Re: Core Update 157 (testing) report

[Michael Tremer <michael.tremer@ipfire.org>]

[-- Attachment #1: Type: text/plain, Size: 2973 bytes --]

Hello,

> On 23 May 2021, at 17:15, Peter Müller <peter.mueller(a)ipfire.org> wrote:
> 
> Hello *,
> 
> Core Update 157 (testing, see: https://blog.ipfire.org/post/ipfire-2-25-core-update-157-available-for-testing)
> is running here for about two days by now. While it did not introduce a major issue or a show-stopper, some minor
> quirks came to my attention:
> 
> (a) As several other testers already noticed, the update script is missing a "/usr/local/bin/sshctrl" call to
>    apply changed SSH configurations. Patch https://patchwork.ipfire.org/patch/4351/ will fix that, bug #12627
>    has been filed for this.

Merged. Thank you.

> (b) Currently, the update still misses an updated version of the backup.pl script, leaving users vulnerable to
>    #12619. Patch https://patchwork.ipfire.org/patch/4352/ will fix that.

Also merged.

> (c) Other parts of the https://patchwork.ipfire.org/project/ipfire/list/?series=2069 patch series clean up
>    bits and pieces left over from pppd 2.4.8, and fix some permissions for NRPE plugins. Just mentioning that
>    for the sake of completeness, none of that is critical.

Merged this too, although it strictly didn’t need to be in 157.

> (d) The output of "memory.cgi" file is missing some information due to insufficient parsing of "free" results.
>    Bug #12628 has been filed for that - feel free to grab it and work on that, as the Perl script appears rather
>    hacky to me -; this issue appeared on Core Update 156 as well.

Looks like this is going into 158 then.

> Every now and then, I continue to suffer from an unknown bug causing VoIP calls not to be established properly (see:
> https://lists.ipfire.org/pipermail/development/2021-March/009656.html). The changelog file for Linux 4.14.222
> (https://cdn.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.14.222) mentions a commit f66f9f73e0303e0b498529cc72febbbfa11e2103,
> which reads "netfilter: conntrack: skip identical origin tuple in same zone only" and _might_ be related to that.
> 
> Unfortunately, I can currently neither confirm nor deny that this issue has been fixed, as I am unable to install
> the testing update on a second, productive IPFire machine as well.
> 
> Tested IPFire functionalities in detail:
> - IPsec (N2N connections only)
> - Squid (authentication enabled, using an upstream proxy)
> - OpenVPN (RW connections only)
> - IPS/Suricata (with Emerging Threats community ruleset enabled)
> - Guardian
> - Quality of Service
> - DNS (using DNS over TLS and strict QNAME minimisation)
> - Dynamic DNS
> - Tor (relay mode)
> 
> (a) to (c) require rebuilding Core Update 157. After this has been done and validated to be fixing the problems
> mentioned, I look forward to the release of this Core Update.

They are pushed and the build should be available in a couple of hours.

Thanks for the feedback…

-Michael

> 
> Thanks, and best regards,
> Peter Müller