| Age | Commit message (Collapse) | Author |
|---|
|
from 1.3.x
|
|
|
|
The issue ONLY appears on small terminals where systemd automatically truncates
the lines to match the terminal width - so far so good. The BUG is, if
truncation happens in the service name which is BOLD you're pretty much
screwed, as truncation will not reset the color.
We can set StatusUnitFormat=description in /etc/systemd/system.conf which will
not print the service long description to avoid truncation making the boot a
little less verbose.
This actually restores the behavior of VyOS 1.3
|
|
T7367: syslog.service links to rsyslog.service - thus disable it, too
|
|
The default syslog implementation should make syslog.service a symlink to
itself, so that this socket activates the right actual syslog service. As
rsyslog service is already disabled - also take care of the linked service.
|
|
to be disabled by default
|
|
T7353: netplug.service is started by vyos-router
|
|
Netplug daemon is started last after all interfaces got initialized to
properly monitor them for up/down events.
|
|
|
|
|
|
|
|
|
|
|
|
T7121: Set up communication vyconfd to vyos-commitd
|
|
that may be generated by postinstall scripts
to prevent accidental use of non-unique keys
baked into images
|
|
|
|
T6989: disable rsyslog service
|
|
The pseudo-constellation can be nicknamed "Operarius" ("The Worker")
(genitive singular: "Operarii")
Image by Oleg Gorobets
|
|
|
|
|
|
T6718: use the vyconf daemon for validation of set commands
|
|
Revert "T1416: remove deprecated default-union-grub-entry"
This reverts commit d50707bb295dbd4bc50e3d0301fc8be605448429.
The file grub/default-union-grub-entry and its companion
install-image/postinst are needed for 'compatibility-mode' upgrades:
when upgrading from a system with legacy image-tools, those two files
are expected to exist in the mounted image of the target iso.
|
|
|
|
|
|
|
|
The shim review board (which is the secure boot base loader) recommends using
ephemeral keys when signing the Linux Kernel. This commit enables the Kernel
build system to generate a one-time ephemeral key that is used to:
* sign all build-in Kernel modules
* sign all other out-of-tree Kernel modules
The key lives in /tmp and is destroyed after the build container exits and is
named: "VyOS build time autogenerated kernel key".
In addition the Kernel now uses CONFIG_MODULE_SIG_FORCE. This now makes it
unable to load any Kernel Module to the image that is NOT signed by the
ephemeral key.
|
|
As the VyOS Linux Kernel will be compiled with CONFIG_MODULE_SIG_FORCE all
driver modules need to be cryptographically signed. This happens during build
of the Kernel and it's 3rd party modules.
Stripping the objects would remove said signature and the system will be unable
to boot b/c of CONFIG_MODULE_SIG_FORCE.
|
|
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.
NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:
data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
|
|
|
|
|
|
As of Debian version 4.9.5+ds1-1 podman increased the dependency on
libc6 and libgpgme11t64.
podman : Depends: libc6 (>= 2.38) but 2.36-9+deb12u7 is to be installed
Depends: libgpgme11t64 (>= 1.4.1) but it is not going to be installed
Pin the version to a prior one that requires the old libc.
|
|
|
|
As we got rid of most of the old vyatta packages we can now also discontinue
vyos-world. It only served the purpose of keeping the package list during ISO
build small.
|
|
|
|
|
|
hooks: T6346: set default boot target to multi-user.target
|
|
|
|
T6333 non-free-firmware to trixie
|
|
|
|
suricata: T751: Disable suricata.service by default
|
|
|
|
|
|
|
|
Picture courtesy of Oleg Gorobets
|
|
Adds ipv4/ipv6 localhost, link-local and private address as allowed-clients to NTP service.
|
|
T6228: Cleanup of not existing systemd units
|
|
Delete not existing units:
```
06:12:51 Failed to disable unit, unit logd.service does not exist.
06:12:51 Failed to disable unit, unit heartbeat.service does not exist.
```
|
|
The builder log:
```
06:12:53 Failed to disable unit, unit vpp.service does not exist.
```
|
|
|
|
|
