_ethernet_header(interface, buf, bufix, from)); -diff --git a/includes/dhcp.h b/includes/dhcp.h -index d519821..75be1fb 100644 ---- a/includes/dhcp.h -+++ b/includes/dhcp.h -@@ -76,6 +76,7 @@ struct dhcp_packet { - #define HTYPE_IEEE802 6 /* IEEE 802.2 Token Ring... */ - #define HTYPE_FDDI 8 /* FDDI... */ - #define HTYPE_INFINIBAND 32 /* IP over Infiniband */ -+#define HTYPE_PUREIP 35 /* Pure IP */ - #define HTYPE_IPMP 255 /* IPMP - random hw address - there - * is no standard for this so we - * just steal a type */ --- -2.39.2 - diff --git a/packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch b/packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch deleted file mode 100644 index 60b693f6..00000000 --- a/packages/isc-dhcp/patches/0002-Checkpoint-improved-patch.patch +++ /dev/null @@ -1,170 +0,0 @@ -From e67d1b6b4178f412084459c4cb7e54a8c0019bd2 Mon Sep 17 00:00:00 2001 -From: Francis Dupont <fdupont@isc.org> -Date: Fri, 6 Nov 2020 10:46:09 +0100 -Subject: [PATCH 2/4] Checkpoint: improved patch - ---- - common/bpf.c | 10 +++--- - common/lpf.c | 89 +++++++++++++++++++++++++++++++++++----------------- - 2 files changed, 65 insertions(+), 34 deletions(-) - -diff --git a/common/bpf.c b/common/bpf.c -index 0c08574..30dcaa5 100644 ---- a/common/bpf.c -+++ b/common/bpf.c -@@ -214,13 +214,13 @@ struct bpf_insn dhcp_bpf_pureip_filter [] = { - - /* Make sure it's to the right port... */ - BPF_STMT (BPF_LD + BPF_H + BPF_IND, 2), -- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */ - - /* If we passed all the tests, ask for the whole packet. */ -- BPF_STMT(BPF_RET+BPF_K, (u_int)-1), -+ BPF_STMT(BPF_RET + BPF_K, (u_int)-1), - - /* Otherwise, drop it. */ -- BPF_STMT(BPF_RET+BPF_K, 0), -+ BPF_STMT(BPF_RET + BPF_K, 0), - }; - - int dhcp_bpf_pureip_filter_len = -@@ -278,11 +278,11 @@ struct bpf_insn dhcp_bpf_pureip_relay_filter [] = { - - /* Make sure it's to the right port... */ - BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 2, 0), /* patch */ -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 2, 0), /* patch */ - - /* relay can have an alternative port... */ - BPF_STMT (BPF_LD + BPF_H + BPF_IND, 16), -- BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 37, 0, 1), /* patch */ -+ BPF_JUMP (BPF_JMP + BPF_JEQ + BPF_K, 67, 0, 1), /* patch */ - - /* If we passed all the tests, ask for the whole packet. */ - BPF_STMT (BPF_RET + BPF_K, (u_int)-1), -diff --git a/common/lpf.c b/common/lpf.c -index d8f34a4..75609f5 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -221,6 +221,9 @@ void if_register_receive (info) - lpf_tr_filter_setup (info); - else - #endif -+ if (info -> hw_address.hbuf [0] == HTYPE_PUREIP) -+ lpf_pureip_filter_setup (info); -+ else - lpf_gen_filter_setup (info); - - if (!quiet_interface_discovery) -@@ -255,50 +258,78 @@ void if_deregister_receive (info) - static void lpf_gen_filter_setup (info) - struct interface_info *info; - { -- int pure_ip = info -> hw_address.hbuf [0] == HTYPE_PUREIP; - struct sock_fprog p; - - memset(&p, 0, sizeof(p)); - -- /* Set up the bpf filter program structure and patch port(s). -- * -- * This is defined in bpf.c, XXX changes to filter program may -- * require changes to the insn number(s) used below! XXX -- */ -+ /* Set up the bpf filter program structure. This is defined in -+ bpf.c */ -+ p.len = dhcp_bpf_filter_len; -+ p.filter = dhcp_bpf_filter; -+ -+ dhcp_bpf_filter [8].k = ntohs (local_port); - -- if (pure_ip) { -- p.len = dhcp_bpf_pureip_filter_len; -- p.filter = dhcp_bpf_pureip_filter; -+ /* Patch the server port into the LPF program... -+ XXX changes to filter program may require changes -+ to the insn number(s) used below! XXX */ -+#if defined(RELAY_PORT) -+ if (relay_port) { -+ /* -+ * If user defined relay UDP port, we need to filter -+ * also on the user UDP port. -+ */ -+ p.len = dhcp_bpf_relay_filter_len; -+ p.filter = dhcp_bpf_relay_filter; - -- /* patch port */ -- dhcp_bpf_pureip_filter [6].k = ntohs (local_port); -- } else { -- p.len = dhcp_bpf_filter_len; -- p.filter = dhcp_bpf_filter; -+ dhcp_bpf_relay_filter [8].k = ntohs (local_port); -+ dhcp_bpf_relay_filter [10].k = ntohs (relay_port); -+ } -+#endif - -- /* patch port */ -- dhcp_bpf_filter [8].k = ntohs (local_port); -+ if (setsockopt (info -> rfdesc, SOL_SOCKET, SO_ATTACH_FILTER, &p, -+ sizeof p) < 0) { -+ if (errno == ENOPROTOOPT || errno == EPROTONOSUPPORT || -+ errno == ESOCKTNOSUPPORT || errno == EPFNOSUPPORT || -+ errno == EAFNOSUPPORT) { -+ log_error ("socket: %m - make sure"); -+ log_error ("CONFIG_PACKET (Packet socket) %s", -+ "and CONFIG_FILTER"); -+ log_error ("(Socket Filtering) are enabled %s", -+ "in your kernel"); -+ log_fatal ("configuration!"); -+ } -+ log_fatal ("Can't install packet filter program: %m"); - } -+} -+ -+static void lpf_pureip_gen_filter_setup (info) -+ struct interface_info *info; -+{ -+ struct sock_fprog p; -+ -+ memset(&p, 0, sizeof(p)); -+ -+ /* Set up the bpf filter program structure. This is defined in -+ bpf.c */ -+ p.len = dhcp_bpf_pureip_filter_len; -+ p.filter = dhcp_bpf_pureip_filter; -+ -+ dhcp_bpf_pureip_filter [6].k = ntohs (local_port); - -+ /* Patch the server port into the LPF program... -+ XXX changes to filter program may require changes -+ to the insn number(s) used below! XXX */ - #if defined(RELAY_PORT) -- /* -- * If user defined relay UDP port, we need to filter -- * also on the user UDP port. -- */ -- if (relay_port && pure_ip) { -+ if (relay_port) { -+ /* -+ * If user defined relay UDP port, we need to filter -+ * also on the user UDP port. -+ */ - p.len = dhcp_bpf_pureip_relay_filter_len; - p.filter = dhcp_bpf_pureip_relay_filter; - -- /* patch ports */ - dhcp_bpf_pureip_relay_filter [6].k = ntohs (local_port); - dhcp_bpf_pureip_relay_filter [8].k = ntohs (relay_port); -- } else if (relay_port) { -- p.len = dhcp_bpf_relay_filter_len; -- p.filter = dhcp_bpf_relay_filter; -- -- /* patch ports */ -- dhcp_bpf_relay_filter [8].k = ntohs (local_port); -- dhcp_bpf_relay_filter [10].k = ntohs (relay_port); - } - #endif - --- -2.39.2 - diff --git a/packages/isc-dhcp/patches/0003-fix-compilation-errors.patch b/packages/isc-dhcp/patches/0003-fix-compilation-errors.patch deleted file mode 100644 index c66e0c7c..00000000 --- a/packages/isc-dhcp/patches/0003-fix-compilation-errors.patch +++ /dev/null @@ -1,48 +0,0 @@ -From 58e0d3317795987b2f1ca788645196d0e3543f88 Mon Sep 17 00:00:00 2001 -From: Adam Smith <zero1three@gmail.com> -Date: Tue, 23 Jan 2024 21:47:00 -0500 -Subject: [PATCH 3/4] fix compilation errors - ---- - common/lpf.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/common/lpf.c b/common/lpf.c -index 75609f5..1561d71 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -195,6 +195,7 @@ static void lpf_tr_filter_setup (struct interface_info *); - #endif - - static void lpf_gen_filter_setup (struct interface_info *); -+static void lpf_pureip_gen_filter_setup (struct interface_info *); - - void if_register_receive (info) - struct interface_info *info; -@@ -215,14 +216,13 @@ void if_register_receive (info) - } - #endif - -- - #if defined (HAVE_TR_SUPPORT) - if (info -> hw_address.hbuf [0] == HTYPE_IEEE802) - lpf_tr_filter_setup (info); - else - #endif - if (info -> hw_address.hbuf [0] == HTYPE_PUREIP) -- lpf_pureip_filter_setup (info); -+ lpf_pureip_gen_filter_setup (info); - else - lpf_gen_filter_setup (info); - -@@ -349,6 +349,7 @@ static void lpf_pureip_gen_filter_setup (info) - } - } - -+ - #if defined (HAVE_TR_SUPPORT) - static void lpf_tr_filter_setup (info) - struct interface_info *info; --- -2.39.2 - diff --git a/packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch b/packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch deleted file mode 100644 index 32089b4d..00000000 --- a/packages/isc-dhcp/patches/0004-add-support-for-ARPHRD_NONE-interface-type.patch +++ /dev/null @@ -1,29 +0,0 @@ -From fd96a11b31cd05aae450ec65fde0b5c6e0b718c2 Mon Sep 17 00:00:00 2001 -From: Adam Smith <zero1three@gmail.com> -Date: Tue, 23 Jan 2024 22:35:54 -0500 -Subject: [PATCH 4/4] add support for ARPHRD_NONE interface type - ---- - common/lpf.c | 6 ++++++ - 1 file changed, 6 insertions(+) - -diff --git a/common/lpf.c b/common/lpf.c -index 1561d71..f7e84b1 100644 ---- a/common/lpf.c -+++ b/common/lpf.c -@@ -643,6 +643,12 @@ get_hw_addr(const char *name, struct hardware *hw) { - hw->hlen = 1; - hw->hbuf[0] = HTYPE_PUREIP; - break; -+#endif -+#ifdef ARPHRD_NONE -+ case ARPHRD_NONE: -+ hw->hlen = 1; -+ hw->hbuf[0] = HTYPE_PUREIP; -+ break; - #endif - default: - log_fatal("Unsupported device type %ld for \"%s\"", --- -2.39.2 - diff --git a/packages/kea/.gitignore b/packages/kea/.gitignore deleted file mode 100644 index 8a9161fe..00000000 --- a/packages/kea/.gitignore +++ /dev/null @@ -1 +0,0 @@ -isc-kea/ diff --git a/packages/kea/Jenkinsfile b/packages/kea/Jenkinsfile deleted file mode 100644 index d5b20040..00000000 --- a/packages/kea/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'isc-kea', - 'scmCommit': 'debian/2.4.1-1', - 'scmUrl': 'https://salsa.debian.org/debian/isc-kea', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ISC Kea', pkgList, null, true, "**/packages/kea/**") diff --git a/packages/kea/build.sh b/packages/kea/build.sh deleted file mode 100755 index ec46d293..00000000 --- a/packages/kea/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=isc-kea -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -PATCH_DIR=${CWD}/patches -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Apply patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} -done - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/keepalived/.gitignore b/packages/keepalived/.gitignore deleted file mode 100644 index 9503bdbd..00000000 --- a/packages/keepalived/.gitignore +++ /dev/null @@ -1 +0,0 @@ -keepalived/ diff --git a/packages/keepalived/Jenkinsfile b/packages/keepalived/Jenkinsfile deleted file mode 100644 index 0d886751..00000000 --- a/packages/keepalived/Jenkinsfile +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def package_name = 'keepalived' - -def pkgList = [ - ['name': "${package_name}", - 'scmCommit': 'debian/1%2.2.8-1', - 'scmUrl': 'https://salsa.debian.org/debian/pkg-keepalived.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; ../build.py'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage("${package_name}", pkgList, null, true, "**/packages/${package_name}/**") diff --git a/packages/keepalived/build.py b/packages/keepalived/build.py deleted file mode 100755 index 04f4791b..00000000 --- a/packages/keepalived/build.py +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - patches_dir = Path('../patches') - current_dir: str = Path.cwd().as_posix() - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True) - series_file = Path(f'{current_dir}/debian/patches/series') - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{current_dir}/debian/patches/') - if series_file.exists(): - series_data: str = series_file.read_text() - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() diff --git a/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch b/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch deleted file mode 100644 index b099dc7b..00000000 --- a/packages/keepalived/patches/0001-vrrp-Set-sysctl-arp_ignore-to-1-on-IPv6-VMACs.patch +++ /dev/null @@ -1,129 +0,0 @@ -From af4aa758c3512bec8233549e138b03741c5404f9 Mon Sep 17 00:00:00 2001 -From: Quentin Armitage <quentin@armitage.org.uk> -Date: Sat, 14 Oct 2023 15:37:19 +0100 -Subject: [PATCH] vrrp: Set sysctl arp_ignore to 1 on IPv6 VMACs - -Setting arp_ignore to 1 ensures that the VMAC interface does not respond -to ARP requests for IPv4 addresses not configured on the VMAC. - -Signed-off-by: Quentin Armitage <quentin@armitage.org.uk> ---- - keepalived/include/vrrp_if_config.h | 2 +- - keepalived/vrrp/vrrp_if_config.c | 28 ++++++++++++++++++++-------- - keepalived/vrrp/vrrp_vmac.c | 5 ++--- - 3 files changed, 23 insertions(+), 12 deletions(-) - -diff --git a/keepalived/include/vrrp_if_config.h b/keepalived/include/vrrp_if_config.h -index 35465cd..c35e56e 100644 ---- a/keepalived/include/vrrp_if_config.h -+++ b/keepalived/include/vrrp_if_config.h -@@ -34,7 +34,7 @@ extern void set_promote_secondaries(interface_t*); - extern void reset_promote_secondaries(interface_t*); - #ifdef _HAVE_VRRP_VMAC_ - extern void restore_rp_filter(void); --extern void set_interface_parameters(const interface_t*, interface_t*); -+extern void set_interface_parameters(const interface_t*, interface_t*, sa_family_t); - extern void reset_interface_parameters(interface_t*); - extern void link_set_ipv6(const interface_t*, bool); - #endif -diff --git a/keepalived/vrrp/vrrp_if_config.c b/keepalived/vrrp/vrrp_if_config.c -index cfce7e2..fbfd34c 100644 ---- a/keepalived/vrrp/vrrp_if_config.c -+++ b/keepalived/vrrp/vrrp_if_config.c -@@ -81,6 +81,11 @@ static sysctl_opts_t vmac_sysctl[] = { - { 0, 0} - }; - -+static sysctl_opts_t vmac_sysctl_6[] = { -+ { IPV4_DEVCONF_ARP_IGNORE, 1 }, -+ { 0, 0} -+}; -+ - #endif - #endif - -@@ -216,11 +221,14 @@ netlink_set_interface_flags(unsigned ifindex, const sysctl_opts_t *sys_opts) - - #ifdef _HAVE_VRRP_VMAC_ - static inline int --netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+netlink_set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_flags(ifp->ifindex, vmac_sysctl)) -+ if (netlink_set_interface_flags(ifp->ifindex, family == AF_INET6 ? vmac_sysctl_6 : vmac_sysctl)) - return -1; - -+ if (family == AF_INET6) -+ return 0; -+ - /* If the underlying interface is a MACVLAN that has been moved into - * a separate network namespace from the parent, we can't access the - * parent. */ -@@ -271,9 +279,9 @@ netlink_reset_interface_parameters(const interface_t* ifp) - } - - static inline void --set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_devconf(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { -- if (netlink_set_interface_parameters(ifp, base_ifp)) -+ if (netlink_set_interface_parameters(ifp, base_ifp, family)) - log_message(LOG_INFO, "Unable to set parameters for %s", ifp->ifname); - } - -@@ -310,11 +318,15 @@ reset_promote_secondaries_devconf(interface_t *ifp) - - #ifdef _HAVE_VRRP_VMAC_ - static inline void --set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters_sysctl(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - unsigned val; - - set_sysctl("net/ipv4/conf", ifp->ifname, "arp_ignore", 1); -+ -+ if (family == AF_INET6) -+ return; -+ - set_sysctl("net/ipv4/conf", ifp->ifname, "accept_local", 1); - set_sysctl("net/ipv4/conf", ifp->ifname, "rp_filter", 0); - -@@ -524,15 +536,15 @@ restore_rp_filter(void) - } - - void --set_interface_parameters(const interface_t *ifp, interface_t *base_ifp) -+set_interface_parameters(const interface_t *ifp, interface_t *base_ifp, sa_family_t family) - { - if (all_rp_filter == UINT_MAX) - clear_rp_filter(); - - #ifdef _HAVE_IPV4_DEVCONF_ -- set_interface_parameters_devconf(ifp, base_ifp); -+ set_interface_parameters_devconf(ifp, base_ifp, family); - #else -- set_interface_parameters_sysctl(ifp, base_ifp); -+ set_interface_parameters_sysctl(ifp, base_ifp, family); - #endif - } - -diff --git a/keepalived/vrrp/vrrp_vmac.c b/keepalived/vrrp/vrrp_vmac.c -index e5ff0e9..021953a 100644 ---- a/keepalived/vrrp/vrrp_vmac.c -+++ b/keepalived/vrrp/vrrp_vmac.c -@@ -407,10 +407,9 @@ netlink_link_add_vmac(vrrp_t *vrrp, const interface_t *old_interface) - if (!ifp->ifindex) - return false; - -- if (vrrp->family == AF_INET && create_interface) { -+ if (create_interface) { - /* Set the necessary kernel parameters to make macvlans work for us */ --// If this saves current base_ifp's settings, we need to be careful if multiple VMACs on same i/f -- set_interface_parameters(ifp, ifp->base_ifp); -+ set_interface_parameters(ifp, ifp->base_ifp, vrrp->family); - } - - #ifdef _WITH_FIREWALL_ --- -2.34.1 - diff --git a/packages/linux-kernel/.gitignore b/packages/linux-kernel/.gitignore deleted file mode 100644 index a3e9257c..00000000 --- a/packages/linux-kernel/.gitignore +++ /dev/null @@ -1,27 +0,0 @@ -/linux -/wireguard -/wireguard-linux-compat -/accel-ppp -/intel-qat -/linux-firmware -/vyos-drivers-intel* -/vyos-drivers-realtek* -/ovpn-dco -/nat-rtsp -/jool* -/qat* -/QAT* -*.tar.xz -/*.postinst - -# Intel Driver source -i40e-*/ -igb-*/ -ixgbe-*/ -ixgbevf-*/ -vyos-intel-*/ -vyos-linux-firmware*/ -kernel-vars -r8152-*.tar.bz2 -/MLNX_OFED_SRC* -/vyos-mellanox-ofed* diff --git a/packages/linux-kernel/Jenkinsfile b/packages/linux-kernel/Jenkinsfile deleted file mode 100644 index c354200e..00000000 --- a/packages/linux-kernel/Jenkinsfile +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright (C) 2020-2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - // The Linux Kernel - ['name': 'kernel', - 'buildCmd': ''' - # all scripts must be executed one level above ... - cd .. - - # read the required Kernel version - KERNEL_VER=\$(cat ../../data/defaults.toml | tomlq -r .kernel_version) - gpg2 --locate-keys torvalds@kernel.org gregkh@kernel.org - curl -OL https://www.kernel.org/pub/linux/kernel/v6.x/linux-${KERNEL_VER}.tar.xz - curl -OL https://www.kernel.org/pub/linux/kernel/v6.x/linux-${KERNEL_VER}.tar.sign - xz -cd linux-${KERNEL_VER}.tar.xz | gpg2 --verify linux-${KERNEL_VER}.tar.sign - - if [ $? -ne 0 ]; then - exit 1 - fi - - # Unpack Kernel source - tar xf linux-${KERNEL_VER}.tar.xz - ln -s linux-${KERNEL_VER} linux - # ... Build Kernel - ./build-kernel.sh - '''], - - // Firmware - ['name': 'linux-firmware', 'scmCommit': '20240610', - 'scmUrl': 'https://git.kernel.org/pub/scm/linux/kernel/git/firmware/linux-firmware.git', - 'buildCmd': 'cd ..; ./build-linux-firmware.sh'], - - // Accel-PPP - ['name': 'accel-ppp', 'scmCommit': '1.13.0', - 'scmUrl': 'https://github.com/accel-ppp/accel-ppp.git', - 'buildCmd': 'cd ..; pwd; ls -al; ./build-accel-ppp.sh'], - - // Intel QAT - ['name': 'qat', 'buildCmd': 'cd ..; ./build-intel-qat.sh'], - - // Intel IXGBE - ['name': 'ixgbe', 'buildCmd': 'cd ..; ./build-intel-ixgbe.sh'], - - // Intel IXGBEVF - ['name': 'ixgbevf', 'buildCmd': 'cd ..; ./build-intel-ixgbevf.sh'], - - // Mellanox OFED - ['name': 'ofed', 'buildCmd': 'cd ..; sudo ./build-mellanox-ofed.sh'], - - // Jool - ['name': 'jool', 'buildCmd': 'cd ..; ./build-jool.py'], - - // OpenVPN DCO - ['name': 'ovpn-dco','scmCommit': 'v0.2.20231117', - 'scmUrl': 'https://github.com/OpenVPN/ovpn-dco', - 'buildCmd': 'cd ..; ./build-openvpn-dco.sh'], - - // RTSP netfilter helper - ['name': 'nat-rtsp', 'scmCommit': '475af0a', - 'scmUrl': 'https://github.com/maru-sama/rtsp-linux.git', - 'buildCmd': 'cd ..; ./build-nat-rtsp.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('Kernel', pkgList, null, true, "**/packages/linux-kernel/**") diff --git a/packages/linux-kernel/README.md b/packages/linux-kernel/README.md deleted file mode 100644 index ee9a5175..00000000 --- a/packages/linux-kernel/README.md +++ /dev/null @@ -1,36 +0,0 @@ -# About - -VyOS runs on a custom Linux Kernel (which is 4.19) at the time of this writing. -This repository holds a Jenkins Pipeline which is used to build the Custom -Kernel (x86_64/amd64 at the moment) and all required out-of tree modules. - -VyOS does not utilize the build in Intel Kernel drivers for its NICs as those -Kernels sometimes lack features e.g. configurable receive-side-scaling queues. -On the other hand we ship additional not mainlined features as WireGuard VPN. - -## Kernel - -The Kernel is build from the vanilla repositories hosted at https://git.kernel.org. -VyOS requires two additional patches to work which are stored in the patches/kernel -folder. - -### Config - -The Kernel configuration used is [x86_64_vyos_defconfig](x86_64_vyos_defconfig) -which will be copied on demand during the Pipeline run into the `arch/x86/configs`i -direcotry of the Kernel source tree. - -Other configurations can be added in the future easily. - -### Modules - -VyOS utilizes several Out-of-Tree modules (e.g. WireGuard, Accel-PPP and Intel -network interface card drivers). Module source code is retrieved from the -upstream repository and - when needed - patched so it can be build using this -pipeline. - -In the past VyOS maintainers had a fork of the Linux Kernel, WireGuard and -Accel-PPP. This is fine but increases maintenance effort. By utilizing vanilla -repositories upgrading to new versions is very easy - only the branch/commit/tag -used when cloning the repository via [Jenkinsfile](Jenkinsfile) needs to be -adjusted. diff --git a/packages/linux-kernel/build-accel-ppp.sh b/packages/linux-kernel/build-accel-ppp.sh deleted file mode 100755 index 1685ff8d..00000000 --- a/packages/linux-kernel/build-accel-ppp.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -ACCEL_SRC=${CWD}/accel-ppp -if [ ! -d ${ACCEL_SRC} ]; then - echo "Accel-PPP source not found" - exit 1 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -PATCH_DIR=${CWD}/patches/accel-ppp -if [ -d $PATCH_DIR ]; then - cd ${ACCEL_SRC} - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} - done -fi - -. ${KERNEL_VAR_FILE} -mkdir -p ${ACCEL_SRC}/build -cd ${ACCEL_SRC}/build - -echo "I: Build Accel-PPP Debian package" -cmake -DBUILD_IPOE_DRIVER=TRUE \ - -DBUILD_VLAN_MON_DRIVER=TRUE \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DKDIR=${KERNEL_DIR} \ - -DLUA=5.3 \ - -DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \ - -DCPACK_TYPE=Debian12 .. -make -cpack -G DEB - -# rename resulting Debian package according git description -mv accel-ppp*.deb ${CWD}/accel-ppp_$(git describe --always --tags)_$(dpkg --print-architecture).deb diff --git a/packages/linux-kernel/build-intel-ixgbe.sh b/packages/linux-kernel/build-intel-ixgbe.sh deleted file mode 100755 index ab44f551..00000000 --- a/packages/linux-kernel/build-intel-ixgbe.sh +++ /dev/null @@ -1,110 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel ixgbe is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://sourceforge.net/projects/e1000/files/ixgbe%20stable/5.20.3/ixgbe-5.20.3.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="ixgbe" -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//') -DRIVER_VERSION_EXTRA="" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbe.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR}/src -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/ -echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel" -sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbe_main.c -sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbe_main.c - -# See https://vyos.dev/T6155 -echo "I: always enable allow_unsupported_sfp for all NICs by default" -patch -l -p1 < ../../patches/ixgbe/allow_unsupported_sfp.patch - -# See https://vyos.dev/T6162 -echo "I: add 1000BASE-BX support" -patch -l -p1 < ../../patches/ixgbe/add_1000base-bx_support.patch - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi -if [ -f ${DEBIAN_POSTINST} ]; then - rm -f ${DEBIAN_POSTINST} -fi diff --git a/packages/linux-kernel/build-intel-ixgbevf.sh b/packages/linux-kernel/build-intel-ixgbevf.sh deleted file mode 100755 index 39803852..00000000 --- a/packages/linux-kernel/build-intel-ixgbevf.sh +++ /dev/null @@ -1,102 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel ixgbevf is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://sourceforge.net/projects/e1000/files/ixgbevf%20stable/4.18.9/ixgbevf-4.18.9.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="ixgbevf" -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | sed 's/^-//') -DRIVER_VERSION_EXTRA="" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-ixgbevf.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} --strip-components=1 -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR}/src -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -# See https://lore.kernel.org/lkml/f90837d0-810e-5772-7841-28d47c44d260@intel.com/ -echo "I: remove pci_enable_pcie_error_reporting() code no longer present in Kernel" -sed -i '/.*pci_disable_pcie_error_reporting(pdev);/d' ixgbevf_main.c -sed -i '/.*pci_enable_pcie_error_reporting(pdev);/d' ixgbevf_main.c - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -make KSRC=${KERNEL_DIR} INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} -j $(getconf _NPROCESSORS_ONLN) install - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi -if [ -f ${DEBIAN_POSTINST} ]; then - rm -f ${DEBIAN_POSTINST} -fi diff --git a/packages/linux-kernel/build-intel-qat.sh b/packages/linux-kernel/build-intel-qat.sh deleted file mode 100755 index 5b0e023f..00000000 --- a/packages/linux-kernel/build-intel-qat.sh +++ /dev/null @@ -1,114 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if ! dpkg-architecture -iamd64; then - echo "Intel-QAT is only buildable on amd64 platforms" - exit 0 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -url="https://dev.packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz" - -cd ${CWD} - -DRIVER_FILE=$(basename ${url} | sed -e s/tar_0/tar/) -DRIVER_DIR="${DRIVER_FILE%.tar.gz}" -DRIVER_NAME="QAT" -DRIVER_NAME_EXTRA="L." -DRIVER_VERSION=$(echo ${DRIVER_DIR} | awk -F${DRIVER_NAME} '{print $2}' | awk -F${DRIVER_NAME_EXTRA} '{print $2}') -DRIVER_VERSION_EXTRA="-0" - -# Build up Debian related variables required for packaging -DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="${CWD}/vyos-intel-${DRIVER_NAME}_${DRIVER_VERSION}${DRIVER_VERSION_EXTRA}_${DEBIAN_ARCH}" -DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" -DEBIAN_POSTINST="${CWD}/vyos-intel-qat.postinst" - -# Fetch Intel driver source from SourceForge -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -curl -L -o ${DRIVER_FILE} ${url} -if [ "$?" -ne "0" ]; then - exit 1 -fi - -# Unpack archive -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -mkdir -p ${DRIVER_DIR} -tar -C ${DRIVER_DIR} -xf ${DRIVER_FILE} - -cd ${DRIVER_DIR} -if [ -z $KERNEL_DIR ]; then - echo "KERNEL_DIR not defined" - exit 1 -fi - -echo "I: Compile Kernel module for Intel ${DRIVER_NAME} driver" -mkdir -p \ - ${DEBIAN_DIR}/lib/firmware \ - ${DEBIAN_DIR}/usr/sbin \ - ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu \ - ${DEBIAN_DIR}/etc/init.d -KERNEL_SOURCE_ROOT=${KERNEL_DIR} ./configure --enable-kapi --enable-qat-lkcf -make -j $(getconf _NPROCESSORS_ONLN) all -make INSTALL_MOD_PATH=${DEBIAN_DIR} INSTALL_FW_PATH=${DEBIAN_DIR} \ - qat-driver-install adf-ctl-all - -if [ "x$?" != "x0" ]; then - exit 1 -fi - -cp quickassist/qat/fw/*.bin ${DEBIAN_DIR}/lib/firmware -cp build/*.so ${DEBIAN_DIR}/usr/lib/x86_64-linux-gnu -cp build/adf_ctl ${DEBIAN_DIR}/usr/sbin -cp quickassist/build_system/build_files/qat_service ${DEBIAN_DIR}/etc/init.d -cp build/usdm_drv.ko ${DEBIAN_DIR}/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/updates/drivers -chmod 644 ${DEBIAN_DIR}/lib/firmware/* -chmod 755 ${DEBIAN_DIR}/etc/init.d/* ${DEBIAN_DIR}/usr/local/bin/* - -if [ -f ${DEBIAN_DIR}.deb ]; then - rm ${DEBIAN_DIR}.deb -fi - -# build Debian package -echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" -cd ${CWD} - -# delete non required files which are also present in the kernel package -# und thus lead to duplicated files -find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f - -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ - --version ${DRIVER_VERSION}${DRIVER_VERSION_EXTRA} --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Vendor based driver for Intel ${DRIVER_NAME}" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} - -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi -if [ -f ${DEBIAN_POSTINST} ]; then - rm -f ${DEBIAN_POSTINST} -fi diff --git a/packages/linux-kernel/build-kernel.sh b/packages/linux-kernel/build-kernel.sh deleted file mode 100755 index f7b0c597..00000000 --- a/packages/linux-kernel/build-kernel.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/bin/bash -CWD=$(pwd) -KERNEL_SRC=linux - -set -e - -if [ ! -d ${KERNEL_SRC} ]; then - echo "Linux Kernel source directory does not exists, please 'git clone'" - exit 1 -fi - -echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source" -cp -rv arch/ ${KERNEL_SRC}/ - -cd ${KERNEL_SRC} - -echo "I: clean modified files" -git reset --hard HEAD - -KERNEL_VERSION=$(make kernelversion) -KERNEL_SUFFIX=-$(awk -F "= " '/kernel_flavor/ {print $2}' ../../../data/defaults.toml | tr -d \") -KERNEL_CONFIG=arch/x86/configs/vyos_defconfig - -# VyOS requires some small Kernel Patches - apply them here -# It's easier to habe them here and make use of the upstream -# repository instead of maintaining a full Kernel Fork. -# Saving time/resources is essential :-) -PATCH_DIR=${CWD}/patches/kernel -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Apply Kernel patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} -done - -TRUSTED_KEYS_FILE=trusted_keys.pem -# start with empty key file -echo -n "" > $TRUSTED_KEYS_FILE -CERTS=$(find ../../../data/live-build-config/includes.chroot/var/lib/shim-signed/mok -name "*.pem" -type f) -if [ ! -z "${CERTS}" ]; then - # add known public keys to Kernel certificate chain - for file in $CERTS; do - cat $file >> $TRUSTED_KEYS_FILE - done - - # Force Kernel module signing and embed public keys - echo "CONFIG_MODULE_SIG_FORMAT=y" >> $KERNEL_CONFIG - echo "CONFIG_MODULE_SIG=y" >> $KERNEL_CONFIG - echo "CONFIG_MODULE_SIG_FORCE=y" >> $KERNEL_CONFIG - echo "# CONFIG_MODULE_SIG_ALL is not set" >> $KERNEL_CONFIG - echo "CONFIG_MODULE_SIG_SHA512=y" >> $KERNEL_CONFIG - echo "CONFIG_MODULE_SIG_HASH=\"sha512\"" >> $KERNEL_CONFIG - echo "CONFIG_MODULE_SIG_KEY=\"\"" >> $KERNEL_CONFIG - echo "CONFIG_MODULE_SIG_KEY_TYPE_RSA=y" >> $KERNEL_CONFIG - echo "CONFIG_SYSTEM_TRUSTED_KEYS=\"$TRUSTED_KEYS_FILE\"" >> $KERNEL_CONFIG -fi - -echo "I: make vyos_defconfig" -# Select Kernel configuration - currently there is only one -make vyos_defconfig - -echo "I: Generate environment file containing Kernel variable" -cat << EOF >${CWD}/kernel-vars -#!/bin/sh -export KERNEL_VERSION=${KERNEL_VERSION} -export KERNEL_SUFFIX=${KERNEL_SUFFIX} -export KERNEL_DIR=${CWD}/${KERNEL_SRC} -EOF - -echo "I: Build Debian Kernel package" -touch .scmversion -make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN) - -cd $CWD -if [[ $? == 0 ]]; then - for package in $(ls linux-*.deb) - do - ln -sf linux-kernel/$package .. - done -fi diff --git a/packages/linux-kernel/build-linux-firmware.sh b/packages/linux-kernel/build-linux-firmware.sh deleted file mode 100755 index 2b1fa7b7..00000000 --- a/packages/linux-kernel/build-linux-firmware.sh +++ /dev/null @@ -1,98 +0,0 @@ -#!/bin/bash - -# All selected drivers are then precomfiled "make drivers/foo/bar.i" and we grep for -# the magic word "UNIQUE_ID_firmware" which identifies firmware files. - -CWD=$(pwd) -LINUX_SRC="linux" -LINUX_FIRMWARE="linux-firmware" -KERNEL_VAR_FILE=${CWD}/kernel-vars - -if [ ! -d ${LINUX_SRC} ]; then - echo "Kernel source missing" - exit 1 -fi - -if [ ! -d ${LINUX_FIRMWARE} ]; then - echo "Linux firmware repository missing" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -result=() -# Retrieve firmware blobs from source files -FW_FILES=$(find ${LINUX_SRC}/debian/linux-image/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/kernel/drivers/net -name *.ko | xargs modinfo | grep "^firmware:" | awk '{print $2}') - -# Debian package will use the descriptive Git commit as version -GIT_COMMIT=$(cd ${CWD}/${LINUX_FIRMWARE}; git describe --always) -VYOS_FIRMWARE_NAME="vyos-linux-firmware" -VYOS_FIRMWARE_DIR="${VYOS_FIRMWARE_NAME}_${GIT_COMMIT}-0_all" -if [ -d ${VYOS_FIRMWARE_DIR} ]; then - # remove Debian package folder and deb file from previous runs - rm -rf ${VYOS_FIRMWARE_DIR}* -fi -mkdir -p ${VYOS_FIRMWARE_DIR} - -# Install firmware files to build directory -LINUX_FIRMWARE_BUILD_DIR="${LINUX_FIRMWARE}_${GIT_COMMIT}" - -if [ -d ${LINUX_FIRMWARE_BUILD_DIR} ]; then - rm -rf "${LINUX_FIRMWARE_BUILD_DIR}" -fi - -mkdir -p "${LINUX_FIRMWARE_BUILD_DIR}" - -( - cd ${LINUX_FIRMWARE} - ./copy-firmware.sh "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}" -) - -# Copy firmware file from linux firmware build directory into -# assembly folder for the vyos-firmware package -SED_REPLACE="s@${CWD}/${LINUX_FIRMWARE}/@@" -for FILE_PATTERN in ${FW_FILES}; do - find "${LINUX_FIRMWARE_BUILD_DIR}" -path "*/${FILE_PATTERN}" -print0 | while IFS= read -r -d $'\0' FILE; do - TARGET="$(echo "${FILE}" | sed "s/${LINUX_FIRMWARE_BUILD_DIR}\///g")" - TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${TARGET}")" - # If file is a symlink install the symlink target as well - if [ -h "${FILE}" ]; then - if [ ! -f "${TARGET_DIR}/$(basename "${TARGET}")" ]; then - if [ -f "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then - mkdir -p "${TARGET_DIR}" - - echo "I: install firmware: ${TARGET}" - cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}" - # If file links to other folder which this script not cover. Create folder and copy together. - if [ -L "${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" ]; then - REALPATH_TARGET=$(realpath --relative-to="${CWD}/${LINUX_FIRMWARE_BUILD_DIR}" "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}") - REALPATH_TARGET_DIR="${VYOS_FIRMWARE_DIR}/lib/firmware/$(dirname "${REALPATH_TARGET}")" - mkdir -p "${REALPATH_TARGET_DIR}" - echo "I: install firmware: ${REALPATH_TARGET}" - cp "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${REALPATH_TARGET}" "${REALPATH_TARGET_DIR}" - fi - else - echo "I: firmware file not found: ${TARGET}" - fi - fi - fi - - if [ -f "${FILE}" ]; then - mkdir -p "${TARGET_DIR}" - echo "I: install firmware: ${TARGET}" - cp -P "${CWD}/${LINUX_FIRMWARE_BUILD_DIR}/${TARGET}" "${TARGET_DIR}" - else - echo "I: firmware file not found: ${TARGET}" - fi - done -done - -echo "I: Create linux-firmware package" -rm -f ${VYOS_FIRMWARE_NAME}_*.deb -fpm --input-type dir --output-type deb --name ${VYOS_FIRMWARE_NAME} \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Binary firmware for various drivers in the Linux kernel" \ - --architecture all --version ${GIT_COMMIT} --deb-compression gz -C ${VYOS_FIRMWARE_DIR} - -rm -rf "${LINUX_FIRMWARE_BUILD_DIR}" -rm -rf ${VYOS_FIRMWARE_DIR} diff --git a/packages/linux-kernel/build-nat-rtsp.sh b/packages/linux-kernel/build-nat-rtsp.sh deleted file mode 100755 index 40018cfb..00000000 --- a/packages/linux-kernel/build-nat-rtsp.sh +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -SRC=${CWD}/nat-rtsp -if [ ! -d ${SRC} ]; then - echo "nat-rtsp source not found" - exit 1 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -cd ${SRC} && make KERNELDIR=$KERNEL_DIR - -# Copy binary to package directory -DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra -mkdir -p ${DEBIAN_DIR} -cp nf_conntrack_rtsp.ko nf_nat_rtsp.ko ${DEBIAN_DIR} - -DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst" -echo "#!/bin/sh" > ${DEBIAN_POSTINST} -echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} - -# Build Debian Package -fpm --input-type dir --output-type deb --name nat-rtsp \ - --version $(git describe --tags --always) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Connection tracking and NAT support for RTSP" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --after-install ${DEBIAN_POSTINST} \ - --license "GPL2" --chdir tmp - -mv *.deb .. - -if [ -f ${DEBIAN_POSTINST} ]; then - rm -f ${DEBIAN_POSTINST} -fi diff --git a/packages/linux-kernel/build-openvpn-dco.sh b/packages/linux-kernel/build-openvpn-dco.sh deleted file mode 100755 index fd427825..00000000 --- a/packages/linux-kernel/build-openvpn-dco.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -KERNEL_VAR_FILE=${CWD}/kernel-vars - -SRC=${CWD}/ovpn-dco -if [ ! -d ${SRC} ]; then - echo "OpenVPN DCO source not found" - exit 1 -fi - -if [ ! -f ${KERNEL_VAR_FILE} ]; then - echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" - exit 1 -fi - -. ${KERNEL_VAR_FILE} - -cd ${SRC} && make KERNEL_SRC=$KERNEL_DIR - -# Copy binary to package directory -DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra -mkdir -p ${DEBIAN_DIR} -cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR} - -# Build Debian Package -fpm --input-type dir --output-type deb --name openvpn-dco \ - --version $(git describe | sed s/^v//) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "OpenVPN Data Channel Offload" \ - --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" --chdir tmp - -mv *.deb .. diff --git a/packages/ndppd/.gitignore b/packages/ndppd/.gitignore deleted file mode 100644 index 0f24798d..00000000 --- a/packages/ndppd/.gitignore +++ /dev/null @@ -1 +0,0 @@ -ndppd/ diff --git a/packages/ndppd/Jenkinsfile b/packages/ndppd/Jenkinsfile deleted file mode 100644 index f112ae38..00000000 --- a/packages/ndppd/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'ndppd', - 'scmCommit': 'debian/0.2.5-6', - 'scmUrl': 'https://salsa.debian.org/debian/ndppd', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('ndppd', pkgList, null, true, "**/packages/ndppd/**") diff --git a/packages/ndppd/build.sh b/packages/ndppd/build.sh deleted file mode 100755 index 223cf52b..00000000 --- a/packages/ndppd/build.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=ndppd -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -PATCH_DIR=${CWD}/patches -for patch in $(ls ${PATCH_DIR}) -do - echo "I: Apply patch: ${PATCH_DIR}/${patch}" - patch -p1 < ${PATCH_DIR}/${patch} -done - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch b/packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch deleted file mode 100644 index df6d2e5c..00000000 --- a/packages/ndppd/patches/0001-skip-route-table-if-there-is-no-auto-rule.patch +++ /dev/null @@ -1,83 +0,0 @@ -From b148ba055245cec5007ee91dd3ffbfeb58d49c5a Mon Sep 17 00:00:00 2001 -From: Henning Surmeier <me@hensur.de> -Date: Sun, 9 Jan 2022 20:35:15 +0100 -Subject: [PATCH 1/2] skip route table if there is no auto rule - ---- - src/ndppd.cc | 3 ++- - src/rule.cc | 8 ++++++++ - src/rule.h | 4 ++++ - 3 files changed, 14 insertions(+), 1 deletion(-) - -diff --git a/src/ndppd.cc b/src/ndppd.cc -index bec9656..b303721 100644 ---- a/src/ndppd.cc -+++ b/src/ndppd.cc -@@ -304,7 +304,8 @@ int main(int argc, char* argv[], char* env[]) - t1.tv_sec = t2.tv_sec; - t1.tv_usec = t2.tv_usec; - -- route::update(elapsed_time); -+ if (rule::any_auto()) -+ route::update(elapsed_time); - session::update_all(elapsed_time); - } - -diff --git a/src/rule.cc b/src/rule.cc -index 9e72480..a1e8376 100644 ---- a/src/rule.cc -+++ b/src/rule.cc -@@ -24,6 +24,8 @@ - - NDPPD_NS_BEGIN - -+bool rule::_any_aut = false; -+ - rule::rule() - { - } -@@ -49,6 +51,7 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut) - ru->_pr = pr; - ru->_addr = addr; - ru->_aut = aut; -+ _any_aut = _any_aut || aut; - - logger::debug() - << "rule::create() if=" << pr->ifa()->name().c_str() << ", addr=" << addr -@@ -57,6 +60,11 @@ ptr<rule> rule::create(const ptr<proxy>& pr, const address& addr, bool aut) - return ru; - } - -+bool rule::any_auto() -+{ -+ return _any_aut; -+} -+ - const address& rule::addr() const - { - return _addr; -diff --git a/src/rule.h b/src/rule.h -index 6663066..ca2aa36 100644 ---- a/src/rule.h -+++ b/src/rule.h -@@ -42,6 +42,8 @@ public: - - bool check(const address& addr) const; - -+ static bool any_auto(); -+ - private: - weak_ptr<rule> _ptr; - -@@ -53,6 +55,8 @@ private: - - bool _aut; - -+ static bool _any_aut; -+ - rule(); - }; - --- -2.34.1 - diff --git a/packages/ndppd/patches/0002-set-vyos-version.patch b/packages/ndppd/patches/0002-set-vyos-version.patch deleted file mode 100644 index 3fef87c4..00000000 --- a/packages/ndppd/patches/0002-set-vyos-version.patch +++ /dev/null @@ -1,25 +0,0 @@ -From b0789cf679b0179d37e22f5a936af273d982abeb Mon Sep 17 00:00:00 2001 -From: Henning Surmeier <me@hensur.de> -Date: Tue, 11 Jan 2022 13:05:47 +0100 -Subject: [PATCH 2/2] set -vyos version - ---- - src/ndppd.h | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/ndppd.h b/src/ndppd.h -index 008726c..61ed950 100644 ---- a/src/ndppd.h -+++ b/src/ndppd.h -@@ -21,7 +21,7 @@ - #define NDPPD_NS_BEGIN namespace ndppd { - #define NDPPD_NS_END } - --#define NDPPD_VERSION "0.2.4" -+#define NDPPD_VERSION "0.2.5-vyos" - - #include <assert.h> - --- -2.34.1 - diff --git a/packages/net-snmp/.gitignore b/packages/net-snmp/.gitignore deleted file mode 100644 index 3f41bbac..00000000 --- a/packages/net-snmp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -net-snmp/ diff --git a/packages/net-snmp/Jenkinsfile b/packages/net-snmp/Jenkinsfile deleted file mode 100644 index a2b21ce5..00000000 --- a/packages/net-snmp/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'net-snmp', - 'scmCommit': 'debian/5.9.4+dfsg-1', - 'scmUrl': 'https://salsa.debian.org/debian/net-snmp', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('net-snmp', pkgList, null, true, "**/packages/net-snmp/**") diff --git a/packages/net-snmp/build.sh b/packages/net-snmp/build.sh deleted file mode 100755 index ebaeb6eb..00000000 --- a/packages/net-snmp/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=net-snmp - -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - echo "I: Apply SNMP patches not in main repository:" - for patch in $(ls ${PATCH_DIR}) - do - cp ${PATCH_DIR}/${patch} debian/patches - echo ${patch} >> debian/patches/series - done -fi - -echo "I: Build Debian net-snmp Package" -# We need "|| true" to fix an issue wioth the make system -#make[2]: Leaving directory '/vyos/vyos-build/packages/net-snmp/net-snmp/snmplib' -#making clean in /vyos/vyos-build/packages/net-snmp/net-snmp/agent -#make[2]: Entering directory '/vyos/vyos-build/packages/net-snmp/net-snmp/agent' -#make[2]: *** No rule to make target 'clean'. Stop. -dpkg-buildpackage -us -uc -tc -b || true diff --git a/packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch b/packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch deleted file mode 100644 index b6dcd77a..00000000 --- a/packages/net-snmp/patches/add-linux-6.7-compatibility-parsing.patch +++ /dev/null @@ -1,119 +0,0 @@ -From f5ae6baf0018abda9dedc368fe6d52c0d7a8ab8f Mon Sep 17 00:00:00 2001 -From: Philippe Troin <phil+github-commits@fifi.org> -Date: Sat, 3 Feb 2024 10:30:30 -0800 -Subject: [PATCH] Add Linux 6.7 compatibility parsing /proc/net/snmp - -Linux 6.7 adds a new OutTransmits field to Ip in /proc/net/snmp. -This breaks the hard-coded assumptions about the Ip line length. -Add compatibility to parse Linux 6.7 Ip header while keep support -for previous versions. ---- - .../ip-mib/data_access/systemstats_linux.c | 46 +++++++++++++++---- - 1 file changed, 37 insertions(+), 9 deletions(-) - -diff --git a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c -index 49e0a34d5c..f04e828a94 100644 ---- a/agent/mibgroup/ip-mib/data_access/systemstats_linux.c -+++ b/agent/mibgroup/ip-mib/data_access/systemstats_linux.c -@@ -36,7 +36,7 @@ netsnmp_access_systemstats_arch_init(void) - } - - /* -- /proc/net/snmp -+ /proc/net/snmp - Linux 6.6 and lower - - Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates - Ip: 2 64 7083534 0 0 0 0 0 6860233 6548963 0 0 1 286623 63322 1 259920 0 0 -@@ -49,6 +49,26 @@ netsnmp_access_systemstats_arch_init(void) - - Udp: InDatagrams NoPorts InErrors OutDatagrams - Udp: 1491094 122 0 1466178 -+* -+ /proc/net/snmp - Linux 6.7 and higher -+ -+ Ip: Forwarding DefaultTTL InReceives InHdrErrors InAddrErrors ForwDatagrams InUnknownProtos InDiscards InDelivers OutRequests OutDiscards OutNoRoutes ReasmTimeout ReasmReqds ReasmOKs ReasmFails FragOKs FragFails FragCreates OutTransmits -+ Ip: 1 64 50859058 496 0 37470604 0 0 20472980 7515791 1756 0 0 7264 3632 0 3548 0 7096 44961424 -+ -+ Icmp: InMsgs InErrors InCsumErrors InDestUnreachs InTimeExcds InParmProbs InSrcQuenchs InRedirects InEchos InEchoReps InTimestamps InTimestampReps InAddrMasks InAddrMaskReps OutMsgs OutErrors OutRateLimitGlobal OutRateLimitHost OutDestUnreachs OutTimeExcds OutParmProbs OutSrcQuenchs OutRedirects OutEchos OutEchoReps OutTimestamps OutTimestampReps OutAddrMasks OutAddrMaskReps -+ Icmp: 114447 2655 0 17589 0 0 0 0 66905 29953 0 0 0 0 143956 0 0 572 16610 484 0 0 0 59957 66905 0 0 0 0 -+ -+ IcmpMsg: InType0 InType3 InType8 OutType0 OutType3 OutType8 OutType11 -+ IcmpMsg: 29953 17589 66905 66905 16610 59957 484 -+ -+ Tcp: RtoAlgorithm RtoMin RtoMax MaxConn ActiveOpens PassiveOpens AttemptFails EstabResets CurrEstab InSegs OutSegs RetransSegs InErrs OutRsts InCsumErrors -+ Tcp: 1 200 120000 -1 17744 13525 307 3783 6 18093137 9277788 3499 8 7442 0 -+ -+ Udp: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors -+ Udp: 2257832 1422 0 2252835 0 0 0 84 0 -+ -+ UdpLite: InDatagrams NoPorts InErrors OutDatagrams RcvbufErrors SndbufErrors InCsumErrors IgnoredMulti MemErrors -+ UdpLite: 0 0 0 0 0 0 0 0 0 - */ - - -@@ -101,10 +121,10 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - FILE *devin; - char line[1024]; - netsnmp_systemstats_entry *entry = NULL; -- int scan_count; -+ int scan_count, expected_scan_count; - char *stats, *start = line; - int len; -- unsigned long long scan_vals[19]; -+ unsigned long long scan_vals[20]; - - DEBUGMSGTL(("access:systemstats:container:arch", "load v4 (flags %x)\n", - load_flags)); -@@ -126,10 +146,17 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - */ - NETSNMP_IGNORE_RESULT(fgets(line, sizeof(line), devin)); - len = strlen(line); -- if (224 != len) { -+ switch (len) { -+ case 224: -+ expected_scan_count = 19; -+ break; -+ case 237: -+ expected_scan_count = 20; -+ break; -+ default: - fclose(devin); - snmp_log(LOG_ERR, "systemstats_linux: unexpected header length in /proc/net/snmp." -- " %d != 224\n", len); -+ " %d not in { 224, 237 } \n", len); - return -4; - } - -@@ -178,20 +205,20 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - memset(scan_vals, 0x0, sizeof(scan_vals)); - scan_count = sscanf(stats, - "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu" -- "%llu %llu %llu %llu %llu %llu %llu %llu %llu", -+ "%llu %llu %llu %llu %llu %llu %llu %llu %llu %llu", - &scan_vals[0],&scan_vals[1],&scan_vals[2], - &scan_vals[3],&scan_vals[4],&scan_vals[5], - &scan_vals[6],&scan_vals[7],&scan_vals[8], - &scan_vals[9],&scan_vals[10],&scan_vals[11], - &scan_vals[12],&scan_vals[13],&scan_vals[14], - &scan_vals[15],&scan_vals[16],&scan_vals[17], -- &scan_vals[18]); -+ &scan_vals[18],&scan_vals[19]); - DEBUGMSGTL(("access:systemstats", " read %d values\n", scan_count)); - -- if(scan_count != 19) { -+ if(scan_count != expected_scan_count) { - snmp_log(LOG_ERR, - "error scanning systemstats data (expected %d, got %d)\n", -- 19, scan_count); -+ expected_scan_count, scan_count); - netsnmp_access_systemstats_entry_free(entry); - return -4; - } -@@ -223,6 +250,7 @@ _systemstats_v4(netsnmp_container* container, u_int load_flags) - entry->stats.HCOutFragFails.high = scan_vals[17] >> 32; - entry->stats.HCOutFragCreates.low = scan_vals[18] & 0xffffffff; - entry->stats.HCOutFragCreates.high = scan_vals[18] >> 32; -+ /* entry->stats. = scan_vals[19]; / * OutTransmits */ - - entry->stats.columnAvail[IPSYSTEMSTATSTABLE_HCINRECEIVES] = 1; - entry->stats.columnAvail[IPSYSTEMSTATSTABLE_INHDRERRORS] = 1; diff --git a/packages/netfilter/.gitignore b/packages/netfilter/.gitignore deleted file mode 100644 index 8518afb9..00000000 --- a/packages/netfilter/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -/pkg-libnftnl/ -/pkg-nftables/ - diff --git a/packages/netfilter/Jenkinsfile b/packages/netfilter/Jenkinsfile deleted file mode 100644 index 45fc6ed8..00000000 --- a/packages/netfilter/Jenkinsfile +++ /dev/null @@ -1,39 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - // libnftnl - ['name': 'pkg-libnftnl', - 'scmCommit': 'debian/1.2.6-2', - 'scmUrl': 'https://salsa.debian.org/pkg-netfilter-team/pkg-libnftnl.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; dpkg-buildpackage -uc -us -tc -b'], - - // nftables - ['name': 'pkg-nftables', - 'scmCommit': 'debian/1.0.9-1', - 'scmUrl': 'https://salsa.debian.org/pkg-netfilter-team/pkg-nftables.git', - 'buildCmd': '''sudo dpkg -i ../libnftnl*.deb; - sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; - ../build.py'''], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('Netfilter', pkgList, null, true) diff --git a/packages/netfilter/build.py b/packages/netfilter/build.py deleted file mode 100755 index 2851a679..00000000 --- a/packages/netfilter/build.py +++ /dev/null @@ -1,55 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - package_dir: str = Path.cwd().name - current_dir: str = Path.cwd().as_posix() - patches_dir = Path(f'../patches/{package_dir}') - patches_dir_dst = Path(f'{current_dir}/debian/patches') - if not patches_dir_dst.exists(): - patches_dir_dst.mkdir(parents = True) - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - series_file = Path(f'{patches_dir_dst.as_posix()}/series') - if series_file.exists(): - series_data: str = series_file.read_text() - else: - - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{patches_dir_dst.as_posix()}') - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() - diff --git a/packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch b/packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch deleted file mode 100644 index dd466f1a..00000000 --- a/packages/netfilter/patches/pkg-nftables/0001-meta-fix-hour-decoding.patch +++ /dev/null @@ -1,118 +0,0 @@ -From d392ddf243dcbf8a34726c777d2c669b1e8bfa85 Mon Sep 17 00:00:00 2001 -From: Florian Westphal <fw@strlen.de> -Date: Thu, 2 Nov 2023 15:34:13 +0100 -Subject: meta: fix hour decoding when timezone offset is negative - -Brian Davidson says: - - meta hour rules don't display properly after being created when the - hour is on or after 00:00 UTC. The netlink debug looks correct for - seconds past midnight UTC, but displaying the rules looks like an - overflow or a byte order problem. I am in UTC-0400, so today, 20:00 - and later exhibits the problem, while 19:00 and earlier hours are - fine. - -meta.c only ever worked when the delta to UTC is positive. -We need to add in case the second counter turns negative after -offset adjustment. - -Also add a test case for this. - -Fixes: f8f32deda31d ("meta: Introduce new conditions 'time', 'day' and 'hour'") -Reported-by: Brian Davidson <davidson.brian@gmail.com> -Signed-off-by: Florian Westphal <fw@strlen.de> ---- - src/meta.c | 11 ++++- - .../shell/testcases/listing/dumps/meta_time.nodump | 0 - tests/shell/testcases/listing/meta_time | 52 ++++++++++++++++++++++ - 3 files changed, 61 insertions(+), 2 deletions(-) - create mode 100644 tests/shell/testcases/listing/dumps/meta_time.nodump - create mode 100755 tests/shell/testcases/listing/meta_time - -diff --git a/src/meta.c b/src/meta.c -index b578d5e2..7846aefe 100644 ---- a/src/meta.c -+++ b/src/meta.c -@@ -495,9 +495,16 @@ static void hour_type_print(const struct expr *expr, struct output_ctx *octx) - - /* Obtain current tm, so that we can add tm_gmtoff */ - ts = time(NULL); -- if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm)) -- seconds = (seconds + cur_tm.tm_gmtoff) % SECONDS_PER_DAY; -+ if (ts != ((time_t) -1) && localtime_r(&ts, &cur_tm)) { -+ int32_t adj = seconds + cur_tm.tm_gmtoff; - -+ if (adj < 0) -+ adj += SECONDS_PER_DAY; -+ else if (adj >= SECONDS_PER_DAY) -+ adj -= SECONDS_PER_DAY; -+ -+ seconds = adj; -+ } - minutes = seconds / 60; - seconds %= 60; - hours = minutes / 60; -diff --git a/tests/shell/testcases/listing/dumps/meta_time.nodump b/tests/shell/testcases/listing/dumps/meta_time.nodump -new file mode 100644 -index 00000000..e69de29b -diff --git a/tests/shell/testcases/listing/meta_time b/tests/shell/testcases/listing/meta_time -new file mode 100755 -index 00000000..a9761998 ---- /dev/null -+++ b/tests/shell/testcases/listing/meta_time -@@ -0,0 +1,52 @@ -+#!/bin/bash -+ -+set -e -+ -+TMP1=$(mktemp) -+TMP2=$(mktemp) -+ -+cleanup() -+{ -+ rm -f "$TMP1" -+ rm -f "$TMP2" -+} -+ -+check_decode() -+{ -+ TZ=$1 $NFT list chain t c | grep meta > "$TMP2" -+ diff -u "$TMP1" "$TMP2" -+} -+ -+trap cleanup EXIT -+ -+$NFT -f - <<EOF -+table t { -+ chain c { -+ } -+} -+EOF -+ -+for i in $(seq -w 0 23); do -+ TZ=UTC $NFT add rule t c meta hour "$i:00"-"$i:59" -+done -+ -+# Check decoding in UTC, this mirrors 1:1 what should have been added. -+for i in $(seq 0 23); do -+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1" -+done -+ -+check_decode UTC -+ -+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 23 0 23 59 > "$TMP1" -+for i in $(seq 0 22); do -+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1" -+done -+check_decode UTC+1 -+ -+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 1 0 1 59 > "$TMP1" -+for i in $(seq 2 23); do -+ printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" $i 0 $i 59 >> "$TMP1" -+done -+printf "\t\tmeta hour \"%02d:%02d\"-\"%02d:%02d\"\n" 0 0 0 59 >> "$TMP1" -+ -+check_decode UTC-1 --- -cgit v1.2.3 - diff --git a/packages/opennhrp/.gitignore b/packages/opennhrp/.gitignore deleted file mode 100644 index cc02948b..00000000 --- a/packages/opennhrp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -opennhrp/ diff --git a/packages/opennhrp/Jenkinsfile b/packages/opennhrp/Jenkinsfile deleted file mode 100644 index 637bcecb..00000000 --- a/packages/opennhrp/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'opennhrp', - 'scmCommit': '613277f', - 'scmUrl': 'https://git.code.sf.net/p/opennhrp/code', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('opennhrp', pkgList, null, true, "**/packages/opennhrp/**") diff --git a/packages/opennhrp/build.sh b/packages/opennhrp/build.sh deleted file mode 100755 index e12d4765..00000000 --- a/packages/opennhrp/build.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh -SRC=opennhrp -if [ ! -d $SRC ]; then - echo "source directory $SRC does not exist!" - echo "$ git clone https://git.code.sf.net/p/opennhrp/code opennhrp" - exit 1 -fi -cd $SRC - -INSTALL_DIR=debian -if [ -d $INSTALL_DIR ]; then - rm -rf $INSTALL_DIR -fi - -make clean -make - -install --directory debian/etc debian/usr/sbin -install --mode 0644 etc/racoon-ph1dead.sh debian/etc -install --mode 0644 etc/racoon-ph1down.sh debian/etc -install --strip --mode 0755 nhrp/opennhrp debian/usr/sbin -install --strip --mode 0755 nhrp/opennhrpctl debian/usr/sbin - -# Version' field value 'v0.14-20-g613277f': version number does not start with digit -# "cut" first character from version string -fpm --input-type dir --output-type deb --name opennhrp \ - --version $(git describe --always | cut -c2-) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "NBMA Next Hop Resolution Protocol daemon" \ - --license "MIT" -C $INSTALL_DIR --package .. diff --git a/packages/openvpn-otp/.gitignore b/packages/openvpn-otp/.gitignore deleted file mode 100644 index 91d40208..00000000 --- a/packages/openvpn-otp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -openvpn-otp/ diff --git a/packages/openvpn-otp/Jenkinsfile b/packages/openvpn-otp/Jenkinsfile deleted file mode 100644 index 9e0de629..00000000 --- a/packages/openvpn-otp/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'openvpn-otp', - 'scmCommit': 'master', - 'scmUrl': 'https://github.com/evgeny-gridasov/openvpn-otp', - 'buildCmd': 'cd ..; ./build-openvpn-otp.sh'], -] -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('openvpn-otp', pkgList, null, true, "**/packages/openvpn-otp/**") diff --git a/packages/openvpn-otp/build-openvpn-otp.sh b/packages/openvpn-otp/build-openvpn-otp.sh deleted file mode 100755 index 6870db64..00000000 --- a/packages/openvpn-otp/build-openvpn-otp.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -set -e -CWD=$(pwd) -SRC=openvpn-otp - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -for pkt in debhelper libssl-dev openvpn -do - dpkg -s $pkt 2>&1 >/dev/null - if [ $? -ne 0 ]; then - echo "Package $pkt not installed - required" - exit 1 - fi -done - -# Build instructions as per https://github.com/evgeny-gridasov/openvpn-otp/blob/master/README.md -cd ${SRC} -./autogen.sh -./configure --prefix=/usr -make - -# install -mkdir -p usr/lib/openvpn -cp src/.libs/openvpn-otp.so usr/lib/openvpn - -fpm --input-type dir --output-type deb --name openvpn-otp \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "OpenVPN OTP Authentication support." \ - --depends openvpn --architecture $(dpkg --print-architecture) \ - --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr - -cp *.deb ${CWD} diff --git a/packages/owamp/.gitignore b/packages/owamp/.gitignore deleted file mode 100644 index 0826a5ef..00000000 --- a/packages/owamp/.gitignore +++ /dev/null @@ -1 +0,0 @@ -owamp/ diff --git a/packages/owamp/Jenkinsfile b/packages/owamp/Jenkinsfile deleted file mode 100644 index 995c8c4c..00000000 --- a/packages/owamp/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2022 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'owamp', - 'scmCommit': 'v4.4.6', - 'scmUrl': 'https://github.com/perfsonar/owamp', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('owamp', pkgList, null, true, "**/packages/owamp/**") diff --git a/packages/owamp/build.sh b/packages/owamp/build.sh deleted file mode 100755 index 8c99f02d..00000000 --- a/packages/owamp/build.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -x -CWD=$(pwd) -set -e - -SRC=owamp - -if [ ! -d ${SRC} ]; then - echo "source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -echo "I: Retrieve version information from Git" -# Build owamp-client owamp-server twamp-client twamp-server -echo "I: Build VyOS owamp Packages" -dpkg-buildpackage -us -uc -tc -b diff --git a/packages/pam_tacplus/.gitignore b/packages/pam_tacplus/.gitignore deleted file mode 100644 index 4c18b4a2..00000000 --- a/packages/pam_tacplus/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -pam_tacplus/ -pam_tacplus-debian/ diff --git a/packages/pam_tacplus/Jenkinsfile b/packages/pam_tacplus/Jenkinsfile deleted file mode 100644 index 89a5d529..00000000 --- a/packages/pam_tacplus/Jenkinsfile +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright (C) 2022 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'pam_tacplus-debian', - 'scmCommit': '50c6fd7', - 'scmUrl': 'https://github.com/kravietz/pam_tacplus-debian', - 'buildCmd': '/bin/true'], - ['name': 'pam_tacplus', - 'scmCommit': '4f91b0d', - 'scmUrl': 'https://github.com/kravietz/pam_tacplus', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('pam_tacplus', pkgList, null, true, "**/packages/pam_tacplus/**") diff --git a/packages/pam_tacplus/build.sh b/packages/pam_tacplus/build.sh deleted file mode 100755 index 2aa69014..00000000 --- a/packages/pam_tacplus/build.sh +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=pam_tacplus -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -cd ${SRC} -cp -a ../pam_tacplus-debian debian -rm -f debian/compat - -sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/pmacct/.gitignore b/packages/pmacct/.gitignore deleted file mode 100644 index c2274717..00000000 --- a/packages/pmacct/.gitignore +++ /dev/null @@ -1 +0,0 @@ -pmacct/ diff --git a/packages/pmacct/Jenkinsfile b/packages/pmacct/Jenkinsfile deleted file mode 100644 index 19af2c9b..00000000 --- a/packages/pmacct/Jenkinsfile +++ /dev/null @@ -1,33 +0,0 @@ -// Copyright (C) 2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def package_name = 'pmacct' -// "sudo apt-get remove git -y" is necessary for solving this issue https://vyos.dev/T5663 -def pkgList = [ - ['name': "${package_name}", - 'scmCommit': 'debian/1.7.7-1', - 'scmUrl': 'https://salsa.debian.org/debian/pmacct.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get remove git -y; ../build.py'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage("${package_name}", pkgList, null, true, "**/packages/pmacct/**") diff --git a/packages/pmacct/build.py b/packages/pmacct/build.py deleted file mode 100755 index 0f666392..00000000 --- a/packages/pmacct/build.py +++ /dev/null @@ -1,49 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - patches_dir = Path('../patches') - current_dir: str = Path.cwd().as_posix() - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - series_file = Path(f'{current_dir}/debian/patches/series') - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{current_dir}/debian/patches/') - if series_file.exists(): - series_data: str = series_file.read_text() - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() diff --git a/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch b/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch deleted file mode 100644 index cb5f7399..00000000 --- a/packages/pmacct/patches/0001-fix-pmacctd-SEGV-when-ICMP-ICMPv6-traffic-was-proces.patch +++ /dev/null @@ -1,49 +0,0 @@ -From 58900c9d0f98f224577c28dc2323061d33823f39 Mon Sep 17 00:00:00 2001 -From: Paolo Lucente <pl+github@pmacct.net> -Date: Fri, 4 Mar 2022 22:07:29 +0000 -Subject: [PATCH] * fix, pmacctd: SEGV when ICMP/ICMPv6 traffic was processed - and 'flows' primitive was enabled. To address Issue #586 - ---- - src/nl.c | 12 +++--------- - 1 file changed, 3 insertions(+), 9 deletions(-) - -diff --git a/src/nl.c b/src/nl.c -index c42689ed..6a3da94b 100644 ---- a/src/nl.c -+++ b/src/nl.c -@@ -1,6 +1,6 @@ - /* - pmacct (Promiscuous mode IP Accounting package) -- pmacct is Copyright (C) 2003-2021 by Paolo Lucente -+ pmacct is Copyright (C) 2003-2022 by Paolo Lucente - */ - - /* -@@ -293,10 +293,7 @@ int ip_handler(register struct packet_ptrs *pptrs) - } - } - else { -- if (pptrs->l4_proto != IPPROTO_ICMP) { -- pptrs->tlh_ptr = dummy_tlhdr; -- } -- -+ pptrs->tlh_ptr = dummy_tlhdr; - if (off < caplen) pptrs->payload_ptr = ptr; - } - -@@ -479,10 +476,7 @@ int ip6_handler(register struct packet_ptrs *pptrs) - } - } - else { -- if (pptrs->l4_proto != IPPROTO_ICMPV6) { -- pptrs->tlh_ptr = dummy_tlhdr; -- } -- -+ pptrs->tlh_ptr = dummy_tlhdr; - if (off < caplen) pptrs->payload_ptr = ptr; - } - --- -2.34.1 - diff --git a/packages/podman/.gitignore b/packages/podman/.gitignore deleted file mode 100644 index 1055abad..00000000 --- a/packages/podman/.gitignore +++ /dev/null @@ -1 +0,0 @@ -podman/ diff --git a/packages/podman/Jenkinsfile b/packages/podman/Jenkinsfile deleted file mode 100644 index cc787565..00000000 --- a/packages/podman/Jenkinsfile +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'podman', - 'scmCommit': 'v4.9.5', - 'scmUrl': 'https://github.com/containers/podman', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('podman', pkgList, null, true, "**/packages/podman/**") diff --git a/packages/podman/build.sh b/packages/podman/build.sh deleted file mode 100755 index 251f8a48..00000000 --- a/packages/podman/build.sh +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/bash - -export PATH=/opt/go/bin:$PATH - -SRC=podman -if [ ! -d $SRC ]; then - echo "source directory $SRC does not exist!" - exit 1 -fi - -sudo apt-get install -y libseccomp-dev libgpgme-dev - -cd $SRC - -echo "I: installing dependencies" -make install.tools -echo "I: building podman" -make podman-release - -tar xf podman-release-$(dpkg --print-architecture).tar.gz -# retrieve version number from podman archive folder: podman-v4.9.5/ -# remove leading podman string -VERSION=$(ls -d podman-v* | cut -c9-) - -fpm --input-type dir --output-type deb --name podman \ - --version $VERSION --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "Engine to run OCI-based containers in Pods" \ - --depends conmon --depends crun --depends netavark --depends libgpgme11 \ - --depends fuse-overlayfs --depends golang-github-containers-common \ - --license "Apache License 2.0" -C podman-v$VERSION --package .. - diff --git a/packages/pyhumps/.gitignore b/packages/pyhumps/.gitignore deleted file mode 100644 index 0cf480fa..00000000 --- a/packages/pyhumps/.gitignore +++ /dev/null @@ -1 +0,0 @@ -humps/ diff --git a/packages/pyhumps/Jenkinsfile b/packages/pyhumps/Jenkinsfile deleted file mode 100644 index 523ffdde..00000000 --- a/packages/pyhumps/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2022 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'humps', - 'scmCommit': 'v3.8.0', - 'scmUrl': 'https://github.com/nficano/humps.git', - 'buildCmd': 'python setup.py --command-packages=stdeb.command bdist_deb; cp deb_dist/*.deb ..'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('humps', pkgList, null, false, "**/packages/pyhumps/**") diff --git a/packages/radvd/.gitignore b/packages/radvd/.gitignore deleted file mode 100644 index 142acc2d..00000000 --- a/packages/radvd/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -radvd/ -*.deb diff --git a/packages/radvd/Jenkinsfile b/packages/radvd/Jenkinsfile deleted file mode 100644 index 6b4f4a0b..00000000 --- a/packages/radvd/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'radvd', - 'scmCommit': 'f2de4764559', - 'scmUrl': 'https://github.com/radvd-project/radvd', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('radvd', pkgList, null, true, "**/packages/radvd/**") diff --git a/packages/radvd/build.sh b/packages/radvd/build.sh deleted file mode 100755 index 36057e27..00000000 --- a/packages/radvd/build.sh +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -SRC=radvd -if [ ! -d $SRC ]; then - echo "source directory $SRC does not exist!" - echo "$ git clone https://github.com/radvd-project/radvd" - exit 1 -fi -cd $SRC - -INSTALL_DIR=debian -if [ -d $INSTALL_DIR ]; then - rm -rf $INSTALL_DIR -fi - -./autogen.sh -./configure -make - -install --directory debian/lib/systemd/system debian/usr/sbin -install --mode 0644 radvd.service debian/lib/systemd/system -install --strip --mode 0755 radvd debian/usr/sbin - -# Version' field value 'v0.14-20-g613277f': version number does not start with digit -# "cut" first character from version string -fpm --input-type dir --output-type deb --name radvd \ - --version $(git describe --always | cut -c2- | tr _ -) --deb-compression gz \ - --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ - --description "RADVD router advertisement daemon" \ - --license "RADVD" -C $INSTALL_DIR --package .. diff --git a/packages/strongswan/.gitignore b/packages/strongswan/.gitignore deleted file mode 100644 index c6b0d6f0..00000000 --- a/packages/strongswan/.gitignore +++ /dev/null @@ -1 +0,0 @@ -strongswan/ diff --git a/packages/strongswan/Jenkinsfile b/packages/strongswan/Jenkinsfile deleted file mode 100644 index d79941d7..00000000 --- a/packages/strongswan/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2021-2023 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'strongswan', - 'scmCommit': 'debian/5.9.11-2', - 'scmUrl': 'https://salsa.debian.org/debian/strongswan.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('strongswan', pkgList, null, true, "**/packages/strongswan/**") diff --git a/packages/strongswan/build.sh b/packages/strongswan/build.sh deleted file mode 100755 index c0dab4d5..00000000 --- a/packages/strongswan/build.sh +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -# extracted build dependencies, as autogenerationg and installing them will fail :/ -sudo apt-get install -y bison \ - bzip2 \ - debhelper-compat \ - dh-apparmor \ - dpkg-dev \ - flex \ - gperf \ - libiptc-dev \ - libcap-dev \ - libcurl3-dev \ - libgcrypt20-dev \ - libgmp3-dev \ - libkrb5-dev \ - libldap2-dev \ - libnm-dev \ - libpam0g-dev \ - libsqlite3-dev \ - libssl-dev \ - libsystemd-dev \ - libtool \ - libtss2-dev \ - libxml2-dev \ - pkg-config \ - po-debconf \ - systemd \ - libsystemd-dev \ - tzdata - -SRC=strongswan -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series - done -fi - -cd ${SRC} - -echo "I: bump version" -dch -v "5.9.11-2+vyos0" "Patchset for DMVPN support" -b - -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b -d diff --git a/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch b/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch deleted file mode 100644 index ceb47350..00000000 --- a/packages/strongswan/patches/0001-charon-add-optional-source-and-remote-overrides-for-.patch +++ /dev/null @@ -1,579 +0,0 @@ -From db627ec8a8e72bc6b23dc8ab00f4e6b4f448d01c Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:41:58 +0300 -Subject: [PATCH 1/3] charon: add optional source and remote overrides for - initiate -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -This introduces support for specifying optional IKE SA specific -source and remote address for child sa initiation. This allows -to initiate wildcard connection for known address via vici. - -In addition this allows impler implementation of trap-any patches -and is a prerequisite for dmvpn support. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/charon-cmd/cmd/cmd_connection.c | 2 +- - src/libcharon/control/controller.c | 42 +++++++++++- - src/libcharon/control/controller.h | 3 + - src/libcharon/plugins/stroke/stroke_control.c | 5 +- - src/libcharon/plugins/vici/vici_config.c | 2 +- - src/libcharon/plugins/vici/vici_control.c | 64 ++++++++++++++++--- - .../processing/jobs/start_action_job.c | 2 +- - src/libcharon/sa/ike_sa_manager.c | 50 ++++++++++++++- - src/libcharon/sa/ike_sa_manager.h | 8 ++- - src/libcharon/sa/trap_manager.c | 44 +++++-------- - src/swanctl/commands/initiate.c | 40 +++++++++++- - 11 files changed, 215 insertions(+), 47 deletions(-) - -diff --git a/src/charon-cmd/cmd/cmd_connection.c b/src/charon-cmd/cmd/cmd_connection.c -index 2e2cb3c..b9369a8 100644 ---- a/src/charon-cmd/cmd/cmd_connection.c -+++ b/src/charon-cmd/cmd/cmd_connection.c -@@ -439,7 +439,7 @@ static job_requeue_t initiate(private_cmd_connection_t *this) - child_cfg = create_child_cfg(this, peer_cfg); - - if (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS) -+ NULL, NULL, controller_cb_empty, NULL, LEVEL_SILENT, 0, FALSE) != SUCCESS) - { - terminate(pid); - } -diff --git a/src/libcharon/control/controller.c b/src/libcharon/control/controller.c -index 027f48e..4ce8616 100644 ---- a/src/libcharon/control/controller.c -+++ b/src/libcharon/control/controller.c -@@ -15,6 +15,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include "controller.h" - - #include <sys/types.h> -@@ -107,6 +129,16 @@ struct interface_listener_t { - */ - ike_sa_t *ike_sa; - -+ /** -+ * Our host hint. -+ */ -+ host_t *my_host; -+ -+ /** -+ * Other host hint. -+ */ -+ host_t *other_host; -+ - /** - * unique ID, used for various methods - */ -@@ -417,10 +449,15 @@ METHOD(job_t, initiate_execute, job_requeue_t, - ike_sa_t *ike_sa; - interface_listener_t *listener = &job->listener; - peer_cfg_t *peer_cfg = listener->peer_cfg; -+ host_t *my_host = listener->my_host; -+ host_t *other_host = listener->other_host; - - ike_sa = charon->ike_sa_manager->checkout_by_config(charon->ike_sa_manager, -- peer_cfg); -+ peer_cfg, my_host, other_host); - peer_cfg->destroy(peer_cfg); -+ DESTROY_IF(my_host); -+ DESTROY_IF(other_host); -+ - if (!ike_sa) - { - DESTROY_IF(listener->child_cfg); -@@ -499,6 +536,7 @@ METHOD(job_t, initiate_execute, job_requeue_t, - - METHOD(controller_t, initiate, status_t, - private_controller_t *this, peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, -+ host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, level_t max_level, u_int timeout, - bool limits) - { -@@ -523,6 +561,8 @@ METHOD(controller_t, initiate, status_t, - .status = FAILED, - .child_cfg = child_cfg, - .peer_cfg = peer_cfg, -+ .my_host = my_host ? my_host->clone(my_host) : NULL, -+ .other_host = other_host ? other_host->clone(other_host) : NULL, - .lock = spinlock_create(), - .options.limits = limits, - }, -diff --git a/src/libcharon/control/controller.h b/src/libcharon/control/controller.h -index 36a1d46..a130fbb 100644 ---- a/src/libcharon/control/controller.h -+++ b/src/libcharon/control/controller.h -@@ -81,6 +81,8 @@ struct controller_t { - * - * @param peer_cfg peer_cfg to use for IKE_SA setup - * @param child_cfg optional child_cfg to set up CHILD_SA from -+ * @param my_host optional address hint for source -+ * @param other_host optional address hint for destination - * @param cb logging callback - * @param param parameter to include in each call of cb - * @param max_level maximum log level for which cb is invoked -@@ -95,6 +97,7 @@ struct controller_t { - */ - status_t (*initiate)(controller_t *this, - peer_cfg_t *peer_cfg, child_cfg_t *child_cfg, -+ host_t *my_host, host_t *other_host, - controller_cb_t callback, void *param, - level_t max_level, u_int timeout, bool limits); - -diff --git a/src/libcharon/plugins/stroke/stroke_control.c b/src/libcharon/plugins/stroke/stroke_control.c -index 2824c93..21ff6b3 100644 ---- a/src/libcharon/plugins/stroke/stroke_control.c -+++ b/src/libcharon/plugins/stroke/stroke_control.c -@@ -109,7 +109,7 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg - if (msg->output_verbosity < 0) - { - charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- NULL, NULL, 0, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, 0, FALSE); - } - else - { -@@ -117,7 +117,8 @@ static void charon_initiate(private_stroke_control_t *this, peer_cfg_t *peer_cfg - status_t status; - - status = charon->controller->initiate(charon->controller, -- peer_cfg, child_cfg, (controller_cb_t)stroke_log, -+ peer_cfg, child_cfg, NULL, NULL, -+ (controller_cb_t)stroke_log, - &info, msg->output_verbosity, this->timeout, FALSE); - switch (status) - { -diff --git a/src/libcharon/plugins/vici/vici_config.c b/src/libcharon/plugins/vici/vici_config.c -index 5221225..b1486e3 100644 ---- a/src/libcharon/plugins/vici/vici_config.c -+++ b/src/libcharon/plugins/vici/vici_config.c -@@ -2252,7 +2252,7 @@ static void run_start_action(private_vici_config_t *this, peer_cfg_t *peer_cfg, - DBG1(DBG_CFG, "initiating '%s'", child_cfg->get_name(child_cfg)); - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), child_cfg->get_ref(child_cfg), -- NULL, NULL, 0, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, 0, FALSE); - } - } - -diff --git a/src/libcharon/plugins/vici/vici_control.c b/src/libcharon/plugins/vici/vici_control.c -index 1c236d2..811d8db 100644 ---- a/src/libcharon/plugins/vici/vici_control.c -+++ b/src/libcharon/plugins/vici/vici_control.c -@@ -15,6 +15,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include "vici_control.h" - #include "vici_builder.h" - -@@ -173,9 +195,11 @@ static child_cfg_t* find_child_cfg(char *name, char *pname, peer_cfg_t **out) - CALLBACK(initiate, vici_message_t*, - private_vici_control_t *this, char *name, u_int id, vici_message_t *request) - { -+ vici_message_t* msg; - peer_cfg_t *peer_cfg = NULL; - child_cfg_t *child_cfg; -- char *child, *ike, *type, *sa; -+ host_t *my_host = NULL, *other_host = NULL; -+ char *child, *ike, *type, *sa, *my_host_str, *other_host_str; - int timeout; - bool limits; - controller_cb_t log_cb = NULL; -@@ -189,6 +213,8 @@ CALLBACK(initiate, vici_message_t*, - timeout = request->get_int(request, 0, "timeout"); - limits = request->get_bool(request, FALSE, "init-limits"); - log.level = request->get_int(request, 1, "loglevel"); -+ my_host_str = request->get_str(request, NULL, "my-host"); -+ other_host_str = request->get_str(request, NULL, "other-host"); - - if (!child && !ike) - { -@@ -199,31 +225,52 @@ CALLBACK(initiate, vici_message_t*, - log_cb = (controller_cb_t)log_vici; - } - -+ if (my_host_str) -+ { -+ my_host = host_create_from_string(my_host_str, 0); -+ } -+ if (other_host_str) -+ { -+ other_host = host_create_from_string(other_host_str, 0); -+ } -+ -+ - type = child ? "CHILD_SA" : "IKE_SA"; - sa = child ?: ike; - - child_cfg = find_child_cfg(child, ike, &peer_cfg); - -- DBG1(DBG_CFG, "vici initiate %s '%s'", type, sa); -+ DBG1(DBG_CFG, "vici initiate %s '%s', me %H, other %H, limits %d", type, sa, my_host, other_host, limits); - if (!peer_cfg) - { -- return send_reply(this, "%s config '%s' not found", type, sa); -+ msg = send_reply(this, "%s config '%s' not found", type, sa); -+ goto ret; - } -- switch (charon->controller->initiate(charon->controller, peer_cfg, child_cfg, -- log_cb, &log, log.level, timeout, limits)) -+ switch (charon->controller->initiate(charon->controller, -+ peer_cfg, child_cfg, -+ my_host, other_host, -+ log_cb, &log, log.level, timeout, limits)) - { - case SUCCESS: -- return send_reply(this, NULL); -+ msg = send_reply(this, NULL); -+ break; - case OUT_OF_RES: -- return send_reply(this, "%s '%s' not established after %dms", type, -+ msg = send_reply(this, "%s '%s' not established after %dms", type, - sa, timeout); -+ break; - case INVALID_STATE: -- return send_reply(this, "establishing %s '%s' not possible at the " -+ msg = send_reply(this, "establishing %s '%s' not possible at the " - "moment due to limits", type, sa); -+ break; - case FAILED: - default: -- return send_reply(this, "establishing %s '%s' failed", type, sa); -+ msg = send_reply(this, "establishing %s '%s' failed", type, sa); -+ break; - } -+ret: -+ if (my_host) my_host->destroy(my_host); -+ if (other_host) other_host->destroy(other_host); -+ return msg; - } - - /** -diff --git a/src/libcharon/processing/jobs/start_action_job.c b/src/libcharon/processing/jobs/start_action_job.c -index 122e5ce..dec458c 100644 ---- a/src/libcharon/processing/jobs/start_action_job.c -+++ b/src/libcharon/processing/jobs/start_action_job.c -@@ -84,7 +84,7 @@ METHOD(job_t, execute, job_requeue_t, - charon->controller->initiate(charon->controller, - peer_cfg->get_ref(peer_cfg), - child_cfg->get_ref(child_cfg), -- NULL, NULL, 0, 0, FALSE); -+ NULL, NULL, NULL, NULL, 0, 0, FALSE); - } - } - children->destroy(children); -diff --git a/src/libcharon/sa/ike_sa_manager.c b/src/libcharon/sa/ike_sa_manager.c -index fc31c2a..51e28bc 100644 ---- a/src/libcharon/sa/ike_sa_manager.c -+++ b/src/libcharon/sa/ike_sa_manager.c -@@ -16,6 +16,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include <string.h> - #include <inttypes.h> - -@@ -1497,7 +1519,8 @@ typedef struct { - } config_entry_t; - - METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, -- private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg) -+ private_ike_sa_manager_t *this, peer_cfg_t *peer_cfg, -+ host_t *my_host, host_t *other_host) - { - enumerator_t *enumerator; - entry_t *entry; -@@ -1508,7 +1531,17 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - u_int segment; - int i; - -- DBG2(DBG_MGR, "checkout IKE_SA by config"); -+ if (my_host && my_host->get_port(my_host) == 0) -+ { -+ my_host->set_port(my_host, IKEV2_UDP_PORT); -+ } -+ if (other_host && other_host->get_port(other_host) == 0) -+ { -+ other_host->set_port(other_host, IKEV2_UDP_PORT); -+ } -+ -+ DBG2(DBG_MGR, "checkout IKE_SA by config '%s', me %H, other %H", -+ peer_cfg->get_name(peer_cfg), my_host, other_host); - - if (!this->reuse_ikesa && peer_cfg->get_ike_version(peer_cfg) != IKEV1) - { /* IKE_SA reuse disabled by config (not possible for IKEv1) */ -@@ -1566,6 +1599,15 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - continue; - } - -+ if (my_host && !my_host->ip_equals(my_host, entry->ike_sa->get_my_host(entry->ike_sa))) -+ { -+ continue; -+ } -+ if (other_host && !other_host->ip_equals(other_host, entry->ike_sa->get_other_host(entry->ike_sa))) -+ { -+ continue; -+ } -+ - current_peer = entry->ike_sa->get_peer_cfg(entry->ike_sa); - if (current_peer && current_peer->equals(current_peer, peer_cfg)) - { -@@ -1592,6 +1634,10 @@ METHOD(ike_sa_manager_t, checkout_by_config, ike_sa_t*, - { - ike_sa->set_peer_cfg(ike_sa, peer_cfg); - checkout_new(this, ike_sa); -+ if (my_host || other_host) -+ { -+ ike_sa->update_hosts(ike_sa, my_host, other_host, TRUE); -+ } - } - } - charon->bus->set_sa(charon->bus, ike_sa); -diff --git a/src/libcharon/sa/ike_sa_manager.h b/src/libcharon/sa/ike_sa_manager.h -index 004cc22..50f8246 100644 ---- a/src/libcharon/sa/ike_sa_manager.h -+++ b/src/libcharon/sa/ike_sa_manager.h -@@ -123,7 +123,8 @@ struct ike_sa_manager_t { - ike_sa_t* (*checkout_by_message) (ike_sa_manager_t* this, message_t *message); - - /** -- * Checkout an IKE_SA for initiation by a peer_config. -+ * Checkout an IKE_SA for initiation by a peer_config and optional -+ * source and remote host addresses. - * - * To initiate, a CHILD_SA may be established within an existing IKE_SA. - * This call checks for an existing IKE_SA by comparing the configuration. -@@ -136,9 +137,12 @@ struct ike_sa_manager_t { - * @note The peer_config is always set on the returned IKE_SA. - * - * @param peer_cfg configuration used to find an existing IKE_SA -+ * @param my_host source host address for wildcard peer_cfg -+ * @param other_host remote host address for wildcard peer_cfg - * @return checked out/created IKE_SA - */ -- ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg); -+ ike_sa_t *(*checkout_by_config)(ike_sa_manager_t* this, peer_cfg_t *peer_cfg, -+ host_t *my_host, host_t *other_host); - - /** - * Reset initiator SPI. -diff --git a/src/libcharon/sa/trap_manager.c b/src/libcharon/sa/trap_manager.c -index d8d8a42..e7c906e 100644 ---- a/src/libcharon/sa/trap_manager.c -+++ b/src/libcharon/sa/trap_manager.c -@@ -523,7 +523,7 @@ METHOD(trap_manager_t, acquire, void, - peer_cfg_t *peer; - child_cfg_t *child; - ike_sa_t *ike_sa; -- host_t *host; -+ host_t *host, *my_host = NULL, *other_host = NULL; - bool wildcard, ignore = FALSE; - - this->lock->read_lock(this->lock); -@@ -600,37 +600,27 @@ METHOD(trap_manager_t, acquire, void, - this->lock->unlock(this->lock); - - if (wildcard) -- { /* the peer config would match IKE_SAs with other peers */ -- ike_sa = charon->ike_sa_manager->create_new(charon->ike_sa_manager, -- peer->get_ike_version(peer), TRUE); -- if (ike_sa) -- { -- ike_cfg_t *ike_cfg; -- uint16_t port; -- uint8_t mask; -- -- ike_sa->set_peer_cfg(ike_sa, peer); -- ike_cfg = ike_sa->get_ike_cfg(ike_sa); -- -- port = ike_cfg->get_other_port(ike_cfg); -- data->dst->to_subnet(data->dst, &host, &mask); -- host->set_port(host, port); -- ike_sa->set_other_host(ike_sa, host); -- -- port = ike_cfg->get_my_port(ike_cfg); -- data->src->to_subnet(data->src, &host, &mask); -- host->set_port(host, port); -- ike_sa->set_my_host(ike_sa, host); -- -- charon->bus->set_sa(charon->bus, ike_sa); -- } -- } -- else - { -- ike_sa = charon->ike_sa_manager->checkout_by_config( -- charon->ike_sa_manager, peer); -+ ike_cfg_t *ike_cfg; -+ uint16_t port; -+ uint8_t mask; -+ -+ ike_cfg = peer->get_ike_cfg(peer); -+ -+ port = ike_cfg->get_other_port(ike_cfg); -+ data->dst->to_subnet(data->dst, &other_host, &mask); -+ other_host->set_port(other_host, port); -+ -+ port = ike_cfg->get_my_port(ike_cfg); -+ data->src->to_subnet(data->src, &my_host, &mask); -+ my_host->set_port(my_host, port); - } -+ ike_sa = charon->ike_sa_manager->checkout_by_config( -+ charon->ike_sa_manager, peer, -+ my_host, other_host); - peer->destroy(peer); -+ DESTROY_IF(my_host); -+ DESTROY_IF(other_host); - - if (ike_sa) - { -diff --git a/src/swanctl/commands/initiate.c b/src/swanctl/commands/initiate.c -index e0fffb9..dcaded5 100644 ---- a/src/swanctl/commands/initiate.c -+++ b/src/swanctl/commands/initiate.c -@@ -14,6 +14,28 @@ - * for more details. - */ - -+/* -+ * Copyright (C) 2014 Timo Teräs <timo.teras@iki.fi> -+ * -+ * Permission is hereby granted, free of charge, to any person obtaining a copy -+ * of this software and associated documentation files (the "Software"), to deal -+ * in the Software without restriction, including without limitation the rights -+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -+ * copies of the Software, and to permit persons to whom the Software is -+ * furnished to do so, subject to the following conditions: -+ * -+ * The above copyright notice and this permission notice shall be included in -+ * all copies or substantial portions of the Software. -+ * -+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -+ * THE SOFTWARE. -+ */ -+ - #include "command.h" - - #include <errno.h> -@@ -38,7 +60,7 @@ static int initiate(vici_conn_t *conn) - vici_req_t *req; - vici_res_t *res; - command_format_options_t format = COMMAND_FORMAT_NONE; -- char *arg, *child = NULL, *ike = NULL; -+ char *arg, *child = NULL, *ike = NULL, *my_host = NULL, *other_host = NULL; - int ret = 0, timeout = 0, level = 1; - - while (TRUE) -@@ -65,6 +87,12 @@ static int initiate(vici_conn_t *conn) - case 'l': - level = atoi(arg); - continue; -+ case 'S': -+ my_host = arg; -+ continue; -+ case 'R': -+ other_host = arg; -+ continue; - case EOF: - break; - default: -@@ -88,6 +116,14 @@ static int initiate(vici_conn_t *conn) - { - vici_add_key_valuef(req, "ike", "%s", ike); - } -+ if (my_host) -+ { -+ vici_add_key_valuef(req, "my-host", "%s", my_host); -+ } -+ if (other_host) -+ { -+ vici_add_key_valuef(req, "other-host", "%s", other_host); -+ } - if (timeout) - { - vici_add_key_valuef(req, "timeout", "%d", timeout * 1000); -@@ -134,6 +170,8 @@ static void __attribute__ ((constructor))reg() - {"help", 'h', 0, "show usage information"}, - {"child", 'c', 1, "initiate a CHILD_SA configuration"}, - {"ike", 'i', 1, "initiate an IKE_SA, or name of child's parent"}, -+ {"source", 'S', 1, "override source address"}, -+ {"remote", 'R', 1, "override remote address"}, - {"timeout", 't', 1, "timeout in seconds before detaching"}, - {"raw", 'r', 0, "dump raw response message"}, - {"pretty", 'P', 0, "dump raw response message in pretty print"}, diff --git a/packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch b/packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch deleted file mode 100644 index 13e657e9..00000000 --- a/packages/strongswan/patches/0002-vici-send-certificates-for-ike-sa-events.patch +++ /dev/null @@ -1,140 +0,0 @@ -From 39d537b875e907c63a54d5de8ba6d2ea0ede4604 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:42:05 +0300 -Subject: [PATCH 2/3] vici: send certificates for ike-sa events -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/libcharon/plugins/vici/vici_query.c | 50 +++++++++++++++++++++---- - 1 file changed, 42 insertions(+), 8 deletions(-) - -diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index bacb7b101..19acc0789 100644 ---- a/src/libcharon/plugins/vici/vici_query.c -+++ b/src/libcharon/plugins/vici/vici_query.c -@@ -402,7 +402,7 @@ static void list_vips(private_vici_query_t *this, vici_builder_t *b, - * List details of an IKE_SA - */ - static void list_ike(private_vici_query_t *this, vici_builder_t *b, -- ike_sa_t *ike_sa, time_t now) -+ ike_sa_t *ike_sa, time_t now, bool add_certs) - { - time_t t; - ike_sa_id_t *id; -@@ -411,6 +411,8 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, - uint32_t if_id; - uint16_t alg, ks; - host_t *host; -+ auth_cfg_t *auth_cfg; -+ enumerator_t *enumerator; - - b->add_kv(b, "uniqueid", "%u", ike_sa->get_unique_id(ike_sa)); - b->add_kv(b, "version", "%u", ike_sa->get_version(ike_sa)); -@@ -420,11 +422,43 @@ static void list_ike(private_vici_query_t *this, vici_builder_t *b, - b->add_kv(b, "local-host", "%H", host); - b->add_kv(b, "local-port", "%d", host->get_port(host)); - b->add_kv(b, "local-id", "%Y", ike_sa->get_my_id(ike_sa)); -+ if (add_certs) -+ { -+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, TRUE); -+ if (enumerator->enumerate(enumerator, &auth_cfg)) -+ { -+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT); -+ chunk_t encoding; -+ -+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) -+ { -+ b->add(b, VICI_KEY_VALUE, "local-cert-data", encoding); -+ free(encoding.ptr); -+ } -+ } -+ enumerator->destroy(enumerator); -+ } - - host = ike_sa->get_other_host(ike_sa); - b->add_kv(b, "remote-host", "%H", host); - b->add_kv(b, "remote-port", "%d", host->get_port(host)); - b->add_kv(b, "remote-id", "%Y", ike_sa->get_other_id(ike_sa)); -+ if (add_certs) -+ { -+ enumerator = ike_sa->create_auth_cfg_enumerator(ike_sa, FALSE); -+ if (enumerator->enumerate(enumerator, &auth_cfg)) -+ { -+ certificate_t *cert = auth_cfg->get(auth_cfg, AUTH_RULE_SUBJECT_CERT); -+ chunk_t encoding; -+ -+ if (cert && cert->get_encoding(cert, CERT_ASN1_DER, &encoding)) -+ { -+ b->add(b, VICI_KEY_VALUE, "remote-cert-data", encoding); -+ free(encoding.ptr); -+ } -+ } -+ enumerator->destroy(enumerator); -+ } - - eap = ike_sa->get_other_eap_id(ike_sa); - -@@ -556,7 +590,7 @@ CALLBACK(list_sas, vici_message_t*, - b = vici_builder_create(); - b->begin_section(b, ike_sa->get_name(ike_sa)); - -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - - b->begin_section(b, "child-sas"); - csas = ike_sa->create_child_sa_enumerator(ike_sa); -@@ -1774,7 +1808,7 @@ METHOD(listener_t, ike_updown, bool, - } - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, up); - b->end_section(b); - - this->dispatcher->raise_event(this->dispatcher, -@@ -1799,10 +1833,10 @@ METHOD(listener_t, ike_rekey, bool, - b = vici_builder_create(); - b->begin_section(b, old->get_name(old)); - b->begin_section(b, "old"); -- list_ike(this, b, old, now); -+ list_ike(this, b, old, now, TRUE); - b->end_section(b); - b->begin_section(b, "new"); -- list_ike(this, b, new, now); -+ list_ike(this, b, new, now, TRUE); - b->end_section(b); - b->end_section(b); - -@@ -1833,7 +1867,7 @@ METHOD(listener_t, ike_update, bool, - b->add_kv(b, "remote-port", "%d", remote->get_port(remote)); - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - b->end_section(b); - - this->dispatcher->raise_event(this->dispatcher, -@@ -1863,7 +1897,7 @@ METHOD(listener_t, child_updown, bool, - } - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, up); - b->begin_section(b, "child-sas"); - - snprintf(buf, sizeof(buf), "%s-%u", child_sa->get_name(child_sa), -@@ -1898,7 +1932,7 @@ METHOD(listener_t, child_rekey, bool, - b = vici_builder_create(); - - b->begin_section(b, ike_sa->get_name(ike_sa)); -- list_ike(this, b, ike_sa, now); -+ list_ike(this, b, ike_sa, now, TRUE); - b->begin_section(b, "child-sas"); - - b->begin_section(b, old->get_name(old)); --- -2.38.1 - diff --git a/packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch b/packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch deleted file mode 100644 index 45aadc72..00000000 --- a/packages/strongswan/patches/0003-vici-add-support-for-individual-sa-state-changes.patch +++ /dev/null @@ -1,159 +0,0 @@ -From df6b501ed29b838efde0f1cb1c906ab9befc7b45 Mon Sep 17 00:00:00 2001 -From: =?UTF-8?q?Timo=20Ter=C3=A4s?= <timo.teras@iki.fi> -Date: Mon, 21 Sep 2015 13:42:11 +0300 -Subject: [PATCH 3/3] vici: add support for individual sa state changes -MIME-Version: 1.0 -Content-Type: text/plain; charset=UTF-8 -Content-Transfer-Encoding: 8bit - -Useful for monitoring and tracking full SA. - -Signed-off-by: Timo Teräs <timo.teras@iki.fi> ---- - src/libcharon/plugins/vici/vici_query.c | 105 ++++++++++++++++++++++++ - 1 file changed, 105 insertions(+) - -diff --git a/src/libcharon/plugins/vici/vici_query.c b/src/libcharon/plugins/vici/vici_query.c -index 19acc0789..e008885f7 100644 ---- a/src/libcharon/plugins/vici/vici_query.c -+++ b/src/libcharon/plugins/vici/vici_query.c -@@ -1774,8 +1774,16 @@ static void manage_commands(private_vici_query_t *this, bool reg) - this->dispatcher->manage_event(this->dispatcher, "ike-updown", reg); - this->dispatcher->manage_event(this->dispatcher, "ike-rekey", reg); - this->dispatcher->manage_event(this->dispatcher, "ike-update", reg); -+ this->dispatcher->manage_event(this->dispatcher, "ike-state-established", reg); -+ this->dispatcher->manage_event(this->dispatcher, "ike-state-destroying", reg); - this->dispatcher->manage_event(this->dispatcher, "child-updown", reg); - this->dispatcher->manage_event(this->dispatcher, "child-rekey", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-installing", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-installed", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-updating", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-rekeying", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-rekeyed", reg); -+ this->dispatcher->manage_event(this->dispatcher, "child-state-destroying", reg); - manage_command(this, "list-sas", list_sas, reg); - manage_command(this, "list-policies", list_policies, reg); - manage_command(this, "list-conns", list_conns, reg); -@@ -1876,6 +1884,45 @@ METHOD(listener_t, ike_update, bool, - return TRUE; - } - -+METHOD(listener_t, ike_state_change, bool, -+ private_vici_query_t *this, ike_sa_t *ike_sa, ike_sa_state_t state) -+{ -+ char *event; -+ vici_builder_t *b; -+ time_t now; -+ -+ switch (state) -+ { -+ case IKE_ESTABLISHED: -+ event = "ike-state-established"; -+ break; -+ case IKE_DESTROYING: -+ event = "ike-state-destroying"; -+ break; -+ default: -+ return TRUE; -+ } -+ -+ if (!this->dispatcher->has_event_listeners(this->dispatcher, event)) -+ { -+ return TRUE; -+ } -+ -+ now = time_monotonic(NULL); -+ -+ b = vici_builder_create(); -+ b->begin_section(b, ike_sa->get_name(ike_sa)); -+ list_ike(this, b, ike_sa, now, state != IKE_DESTROYING); -+ b->begin_section(b, "child-sas"); -+ b->end_section(b); -+ b->end_section(b); -+ -+ this->dispatcher->raise_event(this->dispatcher, -+ event, 0, b->finalize(b)); -+ -+ return TRUE; -+} -+ - METHOD(listener_t, child_updown, bool, - private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, bool up) - { -@@ -1955,6 +2002,62 @@ METHOD(listener_t, child_rekey, bool, - return TRUE; - } - -+METHOD(listener_t, child_state_change, bool, -+ private_vici_query_t *this, ike_sa_t *ike_sa, child_sa_t *child_sa, child_sa_state_t state) -+{ -+ char *event; -+ vici_builder_t *b; -+ time_t now; -+ -+ switch (state) -+ { -+ case CHILD_INSTALLING: -+ event = "child-state-installing"; -+ break; -+ case CHILD_INSTALLED: -+ event = "child-state-installed"; -+ break; -+ case CHILD_UPDATING: -+ event = "child-state-updating"; -+ break; -+ case CHILD_REKEYING: -+ event = "child-state-rekeying"; -+ break; -+ case CHILD_REKEYED: -+ event = "child-state-rekeyed"; -+ break; -+ case CHILD_DESTROYING: -+ event = "child-state-destroying"; -+ break; -+ default: -+ return TRUE; -+ } -+ -+ if (!this->dispatcher->has_event_listeners(this->dispatcher, event)) -+ { -+ return TRUE; -+ } -+ -+ now = time_monotonic(NULL); -+ -+ b = vici_builder_create(); -+ b->begin_section(b, ike_sa->get_name(ike_sa)); -+ list_ike(this, b, ike_sa, now, state != CHILD_DESTROYING); -+ b->begin_section(b, "child-sas"); -+ -+ b->begin_section(b, child_sa->get_name(child_sa)); -+ list_child(this, b, child_sa, now); -+ b->end_section(b); -+ -+ b->end_section(b); -+ b->end_section(b); -+ -+ this->dispatcher->raise_event(this->dispatcher, -+ event, 0, b->finalize(b)); -+ -+ return TRUE; -+} -+ - METHOD(vici_query_t, destroy, void, - private_vici_query_t *this) - { -@@ -1975,8 +2078,10 @@ vici_query_t *vici_query_create(vici_dispatcher_t *dispatcher) - .ike_updown = _ike_updown, - .ike_rekey = _ike_rekey, - .ike_update = _ike_update, -+ .ike_state_change = _ike_state_change, - .child_updown = _child_updown, - .child_rekey = _child_rekey, -+ .child_state_change = _child_state_change, - }, - .destroy = _destroy, - }, --- -2.38.1 - diff --git a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch b/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch deleted file mode 100644 index 57a622e8..00000000 --- a/packages/strongswan/patches/0004-VyOS-disable-options-enabled-by-Debian-that-are-unus.patch +++ /dev/null @@ -1,115 +0,0 @@ -From ee6c0b3ff6e3df5c7aef628621e19a813ff308ed Mon Sep 17 00:00:00 2001 -From: Christian Poessinger <christian@poessinger.com> -Date: Tue, 27 Dec 2022 13:36:43 +0000 -Subject: [PATCH] VyOS: disable options enabled by Debian that are unused - -VyOS does not implement CLI options for all options exposed by Debian. - -The following options need to be disabled for the DMVPN patchset: - - mediation - - nm - -In addition we have no LED, LDAP and SQL configuration knows, thus we spare -the plugins. ---- - debian/libcharon-extra-plugins.install | 3 --- - debian/libstrongswan-extra-plugins.install | 3 --- - debian/rules | 11 ++++++++++- - debian/strongswan-nm.install | 2 -- - 4 files changed, 10 insertions(+), 9 deletions(-) - -diff --git a/debian/libcharon-extra-plugins.install b/debian/libcharon-extra-plugins.install -index 94fbabd88..068708ecb 100644 ---- a/debian/libcharon-extra-plugins.install -+++ b/debian/libcharon-extra-plugins.install -@@ -13,7 +13,6 @@ usr/lib/ipsec/plugins/libstrongswan-error-notify.so - usr/lib/ipsec/plugins/libstrongswan-forecast.so - usr/lib/ipsec/plugins/libstrongswan-ha.so - usr/lib/ipsec/plugins/libstrongswan-kernel-libipsec.so --usr/lib/ipsec/plugins/libstrongswan-led.so - usr/lib/ipsec/plugins/libstrongswan-lookip.so - #usr/lib/ipsec/plugins/libstrongswan-medsrv.so - #usr/lib/ipsec/plugins/libstrongswan-medcli.so -@@ -36,7 +35,6 @@ usr/share/strongswan/templates/config/plugins/error-notify.conf - usr/share/strongswan/templates/config/plugins/forecast.conf - usr/share/strongswan/templates/config/plugins/ha.conf - usr/share/strongswan/templates/config/plugins/kernel-libipsec.conf --usr/share/strongswan/templates/config/plugins/led.conf - usr/share/strongswan/templates/config/plugins/lookip.conf - #usr/share/strongswan/templates/config/plugins/medsrv.conf - #usr/share/strongswan/templates/config/plugins/medcli.conf -@@ -60,7 +58,6 @@ etc/strongswan.d/charon/error-notify.conf - etc/strongswan.d/charon/forecast.conf - etc/strongswan.d/charon/ha.conf - etc/strongswan.d/charon/kernel-libipsec.conf --etc/strongswan.d/charon/led.conf - etc/strongswan.d/charon/lookip.conf - #etc/strongswan.d/charon/medsrv.conf - #etc/strongswan.d/charon/medcli.conf -diff --git a/debian/libstrongswan-extra-plugins.install b/debian/libstrongswan-extra-plugins.install -index 2846e2155..00cd0a146 100644 ---- a/debian/libstrongswan-extra-plugins.install -+++ b/debian/libstrongswan-extra-plugins.install -@@ -8,7 +8,6 @@ usr/lib/ipsec/plugins/libstrongswan-ctr.so - usr/lib/ipsec/plugins/libstrongswan-curl.so - usr/lib/ipsec/plugins/libstrongswan-curve25519.so - usr/lib/ipsec/plugins/libstrongswan-gcrypt.so --usr/lib/ipsec/plugins/libstrongswan-ldap.so - usr/lib/ipsec/plugins/libstrongswan-pkcs11.so - usr/lib/ipsec/plugins/libstrongswan-test-vectors.so - usr/lib/ipsec/plugins/libstrongswan-tpm.so -@@ -20,7 +19,6 @@ usr/share/strongswan/templates/config/plugins/ctr.conf - usr/share/strongswan/templates/config/plugins/curl.conf - usr/share/strongswan/templates/config/plugins/curve25519.conf - usr/share/strongswan/templates/config/plugins/gcrypt.conf --usr/share/strongswan/templates/config/plugins/ldap.conf - usr/share/strongswan/templates/config/plugins/pkcs11.conf - usr/share/strongswan/templates/config/plugins/test-vectors.conf - usr/share/strongswan/templates/config/plugins/tpm.conf -@@ -31,7 +29,6 @@ etc/strongswan.d/charon/ctr.conf - etc/strongswan.d/charon/curl.conf - etc/strongswan.d/charon/curve25519.conf - etc/strongswan.d/charon/gcrypt.conf --etc/strongswan.d/charon/ldap.conf - etc/strongswan.d/charon/pkcs11.conf - etc/strongswan.d/charon/test-vectors.conf - etc/strongswan.d/charon/tpm.conf -diff --git a/debian/rules b/debian/rules -index 2fed1f10f..fa0d21a0c 100755 ---- a/debian/rules -+++ b/debian/rules -@@ -3,6 +3,15 @@ export DEB_LDFLAGS_MAINT_APPEND=-Wl,-O1 - #export DEB_LDFLAGS_MAINT_APPEND=-Wl,--as-needed -Wl,-O1 -Wl,-z,defs - export DEB_BUILD_MAINT_OPTIONS=hardening=+all - -+CONFIGUREARGS_VYOS := --disable-warnings \ -+ --disable-ldap \ -+ --disable-led \ -+ --disable-nm \ -+ --disable-mediation \ -+ --disable-mysql \ -+ --disable-sqlite \ -+ --disable-sql -+ - CONFIGUREARGS := --libdir=/usr/lib --libexecdir=/usr/lib \ - --enable-addrblock \ - --enable-agent \ -@@ -88,7 +97,7 @@ ifeq ($(DEB_HOST_ARCH_OS),kfreebsd) - deb_systemdsystemunitdir = $(shell pkg-config --variable=systemdsystemunitdir systemd | sed s,^/,,) - - override_dh_auto_configure: -- dh_auto_configure -- $(CONFIGUREARGS) -+ dh_auto_configure -- $(CONFIGUREARGS) $(CONFIGUREARGS_VYOS) - - override_dh_auto_clean: - dh_auto_clean -diff --git a/debian/strongswan-nm.install b/debian/strongswan-nm.install -index b0c05d94f..e69de29bb 100644 ---- a/debian/strongswan-nm.install -+++ b/debian/strongswan-nm.install -@@ -1,2 +0,0 @@ --usr/lib/ipsec/charon-nm --usr/share/dbus-1/system.d/nm-strongswan-service.conf --- -2.30.2 - diff --git a/packages/telegraf/.gitignore b/packages/telegraf/.gitignore deleted file mode 100644 index 7e284c4f..00000000 --- a/packages/telegraf/.gitignore +++ /dev/null @@ -1 +0,0 @@ -telegraf/ diff --git a/packages/telegraf/Jenkinsfile b/packages/telegraf/Jenkinsfile deleted file mode 100644 index 873d3842..00000000 --- a/packages/telegraf/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -// NOTE: we can build with -d as the libbpf dependency is installed manually -// and not via a DEB package -def pkgList = [ - ['name': 'telegraf', - 'scmCommit': 'v1.28.3', - 'scmUrl': 'https://github.com/influxdata/telegraf.git', - 'buildCmd': 'cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('telegraf', pkgList, null, false, "**/packages/telegraf/**") diff --git a/packages/telegraf/build.sh b/packages/telegraf/build.sh deleted file mode 100755 index 2ba511d0..00000000 --- a/packages/telegraf/build.sh +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -BUILD_ARCH=$(dpkg-architecture -qDEB_TARGET_ARCH) - -SRC=telegraf -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PLUGIN_DIR=${CWD}/plugins - -echo "I: Selecting Input plugins" -cp ${PLUGIN_DIR}/inputs/all/all.go ${SRC}/plugins/inputs/all/all.go - -echo "I: Selecting Output plugins" -cp ${PLUGIN_DIR}/outputs/all/all.go ${SRC}/plugins/outputs/all/all.go - -echo "I: Build Debian ${BUILD_ARCH} package" -cd ${SRC} -export PATH=/opt/go/bin:$PATH - -# Generate default telegraf config -go run ./cmd/telegraf config > etc/telegraf.conf -LDFLAGS=-w make "${BUILD_ARCH}.deb" diff --git a/packages/telegraf/plugins/inputs/all/all.go b/packages/telegraf/plugins/inputs/all/all.go deleted file mode 100644 index 8265681b..00000000 --- a/packages/telegraf/plugins/inputs/all/all.go +++ /dev/null @@ -1,72 +0,0 @@ -package all - -import ( - //Blank imports for plugins to register themselves - _ "github.com/influxdata/telegraf/plugins/inputs/azure_storage_queue" - _ "github.com/influxdata/telegraf/plugins/inputs/bond" - _ "github.com/influxdata/telegraf/plugins/inputs/cgroup" - _ "github.com/influxdata/telegraf/plugins/inputs/chrony" - _ "github.com/influxdata/telegraf/plugins/inputs/conntrack" - _ "github.com/influxdata/telegraf/plugins/inputs/cpu" - _ "github.com/influxdata/telegraf/plugins/inputs/disk" - _ "github.com/influxdata/telegraf/plugins/inputs/diskio" - _ "github.com/influxdata/telegraf/plugins/inputs/disque" - _ "github.com/influxdata/telegraf/plugins/inputs/dmcache" - _ "github.com/influxdata/telegraf/plugins/inputs/dns_query" - _ "github.com/influxdata/telegraf/plugins/inputs/docker" - _ "github.com/influxdata/telegraf/plugins/inputs/docker_log" - _ "github.com/influxdata/telegraf/plugins/inputs/ethtool" - _ "github.com/influxdata/telegraf/plugins/inputs/exec" - _ "github.com/influxdata/telegraf/plugins/inputs/execd" - _ "github.com/influxdata/telegraf/plugins/inputs/file" - _ "github.com/influxdata/telegraf/plugins/inputs/filecount" - _ "github.com/influxdata/telegraf/plugins/inputs/filestat" - _ "github.com/influxdata/telegraf/plugins/inputs/fireboard" - _ "github.com/influxdata/telegraf/plugins/inputs/hddtemp" - _ "github.com/influxdata/telegraf/plugins/inputs/hugepages" - _ "github.com/influxdata/telegraf/plugins/inputs/influxdb" - _ "github.com/influxdata/telegraf/plugins/inputs/influxdb_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/influxdb_v2_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/intel_pmu" - _ "github.com/influxdata/telegraf/plugins/inputs/intel_powerstat" - _ "github.com/influxdata/telegraf/plugins/inputs/intel_rdt" - _ "github.com/influxdata/telegraf/plugins/inputs/internal" - _ "github.com/influxdata/telegraf/plugins/inputs/internet_speed" - _ "github.com/influxdata/telegraf/plugins/inputs/interrupts" - _ "github.com/influxdata/telegraf/plugins/inputs/ipmi_sensor" - _ "github.com/influxdata/telegraf/plugins/inputs/ipset" - _ "github.com/influxdata/telegraf/plugins/inputs/iptables" - _ "github.com/influxdata/telegraf/plugins/inputs/ipvs" - _ "github.com/influxdata/telegraf/plugins/inputs/kernel" - _ "github.com/influxdata/telegraf/plugins/inputs/kernel_vmstat" - _ "github.com/influxdata/telegraf/plugins/inputs/mdstat" - _ "github.com/influxdata/telegraf/plugins/inputs/mem" - _ "github.com/influxdata/telegraf/plugins/inputs/net" - _ "github.com/influxdata/telegraf/plugins/inputs/netstat" - _ "github.com/influxdata/telegraf/plugins/inputs/nstat" - _ "github.com/influxdata/telegraf/plugins/inputs/ping" - _ "github.com/influxdata/telegraf/plugins/inputs/powerdns_recursor" - _ "github.com/influxdata/telegraf/plugins/inputs/processes" - _ "github.com/influxdata/telegraf/plugins/inputs/procstat" - _ "github.com/influxdata/telegraf/plugins/inputs/sensors" - _ "github.com/influxdata/telegraf/plugins/inputs/sflow" - _ "github.com/influxdata/telegraf/plugins/inputs/slab" - _ "github.com/influxdata/telegraf/plugins/inputs/smart" - _ "github.com/influxdata/telegraf/plugins/inputs/snmp" - _ "github.com/influxdata/telegraf/plugins/inputs/snmp_legacy" - _ "github.com/influxdata/telegraf/plugins/inputs/snmp_trap" - _ "github.com/influxdata/telegraf/plugins/inputs/socket_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/socketstat" - _ "github.com/influxdata/telegraf/plugins/inputs/syslog" - _ "github.com/influxdata/telegraf/plugins/inputs/sysstat" - _ "github.com/influxdata/telegraf/plugins/inputs/system" - _ "github.com/influxdata/telegraf/plugins/inputs/systemd_units" - _ "github.com/influxdata/telegraf/plugins/inputs/tail" - _ "github.com/influxdata/telegraf/plugins/inputs/tcp_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/temp" - _ "github.com/influxdata/telegraf/plugins/inputs/twemproxy" - _ "github.com/influxdata/telegraf/plugins/inputs/udp_listener" - _ "github.com/influxdata/telegraf/plugins/inputs/wireguard" - _ "github.com/influxdata/telegraf/plugins/inputs/wireless" - _ "github.com/influxdata/telegraf/plugins/inputs/x509_cert" -) diff --git a/packages/telegraf/plugins/outputs/all/all.go b/packages/telegraf/plugins/outputs/all/all.go deleted file mode 100644 index 49f7e63d..00000000 --- a/packages/telegraf/plugins/outputs/all/all.go +++ /dev/null @@ -1,9 +0,0 @@ -package all - -import ( - //Blank imports for plugins to register themselves - _ "github.com/influxdata/telegraf/plugins/outputs/azure_data_explorer" - _ "github.com/influxdata/telegraf/plugins/outputs/http" - _ "github.com/influxdata/telegraf/plugins/outputs/influxdb_v2" - _ "github.com/influxdata/telegraf/plugins/outputs/prometheus_client" -) diff --git a/packages/waagent/Jenkinsfile b/packages/waagent/Jenkinsfile deleted file mode 100644 index 79415d71..00000000 --- a/packages/waagent/Jenkinsfile +++ /dev/null @@ -1,32 +0,0 @@ -// Copyright (C) 2024 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. - -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def package_name = 'waagent' -def pkgList = [ - ['name': "${package_name}", - 'scmCommit': 'debian/2.9.1.1-2', - 'scmUrl': 'https://salsa.debian.org/cloud-team/waagent.git', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; sudo apt-get install --yes --no-install-recommends dpkg-source-gitarchive; ../build.py'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage("${package_name}", pkgList, null, false, "**/packages/waagent/**") diff --git a/packages/waagent/build.py b/packages/waagent/build.py deleted file mode 100755 index 04f4791b..00000000 --- a/packages/waagent/build.py +++ /dev/null @@ -1,50 +0,0 @@ -#!/usr/bin/env python3 - -from pathlib import Path -from shutil import copy as copy_file -from subprocess import run - - -# copy patches -def apply_deb_patches() -> None: - """Apply patches to sources directory - """ - patches_dir = Path('../patches') - current_dir: str = Path.cwd().as_posix() - if patches_dir.exists(): - patches_list = list(patches_dir.iterdir()) - patches_list.sort() - Path(f'{current_dir}/debian/patches').mkdir(parents=True, exist_ok=True) - series_file = Path(f'{current_dir}/debian/patches/series') - series_data = '' - for patch_file in patches_list: - print(f'Applying patch: {patch_file.name}') - copy_file(patch_file, f'{current_dir}/debian/patches/') - if series_file.exists(): - series_data: str = series_file.read_text() - series_data = f'{series_data}\n{patch_file.name}' - series_file.write_text(series_data) - - -def build_package() -> bool: - """Build a package - - Returns: - bool: build status - """ - build_cmd: list[str] = ['dpkg-buildpackage', '-uc', '-us', '-tc', '-b'] - build_status: int = run(build_cmd).returncode - - if build_status: - return False - return True - - -# build a package -if __name__ == '__main__': - apply_deb_patches() - - if not build_package(): - exit(1) - - exit() diff --git a/packages/wide-dhcpv6/.gitignore b/packages/wide-dhcpv6/.gitignore deleted file mode 100644 index 5fd2ad64..00000000 --- a/packages/wide-dhcpv6/.gitignore +++ /dev/null @@ -1 +0,0 @@ -wide-dhcpv6/ diff --git a/packages/wide-dhcpv6/Jenkinsfile b/packages/wide-dhcpv6/Jenkinsfile deleted file mode 100644 index 83954d97..00000000 --- a/packages/wide-dhcpv6/Jenkinsfile +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright (C) 2020-2021 VyOS maintainers and contributors -// -// This program is free software; you can redistribute it and/or modify -// in order to easy exprort images built to "external" world -// it under the terms of the GNU General Public License version 2 or later as -// published by the Free Software Foundation. -// -// This program is distributed in the hope that it will be useful, -// but WITHOUT ANY WARRANTY; without even the implied warranty of -// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -// GNU General Public License for more details. -// -// You should have received a copy of the GNU General Public License -// along with this program. If not, see <http://www.gnu.org/licenses/>. -@NonCPS - -// Using a version specifier library, use 'current' branch. The underscore (_) -// is not a typo! You need this underscore if the line immediately after the -// @Library annotation is not an import statement! -@Library('vyos-build@current')_ - -def pkgList = [ - ['name': 'wide-dhcpv6', - 'scmCommit': 'debian/20080615-23', - 'scmUrl': 'https://salsa.debian.org/debian/wide-dhcpv6', - 'buildCmd': 'sudo mk-build-deps --install --tool "apt-get --yes --no-install-recommends"; cd ..; ./build.sh'], -] - -// Start package build using library function from https://github.com/vyos/vyos-build -buildPackage('wide-dhcpv6', pkgList, null, true, "**/packages/wide-dhcpv6/**") diff --git a/packages/wide-dhcpv6/build.sh b/packages/wide-dhcpv6/build.sh deleted file mode 100755 index 87cab92b..00000000 --- a/packages/wide-dhcpv6/build.sh +++ /dev/null @@ -1,23 +0,0 @@ -#!/bin/sh -CWD=$(pwd) -set -e - -SRC=wide-dhcpv6 -if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" - exit 1 -fi - -PATCH_DIR=${CWD}/patches -if [ -d $PATCH_DIR ]; then - for patch in $(ls ${PATCH_DIR}) - do - echo "I: Apply patch: ${patch} to main repository" - cp ${PATCH_DIR}/${patch} ${SRC}/debian/patches/ - echo ${patch} >> ${SRC}/debian/patches/series - done -fi - -cd ${SRC} -echo "I: Build Debian Package" -dpkg-buildpackage -uc -us -tc -b diff --git a/packages/wide-dhcpv6/patches/0023-dhcpc6-support-per-interface-client-DUIDs.patch b/packages/wide-dhcpv6/patches/0023-dhcpc6-support-per-interface-client-DUIDs.patch deleted file mode 100644 index c1e71f0c..00000000 --- a/packages/wide-dhcpv6/patches/0023-dhcpc6-support-per-interface-client-DUIDs.patch +++ /dev/null @@ -1,230 +0,0 @@ -From 1e4a9a7b61090043924f2aa9359dcbc9f5e11bfc Mon Sep 17 00:00:00 2001 -From: Brandon Stepler <brandon@stepler.net> -Date: Mon, 25 Jan 2021 14:18:57 +0000 -Subject: [PATCH] dhcpc6: support per-interface client DUIDs - ---- - cfparse.y | 13 +++++++++++-- - cftoken.l | 10 ++++++++++ - config.c | 27 +++++++++++++++++++++++++++ - config.h | 3 ++- - dhcp6c.c | 11 ++++++++--- - dhcp6c.conf.5 | 6 ++++++ - 6 files changed, 64 insertions(+), 6 deletions(-) - -diff --git a/cfparse.y b/cfparse.y -index 9e685f4..244987c 100644 ---- a/cfparse.y -+++ b/cfparse.y -@@ -116,6 +116,7 @@ static void cleanup_cflist __P((struct cf_list *)); - %token BCMCS_SERVERS BCMCS_NAME - %token INFO_ONLY - %token SCRIPT DELAYEDKEY -+%token CLIENT_ID CLIENT_ID_DUID - %token AUTHENTICATION PROTOCOL ALGORITHM DELAYED RECONFIG HMACMD5 MONOCOUNTER - %token AUTHNAME RDM KEY - %token KEYINFO REALM KEYID SECRET KEYNAME EXPIRE -@@ -134,8 +135,8 @@ static void cleanup_cflist __P((struct cf_list *)); - struct dhcp6_poolspec *pool; - } - --%type <str> IFNAME HOSTNAME AUTHNAME KEYNAME DUID_ID STRING QSTRING IAID --%type <str> POOLNAME PROFILENAME -+%type <str> IFNAME HOSTNAME CLIENT_ID_DUID AUTHNAME KEYNAME DUID_ID -+%type <str> STRING QSTRING IAID POOLNAME PROFILENAME - %type <num> NUMBER duration authproto authalg authrdm - %type <list> declaration declarations dhcpoption ifparam ifparams - %type <list> address_list address_list_ent dhcpoption_list -@@ -639,6 +640,14 @@ dhcpoption: - /* no value */ - $$ = l; - } -+ | CLIENT_ID CLIENT_ID_DUID -+ { -+ struct cf_list *l; -+ -+ MAKE_CFLIST(l, DHCPOPT_CLIENT_ID, NULL, NULL); -+ l->ptr = $2; -+ $$ = l; -+ } - | AUTHENTICATION AUTHNAME - { - struct cf_list *l; -diff --git a/cftoken.l b/cftoken.l -index e266ac2..d7edd1f 100644 ---- a/cftoken.l -+++ b/cftoken.l -@@ -119,6 +119,7 @@ ecl \} - %s S_HOST - %s S_DUID - %s S_IA -+%s S_CID - %s S_AUTH - %s S_KEY - %s S_SECRET -@@ -249,6 +250,15 @@ ecl \} - /* duration */ - <S_CNF>infinity { DECHO; return (INFINITY); } - -+ /* client-id option */ -+<S_CNF>client-id { DECHO; BEGIN S_CID; return (CLIENT_ID); } -+<S_CID>{duid} { -+ DECHO; -+ yylval.str = strdup(yytext); -+ BEGIN S_CNF; -+ return (CLIENT_ID_DUID); -+} -+ - /* authentication option */ - <S_CNF>authentication { DECHO; BEGIN S_AUTH; return (AUTHENTICATION); } - <S_AUTH>{string} { -diff --git a/config.c b/config.c -index 70f6287..0cbe631 100644 ---- a/config.c -+++ b/config.c -@@ -100,6 +100,7 @@ struct dhcp6_ifconf { - struct dhcp6_ifconf *next; - - char *ifname; -+ struct duid duid; - - /* configuration flags */ - u_long send_flags; -@@ -1366,6 +1367,7 @@ configure_commit() - /* commit interface configuration */ - for (ifp = dhcp6_if; ifp; ifp = ifp->next) { - /* re-initialization */ -+ duidfree(&ifp->duid); - ifp->send_flags = 0; - ifp->allow_flags = 0; - dhcp6_clear_list(&ifp->reqopt_list); -@@ -1395,6 +1397,8 @@ configure_commit() - } - - /* copy new configuration */ -+ ifp->duid = ifc->duid; -+ ifc->duid.duid_id = NULL; - ifp->send_flags = ifc->send_flags; - ifp->allow_flags = ifc->allow_flags; - dhcp6_copy_list(&ifp->reqopt_list, &ifc->reqopt_list); -@@ -1505,6 +1509,7 @@ clear_ifconf(iflist) - ifc_next = ifc->next; - - free(ifc->ifname); -+ duidfree(&ifc->duid); - dhcp6_clear_list(&ifc->reqopt_list); - - clear_iaconf(&ifc->iaconf_list); -@@ -1635,6 +1640,28 @@ add_options(opcode, ifc, cfl0) - return (-1); - } - break; -+ case DHCPOPT_CLIENT_ID: -+ if (opcode != DHCPOPTCODE_SEND) { -+ debug_printf(LOG_ERR, FNAME, -+ "invalid operation (%d) " -+ "for option type (%d)", -+ opcode, cfl->type); -+ return (-1); -+ } -+ if (ifc->duid.duid_id != NULL) { -+ debug_printf(LOG_ERR, FNAME, "%s:%d " -+ "client-id is doubly specified on %s", -+ configfilename, cfl->line, ifc->ifname); -+ return (-1); -+ } -+ if ((configure_duid((char *)cfl->ptr, -+ &ifc->duid)) != 0) { -+ debug_printf(LOG_ERR, FNAME, "%s:%d " -+ "failed to configure DUID for %s", -+ configfilename, cfl->line, ifc->ifname); -+ return (-1); -+ } -+ break; - case DHCPOPT_AUTHINFO: - if (opcode != DHCPOPTCODE_SEND) { - debug_printf(LOG_ERR, FNAME, -diff --git a/config.h b/config.h -index 36a5aa3..cfcfdd5 100644 ---- a/config.h -+++ b/config.h -@@ -69,6 +69,7 @@ struct dhcp6_if { - u_int32_t linkid; /* to send link-local packets */ - /* multiple global address configuration is not supported now */ - struct in6_addr addr; /* global address */ -+ struct duid duid; - - /* configuration parameters */ - u_long send_flags; -@@ -267,7 +268,7 @@ enum { DECL_SEND, DECL_ALLOW, DECL_INFO_ONLY, DECL_REQUEST, DECL_DUID, - DECL_ADDRESS, - DECL_RANGE, DECL_ADDRESSPOOL, - IFPARAM_SLA_ID, IFPARAM_SLA_LEN, IFPARAM_IFID, IFPARAM_IFID_RAND, -- DHCPOPT_RAPID_COMMIT, DHCPOPT_AUTHINFO, -+ DHCPOPT_RAPID_COMMIT, DHCPOPT_CLIENT_ID, DHCPOPT_AUTHINFO, - DHCPOPT_DNS, DHCPOPT_DNSNAME, - DHCPOPT_IA_PD, DHCPOPT_IA_NA, DHCPOPT_NTP, - DHCPOPT_REFRESHTIME, -diff --git a/dhcp6c.c b/dhcp6c.c -index 849835e..875a147 100644 ---- a/dhcp6c.c -+++ b/dhcp6c.c -@@ -433,6 +433,11 @@ client6_start(ifp) - } - dhcp6_reset_timer(ev); - -+ if (!ifp->duid.duid_id && duidcpy(&ifp->duid, &client_duid)) { -+ debug_printf(LOG_ERR, FNAME, "failed to copy client DUID"); -+ return (-1); -+ } -+ - return (0); - } - -@@ -1249,7 +1254,7 @@ client6_send(ev) - } - - /* client ID */ -- if (duidcpy(&optinfo.clientID, &client_duid)) { -+ if (duidcpy(&optinfo.clientID, &ifp->duid)) { - debug_printf(LOG_ERR, FNAME, "failed to copy client ID"); - goto end; - } -@@ -1533,7 +1538,7 @@ client6_recvadvert(ifp, dh6, len, optinfo) - debug_printf(LOG_INFO, FNAME, "no client ID option"); - return (-1); - } -- if (duidcmp(&optinfo->clientID, &client_duid)) { -+ if (duidcmp(&optinfo->clientID, &ifp->duid)) { - debug_printf(LOG_INFO, FNAME, "client DUID mismatch"); - return (-1); - } -@@ -1805,7 +1810,7 @@ client6_recvreply(ifp, dh6, len, optinfo) - debug_printf(LOG_INFO, FNAME, "no client ID option"); - return (-1); - } -- if (duidcmp(&optinfo->clientID, &client_duid)) { -+ if (duidcmp(&optinfo->clientID, &ifp->duid)) { - debug_printf(LOG_INFO, FNAME, "client DUID mismatch"); - return (-1); - } -diff --git a/dhcp6c.conf.5 b/dhcp6c.conf.5 -index 5693fb8..589510a 100644 ---- a/dhcp6c.conf.5 -+++ b/dhcp6c.conf.5 -@@ -139,6 +139,12 @@ An - statement for - .Ar authname - must be provided. -+.It Ic client-id Ar ID -+means the client's DHCP unique identifier -+.Pq DUID . -+.Ar ID -+is a colon-separated hexadecimal sequence where each separated part -+must be composed of two hexadecimal values. - .El - .\" - .Sh Interface statement --- -2.20.1 - diff --git a/packages/wide-dhcpv6/patches/0024-bind-to-single-socket.patch b/packages/wide-dhcpv6/patches/0024-bind-to-single-socket.patch deleted file mode 100644 index b5751325..00000000 --- a/packages/wide-dhcpv6/patches/0024-bind-to-single-socket.patch +++ /dev/null @@ -1,17 +0,0 @@ -diff --git a/dhcp6c.c b/dhcp6c.c -index 1caaaa5..04ce9c5 100644 ---- a/dhcp6c.c -+++ b/dhcp6c.c -@@ -217,6 +217,12 @@ main(argc, argv) - argv[0]); - exit(1); - } -+ -+ if (setsockopt(sock, SOL_SOCKET, SO_BINDTODEVICE, argv[0], strlen(argv[0])) != 0) { -+ debug_printf(LOG_ERR, FNAME, "failed to bind %s", argv[0]); -+ exit(1); -+ } -+ - argv++; - } - diff --git a/packages/wide-dhcpv6/patches/0025-option-to-prevent-ia-release.patch b/packages/wide-dhcpv6/patches/0025-option-to-prevent-ia-release.patch deleted file mode 100644 index 32c15814..00000000 --- a/packages/wide-dhcpv6/patches/0025-option-to-prevent-ia-release.patch +++ /dev/null @@ -1,155 +0,0 @@ -From: 1vivy <1vivy@tutanota.com> -Date: Sat, 22 Jul 2023 13:07:10 -0600 -Subject: wide-dhcpv6: T5387: Add a no release option '-n'. - -This prevents a release signal from being sent to the ISP causing a new PD or address to be allocated. - -Co-authored-by: MrLenin <909621+MrLenin@users.noreply.github.com> -Co-authored-by: marjohn56 <martin@queens-park.com> ---- wide-dhcpv6.orig/common.h -+++ wide-dhcpv6/common.h -@@ -120,6 +120,7 @@ sysdep_sa_len (const struct sockaddr *sa - extern int foreground; - extern int debug_thresh; - extern char *device; -+extern int opt_norelease; - - /* search option for dhcp6_find_listval() */ - #define MATCHLIST_PREFIXLEN 0x1 ---- wide-dhcpv6.orig/dhcp6c.8 -+++ wide-dhcpv6/dhcp6c.8 -@@ -88,6 +88,10 @@ is terminated. (suits for a use in shel - Since the configuration is internally generated, you cannot provide a configuration in this mode. If you want to have different actions for the stateless DHCPv6 information, you should write an appropriate configuration and invoke - .Nm - without this option. -+.It Fl n -+Prevent Release message from being sent to DHCPv6 server when -+.Nm -+stops. This is useful for preventing a new address from being configured by the DHCPv6 server when restarting the DHCPv6 client. - .It Fl p Ar pid-file - Use - .Ar pid-file -@@ -109,18 +113,22 @@ or - .Fl i - option is specified. - .Pp --Upon receipt of the --.Dv SIGHUP -+Upon receipt of a -+.Dv SIGHUP , -+.Dv SIGTERM , - or --.Dv SIGTERM --signals, --.Nm --will remove all stateful resources from the system. --In the former case the daemon will then reinvoke itself, --while it will stop running in the latter case. --In either case, -+.Dv SIGUSR1 -+signal, - .Nm --will send DHCPv6 Release messages to release resources assigned from servers. -+will remove all stateful resources from the system. After that, -+.Dv SIGHUP -+reinitializes the daemon, and -+.Dv SIGTERM -+stops the daemon. In both cases, DHCPv6 Release message will be sent to release resources assigned from servers. -+.Dv SIGUSR1 -+stops the daemon as -+.Dv SIGTERM -+does though DHCPv6 Release message will not be sent. - .\" - .Sh FILES - .Bl -tag -width /etc/wide-dhcpv6/dhcp6c.conf -compact ---- wide-dhcpv6.orig/dhcp6c.c -+++ wide-dhcpv6/dhcp6c.c -@@ -84,6 +84,7 @@ static int exit_ok = 0; - static sig_atomic_t sig_flags = 0; - #define SIGF_TERM 0x1 - #define SIGF_HUP 0x2 -+#define SIGF_USR1 0x4 - - const dhcp6_mode_t dhcp6_mode = DHCP6_MODE_CLIENT; - -@@ -108,6 +109,8 @@ static int ctldigestlen; - - static int infreq_mode = 0; - -+int opt_norelease; -+ - static inline int get_val32 __P((char **, int *, u_int32_t *)); - static inline int get_ifname __P((char **, int *, char *, int)); - -@@ -170,7 +173,7 @@ main(argc, argv) - else - progname++; - -- while ((ch = getopt(argc, argv, "c:dDfik:p:P:")) != -1) { -+ while ((ch = getopt(argc, argv, "c:dDfik:np:P:")) != -1) { - switch (ch) { - case 'c': - conffile = optarg; -@@ -190,6 +193,9 @@ main(argc, argv) - case 'k': - ctlkeyfile = optarg; - break; -+ case 'n': -+ opt_norelease = 1; -+ break; - case 'p': - pid_file = optarg; - break; -@@ -395,6 +401,11 @@ client6_init() - strerror(errno)); - exit(1); - } -+ if (signal(SIGUSR1, client6_signal) == SIG_ERR) { -+ debug_printf(LOG_WARNING, FNAME, "failed to set signal: %s", -+ strerror(errno)); -+ exit(1); -+ } - } - - int -@@ -525,6 +536,13 @@ process_signals() - free_resources(NULL); - client6_startall(1); - } -+ if ((sig_flags & SIGF_USR1)) { -+ debug_printf(LOG_INFO, FNAME, "exit without release"); -+ exit_ok = 1; -+ opt_norelease = 1; -+ free_resources(NULL); -+ check_exit(); -+ } - - sig_flags = 0; - } -@@ -1171,6 +1189,9 @@ client6_signal(sig) - case SIGHUP: - sig_flags |= SIGF_HUP; - break; -+ case SIGUSR1: -+ sig_flags |= SIGF_USR1; -+ break; - } - } - ---- wide-dhcpv6.orig/dhcp6c_ia.c -+++ wide-dhcpv6/dhcp6c_ia.c -@@ -420,7 +420,13 @@ release_all_ia(ifp) - for (ia = TAILQ_FIRST(&iac->iadata); ia; ia = ia_next) { - ia_next = TAILQ_NEXT(ia, link); - -- (void)release_ia(ia); -+ if (opt_norelease == 0) { -+ debug_printf(LOG_INFO, FNAME, "Start address " -+ "release"); -+ (void)release_ia(ia); -+ } else -+ debug_printf(LOG_INFO, FNAME, "Bypassing address " -+ "release because of -n flag"); - - /* - * The client MUST stop using all of the addresses diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index dfb772d8..8d65f8b2 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -544,6 +544,11 @@ try: c.sendline('systemd-detect-virt') c.expect('kvm') c.expect(op_mode_prompt) + # Ensure ephemeral key is loaded + vyos_kernel_key = 'VyOS build time autogenerated kernel key' + c.sendline(f'show log kernel | match "{vyos_kernel_key}"') + c.expect(f'.*{vyos_kernel_key}.*') + c.expect(op_mode_prompt) ################################################# # Executing test-suite @@ -755,7 +760,7 @@ try: if args.match: # Remove tests that we don't want to run match_str = '-o '.join([f'-name "test_*{name}*.py" ' for name in args.match.split("|")]).strip() - c.sendline(f'sudo find /usr/libexec/vyos/tests/smoke/cli/test_* -type f ! \( {match_str} \) -delete') + c.sendline(f'sudo find /usr/libexec/vyos/tests/smoke -maxdepth 2 -type f -name test_* ! \( {match_str} \) -delete') c.expect(op_mode_prompt) if args.no_interfaces: # remove interface tests as they consume a lot of time diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image index 80b4d61d..044a9055 100755 --- a/scripts/image-build/build-vyos-image +++ b/scripts/image-build/build-vyos-image @@ -25,6 +25,7 @@ import copy import uuid import glob import json +import base64 import shutil import argparse import datetime @@ -337,6 +338,17 @@ if __name__ == "__main__": if type(build_config["image_format"]) != list: build_config["image_format"] = [ build_config["image_format"] ] + ## If the user didn't explicitly specify what extensions build artifact should have, + ## assume that the list is the same as image formats. + ## One case when it's not the same is when a custom build hook is used + ## to build a format that our build script doesn't support natively. + if not has_nonempty_key(build_config, "artifact_format"): + build_config["artifact_format"] = build_config["image_format"] + else: + # If the option is there, also make it list if it's a scalar + if type(build_config["artifact_format"]) != list: + build_config["artifact_format"] = [ build_config["artifact_format"] ] + ## Dump the complete config if the user enabled debug mode if debug: import json @@ -421,11 +433,6 @@ if __name__ == "__main__": # Release build, use the version from ./configure arguments version = build_config['version'] - if build_config['build_type'] == 'development': - lts_build = False - else: - lts_build = True - version_data = { 'version': version, 'flavor': build_config["build_flavor"], @@ -436,7 +443,7 @@ if __name__ == "__main__": 'build_branch': git_branch, 'release_train': build_config['release_train'], 'architecture': build_config['architecture'], - 'lts_build': lts_build, + 'build_type': build_config['build_type'], 'build_comment': build_config['build_comment'], 'bugtracker_url': build_config['bugtracker_url'], 'documentation_url': build_config['documentation_url'], @@ -446,19 +453,18 @@ if __name__ == "__main__": # Multi line strings needs to be un-indented to not have leading # whitespaces in the resulting file - os_release = f""" - PRETTY_NAME="VyOS {version} ({build_config['release_train']})" - NAME="VyOS" - VERSION_ID="{version}" - VERSION="{version} ({build_config['release_train']})" - VERSION_CODENAME={build_defaults['debian_distribution']} - ID=vyos - BUILD_ID="{build_git}" - HOME_URL="{build_defaults['website_url']}" - SUPPORT_URL="{build_defaults['support_url']}" - BUG_REPORT_URL="{build_defaults['bugtracker_url']}" - DOCUMENTATION_URL="{build_config['documentation_url']}" - """ + os_release = f"""PRETTY_NAME="VyOS {version} ({build_config['release_train']})" +NAME="VyOS" +VERSION_ID="{version}" +VERSION="{version} ({build_config['release_train']})" +VERSION_CODENAME={build_defaults['debian_distribution']} +ID=vyos +BUILD_ID="{build_git}" +HOME_URL="{build_defaults['website_url']}" +SUPPORT_URL="{build_defaults['support_url']}" +BUG_REPORT_URL="{build_defaults['bugtracker_url']}" +DOCUMENTATION_URL="{build_config['documentation_url']}" +""" # Reminder: all paths relative to the build dir, not to the repository root chroot_includes_dir = defaults.CHROOT_INCLUDES_DIR @@ -478,8 +484,8 @@ if __name__ == "__main__": print("Version: {0}".format(version), file=f) # Define variables that influence to welcome message on boot - os.makedirs(os.path.join(chroot_includes_dir, 'usr/lib/'), exist_ok=True) - with open(os.path.join(chroot_includes_dir, 'usr/lib/os-release'), 'w') as f: + os.makedirs(os.path.join(chroot_includes_dir, 'etc/'), exist_ok=True) + with open(os.path.join(chroot_includes_dir, 'etc/os-release'), 'w') as f: print(os_release, file=f) ## Clean up earlier build state and artifacts @@ -498,8 +504,9 @@ if __name__ == "__main__": ## Create live-build configuration files # Add the additional repositories to package lists - print("I: Setting up additional APT entries") + print("I: Setting up VyOS repository APT entries") vyos_repo_entry = "deb {vyos_mirror} {vyos_branch} main\n".format(**build_config) + vyos_repo_entry += "deb-src {vyos_mirror} {vyos_branch} main\n".format(**build_config) apt_file = defaults.VYOS_REPO_FILE @@ -511,10 +518,36 @@ if __name__ == "__main__": f.write(vyos_repo_entry) # Add custom APT entries + print("I: Setting up additional APT entries") if build_config.get('additional_repositories', False): - build_config['custom_apt_entry'] += build_config['additional_repositories'] + for r in build_config['additional_repositories']: + repo_data = build_config['additional_repositories'][r] + + url = repo_data.get('url', None) + arch = repo_data.get('architecture', None) + distro = repo_data.get('distribution', build_config['debian_distribution']) + components = repo_data.get('components', 'main') + + if not url: + print(f'E: repository {r} does not specify URL') + sys.exit(1) - if build_config.get('custom_apt_entry', False): + if arch: + arch_string = f'[arch={arch}]' + else: + arch_string = '' + + entry = f'deb {arch_string} {url} {distro} {components}' + build_config['custom_apt_entry'].append(entry) + + if not repo_data.get('no_source', False): + src_entry = f'deb-src {url} {distro} {components}' + build_config['custom_apt_entry'].append(src_entry) + + if repo_data.get('key', None): + build_config['custom_apt_keys'].append({'name': r, 'key': repo_data['key']}) + + if build_config.get('custom_apt_entry', []): custom_apt_file = defaults.CUSTOM_REPO_FILE entries = "\n".join(build_config['custom_apt_entry']) if debug: @@ -525,11 +558,13 @@ if __name__ == "__main__": f.write("\n") # Add custom APT keys - if has_nonempty_key(build_config, 'custom_apt_key'): + if has_nonempty_key(build_config, 'custom_apt_keys'): key_dir = defaults.ARCHIVES_DIR - for k in build_config['custom_apt_key']: - dst_name = '{0}.key.chroot'.format(os.path.basename(k)) - shutil.copy(k, os.path.join(key_dir, dst_name)) + for k in build_config['custom_apt_keys']: + dst_name = '{0}.key.chroot'.format(k['name']) + with open(os.path.join(key_dir, dst_name), 'bw') as f: + key_data = base64.b64decode(k['key']) + f.write(key_data) # Add custom packages if has_nonempty_key(build_config, 'packages'): @@ -588,7 +623,8 @@ if __name__ == "__main__": --mirror-chroot {{debian_mirror}} \ --mirror-chroot-security {{debian_security_mirror}} \ --security true \ - --updates true + --updates true \ + --utc-time true "${@}" """) @@ -631,6 +667,9 @@ Pin-Priority: 600 # Copy the image shutil.copy("live-image-{0}.hybrid.iso".format(build_config["architecture"]), iso_file) + # Add the image to the manifest + manifest['artifacts'].append(iso_file) + # If the flavor has `image_format = "iso"`, then the work is done. # If not, build additional flavors from the ISO. if build_config["image_format"] != ["iso"]: @@ -669,5 +708,18 @@ Pin-Priority: 600 {build_config['architecture']} {hook_opts}") manifest['artifacts'].append(custom_image) + # Filter out unwanted files from the artifact list + # and leave only those the user specified + # in either `artifact_format` or `image_format`. + # + # For example, with `image_format = "raw"`, + # the ISO image is just an intermediate object, not an target artifact. + + # os.path.splitext returns extensions with dots, + # so we need to remove the dots, hence [1:] + is_artifact = lambda f: os.path.splitext(f)[-1][1:] in build_config['artifact_format'] + + manifest['artifacts'] = list(filter(is_artifact, manifest['artifacts'])) + with open('manifest.json', 'w') as f: f.write(json.dumps(manifest)) diff --git a/scripts/image-build/defaults.py b/scripts/image-build/defaults.py index a0c5c8bf..29a6d59f 100644 --- a/scripts/image-build/defaults.py +++ b/scripts/image-build/defaults.py @@ -35,7 +35,7 @@ boot_settings: dict[str, str] = { # Hardcoded default values HARDCODED_BUILD = { 'custom_apt_entry': [], - 'custom_apt_key': [], + 'custom_apt_keys': [], 'custom_package': [], 'reuse_iso': None, 'disk_size': 10, diff --git a/scripts/package-build/build.py b/scripts/package-build/build.py index 99180e17..0648b564 100755 --- a/scripts/package-build/build.py +++ b/scripts/package-build/build.py @@ -101,6 +101,12 @@ def build_package(package: list, dependencies: list, patch_dir: Path) -> None: if (repo_dir / 'patches'): apply_patches(repo_dir, patch_dir) + # Sanitize the commit ID and build a tarball for the package + commit_id_sanitized = package['commit_id'].replace('/', '_') + tarball_name = f"{repo_name}_{commit_id_sanitized}.tar.gz" + run(['tar', '-czf', tarball_name, '-C', str(repo_dir.parent), repo_name], check=True) + print(f"I: Tarball created: {tarball_name}") + # Prepare the package if required if package.get('prepare_package', False): prepare_package(repo_dir, package.get('install_data', '')) diff --git a/scripts/package-build/ethtool/package.toml b/scripts/package-build/ethtool/package.toml index 9468ed82..ec22a06c 100644 --- a/scripts/package-build/ethtool/package.toml +++ b/scripts/package-build/ethtool/package.toml @@ -1,4 +1,4 @@ [[packages]] name = "ethtool" -commit_id = "debian/1%6.6-1" +commit_id = "debian/1%6.10-1" scm_url = "https://salsa.debian.org/kernel-team/ethtool" diff --git a/scripts/package-build/frr/patches/0001-Enable-PCRE2-in-Debian-package-builds.patch b/scripts/package-build/frr/patches/0001-Enable-PCRE2-in-Debian-package-builds.patch new file mode 100644 index 00000000..c31c4a85 --- /dev/null +++ b/scripts/package-build/frr/patches/0001-Enable-PCRE2-in-Debian-package-builds.patch @@ -0,0 +1,24 @@ +From 21800432167ac022c01772df993efca8d4969b38 Mon Sep 17 00:00:00 2001 +From: Daniil Baturin <daniil@baturin.org> +Date: Wed, 6 Nov 2024 15:58:10 +0000 +Subject: [PATCH] Enable PCRE2 in Debian package builds + +--- + debian/rules | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/debian/rules b/debian/rules +index 43e5d7e61..1f971ab22 100755 +--- a/debian/rules ++++ b/debian/rules +@@ -69,6 +69,7 @@ override_dh_auto_configure: + --enable-vty-group=frrvty \ + --enable-configfile-mask=0640 \ + --enable-logfile-mask=0640 \ ++ --enable-pcre2posix \ + # end + + override_dh_auto_install: +-- +2.47.0 + diff --git a/scripts/package-build/frr_exporter/.gitignore b/scripts/package-build/frr_exporter/.gitignore new file mode 100644 index 00000000..4880abf9 --- /dev/null +++ b/scripts/package-build/frr_exporter/.gitignore @@ -0,0 +1,6 @@ +frr_exporter / +*.buildinfo +*.build +*.changes +*.deb +*.dsc diff --git a/scripts/package-build/frr_exporter/build.py b/scripts/package-build/frr_exporter/build.py new file mode 120000 index 00000000..3c76af73 --- /dev/null +++ b/scripts/package-build/frr_exporter/build.py @@ -0,0 +1 @@ +../build.py
\ No newline at end of file diff --git a/scripts/package-build/frr_exporter/package.toml b/scripts/package-build/frr_exporter/package.toml new file mode 100644 index 00000000..1c87d496 --- /dev/null +++ b/scripts/package-build/frr_exporter/package.toml @@ -0,0 +1,22 @@ +[[packages]] +name = "frr_exporter" +commit_id = "v1.3.1" +scm_url = "https://github.com/tynany/frr_exporter" + +build_cmd = """ + +# Create the install directory +mkdir -p debian/usr/sbin +make setup_promu +go build + +# Move the frr_exporter binary to the install directory +mv frr_exporter debian/usr/sbin + +# Build the Debian package +fpm --input-type dir --output-type deb --name frr-exporter \ + --version $(git describe --tags --always | cut -c2-) --deb-compression gz \ + --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ + --description "Prometheus exporter for FRR" \ + --license Apache-2.0 -C debian --package .. +""" diff --git a/scripts/package-build/linux-kernel/arch b/scripts/package-build/linux-kernel/arch deleted file mode 120000 index f5f81fdc..00000000 --- a/scripts/package-build/linux-kernel/arch +++ /dev/null @@ -1 +0,0 @@ -../../../packages/linux-kernel/arch
\ No newline at end of file diff --git a/packages/linux-kernel/arch/arm64/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig index 7b49f05f..7b49f05f 100644 --- a/packages/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig diff --git a/packages/linux-kernel/arch/x86/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig index 37becb4c..4c1a4adc 100644 --- a/packages/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.48 Kernel Configuration +# Linux/x86 6.6.52 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Debian 12.2.0-14) 12.2.0" CONFIG_CC_IS_GCC=y @@ -124,13 +124,11 @@ CONFIG_BPF_JIT_DEFAULT_ON=y # CONFIG_BPF_PRELOAD is not set # end of BPF subsystem -CONFIG_PREEMPT_BUILD=y +CONFIG_PREEMPT_NONE_BUILD=y CONFIG_PREEMPT_NONE=y # CONFIG_PREEMPT_VOLUNTARY is not set # CONFIG_PREEMPT is not set -CONFIG_PREEMPT_COUNT=y -CONFIG_PREEMPTION=y -CONFIG_PREEMPT_DYNAMIC=y +# CONFIG_PREEMPT_DYNAMIC is not set # CONFIG_SCHED_CORE is not set # @@ -154,11 +152,9 @@ CONFIG_CPU_ISOLATION=y # RCU Subsystem # CONFIG_TREE_RCU=y -CONFIG_PREEMPT_RCU=y # CONFIG_RCU_EXPERT is not set CONFIG_TREE_SRCU=y CONFIG_TASKS_RCU_GENERIC=y -CONFIG_TASKS_RCU=y CONFIG_TASKS_TRACE_RCU=y CONFIG_RCU_STALL_COMMON=y CONFIG_RCU_NEED_SEGCBLIST=y @@ -846,6 +842,7 @@ CONFIG_FUNCTION_ALIGNMENT=16 CONFIG_RT_MUTEXES=y CONFIG_BASE_SMALL=0 +CONFIG_MODULE_SIG_FORMAT=y CONFIG_MODULES=y # CONFIG_MODULE_DEBUG is not set CONFIG_MODULE_FORCE_LOAD=y @@ -855,7 +852,15 @@ CONFIG_MODULE_FORCE_UNLOAD=y CONFIG_MODVERSIONS=y CONFIG_ASM_MODVERSIONS=y # CONFIG_MODULE_SRCVERSION_ALL is not set -# CONFIG_MODULE_SIG is not set +CONFIG_MODULE_SIG=y +CONFIG_MODULE_SIG_FORCE=y +CONFIG_MODULE_SIG_ALL=y +# CONFIG_MODULE_SIG_SHA1 is not set +# CONFIG_MODULE_SIG_SHA224 is not set +# CONFIG_MODULE_SIG_SHA256 is not set +# CONFIG_MODULE_SIG_SHA384 is not set +CONFIG_MODULE_SIG_SHA512=y +CONFIG_MODULE_SIG_HASH="sha512" CONFIG_MODULE_COMPRESS_NONE=y # CONFIG_MODULE_COMPRESS_GZIP is not set # CONFIG_MODULE_COMPRESS_XZ is not set @@ -919,7 +924,11 @@ CONFIG_IOSCHED_BFQ=y CONFIG_PADATA=y CONFIG_ASN1=y -CONFIG_UNINLINE_SPIN_UNLOCK=y +CONFIG_INLINE_SPIN_UNLOCK_IRQ=y +CONFIG_INLINE_READ_UNLOCK=y +CONFIG_INLINE_READ_UNLOCK_IRQ=y +CONFIG_INLINE_WRITE_UNLOCK=y +CONFIG_INLINE_WRITE_UNLOCK_IRQ=y CONFIG_ARCH_SUPPORTS_ATOMIC_RMW=y CONFIG_MUTEX_SPIN_ON_OWNER=y CONFIG_RWSEM_SPIN_ON_OWNER=y @@ -5888,8 +5897,11 @@ CONFIG_SIGNED_PE_FILE_VERIFICATION=y # # Certificates for signature checking # -CONFIG_SYSTEM_TRUSTED_KEYRING=y -CONFIG_SYSTEM_TRUSTED_KEYS="" +CONFIG_MODULE_SIG_KEY="certs/signing_key.pem" +CONFIG_MODULE_SIG_KEY_TYPE_RSA=y +# CONFIG_MODULE_SIG_KEY_TYPE_ECDSA is not set +# CONFIG_SYSTEM_TRUSTED_KEYRING is not set +# CONFIG_SYSTEM_TRUSTED_KEYS is not set # CONFIG_SYSTEM_EXTRA_CERTIFICATE is not set # CONFIG_SECONDARY_TRUSTED_KEYRING is not set # CONFIG_SYSTEM_BLACKLIST_KEYRING is not set @@ -6063,7 +6075,7 @@ CONFIG_DEBUG_BUGVERBOSE=y # end of printk and dmesg options CONFIG_DEBUG_KERNEL=y -CONFIG_DEBUG_MISC=y +# CONFIG_DEBUG_MISC is not set # # Compile-time checks and compiler options @@ -6141,7 +6153,7 @@ CONFIG_ARCH_HAS_DEBUG_VM_PGTABLE=y # CONFIG_DEBUG_VM_PGTABLE is not set CONFIG_ARCH_HAS_DEBUG_VIRTUAL=y # CONFIG_DEBUG_VIRTUAL is not set -CONFIG_DEBUG_MEMORY_INIT=y +# CONFIG_DEBUG_MEMORY_INIT is not set # CONFIG_DEBUG_PER_CPU_MAPS is not set CONFIG_ARCH_SUPPORTS_KMAP_LOCAL_FORCE_MAP=y # CONFIG_DEBUG_KMAP_LOCAL_FORCE_MAP is not set @@ -6192,7 +6204,6 @@ CONFIG_SCHEDSTATS=y # end of Scheduler Debugging # CONFIG_DEBUG_TIMEKEEPING is not set -CONFIG_DEBUG_PREEMPT=y # # Lock Debugging (spinlocks, mutexes, etc...) @@ -6274,7 +6285,6 @@ CONFIG_FTRACE=y # CONFIG_FUNCTION_TRACER is not set # CONFIG_STACK_TRACER is not set # CONFIG_IRQSOFF_TRACER is not set -# CONFIG_PREEMPT_TRACER is not set # CONFIG_SCHED_TRACER is not set # CONFIG_HWLAT_TRACER is not set # CONFIG_OSNOISE_TRACER is not set @@ -6327,7 +6337,7 @@ CONFIG_IO_DELAY_0X80=y # CONFIG_CPA_DEBUG is not set # CONFIG_DEBUG_ENTRY is not set # CONFIG_DEBUG_NMI_SELFTEST is not set -CONFIG_X86_DEBUG_FPU=y +# CONFIG_X86_DEBUG_FPU is not set # CONFIG_PUNIT_ATOM_DEBUG is not set CONFIG_UNWINDER_ORC=y # CONFIG_UNWINDER_FRAME_POINTER is not set diff --git a/scripts/package-build/linux-kernel/build-accel-ppp.sh b/scripts/package-build/linux-kernel/build-accel-ppp.sh index 1685ff8d..a2f8df52 100755 --- a/scripts/package-build/linux-kernel/build-accel-ppp.sh +++ b/scripts/package-build/linux-kernel/build-accel-ppp.sh @@ -13,6 +13,10 @@ if [ ! -f ${KERNEL_VAR_FILE} ]; then exit 1 fi +cd ${ACCEL_SRC} +git reset --hard HEAD +git clean --force -d -x + PATCH_DIR=${CWD}/patches/accel-ppp if [ -d $PATCH_DIR ]; then cd ${ACCEL_SRC} @@ -36,6 +40,10 @@ cmake -DBUILD_IPOE_DRIVER=TRUE \ -DMODULES_KDIR=${KERNEL_VERSION}${KERNEL_SUFFIX} \ -DCPACK_TYPE=Debian12 .. make + +# Sign generated Kernel modules +${CWD}/sign-modules.sh . + cpack -G DEB # rename resulting Debian package according git description diff --git a/scripts/package-build/linux-kernel/build-intel-ixgbe.sh b/scripts/package-build/linux-kernel/build-intel-ixgbe.sh index 5f45c62a..fabfb7af 100755 --- a/scripts/package-build/linux-kernel/build-intel-ixgbe.sh +++ b/scripts/package-build/linux-kernel/build-intel-ixgbe.sh @@ -80,6 +80,9 @@ fi echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" cd ${CWD} +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + # delete non required files which are also present in the kernel package # und thus lead to duplicated files find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f @@ -94,14 +97,17 @@ fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi +# echo "I: Cleanup ${DRIVER_NAME} source" +# cd ${CWD} +# if [ -e ${DRIVER_FILE} ]; then +# rm -f ${DRIVER_FILE} +# fi +# if [ -d ${DRIVER_DIR} ]; then +# rm -rf ${DRIVER_DIR} +# fi +# if [ -d ${DEBIAN_DIR} ]; then +# rm -rf ${DEBIAN_DIR} +# fi +# if [ -f ${DEBIAN_POSTINST} ]; then +# rm -f ${DEBIAN_POSTINST} +# fi diff --git a/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh b/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh index a965e0de..f0e4c89b 100755 --- a/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh +++ b/scripts/package-build/linux-kernel/build-intel-ixgbevf.sh @@ -72,6 +72,9 @@ fi echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" cd ${CWD} +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + # delete non required files which are also present in the kernel package # und thus lead to duplicated files find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f @@ -86,15 +89,17 @@ fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi - +# echo "I: Cleanup ${DRIVER_NAME} source" +# cd ${CWD} +# if [ -e ${DRIVER_FILE} ]; then +# rm -f ${DRIVER_FILE} +# fi +# if [ -d ${DRIVER_DIR} ]; then +# rm -rf ${DRIVER_DIR} +# fi +# if [ -d ${DEBIAN_DIR} ]; then +# rm -rf ${DEBIAN_DIR} +# fi +# if [ -f ${DEBIAN_POSTINST} ]; then +# rm -f ${DEBIAN_POSTINST} +# fi diff --git a/scripts/package-build/linux-kernel/build-intel-qat.sh b/scripts/package-build/linux-kernel/build-intel-qat.sh index 765cea3f..c2c364a9 100755 --- a/scripts/package-build/linux-kernel/build-intel-qat.sh +++ b/scripts/package-build/linux-kernel/build-intel-qat.sh @@ -14,7 +14,7 @@ fi . ${KERNEL_VAR_FILE} -url="https://dev.packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz" +url="https://packages.vyos.net/source-mirror/QAT.L.4.24.0-00005.tar.gz" cd ${CWD} @@ -84,6 +84,9 @@ fi echo "I: Building Debian package vyos-intel-${DRIVER_NAME}" cd ${CWD} +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + # delete non required files which are also present in the kernel package # und thus lead to duplicated files find ${DEBIAN_DIR} -name "modules.*" | xargs rm -f @@ -98,14 +101,17 @@ fpm --input-type dir --output-type deb --name vyos-intel-${DRIVER_NAME} \ --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ --license "GPL2" -C ${DEBIAN_DIR} --after-install ${DEBIAN_POSTINST} -echo "I: Cleanup ${DRIVER_NAME} source" -cd ${CWD} -if [ -e ${DRIVER_FILE} ]; then - rm -f ${DRIVER_FILE} -fi -if [ -d ${DRIVER_DIR} ]; then - rm -rf ${DRIVER_DIR} -fi -if [ -d ${DEBIAN_DIR} ]; then - rm -rf ${DEBIAN_DIR} -fi +# echo "I: Cleanup ${DRIVER_NAME} source" +# cd ${CWD} +# if [ -e ${DRIVER_FILE} ]; then +# rm -f ${DRIVER_FILE} +# fi +# if [ -d ${DRIVER_DIR} ]; then +# rm -rf ${DRIVER_DIR} +# fi +# if [ -d ${DEBIAN_DIR} ]; then +# rm -rf ${DEBIAN_DIR} +# fi +# if [ -f ${DEBIAN_POSTINST} ]; then +# rm -f ${DEBIAN_POSTINST} +# fi diff --git a/scripts/package-build/linux-kernel/build-jool.py b/scripts/package-build/linux-kernel/build-jool.py index 570293f5..3d2c3d6a 100755 --- a/scripts/package-build/linux-kernel/build-jool.py +++ b/scripts/package-build/linux-kernel/build-jool.py @@ -29,9 +29,8 @@ def add_depends(package_dir: str, package_name: str, # find kernel version and source path arch: str = find_arch() defaults_file: str = Path('../../../data/defaults.toml').read_text() -architecture_file: str = Path(f'../../../data/architectures/{arch}.toml').read_text() KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version') -KERNEL_FLAVOR: str = toml_loads(architecture_file).get('kernel_flavor') +KERNEL_FLAVOR: str = toml_loads(defaults_file).get('kernel_flavor') KERNEL_SRC: str = Path.cwd().as_posix() + '/linux' # define variables @@ -66,7 +65,7 @@ MODULES_DIR := extra # main packaging script based on dh7 syntax %: - dh $@ + dh $@ override_dh_clean: dh_clean --exclude=debian/{PACKAGE_NAME}.substvars @@ -88,7 +87,7 @@ override_dh_auto_install: install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko - + ${{KERNEL_DIR}}/../sign-modules.sh ${{PACKAGE_BUILD_DIR}}/lib ''' bild_rules = Path(f'{PACKAGE_DIR}/debian/rules') bild_rules.write_text(build_rules_text) diff --git a/scripts/package-build/linux-kernel/build-kernel.sh b/scripts/package-build/linux-kernel/build-kernel.sh index 2c02f5c3..cd9c1054 100755 --- a/scripts/package-build/linux-kernel/build-kernel.sh +++ b/scripts/package-build/linux-kernel/build-kernel.sh @@ -9,16 +9,20 @@ if [ ! -d ${KERNEL_SRC} ]; then exit 1 fi -echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source" -cp -rv arch/ ${KERNEL_SRC}/ - cd ${KERNEL_SRC} -echo "I: clean modified files" -git reset --hard HEAD +if [ -d .git ]; then + echo "I: Clean modified files - reset Git repo" + git reset --hard HEAD + git clean --force -d -x +fi + +echo "I: Copy Kernel config (x86_64_vyos_defconfig) to Kernel Source" +cp -rv ${CWD}/arch/ . KERNEL_VERSION=$(make kernelversion) -KERNEL_SUFFIX=-$(dpkg --print-architecture)-vyos +KERNEL_SUFFIX=-$(awk -F "= " '/kernel_flavor/ {print $2}' ../../../../data/defaults.toml | tr -d \") +KERNEL_CONFIG=arch/x86/configs/vyos_defconfig # VyOS requires some small Kernel Patches - apply them here # It's easier to habe them here and make use of the upstream @@ -31,26 +35,53 @@ do patch -p1 < ${PATCH_DIR}/${patch} done +# Change name of Signing Cert +sed -i -e "s/CN =.*/CN=VyOS build time autogenerated kernel key/" certs/default_x509.genkey + +TRUSTED_KEYS_FILE=trusted_keys.pem +# start with empty key file +echo -n "" > $TRUSTED_KEYS_FILE +CERTS=$(find ../../../data/live-build-config/includes.chroot/var/lib/shim-signed/mok -name "*.pem" -type f || true) +if [ ! -z "${CERTS}" ]; then + # add known public keys to Kernel certificate chain + for file in $CERTS; do + cat $file >> $TRUSTED_KEYS_FILE + done + # Force Kernel module signing and embed public keys + echo "CONFIG_SYSTEM_TRUSTED_KEYRING" >> $KERNEL_CONFIG + echo "CONFIG_SYSTEM_TRUSTED_KEYS=\"$TRUSTED_KEYS_FILE\"" >> $KERNEL_CONFIG +fi + echo "I: make vyos_defconfig" # Select Kernel configuration - currently there is only one make vyos_defconfig echo "I: Generate environment file containing Kernel variable" +EPHEMERAL_KEY="/tmp/ephemeral.key" +EPHEMERAL_PEM="/tmp/ephemeral.pem" cat << EOF >${CWD}/kernel-vars #!/bin/sh export KERNEL_VERSION=${KERNEL_VERSION} export KERNEL_SUFFIX=${KERNEL_SUFFIX} export KERNEL_DIR=${CWD}/${KERNEL_SRC} +export EPHEMERAL_KEY=${EPHEMERAL_KEY} +export EPHEMERAL_CERT=${EPHEMERAL_PEM} EOF echo "I: Build Debian Kernel package" touch .scmversion make bindeb-pkg BUILD_TOOLS=1 LOCALVERSION=${KERNEL_SUFFIX} KDEB_PKGVERSION=${KERNEL_VERSION}-1 -j $(getconf _NPROCESSORS_ONLN) +# Back to the old Kernel build-scripts directory cd $CWD -if [[ $? == 0 ]]; then - for package in $(ls linux-*.deb) - do - ln -sf linux-kernel/$package .. - done +EPHEMERAL_KERNEL_KEY=$(grep -E "^CONFIG_MODULE_SIG_KEY=" ${KERNEL_SRC}/$KERNEL_CONFIG | awk -F= '{print $2}' | tr -d \") +if test -f "${EPHEMERAL_KEY}"; then + rm -f ${EPHEMERAL_KEY} +fi +if test -f "${EPHEMERAL_PEM}"; then + rm -f ${EPHEMERAL_PEM} +fi +if test -f "${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY}"; then + openssl rsa -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_KEY} + openssl x509 -in ${KERNEL_SRC}/${EPHEMERAL_KERNEL_KEY} -out ${EPHEMERAL_PEM} fi diff --git a/packages/linux-kernel/build-mellanox-ofed.sh b/scripts/package-build/linux-kernel/build-mellanox-ofed.sh index a157ee61..3f8a50f0 100755 --- a/packages/linux-kernel/build-mellanox-ofed.sh +++ b/scripts/package-build/linux-kernel/build-mellanox-ofed.sh @@ -117,6 +117,18 @@ cp $(find $CWD/$DRIVER_DIR/DEBS/$DEB_DISTRO -type f | grep '\.deb$') "$CWD/" echo "I: Cleanup ${DRIVER_NAME} source" cd ${CWD} + +# Sign modules +DEB_NAME=$(ls mlnx-ofed-kernel-modules_*) +TMP_DIR="tmp-ofed-sign" +dpkg-deb --raw-extract ${DEB_NAME} ${TMP_DIR} +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${TMP_DIR} +# Cleanup and repack DEB +rm -f ${DEB_NAME} +dpkg-deb --build ${TMP_DIR} ${DEB_NAME} +rm -rf ${TMP_DIR} + if [ -f ${DRIVER_FILE} ]; then rm -f ${DRIVER_FILE} fi diff --git a/scripts/package-build/linux-kernel/build-nat-rtsp.sh b/scripts/package-build/linux-kernel/build-nat-rtsp.sh index ec7d19a6..33f1311d 100755 --- a/scripts/package-build/linux-kernel/build-nat-rtsp.sh +++ b/scripts/package-build/linux-kernel/build-nat-rtsp.sh @@ -15,7 +15,10 @@ fi . ${KERNEL_VAR_FILE} -cd ${SRC} && make KERNELDIR=$KERNEL_DIR +cd ${SRC} +git reset --hard HEAD +git clean --force -d -x +make KERNELDIR=$KERNEL_DIR # Copy binary to package directory DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra @@ -26,6 +29,9 @@ DEBIAN_POSTINST="${CWD}/vyos-nat-rtsp.postinst" echo "#!/bin/sh" > ${DEBIAN_POSTINST} echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + # Build Debian Package fpm --input-type dir --output-type deb --name nat-rtsp \ --version $(git describe --tags --always) --deb-compression gz \ @@ -36,3 +42,7 @@ fpm --input-type dir --output-type deb --name nat-rtsp \ --license "GPL2" --chdir tmp mv *.deb .. + +if [ -f ${DEBIAN_POSTINST} ]; then + rm -f ${DEBIAN_POSTINST} +fi diff --git a/scripts/package-build/linux-kernel/build-openvpn-dco.sh b/scripts/package-build/linux-kernel/build-openvpn-dco.sh index fd427825..518729ee 100755 --- a/scripts/package-build/linux-kernel/build-openvpn-dco.sh +++ b/scripts/package-build/linux-kernel/build-openvpn-dco.sh @@ -15,13 +15,19 @@ fi . ${KERNEL_VAR_FILE} -cd ${SRC} && make KERNEL_SRC=$KERNEL_DIR +cd ${SRC} +git reset --hard HEAD +git clean --force -d -x +make KERNEL_SRC=$KERNEL_DIR # Copy binary to package directory DEBIAN_DIR=tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra mkdir -p ${DEBIAN_DIR} cp drivers/net/ovpn-dco/ovpn-dco-v2.ko ${DEBIAN_DIR} +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + # Build Debian Package fpm --input-type dir --output-type deb --name openvpn-dco \ --version $(git describe | sed s/^v//) --deb-compression gz \ diff --git a/packages/linux-kernel/build-jool.py b/scripts/package-build/linux-kernel/build-realtek-r8152.py index 3f8fd3a5..0113eafc 100755 --- a/packages/linux-kernel/build-jool.py +++ b/scripts/package-build/linux-kernel/build-realtek-r8152.py @@ -1,19 +1,17 @@ #!/usr/bin/env python3 +import os from tomllib import loads as toml_loads from requests import get from pathlib import Path from subprocess import run -def find_arch() -> str: - tmp=run(['dpkg-architecture', '-q', 'DEB_HOST_ARCH'], capture_output=True) - return tmp.stdout.decode().strip() +CWD = os.getcwd() # dependency modifier def add_depends(package_dir: str, package_name: str, depends: list[str]) -> None: """Add dependencies to a package - Args: package_dir (str): a directory where package sources are located package_name (str): a name of package @@ -27,18 +25,17 @@ def add_depends(package_dir: str, package_name: str, # find kernel version and source path -arch: str = find_arch() -defaults_file: str = Path('../../data/defaults.toml').read_text() +defaults_file: str = Path('../../../data/defaults.toml').read_text() +architecture_file: str = Path('../../../data/architectures/amd64.toml').read_text() KERNEL_VER: str = toml_loads(defaults_file).get('kernel_version') KERNEL_FLAVOR: str = toml_loads(defaults_file).get('kernel_flavor') KERNEL_SRC: str = Path.cwd().as_posix() + '/linux' - # define variables -PACKAGE_NAME: str = 'jool' -PACKAGE_VERSION: str = '4.1.9+bf4c7e3669' +PACKAGE_NAME: str = 'vyos-drivers-realtek-r8152' +PACKAGE_VERSION: str = '2.18.1' PACKAGE_DIR: str = f'{PACKAGE_NAME}-{PACKAGE_VERSION}' -SOURCES_ARCHIVE: str = 'jool-4.1.9+bf4c7e3669.tar.gz' -SOURCES_URL: str = f'https://github.com/NICMx/Jool/archive/7f08c42c615ed63cf0fdc1522d91aa0809f6d990.tar.gz' +SOURCES_ARCHIVE: str = 'r8152-2.18.1.tar.bz2' +SOURCES_URL: str = f'https://packages.vyos.net/source-mirror/r8152-2.18.1.tar.bz2' # download sources sources_archive = Path(SOURCES_ARCHIVE) @@ -56,42 +53,43 @@ add_depends(PACKAGE_DIR, PACKAGE_NAME, [f'linux-image-{KERNEL_VER}-{KERNEL_FLAVOR}']) # configure build rules -build_rules_text: str = f'''#!/usr/bin/make -f +build_rules_text: str = '''#!/usr/bin/make -f # config -export KERNEL_DIR := {KERNEL_SRC} +export KERNELDIR := {KERNEL_SRC} PACKAGE_BUILD_DIR := debian/{PACKAGE_NAME} KVER := {KERNEL_VER}-{KERNEL_FLAVOR} -MODULES_DIR := extra - +MODULES_DIR := updates/drivers/net/usb # main packaging script based on dh7 syntax %: - dh $@ +\tdh $@ override_dh_clean: - dh_clean --exclude=debian/{PACKAGE_NAME}.substvars +\tdh_clean --exclude=debian/{PACKAGE_NAME}.substvars override_dh_prep: - dh_prep --exclude=debian/{PACKAGE_NAME}.substvars +\tdh_prep --exclude=debian/{PACKAGE_NAME}.substvars -# override_dh_auto_clean: -# make -C src/mod clean +override_dh_auto_clean: +\tmake clean override_dh_auto_build: - dh_auto_build $@ - make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/common modules - make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/nat64 modules - make -C ${{KERNEL_DIR}} M=$$PWD/src/mod/siit modules +\techo "KERNELDIR=${{KERNELDIR}}" +\techo "CURDIR=${{CURDIR}}" +\tmake -C ${{KERNELDIR}} M=${{CURDIR}} modules override_dh_auto_install: - dh_auto_install $@ - install -D -m 644 src/mod/common/jool_common.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_common.ko - install -D -m 644 src/mod/nat64/jool.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool.ko - install -D -m 644 src/mod/siit/jool_siit.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/jool_siit.ko +\tinstall -D -m 644 r8152.ko ${{PACKAGE_BUILD_DIR}}/lib/modules/${{KVER}}/${{MODULES_DIR}}/r8152.ko +\t${{KERNELDIR}}/../sign-modules.sh ${{PACKAGE_BUILD_DIR}}/lib +\tinstall -D -m 644 50-usb-realtek-net.rules ${{PACKAGE_BUILD_DIR}}/etc/udev/rules.d/50-usb-realtek-net.rules +'''.format(KERNEL_SRC=KERNEL_SRC, PACKAGE_NAME=PACKAGE_NAME, KERNEL_VER=KERNEL_VER, KERNEL_FLAVOR=KERNEL_FLAVOR) -''' -bild_rules = Path(f'{PACKAGE_DIR}/debian/rules') -bild_rules.write_text(build_rules_text) +build_rules_path = Path(f'{PACKAGE_DIR}/debian/rules') +build_rules_path.write_text(build_rules_text, encoding='utf-8') # build a package debuild_cmd: list[str] = ['debuild'] -run(debuild_cmd, cwd=PACKAGE_DIR) +run(debuild_cmd, cwd=PACKAGE_DIR, check=True) + +# Sign generated Kernel modules +clean_cmd: list[str] = ['rm', '-rf', PACKAGE_DIR] +run(clean_cmd, cwd=CWD, check=True) diff --git a/scripts/package-build/linux-kernel/build.py b/scripts/package-build/linux-kernel/build.py index 1bcab686..1433eaa8 100755 --- a/scripts/package-build/linux-kernel/build.py +++ b/scripts/package-build/linux-kernel/build.py @@ -63,6 +63,40 @@ def clone_or_update_repo(repo_dir: Path, scm_url: str, commit_id: str) -> None: run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) +def create_tarball(package_name, source_dir=None): + """Creates a .tar.gz archive of the specified directory. + + Args: + package_name (str): The name of the package. This will also be the name of the output tarball. + source_dir (str, optional): The directory to be archived. If not provided, defaults to `package_name`. + + Raises: + FileNotFoundError: If the specified `source_dir` does not exist. + Exception: If an error occurs during tarball creation. + + Example: + >>> create_tarball("linux-6.6.56") + I: Tarball created: linux-6.6.56.tar.gz + + >>> create_tarball("my-package", "/path/to/source") + I: Tarball created: my-package.tar.gz + """ + # Use package_name as the source directory if source_dir is not provided + source_dir = source_dir or package_name + output_tarball = f"{package_name}.tar.gz" + + # Check if the source directory exists + if not os.path.isdir(source_dir): + raise FileNotFoundError(f"Directory '{source_dir}' does not exist.") + + # Create the tarball + try: + shutil.make_archive(base_name=output_tarball.replace('.tar.gz', ''), format='gztar', root_dir=source_dir) + print(f"I: Tarball created: {output_tarball}") + except Exception as e: + print(f"I: Failed to create tarball for {package_name}: {e}") + + def build_package(package: dict, dependencies: list) -> None: """Build a package from the repository @@ -88,20 +122,28 @@ def build_package(package: dict, dependencies: list) -> None: # Execute the build command if package['build_cmd'] == 'build_kernel': build_kernel(package['kernel_version']) + create_tarball(f'{package["name"]}-{package["kernel_version"]}', f'linux-{package["kernel_version"]}') elif package['build_cmd'] == 'build_linux_firmware': build_linux_firmware(package['commit_id'], package['scm_url']) + create_tarball(f'{package["name"]}-{package["commit_id"]}', f'{package["name"]}') elif package['build_cmd'] == 'build_accel_ppp': build_accel_ppp(package['commit_id'], package['scm_url']) + create_tarball(f'{package["name"]}-{package["commit_id"]}', f'{package["name"]}') elif package['build_cmd'] == 'build_intel_qat': build_intel_qat() elif package['build_cmd'] == 'build_intel_ixgbe': build_intel_ixgbe() elif package['build_cmd'] == 'build_intel_ixgbevf': build_intel_ixgbevf() + elif package['build_cmd'] == 'build_mellanox_ofed': + build_mellanox_ofed() + elif package['build_cmd'] == 'build_realtek_r8152': + build_realtek_r8152() elif package['build_cmd'] == 'build_jool': build_jool() elif package['build_cmd'] == 'build_openvpn_dco': build_openvpn_dco(package['commit_id'], package['scm_url']) + create_tarball(f'{package["name"]}-{package["commit_id"]}', f'{package["name"]}') elif package['build_cmd'] == 'build_nat_rtsp': build_nat_rtsp(package['commit_id'], package['scm_url']) else: @@ -183,6 +225,16 @@ def build_intel_ixgbevf(): run(['./build-intel-ixgbevf.sh'], check=True) +def build_mellanox_ofed(): + """Build Mellanox OFED""" + run(['sudo', './build-mellanox-ofed.sh'], check=True) + + +def build_realtek_r8152(): + """Build Realtek r8152""" + run(['sudo', './build-realtek-r8152.py'], check=True) + + def build_jool(): """Build Jool""" run(['echo y | ./build-jool.py'], check=True, shell=True) diff --git a/scripts/package-build/linux-kernel/package.toml b/scripts/package-build/linux-kernel/package.toml index 8b030da0..035a442e 100644 --- a/scripts/package-build/linux-kernel/package.toml +++ b/scripts/package-build/linux-kernel/package.toml @@ -60,3 +60,14 @@ commit_id = "" scm_url = "" build_cmd = "build_jool" +[[packages]] +name = "mlnx" +commit_id = "" +scm_url = "" +build_cmd = "build_mellanox_ofed" + +[[packages]] +name = "realtek-r8152" +commit_id = "" +scm_url = "" +build_cmd = "build_realtek_r8152" diff --git a/scripts/package-build/linux-kernel/patches b/scripts/package-build/linux-kernel/patches deleted file mode 120000 index fd016d35..00000000 --- a/scripts/package-build/linux-kernel/patches +++ /dev/null @@ -1 +0,0 @@ -../../../packages/linux-kernel/patches
\ No newline at end of file diff --git a/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch index 0c3141a0..0c3141a0 100644 --- a/packages/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0001-L2TP-Include-Calling-Number-to-Calling-Station-ID-RA.patch diff --git a/packages/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch b/scripts/package-build/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch index 6c536c38..6c536c38 100644 --- a/packages/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch +++ b/scripts/package-build/linux-kernel/patches/ixgbe/add_1000base-bx_support.patch diff --git a/packages/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch b/scripts/package-build/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch index 647fe4d5..647fe4d5 100644 --- a/packages/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch +++ b/scripts/package-build/linux-kernel/patches/ixgbe/allow_unsupported_sfp.patch diff --git a/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch index bedcec6e..bedcec6e 100644 --- a/packages/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch diff --git a/packages/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch index b19a8d25..b19a8d25 100644 --- a/packages/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch diff --git a/scripts/package-build/linux-kernel/sign-modules.sh b/scripts/package-build/linux-kernel/sign-modules.sh new file mode 100755 index 00000000..cfb368eb --- /dev/null +++ b/scripts/package-build/linux-kernel/sign-modules.sh @@ -0,0 +1,15 @@ +#!/bin/sh + +BASE_DIR=$(dirname $0) +MODULE_DIR=$1 +. ${BASE_DIR}/kernel-vars + +SIGN_FILE="${KERNEL_DIR}/scripts/sign-file" + +if [ -f ${EPHEMERAL_KEY} ] && [ -f ${EPHEMERAL_CERT} ]; then + find ${MODULE_DIR} -type f -name \*.ko | while read MODULE; do + echo "I: Signing ${MODULE} ..." + ${SIGN_FILE} sha512 ${EPHEMERAL_KEY} ${EPHEMERAL_CERT} ${MODULE} + done +fi + diff --git a/scripts/package-build/netfilter/.gitignore b/scripts/package-build/netfilter/.gitignore index 9bf39f82..c6444404 100644 --- a/scripts/package-build/netfilter/.gitignore +++ b/scripts/package-build/netfilter/.gitignore @@ -5,4 +5,4 @@ *.changes *.deb *.dsc - +*.tar.gz diff --git a/scripts/package-build/netfilter/build.py b/scripts/package-build/netfilter/build.py index 9737b7d3..d15b5770 100755 --- a/scripts/package-build/netfilter/build.py +++ b/scripts/package-build/netfilter/build.py @@ -112,6 +112,12 @@ def build_package(package: dict, dependencies: list, patch_dir: Path) -> None: # Apply patches if any apply_patches(repo_dir, patch_dir, repo_name) + # Sanitize the commit ID and build a tarball for the package + commit_id_sanitized = package['commit_id'].replace('/', '_') + tarball_name = f"{repo_name}_{commit_id_sanitized}.tar.gz" + run(['tar', '-czf', tarball_name, '-C', str(repo_dir.parent), repo_name], check=True) + print(f"I: Tarball created: {tarball_name}") + # Prepare the package if required if package.get('prepare_package', False): prepare_package(repo_dir, package.get('install_data', '')) diff --git a/scripts/package-build/node_exporter/.gitignore b/scripts/package-build/node_exporter/.gitignore new file mode 100644 index 00000000..0e010f4d --- /dev/null +++ b/scripts/package-build/node_exporter/.gitignore @@ -0,0 +1,7 @@ +node_exporter/ +*.buildinfo +*.build +*.changes +*.deb +*.dsc + diff --git a/scripts/package-build/node_exporter/build.py b/scripts/package-build/node_exporter/build.py new file mode 120000 index 00000000..3c76af73 --- /dev/null +++ b/scripts/package-build/node_exporter/build.py @@ -0,0 +1 @@ +../build.py
\ No newline at end of file diff --git a/scripts/package-build/node_exporter/package.toml b/scripts/package-build/node_exporter/package.toml new file mode 100644 index 00000000..b0070278 --- /dev/null +++ b/scripts/package-build/node_exporter/package.toml @@ -0,0 +1,21 @@ +[[packages]] +name = "node_exporter" +commit_id = "v1.8.2" +scm_url = "https://github.com/prometheus/node_exporter" + +build_cmd = """ + +# Create the install directory +mkdir -p debian/usr/sbin +make build + +# Move the node_exporter binary to the install directory +mv node_exporter debian/usr/sbin + +# Build the Debian package +fpm --input-type dir --output-type deb --name node-exporter \ + --version $(git describe --tags --always | cut -c2-) --deb-compression gz \ + --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ + --description "Prometheus exporter for machine metrics" \ + --license Apache-2.0 -C debian --package .. +""" diff --git a/scripts/package-build/openvpn-otp/.gitignore b/scripts/package-build/openvpn-otp/.gitignore index 7f89da2b..60dd3cad 100644 --- a/scripts/package-build/openvpn-otp/.gitignore +++ b/scripts/package-build/openvpn-otp/.gitignore @@ -4,3 +4,4 @@ openvpn-otp/ *.changes *.deb *.dsc +*.tar.gz diff --git a/scripts/package-build/openvpn-otp/package.toml b/scripts/package-build/openvpn-otp/package.toml index 72209ad1..bdbc6d9d 100644 --- a/scripts/package-build/openvpn-otp/package.toml +++ b/scripts/package-build/openvpn-otp/package.toml @@ -1,6 +1,6 @@ [[packages]] name = "openvpn-otp" -commit_id = "master" +commit_id = "9781ff1" scm_url = "https://github.com/evgeny-gridasov/openvpn-otp" # build_cmd = "cd ..; ./build-openvpn-otp.sh" diff --git a/scripts/package-build/strongswan/build-vici.sh b/scripts/package-build/strongswan/build-vici.sh index 5ad0ee80..75b180f0 100755 --- a/scripts/package-build/strongswan/build-vici.sh +++ b/scripts/package-build/strongswan/build-vici.sh @@ -4,7 +4,7 @@ set -e SRC="strongswan/src/libcharon/plugins/vici/python" if [ ! -d ${SRC} ]; then - echo "Source directory does not exists, please 'git clone'" + echo "Source directory does not exist, please 'git clone'" exit 1 fi @@ -28,30 +28,31 @@ Depends: \${misc:Depends}, \${python3:Depends} Description: Native Python interface for strongSwan's VICI protocol EOF - # Create rules file -echo "I: create $SRC/rules" +echo "I: create $SRC/debian/rules" cat <<EOF > debian/rules #!/usr/bin/make -f %: dh \$@ --with python3 EOF -# Make the rules file executable chmod +x debian/rules echo '10' > debian/compat +# Add the 'install' file to copy the vici package to the correct directory +echo "I: create $SRC/debian/install" +cat <<EOF > debian/install +vici /usr/lib/python3/dist-packages/ +EOF + # Copy changelog cp ../../../../../debian/changelog debian/ - -ls -la -pwd - - +# Build the package echo "I: Build Debian Package" dpkg-buildpackage -uc -us -tc -b -d +# Copy the resulting .deb packages echo "I: copy packages" -cp ../*.deb ../../../../../../ +cp ../*.deb ../../../../../../ diff --git a/scripts/package-build/xen-guest-agent/.gitignore b/scripts/package-build/xen-guest-agent/.gitignore new file mode 100644 index 00000000..373bd76a --- /dev/null +++ b/scripts/package-build/xen-guest-agent/.gitignore @@ -0,0 +1,7 @@ +xen-guest-agent/ +*.buildinfo +*.build +*.changes +*.deb +*.dsc + diff --git a/scripts/package-build/xen-guest-agent/build.py b/scripts/package-build/xen-guest-agent/build.py new file mode 120000 index 00000000..3c76af73 --- /dev/null +++ b/scripts/package-build/xen-guest-agent/build.py @@ -0,0 +1 @@ +../build.py
\ No newline at end of file diff --git a/scripts/package-build/xen-guest-agent/package.toml b/scripts/package-build/xen-guest-agent/package.toml new file mode 100644 index 00000000..213425df --- /dev/null +++ b/scripts/package-build/xen-guest-agent/package.toml @@ -0,0 +1,34 @@ +[[packages]] +name = "xen-guest-agent" +commit_id = "0.4.0" +scm_url = "https://gitlab.com/xen-project/xen-guest-agent" + + +build_cmd = """ +# changelog +cat <<EOF > debian/changelog +xen-guest-agent (0.4.0) UNRELEASED; urgency=medium + + * Upstream package + + -- VyOS Maintainers <maintainers@vyos.io> Thu, 26 Sep 2024 12:35:47 +0000 + +EOF + +# Apply the patch to modify the debian/rules file +sed -i 's|../xen-guest-agent-$(UPSTREAM_VERSION)-linux-$(DEB_TARGET_GNU_CPU)|target/release/xen-guest-agent|' debian/rules + +sudo apt-get -y install --no-install-recommends libclang-dev libxen-dev +# Install rust +curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | bash -s -- -y --default-toolchain stable --profile default --no-modify-path + +# Set PATH for Cargo +export PATH="$HOME/.cargo/bin:$PATH" +rustup update +cd xen-guest-agent +cargo update + +# Build deb +cargo build -F static --profile release +dpkg-buildpackage -b -us -uc +""" |