summaryrefslogtreecommitdiff
path: root/data/live-build-config/includes.chroot
AgeCommit message (Collapse)Author
2024-11-13image-tools: T6864: keep file necessary for compat add imageJohn Estabrook
Revert "T1416: remove deprecated default-union-grub-entry" This reverts commit d50707bb295dbd4bc50e3d0301fc8be605448429. The file grub/default-union-grub-entry and its companion install-image/postinst are needed for 'compatibility-mode' upgrades: when upgrading from a system with legacy image-tools, those two files are expected to exist in the mounted image of the target iso.
2024-09-25T861: sign all Kernel modules with an ephemeral keyChristian Breunig
The shim review board (which is the secure boot base loader) recommends using ephemeral keys when signing the Linux Kernel. This commit enables the Kernel build system to generate a one-time ephemeral key that is used to: * sign all build-in Kernel modules * sign all other out-of-tree Kernel modules The key lives in /tmp and is destroyed after the build container exits and is named: "VyOS build time autogenerated kernel key". In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it unable to load any Kernel Module to the image that is NOT signed by the ephemeral key.
2024-09-14T861: add UEFI Secure Boot supportChristian Breunig
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
2024-09-05T1416: remove deprecated default-union-grub-entryChristian Breunig
2024-06-05migration: T6006: move config.boot.default to vyos-1xJohn Estabrook
2024-05-16T6356: normalize '.., ntp, server' path syntax in config.boot.defaultJohn Estabrook
2024-04-11Enhance config.boot.default NTP allow-clients for T5694 and T6123Ginko
Adds ipv4/ipv6 localhost, link-local and private address as allowed-clients to NTP service.
2024-04-02Update the rolling release signing keyDaniil Baturin
2024-03-22ixgbe: T6155: remove modprobe.d option fileChristian Breunig
2024-02-28banner: T6077: implement ASCII contest winner default logoChristian Breunig
2024-01-14T5945: add minisign public key for rolling releasegreenpsi
2023-12-20ssh: T5841: Remove ssh-session-cleanup.serviceIndrajit Raychaudhuri
With libpam-systemd >= 230-2, ssh-session-cleanup.service is no longer necessary because when `UsePAM yes` in `/etc/ssh/sshd_config` (which is the default), SSH sessions are cleaned up automatically when ssh-server is shutdown or the system is rebooted.
2023-12-14initramfs: T5824: Added `openssl.cnf` to initramfszsdc
Without `openssl.cnf` software that uses `libssl` (for example busybox) has issues with connections to some HTTPS servers.
2023-08-16netplug: T5476: move configuration files to vyos-1x repoChristian Breunig
2023-06-17qat: fix file permission in rootfs - 755 not requiredChristian Breunig
2023-05-21T5234: move BASH skeleton files to vyos-1x repoChristian Breunig
2023-03-08Merge pull request #302 from sempervictus/bug/udev_rename_deadlockChristian Breunig
T4966: Delay UDEV execution, avoid rename deadlock
2023-02-12T5001: Replace links to the phabricator siteChristian Breunig
Replace links to the phabricator site from https://phabricator.vyos.net to https://vyos.dev
2023-01-31T4966: Delay UDEV execution, avoid rename deadlockRageLtMan
UDEV will rename interfaces from whatever the kernel called them to eX before converting them to ethX during init. In current VyOS, the second renaming operation can run into a lock on the adapter preventing altering its name. As a result, the adapter will remain in the eX configuration, preventing proper execution of subsequent scripts and configuration stanzas. The initial renaming step has to remain as it is needed to work around other issues, which leaves the somewhat hacky approach of delaying the second renaming step slightly in an effort to let the device lock holders settle, releasing it for rename to ethX. This is accomplished by a kernel commandline paramter (3s), which can be tweaked to reduce impact or wait longer as needed on different devices - udev.exec_delay=3
2021-12-19T4084: add the default VyOS post-login banner to the imageDaniil Baturin
2021-11-07Revert "T3912: use a more informative default login banner"Christian Poessinger
This reverts commit c93c12d0813b276501562bc88bea68daee60b266.
2021-10-17T3912: use a more informative default login bannerDaniil Baturin
2021-10-16T3879: bugfix GPG signature validation on image installChristian Poessinger
(cherry picked from commit f9c89e3565037b4f60aef2577f9fdaa70da7b751)
2021-09-20Revert "Merge pull request #186 from erkin/current"John Estabrook
This reverts commit c753685173a48fdc2e47694f4b896e241caa7beb, reversing changes made to 1d3d0401eeb9e8138f606433b6bbcd8c3f76c898.
2021-09-11T3821: Hardcode component versions in configuration fileserkin
2021-05-27ntp: T2123: Change NTP servers in default configsDmitriyEshenko
2021-04-09chroot: import modprobe.d/no-copybreak.conf from vyatta-cfg-systemChristian Poessinger
2021-04-03T2108: add main and backup minisign release keys.Daniil Baturin
2021-01-17Kernel: T3218: remove unavailable RSS parameter from intel driver optionsChristian Poessinger
This is a roundup commit to ae2279e ("Kernel: no longer build Intel out-of-tree NIC drivers") as the in-tree drivers do not support this option, the always use the maximum available number.
2020-12-15netplug: T3130: add VyOS specific helper scriptChristian Poessinger
2020-12-14netplug: T3130: replace vyos-netplug with upstream Debian versionChristian Poessinger
2020-11-13Revert "QAT: T2968: add support for Intel Atom C2000 platform"Christian Poessinger
This reverts commit b234558db422390ed4d995e9134fe91c37d6cc8f.
2020-10-17modules: T2984: Increase HW queuesDmitriyEshenko
2020-10-09QAT: T2968: add support for Intel Atom C2000 platformChristian Poessinger
2020-09-30QAT: T2932: Replace symlinks to filesDmitriyEshenko
2020-07-05T2678: Fixing massive memory usage with ssh and large number of routeskroy
2020-05-30QAT: import device configuration filesChristian Poessinger
2020-05-20systemd-bootchart: add configurationChristian Poessinger
2020-04-19chroot: T2340: add /etc/login.defsChristian Poessinger
2020-03-10T2118: Add fsck tools to initramfs imagekroy-the-rabbit
2020-02-28initramfs: T1971: Extended initramfs-hook scriptzsdc
Included: * libnss_dns.so.2 (required for DNS resolving from initramfs) * ca-certificates.crt (required for fetching files via HTTPS)
2020-02-25initramfs: T1971: Added initramfs-hook script for including moduleszsdc
The script allows include to initramfs or include and force to load any modules, listed inside. Initially, the script replaces the trick used for intel drivers
2020-02-05login: T1948: level node has been dropped from userChristian Poessinger
There is no sense in having a user level when infact there is only the one level "admin".
2020-01-25VMware: move additional files to vyos-1x-vmware packageChristian Poessinger
2019-12-27vmware-tools: import script file from vyos-vmwaretools-scripts repoChristian Poessinger
2019-09-20T1676: [equuleus] buster: update GRUB boot parameters during upgradeJohn Estabrook
2019-09-06openvpn: T1630: add sudo configuration for openvpn userChristian Poessinger
2019-07-31[intel] T1554: enable RSS and Multiqueue for Intel IGB/IXGBE driversChristian Poessinger
2019-04-16T1327: Set the serial console speed to 115200 by defaultJohn Estabrook
Set the serial console speed to 115200 in all build scripts, as is the standard for current boards. This avoids an annoyance for users of the livecd, and makes the defaults in build scripts in tools/ and scripts/ consistent.
2019-03-22T1310: use FQDN as hostname in config promptChristian Poessinger
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-05 13:33:03 +0000