IPFire-SCM November 2024

ipfire-scm@lists.ipfire.org

1 participants
8 discussions

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 28636c46cb541d583e8cc63ab9a4e5dca160d484
by Arne Fitzenreiter 09 Nov '24

09 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 28636c46cb541d583e8cc63ab9a4e5dca160d484 (commit) via ac7c2b8270096f3679b14f0e537a41b0eb37645f (commit) via e8b7c0bc3f1c5f1df17c7f117afb9fdd8f60ef62 (commit) from afd54bb41adb06a04659244793165ace7e53b324 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 28636c46cb541d583e8cc63ab9a4e5dca160d484 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Sat Nov 9 09:46:53 2024 +0100 collectd: fix errormessage on fresh installations the /etc/collectd.d/ folder must have at least one file in it so this add an file with a comment that custom configs should placed there. Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit ac7c2b8270096f3679b14f0e537a41b0eb37645f Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Sat Nov 9 09:46:24 2024 +0100 kernel: update to 6.6.60 Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit e8b7c0bc3f1c5f1df17c7f117afb9fdd8f60ef62 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Fri Nov 8 18:49:52 2024 +0100 networking/red: remove leftover debugging messages. Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 2 +- config/kernel/kernel.config.riscv64-ipfire | 2 +- config/kernel/kernel.config.x86_64-ipfire | 2 +- config/rootfiles/common/collectd | 3 ++- lfs/collectd | 1 + lfs/linux | 4 ++-- src/initscripts/networking/red | 2 -- 7 files changed, 8 insertions(+), 8 deletions(-) Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index f46465967..1642bdcd8 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.59 Kernel Configuration +# Linux/arm64 6.6.60 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.0" CONFIG_CC_IS_GCC=y diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire index d6c818876..639e8e8d5 100644 --- a/config/kernel/kernel.config.riscv64-ipfire +++ b/config/kernel/kernel.config.riscv64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/riscv 6.6.59 Kernel Configuration +# Linux/riscv 6.6.60 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.0" CONFIG_CC_IS_GCC=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index 11ad578fe..5ec0edab6 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.59 Kernel Configuration +# Linux/x86 6.6.60 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.0" CONFIG_CC_IS_GCC=y diff --git a/config/rootfiles/common/collectd b/config/rootfiles/common/collectd index c8a3ad607..be7bdf08e 100644 --- a/config/rootfiles/common/collectd +++ b/config/rootfiles/common/collectd @@ -2,7 +2,8 @@ etc/collectd.conf etc/collectd.precache etc/collectd.thermal etc/collectd.vpn -etc/collectd.d +#etc/collectd.d +etc/collectd.d/info etc/rc.d/rc0.d/K50collectd etc/rc.d/rc3.d/S29collectd etc/rc.d/rc6.d/K50collectd diff --git a/lfs/collectd b/lfs/collectd index 2438d2eaf..0abd91cc4 100644 --- a/lfs/collectd +++ b/lfs/collectd @@ -130,6 +130,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects)) --with-fp-layout=nothing cd $(DIR_APP) && make install #collectd-4 does not support parallel build mkdir /etc/collectd.d + echo "# Put custom configfiles in this folder" > /etc/collectd.d/info cp -vf $(DIR_SRC)/config/collectd/collectd.* /etc/ mv /etc/collectd.vpn /var/ipfire/ovpn/collectd.vpn chown nobody.nobody /var/ipfire/ovpn/collectd.vpn diff --git a/lfs/linux b/lfs/linux index 41f34a9ab..7d0869a16 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@ include Config -VER = 6.6.59 +VER = 6.6.60 THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -69,7 +69,7 @@ objects = \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = a280cffe2a9efa3cad8bc850c9b57486811fa2cc5abc29ae47d712f0f145c6d9bbe6686eb777d87882781d10b8f1d89dedd158c8f7991aeff04e473cbceea900 +$(DL_FILE)_BLAKE2 = 82e39bb4f9abe204c6361152fdeb5ad2ccfeec478f0af20ab795dd52271b159bcfe2d4aea32cd505a567a0bed64cb10b988283548ddaa5cbbe014117970e3318 install : $(TARGET) diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red index 72b9bf0cf..2a5f06b4e 100644 --- a/src/initscripts/networking/red +++ b/src/initscripts/networking/red @@ -180,8 +180,6 @@ case "${1}" in ;; esac - echo dhcpcd_start "${DEVICE}" "${DHCPCD_ARGS[@]}" - if [ -z "${pid}" ]; then # No wpa_supplicant is running. So it's save to start dhcpcd. dhcpcd_start "${DEVICE}" "${DHCPCD_ARGS[@]}" hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. afd54bb41adb06a04659244793165ace7e53b324
by Arne Fitzenreiter 06 Nov '24

06 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via afd54bb41adb06a04659244793165ace7e53b324 (commit) from 3cf9dba6b4d36d320a8994820569f200c03f1d36 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit afd54bb41adb06a04659244793165ace7e53b324 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Wed Nov 6 11:49:11 2024 +0100 hostapd: fix start/stop buttons Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: html/cgi-bin/wlanap.cgi | 4 ++-- lfs/hostapd | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) Difference in files: diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index a5d4d8d80..112399283 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -107,11 +107,11 @@ if ($cgiparams{'ACTION'} eq "$Lang::tr{'save'}") { } # Start -} elsif ($wlanapsettings{'ACTION'} eq "$Lang::tr{'start'}") { +} elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'start'}") { &General::system("/usr/local/bin/wlanapctrl", "start"); # Stop -} elsif ($wlanapsettings{'ACTION'} eq "$Lang::tr{'stop'}") { +} elsif ($cgiparams{'ACTION'} eq "$Lang::tr{'stop'}") { &General::system("/usr/local/bin/wlanapctrl", "stop"); } diff --git a/lfs/hostapd b/lfs/hostapd index 543cc34e2..c63884c04 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 67 +PAK_VER = 68 DEPS = hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3cf9dba6b4d36d320a8994820569f200c03f1d36
by Arne Fitzenreiter 05 Nov '24

05 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 3cf9dba6b4d36d320a8994820569f200c03f1d36 (commit) from 6ccbd48aa9b999880c5944e9c1eb2bb1dca81b13 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3cf9dba6b4d36d320a8994820569f200c03f1d36 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Tue Nov 5 17:48:17 2024 +0100 network-functions: fix add newline in $wireless_status with the other syntax perl suggest this change. Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/cfgroot/network-functions.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) Difference in files: diff --git a/config/cfgroot/network-functions.pl b/config/cfgroot/network-functions.pl index 37eaf69cc..37a436253 100644 --- a/config/cfgroot/network-functions.pl +++ b/config/cfgroot/network-functions.pl @@ -438,7 +438,7 @@ sub _get_wireless_status($) { my $intf = shift; if (!$wireless_status{$intf}) { - $wireless_status{$intf} = join(/\n/, &General::system_output("iw", "dev", "$intf", "link")); + $wireless_status{$intf} = join("\n", &General::system_output("iw", "dev", "$intf", "link")); } return $wireless_status{$intf}; hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 6ccbd48aa9b999880c5944e9c1eb2bb1dca81b13
by Arne Fitzenreiter 05 Nov '24

05 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 6ccbd48aa9b999880c5944e9c1eb2bb1dca81b13 (commit) via 2be32bfb99176062ad0ec4649578cf6e6c79bc88 (commit) via 76b6bc3e9d4a40624c2bc80b5f408844359346ba (commit) from 57853da08b5dbc722df4c38d6ef33a39d97242e1 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 6ccbd48aa9b999880c5944e9c1eb2bb1dca81b13 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Tue Nov 5 14:34:35 2024 +0100 core190: ship intel-microcode Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 2be32bfb99176062ad0ec4649578cf6e6c79bc88 Author: Adolf Belka <adolf.belka(a)ipfire.org> Date: Wed Oct 30 14:28:38 2024 +0100 intel-microcode: Update to version 20241029 - Update from version 20240910 to 20241029 - Update of rootfile not required - Changelog 20241029 Update for functional issues. Refer to 14th/13th Generation Intel® Core™ Processor Specification Update for details at https://cdrdv2.intel.com/v1/dl/getContent/740518 Updated Platforms Processor Stepping F-M-S/PI Old Ver New Ver Products RPL-E/HX/S B0 06-b7-01/32 00000129 0000012b Core Gen13/Gen14 Signed-off-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 76b6bc3e9d4a40624c2bc80b5f408844359346ba Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Mon Oct 21 17:03:06 2024 +0000 suricata: Explicitly ignore IPsec traffic unless enabled Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: .../121 => core/190}/filelists/x86_64/intel-microcode | 0 lfs/intel-microcode | 4 ++-- src/initscripts/system/suricata | 12 ++++++++++++ 3 files changed, 14 insertions(+), 2 deletions(-) copy config/rootfiles/{oldcore/121 => core/190}/filelists/x86_64/intel-microcode (100%) Difference in files: diff --git a/config/rootfiles/core/190/filelists/x86_64/intel-microcode b/config/rootfiles/core/190/filelists/x86_64/intel-microcode new file mode 120000 index 0000000000..d5ac074e2e --- /dev/null +++ b/config/rootfiles/core/190/filelists/x86_64/intel-microcode @@ -0,0 +1 @@ +../../../../common/x86_64/intel-microcode \ No newline at end of file diff --git a/lfs/intel-microcode b/lfs/intel-microcode index 7b77c25432..1d14b0524b 100644 --- a/lfs/intel-microcode +++ b/lfs/intel-microcode @@ -24,7 +24,7 @@ include Config -VER = 20240910 +VER = 20241029 THISAPP = Intel-Linux-Processor-Microcode-Data-Files-microcode-$(VER) DL_FILE = $(THISAPP).tar.gz @@ -41,7 +41,7 @@ objects = $(DL_FILE) $(DL_FILE) = $(DL_FROM)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = b4c353dd340ef8004e5be2e596de0ebaf8366684a3371207e14d3d8c0e4bbdc5a9c75d8279d280d1029452368556a0c2e7bf85f3fe75f1b1560e16c953f223b7 +$(DL_FILE)_BLAKE2 = 22b6b4a4a667e972da6663195bd22facb2473fb6204936f1f548529f2fb03eb4d8c8ec7c87cb3fa51f9845a26e738df245da97e3459127c7352d16bffb9482b2 install : $(TARGET) diff --git a/src/initscripts/system/suricata b/src/initscripts/system/suricata index a753e32e68..a0f6079712 100644 --- a/src/initscripts/system/suricata +++ b/src/initscripts/system/suricata @@ -111,6 +111,18 @@ generate_fw_rules() { if [ "${!status}" = "on" ]; then # Handle IPsec packets case "${zone}" in + RED) + # If IPsec is not enabled, skip everything that is IPsec traffic + if [ "${ENABLE_IDS_IPSEC}" != "on" ]; then + for intf in $(network_get_intfs "${zone}"); do + iptables -w -t mangle -A IPS_SCAN_IN \ + -i "${intf}" -m policy --pol ipsec --dir in -j RETURN + iptables -w -t mangle -A IPS_SCAN_OUT \ + -o "${intf}" -m policy --pol ipsec --dir out -j RETURN + done + fi + ;; + IPSEC) iptables -w -t mangle -A IPS_SCAN_IN \ -m policy --pol ipsec --dir in -j MARK --set-mark "$(( IPS_SCAN_MARK ))/$(( IPS_SCAN_MASK ))" hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 57853da08b5dbc722df4c38d6ef33a39d97242e1
by Arne Fitzenreiter 05 Nov '24

05 Nov '24

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 3a924196805eb3a0a93006b316583609d7e8148b
by Arne Fitzenreiter 05 Nov '24

05 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 3a924196805eb3a0a93006b316583609d7e8148b (commit) via e595fa11768287b239d049346b6370a0fa23fd3e (commit) via 131bcfa999179f58b8d44d871b299747607286be (commit) via a81eefa265610d4129961979182bf8a8bb6230f9 (commit) via 17a9ad2f52e908c82929a5907f9e436b552c2ef0 (commit) via 74849f68c9bdc827452957a67e30bbd462494a3d (commit) via c6282b001bd2723f554e77f51f224adce5be4156 (commit) from 7350feee58b0e190c9a07b1b65580e730053878e (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 3a924196805eb3a0a93006b316583609d7e8148b Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Tue Nov 5 09:13:56 2024 +0100 core190: ship unbound-dhcp-leases-bridge Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit e595fa11768287b239d049346b6370a0fa23fd3e Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Mon Oct 21 16:38:49 2024 +0000 unbound-dhcp-leases-bridge: Fix expiry check on leases Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 131bcfa999179f58b8d44d871b299747607286be Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Mon Oct 21 16:38:48 2024 +0000 unbound-dhcp-leases-bridge: Don't overwrite static leases When we import all static leases, their remark will be used as hostname (because WTF?) and might be overwritten if the device is not sending any or even the same hostname. This patch avoids that static leases will be modified. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit a81eefa265610d4129961979182bf8a8bb6230f9 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Mon Oct 21 16:38:47 2024 +0000 unbound-dhcp-leases-bridge: Fix typo Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 17a9ad2f52e908c82929a5907f9e436b552c2ef0 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Mon Oct 21 16:38:46 2024 +0000 unbound-dhcp-leases-bridge: Don't export expired leases to Unbound Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Reviewed-by: Bernhard Bitsch <bbitsch(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 74849f68c9bdc827452957a67e30bbd462494a3d Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Tue Nov 5 09:10:01 2024 +0100 core190: ship dhcp client changes Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit c6282b001bd2723f554e77f51f224adce5be4156 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Wed Oct 16 10:47:17 2024 +0000 networking: Allow changing DHCP Option Rapid Commit This option needs to be configurable since some (braindead) ISPs have started running broken DHCP servers to be bug-compatible with cheap broken plastic routers. By default we keep this option enabled, but it can now be turned off whenever needed. Suggested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Tested-by: Adolf Belka <adolf.belka(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/dhcpc/dhcpcd.conf | 5 ---- config/rootfiles/core/190/filelists/files | 4 +++ config/unbound/unbound-dhcp-leases-bridge | 18 ++++++++---- src/initscripts/networking/red | 13 ++++++++- src/setup/netstuff.c | 47 +++++++++++++++++++++++++------ 5 files changed, 66 insertions(+), 21 deletions(-) Difference in files: diff --git a/config/dhcpc/dhcpcd.conf b/config/dhcpc/dhcpcd.conf index 062e3c975b..b46c85caba 100644 --- a/config/dhcpc/dhcpcd.conf +++ b/config/dhcpc/dhcpcd.conf @@ -37,11 +37,6 @@ option host_name # Most distributions have NTP support. option ntp_servers -# Rapid commit support. -# Safe to enable by default because it requires the equivalent option set -# on the server to actually work. -option rapid_commit - # A ServerID is required by RFC2131. require dhcp_server_identifier diff --git a/config/rootfiles/core/190/filelists/files b/config/rootfiles/core/190/filelists/files index 4b65efd1d7..f25c5f8577 100644 --- a/config/rootfiles/core/190/filelists/files +++ b/config/rootfiles/core/190/filelists/files @@ -11,6 +11,7 @@ etc/rc.d/init.d/cleanfs etc/rc.d/init.d/collectd etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/functions.network +etc/rc.d/init.d/networking/red etc/rc.d/init.d/squid etc/rc.d/init.d/suricata lib/udev/network-hotplug-bridges @@ -25,6 +26,9 @@ usr/lib/firewall/rules.pl usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib.pm usr/local/bin/openvpnctrl usr/local/bin/sshctrl +usr/sbin/unbound-dhcp-leases-bridge +usr/sbin/setup var/ipfire/backup/include +var/ipfire/dhcpc/dhcpcd.conf var/ipfire/graphs.pl var/ipfire/network-functions.pl diff --git a/config/unbound/unbound-dhcp-leases-bridge b/config/unbound/unbound-dhcp-leases-bridge index 986fae2d24..4a6f9587f8 100644 --- a/config/unbound/unbound-dhcp-leases-bridge +++ b/config/unbound/unbound-dhcp-leases-bridge @@ -216,6 +216,11 @@ class UnboundDHCPLeasesBridge(object): # Find the old lease old_lease = self._find_lease(address) + # Don't update fixed leases as they might clear the hostname + if old_lease and old_lease.fixed: + log.debug("Won't update fixed lease %s" % old_lease) + return + # Create a new lease lease = Lease(address, { "client-hostname" : name, @@ -276,12 +281,12 @@ class UnboundDHCPLeasesBridge(object): if lease.has_expired(): log.debug(" Expired") - self.unbound.update_dhcp_leases(self.leases) + self.unbound.update_dhcp_leases([l for l in self.leases if not l.has_expired()]) def _add_lease(self, lease): - # Skip leases without an FQDN + # Skip leases without a FQDN if not lease.fqdn: - log.debug("Skipping lease without an FQDN: %s" % lease) + log.debug("Skipping lease without a FQDN: %s" % lease) return # Skip any leases that also are a static host @@ -581,19 +586,20 @@ class FixLeases(object): "client-hostname" : hostname, "starts" : now.strftime("%w %Y/%m/%d %H:%M:%S"), "ends" : "never", - }) + }, fixed=True) leases.append(l) return leases class Lease(object): - def __init__(self, ipaddr, properties): + def __init__(self, ipaddr, properties, fixed=False): if not isinstance(ipaddr, ipaddress.IPv4Address): ipaddr = ipaddress.IPv4Address(ipaddr) self.ipaddr = ipaddr self._properties = properties + self.fixed = fixed def __repr__(self): return "<%s for %s (%s)>" % (self.__class__.__name__, self.ipaddr, self.hostname) @@ -711,7 +717,7 @@ class Lease(object): if not self.time_ends: return self.time_starts > datetime.datetime.utcnow() - return self.time_starts > datetime.datetime.utcnow() > self.time_ends + return not self.time_starts < datetime.datetime.utcnow() < self.time_ends @property def rrset(self): diff --git a/src/initscripts/networking/red b/src/initscripts/networking/red index 34ee8cc581..72b9bf0cf3 100644 --- a/src/initscripts/networking/red +++ b/src/initscripts/networking/red @@ -171,9 +171,20 @@ case "${1}" in # To determine this we check if a wpa_supplicant is running. pid="$(pidof wpa_supplicant)" + DHCPCD_ARGS=() + + # Enable Rapid Commit (enabled by default) + case "${RED_DHCP_RAPID_COMMIT}" in + ""|yes|true|on) + DHCPCD_ARGS+=( "--option" "rapid_commit" ) + ;; + esac + + echo dhcpcd_start "${DEVICE}" "${DHCPCD_ARGS[@]}" + if [ -z "${pid}" ]; then # No wpa_supplicant is running. So it's save to start dhcpcd. - dhcpcd_start "${DEVICE}" + dhcpcd_start "${DEVICE}" "${DHCPCD_ARGS[@]}" fi elif [ "$TYPE" == "PPPOE" ]; then diff --git a/src/setup/netstuff.c b/src/setup/netstuff.c index 60e27242ff..602ef97f5f 100644 --- a/src/setup/netstuff.c +++ b/src/setup/netstuff.c @@ -37,6 +37,7 @@ newtComponent dhcptyperadio; newtComponent pppoetyperadio; newtComponent dhcphostnameentry; newtComponent dhcpforcemtuentry; +newtComponent dhcprapidcommitentry; /* acceptable character filter for IP and netmaks entry boxes */ static int ip_input_filter(newtComponent entry, void * data, int ch, int cursor) @@ -64,6 +65,7 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, newtComponent gatewaylabel; newtComponent dhcphostnamelabel; newtComponent dhcpforcemtulabel; + newtComponent dhcprapidcommitlabel; newtComponent ok, cancel; char message[1000]; char temp[STRING_SIZE]; @@ -73,6 +75,8 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, char typefield[STRING_SIZE]; char dhcphostnamefield[STRING_SIZE]; char dhcpforcemtufield[STRING_SIZE]; + char dhcprapidcommitfield[STRING_SIZE]; + char enablerapidcommit; int error; int result = 0; char type[STRING_SIZE]; @@ -88,9 +92,10 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, sprintf(typefield, "%s_TYPE", colour); sprintf(dhcphostnamefield, "%s_DHCP_HOSTNAME", colour); sprintf(dhcpforcemtufield, "%s_DHCP_FORCE_MTU", colour); + sprintf(dhcprapidcommitfield, "%s_DHCP_RAPID_COMMIT", colour); sprintf(message, _("Interface - %s"), colour); - newtCenteredWindow(44, (typeflag ? 19 : 12), message); + newtCenteredWindow(44, (typeflag ? 20 : 12), message); networkform = newtForm(NULL, NULL, 0); @@ -102,6 +107,15 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, * of the window down two rows to make room. */ if (typeflag) { + *temp = '\0'; + + // Find RapidCommit setting + findkey(kv, dhcprapidcommitfield, temp); + if (strcmp(temp, "yes") == 0 || strcmp(temp, "true") == 0 || strcmp(temp, "on") == 0 || strcmp(temp, "") == 0) + enablerapidcommit = '*'; + else + enablerapidcommit = ' '; + strcpy(temp, "STATIC"); findkey(kv, typefield, temp); if (strcmp(temp, "STATIC") == 0) startstatictype = 1; if (strcmp(temp, "DHCP") == 0) startdhcptype = 1; @@ -119,28 +133,35 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, newtTextboxSetText(dhcphostnamelabel, _("DHCP Hostname:")); dhcpforcemtulabel = newtTextbox(2, 9, 18, 1, 0); newtTextboxSetText(dhcpforcemtulabel, _("Force DHCP MTU:")); + dhcprapidcommitlabel = newtTextbox(2, 10, 18, 1, 0); + newtTextboxSetText(dhcprapidcommitlabel, _("Rapid Commit:")); strcpy(temp, defaultdhcphostname); findkey(kv, dhcphostnamefield, temp); dhcphostnameentry = newtEntry(20, 8, temp, 20, &dhcphostnameresult, 0); strcpy(temp, ""); findkey(kv, dhcpforcemtufield, temp); dhcpforcemtuentry = newtEntry(20, 9, temp, 20, &dhcpforcemturesult, 0); + dhcprapidcommitentry = newtCheckbox(20, 10, "", enablerapidcommit, " *", &enablerapidcommit); + newtComponentAddCallback(dhcprapidcommitentry, networkdialogcallbacktype, NULL); newtFormAddComponent(networkform, dhcphostnamelabel); newtFormAddComponent(networkform, dhcphostnameentry); newtFormAddComponent(networkform, dhcpforcemtulabel); newtFormAddComponent(networkform, dhcpforcemtuentry); + newtFormAddComponent(networkform, dhcprapidcommitlabel); + newtFormAddComponent(networkform, dhcprapidcommitentry); if (startdhcptype == 0) { newtEntrySetFlags(dhcphostnameentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); newtEntrySetFlags(dhcpforcemtuentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); + newtCheckboxSetFlags(dhcprapidcommitentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); } } /* Address */ - addresslabel = newtTextbox(2, (typeflag ? 11 : 4) + 0, 18, 1, 0); + addresslabel = newtTextbox(2, (typeflag ? 12 : 4) + 0, 18, 1, 0); newtTextboxSetText(addresslabel, _("IP address:")); strcpy(temp, ""); findkey(kv, addressfield, temp); - addressentry = newtEntry(20, (typeflag ? 11 : 4) + 0, temp, 20, &addressresult, 0); + addressentry = newtEntry(20, (typeflag ? 12 : 4) + 0, temp, 20, &addressresult, 0); newtEntrySetFilter(addressentry, ip_input_filter, NULL); if (typeflag == 1 && startstatictype == 0) newtEntrySetFlags(addressentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); @@ -148,10 +169,10 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, newtFormAddComponent(networkform, addressentry); /* Netmask */ - netmasklabel = newtTextbox(2, (typeflag ? 11 : 4) + 1, 18, 1, 0); + netmasklabel = newtTextbox(2, (typeflag ? 12 : 4) + 1, 18, 1, 0); newtTextboxSetText(netmasklabel, _("Network mask:")); strcpy(temp, "255.255.255.0"); findkey(kv, netmaskfield, temp); - netmaskentry = newtEntry(20, (typeflag ? 11 : 4) + 1, temp, 20, &netmaskresult, 0); + netmaskentry = newtEntry(20, (typeflag ? 12 : 4) + 1, temp, 20, &netmaskresult, 0); newtEntrySetFilter(netmaskentry, ip_input_filter, NULL); if (typeflag == 1 && startstatictype == 0) newtEntrySetFlags(netmaskentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); @@ -162,11 +183,11 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, if (typeflag) { /* Gateway */ - gatewaylabel = newtTextbox(2, (typeflag ? 11 : 4) + 2, 18, 1, 0); + gatewaylabel = newtTextbox(2, (typeflag ? 12 : 4) + 2, 18, 1, 0); newtTextboxSetText(gatewaylabel, _("Gateway:")); strcpy(temp, ""); findkey(kv, gatewayfield, temp); - gatewayentry = newtEntry(20, (typeflag ? 11 : 4) + 2, temp, 20, &gatewayresult, 0); + gatewayentry = newtEntry(20, (typeflag ? 12 : 4) + 2, temp, 20, &gatewayresult, 0); newtEntrySetFilter(gatewayentry, ip_input_filter, NULL); if (typeflag == 1 && startstatictype == 0) newtEntrySetFlags(gatewayentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); @@ -175,8 +196,8 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, } /* Buttons. */ - ok = newtButton(8, (typeflag ? 15 : 7), _("OK")); - cancel = newtButton(26, (typeflag ? 15 : 7), _("Cancel")); + ok = newtButton(8, (typeflag ? 16 : 7), _("OK")); + cancel = newtButton(26, (typeflag ? 16 : 7), _("Cancel")); newtFormAddComponents(networkform, ok, cancel, NULL); @@ -237,6 +258,12 @@ int changeaddress(struct keyvalue *kv, char *colour, int typeflag, { replacekeyvalue(kv, dhcphostnamefield, dhcphostnameresult); replacekeyvalue(kv, dhcpforcemtufield, dhcpforcemturesult); + + if (enablerapidcommit == '*') + replacekeyvalue(kv, dhcprapidcommitfield, "on"); + else + replacekeyvalue(kv, dhcprapidcommitfield, "off"); + if (strcmp(type, "STATIC") != 0) { replacekeyvalue(kv, addressfield, "0.0.0.0"); @@ -352,11 +379,13 @@ void networkdialogcallbacktype(newtComponent cm, void *data) { newtEntrySetFlags(dhcphostnameentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_RESET); newtEntrySetFlags(dhcpforcemtuentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_RESET); + newtCheckboxSetFlags(dhcprapidcommitentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_RESET); } else { newtEntrySetFlags(dhcphostnameentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); newtEntrySetFlags(dhcpforcemtuentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); + newtCheckboxSetFlags(dhcprapidcommitentry, NEWT_FLAG_DISABLED, NEWT_FLAGS_SET); } newtRefresh(); newtDrawForm(networkform); hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. 7350feee58b0e190c9a07b1b65580e730053878e
by Arne Fitzenreiter 05 Nov '24

05 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via 7350feee58b0e190c9a07b1b65580e730053878e (commit) via 2e92bfc047ed3ee68f77b8d7a06985bb6663e565 (commit) via 7c0241405ebba6d91e88ee615c0d19c3a0412750 (commit) via cacfaa1c890b024302ba9a861bc98b0ac365e405 (commit) via 3638d37c0d5e2c1ffa4fd4e884c11b9da3676e31 (commit) via 3c904d268b3ff516c5453e60c710a81e93d96d5d (commit) from d6dc07a1a8696b8fae84357859f5521079105c52 (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit 7350feee58b0e190c9a07b1b65580e730053878e Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Tue Nov 5 08:57:59 2024 +0100 core190: ship files with fixed chown syntax Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 2e92bfc047ed3ee68f77b8d7a06985bb6663e565 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Oct 17 14:54:16 2024 +0000 chown: Replace . with : on all shipped scripts I don't like this messy bootup screen that we have with all sorts of warnings that actually don't cause any problems, but make the boot messy and send the wrong message to users. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 7c0241405ebba6d91e88ee615c0d19c3a0412750 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Tue Nov 5 08:50:01 2024 +0100 core190: ship network-hotplug-bridges Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit cacfaa1c890b024302ba9a861bc98b0ac365e405 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Oct 17 14:54:15 2024 +0000 udev: network-hotplug-bridges: Silence a warning when interfaces have gone away It can happen that udev has an event for an interface in the queue that has already gone away - or even just being renamed. Then reading the MAC address fails. Because the shell expands the "$(<...)" statement before running the whole line, the read check is useless. Because the code would get too complicated otherwise, I decided to use cat. Not cool, but this does the job. Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 3638d37c0d5e2c1ffa4fd4e884c11b9da3676e31 Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Oct 17 14:54:14 2024 +0000 wlanap.cgi: Use the correct array to fetch the current interface Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> commit 3c904d268b3ff516c5453e60c710a81e93d96d5d Author: Michael Tremer <michael.tremer(a)ipfire.org> Date: Thu Oct 17 14:54:13 2024 +0000 hostapd: Enable logging to syslog Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org> Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/hostapd/config | 2 +- config/rootfiles/core/190/filelists/files | 10 ++++++++++ config/udev/network-hotplug-bridges | 2 +- html/cgi-bin/wlanap.cgi | 3 +-- lfs/frr | 2 +- lfs/hostapd | 2 +- lfs/zabbix_agentd | 2 +- src/initscripts/helper/aws-setup | 4 ++-- src/initscripts/helper/azure-setup | 4 ++-- src/initscripts/helper/exoscale-setup | 4 ++-- src/initscripts/helper/gcp-setup | 4 ++-- src/initscripts/helper/oci-setup | 4 ++-- src/initscripts/packages/frr | 4 ++-- src/initscripts/packages/hostapd | 2 +- src/initscripts/packages/zabbix_agentd | 2 +- src/initscripts/system/cleanfs | 2 +- src/initscripts/system/squid | 2 +- src/misc-progs/openvpnctrl.c | 2 +- src/misc-progs/sshctrl.c | 2 +- 19 files changed, 34 insertions(+), 25 deletions(-) Difference in files: diff --git a/config/hostapd/config b/config/hostapd/config index a5b4f09be8..b590309004 100644 --- a/config/hostapd/config +++ b/config/hostapd/config @@ -171,7 +171,7 @@ CONFIG_IEEE80211AX=y #CONFIG_DEBUG_FILE=y # Send debug messages to syslog instead of stdout -#CONFIG_DEBUG_SYSLOG=y +CONFIG_DEBUG_SYSLOG=y # Add support for sending all debug messages (regardless of debug verbosity) # to the Linux kernel tracing facility. This helps debug the entire stack by diff --git a/config/rootfiles/core/190/filelists/files b/config/rootfiles/core/190/filelists/files index 2ee32fa748..4b65efd1d7 100644 --- a/config/rootfiles/core/190/filelists/files +++ b/config/rootfiles/core/190/filelists/files @@ -1,11 +1,19 @@ etc/collectd.conf etc/collectd.d etc/httpd/conf/vhosts.d/ipfire-interface-ssl.conf +etc/rc.d/helper/aws-setup +etc/rc.d/helper/azure-setup +etc/rc.d/helper/exoscale-setup +etc/rc.d/helper/gcp-setup +etc/rc.d/helper/oci-setup etc/rc.d/init.d/apache +etc/rc.d/init.d/cleanfs etc/rc.d/init.d/collectd etc/rc.d/init.d/firewall etc/rc.d/init.d/networking/functions.network +etc/rc.d/init.d/squid etc/rc.d/init.d/suricata +lib/udev/network-hotplug-bridges srv/web/ipfire/cgi-bin/getrrdimage.cgi srv/web/ipfire/cgi-bin/ids.cgi srv/web/ipfire/cgi-bin/index.cgi @@ -15,6 +23,8 @@ srv/web/ipfire/cgi-bin/vpnmain.cgi usr/bin/suricata-watcher usr/lib/firewall/rules.pl usr/lib/perl5/5.36.0/xxxMACHINExxx-linux-thread-multi/Compress/Raw/Zlib.pm +usr/local/bin/openvpnctrl +usr/local/bin/sshctrl var/ipfire/backup/include var/ipfire/graphs.pl var/ipfire/network-functions.pl diff --git a/config/udev/network-hotplug-bridges b/config/udev/network-hotplug-bridges index 9fded1fd03..39faeb5a9e 100644 --- a/config/udev/network-hotplug-bridges +++ b/config/udev/network-hotplug-bridges @@ -42,7 +42,7 @@ detect_zone() { local slave for slave in $(get_value "${zone}_SLAVES"); do # Compare if the mac address matches or if the name matches - if [ -r "/sys/class/net/${INTERFACE}/address" -a "$(</sys/class/net/${INTERFACE}/address)" = "${slave}" ] || [ "${INTERFACE}" = "${slave}" ]; then + if [ "$(cat /sys/class/net/${INTERFACE}/address 2>/dev/null)" = "${slave}" ] || [ "${INTERFACE}" = "${slave}" ]; then echo "${zone}" return 0 fi diff --git a/html/cgi-bin/wlanap.cgi b/html/cgi-bin/wlanap.cgi index 83849d3243..a5d4d8d808 100644 --- a/html/cgi-bin/wlanap.cgi +++ b/html/cgi-bin/wlanap.cgi @@ -61,7 +61,7 @@ my %cgiparams = (); &Header::getcgihash(\%cgiparams); # Find the selected interface -my $INTF = &Network::get_intf_by_address($cgiparams{'INTERFACE'}); +my $INTF = &Network::get_intf_by_address($wlanapsettings{'INTERFACE'}); delete $wlanapsettings{'__CGI__'}; delete $wlanapsettings{'x'}; @@ -376,7 +376,6 @@ END &Header::closebox(); if ($INTF) { - &Header::opensection(); my @status = `iw dev $INTF info`; diff --git a/lfs/frr b/lfs/frr index 577698cd68..95fbdf0f19 100644 --- a/lfs/frr +++ b/lfs/frr @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = frr -PAK_VER = 10 +PAK_VER = 11 DEPS = diff --git a/lfs/hostapd b/lfs/hostapd index 306b32641d..543cc34e20 100644 --- a/lfs/hostapd +++ b/lfs/hostapd @@ -33,7 +33,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = hostapd -PAK_VER = 66 +PAK_VER = 67 DEPS = diff --git a/lfs/zabbix_agentd b/lfs/zabbix_agentd index dd593ecf1b..e33d9db2d2 100644 --- a/lfs/zabbix_agentd +++ b/lfs/zabbix_agentd @@ -34,7 +34,7 @@ DL_FROM = $(URL_IPFIRE) DIR_APP = $(DIR_SRC)/$(THISAPP) TARGET = $(DIR_INFO)/$(THISAPP) PROG = zabbix_agentd -PAK_VER = 14 +PAK_VER = 15 DEPS = fping diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup index f14f4eb578..7b3371ac3a 100644 --- a/src/initscripts/helper/aws-setup +++ b/src/initscripts/helper/aws-setup @@ -110,11 +110,11 @@ import_aws_configuration() { if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then mkdir -p "/home/setup/.ssh" chmod 700 "/home/setup/.ssh" - chown setup.nobody "/home/setup/.ssh" + chown setup:nobody "/home/setup/.ssh" echo "${key}" >> "/home/setup/.ssh/authorized_keys" chmod 600 "/home/setup/.ssh/authorized_keys" - chown setup.nobody "/home/setup/.ssh/authorized_keys" + chown setup:nobody "/home/setup/.ssh/authorized_keys" fi done diff --git a/src/initscripts/helper/azure-setup b/src/initscripts/helper/azure-setup index 7a4422a353..1a1c2a9fe4 100644 --- a/src/initscripts/helper/azure-setup +++ b/src/initscripts/helper/azure-setup @@ -132,12 +132,12 @@ import_azure_configuration() { # Install directory mkdir -p "${dir}" chmod 700 "${dir}" - chown "${user}.nobody" "${dir}" + chown "${user}:nobody" "${dir}" # Install the key echo "${key}" >> "${path}" chmod 600 "${path}" - chown "${user}.nobody" "${path}" + chown "${user}:nobody" "${path}" fi done diff --git a/src/initscripts/helper/exoscale-setup b/src/initscripts/helper/exoscale-setup index 02fdda2a35..a0475c2bb3 100644 --- a/src/initscripts/helper/exoscale-setup +++ b/src/initscripts/helper/exoscale-setup @@ -76,11 +76,11 @@ import_exoscale_configuration() { if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then mkdir -p "/home/setup/.ssh" chmod 700 "/home/setup/.ssh" - chown setup.nobody "/home/setup/.ssh" + chown setup:nobody "/home/setup/.ssh" echo "${key}" >> "/home/setup/.ssh/authorized_keys" chmod 600 "/home/setup/.ssh/authorized_keys" - chown setup.nobody "/home/setup/.ssh/authorized_keys" + chown setup:nobody "/home/setup/.ssh/authorized_keys" fi # Import any previous settings for the local interfaces diff --git a/src/initscripts/helper/gcp-setup b/src/initscripts/helper/gcp-setup index 4f5148c3e2..132ee9bb88 100644 --- a/src/initscripts/helper/gcp-setup +++ b/src/initscripts/helper/gcp-setup @@ -110,11 +110,11 @@ import_gcp_configuration() { if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then mkdir -p "/home/setup/.ssh" chmod 700 "/home/setup/.ssh" - chown setup.nobody "/home/setup/.ssh" + chown setup:nobody "/home/setup/.ssh" echo "${key}" >> "/home/setup/.ssh/authorized_keys" chmod 600 "/home/setup/.ssh/authorized_keys" - chown setup.nobody "/home/setup/.ssh/authorized_keys" + chown setup:nobody "/home/setup/.ssh/authorized_keys" fi done <<<"$(get instance/attributes/ssh-keys)" diff --git a/src/initscripts/helper/oci-setup b/src/initscripts/helper/oci-setup index 312014b74c..8ea465e509 100644 --- a/src/initscripts/helper/oci-setup +++ b/src/initscripts/helper/oci-setup @@ -139,11 +139,11 @@ import_oci_configuration() { if [ -n "${key}" ] && ! grep -q "^${key}$" "/home/setup/.ssh/authorized_keys" 2>/dev/null; then mkdir -p "/home/setup/.ssh" chmod 700 "/home/setup/.ssh" - chown setup.nobody "/home/setup/.ssh" + chown setup:nobody "/home/setup/.ssh" echo "${key}" >> "/home/setup/.ssh/authorized_keys" chmod 600 "/home/setup/.ssh/authorized_keys" - chown setup.nobody "/home/setup/.ssh/authorized_keys" + chown setup:nobody "/home/setup/.ssh/authorized_keys" fi done <<<"$(get instance/metadata/ssh_authorized_keys)" diff --git a/src/initscripts/packages/frr b/src/initscripts/packages/frr index 22cf2f7aaf..54cf4d3e71 100644 --- a/src/initscripts/packages/frr +++ b/src/initscripts/packages/frr @@ -28,14 +28,14 @@ case "${1}" in start) # Fix permissions of configuration directory if [ -d "/etc/frr" ]; then - chown root.frr /etc/frr + chown root:frr /etc/frr chmod 775 /etc/frr fi for daemon in ${DAEMONS}; do if [ -f "/etc/frr/${daemon}.conf" ]; then # Set permissions - chown frr.frr "/etc/frr/${daemon}.conf" + chown frr:frr "/etc/frr/${daemon}.conf" boot_mesg "Starting FRRouting ${daemon}..." loadproc "/usr/sbin/${daemon}" --daemon diff --git a/src/initscripts/packages/hostapd b/src/initscripts/packages/hostapd index cd2aef9b1b..b0a20e7c0c 100644 --- a/src/initscripts/packages/hostapd +++ b/src/initscripts/packages/hostapd @@ -54,7 +54,7 @@ case "${1}" in fi boot_mesg "Starting hostapd... " - loadproc /usr/bin/hostapd -B /etc/hostapd.conf -i "${interface}" + loadproc /usr/bin/hostapd -s -B /etc/hostapd.conf -i "${interface}" ;; stop) diff --git a/src/initscripts/packages/zabbix_agentd b/src/initscripts/packages/zabbix_agentd index 055968ef0c..224cc4fe41 100644 --- a/src/initscripts/packages/zabbix_agentd +++ b/src/initscripts/packages/zabbix_agentd @@ -26,7 +26,7 @@ case "${1}" in start) if [ ! -d "/var/run/zabbix" ]; then mkdir -p /var/run/zabbix - chown zabbix.zabbix /var/run/zabbix + chown zabbix:zabbix /var/run/zabbix fi boot_mesg "Starting Zabbix Agent..." diff --git a/src/initscripts/system/cleanfs b/src/initscripts/system/cleanfs index d1cbb2547e..af9332c495 100644 --- a/src/initscripts/system/cleanfs +++ b/src/initscripts/system/cleanfs @@ -92,7 +92,7 @@ case "${1}" in fi if [ ! -e /var/lock/time ]; then mkdir -p /var/lock/time - chown nobody.root /var/lock/time + chown nobody:root /var/lock/time fi if [ ! -e /var/run/clamav ]; then mkdir -p /var/run/clamav diff --git a/src/initscripts/system/squid b/src/initscripts/system/squid index b7cb30b7c9..d457343342 100644 --- a/src/initscripts/system/squid +++ b/src/initscripts/system/squid @@ -185,7 +185,7 @@ case "$1" in ;; setperms) - chown -R nobody.squid /var/updatecache/ + chown -R nobody:squid /var/updatecache/ ;; *) diff --git a/src/misc-progs/openvpnctrl.c b/src/misc-progs/openvpnctrl.c index 8de6eec5cb..fb32146e43 100644 --- a/src/misc-progs/openvpnctrl.c +++ b/src/misc-progs/openvpnctrl.c @@ -504,7 +504,7 @@ void startDaemon(void) { executeCommand(command); snprintf(command, STRING_SIZE-1, "/usr/sbin/openvpn --config /var/ipfire/ovpn/server.conf"); executeCommand(command); - snprintf(command, STRING_SIZE-1, "/bin/chown root.nobody /var/run/ovpnserver.log"); + snprintf(command, STRING_SIZE-1, "/bin/chown root:nobody /var/run/ovpnserver.log"); executeCommand(command); snprintf(command, STRING_SIZE-1, "/bin/chmod 644 /var/run/ovpnserver.log"); executeCommand(command); diff --git a/src/misc-progs/sshctrl.c b/src/misc-progs/sshctrl.c index f1d0338c23..31f59b140a 100644 --- a/src/misc-progs/sshctrl.c +++ b/src/misc-progs/sshctrl.c @@ -142,7 +142,7 @@ int main(int argc, char *argv[]) sleep(5); unlink("/var/ipfire/remote/enablessh"); safe_system("cat /var/ipfire/remote/settings | sed 's/ENABLE_SSH=on/ENABLE_SSH=off/' > /var/ipfire/remote/settings2 && mv /var/ipfire/remote/settings2 /var/ipfire/remote/settings"); - safe_system("chown nobody.nobody /var/ipfire/remote/settings"); + safe_system("chown nobody:nobody /var/ipfire/remote/settings"); snprintf(command, BUFFER_SIZE-1, "sleep %s && /usr/local/bin/sshctrl &", argv[2]); safe_system(command); } hooks/post-receive -- IPFire 2.x development tree

1 0

[git.ipfire.org] IPFire 2.x development tree branch, next, updated. d6dc07a1a8696b8fae84357859f5521079105c52
by Arne Fitzenreiter 04 Nov '24

04 Nov '24

This is an automated email from the git hooks/post-receive script. It was generated because a ref change was pushed to the repository containing the project "IPFire 2.x development tree". The branch, next has been updated via d6dc07a1a8696b8fae84357859f5521079105c52 (commit) from 06452d0db672a2bd72e89bb9007cd3a9766a782c (commit) Those revisions listed above that are new to this repository have not appeared on any other notification email; so we list those revisions in full, below. - Log ----------------------------------------------------------------- commit d6dc07a1a8696b8fae84357859f5521079105c52 Author: Arne Fitzenreiter <arne_f(a)ipfire.org> Date: Mon Nov 4 18:00:11 2024 +0100 kernel: update to 6.6.59 Signed-off-by: Arne Fitzenreiter <arne_f(a)ipfire.org> ----------------------------------------------------------------------- Summary of changes: config/kernel/kernel.config.aarch64-ipfire | 2 +- config/kernel/kernel.config.riscv64-ipfire | 2 +- config/kernel/kernel.config.x86_64-ipfire | 3 +-- lfs/linux | 4 ++-- 4 files changed, 5 insertions(+), 6 deletions(-) Difference in files: diff --git a/config/kernel/kernel.config.aarch64-ipfire b/config/kernel/kernel.config.aarch64-ipfire index 6defbfd34..f46465967 100644 --- a/config/kernel/kernel.config.aarch64-ipfire +++ b/config/kernel/kernel.config.aarch64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/arm64 6.6.58 Kernel Configuration +# Linux/arm64 6.6.59 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.0" CONFIG_CC_IS_GCC=y diff --git a/config/kernel/kernel.config.riscv64-ipfire b/config/kernel/kernel.config.riscv64-ipfire index aeac20d1d..d6c818876 100644 --- a/config/kernel/kernel.config.riscv64-ipfire +++ b/config/kernel/kernel.config.riscv64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/riscv 6.6.58 Kernel Configuration +# Linux/riscv 6.6.59 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.0" CONFIG_CC_IS_GCC=y diff --git a/config/kernel/kernel.config.x86_64-ipfire b/config/kernel/kernel.config.x86_64-ipfire index c65e61b89..11ad578fe 100644 --- a/config/kernel/kernel.config.x86_64-ipfire +++ b/config/kernel/kernel.config.x86_64-ipfire @@ -1,6 +1,6 @@ # # Automatically generated file; DO NOT EDIT. -# Linux/x86 6.6.58 Kernel Configuration +# Linux/x86 6.6.59 Kernel Configuration # CONFIG_CC_VERSION_TEXT="gcc (GCC) 14.2.0" CONFIG_CC_IS_GCC=y @@ -481,7 +481,6 @@ CONFIG_PHYSICAL_ALIGN=0x400000 CONFIG_DYNAMIC_MEMORY_LAYOUT=y CONFIG_RANDOMIZE_MEMORY=y CONFIG_RANDOMIZE_MEMORY_PHYSICAL_PADDING=0x0 -# CONFIG_ADDRESS_MASKING is not set CONFIG_HOTPLUG_CPU=y # CONFIG_LEGACY_VSYSCALL_XONLY is not set CONFIG_LEGACY_VSYSCALL_NONE=y diff --git a/lfs/linux b/lfs/linux index fa4b43b84..41f34a9ab 100644 --- a/lfs/linux +++ b/lfs/linux @@ -24,7 +24,7 @@ include Config -VER = 6.6.58 +VER = 6.6.59 THISAPP = linux-$(VER) DL_FILE = linux-$(VER).tar.xz @@ -69,7 +69,7 @@ objects = \ $(DL_FILE) = $(URL_IPFIRE)/$(DL_FILE) -$(DL_FILE)_BLAKE2 = f621a4f786ac1f043b70419f6b623075c771eff6765a51130d1ae710b58202988286332be90f3a1849a75f9bc44463a23a1f69b38906d469abaf2075730e646c +$(DL_FILE)_BLAKE2 = a280cffe2a9efa3cad8bc850c9b57486811fa2cc5abc29ae47d712f0f145c6d9bbe6686eb777d87882781d10b8f1d89dedd158c8f7991aeff04e473cbceea900 install : $(TARGET) hooks/post-receive -- IPFire 2.x development tree

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

IPFire-SCM November 2024