Development March 2022

development@lists.ipfire.org

21 participants
110 discussions

[PATCH] ids-functions.pl: Merge same named rulefiles during extract.
by Stefan Schantl 06 Mar '22

06 Mar '22

In case a rulestarball contains several same-named rulefiles they have been overwritten each time and so only contained the content from the last extracted one. Now the content of those files will be merged by appending the content to the first extracted one for each time. Fixes #12792. Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org> --- config/cfgroot/ids-functions.pl | 34 +++++++++++++++++++++++++++++++-- 1 file changed, 32 insertions(+), 2 deletions(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 74d55def6..53ca1bdd4 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -572,8 +572,38 @@ sub extractruleset ($) { next; } - # Extract the file to the temporary directory. - $tar->extract_file("$packed_file", "$destination"); + # Check if the destination file exists. + unless(-e "$destination") { + # Extract the file to the temporary directory. + $tar->extract_file("$packed_file", "$destination"); + } else { + # Load perl module to deal with temporary files. + use File::Temp; + + # Generate temporary file name, located in the temporary rules directory and a suffix of ".tmp". + my $tmp = File::Temp->new( SUFFIX => ".tmp", DIR => "$tmp_rules_directory", UNLINK => 0 ); + my $tmpfile = $tmp->filename(); + + # Extract the file to the new temporary file name. + $tar->extract_file("$packed_file", "$tmpfile"); + + # Open the the existing file. + open(DESTFILE, ">>", "$destination") or die "Could not open $destination. $!\n"; + open(TMPFILE, "<", "$tmpfile") or die "Could not open $tmpfile. $!\n"; + + # Loop through the content of the temporary file. + while (<TMPFILE>) { + # Append the content line by line to the destination file. + print DESTFILE "$_"; + } + + # Close the file handles. + close(TMPFILE); + close(DESTFILE); + + # Remove the temporary file. + unlink("$tmpfile"); + } } } } -- 2.30.2

2 1

Re: [PATCH] dracut: Update to 056
by alf＠i100.no 05 Mar '22

05 Mar '22

Hi Regarding the new modules that have been added to dracut after v38, and the possible systemd dependencies, I wonder a bit about this line in the Makefile of dracut in ipfire https://github.com/ipfire/ipfire-2.x/blob/master/lfs/dracut#L79 rm -rf /usr/lib/dracut/modules.d/*{biosdevname,bootchart,dash,fips*,modsign,busybox,convertfs,network,ifcfg,url-lib,gensplash,cms,plymouth,btrfs,crypt*,dm,dmraid,dmsquash-live,livenet,lvm,multipath,qemu*,cifs,dasd*,fcoe*,iscsi,nbd,nfs,resume,ssh-client,zfcp*,systemd*,znet,securityfs,masterkey,selinux,usrmount,uefi-lib} I am assuming that is removing dracut modules that one for certain do not need. I guess some of the new modules introduced between v38 and v56(current) of dracut should also be but on that "rm" list ? I.e some new dracut modules depends on systemd, and some are for s390, for example. I was playing a bit with grep'ing the module-setup.sh files of dracut, to find modules that depends on systemd for example. I.e. some way of finding the modules that "at least" should be put on the "rm" list. I'm unsure if you have any semi automatic way of doing that, or are fully manually needing to review the modules. From what I can see, dracut should fully support being used without systemd, since the modules are signalling dependencies on systemd. But modules that are only for s390 for example, needs to be detected manually I think. The dracut.conf file also has the possibility to omit modules, by the omit_dracutmodules variable, but that does not seem to be used currently by ipfire. Regards Alf

1 1

[PATCH] optionsfw.cgi: Add default settings for newly added options.
by Stefan Schantl 05 Mar '22

05 Mar '22

If no settings for those features can be obtained from the settings file, set them to the following defaults. * DROPSPOOFEDMARTIAN -> on (yes) * DROPHOSTILE -> off (no - because only fresh installed systems should do this) * LOGDROPCTINVALID -> on (yes) Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org> --- html/cgi-bin/optionsfw.cgi | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/html/cgi-bin/optionsfw.cgi b/html/cgi-bin/optionsfw.cgi index 5611b71b7..fbff67b2f 100644 --- a/html/cgi-bin/optionsfw.cgi +++ b/html/cgi-bin/optionsfw.cgi @@ -88,6 +88,15 @@ if (!$settings{'MASQUERADE_ORANGE'}) { if (!$settings{'MASQUERADE_BLUE'}) { $settings{'MASQUERADE_BLUE'} = 'on'; } +if (!$settings{'DROPSPOOFEDMARTIAN'}) { + $settings{'DROPSPOOFEDMARTIAN'} = 'on'; +} +if (!$settings{'DROPHOSTILE'}) { + $settings{'DROPHOSTILE'} = 'off'; +} +if (!$settings{'LOGDROPCTINVALID'}) { + $settings{'LOGDROPCTINVALID'} = 'on'; +} $checked{'DROPNEWNOTSYN'}{'off'} = ''; $checked{'DROPNEWNOTSYN'}{'on'} = ''; -- 2.30.2

2 1

[PATCH] ids-functions.pl: Do not create an empty ignored settings file.
by Stefan Schantl 05 Mar '22

05 Mar '22

The file will be created by the WUI, when adding the first host. Signed-off-by: Stefan Schantl <stefan.schantl(a)ipfire.org> --- config/cfgroot/ids-functions.pl | 1 - 1 file changed, 1 deletion(-) diff --git a/config/cfgroot/ids-functions.pl b/config/cfgroot/ids-functions.pl index 53ca1bdd4..7223e6bea 100644 --- a/config/cfgroot/ids-functions.pl +++ b/config/cfgroot/ids-functions.pl @@ -153,7 +153,6 @@ sub check_and_create_filelayout() { unless (-f "$suricata_default_rulefiles_file") { &create_empty_file($suricata_default_rulefiles_file); } unless (-f "$ids_settings_file") { &create_empty_file($ids_settings_file); } unless (-f "$providers_settings_file") { &create_empty_file($providers_settings_file); } - unless (-f "$ignored_file") { &create_empty_file($ignored_file); } unless (-f "$whitelist_file" ) { &create_empty_file($whitelist_file); } } -- 2.30.2

1 0

[PATCH] dracut: Update to 056
by alf＠i100.no 05 Mar '22

05 Mar '22

Hi Regarding the patching of the "mdraid" code, modules.d/90mdraid/parse-md.sh, to reduce the code amount maintained in ipfire, would it be an idea to rather patch this part of the original dracut code if { [ -z "$MD_UUID" ] && ! getargbool 0 rd.auto; } || ! getargbool 1 rd.md -d -n rd_NO_MD; then info "rd.md=0: removing MD RAID activation" udevproperty rd_NO_MD=1 else # rewrite the md rules to only process the specified raid array I.e. to rather patch it to if false; then info "rd.md=0: removing MD RAID activation" udevproperty rd_NO_MD=1 else # rewrite the md rules to only process the specified raid array That would save about 25 lines of patch code that needs to be maintained, and you would just have one simple line of patch to maintain. Or is the rationale that if dracut ever changes the code related to mdraid, you want your patch to run into conflict, so you get a hint that you need to put some extra testing effort into systems with mdraid ? I also read the dracut documentation, to try to understand if you could rather send in some of the parameters that it checks, as part of the dracut invocation, but was unable to figure it out. To me, it seems like these parameters are picked up from the kernel command line from boot. Regards Alf

1 0

Re: [PATCH] dracut: Update to 056
by alf＠i100.no 05 Mar '22

05 Mar '22

Hi Note that the patching to add hyperv_keyboard seems unnecessary, since that module is in the drivers/input/serio https://github.com/torvalds/linux/blob/d54f486035fd89f14845a7f34a97a3f5da4e… as far as I can see. And dracut now includes all of those module https://github.com/dracutdevs/dracut/blob/056/modules.d/90kernel-modules/mo… since version 45 That dracut change to include all HID Devices was one of the items I saw in the changelog that prompted me to suggest to update dracut in Ipfire Regards Alf

1 0

IPFire standards for unit of speed and date formats
by Jon Murphy 04 Mar '22

04 Mar '22

Hello all, Maybe the Devs can discuss this during the March 7th, 2022 <https://wiki.ipfire.org/devel/telco/2022-03-07> Monthly Video Conference meeting? Could we create an IPFire standard for units of transfer speed? And for format of dates? These standards would be used mostly within the WebGUI. And hopefully on the Wiki, Community and all other IPFire entities. Speed ------- Ask: Pick Mbps (or maybe Mbit/s) as the official standard for IPFire. This is a capital `M` for Mega and not a small `m` for milli. Suggest a maximum of three decimal places (digits to right of decimal point). Mbps would replace other unit seen like kbit/s, Mbit/s in Traffic In/Out (example Traffic: In 255.70 kbit/s Out 5.49 Mbit/s). Date ----- Ask: Pick a date format of yyyy-mm-dd as the official standard for IPFire. I've seen dates like mm/dd/yyyy and dd/mm/yyyy. Other Standards ------------------- Should data units be reviewed? as MB (Megabytes) and not KiB. I can add some images if it helps, but I am guessing it is not needed. See: https://imgs.xkcd.com/comics/standards.png <https://imgs.xkcd.com/comics/standards.png> Thank you! Jon

3 3

[PATCH] dracut: Update to 056
by Peter Müller 04 Mar '22

04 Mar '22

This one was desperately in need of an upgrade, as dracut 038 was released 8 YEARS ago. Hence, the changelog since is way too long to include it here; refer to https://git.kernel.org/pub/scm/boot/dracut/dracut.git/tree/NEWS.md for details. See also: #12773 Signed-off-by: Peter Müller <peter.mueller(a)ipfire.org> --- config/rootfiles/common/dracut | 111 +++++++++++++++++- lfs/dracut | 11 +- .../dracut-038-always-enable-mdraid.patch | 55 --------- ...38_add_hyperv-keyboard_and_sdhci-pci.patch | 12 -- .../dracut-056-always-enable-mdraid.patch | 68 +++++++++++ ...56_add_hyperv-keyboard_and_sdhci-pci.patch | 12 ++ 6 files changed, 191 insertions(+), 78 deletions(-) delete mode 100644 src/patches/dracut-038-always-enable-mdraid.patch delete mode 100644 src/patches/dracut-038_add_hyperv-keyboard_and_sdhci-pci.patch create mode 100644 src/patches/dracut-056-always-enable-mdraid.patch create mode 100644 src/patches/dracut-056_add_hyperv-keyboard_and_sdhci-pci.patch diff --git a/config/rootfiles/common/dracut b/config/rootfiles/common/dracut index 03379b4d6..0d6009b5c 100644 --- a/config/rootfiles/common/dracut +++ b/config/rootfiles/common/dracut @@ -3,18 +3,24 @@ etc/dracut.conf.d usr/bin/dracut usr/bin/dracut-catimages usr/bin/lsinitrd -usr/bin/mkinitrd usr/lib/dracut #usr/lib/dracut/dracut-functions #usr/lib/dracut/dracut-functions.sh +#usr/lib/dracut/dracut-init.sh #usr/lib/dracut/dracut-initramfs-restore #usr/lib/dracut/dracut-install #usr/lib/dracut/dracut-logger.sh +#usr/lib/dracut/dracut-util #usr/lib/dracut/dracut-version.sh #usr/lib/dracut/dracut.conf.d #usr/lib/dracut/modules.d #usr/lib/dracut/modules.d/00bash #usr/lib/dracut/modules.d/00bash/module-setup.sh +#usr/lib/dracut/modules.d/00mksh +#usr/lib/dracut/modules.d/00mksh/module-setup.sh +#usr/lib/dracut/modules.d/00warpclock +#usr/lib/dracut/modules.d/00warpclock/module-setup.sh +#usr/lib/dracut/modules.d/00warpclock/warpclock.sh #usr/lib/dracut/modules.d/02caps #usr/lib/dracut/modules.d/02caps/README #usr/lib/dracut/modules.d/02caps/caps.sh @@ -22,26 +28,77 @@ usr/lib/dracut #usr/lib/dracut/modules.d/03rescue #usr/lib/dracut/modules.d/03rescue/module-setup.sh #usr/lib/dracut/modules.d/04watchdog +#usr/lib/dracut/modules.d/04watchdog-modules +#usr/lib/dracut/modules.d/04watchdog-modules/module-setup.sh #usr/lib/dracut/modules.d/04watchdog/module-setup.sh #usr/lib/dracut/modules.d/04watchdog/watchdog-stop.sh #usr/lib/dracut/modules.d/04watchdog/watchdog.sh +#usr/lib/dracut/modules.d/06dbus-broker +#usr/lib/dracut/modules.d/06dbus-broker/module-setup.sh +#usr/lib/dracut/modules.d/06dbus-daemon +#usr/lib/dracut/modules.d/06dbus-daemon/module-setup.sh +#usr/lib/dracut/modules.d/06rngd +#usr/lib/dracut/modules.d/06rngd/module-setup.sh +#usr/lib/dracut/modules.d/06rngd/rngd.service +#usr/lib/dracut/modules.d/09dbus +#usr/lib/dracut/modules.d/09dbus/module-setup.sh #usr/lib/dracut/modules.d/10i18n #usr/lib/dracut/modules.d/10i18n/10-console.rules #usr/lib/dracut/modules.d/10i18n/README #usr/lib/dracut/modules.d/10i18n/console_init.sh #usr/lib/dracut/modules.d/10i18n/module-setup.sh #usr/lib/dracut/modules.d/10i18n/parse-i18n.sh +#usr/lib/dracut/modules.d/35network-legacy +#usr/lib/dracut/modules.d/35network-legacy/dhclient-script.sh +#usr/lib/dracut/modules.d/35network-legacy/dhclient.conf +#usr/lib/dracut/modules.d/35network-legacy/dhcp-multi.sh +#usr/lib/dracut/modules.d/35network-legacy/ifup.sh +#usr/lib/dracut/modules.d/35network-legacy/kill-dhclient.sh +#usr/lib/dracut/modules.d/35network-legacy/module-setup.sh +#usr/lib/dracut/modules.d/35network-legacy/net-genrules.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-bond.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-bridge.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-ibft.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-ifname.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-ip-opts.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-team.sh +#usr/lib/dracut/modules.d/35network-legacy/parse-vlan.sh +#usr/lib/dracut/modules.d/35network-manager +#usr/lib/dracut/modules.d/35network-manager/initrd-no-auto-default.conf +#usr/lib/dracut/modules.d/35network-manager/module-setup.sh +#usr/lib/dracut/modules.d/35network-manager/nm-config.sh +#usr/lib/dracut/modules.d/35network-manager/nm-initrd.service +#usr/lib/dracut/modules.d/35network-manager/nm-lib.sh +#usr/lib/dracut/modules.d/35network-manager/nm-run.sh +#usr/lib/dracut/modules.d/35network-manager/nm-wait-online-initrd.service +#usr/lib/dracut/modules.d/35network-wicked +#usr/lib/dracut/modules.d/35network-wicked/module-setup.sh +#usr/lib/dracut/modules.d/35network-wicked/wicked-config.sh +#usr/lib/dracut/modules.d/35network-wicked/wicked-run.sh #usr/lib/dracut/modules.d/50drm #usr/lib/dracut/modules.d/50drm/module-setup.sh +#usr/lib/dracut/modules.d/62bluetooth +#usr/lib/dracut/modules.d/62bluetooth/module-setup.sh +#usr/lib/dracut/modules.d/80lvmmerge +#usr/lib/dracut/modules.d/80lvmmerge/README.md +#usr/lib/dracut/modules.d/80lvmmerge/lvmmerge.sh +#usr/lib/dracut/modules.d/80lvmmerge/module-setup.sh +#usr/lib/dracut/modules.d/81cio_ignore +#usr/lib/dracut/modules.d/81cio_ignore/module-setup.sh +#usr/lib/dracut/modules.d/81cio_ignore/parse-cio_accept.sh +#usr/lib/dracut/modules.d/90dmsquash-live-ntfs +#usr/lib/dracut/modules.d/90dmsquash-live-ntfs/module-setup.sh #usr/lib/dracut/modules.d/90kernel-modules +#usr/lib/dracut/modules.d/90kernel-modules-extra +#usr/lib/dracut/modules.d/90kernel-modules-extra/module-setup.sh #usr/lib/dracut/modules.d/90kernel-modules/insmodpost.sh #usr/lib/dracut/modules.d/90kernel-modules/module-setup.sh #usr/lib/dracut/modules.d/90kernel-modules/parse-kernel.sh +#usr/lib/dracut/modules.d/90kernel-network-modules +#usr/lib/dracut/modules.d/90kernel-network-modules/module-setup.sh #usr/lib/dracut/modules.d/90mdraid #usr/lib/dracut/modules.d/90mdraid/59-persistent-storage-md.rules #usr/lib/dracut/modules.d/90mdraid/65-md-incremental-imsm.rules -#usr/lib/dracut/modules.d/90mdraid/md-noddf.sh -#usr/lib/dracut/modules.d/90mdraid/md-noimsm.sh #usr/lib/dracut/modules.d/90mdraid/md-shutdown.sh #usr/lib/dracut/modules.d/90mdraid/mdmon-pre-shutdown.sh #usr/lib/dracut/modules.d/90mdraid/mdmon-pre-udev.sh @@ -51,11 +108,45 @@ usr/lib/dracut #usr/lib/dracut/modules.d/90mdraid/mdraid_start.sh #usr/lib/dracut/modules.d/90mdraid/module-setup.sh #usr/lib/dracut/modules.d/90mdraid/parse-md.sh +#usr/lib/dracut/modules.d/90nvdimm +#usr/lib/dracut/modules.d/90nvdimm/module-setup.sh +#usr/lib/dracut/modules.d/90ppcmac +#usr/lib/dracut/modules.d/90ppcmac/load-thermal.sh +#usr/lib/dracut/modules.d/90ppcmac/module-setup.sh +#usr/lib/dracut/modules.d/91fido2 +#usr/lib/dracut/modules.d/91fido2/module-setup.sh +#usr/lib/dracut/modules.d/91pcsc +#usr/lib/dracut/modules.d/91pcsc/module-setup.sh +#usr/lib/dracut/modules.d/91pcsc/pcscd.service +#usr/lib/dracut/modules.d/91pcsc/pcscd.socket +#usr/lib/dracut/modules.d/91pkcs11 +#usr/lib/dracut/modules.d/91pkcs11/module-setup.sh +#usr/lib/dracut/modules.d/91tpm2-tss +#usr/lib/dracut/modules.d/91tpm2-tss/module-setup.sh +#usr/lib/dracut/modules.d/91zipl +#usr/lib/dracut/modules.d/91zipl/install_zipl_cmdline.sh +#usr/lib/dracut/modules.d/91zipl/module-setup.sh +#usr/lib/dracut/modules.d/91zipl/parse-zipl.sh +#usr/lib/dracut/modules.d/95dcssblk +#usr/lib/dracut/modules.d/95dcssblk/module-setup.sh +#usr/lib/dracut/modules.d/95dcssblk/parse-dcssblk.sh #usr/lib/dracut/modules.d/95debug #usr/lib/dracut/modules.d/95debug/module-setup.sh #usr/lib/dracut/modules.d/95fstab-sys #usr/lib/dracut/modules.d/95fstab-sys/module-setup.sh #usr/lib/dracut/modules.d/95fstab-sys/mount-sys.sh +#usr/lib/dracut/modules.d/95lunmask +#usr/lib/dracut/modules.d/95lunmask/fc_transport_scan_lun.sh +#usr/lib/dracut/modules.d/95lunmask/module-setup.sh +#usr/lib/dracut/modules.d/95lunmask/parse-lunmask.sh +#usr/lib/dracut/modules.d/95lunmask/sas_transport_scan_lun.sh +#usr/lib/dracut/modules.d/95nvmf +#usr/lib/dracut/modules.d/95nvmf/95-nvmf-initqueue.rules +#usr/lib/dracut/modules.d/95nvmf/module-setup.sh +#usr/lib/dracut/modules.d/95nvmf/nvmf-autoconnect.sh +#usr/lib/dracut/modules.d/95nvmf/parse-nvmf-boot-connections.sh +#usr/lib/dracut/modules.d/95qeth_rules +#usr/lib/dracut/modules.d/95qeth_rules/module-setup.sh #usr/lib/dracut/modules.d/95rootfs-block #usr/lib/dracut/modules.d/95rootfs-block/block-genrules.sh #usr/lib/dracut/modules.d/95rootfs-block/module-setup.sh @@ -76,6 +167,7 @@ usr/lib/dracut #usr/lib/dracut/modules.d/98integrity #usr/lib/dracut/modules.d/98integrity/README #usr/lib/dracut/modules.d/98integrity/evm-enable.sh +#usr/lib/dracut/modules.d/98integrity/ima-keys-load.sh #usr/lib/dracut/modules.d/98integrity/ima-policy-load.sh #usr/lib/dracut/modules.d/98integrity/module-setup.sh #usr/lib/dracut/modules.d/98pollcdrom @@ -89,8 +181,8 @@ usr/lib/dracut #usr/lib/dracut/modules.d/98syslog/rsyslogd-start.sh #usr/lib/dracut/modules.d/98syslog/rsyslogd-stop.sh #usr/lib/dracut/modules.d/98syslog/syslog-cleanup.sh -#usr/lib/dracut/modules.d/98syslog/syslog-genrules.sh #usr/lib/dracut/modules.d/99base +#usr/lib/dracut/modules.d/99base/dracut-dev-lib.sh #usr/lib/dracut/modules.d/99base/dracut-lib.sh #usr/lib/dracut/modules.d/99base/init.sh #usr/lib/dracut/modules.d/99base/initqueue.sh @@ -104,9 +196,17 @@ usr/lib/dracut #usr/lib/dracut/modules.d/99img-lib #usr/lib/dracut/modules.d/99img-lib/img-lib.sh #usr/lib/dracut/modules.d/99img-lib/module-setup.sh +#usr/lib/dracut/modules.d/99memstrack +#usr/lib/dracut/modules.d/99memstrack/memstrack-report.sh +#usr/lib/dracut/modules.d/99memstrack/memstrack-start.sh +#usr/lib/dracut/modules.d/99memstrack/memstrack.service +#usr/lib/dracut/modules.d/99memstrack/module-setup.sh #usr/lib/dracut/modules.d/99shutdown #usr/lib/dracut/modules.d/99shutdown/module-setup.sh #usr/lib/dracut/modules.d/99shutdown/shutdown.sh +#usr/lib/dracut/modules.d/99squash +#usr/lib/dracut/modules.d/99squash/init-squash.sh +#usr/lib/dracut/modules.d/99squash/module-setup.sh #usr/lib/dracut/skipcpio #usr/lib/kernel #usr/lib/kernel/install.d @@ -130,5 +230,4 @@ usr/lib/dracut #usr/share/man/man8/dracut-pre-udev.service.8 #usr/share/man/man8/dracut-shutdown.service.8 #usr/share/man/man8/dracut.8 -#usr/share/man/man8/mkinitrd-suse.8 -#usr/share/man/man8/mkinitrd.8 +#usr/share/pkgconfig/dracut.pc diff --git a/lfs/dracut b/lfs/dracut index c4f7231b1..6bf5825a6 100644 --- a/lfs/dracut +++ b/lfs/dracut @@ -1,7 +1,7 @@ ############################################################################### # # # IPFire.org - A linux based firewall # -# Copyright (C) 2007-2018 IPFire Team <info(a)ipfire.org> # +# Copyright (C) 2007-2022 IPFire Team <info(a)ipfire.org> # # # # This program is free software: you can redistribute it and/or modify # # it under the terms of the GNU General Public License as published by # @@ -24,7 +24,7 @@ include Config -VER = 038 +VER = 056 THISAPP = dracut-$(VER) DL_FILE = $(THISAPP).tar.xz @@ -40,7 +40,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_MD5 = 4487bd98000cc536c5c3839a2f112831 +$(DL_FILE)_MD5 = 17d51f3ccc3a3a790bab6da0355ca4c2 install : $(TARGET) @@ -70,9 +70,10 @@ $(subst %,%_MD5,$(objects)) : $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) @$(PREBUILD) @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar axf $(DIR_DL)/$(DL_FILE) - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-038-always-enable-mdraid.patch - cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-038_add_hyperv-keyboard_and_sdhci-pci.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-056-always-enable-mdraid.patch + cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/dracut-056_add_hyperv-keyboard_and_sdhci-pci.patch + cd $(DIR_APP) && ./configure --prefix=/usr --sbindir=/sbin --sysconfdir=/etc cd $(DIR_APP) && make $(MAKETUNING) cd $(DIR_APP) && make install sbindir=/sbin sysconfdir=/etc diff --git a/src/patches/dracut-038-always-enable-mdraid.patch b/src/patches/dracut-038-always-enable-mdraid.patch deleted file mode 100644 index a65e59a8a..000000000 --- a/src/patches/dracut-038-always-enable-mdraid.patch +++ /dev/null @@ -1,55 +0,0 @@ -diff --git a/modules.d/90mdraid/parse-md.sh b/modules.d/90mdraid/parse-md.sh -index dd7bda2..7bc944c 100755 ---- a/modules.d/90mdraid/parse-md.sh -+++ b/modules.d/90mdraid/parse-md.sh -@@ -4,32 +4,26 @@ - - MD_UUID=$(getargs rd.md.uuid -d rd_MD_UUID=) - --if ( ! [ -n "$MD_UUID" ] && ! getargbool 0 rd.auto ) || ! getargbool 1 rd.md -d -n rd_NO_MD; then -- info "rd.md=0: removing MD RAID activation" -- udevproperty rd_NO_MD=1 --else -- # rewrite the md rules to only process the specified raid array -- if [ -n "$MD_UUID" ]; then -- for f in /etc/udev/rules.d/65-md-incremental*.rules; do -- [ -e "$f" ] || continue -- while read line; do -- if [ "${line%%UUID CHECK}" != "$line" ]; then -- printf 'IMPORT{program}="/sbin/mdadm --examine --export $tempnode"\n' -- for uuid in $MD_UUID; do -- printf 'ENV{MD_UUID}=="%s", GOTO="md_uuid_ok"\n' $uuid -- done; -- printf 'GOTO="md_end"\n' -- printf 'LABEL="md_uuid_ok"\n' -- else -- echo "$line" -- fi -- done < "${f}" > "${f}.new" -- mv "${f}.new" "$f" -- done -- fi -+# rewrite the md rules to only process the specified raid array -+if [ -n "$MD_UUID" ]; then -+ for f in /etc/udev/rules.d/65-md-incremental*.rules; do -+ [ -e "$f" ] || continue -+ while read line; do -+ if [ "${line%%UUID CHECK}" != "$line" ]; then -+ printf 'IMPORT{program}="/sbin/mdadm --examine --export $tempnode"\n' -+ for uuid in $MD_UUID; do -+ printf 'ENV{MD_UUID}=="%s", GOTO="md_uuid_ok"\n' $uuid -+ done; -+ printf 'GOTO="md_end"\n' -+ printf 'LABEL="md_uuid_ok"\n' -+ else -+ echo "$line" -+ fi -+ done < "${f}" > "${f}.new" -+ mv "${f}.new" "$f" -+ done - fi - -- - if [ -e /etc/mdadm.conf ] && getargbool 1 rd.md.conf -d -n rd_NO_MDADMCONF; then - udevproperty rd_MDADMCONF=1 - rm -f -- $hookdir/pre-pivot/*mdraid-cleanup.sh diff --git a/src/patches/dracut-038_add_hyperv-keyboard_and_sdhci-pci.patch b/src/patches/dracut-038_add_hyperv-keyboard_and_sdhci-pci.patch deleted file mode 100644 index 19ed15fd3..000000000 --- a/src/patches/dracut-038_add_hyperv-keyboard_and_sdhci-pci.patch +++ /dev/null @@ -1,12 +0,0 @@ -diff -Naur dracut-038.org/modules.d/90kernel-modules/module-setup.sh dracut-038/modules.d/90kernel-modules/module-setup.sh ---- dracut-038.org/modules.d/90kernel-modules/module-setup.sh 2014-06-30 12:03:12.000000000 +0200 -+++ dracut-038/modules.d/90kernel-modules/module-setup.sh 2015-05-05 14:58:56.820197839 +0200 -@@ -47,7 +47,7 @@ - atkbd i8042 usbhid hid-apple hid-sunplus hid-cherry hid-logitech \ - hid-logitech-dj hid-microsoft firewire-ohci \ - pcmcia usb_storage nvme hid-hyperv hv-vmbus \ -- sdhci_acpi -+ hyperv-keyboard sdhci_acpi sdhci_pci - - if [[ "$(uname -p)" == arm* ]]; then - # arm specific modules diff --git a/src/patches/dracut-056-always-enable-mdraid.patch b/src/patches/dracut-056-always-enable-mdraid.patch new file mode 100644 index 000000000..f293a7f75 --- /dev/null +++ b/src/patches/dracut-056-always-enable-mdraid.patch @@ -0,0 +1,68 @@ +diff --git a/modules.d/90mdraid/parse-md.sh b/modules.d/90mdraid/parse-md.sh +index c75e5f70f..9be292d75 100755 +--- a/modules.d/90mdraid/parse-md.sh ++++ b/modules.d/90mdraid/parse-md.sh +@@ -7,37 +7,32 @@ MD_UUID=$(getargs rd.md.uuid -d rd_MD_UUID=) + MD_UUID=$(str_replace "$MD_UUID" "-" "") + MD_UUID=$(str_replace "$MD_UUID" ":" "") + +-if { [ -z "$MD_UUID" ] && ! getargbool 0 rd.auto; } || ! getargbool 1 rd.md -d -n rd_NO_MD; then +- info "rd.md=0: removing MD RAID activation" +- udevproperty rd_NO_MD=1 +-else +- # rewrite the md rules to only process the specified raid array +- if [ -n "$MD_UUID" ]; then +- for f in /etc/udev/rules.d/65-md-incremental*.rules; do +- [ -e "$f" ] || continue +- while read -r line || [ -n "$line" ]; do +- if [ "${line%%UUID CHECK}" != "$line" ]; then +- for uuid in $MD_UUID; do +- printf 'ENV{ID_FS_UUID}=="%s", GOTO="md_uuid_ok"\n' "$(expr substr "$uuid" 1 8)-$(expr substr "$uuid" 9 4)-$(expr substr "$uuid" 13 4)-$(expr substr "$uuid" 17 4)-$(expr substr "$uuid" 21 12)" +- done +- # shellcheck disable=SC2016 +- printf 'IMPORT{program}="/sbin/mdadm --examine --export $tempnode"\n' +- for uuid in $MD_UUID; do +- printf 'ENV{MD_UUID}=="%s", GOTO="md_uuid_ok"\n' "$(expr substr "$uuid" 1 8):$(expr substr "$uuid" 9 8):$(expr substr "$uuid" 17 8):$(expr substr "$uuid" 25 8)" +- done +- printf 'GOTO="md_end"\n' +- printf 'LABEL="md_uuid_ok"\n' +- else +- echo "$line" +- fi +- done < "${f}" > "${f}.new" +- mv "${f}.new" "$f" +- done +- for uuid in $MD_UUID; do +- uuid="$(expr substr "$uuid" 1 8):$(expr substr "$uuid" 9 8):$(expr substr "$uuid" 17 8):$(expr substr "$uuid" 25 8)" +- wait_for_dev "/dev/disk/by-id/md-uuid-${uuid}" +- done +- fi ++# rewrite the md rules to only process the specified raid array ++if [ -n "$MD_UUID" ]; then ++ for f in /etc/udev/rules.d/65-md-incremental*.rules; do ++ [ -e "$f" ] || continue ++ while read -r line || [ -n "$line" ]; do ++ if [ "${line%%UUID CHECK}" != "$line" ]; then ++ for uuid in $MD_UUID; do ++ printf 'ENV{ID_FS_UUID}=="%s", GOTO="md_uuid_ok"\n' "$(expr substr "$uuid" 1 8)-$(expr substr "$uuid" 9 4)-$(expr substr "$uuid" 13 4)-$(expr substr "$uuid" 17 4)-$(expr substr "$uuid" 21 12)" ++ done ++ # shellcheck disable=SC2016 ++ printf 'IMPORT{program}="/sbin/mdadm --examine --export $tempnode"\n' ++ for uuid in $MD_UUID; do ++ printf 'ENV{MD_UUID}=="%s", GOTO="md_uuid_ok"\n' "$(expr substr "$uuid" 1 8):$(expr substr "$uuid" 9 8):$(expr substr "$uuid" 17 8):$(expr substr "$uuid" 25 8)" ++ done ++ printf 'GOTO="md_end"\n' ++ printf 'LABEL="md_uuid_ok"\n' ++ else ++ echo "$line" ++ fi ++ done < "${f}" > "${f}.new" ++ mv "${f}.new" "$f" ++ done ++ for uuid in $MD_UUID; do ++ uuid="$(expr substr "$uuid" 1 8):$(expr substr "$uuid" 9 8):$(expr substr "$uuid" 17 8):$(expr substr "$uuid" 25 8)" ++ wait_for_dev "/dev/disk/by-id/md-uuid-${uuid}" ++ done + fi + + if [ -e /etc/mdadm.conf ] && getargbool 1 rd.md.conf -d -n rd_NO_MDADMCONF; then diff --git a/src/patches/dracut-056_add_hyperv-keyboard_and_sdhci-pci.patch b/src/patches/dracut-056_add_hyperv-keyboard_and_sdhci-pci.patch new file mode 100644 index 000000000..eb5e7c2f3 --- /dev/null +++ b/src/patches/dracut-056_add_hyperv-keyboard_and_sdhci-pci.patch @@ -0,0 +1,12 @@ +diff --git a/modules.d/90kernel-modules/module-setup.sh b/modules.d/90kernel-modules/module-setup.sh +index e2073a04f..7a96edb58 100755 +--- a/modules.d/90kernel-modules/module-setup.sh ++++ b/modules.d/90kernel-modules/module-setup.sh +@@ -66,6 +66,7 @@ installkernel() { + yenta_socket \ + atkbd i8042 usbhid firewire-ohci pcmcia hv-vmbus \ + virtio virtio_ring virtio_pci pci_hyperv \ ++ hyperv-keyboard sdhci_acpi sdhci_pci \ + "=drivers/pcmcia" + + if [[ ${DRACUT_ARCH:-$(uname -m)} == arm* || ${DRACUT_ARCH:-$(uname -m)} == aarch64 || ${DRACUT_ARCH:-$(uname -m)} == riscv* ]]; then -- 2.34.1

2 1

[PATCH] installer: Remove support for ReiserFS
by Michael Tremer 03 Mar '22

03 Mar '22

https://lore.kernel.org/lkml/YhIwUEpymVzmytdp@casper.infradead.org/ ReiserFS is an old file system which has not been actively maintained in the Linux kernel for a long time. It is potentially going to be removed soon which is why we shouldn't encourage people to create new installations with ReiserFS any more. This patch removes support for ReiserFS from the installer. We should keep it enabled in the kernel for as long as it is available, but we will have to encourage users potentially to re-install on a different file system. Since ReiserFS isn't very popular any more, I don't think that there will be many users left. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> --- src/installer/dracut-module/module-setup.sh | 4 ++-- src/installer/hw.c | 7 ------- src/installer/hw.h | 9 ++++----- src/installer/main.c | 3 +-- 4 files changed, 7 insertions(+), 16 deletions(-) diff --git a/src/installer/dracut-module/module-setup.sh b/src/installer/dracut-module/module-setup.sh index c68b51d26..26a257cf8 100755 --- a/src/installer/dracut-module/module-setup.sh +++ b/src/installer/dracut-module/module-setup.sh @@ -30,8 +30,8 @@ install() { instmods virtio_net hv_netvsc vmxnet3 # Filesystem support - inst_multiple parted mkswap mke2fs mkreiserfs mkfs.xfs mkfs.vfat - instmods ext4 iso9660 reiserfs vfat xfs ntfs3 + inst_multiple parted mkswap mke2fs mkfs.xfs mkfs.vfat + instmods ext4 iso9660 vfat xfs ntfs3 # Extraction inst_multiple tar gzip zstd diff --git a/src/installer/hw.c b/src/installer/hw.c index 17e0bbb01..5aa162266 100644 --- a/src/installer/hw.c +++ b/src/installer/hw.c @@ -811,9 +811,6 @@ static int hw_format_filesystem(const char* path, int fs, const char* output) { // Swap if (fs == HW_FS_SWAP) { snprintf(cmd, sizeof(cmd), "/sbin/mkswap -v1 %s &>/dev/null", path); - // ReiserFS - } else if (fs == HW_FS_REISERFS) { - snprintf(cmd, sizeof(cmd), "/sbin/mkreiserfs -f %s ", path); // EXT4 } else if (fs == HW_FS_EXT4) { @@ -878,10 +875,6 @@ int hw_mount_filesystems(struct hw_destination* dest, const char* prefix) { const char* filesystem; switch (dest->filesystem) { - case HW_FS_REISERFS: - filesystem = "reiserfs"; - break; - case HW_FS_EXT4: case HW_FS_EXT4_WO_JOURNAL: filesystem = "ext4"; diff --git a/src/installer/hw.h b/src/installer/hw.h index b11dfa48f..6a7f23aa7 100644 --- a/src/installer/hw.h +++ b/src/installer/hw.h @@ -42,11 +42,10 @@ #define HW_PART_TABLE_GPT 1 #define HW_FS_SWAP 0 -#define HW_FS_REISERFS 1 -#define HW_FS_EXT4 2 -#define HW_FS_EXT4_WO_JOURNAL 3 -#define HW_FS_XFS 4 -#define HW_FS_FAT32 5 +#define HW_FS_EXT4 1 +#define HW_FS_EXT4_WO_JOURNAL 2 +#define HW_FS_XFS 3 +#define HW_FS_FAT32 4 #define HW_FS_DEFAULT HW_FS_EXT4 diff --git a/src/installer/main.c b/src/installer/main.c index b31b096a5..06dd9caf5 100644 --- a/src/installer/main.c +++ b/src/installer/main.c @@ -720,7 +720,6 @@ int main(int argc, char *argv[]) { { HW_FS_EXT4, _("ext4 Filesystem") }, { HW_FS_EXT4_WO_JOURNAL, _("ext4 Filesystem without journal") }, { HW_FS_XFS, _("XFS Filesystem") }, - { HW_FS_REISERFS, _("ReiserFS Filesystem") }, { 0, NULL }, }; unsigned int num_filesystems = sizeof(filesystems) / sizeof(*filesystems); @@ -735,7 +734,7 @@ int main(int argc, char *argv[]) { } rc = newtWinMenu(_("Filesystem Selection"), _("Please choose your filesystem:"), - 50, 5, 5, 6, fs_names, &fs_choice, _("OK"), _("Cancel"), NULL); + 50, 5, 5, 5, fs_names, &fs_choice, _("OK"), _("Cancel"), NULL); if (rc == 2) goto EXIT; -- 2.30.2

2 1

[PATCH v4 0/6] zabbix_agentd: Update to v5.0.21 (LTS)
by Robin Roevens 03 Mar '22

03 Mar '22

Hi All Another new version of this patchset, hopefulle removing all Michael's concerns about the earlier configfile handling. In the meantime yet another version of Zabbix was released, so the first patch is again a plain software update, now to v5.0.21. Second patch fixes a few small bugs from current pak like not backing up the modules dir that can contain user supplied binary modules. Nothing changed here. Third patch reorganizes how the Zabbix agent config files are installed on IPFire to ease future IPFire customizations seperately from user added configurations. - The main config file is now a custom one from IPFire, only containing the bare minimal config required. - Introduced a "mandatory" IPFire specific Zabbix configfile with settings required for correct integration of the agent in IPFire that should never be modified by the user. (pidfile, logfile, logrotation, location of user-managed directories) - Moved IPFire provided custom "userparameters" to /var/ipfire/... to make /etc/zabbix_agentd/zabbix_agentd.d completely user-managed. - Up to date vendor supplied configfile (with lots of documentation in it) is now deployed and overwritten on every install/update as 'zabbix_agentd.conf.example' as reference for the user. During an update, the current zabbix main config will remain as is, but "Include" lines will be added at the end to include the new IPFire configfiles. Also settings now moved to the IPFire managed "mandatory" config file are stripped from the current "user"-config. The fourth patch reorganizes how the sudoers files are installed. Previously there was one file 'zabbix' with sudo-rights required for the IPFire specific "userparameter" (pakfire status). And the user was encouraged both in the file and on the wiki to use that file if he wants to add commands himself for the agent to run as root. This prevents us, or at least makes it more dificult for us to add or modify command in the future without touching the user added commands. Now there are 2 sudoers files installed: - 'zabbix_agentd' - managed by IPFire with comment for user not to touch that file. And - 'zabbix_agent_user' - initially empty apart from comments, for users to add their own custom commands. As there where only ever 2 versions of the original sudoers file 'zabbix', during update it is checked if an existing 'zabbix' (or even older 'zabbix.user' file) is still original and untouched by the user (using md5). If so, it is plain removed as functionality is now in the new 'zabbix_agentd' sudoers file. If the file was ever modified by the user it is renamed to 'zabbix_agentd_user' so that user added commands will remain working. The fifth patch configured new zabbix_agentd installs to only listen on the GREEN interface. Don't see an immediate reason to let the agent listen on all interfaces as it does by default. Changes are the largest the the user will have his Zabbix server running somewhere in the GREEN network. And if not, this will at least let the user think about where to let the agent listen. The sixth patch adds additional IPFire specific metrics to the agent for the Zabbix Server to retrieve. Those will be documented on the wiki after this patch is accepted. Regards Robin -- Dit bericht is gescanned op virussen en andere gevaarlijke inhoud door MailScanner en lijkt schoon te zijn.

1 6

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

Development March 2022