diff options
43 files changed, 1921 insertions, 169 deletions
diff --git a/.github/workflows/check-open-prs-conflict.yml b/.github/workflows/check-open-prs-conflict.yml new file mode 100644 index 00000000..52b11938 --- /dev/null +++ b/.github/workflows/check-open-prs-conflict.yml @@ -0,0 +1,17 @@ +name: "Open PRs Conflicts checker" +on: + push: + branches: + - current + - sagitta + - circinus + workflow_dispatch: + +permissions: + contents: read + pull-requests: write + +jobs: + check-pr-conflict-call: + uses: vyos/.github/.github/workflows/check-open-prs-conflict.yml@current + secrets: inherit diff --git a/.github/workflows/cla-check.yml b/.github/workflows/cla-check.yml new file mode 100644 index 00000000..3c1aeee6 --- /dev/null +++ b/.github/workflows/cla-check.yml @@ -0,0 +1,19 @@ +name: "CLA Check" + +permissions: + actions: write + contents: read + pull-requests: write + statuses: write + +on: + pull_request: + types: [opened, synchronize, closed] + issue_comment: + types: [created] + +jobs: + call-cla-assistant: + uses: vyos/vyos-cla-signatures/.github/workflows/cla-reusable.yml@current + secrets: + CLA_PAT: ${{ secrets.CLA_PAT }} diff --git a/.github/workflows/trigger-pr-mirror-repo-sync.yml b/.github/workflows/trigger-pr-mirror-repo-sync.yml index f7489598..7b4a241f 100644 --- a/.github/workflows/trigger-pr-mirror-repo-sync.yml +++ b/.github/workflows/trigger-pr-mirror-repo-sync.yml @@ -5,6 +5,11 @@ on: - closed branches: - current + +permissions: + pull-requests: write + contents: write + issues: write jobs: call-trigger-mirror-pr-repo-sync: diff --git a/.github/workflows/trigger_rebuild_packages.yml b/.github/workflows/trigger_rebuild_packages.yml index c98212ea..4eb740f3 100644 --- a/.github/workflows/trigger_rebuild_packages.yml +++ b/.github/workflows/trigger_rebuild_packages.yml @@ -88,6 +88,8 @@ jobs: - 'scripts/package-build/tacacs/**' telegraf: - 'scripts/package-build/telegraf/**' + udp-broadcast-relay: + - 'scripts/package-build/udp-broadcast-relay/**' vpp: - 'scripts/package-build/vpp/**' waagent: @@ -129,6 +131,10 @@ jobs: trigger_build "bash-completion" fi + if [ "${{ steps.changes.outputs.blackbox_exporter }}" == "true" ]; then + trigger_build "blackbox_exporter" + fi + if [ "${{ steps.changes.outputs.ddclient }}" == "true" ]; then trigger_build "ddclient" fi @@ -237,6 +243,10 @@ jobs: trigger_build "telegraf" fi + if [ "${{ steps.changes.outputs.udp-broadcast-relay }}" == "true" ]; then + trigger_build "udp-broadcast-relay" + fi + if [ "${{ steps.changes.outputs.vpp }}" == "true" ]; then trigger_build "vpp" fi @@ -11,3 +11,5 @@ packages/* /testinstall*.efivars /*.qcow2 /*.tar +.DS_Store +._.DS_Store @@ -28,6 +28,11 @@ test: checkiso test-no-interfaces: checkiso scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso +.PHONY: test-no-interfaces-no-vpp +.ONESHELL: +test-no-interfaces-no-vpp: checkiso + scripts/check-qemu-install --debug --configd --smoketest --uefi --no-interfaces --no-vpp build/live-image-amd64.hybrid.iso + .PHONY: test-interfaces .ONESHELL: test-interfaces: checkiso @@ -36,12 +41,17 @@ test-interfaces: checkiso .PHONY: test-vpp .ONESHELL: test-vpp: checkiso - scripts/check-qemu-install --debug --configd --match="vpp" --smoketest --uefi --cpu 4 --memory 8 build/live-image-amd64.hybrid.iso + scripts/check-qemu-install --debug --configd --match="vpp" --smoketest --uefi --cpu 4 --memory 8 --huge-page-size 2M --huge-page-count 1800 build/live-image-amd64.hybrid.iso .PHONY: testc .ONESHELL: testc: checkiso - scripts/check-qemu-install --debug --configd --cpu 2 --memory 7 --configtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) + scripts/check-qemu-install --debug --configd --match="!vpp" --cpu 2 --memory 7 --configtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) + +.PHONY: testcvpp +.ONESHELL: +testcvpp: checkiso + scripts/check-qemu-install --debug --configd --match="vpp" --cpu 4 --memory 8 --huge-page-size 2M --huge-page-count 1800 --configtest build/live-image-amd64.hybrid.iso $(filter-out $@,$(MAKECMDGOALS)) .PHONY: testraid .ONESHELL: diff --git a/data/architectures/amd64.toml b/data/architectures/amd64.toml index 292eec38..8676ad2f 100644 --- a/data/architectures/amd64.toml +++ b/data/architectures/amd64.toml @@ -8,6 +8,8 @@ packages = [ "vyos-intel-ixgbe", "vyos-intel-ixgbevf", "vyos-ipt-netflow", + "intel-microcode", + "amd64-microcode" ] [additional_repositories.salt] diff --git a/data/architectures/arm64.toml b/data/architectures/arm64.toml index ebf14ef4..4d8596c6 100644 --- a/data/architectures/arm64.toml +++ b/data/architectures/arm64.toml @@ -6,7 +6,7 @@ bootloaders = "grub-efi" [additional_repositories.salt] architecture = "arm64" - url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005" + url = "https://packages.vyos.net/saltproject/debian/11/arm64/3005" distribution = "bullseye" [additional_repositories.zabbix] diff --git a/data/defaults.toml b/data/defaults.toml index 66074cae..11c64317 100644 --- a/data/defaults.toml +++ b/data/defaults.toml @@ -14,7 +14,7 @@ vyos_mirror = "https://packages.vyos.net/repositories/current" vyos_branch = "current" release_train = "current" -kernel_version = "6.6.79" +kernel_version = "6.6.93" kernel_flavor = "vyos" bootloaders = "syslinux,grub-efi" diff --git a/data/live-build-config/hooks/live/18-enable-disable_services.chroot b/data/live-build-config/hooks/live/18-enable-disable_services.chroot index 3b4efe38..04ca7f3e 100755 --- a/data/live-build-config/hooks/live/18-enable-disable_services.chroot +++ b/data/live-build-config/hooks/live/18-enable-disable_services.chroot @@ -1,6 +1,7 @@ #!/bin/sh echo I: Disabling services +systemctl disable syslog.service systemctl disable rsyslog.service systemctl disable arpwatch.service systemctl disable smartd.service @@ -41,7 +42,6 @@ systemctl disable snmpd.service systemctl disable conserver-server.service systemctl disable dropbear.service systemctl disable fancontrol.service -systemctl disable fastnetmon.service systemctl disable ddclient.service systemctl disable ocserv.service systemctl disable tuned.service @@ -71,7 +71,7 @@ systemctl disable zabbix-agent2.service systemctl disable suricata.service systemctl disable vyconfd.service systemctl disable vpp.service -systemctl disable vyos-commitd.service +systemctl disable netplug.service echo I: Enabling services systemctl enable vyos-hostsd.service @@ -79,6 +79,7 @@ systemctl enable acpid.service systemctl enable vyos-router.service systemctl enable vyos-configd.service systemctl enable vyos-grub-update.service +systemctl enable vyos-commitd.service echo I: Masking services systemctl mask systemd-journald-audit.socket diff --git a/data/live-build-config/includes.binary/compat b/data/live-build-config/includes.binary/compat new file mode 100644 index 00000000..2bdeeb14 --- /dev/null +++ b/data/live-build-config/includes.binary/compat @@ -0,0 +1,10 @@ +# VyOS 1.3.x image upgrade scipt checked if an image file was a valid ISO file +# by grepping it for "ISO9660". +# (The correct way to do that would be to use file/libmagic, +# but we cannot change the past). +# At some point something has changed in xorriso or some other tool +# and images no longer include that string. +# so the image validity check fails. +# To allow direct upgrades from older versions, +# we artificially include that string to make the old check pass. +ISO9660 diff --git a/data/live-build-config/includes.chroot/etc/systemd/system.conf b/data/live-build-config/includes.chroot/etc/systemd/system.conf index 91af4090..0c30472a 100644 --- a/data/live-build-config/includes.chroot/etc/systemd/system.conf +++ b/data/live-build-config/includes.chroot/etc/systemd/system.conf @@ -53,3 +53,4 @@ ShowStatus=yes #DefaultLimitNICE= #DefaultLimitRTPRIO= #DefaultLimitRTTIME= +StatusUnitFormat=description diff --git a/docker-vyos/Dockerfile b/docker-vyos/Dockerfile index 0233817b..3fff371b 100644 --- a/docker-vyos/Dockerfile +++ b/docker-vyos/Dockerfile @@ -25,6 +25,8 @@ LABEL authors="VyOS Maintainers <maintainers@vyos.io>" ENV DEBIAN_FRONTEND noninteractive RUN /bin/echo -e 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommends +# Clean cache after each apt-get install command so that it is not stored in the image +RUN /bin/echo -e 'DPkg::Post-Invoke {"/bin/rm -f /var/cache/apt/archives/*.deb /var/lib/apt/lists/* || true";};' > /etc/apt/apt.conf.d/clean # Base packaged needed to build packages and their package dependencies RUN apt-get update && apt-get install -y \ @@ -69,6 +71,9 @@ RUN bash /tmp/vyos_install_stage_03.sh # Delete installer scripts RUN rm -rf /tmp/* +# Remove cleanup script so that in-container apt-get install uses cache +RUN rm /etc/apt/apt.conf.d/clean + # Make changes specific to the container environment diff --git a/docker/Dockerfile b/docker/Dockerfile index 36992bd2..2733a32a 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -53,6 +53,8 @@ LABEL authors="VyOS Maintainers <maintainers@vyos.io>" \ ENV DEBIAN_FRONTEND=noninteractive RUN /bin/echo -e 'APT::Install-Recommends "0";\nAPT::Install-Suggests "0";' > /etc/apt/apt.conf.d/01norecommends +# Clean cache after each apt-get install command so that it is not stored in the image +RUN /bin/echo -e 'DPkg::Post-Invoke {"/bin/rm -f /var/cache/apt/archives/*.deb /var/lib/apt/lists/* || true";};' > /etc/apt/apt.conf.d/clean RUN apt-get update && apt-get install -y \ dialog \ @@ -88,7 +90,8 @@ RUN apt-get update && apt-get install -y \ po4a \ openssh-client \ jq \ - socat + socat \ + python-is-python3 # Packages needed for vyos-build RUN apt-get update && apt-get install -y \ @@ -109,7 +112,8 @@ RUN apt-get update && apt-get install -y \ live-build \ gdisk \ sbsigntool \ - dosfstools + dosfstools \ + kpartx # Packages for TPM test RUN apt-get update && apt-get install -y swtpm @@ -123,9 +127,10 @@ RUN if dpkg-architecture -ii386 || dpkg-architecture -iamd64; then \ # Building libvyosconf requires a full configured OPAM/OCaml setup RUN apt-get update && apt-get install -y \ + quilt \ debhelper \ libffi-dev \ - libpcre3-dev \ + libpcre2-dev \ unzip # Update certificate store to not crash ocaml package install @@ -135,17 +140,16 @@ RUN dpkg-reconfigure ca-certificates; \ echo "cacert=/etc/ssl/certs/ca-certificates.crt" >> ~/.curlrc; \ fi -# Installing OCAML needed to compile libvyosconfig +# Installing OCaml needed to compile libvyosconfig RUN curl https://raw.githubusercontent.com/ocaml/opam/master/shell/install.sh \ --output /tmp/opam_install.sh --retry 10 --retry-delay 5 && \ sed -i 's/read_tty BINDIR/BINDIR=""/' /tmp/opam_install.sh && sh /tmp/opam_install.sh && \ - opam init --root=/opt/opam --comp=${OCAML_VERSION} --disable-sandboxing --no-setup - -RUN eval $(opam env --root=/opt/opam --set-root) && \ - opam pin add pcre https://github.com/mmottl/pcre-ocaml.git#0c4ca03a -y + opam init --root=/opt/opam --comp=${OCAML_VERSION} --disable-sandboxing --no-setup \ + && rm /tmp/opam_install.sh RUN eval $(opam env --root=/opt/opam --set-root) && opam install -y \ re \ + pcre2 \ num \ ctypes \ ctypes-foreign \ @@ -154,12 +158,6 @@ RUN eval $(opam env --root=/opt/opam --set-root) && opam install -y \ fileutils \ xml-light -# Packages needed for libvyosconfig -RUN apt-get update && apt-get install -y \ - quilt \ - libpcre3-dev \ - libffi-dev - # Packages needed for open-vmdk RUN apt-get update && apt-get install -y \ zlib1g-dev @@ -167,7 +165,8 @@ RUN apt-get update && apt-get install -y \ # Install open-vmdk RUN wget -O /tmp/open-vmdk-master.zip https://github.com/vmware/open-vmdk/archive/master.zip && \ unzip -d /tmp/ /tmp/open-vmdk-master.zip && \ - cd /tmp/open-vmdk-master/ && make && make install + cd /tmp/open-vmdk-master/ && make && make install && \ + cd /tmp && rm -rf /tmp/open-vmdk-master/ && rm /tmp/open-vmdk-master.zip # Packages need for build live-build RUN apt-get update && apt-get install -y \ @@ -180,7 +179,9 @@ RUN git clone https://salsa.debian.org/live-team/live-build.git /tmp/live-build patch -p1 < /tmp/0001-save-package-info.patch && \ dch -n "Applying fix for save package info" && \ dpkg-buildpackage -us -uc && \ - dpkg -i ../live-build*.deb + dpkg -i ../live-build*.deb && \ + rm -rf /tmp/live-build + # # live-build: building in docker fails with mounting /proc | /sys # @@ -195,43 +196,19 @@ RUN wget https://salsa.debian.org/klausenbusk-guest/debootstrap/commit/a9a603b17 patch -p1 < /tmp/a9a603b17cadbf52cb98cde0843dc9f23a08b0da.patch && \ dch -n "Applying fix for docker image compile" && \ dpkg-buildpackage -us -uc && \ - sudo dpkg -i ../debootstrap*.deb + sudo dpkg -i ../debootstrap*.deb \ + && rm /tmp/a9a603b17cadbf52cb98cde0843dc9f23a08b0da.patch \ + && rm -rf /tmp/debootstrap -# Packages needed for Linux Kernel -# cmake required by accel-ppp -RUN apt-get update && apt-get install -y \ - cmake \ - gnupg2 \ - rsync \ - libelf-dev \ - libncurses5-dev \ - flex \ - bison \ - bc \ - kmod \ - cpio \ - python-is-python3 \ - dwarves \ - nasm \ - rdfind - -# Packages needed for Intel QAT out-of-tree drivers # FPM is used when generation Debian pckages for e.g. Intel QAT drivers -RUN apt-get update && apt-get install -y \ - pciutils \ - yasm \ - ruby \ - libudev-dev \ - ruby-dev \ - rubygems \ - build-essential RUN gem install --no-document fpm # Packages needed for vyos-1x -RUN pip install --break-system-packages \ +RUN pip --no-cache --no-cache-dir install --break-system-packages \ git+https://github.com/aristanetworks/j2lint.git@341b5d5db86 \ pyhumps==3.8.0; \ apt-get update && apt-get install -y \ + build-essential \ dh-python \ fakeroot \ iproute2 \ @@ -285,7 +262,6 @@ RUN if dpkg-architecture -ii386 || dpkg-architecture -iamd64; then \ # This is only supported on i386 and amd64 platforms RUN if dpkg-architecture -ii386 || dpkg-architecture -iamd64; then \ apt-get update && apt-get install -y \ - kpartx \ parted \ udev \ grub-pc \ @@ -322,12 +298,6 @@ RUN if dpkg-architecture -iarm64; then \ grub-efi-arm; \ fi -# Packages needed for openvpn-otp -RUN apt-get update && apt-get install -y \ - debhelper \ - libssl-dev \ - openvpn - # Packages needed for OWAMP/TWAMP (service sla) RUN git clone -b 4.4.6 https://github.com/perfsonar/i2util.git /tmp/i2util && \ cd /tmp/i2util && \ @@ -340,30 +310,11 @@ RUN apt-get update && apt-get install -y \ udev \ zip -# Packages needed for Accel-PPP -# XXX: please note that this must be installed after nftable dependencies - otherwise -# APT will remove liblua5.3-dev which breaks the Accel-PPP build -# With bookworm, updated to libssl3 (Note: https://github.com/accel-ppp/accel-ppp/issues/68) -RUN apt-get update && apt-get install -y \ - liblua5.3-dev \ - libssl3 \ - libssl-dev \ - libpcre3-dev - # debmake: a native Debian tool for preparing sources for packaging RUN apt-get update && apt-get install -y \ debmake \ python3-debian -# Packages for jool -RUN apt-get update && apt-get install -y \ - libnl-genl-3-dev \ - libxtables-dev - -# Packages needed for nftables -RUN apt-get update && apt-get install -y \ - asciidoc-base - # Allow password-less 'sudo' for all users in group 'sudo' RUN sed "s/^%sudo.*/%sudo\tALL=(ALL) NOPASSWD:ALL/g" -i /etc/sudoers && \ echo "vyos_bld\tALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \ @@ -380,6 +331,12 @@ RUN sed -i 's/UID_MAX\t\t\t60000/UID_MAX\t\t\t2000000000/g' /etc/login.defs # Cleanup RUN rm -rf /tmp/* +# Remove cleanup script so that in-container apt-get install uses cache +RUN rm /etc/apt/apt.conf.d/clean + +# Add cache once as it is needed by some builds in GitHub Actions +RUN apt-get update + # Disable mouse in vim RUN printf "set mouse=\nset ttymouse=\n" > /etc/vim/vimrc.local diff --git a/scripts/check-qemu-install b/scripts/check-qemu-install index ab6e1b1f..53e1c74d 100755 --- a/scripts/check-qemu-install +++ b/scripts/check-qemu-install @@ -97,6 +97,12 @@ parser.add_argument('--qemu-cmd', help='Only generate QEMU launch command', action='store_true', default=False) parser.add_argument('--cpu', help='Set QEMU CPU', type=int, default=2) parser.add_argument('--memory', help='Set QEMU memory', type=int, default=4) +parser.add_argument('--vyconf', help='Execute testsuite with vyconfd', action='store_true', + default=False) +parser.add_argument('--no-vpp', help='Execute testsuite without VPP tests', + action='store_true', default=False) +parser.add_argument('--huge-page-size', help='Huge page size (e.g., 2M, 1G)', type=str) +parser.add_argument('--huge-page-count', help='Number of huge pages to allocate', type=int) args = parser.parse_args() @@ -409,6 +415,22 @@ try: exit(1) ################################################# + # Configure boot options if required + ################################################# + if args.huge_page_size and args.huge_page_count: + c.sendline('configure') + c.expect(cfg_mode_prompt) + c.sendline(f'set system option kernel memory hugepage-size {args.huge_page_size} hugepage-count {args.huge_page_count}') + c.expect(cfg_mode_prompt) + c.sendline('set system option kernel disable-mitigations') + c.expect(cfg_mode_prompt) + c.sendline('commit') + c.expect(cfg_mode_prompt) + c.sendline('save') + c.expect(cfg_mode_prompt) + c.sendline('exit') + c.expect(op_mode_prompt) + ################################################# # Installing into VyOS system ################################################# log.info('Starting installer') @@ -524,17 +546,29 @@ try: loginVM(c, log) + ################################################# + # Boot options require a reboot + ################################################# + if args.huge_page_size and args.huge_page_count: + log.info('Rebooting to apply kernel boot options') + c.sendline('reboot now') + loginVM(c, log) + ################################################ # Always load the WiFi simulation module ################################################ c.sendline('sudo modprobe mac80211_hwsim') c.expect(op_mode_prompt) + # Inform smoketest about this environment + c.sendline('touch /tmp/vyos.smoketests.hint') + c.expect(op_mode_prompt) + ################################################# # Start/stop config daemon ################################################# if args.configd: - c.sendline('sudo systemctl start vyos-configd.service &> /dev/null') + c.sendline('sudo systemctl restart vyos-configd.service &> /dev/null') else: c.sendline('sudo systemctl stop vyos-configd.service &> /dev/null') c.expect(op_mode_prompt) @@ -564,6 +598,12 @@ try: c.expect(op_mode_prompt) c.sendline('show system memory') c.expect(op_mode_prompt) + c.sendline('show system memory detail | no-more') + c.expect(op_mode_prompt) + c.sendline('show configuration commands | match kernel') + c.expect(op_mode_prompt) + c.sendline('cat /proc/cmdline') + c.expect(op_mode_prompt) c.sendline('show version all | grep -e "vpp" -e "vyos-1x"') c.expect(op_mode_prompt) @@ -584,10 +624,6 @@ try: c.expect(f'.*{vyos_kernel_key}.*') c.expect(op_mode_prompt) - # Inform smoketest about this environment - c.sendline('touch /tmp/vyos.smoketests.hint') - c.expect(op_mode_prompt) - ################################################# # Executing test-suite ################################################# @@ -804,6 +840,15 @@ try: # remove interface tests as they consume a lot of time c.sendline('sudo rm -f /usr/libexec/vyos/tests/smoke/cli/test_interfaces_*') c.expect(op_mode_prompt) + if args.no_vpp: + # remove VPP tests + c.sendline('sudo rm -f /usr/libexec/vyos/tests/smoke/cli/test_vpp*') + c.expect(op_mode_prompt) + + if args.vyconf: + c.sendline('sudo /usr/libexec/vyos/set_vyconf_backend.py --no-prompt &> /dev/null') + c.expect(op_mode_prompt) + log.info('Smoketests will be run using vyconfd/vyos-commitd') log.info('Executing VyOS smoketests') c.sendline('/usr/bin/vyos-smoketest') @@ -830,6 +875,26 @@ try: # else, run configtest suite elif args.configtest: + # Remove config-tests that we don't want to run + if args.match: + if args.match.startswith("!"): + # Exclude mode — delete only the matched names + names = args.match[1:].split("|") + match_str = '-o '.join([f'-name "{name}"' for name in names]) + cleanup_config_dir_cmd = f'sudo find /usr/libexec/vyos/tests/config -mindepth 1 -maxdepth 1 \\( {match_str} \\) -exec rm -rf {{}} +' + cleanup_config_tests_dir_cmd = f'sudo find /usr/libexec/vyos/tests/config-tests -mindepth 1 -maxdepth 1 \\( {match_str} \\) -exec rm -rf {{}} +' + else: + # Include mode — keep only the matched names, delete the rest + names = args.match.split("|") + match_str = '-o '.join([f'-name "{name}"' for name in names]) + cleanup_config_dir_cmd = f'sudo find /usr/libexec/vyos/tests/config -mindepth 1 -maxdepth 1 ! \\( {match_str} \\) -exec rm -rf {{}} +' + cleanup_config_tests_dir_cmd = f'sudo find /usr/libexec/vyos/tests/config-tests -mindepth 1 -maxdepth 1 ! \\( {match_str} \\) -exec rm -rf {{}} +' + + c.sendline(cleanup_config_dir_cmd) + c.expect(op_mode_prompt) + c.sendline(cleanup_config_tests_dir_cmd) + c.expect(op_mode_prompt) + log.info('Adding a legacy WireGuard default keypair for migrations') c.sendline('sudo mkdir -p /config/auth/wireguard/default') c.expect(op_mode_prompt) diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image index aab5ed13..3275c5de 100755 --- a/scripts/image-build/build-vyos-image +++ b/scripts/image-build/build-vyos-image @@ -618,32 +618,32 @@ DOCUMENTATION_URL="{build_config['documentation_url']}" lb config noauto \ --no-color \ --apt-indices false \ - --apt-options "--yes -oAPT::Get::allow-downgrades=true" \ + --apt-options "--yes" \ --apt-recommends false \ - --architecture {{architecture}} \ - --archive-areas {{debian_archive_areas}} \ + --architecture "{{architecture}}" \ + --archive-areas "{{debian_archive_areas}}" \ --backports true \ --binary-image iso-hybrid \ --bootappend-live "boot=live components hostname=vyos username=live nopersistence noautologin nonetworking union=overlay console=ttyS0,115200 console=tty0 net.ifnames=0 biosdevname=0" \ --bootappend-live-failsafe "live components memtest noapic noapm nodma nomce nolapic nomodeset nosmp nosplash vga=normal console=ttyS0,115200 console=tty0 net.ifnames=0 biosdevname=0" \ - --bootloaders {{bootloaders}} \ - --checksums 'sha256 md5' \ + --bootloaders "{{bootloaders}}" \ + --checksums "sha256" \ --chroot-squashfs-compression-type "{{squashfs_compression_type}}" \ --debian-installer none \ --debootstrap-options "--variant=minbase --exclude=isc-dhcp-client,isc-dhcp-common,ifupdown --include=apt-utils,ca-certificates,gnupg2,linux-kbuild-6.1" \ - --distribution {{debian_distribution}} \ + --distribution "{{debian_distribution}}" \ --firmware-binary false \ --firmware-chroot false \ --iso-application "VyOS" \ --iso-publisher "{{build_by}}" \ --iso-volume "VyOS" \ - --linux-flavours {{kernel_flavor}} \ - --linux-packages linux-image-{{kernel_version}} \ - --mirror-binary {{debian_mirror}} \ - --mirror-binary-security {{debian_security_mirror}} \ - --mirror-bootstrap {{debian_mirror}} \ - --mirror-chroot {{debian_mirror}} \ - --mirror-chroot-security {{debian_security_mirror}} \ + --linux-flavours "{{kernel_flavor}}" \ + --linux-packages "linux-image-{{kernel_version}}" \ + --mirror-binary "{{debian_mirror}}" \ + --mirror-binary-security "{{debian_security_mirror}}" \ + --mirror-bootstrap "{{debian_mirror}}" \ + --mirror-chroot "{{debian_mirror}}" \ + --mirror-chroot-security "{{debian_security_mirror}}" \ --security true \ --updates true \ --utc-time true diff --git a/scripts/image-build/raw_image.py b/scripts/image-build/raw_image.py index d850eead..a88ed020 100644 --- a/scripts/image-build/raw_image.py +++ b/scripts/image-build/raw_image.py @@ -63,22 +63,38 @@ class BuildContext: return self - def __exit__(self, exc_type, exc_value, exc_tb): + def __exit__(self, exc_type, exc_value, traceback): print(f"I: Tearing down the raw image build environment in {self.work_dir}") - cmd(f"""umount {self.squash_dir}/dev/""") - cmd(f"""umount {self.squash_dir}/proc/""") - cmd(f"""umount {self.squash_dir}/sys/""") - - cmd(f"umount {self.squash_dir}/boot/efi") - cmd(f"umount {self.squash_dir}/boot") - - cmd(f"""umount {self.squash_dir}""") - cmd(f"""umount {self.iso_dir}""") - cmd(f"""umount {self.raw_dir}""") - cmd(f"""umount {self.efi_dir}""") + for mount in [ + f"{self.squash_dir}/dev/", + f"{self.squash_dir}/proc/", + f"{self.squash_dir}/sys/", + f"{self.squash_dir}/boot/efi", + f"{self.squash_dir}/boot", + f"{self.squash_dir}", + f"{self.iso_dir}", + f"{self.raw_dir}", + f"{self.efi_dir}" + ]: + if os.path.ismount(mount): + try: + cmd(f"umount {mount}") + except Exception as e: + print(f"W: Failed to umount {mount}: {e}") + + # Remove kpartx mappings if self.loop_device: - cmd(f"""losetup -d {self.loop_device}""") + mapper_base = os.path.basename(self.loop_device) + try: + cmd(f"kpartx -d {self.loop_device}") + except Exception as e: + print(f"W: Failed to remove kpartx mappings for {mapper_base}: {e}") + + try: + cmd(f"losetup -d {self.loop_device}") + except Exception as e: + print(f"W: Failed to detach loop device {self.loop_device}: {e}") def create_disk(path, size): cmd(f"""qemu-img create -f raw "{path}" {size}G""") @@ -106,14 +122,23 @@ def setup_loop_device(con, raw_file): def mount_image(con): import vyos.system.disk - from subprocess import Popen, PIPE, STDOUT - from re import match + try: + root = con.disk_details.partition['root'] + efi = con.disk_details.partition['efi'] + except (AttributeError, KeyError): + raise RuntimeError("E: No valid root or EFI partition found in disk details") + + vyos.system.disk.filesystem_create(efi, 'efi') + vyos.system.disk.filesystem_create(root, 'ext4') - vyos.system.disk.filesystem_create(con.disk_details.partition['efi'], 'efi') - vyos.system.disk.filesystem_create(con.disk_details.partition['root'], 'ext4') + print(f"I: Mounting root: {root} to {con.raw_dir}") + cmd(f"mount -t ext4 {root} {con.raw_dir}") + cmd(f"mount -t vfat {efi} {con.efi_dir}") - cmd(f"mount -t ext4 {con.disk_details.partition['root']} {con.raw_dir}") - cmd(f"mount -t vfat {con.disk_details.partition['efi']} {con.efi_dir}") + if not os.path.ismount(con.efi_dir): + cmd(f"mount -t vfat {con.disk_details.partition['efi']} {con.efi_dir}") + else: + print(f"I: {con.disk_details.partition['efi']} already mounted on {con.efi_dir}") def install_image(con, version): from glob import glob @@ -205,6 +230,36 @@ def create_raw_image(build_config, iso_file, work_dir): create_disk(raw_file, build_config["disk_size"]) setup_loop_device(con, raw_file) disk_details = parttable_create(con.loop_device, (int(build_config["disk_size"]) - 1) * 1024 * 1024) + + # Map partitions using kpartx + print("I: Mapping partitions using kpartx...") + cmd(f"kpartx -av {con.loop_device}") + cmd("udevadm settle") + + + # Detect mapped partitions + from glob import glob + import time + + mapper_base = os.path.basename(con.loop_device).replace("/dev/", "") + mapped_parts = sorted(glob(f"/dev/mapper/{mapper_base}p*")) + + if not mapped_parts: + raise RuntimeError(f"E: No partitions were found in /dev/mapper for {mapper_base}") + + print(f"I: Found mapped partitions: {mapped_parts}") + + if len(mapped_parts) == 2: + # Assume [0] = EFI, [1] = root + disk_details.partition['efi'] = mapped_parts[0] + disk_details.partition['root'] = mapped_parts[1] + elif len(mapped_parts) >= 3: + # Common layout: [1] = EFI, [2] = root (skip 0 if it's BIOS boot) + disk_details.partition['efi'] = mapped_parts[1] + disk_details.partition['root'] = mapped_parts[2] + else: + raise RuntimeError(f"E: Unexpected partition layout: {mapped_parts}") + con.disk_details = disk_details mount_image(con) install_image(con, version) diff --git a/scripts/package-build/aws-gwlbtun/package.toml b/scripts/package-build/aws-gwlbtun/package.toml index 1c4e53f6..138a5a76 100644 --- a/scripts/package-build/aws-gwlbtun/package.toml +++ b/scripts/package-build/aws-gwlbtun/package.toml @@ -57,3 +57,8 @@ chmod +x debian/rules debuild -us -uc -b ''' ## Build cmd end + +[dependencies] +packages = [ + "cmake" +] diff --git a/scripts/package-build/blackbox_exporter/build.sh b/scripts/package-build/blackbox_exporter/build.sh index 39a08230..127c03be 100755 --- a/scripts/package-build/blackbox_exporter/build.sh +++ b/scripts/package-build/blackbox_exporter/build.sh @@ -32,7 +32,7 @@ EOF echo "I: Create $SRC/debian/changelog" cat <<EOF > debian/changelog -blackbox-exporter (0.25.0) UNRELEASED; urgency=medium +blackbox-exporter (0.26.0) UNRELEASED; urgency=medium * Upstream package diff --git a/scripts/package-build/blackbox_exporter/package.toml b/scripts/package-build/blackbox_exporter/package.toml index 3cdc21b8..a59a3fdd 100644 --- a/scripts/package-build/blackbox_exporter/package.toml +++ b/scripts/package-build/blackbox_exporter/package.toml @@ -1,5 +1,5 @@ [[packages]] name = "blackbox_exporter" -commit_id = "v0.25.0" +commit_id = "v0.26.0" scm_url = "https://github.com/prometheus/blackbox_exporter" build_cmd = "cd ..; y | ./build.sh" diff --git a/scripts/package-build/build.py b/scripts/package-build/build.py index 9c1df7b3..2eceea93 100755 --- a/scripts/package-build/build.py +++ b/scripts/package-build/build.py @@ -17,6 +17,7 @@ import glob import shutil +import sys import toml import os @@ -91,7 +92,11 @@ def build_package(package: list, patch_dir: Path) -> None: # Check out the specific commit run(['git', 'checkout', package['commit_id']], cwd=repo_dir, check=True) + except CalledProcessError as e: + print(f"Failed to clone or checkout for package '{repo_name}': {e}") + sys.exit(1) + try: # The `pre_build_hook` is an optional configuration defined in `package.toml`. # It executes after the repository is checked out and before the build process begins. # This hook allows you to perform preparatory tasks, such as creating directories, diff --git a/scripts/package-build/frr/package.toml b/scripts/package-build/frr/package.toml index 8ff35777..002e9f50 100644 --- a/scripts/package-build/frr/package.toml +++ b/scripts/package-build/frr/package.toml @@ -33,5 +33,9 @@ packages = [ "python3-dev:native", "texinfo", "lua5.3", - "doxygen" + "doxygen", + "bison", + "liblua5.3-dev", + "flex", + "libelf-dev" ] diff --git a/scripts/package-build/frr_exporter/package.toml b/scripts/package-build/frr_exporter/package.toml index 1c87d496..607c4c68 100644 --- a/scripts/package-build/frr_exporter/package.toml +++ b/scripts/package-build/frr_exporter/package.toml @@ -1,6 +1,6 @@ [[packages]] name = "frr_exporter" -commit_id = "v1.3.1" +commit_id = "v1.5.0" scm_url = "https://github.com/tynany/frr_exporter" build_cmd = """ diff --git a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig index fe174f63..e6ea3893 100644 --- a/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/arm64/configs/vyos_defconfig @@ -234,7 +234,7 @@ CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y -CONFIG_IO_URING=y +# CONFIG_IO_URING is not set CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y @@ -1975,7 +1975,7 @@ CONFIG_RASPBERRYPI_FIRMWARE=y CONFIG_QCOM_SCM=y # CONFIG_QCOM_SCM_DOWNLOAD_MODE_DEFAULT is not set CONFIG_SYSFB=y -# CONFIG_SYSFB_SIMPLEFB is not set +CONFIG_SYSFB_SIMPLEFB=y CONFIG_TI_SCI_PROTOCOL=y CONFIG_TURRIS_MOX_RWTM=m # CONFIG_ARM_FFA_TRANSPORT is not set @@ -3353,7 +3353,8 @@ CONFIG_SERIAL_8250_TEGRA=y # Non-8250 serial port support # # CONFIG_SERIAL_AMBA_PL010 is not set -# CONFIG_SERIAL_AMBA_PL011 is not set +CONFIG_SERIAL_AMBA_PL011=y +CONFIG_SERIAL_AMBA_PL011_CONSOLE=y # CONFIG_SERIAL_EARLYCON_SEMIHOST is not set # CONFIG_SERIAL_MESON is not set # CONFIG_SERIAL_TEGRA is not set @@ -3401,7 +3402,7 @@ CONFIG_TTY_PRINTK=m CONFIG_TTY_PRINTK_LEVEL=6 # CONFIG_PRINTER is not set # CONFIG_PPDEV is not set -CONFIG_VIRTIO_CONSOLE=m +CONFIG_VIRTIO_CONSOLE=y CONFIG_IPMI_HANDLER=m CONFIG_IPMI_DMI_DECODE=y CONFIG_IPMI_PLAT_DATA=y @@ -4495,8 +4496,141 @@ CONFIG_VIDEO_CMDLINE=y # CONFIG_AUXDISPLAY is not set # CONFIG_PANEL is not set # CONFIG_TEGRA_HOST1X is not set -# CONFIG_DRM is not set +CONFIG_DRM=y +# CONFIG_DRM_DEBUG_MM is not set +CONFIG_DRM_KMS_HELPER=y +# CONFIG_DRM_DEBUG_DP_MST_TOPOLOGY_REFS is not set # CONFIG_DRM_DEBUG_MODESET_LOCK is not set +CONFIG_DRM_FBDEV_EMULATION=y +CONFIG_DRM_FBDEV_OVERALLOC=100 +# CONFIG_DRM_FBDEV_LEAK_PHYS_SMEM is not set +# CONFIG_DRM_LOAD_EDID_FIRMWARE is not set +CONFIG_DRM_TTM=y +CONFIG_DRM_TTM_HELPER=y +CONFIG_DRM_GEM_SHMEM_HELPER=y + +# +# I2C encoder or helper chips +# +# CONFIG_DRM_I2C_CH7006 is not set +# CONFIG_DRM_I2C_SIL164 is not set +# CONFIG_DRM_I2C_NXP_TDA998X is not set +# CONFIG_DRM_I2C_NXP_TDA9950 is not set +# end of I2C encoder or helper chips + +# +# ARM devices +# +# CONFIG_DRM_HDLCD is not set +# CONFIG_DRM_MALI_DISPLAY is not set +# CONFIG_DRM_KOMEDA is not set +# end of ARM devices + +# CONFIG_DRM_RADEON is not set +# CONFIG_DRM_AMDGPU is not set +# CONFIG_DRM_NOUVEAU is not set +# CONFIG_DRM_VGEM is not set +# CONFIG_DRM_VKMS is not set +# CONFIG_DRM_ROCKCHIP is not set +# CONFIG_DRM_VMWGFX is not set +# CONFIG_DRM_UDL is not set +# CONFIG_DRM_AST is not set +# CONFIG_DRM_MGAG200 is not set +# CONFIG_DRM_RCAR_DU is not set +# CONFIG_DRM_RZG2L_MIPI_DSI is not set +# CONFIG_DRM_SHMOBILE is not set +# CONFIG_DRM_SUN4I is not set +CONFIG_DRM_QXL=y +CONFIG_DRM_VIRTIO_GPU=y +CONFIG_DRM_VIRTIO_GPU_KMS=y +# CONFIG_DRM_MSM is not set +# CONFIG_DRM_TEGRA is not set +CONFIG_DRM_PANEL=y + +# +# Display Panels +# +# CONFIG_DRM_PANEL_ARM_VERSATILE is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E88A0_AMS452EF01 is not set +# CONFIG_DRM_PANEL_SAMSUNG_S6E8AA0 is not set +# CONFIG_DRM_PANEL_SHARP_LS037V7DW01 is not set +# end of Display Panels + +CONFIG_DRM_BRIDGE=y +CONFIG_DRM_PANEL_BRIDGE=y + +# +# Display Interface Bridges +# +# CONFIG_DRM_CHIPONE_ICN6211 is not set +# CONFIG_DRM_CHRONTEL_CH7033 is not set +# CONFIG_DRM_DISPLAY_CONNECTOR is not set +# CONFIG_DRM_FSL_LDB is not set +# CONFIG_DRM_ITE_IT6505 is not set +# CONFIG_DRM_LONTIUM_LT8912B is not set +# CONFIG_DRM_LONTIUM_LT9211 is not set +# CONFIG_DRM_LONTIUM_LT9611 is not set +# CONFIG_DRM_LONTIUM_LT9611UXC is not set +# CONFIG_DRM_ITE_IT66121 is not set +# CONFIG_DRM_LVDS_CODEC is not set +# CONFIG_DRM_MEGACHIPS_STDPXXXX_GE_B850V3_FW is not set +# CONFIG_DRM_NWL_MIPI_DSI is not set +# CONFIG_DRM_NXP_PTN3460 is not set +# CONFIG_DRM_PARADE_PS8622 is not set +# CONFIG_DRM_PARADE_PS8640 is not set +# CONFIG_DRM_SAMSUNG_DSIM is not set +# CONFIG_DRM_SIL_SII8620 is not set +# CONFIG_DRM_SII902X is not set +# CONFIG_DRM_SII9234 is not set +# CONFIG_DRM_SIMPLE_BRIDGE is not set +# CONFIG_DRM_THINE_THC63LVD1024 is not set +# CONFIG_DRM_TOSHIBA_TC358762 is not set +# CONFIG_DRM_TOSHIBA_TC358764 is not set +# CONFIG_DRM_TOSHIBA_TC358767 is not set +# CONFIG_DRM_TOSHIBA_TC358768 is not set +# CONFIG_DRM_TOSHIBA_TC358775 is not set +# CONFIG_DRM_TI_DLPC3433 is not set +# CONFIG_DRM_TI_TFP410 is not set +# CONFIG_DRM_TI_SN65DSI83 is not set +# CONFIG_DRM_TI_SN65DSI86 is not set +# CONFIG_DRM_TI_TPD12S015 is not set +# CONFIG_DRM_ANALOGIX_ANX6345 is not set +# CONFIG_DRM_ANALOGIX_ANX78XX is not set +# CONFIG_DRM_ANALOGIX_ANX7625 is not set +# CONFIG_DRM_I2C_ADV7511 is not set +# CONFIG_DRM_CDNS_DSI is not set +# CONFIG_DRM_CDNS_MHDP8546 is not set +# CONFIG_DRM_IMX8QM_LDB is not set +# CONFIG_DRM_IMX8QXP_LDB is not set +# CONFIG_DRM_IMX8QXP_PIXEL_COMBINER is not set +# CONFIG_DRM_IMX8QXP_PIXEL_LINK_TO_DPI is not set +# end of Display Interface Bridges + +# CONFIG_DRM_IMX_DCSS is not set +# CONFIG_DRM_IMX_LCDC is not set +# CONFIG_DRM_V3D is not set +# CONFIG_DRM_LOONGSON is not set +# CONFIG_DRM_ETNAVIV is not set +# CONFIG_DRM_HISI_HIBMC is not set +# CONFIG_DRM_HISI_KIRIN is not set +# CONFIG_DRM_LOGICVC is not set +# CONFIG_DRM_MXSFB is not set +# CONFIG_DRM_IMX_LCDIF is not set +# CONFIG_DRM_MESON is not set +# CONFIG_DRM_ARCPGU is not set +# CONFIG_DRM_BOCHS is not set +# CONFIG_DRM_CIRRUS_QEMU is not set +# CONFIG_DRM_GM12U320 is not set +CONFIG_DRM_SIMPLEDRM=y +# CONFIG_DRM_PL111 is not set +# CONFIG_DRM_XEN_FRONTEND is not set +# CONFIG_DRM_LIMA is not set +# CONFIG_DRM_PANFROST is not set +# CONFIG_DRM_TIDSS is not set +# CONFIG_DRM_GUD is not set +# CONFIG_DRM_SSD130X is not set +# CONFIG_DRM_HYPERV is not set +# CONFIG_DRM_LEGACY is not set CONFIG_DRM_PANEL_ORIENTATION_QUIRKS=y # diff --git a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig index 124c9aa8..9e8b1986 100644 --- a/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig +++ b/scripts/package-build/linux-kernel/arch/x86/configs/vyos_defconfig @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.69 Kernel Configuration +# Linux/x86 6.6.93 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (Debian 12.2.0-14) 12.2.0" CONFIG_CC_IS_GCC=y @@ -19,7 +19,7 @@ CONFIG_GCC_ASM_GOTO_OUTPUT_WORKAROUND=y CONFIG_TOOLS_SUPPORT_RELR=y CONFIG_CC_HAS_ASM_INLINE=y CONFIG_CC_HAS_NO_PROFILE_FN_ATTR=y -CONFIG_PAHOLE_VERSION=0 +CONFIG_PAHOLE_VERSION=124 CONFIG_IRQ_WORK=y CONFIG_BUILDTIME_TABLE_SORT=y CONFIG_THREAD_INFO_IN_TASK=y @@ -257,7 +257,7 @@ CONFIG_TIMERFD=y CONFIG_EVENTFD=y CONFIG_SHMEM=y CONFIG_AIO=y -CONFIG_IO_URING=y +# CONFIG_IO_URING is not set CONFIG_ADVISE_SYSCALLS=y CONFIG_MEMBARRIER=y CONFIG_KALLSYMS=y @@ -522,6 +522,7 @@ CONFIG_CPU_SRSO=y # CONFIG_GDS_FORCE_MITIGATION is not set CONFIG_MITIGATION_RFDS=y CONFIG_MITIGATION_SPECTRE_BHI=y +CONFIG_MITIGATION_ITS=y CONFIG_ARCH_HAS_ADD_PAGES=y # @@ -1072,7 +1073,6 @@ CONFIG_SKB_EXTENSIONS=y CONFIG_PACKET=m CONFIG_PACKET_DIAG=m CONFIG_UNIX=y -CONFIG_UNIX_SCM=y CONFIG_AF_UNIX_OOB=y CONFIG_UNIX_DIAG=m CONFIG_TLS=y @@ -1798,8 +1798,6 @@ CONFIG_ETHTOOL_NETLINK=y # # Device Drivers # -CONFIG_HAVE_EISA=y -# CONFIG_EISA is not set CONFIG_HAVE_PCI=y CONFIG_PCI=y CONFIG_PCI_DOMAINS=y @@ -2406,7 +2404,7 @@ CONFIG_FUSION_CTL=m # CONFIG_MACINTOSH_DRIVERS is not set CONFIG_NETDEVICES=y -CONFIG_MII=m +CONFIG_MII=y CONFIG_NET_CORE=y CONFIG_BONDING=m CONFIG_DUMMY=m @@ -2803,21 +2801,21 @@ CONFIG_PPP_ASYNC=m CONFIG_PPP_SYNC_TTY=m # CONFIG_SLIP is not set CONFIG_SLHC=m -CONFIG_USB_NET_DRIVERS=m +CONFIG_USB_NET_DRIVERS=y # CONFIG_USB_CATC is not set # CONFIG_USB_KAWETH is not set # CONFIG_USB_PEGASUS is not set CONFIG_USB_RTL8150=m CONFIG_USB_RTL8152=m CONFIG_USB_LAN78XX=m -CONFIG_USB_USBNET=m +CONFIG_USB_USBNET=y CONFIG_USB_NET_AX8817X=m CONFIG_USB_NET_AX88179_178A=m -CONFIG_USB_NET_CDCETHER=m -CONFIG_USB_NET_CDC_EEM=m -CONFIG_USB_NET_CDC_NCM=m -CONFIG_USB_NET_HUAWEI_CDC_NCM=m -CONFIG_USB_NET_CDC_MBIM=m +CONFIG_USB_NET_CDCETHER=y +CONFIG_USB_NET_CDC_EEM=y +CONFIG_USB_NET_CDC_NCM=y +CONFIG_USB_NET_HUAWEI_CDC_NCM=y +CONFIG_USB_NET_CDC_MBIM=y # CONFIG_USB_NET_DM9601 is not set # CONFIG_USB_NET_SR9700 is not set # CONFIG_USB_NET_SR9800 is not set @@ -2832,11 +2830,11 @@ CONFIG_USB_NET_SMSC95XX=m # CONFIG_USB_NET_ZAURUS is not set # CONFIG_USB_NET_CX82310_ETH is not set # CONFIG_USB_NET_KALMIA is not set -CONFIG_USB_NET_QMI_WWAN=m +CONFIG_USB_NET_QMI_WWAN=y # CONFIG_USB_HSO is not set # CONFIG_USB_NET_INT51X1 is not set # CONFIG_USB_IPHETH is not set -CONFIG_USB_SIERRA_NET=m +CONFIG_USB_SIERRA_NET=y # CONFIG_USB_VL600 is not set # CONFIG_USB_NET_CH9200 is not set # CONFIG_USB_NET_AQC111 is not set @@ -3081,7 +3079,11 @@ CONFIG_MAC80211_HWSIM=m # # Wireless WAN # -# CONFIG_WWAN is not set +CONFIG_WWAN=y +CONFIG_WWAN_DEBUGFS=y +CONFIG_WWAN_HWSIM=m +CONFIG_IOSM=m +CONFIG_MTK_T7XX=m # end of Wireless WAN CONFIG_XEN_NETDEV_FRONTEND=m @@ -4418,6 +4420,7 @@ CONFIG_HID_GENERIC=m # CONFIG_HID_THRUSTMASTER is not set # CONFIG_HID_UDRAW_PS3 is not set # CONFIG_HID_U2FZERO is not set +# CONFIG_HID_UNIVERSAL_PIDFF is not set # CONFIG_HID_WACOM is not set # CONFIG_HID_WIIMOTE is not set # CONFIG_HID_XINMO is not set @@ -4524,7 +4527,7 @@ CONFIG_USB_SL811_HCD=m # CONFIG_USB_ACM=m # CONFIG_USB_PRINTER is not set -CONFIG_USB_WDM=m +CONFIG_USB_WDM=y # CONFIG_USB_TMC is not set # @@ -4571,7 +4574,8 @@ CONFIG_USB_STORAGE=m # # USB port drivers # -CONFIG_USB_SERIAL=m +CONFIG_USB_SERIAL=y +# CONFIG_USB_SERIAL_CONSOLE is not set CONFIG_USB_SERIAL_GENERIC=y CONFIG_USB_SERIAL_SIMPLE=m # CONFIG_USB_SERIAL_AIRCABLE is not set @@ -4607,16 +4611,16 @@ CONFIG_USB_SERIAL_MXUPORT=m # CONFIG_USB_SERIAL_NAVMAN is not set CONFIG_USB_SERIAL_PL2303=m CONFIG_USB_SERIAL_OTI6858=m -CONFIG_USB_SERIAL_QCAUX=m -CONFIG_USB_SERIAL_QUALCOMM=m +CONFIG_USB_SERIAL_QCAUX=y +CONFIG_USB_SERIAL_QUALCOMM=y CONFIG_USB_SERIAL_SPCP8X5=m CONFIG_USB_SERIAL_SAFE=m # CONFIG_USB_SERIAL_SAFE_PADDED is not set -CONFIG_USB_SERIAL_SIERRAWIRELESS=m +CONFIG_USB_SERIAL_SIERRAWIRELESS=y # CONFIG_USB_SERIAL_SYMBOL is not set CONFIG_USB_SERIAL_TI=m # CONFIG_USB_SERIAL_CYBERJACK is not set -CONFIG_USB_SERIAL_WWAN=m +CONFIG_USB_SERIAL_WWAN=y CONFIG_USB_SERIAL_OPTION=m # CONFIG_USB_SERIAL_OMNINET is not set # CONFIG_USB_SERIAL_OPTICON is not set @@ -5023,20 +5027,27 @@ CONFIG_VIRTIO_PCI_LIB_LEGACY=m CONFIG_VIRTIO_MENU=y CONFIG_VIRTIO_PCI=m CONFIG_VIRTIO_PCI_LEGACY=y +CONFIG_VIRTIO_VDPA=m # CONFIG_VIRTIO_PMEM is not set CONFIG_VIRTIO_BALLOON=m CONFIG_VIRTIO_INPUT=m CONFIG_VIRTIO_MMIO=m CONFIG_VIRTIO_MMIO_CMDLINE_DEVICES=y -CONFIG_VIRTIO_VDPA=m CONFIG_VDPA=m -CONFIG_VHOST_VDPA=m +# CONFIG_VDPA_USER is not set +# CONFIG_IFCVF is not set +# CONFIG_MLX5_VDPA_NET is not set +# CONFIG_MLX5_VDPA_STEERING_DEBUG is not set +# CONFIG_VP_VDPA is not set +# CONFIG_ALIBABA_ENI_VDPA is not set +# CONFIG_SNET_VDPA is not set CONFIG_VHOST_IOTLB=m CONFIG_VHOST_TASK=y CONFIG_VHOST=m CONFIG_VHOST_MENU=y CONFIG_VHOST_NET=m CONFIG_VHOST_VSOCK=m +CONFIG_VHOST_VDPA=m # CONFIG_VHOST_CROSS_ENDIAN_LEGACY is not set # @@ -5481,9 +5492,9 @@ CONFIG_TMPFS_XATTR=y # CONFIG_TMPFS_INODE64 is not set # CONFIG_TMPFS_QUOTA is not set CONFIG_HUGETLBFS=y +# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_HUGETLB_PAGE=y CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP=y -# CONFIG_HUGETLB_PAGE_OPTIMIZE_VMEMMAP_DEFAULT_ON is not set CONFIG_ARCH_HAS_GIGANTIC_PAGE=y CONFIG_CONFIGFS_FS=m CONFIG_EFIVAR_FS=m @@ -5588,7 +5599,6 @@ CONFIG_NLS_ISO8859_1=m CONFIG_NLS_UTF8=m # CONFIG_DLM is not set # CONFIG_UNICODE is not set -CONFIG_IO_WQ=y # end of File systems # diff --git a/scripts/package-build/linux-kernel/build-ipt-netflow.sh b/scripts/package-build/linux-kernel/build-ipt-netflow.sh index 9c657676..9245a416 100755 --- a/scripts/package-build/linux-kernel/build-ipt-netflow.sh +++ b/scripts/package-build/linux-kernel/build-ipt-netflow.sh @@ -25,7 +25,7 @@ DRIVER_VERSION=$(git describe | sed s/^v//) # Build up Debian related variables required for packaging DEBIAN_ARCH=$(dpkg --print-architecture) -DEBIAN_DIR="tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra" +DEBIAN_DIR="tmp/" DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" DEBIAN_POSTINST="${CWD}/vyos-ipt-netflow.postinst" @@ -47,6 +47,8 @@ fi # build Debian package echo "I: Building Debian package vyos-ipt-netflow" cp ipt_NETFLOW.ko ${DEBIAN_DIR} +cp libipt_NETFLOW.so ${DEBIAN_DIR} +cp libip6t_NETFLOW.so ${DEBIAN_DIR} # Sign generated Kernel modules ${CWD}/sign-modules.sh ${DEBIAN_DIR} @@ -61,5 +63,7 @@ fpm --input-type dir --output-type deb --name vyos-ipt-netflow \ --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ --description "ipt_NETFLOW module" \ --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ - --license "GPL2" -C ${IPT_NETFLOW_SRC}/tmp --after-install ${DEBIAN_POSTINST} - + --license "GPL2" -C ${IPT_NETFLOW_SRC}/tmp --after-install ${DEBIAN_POSTINST} \ + ipt_NETFLOW.ko=/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra/ipt_NETFLOW.ko \ + libipt_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libipt_NETFLOW.so \ + libip6t_NETFLOW.so=/lib/$(uname -m)-linux-gnu/xtables/libip6t_NETFLOW.so diff --git a/scripts/package-build/linux-kernel/build.py b/scripts/package-build/linux-kernel/build.py index af610079..5d891c71 100755 --- a/scripts/package-build/linux-kernel/build.py +++ b/scripts/package-build/linux-kernel/build.py @@ -18,6 +18,7 @@ import datetime import glob import shutil +import sys import toml import os import subprocess @@ -37,6 +38,7 @@ def ensure_dependencies(dependencies: list) -> None: return print("I: Ensure Debian build dependencies are met") + run(['sudo', 'apt-get', 'update'], check=True) run(['sudo', 'apt-get', 'install', '-y'] + dependencies, check=True) @@ -59,8 +61,12 @@ def clone_or_update_repo(repo_dir: Path, scm_url: str, commit_id: str) -> None: run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) #run(['git', 'pull'], cwd=repo_dir, check=True) else: - run(['git', 'clone', scm_url, str(repo_dir)], check=True) - run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) + try: + run(['git', 'clone', scm_url, str(repo_dir)], check=True) + run(['git', 'checkout', commit_id], cwd=repo_dir, check=True) + except CalledProcessError as e: + print(f"Failed to clone or checkout: {e}") + sys.exit(1) def create_tarball(package_name, source_dir=None): @@ -112,9 +118,6 @@ def build_package(package: dict, dependencies: list) -> None: # Clone or update the repository #clone_or_update_repo(repo_dir, package['scm_url'], package['commit_id']) - # Ensure dependencies - #ensure_dependencies(dependencies) - # Prepare the package if required #if package.get('prepare_package', False): # prepare_package(repo_dir, package.get('install_data', '')) @@ -265,6 +268,7 @@ if __name__ == '__main__': arg_parser = ArgumentParser() arg_parser.add_argument('--config', default='package.toml', help='Path to the package configuration file') arg_parser.add_argument('--packages', nargs='+', help='Names of packages to build (default: all)', default=[]) + arg_parser.add_argument('--install-dependencies', '-i', help='Only install build dependencies', action='store_true') args = arg_parser.parse_args() # Load package configuration @@ -275,6 +279,13 @@ if __name__ == '__main__': with open(defaults_path, 'r') as file: defaults = toml.load(file) + # Load global dependencies + global_dependencies = config.get('dependencies', {}).get('packages', []) + if global_dependencies: + ensure_dependencies(global_dependencies) + if args.install_dependencies: + exit(0) + packages = config['packages'] # Filter packages if specific packages are specified in the arguments diff --git a/scripts/package-build/linux-kernel/package.toml b/scripts/package-build/linux-kernel/package.toml index 0bbd6785..b98bcd2f 100644 --- a/scripts/package-build/linux-kernel/package.toml +++ b/scripts/package-build/linux-kernel/package.toml @@ -81,3 +81,45 @@ name = "ipt-netflow" commit_id = "0eb2092e93" scm_url = "https://github.com/aabc/ipt-netflow" build_cmd = "build_ipt_netflow" + +[dependencies] +packages = [ + "cmake", + "gnupg2", + "rsync", + "libelf-dev", + "libncurses5-dev", + "flex", + "bison", + "bc", + "kmod", + "cpio", + "dwarves", + "nasm", + "rdfind", + "pciutils", + "yasm", + "libudev-dev", + "ruby", + "ruby-dev", + "rubygems", + "build-essential", + "libdw-dev", + "libunwind-dev", + "systemtap-sdt-dev", + "libslang2-dev", + "python-dev-is-python3", + "libzstd-dev", + "libcap-dev", + "libnuma-dev", + "libbabeltrace-ctf-dev", + "libpfm4-dev", + "libtraceevent-dev", + "liblua5.3-dev", + "libssl3", + "libssl-dev", + "libpcre3-dev", + "libnl-genl-3-dev", + "libxtables-dev", + "asciidoc-base" +] diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch new file mode 100644 index 00000000..b963050f --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Add-vrf-support-for-Framed-Route-and-Framed-IPv6-Rou.patch @@ -0,0 +1,639 @@ +From 5587c45d9e3264f45eba636941cf80b90f2f6186 Mon Sep 17 00:00:00 2001 +From: Chris Hills <chris@brsk.co.uk> +Date: Thu, 29 Jun 2023 09:24:36 +0100 +Subject: [PATCH 2/4] Add vrf support for Framed-Route and Framed-IPv6-Route + +(cherry picked from commit 899dc375fe01672a5eae2d7f7db81edc0d2a4440) +--- + accel-pppd/CMakeLists.txt | 4 + + accel-pppd/ctrl/ipoe/ipoe.c | 20 ++++ + accel-pppd/ifcfg.c | 6 +- + accel-pppd/ipv6/dhcpv6.c | 8 ++ + accel-pppd/libnetlink/iputils.c | 110 ++++++++++++++++- + accel-pppd/libnetlink/iputils.h | 11 ++ + accel-pppd/libnetlink/rt_names.c | 196 +++++++++++++++++++++++++++++++ + accel-pppd/libnetlink/rt_names.h | 14 +++ + accel-pppd/radius/radius.c | 21 +++- + 9 files changed, 384 insertions(+), 6 deletions(-) + create mode 100644 accel-pppd/libnetlink/rt_names.c + create mode 100644 accel-pppd/libnetlink/rt_names.h + +diff --git a/accel-pppd/CMakeLists.txt b/accel-pppd/CMakeLists.txt +index ab8a350..c3995ea 100644 +--- a/accel-pppd/CMakeLists.txt ++++ b/accel-pppd/CMakeLists.txt +@@ -123,6 +123,10 @@ ADD_EXECUTABLE(accel-pppd + main.c + ) + ++IF (DEFINED HAVE_VRF) ++ target_sources(accel-pppd PRIVATE libnetlink/rt_names.c) ++ENDIF (DEFINED HAVE_VRF) ++ + TARGET_LINK_LIBRARIES(accel-pppd triton rt pthread ${crypto_lib} pcre) + set_property(TARGET accel-pppd PROPERTY CMAKE_SKIP_BUILD_RPATH FALSE) + set_property(TARGET accel-pppd PROPERTY CMAKE_BUILD_WITH_INSTALL_RPATH FALSE) +diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c +index 61b7c23..6f23fd6 100644 +--- a/accel-pppd/ctrl/ipoe/ipoe.c ++++ b/accel-pppd/ctrl/ipoe/ipoe.c +@@ -1067,9 +1067,17 @@ static void __ipoe_session_activate(struct ipoe_session *ses) + + if (ses->ifindex == -1 && !serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) ++#ifdef HAVE_VRF ++ iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); ++#else + iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); ++#endif + else ++#ifdef HAVE_VRF ++ iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); ++#else + iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); ++#endif + } + + if (ses->l4_redirect) +@@ -1170,7 +1178,11 @@ static void ipoe_session_started(struct ap_session *s) + + if (ses->ses.ipv4->peer_addr != ses->yiaddr) + //ipaddr_add_peer(ses->ses.ifindex, ses->router, ses->yiaddr); // breaks quagga ++#ifdef HAVE_VRF ++ iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); ++#else + iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0); ++#endif + + if (ses->ifindex != -1 && ses->xid) { + ses->dhcpv4 = dhcpv4_create(ses->ctrl.ctx, ses->ses.ifname, ""); +@@ -1254,9 +1266,17 @@ static void ipoe_session_finished(struct ap_session *s) + } else if (ses->started) { + if (!serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) ++#ifdef HAVE_VRF ++ iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); ++#else + iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); ++#endif + else ++#ifdef HAVE_VRF ++ iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); ++#else + iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); ++#endif + } + } + +diff --git a/accel-pppd/ifcfg.c b/accel-pppd/ifcfg.c +index 3750060..3b1848e 100644 +--- a/accel-pppd/ifcfg.c ++++ b/accel-pppd/ifcfg.c +@@ -234,7 +234,11 @@ void __export ap_session_ifdown(struct ap_session *ses) + if (!a->installed) + continue; + if (a->prefix_len > 64) ++#ifdef HAVE_VRF ++ ip6route_del(ses->ifindex, &a->addr, a->prefix_len, NULL, 0, 0, ses->vrf_name); ++#else + ip6route_del(ses->ifindex, &a->addr, a->prefix_len, NULL, 0, 0); ++#endif + else { + struct in6_addr addr; + memcpy(addr.s6_addr, &a->addr, 8); +@@ -376,4 +380,4 @@ int __export ap_session_vrf(struct ap_session *ses, const char *vrf_name, int le + + return 0; + } +-#endif +\ No newline at end of file ++#endif +diff --git a/accel-pppd/ipv6/dhcpv6.c b/accel-pppd/ipv6/dhcpv6.c +index 158771b..41e6c3f 100644 +--- a/accel-pppd/ipv6/dhcpv6.c ++++ b/accel-pppd/ipv6/dhcpv6.c +@@ -159,7 +159,11 @@ static void ev_ses_finished(struct ap_session *ses) + if (pd->dp_active) { + struct ipv6db_addr_t *p; + list_for_each_entry(p, &ses->ipv6_dp->prefix_list, entry) ++#ifdef HAVE_VRF ++ ip6route_del(0, &p->addr, p->prefix_len, NULL, 0, 0, ses->vrf_name); ++#else + ip6route_del(0, &p->addr, p->prefix_len, NULL, 0, 0); ++#endif + } + + ipdb_put_ipv6_prefix(ses, ses->ipv6_dp); +@@ -181,7 +185,11 @@ static void insert_dp_routes(struct ap_session *ses, struct dhcpv6_pd *pd, struc + addr = NULL; + + list_for_each_entry(p, &ses->ipv6_dp->prefix_list, entry) { ++#ifdef HAVE_VRF ++ if (ip6route_add(ses->ifindex, &p->addr, p->prefix_len, addr, 0, 0, ses->vrf_name)) { ++#else + if (ip6route_add(ses->ifindex, &p->addr, p->prefix_len, addr, 0, 0)) { ++#endif + err = errno; + inet_ntop(AF_INET6, &p->addr, str1, sizeof(str1)); + if (addr) +diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c +index 23325fc..6c61fc2 100644 +--- a/accel-pppd/libnetlink/iputils.c ++++ b/accel-pppd/libnetlink/iputils.c +@@ -11,7 +11,9 @@ + #include <errno.h> + #include <time.h> + #include <sys/uio.h> +-//#include <linux/if_link.h> ++#ifdef HAVE_VRF ++#include <linux/if_link.h> ++#endif + //#include <linux/if_addr.h> + //#include <linux/rtnetlink.h> + #include <linux/fib_rules.h> +@@ -21,6 +23,9 @@ + #include "libnetlink.h" + #include "iputils.h" + #include "ap_net.h" ++#ifdef HAVE_VRF ++#include "rt_names.h" ++#endif + + #ifdef ACCEL_DP + #define _malloc(x) malloc(x) +@@ -457,7 +462,82 @@ int __export ipaddr_del_peer(int ifindex, in_addr_t addr, in_addr_t peer) + return r; + } + ++#ifdef HAVE_VRF ++__u32 ipvrf_get_table(const char *vrf_name) ++{ ++ struct iplink_req { ++ struct nlmsghdr n; ++ struct ifinfomsg i; ++ char buf[4096]; ++ } req; ++ struct rtnl_handle *rth = net->rtnl_get(); ++ struct rtattr *tb[IFLA_MAX+1]; ++ struct rtattr *li[IFLA_INFO_MAX+1]; ++ struct rtattr *vrf_attr[IFLA_VRF_MAX + 1]; ++ struct ifinfomsg *ifi; ++ int len; ++ __u32 tb_id = RT_TABLE_MAIN; ++ ++ log_ppp_info2("utils: getting route table for %s\n", vrf_name); ++ ++ if (!vrf_name) ++ return tb_id; ++ ++ memset(&req, 0, sizeof(req) - 4096); ++ ++ req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct ifinfomsg)); ++ req.n.nlmsg_flags = NLM_F_REQUEST; ++ req.n.nlmsg_type = RTM_GETLINK; ++ req.i.ifi_family = AF_UNSPEC; ++ ++ addattr_l(&req.n, 4096, IFLA_IFNAME, vrf_name, strlen(vrf_name)); ++ ++ if (rtnl_talk(rth, &req.n, 0, 0, &req.n, NULL, NULL, 0) < 0) { ++ if (errno == ENODEV && !strcmp(vrf_name, "default")) ++ if (rtnl_rttable_a2n(&tb_id, "main")) ++ log_ppp_error( ++ "BUG: route table \"main\" not found.\n"); ++ return tb_id; ++ } ++ ++ ifi = NLMSG_DATA(&req.n); ++ ++ len = req.n.nlmsg_len; ++ ++ len -= NLMSG_LENGTH(sizeof(*ifi)); ++ if (len < 0) ++ goto out; ++ ++ parse_rtattr(tb, IFLA_MAX, IFLA_RTA(ifi), len); ++ ++ if (!tb[IFLA_LINKINFO]) ++ goto out; ++ ++ parse_rtattr_nested(li, IFLA_INFO_MAX, tb[IFLA_LINKINFO]); ++ ++ if (!li[IFLA_INFO_KIND] || !li[IFLA_INFO_DATA]) ++ goto out; ++ ++ if (strcmp(RTA_DATA(li[IFLA_INFO_KIND]), "vrf")) ++ goto out; ++ ++ parse_rtattr_nested(vrf_attr, IFLA_VRF_MAX, li[IFLA_INFO_DATA]); ++ if (vrf_attr[IFLA_VRF_TABLE]) ++ tb_id = *(__u32 *)RTA_DATA(vrf_attr[IFLA_VRF_TABLE]); ++ ++ if (!tb_id) ++ log_ppp_error("BUG: VRF %s is missing table id\n", vrf_name); ++ ++out: ++ return tb_id; ++} ++#endif ++ ++#ifdef HAVE_VRF ++int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) ++#else + int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -472,11 +552,17 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + + memset(&req, 0, sizeof(req) - 4096); + ++#ifdef HAVE_VRF ++ __u32 rt_table = ipvrf_get_table(vrf_name); ++#else ++ __u32 rt_table = RT_TABLE_MAIN; ++#endif ++ + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); + req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE; + req.n.nlmsg_type = RTM_NEWROUTE; + req.i.rtm_family = AF_INET; +- req.i.rtm_table = RT_TABLE_MAIN; ++ req.i.rtm_table = rt_table; + req.i.rtm_scope = gw ? RT_SCOPE_UNIVERSE : RT_SCOPE_LINK; + req.i.rtm_protocol = proto; + req.i.rtm_type = RTN_UNICAST; +@@ -500,7 +586,11 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + ++#ifdef HAVE_VRF ++int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) ++#else + int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -543,7 +633,11 @@ int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + ++#ifdef HAVE_VRF ++int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) ++#else + int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -558,11 +652,17 @@ int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, + + memset(&req, 0, sizeof(req) - 4096); + ++#ifdef HAVE_VRF ++ __u32 rt_table = ipvrf_get_table(vrf_name); ++#else ++ __u32 rt_table = RT_TABLE_MAIN; ++#endif ++ + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); + req.n.nlmsg_flags = NLM_F_REQUEST | NLM_F_CREATE; + req.n.nlmsg_type = RTM_NEWROUTE; + req.i.rtm_family = AF_INET6; +- req.i.rtm_table = RT_TABLE_MAIN; ++ req.i.rtm_table = rt_table; + req.i.rtm_scope = RT_SCOPE_UNIVERSE; + req.i.rtm_protocol = proto; + req.i.rtm_type = RTN_UNICAST; +@@ -584,7 +684,11 @@ int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, + return r; + } + ++#ifdef HAVE_VRF ++int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) ++#else + int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) ++#endif + { + struct ipaddr_req { + struct nlmsghdr n; +diff --git a/accel-pppd/libnetlink/iputils.h b/accel-pppd/libnetlink/iputils.h +index 9292cea..c3063f4 100644 +--- a/accel-pppd/libnetlink/iputils.h ++++ b/accel-pppd/libnetlink/iputils.h +@@ -4,6 +4,7 @@ + #include <linux/if_link.h> + #include <netinet/in.h> + #include <stdint.h> ++#include <config.h> + + typedef int (*iplink_list_func)(int index, int flags, const char *name, int iflink, int vid, void *arg); + +@@ -20,12 +21,22 @@ int ipaddr_add_peer(int ifindex, in_addr_t addr, in_addr_t peer_addr); + int ipaddr_del(int ifindex, in_addr_t addr, int mask); + int ipaddr_del_peer(int ifindex, in_addr_t addr, in_addr_t peer); + ++#ifdef HAVE_VRF ++int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); ++int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); ++#else + int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); + int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); ++#endif + in_addr_t iproute_get(in_addr_t dst, in_addr_t *gw); + ++#ifdef HAVE_VRF ++int ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name); ++int ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name); ++#else + int ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio); + int ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio); ++#endif + int ip6addr_add(int ifindex, struct in6_addr *addr, int prefix_len); + int ip6addr_add_peer(int ifindex, struct in6_addr *addr, struct in6_addr *peer_addr); + int ip6addr_del(int ifindex, struct in6_addr *addr, int prefix_len); +diff --git a/accel-pppd/libnetlink/rt_names.c b/accel-pppd/libnetlink/rt_names.c +new file mode 100644 +index 0000000..5591a67 +--- /dev/null ++++ b/accel-pppd/libnetlink/rt_names.c +@@ -0,0 +1,196 @@ ++/* SPDX-License-Identifier: GPL-2.0-or-later */ ++/* ++ * rt_names.c rtnetlink names DB. ++ * ++ * Authors: Alexey Kuznetsov, <kuznet@ms2.inr.ac.ru> ++ */ ++ ++#include <stdio.h> ++#include <stdlib.h> ++#include <unistd.h> ++#include <fcntl.h> ++#include <string.h> ++#include <sys/time.h> ++#include <sys/socket.h> ++#include <dirent.h> ++#include <limits.h> ++ ++#include <asm/types.h> ++#include <linux/rtnetlink.h> ++ ++#include "rt_names.h" ++#include "utils.h" ++ ++#define NAME_MAX_LEN 512 ++#define CONFDIR "/etc/iproute2" ++ ++int numeric; ++ ++struct rtnl_hash_entry { ++ struct rtnl_hash_entry *next; ++ const char *name; ++ unsigned int id; ++}; ++ ++static int fread_id_name(FILE *fp, int *id, char *namebuf) ++{ ++ char buf[NAME_MAX_LEN]; ++ ++ while (fgets(buf, sizeof(buf), fp)) { ++ char *p = buf; ++ ++ while (*p == ' ' || *p == '\t') ++ p++; ++ ++ if (*p == '#' || *p == '\n' || *p == 0) ++ continue; ++ ++ if (sscanf(p, "0x%x %s\n", id, namebuf) != 2 && ++ sscanf(p, "0x%x %s #", id, namebuf) != 2 && ++ sscanf(p, "%d %s\n", id, namebuf) != 2 && ++ sscanf(p, "%d %s #", id, namebuf) != 2) { ++ strcpy(namebuf, p); ++ return -1; ++ } ++ return 1; ++ } ++ return 0; ++} ++ ++static void ++rtnl_hash_initialize(const char *file, struct rtnl_hash_entry **hash, int size) ++{ ++ struct rtnl_hash_entry *entry; ++ FILE *fp; ++ int id; ++ char namebuf[NAME_MAX_LEN] = {0}; ++ int ret; ++ ++ fp = fopen(file, "r"); ++ if (!fp) ++ return; ++ ++ while ((ret = fread_id_name(fp, &id, &namebuf[0]))) { ++ if (ret == -1) { ++ fprintf(stderr, "Database %s is corrupted at %s\n", ++ file, namebuf); ++ fclose(fp); ++ return; ++ } ++ ++ if (id < 0) ++ continue; ++ ++ entry = malloc(sizeof(*entry)); ++ if (entry == NULL) { ++ fprintf(stderr, "malloc error: for entry\n"); ++ break; ++ } ++ entry->id = id; ++ entry->name = strdup(namebuf); ++ entry->next = hash[id & (size - 1)]; ++ hash[id & (size - 1)] = entry; ++ } ++ fclose(fp); ++} ++ ++static struct rtnl_hash_entry dflt_table_entry = { .name = "default" }; ++static struct rtnl_hash_entry main_table_entry = { .name = "main" }; ++static struct rtnl_hash_entry local_table_entry = { .name = "local" }; ++ ++static struct rtnl_hash_entry *rtnl_rttable_hash[256] = { ++ [RT_TABLE_DEFAULT] = &dflt_table_entry, ++ [RT_TABLE_MAIN] = &main_table_entry, ++ [RT_TABLE_LOCAL] = &local_table_entry, ++}; ++ ++static int rtnl_rttable_init; ++ ++static void rtnl_rttable_initialize(void) ++{ ++ struct dirent *de; ++ DIR *d; ++ int i; ++ ++ rtnl_rttable_init = 1; ++ for (i = 0; i < 256; i++) { ++ if (rtnl_rttable_hash[i]) ++ rtnl_rttable_hash[i]->id = i; ++ } ++ rtnl_hash_initialize(CONFDIR "/rt_tables", ++ rtnl_rttable_hash, 256); ++ ++ d = opendir(CONFDIR "/rt_tables.d"); ++ if (!d) ++ return; ++ ++ while ((de = readdir(d)) != NULL) { ++ char path[PATH_MAX]; ++ size_t len; ++ ++ if (*de->d_name == '.') ++ continue; ++ ++ /* only consider filenames ending in '.conf' */ ++ len = strlen(de->d_name); ++ if (len <= 5) ++ continue; ++ if (strcmp(de->d_name + len - 5, ".conf")) ++ continue; ++ ++ snprintf(path, sizeof(path), ++ CONFDIR "/rt_tables.d/%s", de->d_name); ++ rtnl_hash_initialize(path, rtnl_rttable_hash, 256); ++ } ++ closedir(d); ++} ++ ++const char *rtnl_rttable_n2a(__u32 id, char *buf, int len) ++{ ++ struct rtnl_hash_entry *entry; ++ ++ if (!rtnl_rttable_init) ++ rtnl_rttable_initialize(); ++ entry = rtnl_rttable_hash[id & 255]; ++ while (entry && entry->id != id) ++ entry = entry->next; ++ if (!numeric && entry) ++ return entry->name; ++ snprintf(buf, len, "%u", id); ++ return buf; ++} ++ ++int rtnl_rttable_a2n(__u32 *id, const char *arg) ++{ ++ static const char *cache; ++ static unsigned long res; ++ struct rtnl_hash_entry *entry; ++ char *end; ++ unsigned long i; ++ ++ if (cache && strcmp(cache, arg) == 0) { ++ *id = res; ++ return 0; ++ } ++ ++ if (!rtnl_rttable_init) ++ rtnl_rttable_initialize(); ++ ++ for (i = 0; i < 256; i++) { ++ entry = rtnl_rttable_hash[i]; ++ while (entry && strcmp(entry->name, arg)) ++ entry = entry->next; ++ if (entry) { ++ cache = entry->name; ++ res = entry->id; ++ *id = res; ++ return 0; ++ } ++ } ++ ++ i = strtoul(arg, &end, 0); ++ if (!end || end == arg || *end || i > RT_TABLE_MAX) ++ return -1; ++ *id = i; ++ return 0; ++} +diff --git a/accel-pppd/libnetlink/rt_names.h b/accel-pppd/libnetlink/rt_names.h +new file mode 100644 +index 0000000..2ba6fe9 +--- /dev/null ++++ b/accel-pppd/libnetlink/rt_names.h +@@ -0,0 +1,14 @@ ++/* SPDX-License-Identifier: GPL-2.0 */ ++#ifndef RT_NAMES_H_ ++#define RT_NAMES_H_ 1 ++ ++#include <asm/types.h> ++ ++const char *rtnl_rttable_n2a(__u32 id, char *buf, int len); ++const char *rtnl_dsfield_get_name(int id); ++ ++int rtnl_rttable_a2n(__u32 *id, const char *arg); ++ ++extern int numeric; ++ ++#endif +diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c +index 2406ba0..a45666f 100644 +--- a/accel-pppd/radius/radius.c ++++ b/accel-pppd/radius/radius.c +@@ -313,6 +313,7 @@ int rad_proc_attrs(struct rad_req_t *req) + } else if (attr->vendor->id == VENDOR_Accel_PPP) { + switch (attr->attr->id) { + case Accel_VRF_Name: ++ log_ppp_info2("radius: setting vrf_name to %s\n", attr->val.string); + if (rpd->ses->vrf_name) + _free(rpd->ses->vrf_name); + rpd->ses->vrf_name = _malloc(attr->len + 1); +@@ -642,15 +643,23 @@ static void ses_started(struct ap_session *ses) + char nbuf[INET6_ADDRSTRLEN]; + char gwbuf[INET6_ADDRSTRLEN]; + ++#ifdef HAVE_VRF ++ if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio, rpd->ses->vrf_name)) { ++#else + if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio)) { ++#endif + log_ppp_warn("radius: failed to add route %s/%hhu %s %u\n", +- u_ip6str(&fr6->prefix, nbuf), fr6->plen, +- u_ip6str(&fr6->gw, gwbuf), fr6->prio); ++ u_ip6str(&fr6->prefix, nbuf), fr6->plen, ++ u_ip6str(&fr6->gw, gwbuf), fr6->prio); + } + } + + for (fr = rpd->fr; fr; fr = fr->next) { ++#ifdef HAVE_VRF ++ if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name)) { ++#else + if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio)) { ++#endif + char dst[17], gw[17]; + u_inet_ntoa(fr->dst, dst); + u_inet_ntoa(fr->gw, gw); +@@ -689,12 +698,20 @@ static void ses_finishing(struct ap_session *ses) + * when the interface is removed. + */ + if (!IN6_IS_ADDR_UNSPECIFIED(&fr6->gw)) ++#ifdef HAVE_VRF ++ ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio, rpd->ses->vrf_name); ++#else + ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio); ++#endif + } + + for (fr = rpd->fr; fr; fr = fr->next) { + if (fr->gw) ++#ifdef HAVE_VRF ++ iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name); ++#else + iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio); ++#endif + } + + if (rpd->acct_started || rpd->acct_req) +-- +2.39.5 + diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Radius-Dns-Server-IPv6-Address.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Radius-Dns-Server-IPv6-Address.patch new file mode 100644 index 00000000..a8991801 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0002-Radius-Dns-Server-IPv6-Address.patch @@ -0,0 +1,195 @@ +From: Ben Hardill <ben@hardill.me.uk> +Date: Tue, 13 Mar 2025 05:00:00 +0000 +Subject: [PATCH] PPPoE: IPv6 DNS from Radius - managing the DNS-Server-IPv6-Address attribute + +Patch authored by Ben Hardill from +https://github.com/accel-ppp/accel-ppp/pull/69 +--- +diff --git a/accel-pppd/include/ap_session.h b/accel-pppd/include/ap_session.h +index 70515133..507eae04 100644 +--- a/accel-pppd/include/ap_session.h ++++ b/accel-pppd/include/ap_session.h +@@ -84,6 +84,7 @@ struct ap_session + struct ipv4db_item_t *ipv4; + struct ipv6db_item_t *ipv6; + struct ipv6db_prefix_t *ipv6_dp; ++ struct ipv6db_item_t *ipv6_dns; + char *ipv4_pool_name; + char *ipv6_pool_name; + char *dpv6_pool_name; +diff --git a/accel-pppd/ipv6/dhcpv6.c b/accel-pppd/ipv6/dhcpv6.c +index 158771b1..1ef48132 100644 +--- a/accel-pppd/ipv6/dhcpv6.c ++++ b/accel-pppd/ipv6/dhcpv6.c +@@ -214,19 +214,41 @@ static void insert_status(struct dhcpv6_packet *pkt, struct dhcpv6_option *opt, + status->code = htons(code); + } + +-static void insert_oro(struct dhcpv6_packet *reply, struct dhcpv6_option *opt) ++static void insert_oro(struct dhcpv6_packet *reply, struct dhcpv6_option *opt, struct ap_session *ses) + { + struct dhcpv6_option *opt1; +- int i, j; ++ int i = 0, j = 0, k = 0; + uint16_t *ptr; + struct in6_addr addr, *addr_ptr; ++ struct ipv6db_addr_t *dns; + + for (i = ntohs(opt->hdr->len) / 2, ptr = (uint16_t *)opt->hdr->data; i; i--, ptr++) { + if (ntohs(*ptr) == D6_OPTION_DNS_SERVERS) { +- if (conf_dns_count) { +- opt1 = dhcpv6_option_alloc(reply, D6_OPTION_DNS_SERVERS, conf_dns_count * sizeof(addr)); +- for (j = 0, addr_ptr = (struct in6_addr *)opt1->hdr->data; j < conf_dns_count; j++, addr_ptr++) +- memcpy(addr_ptr, conf_dns + j, sizeof(addr)); ++ if (ses->ipv6_dns && !list_empty(&ses->ipv6_dns->addr_list)) { ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ j++; ++ } ++ if (j >= 3) { ++ j = 3; ++ } ++ opt1 = dhcpv6_option_alloc(reply, D6_OPTION_DNS_SERVERS, j * sizeof(addr)); ++ addr_ptr = (struct in6_addr *)opt1->hdr->data; ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ if (k < j) { ++ memcpy(addr_ptr, &dns->addr, sizeof(addr)); ++ k++; ++ addr_ptr++; ++ } else { ++ break; ++ } ++ } ++ ++ } else { ++ if (conf_dns_count) { ++ opt1 = dhcpv6_option_alloc(reply, D6_OPTION_DNS_SERVERS, conf_dns_count * sizeof(addr)); ++ for (j = 0, addr_ptr = (struct in6_addr *)opt1->hdr->data; j < conf_dns_count; j++, addr_ptr++) ++ memcpy(addr_ptr, conf_dns + j, sizeof(addr)); ++ } + } + } else if (ntohs(*ptr) == D6_OPTION_DOMAIN_LIST) { + if (conf_dnssl_size) { +@@ -434,7 +456,10 @@ static void dhcpv6_send_reply(struct dhcpv6_packet *req, struct dhcpv6_pd *pd, i + + // Option Request + } else if (ntohs(opt->hdr->code) == D6_OPTION_ORO) { +- insert_oro(reply, opt); ++ if (ses->ipv6_dns &&!list_empty(&ses->ipv6_dns->addr_list)) { ++ log_ppp_info2("User specific IPv6 DNS entries\n"); ++ } ++ insert_oro(reply, opt, ses); + + } else if (ntohs(opt->hdr->code) == D6_OPTION_RAPID_COMMIT) { + if (req->hdr->type == D6_SOLICIT) +@@ -594,7 +619,7 @@ static void dhcpv6_send_reply2(struct dhcpv6_packet *req, struct dhcpv6_pd *pd, + } + // Option Request + } else if (ntohs(opt->hdr->code) == D6_OPTION_ORO) +- insert_oro(reply, opt); ++ insert_oro(reply, opt, ses); + } + + opt1 = dhcpv6_option_alloc(reply, D6_OPTION_PREFERENCE, 1); +diff --git a/accel-pppd/ipv6/nd.c b/accel-pppd/ipv6/nd.c +index 297e4d63..b3054274 100644 +--- a/accel-pppd/ipv6/nd.c ++++ b/accel-pppd/ipv6/nd.c +@@ -174,7 +174,32 @@ static void ipv6_nd_send_ra(struct ipv6_nd_handler_t *h, struct sockaddr_in6 *ds + rinfo++; + }*/ + +- if (conf_dns_count) { ++ if (ses->ipv6_dns && !list_empty(&ses->ipv6_dns->addr_list)) { ++ int i = 0, j = 0; ++ struct ipv6db_addr_t *dns; ++ ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ i++; ++ } ++ if (i >= 3) { ++ i = 3; ++ } ++ rdnssinfo = (struct nd_opt_rdnss_info_local *)pinfo; ++ memset(rdnssinfo, 0, sizeof(*rdnssinfo)); ++ rdnssinfo->nd_opt_rdnssi_type = ND_OPT_RDNSS_INFORMATION; ++ rdnssinfo->nd_opt_rdnssi_len = 1 + 2 * i; ++ rdnssinfo->nd_opt_rdnssi_lifetime = htonl(conf_rdnss_lifetime); ++ rdnss_addr = (struct in6_addr *)rdnssinfo->nd_opt_rdnssi; ++ list_for_each_entry(dns, &ses->ipv6_dns->addr_list, entry) { ++ if (j < i) { ++ memcpy(rdnss_addr, &dns->addr, sizeof(*rdnss_addr)); ++ j++; ++ rdnss_addr++; ++ } else { ++ break; ++ } ++ } ++ } else if (conf_dns_count) { + rdnssinfo = (struct nd_opt_rdnss_info_local *)pinfo; + memset(rdnssinfo, 0, sizeof(*rdnssinfo)); + rdnssinfo->nd_opt_rdnssi_type = ND_OPT_RDNSS_INFORMATION; +diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c +index 786faa56..1379b0b2 100644 +--- a/accel-pppd/radius/radius.c ++++ b/accel-pppd/radius/radius.c +@@ -403,6 +403,12 @@ int rad_proc_attrs(struct rad_req_t *req) + case Framed_IPv6_Route: + rad_add_framed_ipv6_route(attr->val.string, rpd); + break; ++ case DNS_Server_IPv6_Address: ++ a = _malloc(sizeof(*a)); ++ memset(a, 0, sizeof(*a)); ++ a->addr = attr->val.ipv6addr; ++ list_add_tail(&a->entry, &rpd->ipv6_dns.addr_list); ++ break; + } + } + +@@ -420,6 +426,9 @@ int rad_proc_attrs(struct rad_req_t *req) + if (!rpd->ses->ipv6_dp && !list_empty(&rpd->ipv6_dp.prefix_list)) + rpd->ses->ipv6_dp = &rpd->ipv6_dp; + ++ if (!rpd->ses->ipv6_dns && !list_empty(&rpd->ipv6_dns.addr_list)) ++ rpd->ses->ipv6_dns = &rpd->ipv6_dns; ++ + return res; + } + +@@ -584,10 +593,12 @@ static void ses_starting(struct ap_session *ses) + INIT_LIST_HEAD(&rpd->plugin_list); + INIT_LIST_HEAD(&rpd->ipv6_addr.addr_list); + INIT_LIST_HEAD(&rpd->ipv6_dp.prefix_list); ++ INIT_LIST_HEAD(&rpd->ipv6_dns.addr_list); + + rpd->ipv4_addr.owner = &ipdb; + rpd->ipv6_addr.owner = &ipdb; + rpd->ipv6_dp.owner = &ipdb; ++ rpd->ipv6_dns.owner = &ipdb; + + list_add_tail(&rpd->pd.entry, &ses->pd_list); + +@@ -764,6 +775,12 @@ static void ses_finished(struct ap_session *ses) + _free(a); + } + ++ while (!list_empty(&rpd->ipv6_dns.addr_list)) { ++ a = list_entry(rpd->ipv6_dns.addr_list.next, typeof(*a), entry); ++ list_del(&a->entry); ++ _free(a); ++ } ++ + fr6 = rpd->fr6; + while (fr6) { + struct framed_ip6_route *next = fr6->next; +diff --git a/accel-pppd/radius/radius_p.h b/accel-pppd/radius/radius_p.h +index 988f154f..eaa5acb0 100644 +--- a/accel-pppd/radius/radius_p.h ++++ b/accel-pppd/radius/radius_p.h +@@ -65,6 +65,7 @@ struct radius_pd_t { + struct ipv4db_item_t ipv4_addr; + struct ipv6db_item_t ipv6_addr; + struct ipv6db_prefix_t ipv6_dp; ++ struct ipv6db_item_t ipv6_dns; + int acct_interim_interval; + int acct_interim_jitter; + diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch new file mode 100644 index 00000000..3c8fff94 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0003-Simplify-implementation-of-vrf-support-for-iproute_a.patch @@ -0,0 +1,213 @@ +From 4898832b90a6b929b8316fe55085b14c3afcf4a8 Mon Sep 17 00:00:00 2001 +From: Chris Hills <chris@brsk.co.uk> +Date: Mon, 3 Jul 2023 14:42:22 +0100 +Subject: [PATCH 3/4] Simplify implementation of vrf support for + iproute_add/del + +(cherry picked from commit 85cbd27bd440e0a4836bb9e03c933e05fd321769) +--- + accel-pppd/ctrl/ipoe/ipoe.c | 24 ++---------------------- + accel-pppd/libnetlink/iputils.c | 16 ---------------- + accel-pppd/libnetlink/iputils.h | 5 ----- + accel-pppd/radius/radius.c | 16 ---------------- + accel-pppd/session.c | 1 + + 5 files changed, 3 insertions(+), 59 deletions(-) + +diff --git a/accel-pppd/ctrl/ipoe/ipoe.c b/accel-pppd/ctrl/ipoe/ipoe.c +index 6f23fd6..3a6c85b 100644 +--- a/accel-pppd/ctrl/ipoe/ipoe.c ++++ b/accel-pppd/ctrl/ipoe/ipoe.c +@@ -1021,9 +1021,9 @@ static void __ipoe_session_activate(struct ipoe_session *ses) + in_addr_t gw; + iproute_get(ses->router, &gw, NULL); + if (gw) +- iproute_add(0, ses->siaddr, ses->yiaddr, gw, conf_proto, 32); ++ iproute_add(0, ses->siaddr, ses->yiaddr, gw, conf_proto, 32, NULL); + else +- iproute_add(0, ses->siaddr, ses->router, gw, conf_proto, 32); ++ iproute_add(0, ses->siaddr, ses->router, gw, conf_proto, 32, NULL); + }*/ + + if (serv->opt_mode == MODE_L3) +@@ -1067,17 +1067,9 @@ static void __ipoe_session_activate(struct ipoe_session *ses) + + if (ses->ifindex == -1 && !serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) +-#ifdef HAVE_VRF + iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); +-#else +- iproute_add(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); +-#endif + else +-#ifdef HAVE_VRF + iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); +-#else +- iproute_add(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); +-#endif + } + + if (ses->l4_redirect) +@@ -1178,11 +1170,7 @@ static void ipoe_session_started(struct ap_session *s) + + if (ses->ses.ipv4->peer_addr != ses->yiaddr) + //ipaddr_add_peer(ses->ses.ifindex, ses->router, ses->yiaddr); // breaks quagga +-#ifdef HAVE_VRF + iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); +-#else +- iproute_add(ses->ses.ifindex, ses->router, ses->yiaddr, 0, conf_proto, 32, 0); +-#endif + + if (ses->ifindex != -1 && ses->xid) { + ses->dhcpv4 = dhcpv4_create(ses->ctrl.ctx, ses->ses.ifname, ""); +@@ -1266,17 +1254,9 @@ static void ipoe_session_finished(struct ap_session *s) + } else if (ses->started) { + if (!serv->opt_ifcfg) { + if (!serv->opt_ip_unnumbered) +-#ifdef HAVE_VRF + iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0, NULL); +-#else +- iproute_del(serv->ifindex, ses->router, ses->yiaddr, 0, conf_proto, ses->mask, 0); +-#endif + else +-#ifdef HAVE_VRF + iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0, NULL); +-#else +- iproute_del(serv->ifindex, serv->opt_src ?: ses->router, ses->yiaddr, 0, conf_proto, 32, 0); +-#endif + } + } + +diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c +index 6c61fc2..60eca8b 100644 +--- a/accel-pppd/libnetlink/iputils.c ++++ b/accel-pppd/libnetlink/iputils.c +@@ -533,11 +533,7 @@ out: + } + #endif + +-#ifdef HAVE_VRF + int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) +-#else +-int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -586,11 +582,7 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + +-#ifdef HAVE_VRF + int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name) +-#else +-int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -633,11 +625,7 @@ int __export iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + return r; + } + +-#ifdef HAVE_VRF + int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) +-#else +-int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +@@ -684,11 +672,7 @@ int __export ip6route_add(int ifindex, const struct in6_addr *dst, int pref_len, + return r; + } + +-#ifdef HAVE_VRF + int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio, const char *vrf_name) +-#else +-int __export ip6route_del(int ifindex, const struct in6_addr *dst, int pref_len, const struct in6_addr *gw, int proto, uint32_t prio) +-#endif + { + struct ipaddr_req { + struct nlmsghdr n; +diff --git a/accel-pppd/libnetlink/iputils.h b/accel-pppd/libnetlink/iputils.h +index c3063f4..d3a93f4 100644 +--- a/accel-pppd/libnetlink/iputils.h ++++ b/accel-pppd/libnetlink/iputils.h +@@ -21,13 +21,8 @@ int ipaddr_add_peer(int ifindex, in_addr_t addr, in_addr_t peer_addr); + int ipaddr_del(int ifindex, in_addr_t addr, int mask); + int ipaddr_del_peer(int ifindex, in_addr_t addr, in_addr_t peer); + +-#ifdef HAVE_VRF + int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); + int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio, const char *vrf_name); +-#else +-int iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); +-int iproute_del(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw, int proto, int mask, uint32_t prio); +-#endif + in_addr_t iproute_get(in_addr_t dst, in_addr_t *gw); + + #ifdef HAVE_VRF +diff --git a/accel-pppd/radius/radius.c b/accel-pppd/radius/radius.c +index a45666f..9d567b7 100644 +--- a/accel-pppd/radius/radius.c ++++ b/accel-pppd/radius/radius.c +@@ -643,11 +643,7 @@ static void ses_started(struct ap_session *ses) + char nbuf[INET6_ADDRSTRLEN]; + char gwbuf[INET6_ADDRSTRLEN]; + +-#ifdef HAVE_VRF + if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio, rpd->ses->vrf_name)) { +-#else +- if (ip6route_add(gw_spec ? 0 : rpd->ses->ifindex, &fr6->prefix, fr6->plen, gw_spec ? &fr6->gw : NULL, 3, fr6->prio)) { +-#endif + log_ppp_warn("radius: failed to add route %s/%hhu %s %u\n", + u_ip6str(&fr6->prefix, nbuf), fr6->plen, + u_ip6str(&fr6->gw, gwbuf), fr6->prio); +@@ -655,11 +651,7 @@ static void ses_started(struct ap_session *ses) + } + + for (fr = rpd->fr; fr; fr = fr->next) { +-#ifdef HAVE_VRF + if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name)) { +-#else +- if (iproute_add(fr->gw ? 0 : rpd->ses->ifindex, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio)) { +-#endif + char dst[17], gw[17]; + u_inet_ntoa(fr->dst, dst); + u_inet_ntoa(fr->gw, gw); +@@ -698,20 +690,12 @@ static void ses_finishing(struct ap_session *ses) + * when the interface is removed. + */ + if (!IN6_IS_ADDR_UNSPECIFIED(&fr6->gw)) +-#ifdef HAVE_VRF + ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio, rpd->ses->vrf_name); +-#else +- ip6route_del(0, &fr6->prefix, fr6->plen, &fr6->gw, 3, fr6->prio); +-#endif + } + + for (fr = rpd->fr; fr; fr = fr->next) { + if (fr->gw) +-#ifdef HAVE_VRF + iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio, rpd->ses->vrf_name); +-#else +- iproute_del(0, 0, fr->dst, fr->gw, 3, fr->mask, fr->prio); +-#endif + } + + if (rpd->acct_started || rpd->acct_req) +diff --git a/accel-pppd/session.c b/accel-pppd/session.c +index c01417f..fedb6f5 100644 +--- a/accel-pppd/session.c ++++ b/accel-pppd/session.c +@@ -68,6 +68,7 @@ void __export ap_session_init(struct ap_session *ses) + ses->ifindex = -1; + ses->unit_idx = -1; + ses->net = net; ++ ses->vrf_name = NULL; + } + + void __export ap_session_set_ifindex(struct ap_session *ses) +-- +2.39.5 + diff --git a/scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch b/scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch new file mode 100644 index 00000000..9273c8a3 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/accel-ppp/0004-Fix-whitespace-in-accel-pppd-libnetlink-iputils.c.patch @@ -0,0 +1,26 @@ +From a959ab0c0d659a8b314b98bb577a79ec9ed3542c Mon Sep 17 00:00:00 2001 +From: Chris Hills <chris@brsk.co.uk> +Date: Tue, 11 Jul 2023 10:14:52 +0100 +Subject: [PATCH 4/4] Fix whitespace in accel-pppd/libnetlink/iputils.c + +(cherry picked from commit 10d2fba58928dcb4604a04169cbb3a8c9e8a172f) +--- + accel-pppd/libnetlink/iputils.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/accel-pppd/libnetlink/iputils.c b/accel-pppd/libnetlink/iputils.c +index 60eca8b..afe2380 100644 +--- a/accel-pppd/libnetlink/iputils.c ++++ b/accel-pppd/libnetlink/iputils.c +@@ -551,7 +551,7 @@ int __export iproute_add(int ifindex, in_addr_t src, in_addr_t dst, in_addr_t gw + #ifdef HAVE_VRF + __u32 rt_table = ipvrf_get_table(vrf_name); + #else +- __u32 rt_table = RT_TABLE_MAIN; ++ __u32 rt_table = RT_TABLE_MAIN; + #endif + + req.n.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtmsg)); +-- +2.39.5 + diff --git a/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch index 7bd0b04b..107fdc67 100644 --- a/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0001-linkstate-ip-device-attribute.patch @@ -6,6 +6,7 @@ Subject: [PATCH] VyOS: Add linkstate IP device attribute Backport of earlier Vyatta patch. (cherry picked from commit 7c5a851086686be14ae937c80d6cee34814dbefc) + --- Documentation/networking/ip-sysctl.rst | 11 +++++++++++ include/linux/inetdevice.h | 1 + @@ -100,7 +101,7 @@ index c33b1ecc591e..7576d51cd16d 100644 }; diff --git a/net/ipv6/addrconf.c b/net/ipv6/addrconf.c -index 8360939acf85..b13832a08d28 100644 +index bb9add46e382..20346b1dd103 100644 --- a/net/ipv6/addrconf.c +++ b/net/ipv6/addrconf.c @@ -5674,6 +5674,7 @@ static inline void ipv6_store_devconf(struct ipv6_devconf *cnf, @@ -111,7 +112,7 @@ index 8360939acf85..b13832a08d28 100644 } static inline size_t inet6_ifla6_size(void) -@@ -7103,6 +7104,13 @@ static const struct ctl_table addrconf_sysctl[] = { +@@ -7116,6 +7117,13 @@ static const struct ctl_table addrconf_sysctl[] = { .extra1 = (void *)SYSCTL_ZERO, .extra2 = (void *)SYSCTL_ONE, }, @@ -126,10 +127,10 @@ index 8360939acf85..b13832a08d28 100644 .procname = "ioam6_id", .data = &ipv6_devconf.ioam6_id, diff --git a/net/ipv6/route.c b/net/ipv6/route.c -index 5715d54f3d0b..e88971b512ba 100644 +index 53197087353a..4fed0253cf83 100644 --- a/net/ipv6/route.c +++ b/net/ipv6/route.c -@@ -682,6 +682,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh) +@@ -716,6 +716,14 @@ static inline void rt6_probe(struct fib6_nh *fib6_nh) } #endif @@ -144,7 +145,7 @@ index 5715d54f3d0b..e88971b512ba 100644 /* * Default Router Selection (RFC 2461 6.3.6) */ -@@ -723,6 +731,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif, +@@ -757,6 +765,8 @@ static int rt6_score_route(const struct fib6_nh *nh, u32 fib6_flags, int oif, if (!m && (strict & RT6_LOOKUP_F_IFACE)) return RT6_NUD_FAIL_HARD; diff --git a/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch index b19a8d25..115f6831 100644 --- a/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch +++ b/scripts/package-build/linux-kernel/patches/kernel/0002-inotify-support-for-stackable-filesystems.patch @@ -19,6 +19,7 @@ for bug #303, and will allow that commit to be reverted. Bug #425 http://bugzilla.vyos.net/show_bug.cgi?id=425 (cherry picked from commit a93f1128bc83b5a6628da242e71c18ef05e81ea2) + --- fs/notify/inotify/Kconfig | 9 +++ fs/notify/inotify/inotify_user.c | 114 ++++++++++++++++++++++++++++++- @@ -190,7 +191,7 @@ index 1c4bfdab008d..cf567cc33679 100644 struct inotify_inode_mark *i_mark) { diff --git a/fs/overlayfs/super.c b/fs/overlayfs/super.c -index 2c056d737c27..2cb1f0024e70 100644 +index 93ee57bc82ad..5f4f886d011e 100644 --- a/fs/overlayfs/super.c +++ b/fs/overlayfs/super.c @@ -15,6 +15,7 @@ @@ -201,7 +202,7 @@ index 2c056d737c27..2cb1f0024e70 100644 #include <linux/file.h> #include <linux/fs_context.h> #include <linux/fs_parser.h> -@@ -1528,6 +1529,18 @@ static void ovl_inode_init_once(void *foo) +@@ -1533,6 +1534,18 @@ static void ovl_inode_init_once(void *foo) inode_init_once(&oi->vfs_inode); } @@ -220,7 +221,7 @@ index 2c056d737c27..2cb1f0024e70 100644 static int __init ovl_init(void) { int err; -@@ -1543,18 +1556,24 @@ static int __init ovl_init(void) +@@ -1548,18 +1561,24 @@ static int __init ovl_init(void) err = ovl_aio_request_cache_init(); if (!err) { err = register_filesystem(&ovl_fs_type); @@ -294,5 +295,5 @@ index 8d20caa1b268..c126e2f93a73 100644 + #endif /* _LINUX_INOTIFY_H */ -- -2.39.2 +2.39.5 diff --git a/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch b/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch new file mode 100644 index 00000000..082ad589 --- /dev/null +++ b/scripts/package-build/linux-kernel/patches/kernel/build-linux-perf-package.patch @@ -0,0 +1,62 @@ +diff --git c/scripts/package/builddeb i/scripts/package/builddeb +index d7dd0d04c70c..6f4a9a7c2c62 100755 +--- c/scripts/package/builddeb ++++ i/scripts/package/builddeb +@@ -182,6 +182,16 @@ install_libc_headers () { + mv $pdir/usr/include/asm $pdir/usr/include/$host_arch/ + } + ++install_perf () { ++ pdir=$1 ++ ++ rm -rf $pdir ++ ++ $MAKE -C tools/ perf_install prefix=$pdir/usr ++ mv tools/perf/$pdir/usr $srctree/$pdir ++ ++} ++ + rm -f debian/files + + packages_enabled=$(dh_listpackages) +@@ -199,6 +209,8 @@ do + install_libc_headers debian/linux-libc-dev;; + linux-headers-*) + install_kernel_headers debian/linux-headers ${package#linux-headers-};; ++ linux-perf-*) ++ install_perf debian/linux-perf ${package};; + esac + done + +@@ -213,6 +225,8 @@ do + create_package ${package} debian/linux-libc-dev;; + linux-headers-*) + create_package ${package} debian/linux-headers;; ++ linux-perf-*) ++ create_package ${package} debian/linux-perf;; + esac + done + +diff --git c/scripts/package/mkdebian i/scripts/package/mkdebian +index 5044224cf671..21f98ae50be0 100755 +--- c/scripts/package/mkdebian ++++ i/scripts/package/mkdebian +@@ -238,6 +238,18 @@ Description: Linux support headers for userspace development + Multi-Arch: same + EOF + ++cat <<EOF >> debian/control ++ ++Package: linux-perf-$version ++Section: devel ++Architecture: $debarch ++Depends: \${shlibs:Depends} ++Description: Performance analysis tools for Linux $version ++ This package contains the 'perf' performance analysis tools for Linux ++ kernel version $version . ++Multi-Arch: same ++EOF ++ + if is_enabled CONFIG_MODULES; then + cat <<EOF >> debian/control + diff --git a/scripts/package-build/netfilter/package.toml b/scripts/package-build/netfilter/package.toml index a39ba8b7..ec28280a 100644 --- a/scripts/package-build/netfilter/package.toml +++ b/scripts/package-build/netfilter/package.toml @@ -13,3 +13,9 @@ sudo dpkg -i ../libnftnl*.deb sudo mk-build-deps --install --tool 'apt-get --yes --no-install-recommends' dpkg-buildpackage -uc -us -tc -b """ + +[dependencies] +packages = [ + "asciidoc-base", + "bison" +] diff --git a/scripts/package-build/node_exporter/package.toml b/scripts/package-build/node_exporter/package.toml index b0070278..4540bc82 100644 --- a/scripts/package-build/node_exporter/package.toml +++ b/scripts/package-build/node_exporter/package.toml @@ -1,6 +1,6 @@ [[packages]] name = "node_exporter" -commit_id = "v1.8.2" +commit_id = "v1.9.1" scm_url = "https://github.com/prometheus/node_exporter" build_cmd = """ diff --git a/scripts/package-build/openvpn-otp/package.toml b/scripts/package-build/openvpn-otp/package.toml index bdbc6d9d..51430864 100644 --- a/scripts/package-build/openvpn-otp/package.toml +++ b/scripts/package-build/openvpn-otp/package.toml @@ -17,3 +17,11 @@ fpm --input-type dir --output-type deb --name openvpn-otp \ --depends openvpn --architecture $(dpkg --print-architecture) \ --version $(git describe --tags --always | cut -c2-) --deb-compression gz usr """ + + +[dependencies] +packages = [ + "debhelper", + "libssl-dev", + "openvpn" +] diff --git a/scripts/package-build/radvd/package.toml b/scripts/package-build/radvd/package.toml index e44afa18..83b9936b 100644 --- a/scripts/package-build/radvd/package.toml +++ b/scripts/package-build/radvd/package.toml @@ -1,6 +1,6 @@ [[packages]] name = "radvd" -commit_id = "f2de4764559" +commit_id = "v2.20" scm_url = "https://github.com/radvd-project/radvd" #build_cmd = "cd ..; ./build.sh" diff --git a/scripts/package-build/udp-broadcast-relay/build.py b/scripts/package-build/udp-broadcast-relay/build.py new file mode 120000 index 00000000..3c76af73 --- /dev/null +++ b/scripts/package-build/udp-broadcast-relay/build.py @@ -0,0 +1 @@ +../build.py
\ No newline at end of file diff --git a/scripts/package-build/udp-broadcast-relay/package.toml b/scripts/package-build/udp-broadcast-relay/package.toml new file mode 100644 index 00000000..c7bc4323 --- /dev/null +++ b/scripts/package-build/udp-broadcast-relay/package.toml @@ -0,0 +1,21 @@ +[[packages]] +name = "udp-broadcast-relay" +commit_id = "9a0f13b4b5938bfe0af0d0d4e99dfc127c068e28" +scm_url = "https://github.com/nomeata/udp-broadcast-relay" + +apply_patches = false + +build_cmd = """ +for patch in ../patches/udp-broadcast-relay/*.patch; do + echo "I: build_cmd applying patch $patch..." + git -c user.email=maintainers@vyos.net -c user.name=vyos am "$patch" || { echo "Failed to apply patch $patch"; exit 1; } +done + +dpkg-buildpackage -uc -us -tc -b -d +""" + +[dependencies] +packages = [ + "debhelper-compat", + "dpkg-dev", +] diff --git a/scripts/package-build/udp-broadcast-relay/patches/udp-broadcast-relay/0001-Add-Debian-packaging.patch b/scripts/package-build/udp-broadcast-relay/patches/udp-broadcast-relay/0001-Add-Debian-packaging.patch new file mode 100644 index 00000000..fb3073c7 --- /dev/null +++ b/scripts/package-build/udp-broadcast-relay/patches/udp-broadcast-relay/0001-Add-Debian-packaging.patch @@ -0,0 +1,202 @@ +From f30e9b267d582040df5afeb57ed8a337fba00bfb Mon Sep 17 00:00:00 2001 +From: Daniil Baturin <daniil@vyos.io> +Date: Mon, 26 May 2025 17:59:39 +0100 +Subject: [PATCH] Add Debian packaging + +--- + Makefile | 9 ++++++ + debian/changelog | 5 +++ + debian/compat | 1 + + debian/control | 26 +++++++++++++++ + debian/copyright | 16 +++++++++ + debian/rules | 63 ++++++++++++++++++++++++++++++++++++ + udp-broadcast-relay@.service | 14 ++++++++ + 7 files changed, 134 insertions(+) + create mode 100644 debian/changelog + create mode 100644 debian/compat + create mode 100644 debian/control + create mode 100644 debian/copyright + create mode 100755 debian/rules + create mode 100644 udp-broadcast-relay@.service + +diff --git a/Makefile b/Makefile +index 04ef122..2ff8dbd 100644 +--- a/Makefile ++++ b/Makefile +@@ -6,3 +6,12 @@ udp-broadcast-relay: main.c + + clean: + rm -f udp-broadcast-relay ++ rm -f build-stamp ++ rm -rf debian/udp-broadcast-relay ++ ++ ++install: ++ install -d $(DESTDIR)/usr/sbin ++ install -d $(DESTDIR)/lib/systemd/system ++ install -m 0755 udp-broadcast-relay $(DESTDIR)/usr/sbin ++ install -m 0644 udp-broadcast-relay@.service $(DESTDIR)/lib/systemd/system +diff --git a/debian/changelog b/debian/changelog +new file mode 100644 +index 0000000..a94fcee +--- /dev/null ++++ b/debian/changelog +@@ -0,0 +1,5 @@ ++udp-broadcast-relay (0.3+vyos) unstable; urgency=medium ++ ++ * Debian packaging for VyOS. ++ ++ -- Daniil Baturin <daniil@vyos.io> Mon, 26 May 2025 17:58:33 +0100 +diff --git a/debian/compat b/debian/compat +new file mode 100644 +index 0000000..f599e28 +--- /dev/null ++++ b/debian/compat +@@ -0,0 +1 @@ ++10 +diff --git a/debian/control b/debian/control +new file mode 100644 +index 0000000..2528395 +--- /dev/null ++++ b/debian/control +@@ -0,0 +1,26 @@ ++Source: udp-broadcast-relay ++Section: net ++Priority: optional ++Maintainer: VyOS maintainers <maintainers@vyos.io> ++Build-Depends: debhelper (>= 9.2), ++ pkg-config, ++Standards-Version: 3.9.6 ++Vcs-Git: https://github.com/nomeata/udp-broadcast-relay ++Homepage: https://github.com/nomeata/udp-broadcast-relay ++ ++Package: udp-broadcast-relay ++Architecture: linux-any ++Depends: ${shlibs:Depends}, ${misc:Depends} ++Description: UDP Broadcast Packet Relay ++ This program listens for packets on a specified UDP broadcast port. When ++ a packet is received, it sends that packet to all specified interfaces ++ but the one it came from as though it originated from the original ++ sender. ++ . ++ The primary purpose of this is to allow games on machines on separated ++ local networks (Ethernet, WLAN) that use udp broadcasts to find each ++ other to do so. ++ . ++ It also works on ppp links, so you can log in from windows boxes (e.g. ++ using pptp) and play LAN-based games together. Currently, you have to ++ care about upcoming or downgoing interfaces yourself. +diff --git a/debian/copyright b/debian/copyright +new file mode 100644 +index 0000000..1c19114 +--- /dev/null ++++ b/debian/copyright +@@ -0,0 +1,16 @@ ++Copyright (C) 2022 Joachim Breitner ++ ++This program is free software; you can redistribute it and/or ++modify it under the terms of the GNU General Public License ++as published by the Free Software Foundation; either version 2 ++of the License, or (at your option) any later version. ++ ++This program is distributed in the hope that it will be useful, ++but WITHOUT ANY WARRANTY; without even the implied warranty of ++MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++GNU General Public License for more details. ++ ++You should have received a copy of the GNU General Public License ++along with this program; if not, write to the Free Software ++Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. ++ +diff --git a/debian/rules b/debian/rules +new file mode 100755 +index 0000000..16c5748 +--- /dev/null ++++ b/debian/rules +@@ -0,0 +1,63 @@ ++#!/usr/bin/make -f ++# -*- makefile -*- ++# Sample debian/rules that uses debhelper. ++# This file was originally written by Joey Hess and Craig Small. ++# As a special exception, when this file is copied by dh-make into a ++# dh-make output file, you may use that output file without restriction. ++# This special exception was added by Craig Small in version 0.37 of dh-make. ++ ++# Uncomment this to turn on verbose mode. ++#export DH_VERBOSE=1 ++ ++PACKAGE=udp-broadcast-relay ++PKGDIR=$(CURDIR)/debian/$(PACKAGE) ++ ++build: build-stamp ++ ++build-stamp: ++ dh_testdir ++ $(MAKE) ++ touch $@ ++ ++clean: clean-patched ++ ++# Clean everything up, including everything auto-generated ++# at build time that needs not to be kept around in the Debian diff ++clean-patched: ++ dh_testdir ++ dh_testroot ++ if test -f Makefile ; then $(MAKE) clean ; fi ++ rm -f build-stamp ++ rm -rf config ++ dh_clean ++ ++install: build ++ dh_testdir ++ dh_testroot ++ dh_prep ++ dh_installdirs ++ ++ $(MAKE) install DESTDIR=$(PKGDIR) ++ ++# Build architecture-independent files here. ++binary-indep: build install ++ rm -f debian/files ++ dh_testdir ++ dh_testroot ++ dh_install ++ dh_installdebconf ++ dh_installinit ++ dh_compress ++ dh_fixperms ++ dh_installdeb ++ dh_gencontrol ++ dh_md5sums ++ dh_builddeb ++ ++# Build architecture-dependent files here. ++binary-arch: build install ++# This is an architecture independent package ++# so; we have nothing to do by default. ++ ++binary: binary-indep ++.PHONY: build clean binary-indep binary install +diff --git a/udp-broadcast-relay@.service b/udp-broadcast-relay@.service +new file mode 100644 +index 0000000..229748c +--- /dev/null ++++ b/udp-broadcast-relay@.service +@@ -0,0 +1,14 @@ ++[Unit] ++Description=UDP-bcast-relay ++After=network.target ++RequiresMountsFor=/run ++ ++[Service] ++Type=simple ++NotifyAccess=main ++EnvironmentFile=-/etc/default/udp-broadcast-relay%I ++ExecStart=/usr/sbin/udp-broadcast-relay $DAEMON_ARGS ++Restart=on-failure ++ ++[Install] ++WantedBy=multi-user.target +-- +2.49.0 + diff --git a/tools/cloud-init/AWS/config.boot.default b/tools/cloud-init/AWS/config.boot.default index 92c3310b..f70ba307 100644 --- a/tools/cloud-init/AWS/config.boot.default +++ b/tools/cloud-init/AWS/config.boot.default @@ -9,6 +9,9 @@ system { level admin } } + option { + reboot-on-upgrade-failure 5 + } syslog { local { facility all { |