| Age | Commit message (Collapse) | Author |
|---|
|
When enabled this does:
This option enables the integrity subsystem, which is comprised of a number of
different components including the Integrity Measurement Architecture (IMA),
Extended Verification Module (EVM), IMA-appraisal extension, digital signature
verification extension and audit measurement log support.
We do not support secure-boot thus we do not need keyrings.
|
|
Enabling this would do:
Enable auditing infrastructure that can be used with another kernel subsystem,
such as SELinux (which requires this for logging of avc messages output). System
call auditing is include on architectures which support it.
We have no SELinux.
|
|
When enabled this addditional feature does:
Enables additional kernel features in a sake of checkpoint/restore. In
particular it adds auxiliary prctl codes to setup process text, data and heap
segment sizes, and a few additional /proc filesystem entries.
|
|
... we are a router and do not support SWAP partitions - swapping is slow, thus
all data must be in memory.
|
|
|
|
This reverts commit 78c43c2078e292ac9b53d2d6a41a47466d283914.
Unfortunately we must revert the Kernel upgrade as there are two problematic
issues. One which is the break of ABI functionality with parted [1] and second
the internal cryptop API [2] which removed required literals for the build of
Intel QAT acceleration.
In the two weeks running 5.8 we still learned a lot - we experienced a
performance improvement of ~30% when doing NAT @ > 10GBit/s and also utilizing
the build in updated drivers for Intel NICs and WireGuard.
We are looking forward to the release of this years LTS kernel and we hope to
ship this in the final 1.3 release.
1: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.8.y&id=692d062655
2: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git/commit/?h=linux-5.5.y&id=d63007eb95
|
|
|
|
qat: T2853: Enables QAT registration with Linux Kernel Crypto
|
|
|
|
accel-ppp: T2860: bump version for L2TP CVE fix
|
|
|
|
Instead of running "depmod -a" on every boot, run it once during ISO build
process.
|
|
|
|
|
|
|
|
... Kernel is appended a + to the version string when there are locally
modified files - which we have. This is prevented by the existence of the
.scmversion file.
|
|
|
|
|
|
We compile Intel QAT drivers from Intel driver release incl. user-space tools.
|
|
configd: T2582: support for vyos config script daemon
configd: T2582: add option to run testsuite with daemon (default off)
configd: T2582: enable vyos-configd.service
configd: T2582: add build dependency
|
|
|
|
|
|
|
|
This reverts commit 8b520c63ac705aa2c35579ebfbc053b5b6a1bccb.
CI tests also use parallel ATA interfaces in QAEmu - we probably should keep it
for "poor" virtualisation.
|
|
* 'kernel-5.8' of github.com:c-po/vyos-build:
Kernel: T2843: drop parallel ATA support
Kernel: T2843: enable Multipath TCP support
Kernel: T2843: enable APU2 LEDs and front button
Kernel: T2843: upgrade Kernel to v5.8.5
WireGuard: T2842: switch to binary package from buster-backports
|
|
|
|
|
|
|
|
Note: Intel does not provide a compatible QAT version. There is a custom patch
which make QAT compile for the specified Kernel version. This patch will change
the source to a non backwards-compatible version - this is fine as we run 5.8
anyways.
|
|
|
|
|
|
|
|
* wireguard user-space tools debian/1.0.20200513-1_bpo10+1
* wireguard-linux-compat kernel modules debian/1.0.20200712-1_bpo10+1
|
|
|
|
|
|
|
|
|
|
anyconnect: T2036: disable ocserv.service by default
|
|
|
|
|
|
packer.json: T2792: use iso_checksum field instead of iso_checksum_type
|
|
Latest packer dropped iso_checksum_type field.
Instead of iso_checksum_type field,
use iso_checksum field to specify checksum type.
|
|
|
|
T2766: vyos-build: build-config: arm64 is not a valid architecture
|
|
|
|
arm64 is not a configurable as a valid architecture to build a vyos system on.
This commit adds arm64 to the list of supported platforms to build a vyos system on
|
|
|
|
This reverts commit 1850f165abda3f3d0498220e56ca594dc8ecca9c.
|
|
|
|
The referenced scripts/build-packages script was a proof of concept from me
some time ago to build VyOS packages through a more or less tiny wrapper. The
script was not maintained at any time and randomly caused more harm then good.
The script has been abandoned and the documentation has been updated on how to
build individual VyOS packages.
|
