Development July 2014

development@lists.ipfire.org

10 participants
13 discussions

Introducing DDNS
by Michael Tremer 21 Jun '16

21 Jun '16

Hello, this is a post to update you all about the recent developments regarding the support for the various upcoming dynamic DNS providers. Rationale Some of the major dynamic DNS providers stopped their free services or made them unusable so that people started searching for alternatives. In IPFire 2, a script called setddns.pl [1] is responsible for updating the dynamic DNS records. This script has grown over the last couple of months and if you have looked into it you will have noticed that it has become from ugly to almost un-maintainable. The decision that we don't want to take this mess with us into the next generation of IPFire was already made many years ago. DDNS A project called ddns was started which is a pure Python client that is much more flexible, cleanly rewritten and easily extensible. It is cross-platform, cross-distribution and does not need any third-party python modules. The basics already written years ago, Stefan Schantl and I worked on making this ready for IPFire 2 and added all the providers that are currently supported by setddns.pl and ez-ipupdate. The source for the new DDNS tool can be found over here: http://git.ipfire.org/?p=ddns.git;a=summary or on GitHub https://github.com/ipfire/ddns were you can send us pull requests for supporting new providers and so on. Bug reports go to the usual place: https://bugzilla.ipfire.org/describecomponents.cgi?product=DDNS%20Updater There is no fixed release schedule for this, but we are pretty sure that this won't take long until DDNS arrives in IPFire 2. That means that we won't take any patches for the setddns.pl script that add support for new providers any more. We appreciate any contribution and as always hope to get some feedback back from the community! Best, -Michael [1] http://git.ipfire.org/?p=ipfire-2.x.git;a=blob;f=src/scripts/setddns.pl;h=5…

6 18

Nagios Plugins Compile Hangs up
by Sascha Kilian 15 Aug '14

15 Aug '14

Hi, i have a problem with the nagios-plugin compilation, it hangs up by checking icmpv6 ping syntax. i try to compile nagios without ipv6 and sends a patch. I remember that IPFire-2.x comes without ipv6 support by default ?! best regards Sascha

2 3

MySQL - 5.6.19
by Sascha Kilian 15 Aug '14

15 Aug '14

Hi there, i have committed a fix for my MySQL 5.6.19. The first version dont really worked in a fresh IPFire build https://bitbucket.org/tikira/ipfire-2.x/commits/02c5d5a5ee6d79c275c0edde51a… best regards Sascha

2 1

OpenVPN - DEPRECATED OPTION: --tls-remote
by ummeegge 11 Aug '14

11 Aug '14

Hi all, since the update to OpenVPN version 2.3 on IPFire the client log message "DEPRECATED OPTION: --tls-remote, please update your configuration" appears. so the clientside directive "--tls-remote" will be removed from OpenVPN in one of the comming versions --> https://community.openvpn.net/openvpn/wiki/Openvpn23ManPage . For future updates of OpenVPN on IPFire (2.4+) it will be important to modify existing client.ovpn´s and replace the "--tls-remote name" with the new "--verify-x509-name name type" directive. Since OpenVPN client/server version 2.3.2 the new verify option can be used in client configs whereby "type" includes the possibilty of 3 different kinds of verification --> "subject", "name" and "name-prefix" . This leads to a question which one of the "types" should be used for future versions on IPFire. At this time IPFire handles "--tls-remote" automatically and it can´t be configured over the WUI, this is handy cause the user doesn´t need to bother around with all that kind of settings, but should this remain in that way also for the new verification method ? Also, to use "--verify-x509-name" the clients needs to have a version >= 2.3.2 otherwise the connection won´t come up so there is no backwards compatibility with the new directive and version =< 2.3.1 . May some people out there have some ideas, informations, ...., for this topic ? Anyway a discussion about that might be interesting. Greetings, Erik

2 2

New addon monit
by Dirk Wagner 11 Aug '14

11 Aug '14

Hi, I created a new addon monit http://mmonit.com/monit/ Here is a nice presentation what monit can do for you: http://slides.com/tildeslash/monit#/ Plz pull from: http://git.ipfire.org/?p=people/glotzi/ipfire-2.x.git;a=shortlog;h=refs/hea…

2 1

Re: LuaJIT Panic on IPFire
by Ghislain Hachey 30 Jul '14

30 Jul '14

On 7/29/14, 18:00, development-request(a)lists.ipfire.org wrote: >> I am trying to achieve something here I don't know if this is >> >supported. I've built a custom addon for ntopng, a traffic monitoring >> >tool which makes use of LuaJIT for its web UI scripting language >> >(which is great for embedded devices). When starting the service on my >> >home IPFire I quickly get the following error message. >> > >> >PANIC: unprotected error in call to Lua API (runtime code generation >> >failed, restricted kernel?) >> > >> >Which leads me to think that a JIT is not supported in the kernel >> >configuration of IPFire, or am I way off? This is a tool I'd really >> >like to get working on my IPFire, any ideas? > Check the kernel log. If PaX mprotect has stopped the execution it will > be logged > and in most cases the protection can disabled for single binaries with > paxctl. > > Arne Thanks Arne, That seem to have fixed the problem. I found the following in logs: # grep -nir "pax" messages 311236:Jul 27 16:17:00 shockwave kernel: PAX: From 192.168.3.116: execution attempt in: <anonymous mapping>, 4eb62000-4ec2a000 4eb62000 311237:Jul 27 16:17:00 shockwave kernel: PAX: terminating task: /usr/local/bin/ntopng(ntopng):23772, uid/euid: 1001/1001, PC: 4eb69f89, SP: 4ac2af70 311238:Jul 27 16:17:00 shockwave kernel: PAX: bytes at PC: c7 05 bc a2 c0 4e 01 00 00 00 8b 7a f8 8b 7f 08 81 7f 1c ff 311239:Jul 27 16:17:00 shockwave kernel: PAX: bytes at SP-4: 080f92b1 4ec0a1c0 4ebcce00 4ebcce08 4ec0b328 4ebfcbf0 00000001 4ebfcbe0 4ec0a1f0 00000000 081a0e8c 0815d816 080e7ccd 4ec0a1c0 00000000 00000000 00000000 0819f2e4 0b076cd8 081a0e8c 080800b0 and I disabled mprotect with: # paxctl -m /usr/local/bin/ntopng Also, while I was familiarizing myself with grsecurity I noticed that other utilities such as pspax, execstack, scanelf and dumpelf are not available in IPFire. Is there a particular reason for this? Regards, -- GH

1 0

IPFire Building Packages
by Ghislain Hachey 29 Jul '14

29 Jul '14

Hi, I started building my own packages for IPFire and could use a little guidance. The package I want to add to pakfire has a number of dependencies. It goes like this: * Several are already part of IPFire (libpcap, libtool, autoconf tools, and some more). I don't need to do anything in most cases, but what if my package requires a newer version than the one available in pakfire? * At least one dependency is not already available (it's redis). I already created a pakfire package for this one and tested it on my own IPFire box, seems to work. * Yet some other dependencies are typically downloaded and compiled as part of the make step of the package build. My understanding of why it is this way is because of the tight integration between the software and those dependencies. My question is this: is it necessary to create pakfire packages for the ones usually downloaded and compiled in make process, or is it ok to let the make process take care of it? One more thing worth mentioning is that some of those packages automatically downloaded and compiled are available in IPFire (like rrdtool). Will that create conflicts or can it safely coexists? Some more questions: * When install my redis pakfire package I get the message "/opt/pakfire/lib/functions.sh: line 91: /etc/init.d/: is a directory", why is that? * Should a make test step (if there is one) be included in the lfs definition? * Again in the lfs definition, what's the difference between using "install -v -m644 $(DIR_SRC)/config/redis/redis.conf /etc/redis/redis.conf" and "cp $(DIR_SRC)/config/redis/redis.conf /etc/redis/redis.conf". Which one should I use? Which one should I use for initscripts? I've looked at several other lfs files but seems things are done slightly differently which makes it a bit harder to understand. * I don't see anywhere in the lfs definition how I would run a process as a new non-root user. I see many add-ons runb as root which is not as secure as it could be. What is best practice here and how to go about it. Regards. -- GH

4 17

Bitbucket.org IPFire Branch for MySQL 5.6.19, new function in make.sh, fixed IPV6 issues with nagios plugins
by Sascha Kilian 14 Jul '14

14 Jul '14

Hi there, i have readed some Emails from me ago and have seen that Michael sayd, that i have to make a "public" repository to better see the differences. Now i have uploaded my ipfire to bitbucket.org. https://tikira@bitbucket.org/tikira/ipfire-2.x.git i hope you addapt it and can say me what i can do better to help IPFire :) Best regards from Germany / Berlin Sascha Kilian

1 0

merge request for the owncloud-addon
by Daniel Weismüller 10 Jul '14

10 Jul '14

Hi I've commited a new addon: owncloud 6.0.4 http://git.ipfire.org/?p=people/dweismueller/ipfire-2.x.git;a=shortlog;h=re… Please merge it to the "next"-tree. - Daniel -- You need a firewall? Easy to use? Powerful? Modular? For free? www.ipfire.org An Open Source Firewall Solution --- Diese E-Mail ist frei von Viren und Malware, denn der avast! Antivirus Schutz ist aktiv. http://www.avast.com

1 0

Please rework next commit 23b810171806939a23c3d5df7758b90dda357116 !!!
by Arne Fitzenreiter 10 Jul '14

10 Jul '14

Hi Micha, hi Dirk, I think it is not a good idea to complete overwrite the logrotate.conf at update because there are some user configurable settings inside. It is better to use sed for adding the include line... http://git.ipfire.org/?p=ipfire-2.x.git;a=commit;h=23b810171806939a23c3d5df… Arne

2 1

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development July 2014