diff options
| -rw-r--r-- | CODEOWNERS | 2 | ||||
| -rw-r--r-- | data/architectures/amd64.toml | 1 | ||||
| -rwxr-xr-x | data/live-build-config/hooks/live/40-init-cracklib-db.chroot | 13 | ||||
| -rwxr-xr-x | data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot | 12 | ||||
| -rw-r--r-- | data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc | 52 | ||||
| -rw-r--r-- | data/live-build-config/package-lists/vyos-base.list.chroot | 2 | ||||
| -rw-r--r-- | data/live-build-config/rootfs/excludes | 3 | ||||
| -rw-r--r-- | docker/Dockerfile | 1 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/.gitignore | 1 | ||||
| -rwxr-xr-x | scripts/package-build/linux-kernel/build-ipt-netflow.sh | 65 | ||||
| -rwxr-xr-x | scripts/package-build/linux-kernel/build.py | 7 | ||||
| -rw-r--r-- | scripts/package-build/linux-kernel/package.toml | 8 |
12 files changed, 97 insertions, 70 deletions
@@ -1,2 +1,2 @@ # Users from reviewers github team -* @vyos/reviewers +# * @vyos/reviewers diff --git a/data/architectures/amd64.toml b/data/architectures/amd64.toml index 9ab1c03b..292eec38 100644 --- a/data/architectures/amd64.toml +++ b/data/architectures/amd64.toml @@ -7,6 +7,7 @@ packages = [ "vyos-intel-qat", "vyos-intel-ixgbe", "vyos-intel-ixgbevf", + "vyos-ipt-netflow", ] [additional_repositories.salt] diff --git a/data/live-build-config/hooks/live/40-init-cracklib-db.chroot b/data/live-build-config/hooks/live/40-init-cracklib-db.chroot new file mode 100755 index 00000000..4d94b08e --- /dev/null +++ b/data/live-build-config/hooks/live/40-init-cracklib-db.chroot @@ -0,0 +1,13 @@ +#!/bin/sh + +CRACKLIB_DIR=/var/cache/cracklib +CRACKLIB_DB=cracklib_dict + +if [ ! -f "${CRACKLIB_DIR}/${CRACKLIB_DB}.pwd" ]; then + echo "I: Creating the cracklib database ${CRACKLIB_DIR}/${CRACKLIB_DB}" + mkdir -p $CRACKLIB_DIR + + /usr/sbin/create-cracklib-dict -o $CRACKLIB_DIR/$CRACKLIB_DB \ + /usr/share/dict/cracklib-small +fi + diff --git a/data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot b/data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot deleted file mode 100755 index 478b88fb..00000000 --- a/data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if ! command -v gpg &> /dev/null; then - echo "gpg binary could not be found" - exit 1 -fi - -GPG_KEY="/usr/share/vyos/keys/vyos-release.pub.asc" - -echo I: Import GPG key -gpg --import ${GPG_KEY} -exit $? diff --git a/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc b/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc deleted file mode 100644 index bf9a7aca..00000000 --- a/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.22 (GNU/Linux) - -mQINBFXKsiIBEACyid9PR/v56pSRG8VgQyRwvzoI7rLErZ8BCQA2WFxA6+zNy+6G -+0E/6XAOzE+VHli+wtJpiVJwAh+wWuqzOmv9css2fdJxpMW87pJAS2i3EVVVf6ab -wU848JYLGzc9y7gZrnT1m2fNh4MXkZBNDp780WpOZx8roZq5X+j+Y5hk5KcLiBn/ -lh9Zoh8yzrWDSXQsz0BGoAbVnLUEWyo0tcRcHuC0eLx6oNG/IHvd/+kxWB1uULHU -SlB/6vcx56lLqgzywkmhP01050ZDyTqrFRIfrvw6gLQaWlgR3lB93txvF/sz87Il -VblV7e6HEyVUQxedDS8ikOyzdb5r9a6Zt/j8ZPSntFNM6OcKAI7U1nDD3FVOhlVn -7lhUiNc+/qjC+pR9CrZjr/BTWE7Zpi6/kzeH4eAkfjyALj18oC5udJDjXE5daTL3 -k9difHf74VkZm29Cy9M3zPckOZpsGiBl8YQsf+RXSBMDVYRKZ1BNNLDofm4ZGijK -mriXcaY+VIeVB26J8m8y0zN4/ZdioJXRcy72c1KusRt8e/TsqtC9UFK05YpzRm5R -/nwxDFYb7EdY/vHUFOmfwXLaRvyZtRJ9LwvRUAqgRbbRZg3ET/tn6JZk8hqx3e1M -IxuskOB19t5vWyAo/TLGIFw44SErrq9jnpqgclTSRgFjcjHEm061r4vjoQARAQAB -tDZWeU9TIE1haW50YWluZXJzIChWeU9TIFJlbGVhc2UpIDxtYWludGFpbmVyc0B2 -eW9zLm5ldD6JAjgEEwECACIFAlXKsiICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B -AheAAAoJEP0iAoWg/m1+xbgP+QEDYZi5dA4IPY+vU1L95Bavju2m2o35TSUDPg5B -jfAGuhbsNUceU+l/yUlxjpKEmvshyW3GHR5QzUaKGup/ZDBo1CBxZNhpSlFida2E -KAYTx4vHk3MRXcntiAj/hIJwRtzCUp5UQIqHoU8dmHoHOkKEP+zhJuR6E2s+WwDr -nTwE6eRa0g/AHY+chj2Je6flpPm2CKoTfUE7a2yBBU3wPq3rGtsQgVxPAxHRZz7A -w4AjH3NM1Uo3etuiDnGkJAuoKKb1J4X3w2QlbwlR4cODLKhJXHIufwaGtRwEin9S -1l2bL8V3gy2Hv3D2t9TQZuR5NUHsibJRXLSa8WnSCcc6Bij5aqfdpYB+YvKH/rIm -GvYPmLZDfKGkx0JE4/qtfFjiPJ5VE7BxNyliEw/rnQsxWAGPqLlL61SD8w5jGkw3 -CinwO3sccTVcPz9b6A1RsbBVhTJJX5lcPn1lkOEVwQ7l8bRhOKCMe0P53qEDcLCd -KcXNnAFbVes9u+kfUQ4oxS0G2JS9ISVNmune+uv+JR7KqSdOuRYlyXA9uTjgWz4y -Cs7RS+CpkJFqrqOtS1rmuDW9Ea4PA8ygGlisM5d/AlVkniHz/2JYtgetiLCj9mfE -MzQpgnldNSPumKqJ3wwmCNisE+lXQ5UXCaoaeqF/qX1ykybQn41LQ+0xT5Uvy7sL -9IwGuQINBFXKsiIBEACg2mP3QYkXdgWTK5JyTGyttE6bDC9uqsK8dc1J66Tjd5Ly -Be0amO+88GHXa0o5Smwk2QNoxsRR41G/D/eAeGsuOEYnePROEr3tcLnDjo4KLgQ+ -H69zRPn77sdP3A34Jgp+QIzByJWM7Cnim31quQP3qal2QdpGJcT/jDJWdticN76a -Biaz+HN13LyvZM+DWhUDttbjAJc+TEwF9YzIrU+3AzkTRDWkRh4kNIQxjlpNzvho -9V75riVqg2vtgPwttPEhOLb0oMzy4ADdfezrfVvvMb4M4kY9npu4MlSkNTM97F/I -QKy90JuSUIjE05AO+PDXJF4Fd5dcpmukLV/2nV0WM2LAERpJUuAgkZN6pNUFVISR -+nSfgR7wvqeDY9NigHrJqJbSEgaBUs6RTk5hait2wnNKLJajlu3aQ2/QfRT/kG3h -ClKUz3Ju7NCURmFE6mfsdsVrlIsEjHr/dPbXRswXgC9FLlXpWgAEDYi9Wdxxz8o9 -JDWrVYdKRGG+OpLFh8AP6QL3YnZF+p1oxGUQ5ugXauAJ9YS55pbzaUFP8oOO2P1Q -BeYnKRs1GcMI8KWtE/fze9C9gZ7Dqju7ZFEyllM4v3lzjhT8muMSAhw41J22mSx6 -VRkQVRIAvPDFES45IbB6EEGhDDg4pD2az8Q7i7Uc6/olEmpVONSOZEEPsQe/2wAR -AQABiQIfBBgBAgAJBQJVyrIiAhsMAAoJEP0iAoWg/m1+niUQAKTxwJ9PTAfB+XDk -3qH3n+T49O2wP3fhBI0EGhJp9Xbx29G7qfEeqcQm69/qSq2/0HQOc+w/g8yy71jA -6rPuozCraoN7Im09rQ2NqIhPK/1w5ZvgNVC0NtcMigX9MiSARePKygAHOPHtrhyO -rJQyu8E3cV3VRT4qhqIqXs8Ydc9vL3ZrJbhcHQuSLdZxM1k+DahCJgwWabDCUizm -sVP3epAP19FP8sNtHi0P1LC0kq6/0qJot+4iBiRwXMervCD5ExdOm2ugvSgghdYN -BikFHvmsCxbZAQjykQ6TMn+vkmcEz4fGAn4L7Nx4paKEtXaAFO8TJmFjOlGUthEm -CtHDKjCTh9WV4pwG2WnXuACjnJcs6LcK377EjWU25H4y1ff+NDIUg/DWfSS85iIc -UgkOlQO6HJy0O96L5uxn7VJpXNYFa20lpfTVZv7uu3BC3RW/FyOYsGtSiUKYq6cb -CMxGTfFxGeynwIlPRlH68BqH6ctR/mVdo+5UIWsChSnNd1GreIEI6p2nBk3mc7jZ -7pTEHpjarwOjs/S/lK+vLW53CSFimmW4lw3MwqiyAkxl0tHAT7QMHH9Rgw2HF/g6 -XD76fpFdMT856dsuf+j2uuJFlFe5B1fERBzeU18MxML0VpDmGFEaxxypfACeI/iu -8vzPzaWHhkOkU8/J/Ci7+vNtUOZb -=Ld8S ------END PGP PUBLIC KEY BLOCK----- diff --git a/data/live-build-config/package-lists/vyos-base.list.chroot b/data/live-build-config/package-lists/vyos-base.list.chroot index 4ccc7f76..b20c2962 100644 --- a/data/live-build-config/package-lists/vyos-base.list.chroot +++ b/data/live-build-config/package-lists/vyos-base.list.chroot @@ -1,6 +1,4 @@ debconf -gpgv -gnupg vyos-1x vyos-user-utils zstd diff --git a/data/live-build-config/rootfs/excludes b/data/live-build-config/rootfs/excludes index a5fe41e5..558e637b 100644 --- a/data/live-build-config/rootfs/excludes +++ b/data/live-build-config/rootfs/excludes @@ -44,7 +44,8 @@ usr/games/* usr/local/games/* # T5511: We do not need any caches on the system (will be recreated when needed). -var/cache/* +# T7278: We need directory created by python3-cracklib for password checks +var/cache/!(cracklib) # T5511: We do not need any log-files on the system (will be recreated when needed). var/log/*.log diff --git a/docker/Dockerfile b/docker/Dockerfile index 71b1084b..36992bd2 100644 --- a/docker/Dockerfile +++ b/docker/Dockerfile @@ -255,6 +255,7 @@ RUN pip install --break-system-packages \ python3-netaddr \ python3-paramiko \ python3-passlib \ + python3-protobuf \ python3-tabulate \ python3-zmq \ pylint \ diff --git a/scripts/package-build/linux-kernel/.gitignore b/scripts/package-build/linux-kernel/.gitignore index f3a564a4..f1fb5374 100644 --- a/scripts/package-build/linux-kernel/.gitignore +++ b/scripts/package-build/linux-kernel/.gitignore @@ -9,6 +9,7 @@ /ovpn-dco /nat-rtsp* /jool* +/ipt-netflow* /qat* /QAT* *.tar.gz diff --git a/scripts/package-build/linux-kernel/build-ipt-netflow.sh b/scripts/package-build/linux-kernel/build-ipt-netflow.sh new file mode 100755 index 00000000..9c657676 --- /dev/null +++ b/scripts/package-build/linux-kernel/build-ipt-netflow.sh @@ -0,0 +1,65 @@ +#!/bin/sh +CWD=$(pwd) +KERNEL_VAR_FILE=${CWD}/kernel-vars + +IPT_NETFLOW_SRC=${CWD}/ipt-netflow +if [ ! -d ${IPT_NETFLOW_SRC} ]; then + echo "ipt_NETFLOW source not found" + exit 1 +fi + +if [ ! -f ${KERNEL_VAR_FILE} ]; then + echo "Kernel variable file '${KERNEL_VAR_FILE}' does not exist, run ./build_kernel.sh first" + exit 1 +fi + +cd ${IPT_NETFLOW_SRC} +if [ -d .git ]; then + git reset --hard HEAD + git clean --force -d -x +fi + +. ${KERNEL_VAR_FILE} + +DRIVER_VERSION=$(git describe | sed s/^v//) + +# Build up Debian related variables required for packaging +DEBIAN_ARCH=$(dpkg --print-architecture) +DEBIAN_DIR="tmp/lib/modules/${KERNEL_VERSION}${KERNEL_SUFFIX}/extra" +DEBIAN_CONTROL="${DEBIAN_DIR}/DEBIAN/control" +DEBIAN_POSTINST="${CWD}/vyos-ipt-netflow.postinst" + +./configure --enable-aggregation --kdir=${KERNEL_DIR} +make all + +if [ "x$?" != "x0" ]; then + exit 1 +fi + +if [ -f ${DEBIAN_DIR}.deb ]; then + rm ${DEBIAN_DIR}.deb +fi + +if [ ! -d ${DEBIAN_DIR} ]; then + mkdir -p ${DEBIAN_DIR} +fi + +# build Debian package +echo "I: Building Debian package vyos-ipt-netflow" +cp ipt_NETFLOW.ko ${DEBIAN_DIR} + +# Sign generated Kernel modules +${CWD}/sign-modules.sh ${DEBIAN_DIR} + +echo "#!/bin/sh" > ${DEBIAN_POSTINST} +echo "/sbin/depmod -a ${KERNEL_VERSION}${KERNEL_SUFFIX}" >> ${DEBIAN_POSTINST} + +cd ${CWD} + +fpm --input-type dir --output-type deb --name vyos-ipt-netflow \ + --version ${DRIVER_VERSION} --deb-compression gz \ + --maintainer "VyOS Package Maintainers <maintainers@vyos.net>" \ + --description "ipt_NETFLOW module" \ + --depends linux-image-${KERNEL_VERSION}${KERNEL_SUFFIX} \ + --license "GPL2" -C ${IPT_NETFLOW_SRC}/tmp --after-install ${DEBIAN_POSTINST} + diff --git a/scripts/package-build/linux-kernel/build.py b/scripts/package-build/linux-kernel/build.py index 6a43fc25..af610079 100755 --- a/scripts/package-build/linux-kernel/build.py +++ b/scripts/package-build/linux-kernel/build.py @@ -143,6 +143,8 @@ def build_package(package: dict, dependencies: list) -> None: build_realtek_r8152() elif package['build_cmd'] == 'build_jool': build_jool() + elif package['build_cmd'] == 'build_ipt_netflow': + build_ipt_netflow(package['commit_id'], package['scm_url']) elif package['build_cmd'] == 'build_openvpn_dco': build_openvpn_dco(package['commit_id'], package['scm_url']) create_tarball(f'{package["name"]}-{package["commit_id"]}', f'{package["name"]}') @@ -238,6 +240,11 @@ def build_jool(): """Build Jool""" run(['echo y | ./build-jool.py'], check=True, shell=True) +def build_ipt_netflow(commit_id, scm_url): + """Build ipt_NETFLOW""" + repo_dir = Path('ipt-netflow') + clone_or_update_repo(repo_dir, scm_url, commit_id) + run(['./build-ipt-netflow.sh'], check=True, shell=True) def build_openvpn_dco(commit_id, scm_url): """Build OpenVPN DCO""" diff --git a/scripts/package-build/linux-kernel/package.toml b/scripts/package-build/linux-kernel/package.toml index 2d80fdfe..0bbd6785 100644 --- a/scripts/package-build/linux-kernel/package.toml +++ b/scripts/package-build/linux-kernel/package.toml @@ -22,7 +22,6 @@ commit_id = "1.13.0" scm_url = "https://github.com/accel-ppp/accel-ppp.git" build_cmd = "build_accel_ppp" - [[packages]] name = "ovpn-dco" commit_id = "v0.2.20231117" @@ -35,7 +34,6 @@ commit_id = "475af0a" scm_url = "https://github.com/maru-sama/rtsp-linux.git" build_cmd = "build_nat_rtsp" - [[packages]] name = "qat" commit_id = "" @@ -77,3 +75,9 @@ name = "realtek-r8152" commit_id = "" scm_url = "" build_cmd = "build_realtek_r8152" + +[[packages]] +name = "ipt-netflow" +commit_id = "0eb2092e93" +scm_url = "https://github.com/aabc/ipt-netflow" +build_cmd = "build_ipt_netflow" |