diff options
Diffstat (limited to 'data')
35 files changed, 632 insertions, 671 deletions
diff --git a/data/architectures/amd64.toml b/data/architectures/amd64.toml index e85b4158..8676ad2f 100644 --- a/data/architectures/amd64.toml +++ b/data/architectures/amd64.toml @@ -1,15 +1,21 @@ -additional_repositories = [ - "deb [arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3005 bullseye main" -] - # Packages added to images for x86 by default packages = [ "grub2", "grub-pc", + "vyos-drivers-realtek-r8152", "vyos-linux-firmware", "vyos-intel-qat", "vyos-intel-ixgbe", "vyos-intel-ixgbevf", - "mlnx-ofed-kernel-modules", - "mlnx-tools", + "vyos-ipt-netflow", + "intel-microcode", + "amd64-microcode" ] + +[additional_repositories.salt] + architecture = "amd64" + url = "https://packages.vyos.net/saltproject/debian/11/amd64/3005" + distribution = "bullseye" + +[additional_repositories.zabbix] + url = "https://repo.zabbix.com/zabbix/6.0/debian" diff --git a/data/architectures/arm64.toml b/data/architectures/arm64.toml index 228d0f3f..4d8596c6 100644 --- a/data/architectures/arm64.toml +++ b/data/architectures/arm64.toml @@ -1,9 +1,13 @@ -additional_repositories = [ - "deb [arch=arm64] https://repo.saltproject.io/py3/debian/11/arm64/3005 bullseye main" -] - # Packages included in ARM64 images by default packages = [ "grub-efi-arm64", ] bootloaders = "grub-efi" + +[additional_repositories.salt] + architecture = "arm64" + url = "https://packages.vyos.net/saltproject/debian/11/arm64/3005" + distribution = "bullseye" + +[additional_repositories.zabbix] + url = "https://repo.zabbix.com/zabbix/6.0/debian-arm64" diff --git a/data/architectures/armhf.toml b/data/architectures/armhf.toml index de5e62f4..8cf2d763 100644 --- a/data/architectures/armhf.toml +++ b/data/architectures/armhf.toml @@ -1,5 +1,5 @@ additional_repositories = [ - "deb [arch=armhf] https://repo.saltproject.io/py3/debian/11/armhf/3005 bullseye main" + "deb [arch=armhf] https://packages.vyos.net/saltproject/debian/11/arm64/3005 bullseye main" ] # Packages included in armhf images by default diff --git a/data/build-flavors/README.md b/data/build-flavors/README.md deleted file mode 100644 index 19716255..00000000 --- a/data/build-flavors/README.md +++ /dev/null @@ -1,76 +0,0 @@ -# VyOS build flavors - -VyOS supports multiple different hardware and virtual platforms. -Those platforms often need custom packages and may require custom -configs. To make maintenance of existing flavors simpler -and to allow everyone to make and maintain their own flavors, -the build scripts support storing flavor configuration in [TOML](https://toml.io) files. - -Flavor files must be in `data/build-flavors`. Here's an example: - -```toml -# Generic (aka "universal") ISO image - -image_format = "iso" - -# Include these packages in the image regardless of the architecture -packages = [ - # QEMU and Xen guest tools exist for multiple architectures - "qemu-guest-agent", - "vyos-xe-guest-utilities", -] - -[architectures.amd64] - # Hyper-V and VMware guest tools are x86-only - packages = ["hyperv-daemons", "vyos-1x-vmware"] -``` - -## Image format - -The `image_format` option specifies the default format to build. - -```toml -image_format = "iso" -``` - -**Note:** currently, ISO is the only supported format, -support for different flavors is in progress. - -## Including custom packages - -If you want the build scripts to include custom packages from repositories -in the image, you can list them in the `packages` field. - -For example, this is how to include the GNU Hello package: - -```toml -packages = ['hello'] -``` - -It's possible to include packages only in images with certain build architectures -by placing them in a subtable. - -If you want to include GNU Hello only in AMD64 images, do this: - -```toml -[architectures.amd64] - packages = ['hello'] -``` - -## Including custom files - -You can include files inside the SquashFS filesystem by adding entries -to the `includes_chroot` array. - -```toml -[[includes_chroot]] - path = "etc/question.txt" - data = ''' -Can you guess how this file ended up in the image? - ''' - - path = "etc/answer.txt" - data = ''' -It was in the flavor file! - ''' -``` diff --git a/data/build-flavors/aws-iso.toml b/data/build-flavors/aws-iso.toml deleted file mode 100644 index e13ed59a..00000000 --- a/data/build-flavors/aws-iso.toml +++ /dev/null @@ -1,3 +0,0 @@ -image_format = "iso" - -packages = ["amazon-cloudwatch-agent"] diff --git a/data/build-flavors/azure-iso.toml b/data/build-flavors/azure-iso.toml deleted file mode 100644 index b4774483..00000000 --- a/data/build-flavors/azure-iso.toml +++ /dev/null @@ -1,5 +0,0 @@ -image_format = "iso" - -packages = ["waagent"] - - diff --git a/data/build-flavors/dell-vep1400.toml b/data/build-flavors/dell-vep1400.toml deleted file mode 100644 index 038cbe24..00000000 --- a/data/build-flavors/dell-vep1400.toml +++ /dev/null @@ -1,116 +0,0 @@ -# ISO image for Dell VEP4600 devices - -image_format = "iso" - -# Replace built-in NIC naming rules with empty files -# to prevent them from taking any effect - -[[includes_chroot]] - path = "lib/systemd/network/99-default.link" - data = '' - -[[includes_chroot]] - path = "lib/udev/rules.d/65-vyatta-net.rules" - data = '' - -[[includes_chroot]] - path = "lib/udev/rules.d/75-persistent-net-generator.rules" - data = '' - -# Install platform-specific link files - -[[includes_chroot]] - path = "etc/systemd/network/10-eth0-000.link" - data = ''' -[Match] -Path=pci-0000:05:00.1 -Driver=ixgbe - -[Link] -Name=eth0 -Alias=SFP+1 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth1-000.link" - data = ''' -[Match] -Path=pci-0000:05:00.0 -Driver=ixgbe - -[Link] -Name=eth1 -Alias=SFP+2 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth2-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.2 -Driver=igb - -[Link] -Name=eth2 -Alias=GE1 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth3-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.3 -Driver=igb - -[Link] -Name=eth3 -Alias=GE2 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth4-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.0 -Driver=igb - -[Link] -Name=eth4 -Alias=GE3 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth5-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.1 -Driver=igb - -[Link] -Name=eth5 -Alias=GE4 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth6-000.link" - data = ''' -[Match] -Path=pci-0000:07:00.1 -Driver=ixgbe - -[Link] -Name=eth6 -Alias=GE5 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth7-000.link" - data = ''' -[Match] -Path=pci-0000:07:00.0 -Driver=ixgbe - -[Link] -Name=eth7 -Alias=GE6 -''' diff --git a/data/build-flavors/dell-vep4600.toml b/data/build-flavors/dell-vep4600.toml deleted file mode 100644 index 50fdb4d2..00000000 --- a/data/build-flavors/dell-vep4600.toml +++ /dev/null @@ -1,267 +0,0 @@ -# ISO image for Dell VEP4600 devices - -image_format = "iso" - -# Replace built-in NIC naming rules with empty files -# to prevent them from taking any effect - -[[includes_chroot]] - path = "lib/systemd/network/99-default.link" - data = '' - -[[includes_chroot]] - path = "lib/udev/rules.d/65-vyatta-net.rules" - data = '' - -[[includes_chroot]] - path = "lib/udev/rules.d/75-persistent-net-generator.rules" - data = '' - -# Install platform-specific link files - -[[includes_chroot]] - path = "etc/systemd/network/10-eth0-000.link" - data = ''' -[Match] -Path=pci-0000:04:00.0 -Driver=igb - -[Link] -Name=eth0 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth0-001.link" - data = ''' -[Match] -Path=pci-0000:05:00.0 -Driver=igb - -[Link] -Name=eth0 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth10-000.link" - data = ''' -[Match] -Path=pci-0000:65:00.3 -Driver=i40e - -[Link] -Name=eth10 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth1-000.link" - data = ''' -[Match] -Path=pci-0000:b8:00.0 -Driver=i40e - -[Link] -Name=eth1 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth1-001.link" - data = ''' -[Match] -Path=pci-0000:b6:00.0 -Driver=i40e - -[Link] -Name=eth1 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth11-000.link" - data = ''' -[Match] -Path=pci-0000:17:00.0 -Driver=i40e - -[Link] -Name=eth11 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth12-000.link" - data = ''' -[Match] -Path=pci-0000:17:00.1 -Driver=i40e - -[Link] -Name=eth12 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth13-000.link" - data = ''' -[Match] -Path=pci-0000:17:00.2 -Driver=i40e - -[Link] -Name=eth13 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth14-000.link" - data = ''' -[Match] -Path=pci-0000:17:00.3 -Driver=i40e - -[Link] -Name=eth14 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth2-000.link" - data = ''' -[Match] -Path=pci-0000:b8:00.1 -Driver=i40e - -[Link] -Name=eth2 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth2-001.link" - data = ''' -[Match] -Path=pci-0000:b6:00.1 -Driver=i40e - -[Link] -Name=eth2 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth3-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.1 -Driver=igb - -[Link] -Name=eth3 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth4-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.0 -Driver=igb - -[Link] -Name=eth4 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth5-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.3 -Driver=igb - -[Link] -Name=eth5 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth6-000.link" - data = ''' -[Match] -Path=pci-0000:02:00.2 -Driver=igb - -[Link] -Name=eth6 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth7-000.link" - data = ''' -[Match] -Path=pci-0000:65:00.0 -Driver=i40e - -[Link] -Name=eth7 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth8-000.link" - data = ''' -[Match] -Path=pci-0000:65:00.1 -Driver=i40e - -[Link] -Name=eth8 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-eth9-000.link" - data = ''' -[Match] -Path=pci-0000:65:00.2 -Driver=i40e - -[Link] -Name=eth9 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-unused0-000.link" - data = ''' -[Match] -Path=pci-0000:b8:00.2 -Driver=i40e - -[Link] -Name=unused0 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-unused0-001.link" - data = ''' -[Match] -Path=pci-0000:b6:00.2 -Driver=i40e - -[Link] -Name=unused0 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-unused1-000.link" - data = ''' -[Match] -Path=pci-0000:b8:00.3 -Driver=i40e - -[Link] -Name=unused1 -''' - -[[includes_chroot]] - path = "etc/systemd/network/10-unused1-001.link" - data = ''' -[Match] -Path=pci-0000:b6:00.3 -Driver=i40e - -[Link] -Name=unused1 -''' - -[[includes_chroot]] - path = "etc/systemd/network/99-default.link" - data = ''' -''' diff --git a/data/build-flavors/edgecore.toml b/data/build-flavors/edgecore.toml deleted file mode 100644 index efea4863..00000000 --- a/data/build-flavors/edgecore.toml +++ /dev/null @@ -1,46 +0,0 @@ -# ISO image for EdgeCore routers - -image_format = "iso" - -# udev rules for correct ordering of onboard NICs -[[includes_chroot]] - path = "lib/udev/rules.d/64-vyos-SAF51015I-net.rules" - data = ''' -ATTR{[dmi/id]board_name}!="SAF51015I-0318-EC", GOTO="end_ec_nic" - -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.0", ENV{VYOS_IFNAME}="eth1" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:03:00.0", ENV{VYOS_IFNAME}="eth2" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:04:00.0", ENV{VYOS_IFNAME}="eth3" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.0", ENV{VYOS_IFNAME}="eth4" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.0", ENV{VYOS_IFNAME}="eth5" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.1", ENV{VYOS_IFNAME}="eth6" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.2", ENV{VYOS_IFNAME}="eth7" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:06:00.3", ENV{VYOS_IFNAME}="eth8" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0a:00.0", ENV{VYOS_IFNAME}="eth9" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0a:00.1", ENV{VYOS_IFNAME}="eth10" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0b:00.0", ENV{VYOS_IFNAME}="eth11" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:0b:00.1", ENV{VYOS_IFNAME}="eth12" - -LABEL="end_ec_nic" - -''' - -[[includes_chroot]] - path = "lib/udev/rules.d/64-vyos-SAF51003I-net.rules" - data = ''' -ATTR{[dmi/id]board_name}!="SAF51003I", GOTO="end_ec_nic" - -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.0", ENV{VYOS_IFNAME}="eth1", ATTR{ifalias}="LAN1" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.1", ENV{VYOS_IFNAME}="eth2", ATTR{ifalias}="LAN2" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.2", ENV{VYOS_IFNAME}="eth3", ATTR{ifalias}="LAN3" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:02:00.3", ENV{VYOS_IFNAME}="eth4", ATTR{ifalias}="LAN4" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.0", ENV{VYOS_IFNAME}="eth5", ATTR{ifalias}="LAN5" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.1", ENV{VYOS_IFNAME}="eth6", ATTR{ifalias}="LAN6" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.2", ENV{VYOS_IFNAME}="eth7", ATTR{ifalias}="LAN7" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:05:00.3", ENV{VYOS_IFNAME}="eth8", ATTR{ifalias}="LAN8" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:08:00.0", ENV{VYOS_IFNAME}="eth9", ATTR{ifalias}="DMZ" -ACTION=="add", SUBSYSTEM=="net", KERNELS=="0000:08:00.1", ENV{VYOS_IFNAME}="eth10", ATTR{ifalias}="WAN" - -LABEL="end_ec_nic" - -''' diff --git a/data/build-flavors/generic.toml b/data/build-flavors/generic.toml index 9bf7044d..f49a83c8 100644 --- a/data/build-flavors/generic.toml +++ b/data/build-flavors/generic.toml @@ -1,14 +1,3 @@ # Generic (aka "universal") ISO image image_format = "iso" - -# Include these packages in the image regardless of the architecture -packages = [ - # QEMU and Xen guest tools exist for multiple architectures - "qemu-guest-agent", - "vyos-xe-guest-utilities", -] - -[architectures.amd64] - # Hyper-V and VMware guest tools are x86-only - packages = ["hyperv-daemons", "vyos-1x-vmware"] diff --git a/data/build-flavors/xcpng.toml b/data/build-flavors/xcpng.toml deleted file mode 100644 index 3a04177f..00000000 --- a/data/build-flavors/xcpng.toml +++ /dev/null @@ -1,6 +0,0 @@ -# Installation ISO for the XCP-ng virtualization platform - -image_format = "iso" - -# Include these packages in the image -packages = ["xe-guest-utilities"] diff --git a/data/build-types/development.toml b/data/build-types/development.toml index f0207a6a..16ed483e 100644 --- a/data/build-types/development.toml +++ b/data/build-types/development.toml @@ -6,3 +6,73 @@ packages = [ "vim", "vyos-1x-smoketest" ] + +[[includes_chroot]] + path = 'usr/share/vyos/EULA' + data = ''' +VyOS ROLLING RELEASE END USER LICENSE AGREEMENT + +PLEASE READ THIS AGREEMENT CAREFULLY BEFORE INSTALLING AND/OR USING VyOS ROLLING RELEASE. +IF YOU DO NOT ACCEPT THE TERMS OF THIS AGREEMENT, THEN YOU MUST NOT USE VyOS ROLLING RELEASE. + +I. This End-User License Agreement (“Agreement”) is a legal document between you and VyOS Inc. +(a company organized and existing under the laws of California, +having its registered office at 12585 Kirkham Ct, Suite 1, Poway, California 92604) +that governs your use of VyOS Rolling Release, available at vyos.io website. + +II. By downloading, installing and using VyOS Rolling Release you: +- irrevocably agree to comply with all applicable laws, restrictions, + regulations, rules, the GNU GPL and other applicable licenses, and with this Agreement; +- confirm you have all legal rights to enter into this Agreement + and your authority is not limited by any legal means; +- obligate to certainly, indisputably and immediately + (but in any case at the first request of the VyOS Inc.) + compensate for any damage, if such is caused to the VyOS Inc. by your actions; +- assure and enforce any third party you grant access to Rolling Release + will bear the same amount of obligations. + For the purpose of this Agreement such third party will be referred to also as “you”. + +III. VyOS Rolling Release (“Rolling Release”) are copyrighted works +released under the terms of the GNU General Public License (GPL) +and other licenses approved by the Open Source Initiative (www.opensource.org), +(hereinafter, the “Public Licenses”). +Verbatim copies of such works may be made and distributed, by anyone, +in accordance with the terms of the GPL and the Public Licenses. +The GPL and the Public Licenses also grant you certain rights +to make and distribute derivative works based on the source code to Rolling Release. + +You can redistribute and/or modify the Rolling Release under the terms of the GPL and the Public Licenses. +You may obtain a copy of the source code corresponding to the binaries for the Rolling Release +from public Git repositories as https://github.com/vyos + +The GPL and the Public Licenses do not grant you any right, license or interest to use “VyOS” trademarks and logos, +that are trademarks or registered trademarks in the US, EU and other countries, +in connection with these derivative works. +VyOS trademarks may not be used in connection with any such derivative works +unless that usage is explicitly and specifically permitted, in writing. +Otherwise, You must modify the files identifiable as VyOS logos and VyOS trademarks +so as to remove all use of images containing them. +Note that mere deletion of these files may corrupt the Rolling Release. + +IV. Under no circumstances VyOS Inc. will be liable to you for any damages, +however caused or arising in any way out of the use of +or of inability to use the Rolling Release. +VyOS Inc. provides no warranty for Rolling Release. + +V. This Agreement comes into force upon your acceptance in the form of downloading, +installing or using Rolling Release (whatever happens first) and remains valid until termination. +This Agreement shall terminate immediately if you violate any applicable law, +restriction, regulation, rule, GPL or other applicable license, or any provision of this Agreement. +Upon termination of this Agreement you shall discontinue to use Rolling Release +and delete it as well as all copies you made from all storage devices. + +VI. This Agreement may be amended by VyOS Inc. at any time and brought to your attention +by publication on vyos.io website with enter into force immediately after such publication. + +VII. This Agreement, and any dispute or claim arising out of or in connection with it, +shall be governed by, and construed in accordance with the laws of California. +The courts of California shall have exclusive jurisdiction to settle any dispute or claim. + +For more information or any other query please contact VyOS Inc. at: legal@vyos.io + +''' diff --git a/data/build-types/release.toml b/data/build-types/release.toml index e69de29b..5b460be9 100644 --- a/data/build-types/release.toml +++ b/data/build-types/release.toml @@ -0,0 +1,441 @@ +[[includes_chroot]] + path = 'usr/share/vyos/EULA' + data = ''' +VyOS END USER LICENSE AGREEMENT + +PLEASE READ THIS END USER LICENSE AGREEMENT (EULA, THIS ‘AGREEMENT') CAREFULLY +BEFORE USING VYOS FROM US. BY USING VYOS, YOU ("YOU", "LICENSEE", "CUSTOMER") +SIGNIFY YOUR ASSENT TO AND ACCEPTANCE OF THIS END USER LICENSE AGREEMENT AND +ACKNOWLEDGE YOU HAVE READ AND UNDERSTAND THE TERMS. THIS AGREEMENT IS +ENFORCEABLE AGAINST ANY PERSON OR ENTITY THAT USES THE SOFTWARE AND ANY PERSON +OR ENTITY (E.G., SYSTEMS INTEGRATOR, CONSULTANT OR CONTRACTOR) THAT USES THE +SOFTWARE ON ANOTHER PERSON'S OR ENTITY'S BEHALF. IF YOU DO NOT ACCEPT THE TERMS +OF THIS AGREEMENT, THEN YOU MUST NOT USE THE SOFTWARE. THE EFFECTIVE DATE OF +THIS AGREEMENT IS THE EARLIEST OF THE START DATE OF SERVICES STATED IN OUR +INVOICE, PREVIOUS ACCEPTANCE OF THIS AGREEMENT (OR OUR BUSINESS PARTNER'S ORDER +OR/AND INVOICE, PREVIOUS ACCEPTANCE OF THIS AGREEMENT) OR THE DATE THAT +CUSTOMER HAS ACCESS AND IS ABLE TO USE OUR PRODUCTS OR SERVICES. THIS END USER +LICENSE AGREEMENT DOES NOT COVER ANY SERVICES FROM US, OR THROUGH OUR BUSINESS +PARTNER, OTHER THAN ACCESS TO THE SOFTWARE, SUCH AS TECHNICAL SUPPORT, UPGRADES +OR SUPPORT SERVICES. PLEASE REVIEW YOUR SERVICES OR SUBSCRIPTION AGREEMENT(S) +THAT YOU MAY HAVE WITH US OR OTHER AUTHORIZED VYOS SERVICES PROVIDER OR +BUSINESS PARTNER REGARDING THE SOFTWARE AND SERVICES AND ASSOCIATED PAYMENTS. + +1. Definitions + +1.1 "We, Our, Us" means VyOS Contracting Entity defined in Section 13. + +1.2 "VyOS" or "Software" means VyOS software provided by Us (or authorized +services provider or business partner) and consisting of VyOS software +application (exclusively or along with any third-party software included +therein or therewith) that includes or refers to this Agreement and any related +documentation (including, without limitation, user and technical documentation, +further explanatory written materials related to the Software, etc.), services +(including, without limitation, SaaS, internet-based service, etc.), tool, +application, component, object code, source code, appearance (including, +without limitation, images, designs, fonts, etc.), structure as well as any +modification +and update thereof, regardless of the delivery mechanism. + +"Services" means software support services and any other services provided by +Us, or through Our Business Partner, on a subscription basis. + +1.3 "Authorized Users" means employees or individual contractors to whom, +pursuant to this Agreement, the Licensee has granted a right to access and use +the Software with your credentials, provided that such access shall be for your +sole benefit and in full compliance with this EULA. + +All Authorized Users are bound by the terms of this Agreement. + +1.4 "Cloud Provider" means authorized hosting partner's cloud marketplace +platform, a company that delivers cloud computing based services, resources and +solutions to businesses and/or offers solutions via the cloud marketplace. + +1.5 "Business Partner" shall mean Our authorized sales agent, partner, Cloud +Provider reseller or distributor of the Software and Our Services authorized to +sell Software and Services via our subscriptions. Purchases through or by a +Business Partner. In instances where Customer purchases through a Business +Partner, final prices and terms and conditions of sale will be as agreed +between Customer and the Business Partner from which Customer makes such +purchases; however, the terms set forth in this EULA are applicable to +Customer's use and the performance of VyOS. Customer acknowledges that: +(a) We may share information with the Business Partner related to Customer's + use and consumption of VyOS, and vice versa, for account management and + billing purposes; +(b) the termination provisions below will also apply if Customer's Business + Partner fails to pay Us applicable fees; and +(c) Business Partner is not authorized to make any changes to this EULA or + otherwise authorized to make any warranties, representations, promises or + commitments on Our behalf or in any way concerning the VyOS. + +"Business Partner's order" means the ordering document(s), issued during Your +purchasing process by Our Business Partner in a way and manner as defined by +Our Business Partner. Business Partner's order may describe specific Software +and Services, Subscription(s), associated fees, payment terms, and shall be +subject to the terms of this Agreement and EULA. + +1.6 "Customer", "You", "Licensee", "Your" - user of VyOS and its heirs, agents, +successors, assigns and - for the purpose of Global subscription - its +Affiliates. + +2. License Grant + +Subject to the following terms, We grant to You a perpetual, worldwide license +to the Software (most of which includes multiple software components) pursuant +to different open sourced and public licenses. The license agreement for each +software component is located in the software component's source code and +permits you to run, copy, modify, and redistribute the software component +(subject to certain obligations in some cases), both in source code and binary +code forms, with the exception of the images identified in Section 4 below. You +shall either agree to the terms of each applicable public license or You must +not install/use those components or exercise such licensed rights. + +This EULA pertains solely to the Software and does not limit your rights under, +or grant you rights that supersede, the license terms of any particular +component. + +2.1 Limited Modifications. For the avoidance of doubt, Licensee is permitted to +use VyOS from Us in accordance with VyOS terms and conditions and on the +specific quotation, purchase order and/or the subscription or customized +agreements, if any. Any other modifications of VyOS terms and conditions won't +be allowed, except as expressly authorized through a separate custom agreement, +unless otherwise defined by this Agreement, specific quotation, purchase order +and/or the subscription or customized agreements. + +2.2 No Unbundling. Nonetheless, the Software is designed and provided to +Licensee solely as permitted herein. Licensee shall not unbundle or repackage +the Software for distribution, transfer or other disposition, unless otherwise +specified by this Agreement. + +3. Prohibited Use and Allowed Use + +3.1 Except as expressly authorized through a separate custom agreement, +Licensee and the Authorized Users are prohibited from: +(a) using the Software on behalf of third parties; +(b) sublicensing, licensing, renting, leasing, lending or granting other rights + in the Software including rights on a membership or subscription basis; +(c) providing use of the Software in a service bureau arrangement, outsourcing + or on a time sharing basis; +(d) interfere with or disrupt the Software or systems used to provide the VyOS + or other equipment or networks connected; +(e) circumvent or disclose the user authentication or security of the Software + or any host, network, or account related thereto or attempt to gain + unauthorized access; +(f) store or transmit SPAM or malicious code; +(g) duplicate the Software or publish the Software for others to copy; +(h) infringe the intellectual property rights of any entity or person; or +(i) make any use of the Software that violates any applicable local, state, + national, international or foreign law or regulation. + +For more information about how to obtain a custom agreement, please contact us +at: sales@vyos.io. + +3.2 The following uses of the Software shall be allowed: +(a) any lab setup within the Licensee or on an Authorized User's personal + device, for the purpose of learning, testing, or debugging company network + configs, and +(b) any use in Authorized User's personal home networks, including but not + limited to Internet access, corporate VPN access, learning and + experimentation. + +4. Intellectual Property Rights + +The Software and each of their components are owned by Us and other licensors +and are protected under copyright law and other laws as applicable. Title to +the Software and any component and systems, or to any copy or modification +shall remain with Us and other licensors, subject to the applicable license. +The "VyOS" mark, the individual Software marks, and the "VyOS" logo are +trademarks or registered trademarks in the EU, US and other countries. Artwork +files that feature the VyOS logo, including but not limited to boot splash +images and user interface elements, are Our property, distributed on the "all +rights reserved" basis. You cannot redistribute those files separately or as +part of Software without an express permission from the copyright holder. By +accepting this Agreement You commit not to register or request registration of +any commercial name, domain name, email, trademark, symbol or distinctive; +sign, with similar characteristics, color, typography, style or appearance or +that includes the word "VyOS" or/and VyOS logo. + +This EULA does not permit you to distribute the Software using VyOS trademarks, +regardless of whether the Software has been modified. You may make a commercial +redistribution of the Software only if +(a) permitted under a separate written agreement with Us authorizing such + commercial redistribution or +(b) you remove and replace all Our occurrences and VyOS trademarks and logos. + +Modifications to the software may corrupt the Software. + +4.1 The Licensee grants Us a right to use its logos and trademarks for the +purpose of displaying their Licensee status on the VyOS website, and for the +purposes specified in VyOS Subscription Agreement. We will not claim that the +Licensee endorses VyOS and will not publicize any details of Licensee's VyOS +usage, network setup, or any other information not explicitly provided by the +Licensee for public release. + +4.1.1 The Licensee can revoke Our right to use Licensee's trademarks and logos +at any time, unless otherwise agreed in VyOS Subscription Agreement, or Our +Quotation. + +5. Updates + +Along with all software update subscriptions, We provide security updates, +hot-fixes and security advisory notifications before public disclosure +(herein after collectively referred to as the "Updates"). You expressly +acknowledge and agree that We have no obligation to make available and/or +provide any Updates. All upgrades and Updates are provided by Us or through +Our Business Partners to Licensee at Our sole discretion and are subject to +the terms of this Agreement on a license exchange basis. Any obligations that +We may have to support previous versions during the license term may end upon +the availability of this update. Upgrades and Updates may be licensed to +Licensee by Us with additional or different terms. + +6. Support + +This agreement does not automatically entitle the Licensee to any support for +the Software provided by Us or through Our Business Partners unless otherwise +specified in the subscription terms. For the avoidance of doubt, We have no +liability and provide no support for any hardware or any cloud marketplace +services provided by any Business Partner or Cloud Provider. Where available, +maintenance and support may be purchased separately subject to a separate +VyOS's support services included subscriptions. + +Support for software built from source code by a party other than Us, with or +without modifications made by the Licensee or a third party, is provided only +through separate agreements. + +For more information about how to obtain a VyOS's software and support services +included subscriptions, please contact us at: sales@vyos.io. + +7. Term and Termination. + +This Agreement begins on the Effective Date and shall remain in effect until +terminated due to +(a) Licensee fails to pay the fees amounts associated to Our subscriptions + when due or otherwise materially breaches this Agreement, specific + quotation, purchase order and/or the subscription or customized agreements + and fails to remedy the breach within ten (10) days from the receipt of a + notification sent in writing or electronically, +(b) Licensee's deactivation or subscription cancellation of the Software, +(c) Licensee fails to pay the Business Partner, or terminate the agreement with + a Business Partner, or Business Partner fails to pay Us the applicable fees + of your Software and/or Services, or +(d) We change, cease to provide or discontinue the Software at any time. + +Upon the occurrence of (a), (b), (c) or (d), above, We are entitled to +terminate this Agreement. Upon termination of this Agreement for any reason, +Licensee shall discontinue use of the Software. If you have copies of the +Software obtained when You still had an active subscription, you can keep using +them indefinitely as long as you comply with this Agreement and VyOS +Subscription Agreement, in particular - with Section 4 above and provided this +is not intended to interfere with any rights you may have from other public +and open source licenses.Termination shall not, however, relieve either party +of obligations incurred prior to the termination. The following Sections shall +survive termination of this Agreement: Definitions, Intellectual Property +Rights, Limited Warranty, Limitation of Remedies and Liability, General, Term +and Termination, and others which by their nature are intended to survive. + +8. Limited Warranty + +Except as specifically stated in this Section 8, a separate agreement with Us, +or a license for a particular component, to the maximum extent permitted under +applicable law, the Software and the components are provided and licensed +"as is" without warranty of any kind, express or implied, including the +implied warranties of merchantability, non-infringement, integration, quiet +enjoyment, satisfactory quality or fitness for a particular purpose. Neither +Us nor Our affiliates and Business Partners warrant that the Software will +meet your requirements, will be uninterrupted, timely, secure; that the +operation of the Software will be entirely error-free, appear or perform +precisely as described in the accompanying documentation, or comply with +regulatory requirements; that the results that may be obtained from the use of +the Software will be effective, accurate or reliable; the quality of the +Software will meet your expectations; or that any errors or defects in the +Software will be corrected. This warranty extends only to the party that +purchases subscription services for the Software from Us and/or Our affiliates +or a Our authorized Business Partner. + +We and Our affiliates specifically disclaim any liability with regard to any +actions resulting from your use of the Software. Any material downloaded or +otherwise obtained through use of the Software is accessed at your own +discretion and risk, and you will be solely responsible for any damage to your +computer system or loss of data that results from use of the Software. We and +Our affiliates assume no liability for any malicious software that may be +downloaded to your computer as a result of your use of the Software. + +We will not be liable for any loss that you may incur as a result of a third +party using your password or account or account information in connection with +the Software, either with or without your knowledge. + +Licensee assumes the entire cost of all necessary servicing, repair, or +correction of problems caused by viruses or other harmful components; We +disclaim and makes no warranties or representations as to the accuracy, +quality, reliability, suitability, completeness, truthfulness, usefulness, or +effectiveness of the outputs, logs, reports, data, results or other information +obtained, generated or otherwise received by Licensee from accessing and/or +using the Software or otherwise resulting from this Agreement; and Licensee +shall use the Software at its own risk and in no event shall We be liable to +Licensee for any loss or damage of any kind (except personal injury or death +resulting from Our negligence, fraud or fraudulent misrepresentation and any +other liability that cannot be excluded by law) arising from Licensee's use of +or inability to use the Software or from faults or defects in the Software +whether caused by negligence or otherwise. + +Licensee agrees to defend, indemnify and hold Us harmless from any losses, +liabilities, damages, actions, claims or expenses (including legal fees and +court costs) arising or resulting from Licensee's breach of any term of this +agreement or caused by acts or omissions performed by licensee. + +Some jurisdictions do not allow the exclusion of certain warranties, the +limitation or exclusion of implied warranties, or limitations on how long an +implied warranty may last, so the above limitations may not apply to you. + +9. Limitation of Remedies and Liability + +To the maximum extent permitted under applicable law, under no circumstances +will We, Our affiliates, any of Our authorized Business Partner, or the +licensor of any component provided to you under this EULA be liable to you for +any direct, indirect, incidental, special, exemplary, punitive, or +consequential damages (including, but not limited to, procurement of substitute +goods or services, computer failure or malfunction, loss of data or profits, +business interruption, etc.) however caused and on any theory of liability, +whether in contract, strict liability, or tort (including negligence or +otherwise) arising in any way out of the use of the software or inability to +use the software, even if We, Our affiliates, an authorized Business Partner, +and/or licensor are aware of or have been advised of the possibility of such +damage. To the extent permitted by law and as the maximum aggregate liability, +Our or Our affiliates' liability, an authorized Business Partner's liability +or the liability of the licensor of a component provided to you under or in +connection with this EULA will be limited to the lesser of either five hundred +United States dollars ($500) or the fees paid by the Licensee or by Business +Partner and received by Us for the Software and attributable to the 6 month +period immediately preceding the first event giving rise to such liability. The +limitations and exclusions in this section apply to the maximum extent +permitted by applicable law in your jurisdiction. Some jurisdictions prohibit +the exclusion or limitation of liability for incidental, consequential or +punitive damages. Accordingly, the limitations and exclusions set forth above +may not apply to you. + +10. Compliance and Export Control + +You understand that countries may restrict the import, use, export, re-export +or transfer of encryption products and other controlled materials (which may +include the Software or related technical information licensed hereunder). You +agree to comply with export regulations by the Bureau of Industry and Security +of the U.S. Department of Commerce and all applicable laws, restrictions and +regulations in Your use of the Software, including but not limited to export +restrictions of various countries that the Software may be subject to, and +personal data protection regulations. You should comply with and oblige to +secure Us from any breach of any law and regulation, from any claim or +litigation arising as a result of such breach and to reimburse Us any loss, +resulting from such breach. You will not use the Software for a prohibited use. +10.1 Sanctions compliance. You undertake to follow that You and any person, +allowed to use the Software and the Services by You, is not a subject or the +target of sanctions, embargoes and restrictive measures ("Sanctions"), +administered by the Office of Foreign Assets Control of the U.S. Department of +the Treasury or the U.S. Department of State, the United Nations Security +Council, the European Union, Her Majesty's Treasury of the United Kingdom, +Department of Foreign Affairs and Trade of the Australian Federal Government, +or other relevant sanctions authority ("Sanctioning Authorities"). + +You undertake to comply with all the abovementioned Sanctions in all possible +ways to keep Us harmless and oblige to immediately terminate relations with +any person that becomes (or is) subject or target of any of the abovementioned +Sanctions, or assists anybody to evade or violate the above mentioned Sanctions. + +11. Third-Party Beneficiary + +Licensee acknowledges and agrees that Our licensors (and/or Us if Licensee +obtained the Software from any party other than Us) are third party +beneficiaries of this Agreement, with the right to enforce the obligations set +forth herein with respect to the respective technology of such licensors and/or +Ours. + +12. Third-party components, contributions and software programs + +We do not assert any Intellectual Property Rights over: +(a) components created by third parties that may be taken from upstream + sources in binary form compiled by Us from the source code; +(b) source code and documentation of the Software, which is develope + ollaboratively and is open to contributions by parties not affiliated with + Us (to such purpose, contributors give Us non-exclusive rights according + to the licenses of the Software and documentation); +(c) third parties software or programs included therein or therewith the + Software. + +13. General + +If any provision of this EULA is held to be unenforceable, the enforceability +of the remaining provisions shall not be affected. + +Updates and upgrades may be licensed to Licensee by Us with additional or +different terms. + +You are not allowed to transfer or assign this EULA or any rights hereunder, +unless with Our previous written consent. Please inform Us of Your intention +to transfer or assign in advance so We can respond accordingly. Conversely, We +may transfer, assign, sublicense or delegate the EULA or any portions thereof, +without restriction. We also may subcontract any performance associated with +the Software to third parties, provided that such subcontract does not relieve +Us of any of Our obligations under this EULA. + +Licensee may not sublicense, transfer or assign, whether voluntarily or by +operation of law, any right or license in or to the Software. Any attempted +sublicense, transfer or assignment shall be void. + +We may, from time-to-time modify this agreement. + +Licensee shall comply with all applicable laws and regulations pertaining to +this Agreement + +This Agreement, along with a VyOS Subscription Agreement, Privacy Policy and +Terms and Conditions, any quotation, purchase order and services level +agreement, if applicable, and any other documents deemed to be incorporated by +reference in it, constitutes the entire agreement between the parties with +respect to its subject matter and it supersedes all prior or contemporaneous +agreements concerning such matter. If you order VyOS from a Business Partner, +then any agreement that you enter into with a Business Partner is solely +between you and a Business Partner and will not be binding on Us. + +In the table below, "Customer Location" refers to where Customer is located +(as determined by Customer's business address on the invoice) and determines +which table row applies to Customer: + +Customer Location* VyOS Contracting Entity Governing Law Venue/Courts +================== ======================= ============= ============ +North & South America VyOS Inc California Poway + +EEA & UK VyOS EMEA Operations Ireland Cork +(except Spain & Portugal) Limited + +Spain, Andorra & Portugal VyOS Networks Iberia SLU Spain Madrid + +Asia & Oceania VyOS APAC Pty Ltd Australia Sydney + +Non-EEA parts of Europe, VyOS Networks Cyprus Cyprus Limassol +Middle East, & Africa Limited +(except Andorra) + +*all sales via Cloud Providers are generally done by VyOS Inc., unless +otherwise decided by Us regardless of Customer location. + +References to "We", "Our", "Us" are references to the applicable VyOS +Contracting Entity specified in the Contracting Entity Table, unless otherwise +has been decided for operational purposes, in the Quotation and in the invoice. +The Services are provided by that VyOS Contracting Entity. + +This Agreement, and any disputes arising out of or related hereto, will be +governed exclusively by the applicable governing law above, without giving +effect to any of its conflicts of laws, rules or principles. The courts located +in the applicable venue above will have exclusive jurisdiction to adjudicate +any dispute arising out of or relating to this Agreement or its formation, +interpretation, or enforcement. Each party hereby consents and submits to the +exclusive jurisdiction of such courts. Before resorting to any external dispute +resolution mechanisms, the parties agree to use their best efforts in good +faith to settle any dispute in relation to the Agreement. + +We may, in our sole discretion, amend this EULA at any time by posting a +revised version thereof on Our website and, by updating the "last updated" +date on the applicable page, or by providing reasonable notice. Your continued +use of the Software following changes to the Agreement after the effective +date of a revised version thereof constitutes Your expressed acceptance of and +the agreement to be bound by the Agreement and its future versions or updates. + +''' diff --git a/data/build-types/stream.toml b/data/build-types/stream.toml new file mode 100644 index 00000000..f0207a6a --- /dev/null +++ b/data/build-types/stream.toml @@ -0,0 +1,8 @@ +packages = [ + "gdb", + "strace", + "apt-rdepends", + "tshark", + "vim", + "vyos-1x-smoketest" +] diff --git a/data/certificates/.gitignore b/data/certificates/.gitignore new file mode 100644 index 00000000..c996e507 --- /dev/null +++ b/data/certificates/.gitignore @@ -0,0 +1 @@ +*.key diff --git a/data/defaults.toml b/data/defaults.toml index efe6399f..662e864f 100644 --- a/data/defaults.toml +++ b/data/defaults.toml @@ -9,12 +9,12 @@ debian_security_mirror = "http://deb.debian.org/debian-security" debian_archive_areas = "main contrib non-free non-free-firmware" -vyos_mirror = "https://rolling-packages.vyos.net/current" +vyos_mirror = "https://packages.vyos.net/repositories/current" vyos_branch = "current" release_train = "current" -kernel_version = "6.6.51" +kernel_version = "6.6.89" kernel_flavor = "vyos" bootloaders = "syslinux,grub-efi" diff --git a/data/live-build-config/archives/buster.list.chroot b/data/live-build-config/archives/buster.list.chroot deleted file mode 100644 index 06eb2dab..00000000 --- a/data/live-build-config/archives/buster.list.chroot +++ /dev/null @@ -1,3 +0,0 @@ -deb http://deb.debian.org/debian/ buster main non-free -deb http://deb.debian.org/debian/ buster-updates main non-free -deb http://security.debian.org/debian-security buster/updates main non-free diff --git a/data/live-build-config/archives/buster.pref.chroot b/data/live-build-config/archives/buster.pref.chroot deleted file mode 100644 index 8caa1e6d..00000000 --- a/data/live-build-config/archives/buster.pref.chroot +++ /dev/null @@ -1,11 +0,0 @@ -Package: bash -Pin: release n=buster -Pin-Priority: 600 - -Package: bash-completion -Pin: release n=buster -Pin-Priority: 600 - -Package: * -Pin: release n=buster -Pin-Priority: -10 diff --git a/data/live-build-config/archives/zabbix-official-repo.key.chroot b/data/live-build-config/archives/zabbix-official-repo.key.chroot Binary files differnew file mode 100644 index 00000000..660c453a --- /dev/null +++ b/data/live-build-config/archives/zabbix-official-repo.key.chroot diff --git a/data/live-build-config/hooks/live/01-live-serial.binary b/data/live-build-config/hooks/live/01-live-serial.binary index e138b20d..05785da7 100755 --- a/data/live-build-config/hooks/live/01-live-serial.binary +++ b/data/live-build-config/hooks/live/01-live-serial.binary @@ -10,22 +10,22 @@ SERIAL_CONSOLE="console=tty0 console=ttyS0,115200" GRUB_MENUENTRY=$(sed -e '/menuentry.*hotkey.*/,/^}/!d' -e 's/--hotkey=l//g' $GRUB_PATH) # Update KVM menuentry name -sed -i 's/"Live system \((.*-vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH +sed -i 's/"Live system \((.*vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH # Insert serial menuentry echo "$GRUB_MENUENTRY" | sed \ - -e 's/"Live system \((.*-vyos)\)"/"Live system \1 - Serial console"/' \ + -e 's/"Live system \((.*vyos)\)"/"Live system \1 - Serial console"/' \ -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $GRUB_PATH # Live.cfg Update ISOLINUX_MENUENTRY=$(sed -e '/label live-\(.*\)-vyos$/,/^\tappend.*/!d' $ISOLINUX_PATH) # Update KVM menuentry name -sed -i 's/Live system \((.*-vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH +sed -i 's/Live system \((.*vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH # Insert serial menuentry echo "\n$ISOLINUX_MENUENTRY" | sed \ -e 's/live-\(.*\)-vyos/live-\1-vyos-serial/' \ -e '/^\tmenu default/d' \ - -e 's/Live system \((.*-vyos)\)/Live system \1 - Serial console/' \ + -e 's/Live system \((.*vyos)\)/Live system \1 - Serial console/' \ -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $ISOLINUX_PATH diff --git a/data/live-build-config/hooks/live/100-remove-dropbear-keys.chroot b/data/live-build-config/hooks/live/100-remove-dropbear-keys.chroot new file mode 100644 index 00000000..20d8a670 --- /dev/null +++ b/data/live-build-config/hooks/live/100-remove-dropbear-keys.chroot @@ -0,0 +1,7 @@ +#!/bin/sh + +# Delete Dropbear SSH keys that might be generated +# by postinst scripts +# to prevent non-unique keys from appearing in images + +rm -f /etc/dropbear/dropbear_*_host_key diff --git a/data/live-build-config/hooks/live/18-enable-disable_services.chroot b/data/live-build-config/hooks/live/18-enable-disable_services.chroot index 26c7f094..1a464404 100755 --- a/data/live-build-config/hooks/live/18-enable-disable_services.chroot +++ b/data/live-build-config/hooks/live/18-enable-disable_services.chroot @@ -1,6 +1,8 @@ #!/bin/sh echo I: Disabling services +systemctl disable syslog.service +systemctl disable rsyslog.service systemctl disable arpwatch.service systemctl disable smartd.service systemctl disable kea-ctrl-agent.service @@ -40,7 +42,6 @@ systemctl disable snmpd.service systemctl disable conserver-server.service systemctl disable dropbear.service systemctl disable fancontrol.service -systemctl disable fastnetmon.service systemctl disable ddclient.service systemctl disable ocserv.service systemctl disable tuned.service @@ -68,6 +69,11 @@ systemctl disable dpkg-db-backup.timer systemctl disable dpkg-db-backup.service systemctl disable zabbix-agent2.service systemctl disable suricata.service +systemctl disable vyconfd.service +systemctl disable vpp.service +systemctl disable vyos-commitd.service +systemctl disable netplug.service + echo I: Enabling services systemctl enable vyos-hostsd.service diff --git a/data/live-build-config/hooks/live/19-kernel_symlinks.chroot b/data/live-build-config/hooks/live/19-kernel_symlinks.chroot index e63ca263..a7e95e0e 100755 --- a/data/live-build-config/hooks/live/19-kernel_symlinks.chroot +++ b/data/live-build-config/hooks/live/19-kernel_symlinks.chroot @@ -1,6 +1,9 @@ #!/bin/sh -echo I: Creating kernel symlinks. +echo I: Creating Linux Kernel symbolic links cd /boot ln -s initrd.img-* initrd.img ln -s vmlinuz-* vmlinuz + +echo I: Remove Linux Kernel symbolic link to source folder +rm -rf /lib/modules/*/build diff --git a/data/live-build-config/hooks/live/40-init-cracklib-db.chroot b/data/live-build-config/hooks/live/40-init-cracklib-db.chroot new file mode 100755 index 00000000..4d94b08e --- /dev/null +++ b/data/live-build-config/hooks/live/40-init-cracklib-db.chroot @@ -0,0 +1,13 @@ +#!/bin/sh + +CRACKLIB_DIR=/var/cache/cracklib +CRACKLIB_DB=cracklib_dict + +if [ ! -f "${CRACKLIB_DIR}/${CRACKLIB_DB}.pwd" ]; then + echo "I: Creating the cracklib database ${CRACKLIB_DIR}/${CRACKLIB_DB}" + mkdir -p $CRACKLIB_DIR + + /usr/sbin/create-cracklib-dict -o $CRACKLIB_DIR/$CRACKLIB_DB \ + /usr/share/dict/cracklib-small +fi + diff --git a/data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot b/data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot deleted file mode 100755 index 478b88fb..00000000 --- a/data/live-build-config/hooks/live/82-import-vyos-gpg-signing-key.chroot +++ /dev/null @@ -1,12 +0,0 @@ -#!/bin/sh - -if ! command -v gpg &> /dev/null; then - echo "gpg binary could not be found" - exit 1 -fi - -GPG_KEY="/usr/share/vyos/keys/vyos-release.pub.asc" - -echo I: Import GPG key -gpg --import ${GPG_KEY} -exit $? diff --git a/data/live-build-config/hooks/live/92-strip-symbols.chroot b/data/live-build-config/hooks/live/92-strip-symbols.chroot index 704f9cb3..f44cb01d 100755 --- a/data/live-build-config/hooks/live/92-strip-symbols.chroot +++ b/data/live-build-config/hooks/live/92-strip-symbols.chroot @@ -15,7 +15,6 @@ STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-sec STRIPDIR_REGULAR=" " STRIPDIR_DEBUG=" -/usr/lib/modules " STRIPDIR_UNNEEDED=" /etc/hsflowd/modules diff --git a/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot b/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot new file mode 100755 index 00000000..8494a5c8 --- /dev/null +++ b/data/live-build-config/hooks/live/93-sb-sign-kernel.chroot @@ -0,0 +1,31 @@ +#!/bin/sh +SIGN_FILE=$(find /usr/lib -name sign-file) +KERNEL_KEY="/var/lib/shim-signed/mok/vyos-dev-2025-linux.key" +KERNEL_CERT="/var/lib/shim-signed/mok/vyos-dev-2025-linux.pem" +VMLINUZ=$(readlink /boot/vmlinuz) + +# All Linux Kernel modules need to be cryptographically signed +find /lib/modules -type f -name \*.ko | while read MODULE; do + modinfo ${MODULE} | grep -q "signer:" + if [ $? != 0 ]; then + echo "E: Module ${MODULE} is not signed!" + read -n 1 -s -r -p "Press any key to continue" + fi +done + +if [ ! -f ${KERNEL_KEY} ] && [ ! -f ${KERNEL_CERT} ]; then + echo "I: Signing key for Linux Kernel not found - Secure Boot not possible" +else + echo "I: Signing Linux Kernel for Secure Boot" + sbsign --key ${KERNEL_KEY} --cert ${KERNEL_CERT} /boot/${VMLINUZ} --output /boot/${VMLINUZ} + sbverify --list /boot/${VMLINUZ} + rm -f ${KERNEL_KEY} +fi + +for cert in $(ls /var/lib/shim-signed/mok/); do + if grep -rq "BEGIN PRIVATE KEY" /var/lib/shim-signed/mok/${cert}; then + echo "Found private key - bailing out" + exit 1 + fi +done + diff --git a/data/live-build-config/hooks/live/93-sign-kernel.chroot b/data/live-build-config/hooks/live/93-sign-kernel.chroot deleted file mode 100755 index 031db10d..00000000 --- a/data/live-build-config/hooks/live/93-sign-kernel.chroot +++ /dev/null @@ -1,18 +0,0 @@ -#!/bin/sh -SIGN_FILE=$(find /usr/lib -name sign-file) -MOK_KEY="/var/lib/shim-signed/mok/kernel.key" -MOK_CERT="/var/lib/shim-signed/mok/kernel.pem" -kernel_elf=$(readlink /boot/vmlinuz) - -if [ ! -f ${MOK_KEY} ]; then - echo "I: Signing key for Linux Kernel not found - Secure Boot not possible" -else - echo "I: Signing Linux Kernel for Secure Boot" - - sbsign --key $MOK_KEY --cert $MOK_CERT /boot/${kernel_elf} --output /boot/${kernel_elf} - sbverify --list /boot/${kernel_elf} - - find /lib/modules -type f -name \*.ko -o -name \*.ko.xz | while read module; do - $SIGN_FILE sha512 $MOK_KEY $MOK_CERT $module - done -fi diff --git a/data/live-build-config/includes.binary/isolinux/splash.png b/data/live-build-config/includes.binary/isolinux/splash.png Binary files differindex 4137d52b..f6b43d56 100644 --- a/data/live-build-config/includes.binary/isolinux/splash.png +++ b/data/live-build-config/includes.binary/isolinux/splash.png diff --git a/data/live-build-config/includes.chroot/etc/systemd/system.conf b/data/live-build-config/includes.chroot/etc/systemd/system.conf index 91af4090..0c30472a 100644 --- a/data/live-build-config/includes.chroot/etc/systemd/system.conf +++ b/data/live-build-config/includes.chroot/etc/systemd/system.conf @@ -53,3 +53,4 @@ ShowStatus=yes #DefaultLimitNICE= #DefaultLimitRTPRIO= #DefaultLimitRTTIME= +StatusUnitFormat=description diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry new file mode 100644 index 00000000..49f4afc4 --- /dev/null +++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry @@ -0,0 +1,20 @@ +menuentry "VyOS (KVM console)" { + linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 + initrd /boot//initrd.img +} + +menuentry "VyOS (Serial console)" { + linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 + initrd /boot//initrd.img +} + +menuentry "Lost password change (KVM console)" { + linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset + initrd /boot//initrd.img +} + +menuentry "Lost password change (Serial console)" { + linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 init=/opt/vyatta/sbin/standalone_root_pw_reset + initrd /boot//initrd.img +} + diff --git a/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc b/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc deleted file mode 100644 index bf9a7aca..00000000 --- a/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-release.pub.asc +++ /dev/null @@ -1,52 +0,0 @@ ------BEGIN PGP PUBLIC KEY BLOCK----- -Version: GnuPG v2.0.22 (GNU/Linux) - -mQINBFXKsiIBEACyid9PR/v56pSRG8VgQyRwvzoI7rLErZ8BCQA2WFxA6+zNy+6G -+0E/6XAOzE+VHli+wtJpiVJwAh+wWuqzOmv9css2fdJxpMW87pJAS2i3EVVVf6ab -wU848JYLGzc9y7gZrnT1m2fNh4MXkZBNDp780WpOZx8roZq5X+j+Y5hk5KcLiBn/ -lh9Zoh8yzrWDSXQsz0BGoAbVnLUEWyo0tcRcHuC0eLx6oNG/IHvd/+kxWB1uULHU -SlB/6vcx56lLqgzywkmhP01050ZDyTqrFRIfrvw6gLQaWlgR3lB93txvF/sz87Il -VblV7e6HEyVUQxedDS8ikOyzdb5r9a6Zt/j8ZPSntFNM6OcKAI7U1nDD3FVOhlVn -7lhUiNc+/qjC+pR9CrZjr/BTWE7Zpi6/kzeH4eAkfjyALj18oC5udJDjXE5daTL3 -k9difHf74VkZm29Cy9M3zPckOZpsGiBl8YQsf+RXSBMDVYRKZ1BNNLDofm4ZGijK -mriXcaY+VIeVB26J8m8y0zN4/ZdioJXRcy72c1KusRt8e/TsqtC9UFK05YpzRm5R -/nwxDFYb7EdY/vHUFOmfwXLaRvyZtRJ9LwvRUAqgRbbRZg3ET/tn6JZk8hqx3e1M -IxuskOB19t5vWyAo/TLGIFw44SErrq9jnpqgclTSRgFjcjHEm061r4vjoQARAQAB -tDZWeU9TIE1haW50YWluZXJzIChWeU9TIFJlbGVhc2UpIDxtYWludGFpbmVyc0B2 -eW9zLm5ldD6JAjgEEwECACIFAlXKsiICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B -AheAAAoJEP0iAoWg/m1+xbgP+QEDYZi5dA4IPY+vU1L95Bavju2m2o35TSUDPg5B -jfAGuhbsNUceU+l/yUlxjpKEmvshyW3GHR5QzUaKGup/ZDBo1CBxZNhpSlFida2E -KAYTx4vHk3MRXcntiAj/hIJwRtzCUp5UQIqHoU8dmHoHOkKEP+zhJuR6E2s+WwDr -nTwE6eRa0g/AHY+chj2Je6flpPm2CKoTfUE7a2yBBU3wPq3rGtsQgVxPAxHRZz7A -w4AjH3NM1Uo3etuiDnGkJAuoKKb1J4X3w2QlbwlR4cODLKhJXHIufwaGtRwEin9S -1l2bL8V3gy2Hv3D2t9TQZuR5NUHsibJRXLSa8WnSCcc6Bij5aqfdpYB+YvKH/rIm -GvYPmLZDfKGkx0JE4/qtfFjiPJ5VE7BxNyliEw/rnQsxWAGPqLlL61SD8w5jGkw3 -CinwO3sccTVcPz9b6A1RsbBVhTJJX5lcPn1lkOEVwQ7l8bRhOKCMe0P53qEDcLCd -KcXNnAFbVes9u+kfUQ4oxS0G2JS9ISVNmune+uv+JR7KqSdOuRYlyXA9uTjgWz4y -Cs7RS+CpkJFqrqOtS1rmuDW9Ea4PA8ygGlisM5d/AlVkniHz/2JYtgetiLCj9mfE -MzQpgnldNSPumKqJ3wwmCNisE+lXQ5UXCaoaeqF/qX1ykybQn41LQ+0xT5Uvy7sL -9IwGuQINBFXKsiIBEACg2mP3QYkXdgWTK5JyTGyttE6bDC9uqsK8dc1J66Tjd5Ly -Be0amO+88GHXa0o5Smwk2QNoxsRR41G/D/eAeGsuOEYnePROEr3tcLnDjo4KLgQ+ -H69zRPn77sdP3A34Jgp+QIzByJWM7Cnim31quQP3qal2QdpGJcT/jDJWdticN76a -Biaz+HN13LyvZM+DWhUDttbjAJc+TEwF9YzIrU+3AzkTRDWkRh4kNIQxjlpNzvho -9V75riVqg2vtgPwttPEhOLb0oMzy4ADdfezrfVvvMb4M4kY9npu4MlSkNTM97F/I -QKy90JuSUIjE05AO+PDXJF4Fd5dcpmukLV/2nV0WM2LAERpJUuAgkZN6pNUFVISR -+nSfgR7wvqeDY9NigHrJqJbSEgaBUs6RTk5hait2wnNKLJajlu3aQ2/QfRT/kG3h -ClKUz3Ju7NCURmFE6mfsdsVrlIsEjHr/dPbXRswXgC9FLlXpWgAEDYi9Wdxxz8o9 -JDWrVYdKRGG+OpLFh8AP6QL3YnZF+p1oxGUQ5ugXauAJ9YS55pbzaUFP8oOO2P1Q -BeYnKRs1GcMI8KWtE/fze9C9gZ7Dqju7ZFEyllM4v3lzjhT8muMSAhw41J22mSx6 -VRkQVRIAvPDFES45IbB6EEGhDDg4pD2az8Q7i7Uc6/olEmpVONSOZEEPsQe/2wAR -AQABiQIfBBgBAgAJBQJVyrIiAhsMAAoJEP0iAoWg/m1+niUQAKTxwJ9PTAfB+XDk -3qH3n+T49O2wP3fhBI0EGhJp9Xbx29G7qfEeqcQm69/qSq2/0HQOc+w/g8yy71jA -6rPuozCraoN7Im09rQ2NqIhPK/1w5ZvgNVC0NtcMigX9MiSARePKygAHOPHtrhyO -rJQyu8E3cV3VRT4qhqIqXs8Ydc9vL3ZrJbhcHQuSLdZxM1k+DahCJgwWabDCUizm -sVP3epAP19FP8sNtHi0P1LC0kq6/0qJot+4iBiRwXMervCD5ExdOm2ugvSgghdYN -BikFHvmsCxbZAQjykQ6TMn+vkmcEz4fGAn4L7Nx4paKEtXaAFO8TJmFjOlGUthEm -CtHDKjCTh9WV4pwG2WnXuACjnJcs6LcK377EjWU25H4y1ff+NDIUg/DWfSS85iIc -UgkOlQO6HJy0O96L5uxn7VJpXNYFa20lpfTVZv7uu3BC3RW/FyOYsGtSiUKYq6cb -CMxGTfFxGeynwIlPRlH68BqH6ctR/mVdo+5UIWsChSnNd1GreIEI6p2nBk3mc7jZ -7pTEHpjarwOjs/S/lK+vLW53CSFimmW4lw3MwqiyAkxl0tHAT7QMHH9Rgw2HF/g6 -XD76fpFdMT856dsuf+j2uuJFlFe5B1fERBzeU18MxML0VpDmGFEaxxypfACeI/iu -8vzPzaWHhkOkU8/J/Ci7+vNtUOZb -=Ld8S ------END PGP PUBLIC KEY BLOCK----- diff --git a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md b/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md deleted file mode 100644 index 5a6edbba..00000000 --- a/data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md +++ /dev/null @@ -1,22 +0,0 @@ -# Secure Boot - -## CA - -Create Certificate Authority used for Kernel signing. CA is loaded into the -Machine Owner Key store on the target system. - -```bash -openssl req -new -x509 -newkey rsa:2048 -keyout MOK.key -outform DER -out MOK.der -days 36500 -subj "/CN=VyOS Secure Boot CA/" -nodes -openssl x509 -inform der -in MOK.der -out MOK.pem -``` - -## Kernel Module Signing Key - -We do not make use of ephemeral keys for Kernel module signing. Instead a key -is generated and signed by the VyOS Secure Boot CA which signs all the Kernel -modules during ISO assembly if present. - -```bash -openssl req -newkey rsa:2048 -keyout kernel.key -out kernel.csr -subj "/CN=VyOS Secure Boot Signer 2024 - linux/" -nodes -openssl x509 -req -in kernel.csr -CA MOK.pem -CAkey MOK.key -CAcreateserial -out kernel.pem -days 730 -sha256 -``` diff --git a/data/live-build-config/package-lists/vyos-base.list.chroot b/data/live-build-config/package-lists/vyos-base.list.chroot index 4ccc7f76..b20c2962 100644 --- a/data/live-build-config/package-lists/vyos-base.list.chroot +++ b/data/live-build-config/package-lists/vyos-base.list.chroot @@ -1,6 +1,4 @@ debconf -gpgv -gnupg vyos-1x vyos-user-utils zstd diff --git a/data/live-build-config/rootfs/excludes b/data/live-build-config/rootfs/excludes index a5fe41e5..558e637b 100644 --- a/data/live-build-config/rootfs/excludes +++ b/data/live-build-config/rootfs/excludes @@ -44,7 +44,8 @@ usr/games/* usr/local/games/* # T5511: We do not need any caches on the system (will be recreated when needed). -var/cache/* +# T7278: We need directory created by python3-cracklib for password checks +var/cache/!(cracklib) # T5511: We do not need any log-files on the system (will be recreated when needed). var/log/*.log |
