From 235d5b22a8368aee4696b1b2c84d702bf326a084 Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 1 Sep 2016 09:56:42 +0200 Subject: T18: Regression: jessie-based VyOS doesn't disconnect the SSH session before reboot --- .../hooks/18-disable_services.chroot | 27 --------------------- .../hooks/18-enable-disable_services.chroot | 28 ++++++++++++++++++++++ .../etc/systemd/system/sshd.service | 16 ------------- .../lib/systemd/system/ssh-session-cleanup.service | 13 ++++++++++ .../usr/lib/openssh/ssh-session-cleanup | 11 +++++++++ 5 files changed, 52 insertions(+), 43 deletions(-) delete mode 100755 data/live-build-config/hooks/18-disable_services.chroot create mode 100755 data/live-build-config/hooks/18-enable-disable_services.chroot delete mode 100644 data/live-build-config/includes.chroot/etc/systemd/system/sshd.service create mode 100755 data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service create mode 100755 data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup diff --git a/data/live-build-config/hooks/18-disable_services.chroot b/data/live-build-config/hooks/18-disable_services.chroot deleted file mode 100755 index c68a6b3d..00000000 --- a/data/live-build-config/hooks/18-disable_services.chroot +++ /dev/null @@ -1,27 +0,0 @@ -#!/bin/sh - -echo I: Disabling services. -systemctl disable exim4 -/usr/sbin/update-rc.d -f exim4 remove -systemctl disable isc-dhcp-server -/usr/sbin/update-rc.d -f isc-dhcp-server remove -systemctl disable isc-dhcp-relay -/usr/sbin/update-rc.d -f isc-dhcp-relay remove -systemctl disable nfacctd -/usr/sbin/update-rc.d -f nfacctd remove -systemctl disable pmacctd -/usr/sbin/update-rc.d -f pmacctd remove -systemctl disable sfacctd -/usr/sbin/update-rc.d -f sfacctd remove -systemctl disable uacctd -/usr/sbin/update-rc.d -f uacctd remove -systemctl disable lighttpd -/usr/sbin/update-rc.d -f lighttpd remove -systemctl disable ssh -/usr/sbin/update-rc.d -f ssh remove -systemctl disable openvpn -/usr/sbin/update-rc.d -f openvpn remove -systemctl disable dnsmasq -/usr/sbin/update-rc.d -f dnsmasq remove -systemctl disable lldpd -/usr/sbin/update-rc.d -f lldpd remove diff --git a/data/live-build-config/hooks/18-enable-disable_services.chroot b/data/live-build-config/hooks/18-enable-disable_services.chroot new file mode 100755 index 00000000..68971405 --- /dev/null +++ b/data/live-build-config/hooks/18-enable-disable_services.chroot @@ -0,0 +1,28 @@ +#!/bin/sh + +echo I: Enabling/Disabling services. +systemctl disable exim4 +/usr/sbin/update-rc.d -f exim4 remove +systemctl disable isc-dhcp-server +/usr/sbin/update-rc.d -f isc-dhcp-server remove +systemctl disable isc-dhcp-relay +/usr/sbin/update-rc.d -f isc-dhcp-relay remove +systemctl disable nfacctd +/usr/sbin/update-rc.d -f nfacctd remove +systemctl disable pmacctd +/usr/sbin/update-rc.d -f pmacctd remove +systemctl disable sfacctd +/usr/sbin/update-rc.d -f sfacctd remove +systemctl disable uacctd +/usr/sbin/update-rc.d -f uacctd remove +systemctl disable lighttpd +/usr/sbin/update-rc.d -f lighttpd remove +systemctl disable ssh +/usr/sbin/update-rc.d -f ssh remove +systemctl disable openvpn +/usr/sbin/update-rc.d -f openvpn remove +systemctl disable dnsmasq +/usr/sbin/update-rc.d -f dnsmasq remove +systemctl disable lldpd +/usr/sbin/update-rc.d -f lldpd remove +systemctl enable ssh-session-cleanup diff --git a/data/live-build-config/includes.chroot/etc/systemd/system/sshd.service b/data/live-build-config/includes.chroot/etc/systemd/system/sshd.service deleted file mode 100644 index e84142bb..00000000 --- a/data/live-build-config/includes.chroot/etc/systemd/system/sshd.service +++ /dev/null @@ -1,16 +0,0 @@ -[Unit] -Description=OpenBSD Secure Shell server -After=network.target auditd.service -ConditionPathExists=!/etc/ssh/sshd_not_to_be_run - -[Service] -EnvironmentFile=-/etc/default/ssh -ExecStart=/usr/sbin/sshd -D $SSHD_OPTS -ExecReload=/bin/kill -HUP $MAINPID -ExecStop=/usr/bin/killall sshd -KillMode=process -Restart=on-failure - -[Install] -WantedBy=multi-user.target -Alias=sshd.service diff --git a/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service new file mode 100755 index 00000000..b8672722 --- /dev/null +++ b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service @@ -0,0 +1,13 @@ +[Unit] +Description=OpenBSD Secure Shell session cleanup +Wants=network.target +After=network.target + +[Service] +ExecStart=/bin/true +ExecStop=/usr/lib/openssh/ssh-session-cleanup +RemainAfterExit=yes +Type=oneshot + +[Install] +WantedBy=multi-user.target diff --git a/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup new file mode 100755 index 00000000..f283cc96 --- /dev/null +++ b/data/live-build-config/includes.chroot/usr/lib/openssh/ssh-session-cleanup @@ -0,0 +1,11 @@ +#! /bin/sh + +ssh_session_pattern='sshd: \S.*@pts/[0-9]+' + +IFS="$IFS@" +pgrep -a -f "$ssh_session_pattern" | while read pid daemon user pty; do + echo "Found ${daemon%:} session $pid on $pty; sending SIGTERM" + kill "$pid" || true +done + +exit 0 -- cgit v1.2.3 From ae3572f2a55278f24fc47f17bd687eb8109585db Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 1 Sep 2016 10:29:31 +0200 Subject: ssh-session-cleanup.service should not executable --- .../includes.chroot/lib/systemd/system/ssh-session-cleanup.service | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100755 => 100644 data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service diff --git a/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service b/data/live-build-config/includes.chroot/lib/systemd/system/ssh-session-cleanup.service old mode 100755 new mode 100644 -- cgit v1.2.3 From a5d297e1ba627b726ee7dd9237d7141561eefdab Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 1 Sep 2016 13:53:08 +0200 Subject: stop accepting locale on the server --- data/live-build-config/hooks/04-locale.chroot | 1 + 1 file changed, 1 insertion(+) diff --git a/data/live-build-config/hooks/04-locale.chroot b/data/live-build-config/hooks/04-locale.chroot index 1c02db02..89a5f954 100755 --- a/data/live-build-config/hooks/04-locale.chroot +++ b/data/live-build-config/hooks/04-locale.chroot @@ -6,3 +6,4 @@ LANG=en_US.UTF-8 LC_ALL=C EOF +sed -i 's/AcceptEnv LANG LC_\*/# AcceptEnv LANG LC_\*/g' /etc/ssh/sshd_config -- cgit v1.2.3 From 5f83afa7815e866c9539feb1a58269d4555e33fc Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Fri, 2 Sep 2016 08:08:32 +0000 Subject: update kernel version to 4.4.15 update files needed for clearfog build --- scripts/live-build-config | 2 +- tools/armada-388-clearfog.dtb | Bin 18814 -> 19429 bytes tools/u-boot-spl.kwb | Bin 550316 -> 557788 bytes 3 files changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/live-build-config b/scripts/live-build-config index 52660571..7c51744c 100755 --- a/scripts/live-build-config +++ b/scripts/live-build-config @@ -36,7 +36,7 @@ lb config noauto \ --architectures {{architecture}} \ --bootappend-live "boot=live components hostname=vyos username=live nopersistence noautologin nonetworking union=overlay" \ --linux-flavours {{architecture}}-vyos \ - --linux-packages linux-image-4.4.5 \ + --linux-packages linux-image-4.4.15 \ --bootloader syslinux \ --binary-images iso-hybrid \ --debian-installer false \ diff --git a/tools/armada-388-clearfog.dtb b/tools/armada-388-clearfog.dtb index 71d28b83..cc25d96f 100755 Binary files a/tools/armada-388-clearfog.dtb and b/tools/armada-388-clearfog.dtb differ diff --git a/tools/u-boot-spl.kwb b/tools/u-boot-spl.kwb index b7dd4c8d..1ea4d759 100644 Binary files a/tools/u-boot-spl.kwb and b/tools/u-boot-spl.kwb differ -- cgit v1.2.3 From 146a2390cf6dad358f861c656e76b145c8ea373b Mon Sep 17 00:00:00 2001 From: Kim Hagen Date: Thu, 15 Sep 2016 10:14:43 +0200 Subject: T152: VyOS developer builds ship with an easy-to-guess user and password --- data/live-build-config/hooks/09-live.chroot | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/data/live-build-config/hooks/09-live.chroot b/data/live-build-config/hooks/09-live.chroot index e2f95ff3..f19f0ae6 100755 --- a/data/live-build-config/hooks/09-live.chroot +++ b/data/live-build-config/hooks/09-live.chroot @@ -1,6 +1,11 @@ #!/bin/sh # hack live script that tries to mount ext[23] floppies as root +# remove user settings live config scripts sed -e '/ln -s "${devname}"/,/return 0/ s/^/: FIXME/' \ -i /usr/share/initramfs-tools/scripts/live + +rm -rf /lib/live/config/0030-live-debconfig_passwd +rm -rf /lib/live/config/0030-user-setup +rm -rf /lib/live/config/0040-sudo -- cgit v1.2.3 From ae66df2b8b764df7bf2b3b6d3895358012791feb Mon Sep 17 00:00:00 2001 From: Yuya Kusakabe Date: Wed, 26 Oct 2016 14:41:26 +0900 Subject: Initial Hyper-V image --- Makefile | 7 +++++++ scripts/build-hyperv-image | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 39 insertions(+) create mode 100755 scripts/build-hyperv-image diff --git a/Makefile b/Makefile index 8889604d..8dbb7a92 100644 --- a/Makefile +++ b/Makefile @@ -51,6 +51,13 @@ vmware: @scripts/check-vm-build-env @scripts/build-vmware-image +.PHONY: hyperv +.ONESHELL: +hyperv: + @set -e + @scripts/check-vm-build-env + @scripts/build-hyperv-image + .PHONY: clearfog .ONESHELL: clearfog: clean prepare diff --git a/scripts/build-hyperv-image b/scripts/build-hyperv-image new file mode 100755 index 00000000..40c0c828 --- /dev/null +++ b/scripts/build-hyperv-image @@ -0,0 +1,32 @@ +#!/bin/sh +# +# Copyright (C) 2016 VyOS maintainers and contributors +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 or later as +# published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# +# File: build-hyperv-image +# Purpose: +# Build VyOS image for Hyper-V. + +export PACKER_BUILD_DIR=packer_build + +DST_DIR=${PACKER_BUILD_DIR}/hyperv +mkdir -p ${DST_DIR} + +# Convert raw image to VHD +source_image=${PACKER_BUILD_DIR}/qemu/vyos_qemu_image.img +vhd=${DST_DIR}/vyos_hyperv_image.vhd +qemu-img convert -f raw ${source_image} -O vpc ${vhd} +if [ "$?" = "0" ]; then + echo "Hyper-V image successfully created to ./${vhd}" +fi -- cgit v1.2.3