diff options
Diffstat (limited to 'data')
43 files changed, 234 insertions, 321 deletions
diff --git a/data/architectures/amd64.toml b/data/architectures/amd64.toml index c479ea9c..7d3e3674 100644 --- a/data/architectures/amd64.toml +++ b/data/architectures/amd64.toml @@ -1,5 +1,5 @@ additional_repositories = [ - "deb [arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3004 bullseye main" + "deb [arch=amd64] https://repo.saltproject.io/py3/debian/11/amd64/3005 bullseye main" ] kernel_flavor = "amd64-vyos" @@ -10,5 +10,8 @@ packages = [ "grub-pc", "vyos-linux-firmware", "vyos-intel-qat", + "vyos-intel-ixgbe", + "vyos-intel-ixgbevf", + "openvpn-dco", "telegraf" ] diff --git a/data/architectures/arm64.toml b/data/architectures/arm64.toml index e48d9f49..ff95d0cf 100644 --- a/data/architectures/arm64.toml +++ b/data/architectures/arm64.toml @@ -1,9 +1,9 @@ additional_repositories = [ - "deb [arch=arm64] https://repo.saltproject.io/py3/debian/11/arm64/3004 bullseye main" + "deb [arch=arm64] https://repo.saltproject.io/py3/debian/11/arm64/3005 bullseye main" ] -kernel_flavor = "v8-arm64-vyos" +kernel_flavor = "arm64-vyos" # Packages included in ARM64 images by default -packages = ["grub-efi-arm64"] -bootloaders = "grub-efi"
\ No newline at end of file +packages = ["grub-efi-arm64", "openvpn-dco"] +bootloaders = "grub-efi" diff --git a/data/build-flavors/aws-iso.toml b/data/build-flavors/aws-iso.toml new file mode 100644 index 00000000..e13ed59a --- /dev/null +++ b/data/build-flavors/aws-iso.toml @@ -0,0 +1,3 @@ +image_format = "iso" + +packages = ["amazon-cloudwatch-agent"] diff --git a/data/defaults.toml b/data/defaults.toml index bbdf65e9..01c695dd 100644 --- a/data/defaults.toml +++ b/data/defaults.toml @@ -7,16 +7,18 @@ debian_distribution = "bookworm" debian_mirror = "http://deb.debian.org/debian" debian_security_mirror = "http://deb.debian.org/debian-security" -debian_archive_areas = "main contrib non-free" +debian_archive_areas = "main contrib non-free non-free-firmware" -vyos_mirror = "http://dev.packages.vyos.net/repositories/current" +vyos_mirror = "https://rolling-packages.vyos.net/current" vyos_branch = "current" release_train = "current" -kernel_version = "6.1.21" +kernel_version = "6.6.16" bootloaders = "syslinux,grub-efi" +squashfs_compression_type = "xz -Xbcj x86 -b 256k -always-use-fragments -no-recovery" + website_url = "https://vyos.io" support_url = "https://support.vyos.io" bugtracker_url = "https://vyos.dev" diff --git a/data/live-build-config/archives/bookworm-backports.pref.chroot b/data/live-build-config/archives/bookworm-backports.pref.chroot new file mode 100644 index 00000000..b9eabc58 --- /dev/null +++ b/data/live-build-config/archives/bookworm-backports.pref.chroot @@ -0,0 +1,7 @@ +Package: iproute2 +Pin: release n=bookworm-backports +Pin-Priority: 600 + +Package: * +Pin: release n=bookworm-backports +Pin-Priority: -100 diff --git a/data/live-build-config/archives/trixie.list.chroot b/data/live-build-config/archives/trixie.list.chroot new file mode 100644 index 00000000..a806ca4b --- /dev/null +++ b/data/live-build-config/archives/trixie.list.chroot @@ -0,0 +1,2 @@ +deb http://deb.debian.org/debian/ trixie main non-free +deb http://deb.debian.org/debian/ trixie-updates main non-free diff --git a/data/live-build-config/archives/trixie.pref.chroot b/data/live-build-config/archives/trixie.pref.chroot new file mode 100644 index 00000000..a7d8b0ea --- /dev/null +++ b/data/live-build-config/archives/trixie.pref.chroot @@ -0,0 +1,11 @@ +Package: podman +Pin: release n=trixie +Pin-Priority: 900 + +Package: netavark +Pin: release n=trixie +Pin-Priority: 900 + +Package: * +Pin: release n=trixie +Pin-Priority: -10 diff --git a/data/live-build-config/bootloaders/grub-pc/grub.cfg b/data/live-build-config/bootloaders/grub-pc/grub.cfg index 8837b8a2..4c46c89f 100644 --- a/data/live-build-config/bootloaders/grub-pc/grub.cfg +++ b/data/live-build-config/bootloaders/grub-pc/grub.cfg @@ -4,6 +4,7 @@ set timeout=10 insmod serial serial --unit=0 --speed=115200 +insmod gzio insmod part_msdos insmod ext2 insmod efi_gop diff --git a/data/live-build-config/hooks/live/01-live-serial.binary b/data/live-build-config/hooks/live/01-live-serial.binary new file mode 100755 index 00000000..e138b20d --- /dev/null +++ b/data/live-build-config/hooks/live/01-live-serial.binary @@ -0,0 +1,31 @@ +#!/bin/sh + +GRUB_PATH=boot/grub/grub.cfg +ISOLINUX_PATH=isolinux/live.cfg + +KVM_CONSOLE="console=ttyS0,115200 console=tty0" +SERIAL_CONSOLE="console=tty0 console=ttyS0,115200" + +# Grub.cfg Update +GRUB_MENUENTRY=$(sed -e '/menuentry.*hotkey.*/,/^}/!d' -e 's/--hotkey=l//g' $GRUB_PATH) + +# Update KVM menuentry name +sed -i 's/"Live system \((.*-vyos)\)"/"Live system \1 - KVM console"/' $GRUB_PATH + +# Insert serial menuentry +echo "$GRUB_MENUENTRY" | sed \ + -e 's/"Live system \((.*-vyos)\)"/"Live system \1 - Serial console"/' \ + -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $GRUB_PATH + +# Live.cfg Update +ISOLINUX_MENUENTRY=$(sed -e '/label live-\(.*\)-vyos$/,/^\tappend.*/!d' $ISOLINUX_PATH) + +# Update KVM menuentry name +sed -i 's/Live system \((.*-vyos)\)/Live system \1 - KVM console/' $ISOLINUX_PATH + +# Insert serial menuentry +echo "\n$ISOLINUX_MENUENTRY" | sed \ + -e 's/live-\(.*\)-vyos/live-\1-vyos-serial/' \ + -e '/^\tmenu default/d' \ + -e 's/Live system \((.*-vyos)\)/Live system \1 - Serial console/' \ + -e "s/$KVM_CONSOLE/$SERIAL_CONSOLE/g" >> $ISOLINUX_PATH diff --git a/data/live-build-config/hooks/live/18-enable-disable_services.chroot b/data/live-build-config/hooks/live/18-enable-disable_services.chroot index 2cc525aa..08404a62 100755 --- a/data/live-build-config/hooks/live/18-enable-disable_services.chroot +++ b/data/live-build-config/hooks/live/18-enable-disable_services.chroot @@ -1,8 +1,11 @@ #!/bin/sh echo I: Disabling services +systemctl disable arpwatch.service systemctl disable smartd.service -systemctl disable isc-dhcp-server.service +systemctl disable kea-ctrl-agent.service +systemctl disable kea-dhcp4-server.service +systemctl disable kea-dhcp6-server.service systemctl disable isc-dhcp-relay.service systemctl disable nfacctd.service systemctl disable pmacctd.service @@ -63,11 +66,22 @@ systemctl disable miniupnpd.service systemctl disable owamp-server.service systemctl disable twamp-server.service systemctl disable podman-auto-update.service +systemctl disable podman-auto-update.timer systemctl disable podman-restart.service +systemctl disable vyos-wan-load-balance.service +systemctl disable nvmf-autoconnect.service +systemctl disable vpp.service +systemctl disable dpkg-db-backup.timer +systemctl disable dpkg-db-backup.service +systemctl disable zabbix-agent2.service echo I: Enabling services -systemctl enable frr.service -systemctl enable ssh-session-cleanup.service systemctl enable vyos-hostsd.service systemctl enable acpid.service +systemctl enable vyos-router.service systemctl enable vyos-configd.service +systemctl enable vyos-grub-update.service + +echo I: Masking services +systemctl mask systemd-journald-audit.socket +systemctl --global mask gpg-agent.service gpg-agent.socket gpg-agent-ssh.socket gpg-agent-extra.socket gpg-agent-browser.socket dirmngr.socket diff --git a/data/live-build-config/hooks/live/20-rm_ddclient_hook.chroot b/data/live-build-config/hooks/live/20-rm_ddclient_hook.chroot deleted file mode 100755 index 350843c7..00000000 --- a/data/live-build-config/hooks/live/20-rm_ddclient_hook.chroot +++ /dev/null @@ -1,9 +0,0 @@ -#!/bin/sh - -if [ -f /etc/dhcp/dhclient-exit-hooks.d/ddclient ]; then - rm -f /etc/dhcp/dhclient-exit-hooks.d/ddclient -fi - -if [ -f /etc/ddclient.conf ]; then - rm -f /etc/ddclient.conf -fi diff --git a/data/live-build-config/hooks/live/22-rm_cron_atop.chroot b/data/live-build-config/hooks/live/22-rm_cron_atop.chroot deleted file mode 100755 index 7f77e1f7..00000000 --- a/data/live-build-config/hooks/live/22-rm_cron_atop.chroot +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/sh - -if [ -f /etc/cron.d/atop ]; then - rm -f /etc/cron.d/atop -fi - diff --git a/data/live-build-config/hooks/live/23-config_mkdir.chroot b/data/live-build-config/hooks/live/23-config_mkdir.chroot new file mode 100755 index 00000000..e18ee3b6 --- /dev/null +++ b/data/live-build-config/hooks/live/23-config_mkdir.chroot @@ -0,0 +1,5 @@ +#!/bin/sh + +echo I: Create config directory. + +mkdir -p /config diff --git a/data/live-build-config/hooks/live/30-frr-configs.chroot b/data/live-build-config/hooks/live/30-frr-configs.chroot deleted file mode 100755 index 47b72300..00000000 --- a/data/live-build-config/hooks/live/30-frr-configs.chroot +++ /dev/null @@ -1,69 +0,0 @@ -#!/usr/bin/env python3 - -# For FRR to work in VyOS as expected we need a few fixups -# -# 1. Enable daemons we use in /etc/frr/daemons -# 2. Set the VRF backend of Zebra to netns (-n option) in /etc/frr/daemons.conf -# Otherwise multiple routing tables for PBR won't work -# 3. Create empty configs for daemons with use -# That is to make them possible to start on boot before config is loaded -# - -import os - -daemons = """ -zebra=yes -bgpd=yes -ospfd=yes -ospf6d=yes -ripd=yes -ripngd=yes -isisd=yes -pimd=no -ldpd=yes -nhrpd=no -eigrpd=yes -babeld=yes -sharpd=no -pbrd=no -bfdd=yes -staticd=yes - -vtysh_enable=yes -zebra_options="-s 90000000 --daemon -A 127.0.0.1 -M snmp" -bgpd_options="--daemon -A 127.0.0.1 -M snmp -M rpki -M bmp" -ospfd_options="--daemon -A 127.0.0.1 -M snmp" -ospf6d_options="--daemon -A ::1 -M snmp" -ripd_options="--daemon -A 127.0.0.1 -M snmp" -ripngd_options="--daemon -A ::1" -isisd_options="--daemon -A 127.0.0.1 -M snmp" -pimd_options="--daemon -A 127.0.0.1" -ldpd_options="--daemon -A 127.0.0.1" -nhrpd_options="--daemon -A 127.0.0.1" -eigrpd_options="--daemon -A 127.0.0.1" -babeld_options="--daemon -A 127.0.0.1" -sharpd_options="--daemon -A 127.0.0.1" -pbrd_options="--daemon -A 127.0.0.1" -staticd_options="--daemon -A 127.0.0.1" -bfdd_options="--daemon -A 127.0.0.1" - -watchfrr_enable=no -valgrind_enable=no -""" - -frr_conf = """ -log syslog -log facility local7 -""" - -frr_log = '' - -with open("/etc/frr/daemons", "w") as f: - f.write(daemons) - -with open("/etc/frr/frr.conf", "w") as f: - f.write(frr_conf) - -# Prevent writing logs to /var/log/frr/frr.log. T2061 -with open("/etc/rsyslog.d/45-frr.conf", "w") as f: - f.write(frr_log) diff --git a/data/live-build-config/hooks/live/80-delete-docs.chroot b/data/live-build-config/hooks/live/80-delete-docs.chroot deleted file mode 100755 index ce18bc8f..00000000 --- a/data/live-build-config/hooks/live/80-delete-docs.chroot +++ /dev/null @@ -1,6 +0,0 @@ -#!/bin/bash - -# We do not need any documentation on the system. This frees some space. -# Copyright/licenses files are ignored for deletion -shopt -s extglob -rm -rf /usr/share/doc/*/!(copyright*|README*) /usr/share/doc-base diff --git a/data/live-build-config/hooks/live/81-cleanup-etc-defaults.chroot b/data/live-build-config/hooks/live/81-cleanup-etc-defaults.chroot deleted file mode 100755 index c93deee1..00000000 --- a/data/live-build-config/hooks/live/81-cleanup-etc-defaults.chroot +++ /dev/null @@ -1,11 +0,0 @@ -#!/bin/sh - -# we use systemd to control ISC daemons from within vyos-1x -FILES="/etc/default/isc-dhcp-server /etc/default/isc-dhcp-relay" - -for FILE in ${FILES} -do - if [ -f ${FILE} ]; then - rm -f ${FILE} - fi -done diff --git a/data/live-build-config/hooks/live/82-cleanup-udev-rules.chroot b/data/live-build-config/hooks/live/82-cleanup-udev-rules.chroot deleted file mode 100755 index a0173e49..00000000 --- a/data/live-build-config/hooks/live/82-cleanup-udev-rules.chroot +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -# 99-default.link rule always calls link_config that trying to set -# autonegotiation and duplex even for PPP interfaces. -# Need to delete this rule to prevent overhead on interface creation stage - -rm /lib/systemd/network/99-default.link diff --git a/data/live-build-config/hooks/live/83-cleanup-etc-motd-d.chroot b/data/live-build-config/hooks/live/83-cleanup-etc-motd-d.chroot deleted file mode 100755 index 9d8dc97e..00000000 --- a/data/live-build-config/hooks/live/83-cleanup-etc-motd-d.chroot +++ /dev/null @@ -1,4 +0,0 @@ -#!/bin/sh -if [ -f /etc/update-motd.d/10-uname ]; then - rm -f /etc/update-motd.d/10-uname -fi diff --git a/data/live-build-config/hooks/live/99-strip-symbols.chroot b/data/live-build-config/hooks/live/99-strip-symbols.chroot new file mode 100755 index 00000000..704f9cb3 --- /dev/null +++ b/data/live-build-config/hooks/live/99-strip-symbols.chroot @@ -0,0 +1,76 @@ +#!/bin/sh + +# +# Discard symbols and other data from object files. +# +# Reference: +# https://www.linuxfromscratch.org/lfs/view/systemd/chapter08/stripping.html +# https://www.debian.org/doc/debian-policy/ch-files.html +# + +# Set variables. +STRIPCMD_REGULAR="strip --remove-section=.comment --remove-section=.note --preserve-dates" +STRIPCMD_DEBUG="strip --strip-debug --remove-section=.comment --remove-section=.note --preserve-dates" +STRIPCMD_UNNEEDED="strip --strip-unneeded --remove-section=.comment --remove-section=.note --preserve-dates" +STRIPDIR_REGULAR=" +" +STRIPDIR_DEBUG=" +/usr/lib/modules +" +STRIPDIR_UNNEEDED=" +/etc/hsflowd/modules +/usr/bin +/usr/lib/openvpn +/usr/lib/x86_64-linux-gnu +/usr/lib32 +/usr/lib64 +/usr/libx32 +/usr/sbin +" +STRIP_EXCLUDE=`dpkg-query -L libbinutils | grep '.so'` + +# Perform stuff. +echo "Stripping symbols..." + +# List excluded files. +echo "Exclude files: ${STRIP_EXCLUDE}" + +# CMD: strip +for DIR in ${STRIPDIR_REGULAR}; do + echo "Parse dir (strip): ${DIR}" + find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do + echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" + if [ $? -ne 0 ]; then + echo "Strip file (strip): ${FILE}" + ${STRIPCMD_REGULAR} ${FILE} + fi + done +done + +# CMD: strip --strip-debug +for DIR in ${STRIPDIR_DEBUG}; do + echo "Parse dir (strip-debug): ${DIR}" + find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do + echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" + if [ $? -ne 0 ]; then + echo "Strip file (strip-debug): ${FILE}" + ${STRIPCMD_DEBUG} ${FILE} + fi + done +done + +# CMD: strip --strip-unneeded +for DIR in ${STRIPDIR_UNNEEDED}; do + echo "Parse dir (strip-unneeded: ${DIR}" + find ${DIR} -type f -exec file {} \; | grep 'not stripped' | cut -d ":" -f 1 | while read FILE; do + echo "${STRIP_EXCLUDE}" | grep -F -q -w "${FILE}" + if [ $? -ne 0 ]; then + echo "Strip file (strip-unneeded): ${FILE}" + ${STRIPCMD_UNNEEDED} ${FILE} + fi + done +done + +# Remove binutils package. +apt-get -y purge --autoremove binutils + diff --git a/data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf b/data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf +++ b/data/live-build-config/includes.chroot/etc/c3xxx_dev0.conf diff --git a/data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf b/data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf +++ b/data/live-build-config/includes.chroot/etc/c3xxx_dev1.conf diff --git a/data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf b/data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf +++ b/data/live-build-config/includes.chroot/etc/c3xxx_dev2.conf diff --git a/data/live-build-config/includes.chroot/etc/c6xx_dev0.conf b/data/live-build-config/includes.chroot/etc/c6xx_dev0.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/c6xx_dev0.conf +++ b/data/live-build-config/includes.chroot/etc/c6xx_dev0.conf diff --git a/data/live-build-config/includes.chroot/etc/c6xx_dev1.conf b/data/live-build-config/includes.chroot/etc/c6xx_dev1.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/c6xx_dev1.conf +++ b/data/live-build-config/includes.chroot/etc/c6xx_dev1.conf diff --git a/data/live-build-config/includes.chroot/etc/c6xx_dev2.conf b/data/live-build-config/includes.chroot/etc/c6xx_dev2.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/c6xx_dev2.conf +++ b/data/live-build-config/includes.chroot/etc/c6xx_dev2.conf diff --git a/data/live-build-config/includes.chroot/etc/d15xx_dev0.conf b/data/live-build-config/includes.chroot/etc/d15xx_dev0.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/d15xx_dev0.conf +++ b/data/live-build-config/includes.chroot/etc/d15xx_dev0.conf diff --git a/data/live-build-config/includes.chroot/etc/d15xx_dev1.conf b/data/live-build-config/includes.chroot/etc/d15xx_dev1.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/d15xx_dev1.conf +++ b/data/live-build-config/includes.chroot/etc/d15xx_dev1.conf diff --git a/data/live-build-config/includes.chroot/etc/d15xx_dev2.conf b/data/live-build-config/includes.chroot/etc/d15xx_dev2.conf index 5e133fa9..5e133fa9 100755..100644 --- a/data/live-build-config/includes.chroot/etc/d15xx_dev2.conf +++ b/data/live-build-config/includes.chroot/etc/d15xx_dev2.conf diff --git a/data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf b/data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf index 2f0eead7..2f0eead7 100755..100644 --- a/data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf +++ b/data/live-build-config/includes.chroot/etc/dh895xcc_dev0.conf diff --git a/data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf b/data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf index 2f0eead7..2f0eead7 100755..100644 --- a/data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf +++ b/data/live-build-config/includes.chroot/etc/dh895xcc_dev1.conf diff --git a/data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf b/data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf index 2f0eead7..2f0eead7 100755..100644 --- a/data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf +++ b/data/live-build-config/includes.chroot/etc/dh895xcc_dev2.conf diff --git a/data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons b/data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons index d533eaca..b9190971 100755 --- a/data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons +++ b/data/live-build-config/includes.chroot/etc/initramfs-tools/hooks/10-vyos-addons @@ -33,3 +33,4 @@ copy_exec /usr/sbin/fsck.ext4 # copy other files ("other" here is a file type, so do not delete this keyword) copy_file other /etc/ssl/certs/ca-certificates.crt +copy_file other /etc/ssl/openssl.cnf diff --git a/data/live-build-config/includes.chroot/etc/netplug/netplug b/data/live-build-config/includes.chroot/etc/netplug/netplug deleted file mode 100755 index 699be5fd..00000000 --- a/data/live-build-config/includes.chroot/etc/netplug/netplug +++ /dev/null @@ -1,29 +0,0 @@ -#!/bin/sh -# -# vyos policy agent for netplugd -# - -dev="$1" -action="$2" - -case "$action" in -in) - run-parts -a $dev /etc/netplug/linkup.d - ;; -out) - run-parts -a $dev /etc/netplug/linkdown.d - ;; - -# probe loads and initialises the driver for the interface and brings the -# interface into the "up" state, so that it can generate netlink(7) events. -# This interferes with "admin down" for an interface. Thus, commented out. An -# "admin up" is treated as a "link up" and thus, "link up" action is executed. -# To execute "link down" action on "admin down", run appropriate script in -# /etc/netplug/linkdown.d -#probe) -# ;; - -*) - exit 1 - ;; -esac diff --git a/data/live-build-config/includes.chroot/etc/netplug/netplugd.conf b/data/live-build-config/includes.chroot/etc/netplug/netplugd.conf deleted file mode 100644 index ab4d826d..00000000 --- a/data/live-build-config/includes.chroot/etc/netplug/netplugd.conf +++ /dev/null @@ -1,3 +0,0 @@ -eth* -br* -bond* diff --git a/data/live-build-config/includes.chroot/etc/skel/.bashrc b/data/live-build-config/includes.chroot/etc/skel/.bashrc deleted file mode 100644 index 06443378..00000000 --- a/data/live-build-config/includes.chroot/etc/skel/.bashrc +++ /dev/null @@ -1,119 +0,0 @@ -# ~/.bashrc: executed by bash(1) for non-login shells. -# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) -# for examples - -# If not running interactively, don't do anything -case $- in - *i*) ;; - *) return;; -esac - -# don't put duplicate lines or lines starting with space in the history. -# See bash(1) for more options -HISTCONTROL=ignoreboth - -# append to the history file, don't overwrite it -shopt -s histappend - -# for setting history length see HISTSIZE and HISTFILESIZE in bash(1) -HISTSIZE=1000 -HISTFILESIZE=2000 - -# check the window size after each command and, if necessary, -# update the values of LINES and COLUMNS. -shopt -s checkwinsize - -# If set, the pattern "**" used in a pathname expansion context will -# match all files and zero or more directories and subdirectories. -#shopt -s globstar - -# make less more friendly for non-text input files, see lesspipe(1) -#[ -x /usr/bin/lesspipe ] && eval "$(SHELL=/bin/sh lesspipe)" - -# set variable identifying the chroot you work in (used in the prompt below) -if [ -z "${debian_chroot:-}" ] && [ -r /etc/debian_chroot ]; then - debian_chroot=$(cat /etc/debian_chroot) -fi - -# set a fancy prompt (non-color, unless we know we "want" color) -case "$TERM" in - xterm-color) color_prompt=yes;; -esac - -# uncomment for a colored prompt, if the terminal has the capability; turned -# off by default to not distract the user: the focus in a terminal window -# should be on the output of commands, not on the prompt -#force_color_prompt=yes - -if [ -n "$force_color_prompt" ]; then - if [ -x /usr/bin/tput ] && tput setaf 1 >&/dev/null; then - # We have color support; assume it's compliant with Ecma-48 - # (ISO/IEC-6429). (Lack of such support is extremely rare, and such - # a case would tend to support setf rather than setaf.) - color_prompt=yes - else - color_prompt= - fi -fi - -if [ "$color_prompt" = yes ]; then - PS1='${debian_chroot:+($debian_chroot)}\[\033[01;32m\]\u@\H\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ ' -else - PS1='${debian_chroot:+($debian_chroot)}\u@\H:\w\$ ' -fi -unset color_prompt force_color_prompt - -# If this is an xterm set the title to user@host:dir -case "$TERM" in -xterm*|rxvt*) - PS1="\[\e]0;${debian_chroot:+($debian_chroot)}\u@\H: \w\a\]$PS1" - ;; -*) - ;; -esac - -# enable color support of ls and also add handy aliases -if [ -x /usr/bin/dircolors ]; then - test -r ~/.dircolors && eval "$(dircolors -b ~/.dircolors)" || eval "$(dircolors -b)" - alias ls='ls --color=auto' - #alias dir='dir --color=auto' - #alias vdir='vdir --color=auto' - - #alias grep='grep --color=auto' - #alias fgrep='fgrep --color=auto' - #alias egrep='egrep --color=auto' -fi - -# colored GCC warnings and errors -#export GCC_COLORS='error=01;31:warning=01;35:note=01;36:caret=01;32:locus=01:quote=01' - -# some more ls aliases -#alias ll='ls -l' -#alias la='ls -A' -#alias l='ls -CF' - -# Alias definitions. -# You may want to put all your additions into a separate file like -# ~/.bash_aliases, instead of adding them here directly. -# See /usr/share/doc/bash-doc/examples in the bash-doc package. - -if [ -f ~/.bash_aliases ]; then - . ~/.bash_aliases -fi - -# enable programmable completion features (you don't need to enable -# this, if it's already enabled in /etc/bash.bashrc and /etc/profile -# sources /etc/bash.bashrc). -if ! shopt -oq posix; then - if [ -f /usr/share/bash-completion/bash_completion ]; then - . /usr/share/bash-completion/bash_completion - elif [ -f /etc/bash_completion ]; then - . /etc/bash_completion - fi -fi -OPAMROOT='/opt/opam'; export OPAMROOT; -OPAM_SWITCH_PREFIX='/opt/opam/4.07.0'; export OPAM_SWITCH_PREFIX; -CAML_LD_LIBRARY_PATH='/opt/opam/4.07.0/lib/stublibs:/opt/opam/4.07.0/lib/ocaml/stublibs:/opt/opam/4.07.0/lib/ocaml'; export CAML_LD_LIBRARY_PATH; -OCAML_TOPLEVEL_PATH='/opt/opam/4.07.0/lib/toplevel'; export OCAML_TOPLEVEL_PATH; -MANPATH=':/opt/opam/4.07.0/man'; export MANPATH; -PATH='/opt/opam/4.07.0/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'; export PATH; diff --git a/data/live-build-config/includes.chroot/etc/skel/.profile b/data/live-build-config/includes.chroot/etc/skel/.profile deleted file mode 100644 index c9db4591..00000000 --- a/data/live-build-config/includes.chroot/etc/skel/.profile +++ /dev/null @@ -1,22 +0,0 @@ -# ~/.profile: executed by the command interpreter for login shells. -# This file is not read by bash(1), if ~/.bash_profile or ~/.bash_login -# exists. -# see /usr/share/doc/bash/examples/startup-files for examples. -# the files are located in the bash-doc package. - -# the default umask is set in /etc/profile; for setting the umask -# for ssh logins, install and configure the libpam-umask package. -#umask 022 - -# if running bash -if [ -n "$BASH_VERSION" ]; then - # include .bashrc if it exists - if [ -f "$HOME/.bashrc" ]; then - . "$HOME/.bashrc" - fi -fi - -# set PATH so it includes user's private bin if it exists -if [ -d "$HOME/bin" ] ; then - PATH="$HOME/bin:$PATH" -fi diff --git a/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service deleted file mode 100644 index b8672722..00000000 --- a/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service +++ /dev/null @@ -1,13 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell session cleanup -Wants=network.target -After=network.target - -[Service] -ExecStart=/bin/true -ExecStop=/usr/lib/openssh/ssh-session-cleanup -RemainAfterExit=yes -Type=oneshot - -[Install] -WantedBy=multi-user.target diff --git a/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup deleted file mode 100755 index f283cc96..00000000 --- a/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup +++ /dev/null @@ -1,11 +0,0 @@ -#! /bin/sh - -ssh_session_pattern='sshd: \S.*@pts/[0-9]+' - -IFS="$IFS@" -pgrep -a -f "$ssh_session_pattern" | while read pid daemon user pty; do - echo "Found ${daemon%:} session $pid on $pty; sending SIGTERM" - kill "$pid" || true -done - -exit 0 diff --git a/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-rolling-release.minisign.pub b/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-rolling-release.minisign.pub new file mode 100644 index 00000000..29a30825 --- /dev/null +++ b/data/live-build-config/includes.chroot/usr/share/vyos/keys/vyos-rolling-release.minisign.pub @@ -0,0 +1,2 @@ +untrusted comment: minisign public key 21AF69D8B86794DC +RWTclGe42GmvIX/xnNiXdigNll7NSfpYGl1rj+sEERcLgoEsse5EwAgA diff --git a/data/live-build-config/package-lists/vyos-base.list.chroot b/data/live-build-config/package-lists/vyos-base.list.chroot index 37d51de4..0b7b8e9f 100644 --- a/data/live-build-config/package-lists/vyos-base.list.chroot +++ b/data/live-build-config/package-lists/vyos-base.list.chroot @@ -3,3 +3,4 @@ gpgv gnupg vyos-world vyos-user-utils +zstd diff --git a/data/live-build-config/package-lists/vyos-utils.list.chroot b/data/live-build-config/package-lists/vyos-utils.list.chroot index 0049077b..4f380ba1 100644 --- a/data/live-build-config/package-lists/vyos-utils.list.chroot +++ b/data/live-build-config/package-lists/vyos-utils.list.chroot @@ -2,3 +2,4 @@ systemd-sysv systemd-bootchart ncurses-term kitty-terminfo +binutils diff --git a/data/live-build-config/rootfs/excludes b/data/live-build-config/rootfs/excludes new file mode 100644 index 00000000..a5fe41e5 --- /dev/null +++ b/data/live-build-config/rootfs/excludes @@ -0,0 +1,62 @@ +# Exclude various unused files and directories in order to free some space and shrink imagesize. +# +# For information on how to use wildcards properly (Anchored and Non-anchored excludes): +# +# https://github.com/plougher/squashfs-tools/blob/master/RELEASE-READMEs/README-3.3 +# +# Note: +# +# - root starts without leading '/'. +# + +# Txxx: Drop isc-dhcp helper files from /etc/default. +# We use systemd to control ISC daemons from within vyos-1x. +etc/default/isc-dhcp-server +etc/default/isc-dhcp-relay + +# T2185: Clean leftover files (ddclient) from base package. +etc/dhcp/dhclient-exit-hooks.d/ddclient +etc/ddclient.conf + +# T3242: Add hook to prevent link_config redundancy call in systemd-udev. +# 99-default.link rule always calls link_config thats trying to set autonegotiation and duplex even for PPP interfaces. +# Need to delete this rule to prevent overhead on interface creation stage. +lib/systemd/network/99-default.link + +# T3774: Disabled atop services. +etc/cron.d/atop + +# T3912: Remove superfluous motd.d kernel version shell script. +etc/update-motd.d/10-uname + +# T4415: We do not need any documentation on the system. +# Copyright/licenses files are ignored for deletion. +usr/share/doc/*/!(copyright*|README*) +usr/share/doc-base + +# T5468: We do not need any manpages on the system since man-binary is missing. +usr/local/man/* +usr/local/share/man/* +usr/share/man/* + +# T5511: We do not need any games on the system. +usr/games/* +usr/local/games/* + +# T5511: We do not need any caches on the system (will be recreated when needed). +var/cache/* + +# T5511: We do not need any log-files on the system (will be recreated when needed). +var/log/*.log +var/log/*/*.log +var/log/*/*.log.xz + +# T5511: We do not need any backup-files on the system (will be recreated when needed). +... *.bak +... *.old +... *.kbx~ +var/lib/dpkg/*-old + +# T5624: Remove the Debian version file to avoid false positives from security scanners. +etc/debian_version + diff --git a/data/versions b/data/versions index 55844c73..a1cbe558 100644 --- a/data/versions +++ b/data/versions @@ -1,3 +1,3 @@ { - "current": "1.4" + "current": "1.5" } |