* [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 4d2c384543fdd50b2471a5442f7f91361f6a74ff
@ 2018-07-01 12:37 git
0 siblings, 0 replies; only message in thread
From: git @ 2018-07-01 12:37 UTC (permalink / raw)
To: ipfire-scm
[-- Attachment #1: Type: text/plain, Size: 82168 bytes --]
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "IPFire 2.x development tree".
The branch, next has been updated
via 4d2c384543fdd50b2471a5442f7f91361f6a74ff (commit)
via 05375f12755c426d4153a3e93251cb26f4cd539c (commit)
via 6cedc16d90cbce2d09c909d1dd79119bd161b344 (commit)
via 54e3be22f263e7135c039b98744ecdfa694f53e9 (commit)
via a44eed2536009e8e7c929eb9aa13ca9d730b627f (commit)
via 9aeae881332edf777a7defe06260891d8d081ea5 (commit)
via 352796cad7aa2f40ac983149d9fc9928fd1a0f1d (commit)
via df5cc48dd685bc83e3196ef35ee9f507c66d79a2 (commit)
via 0779907e1b8ba65516280234ff6d90aa244340f8 (commit)
via 79d32988c52b65d5254c991e7a41367451af21a6 (commit)
via 1ff69fca2a336c71ccd9d13846d0501f128d916e (commit)
via c6e5fcdf127bac77d2b34d9e84dbb6eb5fdda146 (commit)
via eeab80f8dcb7ad8564ac684e014f1a67be82923e (commit)
via 733fae2abe50fb190ff1cd96c2de39558ed3ed9d (commit)
via 46a5bac6ed7aa1e03200d26eeaaad65bd35ee5ef (commit)
via 080e79f149257dd23fd25c35f498083fc1a862a1 (commit)
via dc845b6c81cfd8622e4c060e08edf8c22ff68e1a (commit)
via eb7ccf87c566f32557088d09fa69fdcdeef2a1be (commit)
via 464c27554ced7b1d4fbb0d454bb7db2856d2af34 (commit)
via 9a56118b61ae307e2cceac44df0ff867cc5bf6aa (commit)
via 787469ebd6349c688443995146535de781f755de (commit)
via 475ae4b3dbb29ba67a16e48910d3fa8130a8b2c3 (commit)
via 470e85c3652ca52393fca8204a1052471753aa8b (commit)
via 2e42a9eaa15d43885b46dd977c540293446d641a (commit)
via 48a7737fdd50db0384e0c999a768c7cf3052200b (commit)
via f487e373930472b234f637a03273604d3c7a241c (commit)
via 4c0bd63ea4c21eb8140eb5a54b2eeda4b43b7e8e (commit)
via a1c5ceeb347e75f03e042c2e90bb23d6024a4641 (commit)
via 4e9000b4d8435d952cca982020ca70f8d64b45ec (commit)
via c7141f04791dc1c3bf6799e260497be614201a75 (commit)
via 8f2c3b49b6b12a1edad5e4f0cd3feb0beda22c21 (commit)
via 16c31d10040db4f175642376b284a0f98609e19e (commit)
via 7d06d0de7b7ec2f6a8ccf4b7c179f2538780beb1 (commit)
via 0f224ad770d01494db31c875ef2e31a766735527 (commit)
via 1a0d8b0573cd4cb573cf891f2ac26520fa5573bb (commit)
via c86fd963d20b82593032c3c4b2d47dbdaa9def1a (commit)
via 607240e28c4f1572b3d7735c6e2a45387a90ea6d (commit)
via 3273ff48f04fe01364eb413966d7afb351a9cb41 (commit)
via 0009de91e886514e05002eed1286f6007dea3876 (commit)
via 8b59ef085e4de8ea38e0ac9859c72f5a93194c9d (commit)
via 7fa83c2fe79fd2f3f32885707591637f559401a3 (commit)
via fd52e82a7252a7559c694fce6570aab461c331e3 (commit)
via d97ba75fe5634055850deda7a594d52e901dbe75 (commit)
via 6723afef0922295dbd8ea66171270040b0edc002 (commit)
via bd3bcb45d611f1e5f39fae07f6c5b189c1e64560 (commit)
via 563c50216300ab2078fabfe305fea93aaeb2d5e5 (commit)
via 348360292979236e94a8e44fa8c4668941ad95da (commit)
via 1c21ebf8d5464d3d84e8d2dc247a77870f3961df (commit)
via 1f2a90b5521eec74569c8d6f1a9902fc0aa44bbf (commit)
from bc91a66281193d7fca60858e5efed5ec73ad9fe0 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 4d2c384543fdd50b2471a5442f7f91361f6a74ff
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 13:34:56 2018 +0100
core123: Ship changed vpnmain.cgi
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 05375f12755c426d4153a3e93251cb26f4cd539c
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sat Jun 30 17:18:30 2018 +0200
add ChaCha20/Poly1305 to IPsec WebUI
The algorithm is selected by default since it is considered
to be both secure and state-of-the-art. This required Linux kernel
> 4.2, which is satisfied by Core Update 2.12 122.
Fixes #11549
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6cedc16d90cbce2d09c909d1dd79119bd161b344
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sat Jun 30 17:15:22 2018 +0200
update cryptography settings in StrongSwan LFS file
The RC2 plugin was never supported by the WebUI and is insecure,
so it became obsolete here. To support new ChaCha20/Poly1305, the
corresponding module needs to be enabled.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 54e3be22f263e7135c039b98744ecdfa694f53e9
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 13:34:19 2018 +0100
core123: Ship updated packages and files
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a44eed2536009e8e7c929eb9aa13ca9d730b627f
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 12:38:48 2018 +0100
proxy.cgi: The group name cannot be in quotes
Squid interprets the quotes as part of the group name, too
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9aeae881332edf777a7defe06260891d8d081ea5
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Wed Jun 20 17:00:36 2018 +0200
smartmontools: update to 6.6.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 352796cad7aa2f40ac983149d9fc9928fd1a0f1d
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Wed Jun 20 17:04:26 2018 +0200
lynis: update to 2.6.4
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit df5cc48dd685bc83e3196ef35ee9f507c66d79a2
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sat Jun 30 17:16:37 2018 +0200
update StrongSwan to 5.6.3
This also takes advantage of changed crypto plugins (see first
patch) and updates the rootfile.
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0779907e1b8ba65516280234ff6d90aa244340f8
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Sat Jun 30 12:07:15 2018 +0200
libgcrypt: update to 1.8.3
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 79d32988c52b65d5254c991e7a41367451af21a6
Author: Matthias Fischer <matthias.fischer(a)ipfire.org>
Date: Mon Jun 25 17:31:01 2018 +0200
unbound: Update to 1.7.3
For details see:
http://www.unbound.net/download.html
Best,
Matthias
Signed-off-by: Matthias Fischer <matthias.fischer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1ff69fca2a336c71ccd9d13846d0501f128d916e
Author: Erik Kapfer <erik.kapfer(a)ipfire.org>
Date: Thu Jun 21 13:54:36 2018 +0200
OpenVPN: Update to version 2.4.6
Signed-off-by: Erik Kapfer <erik.kapfer(a)ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c6e5fcdf127bac77d2b34d9e84dbb6eb5fdda146
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Wed Jun 20 17:13:01 2018 +0200
conntrack-tools: update to 1.4.5
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit eeab80f8dcb7ad8564ac684e014f1a67be82923e
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Wed Jun 20 17:11:28 2018 +0200
libnetfilter_conntrack: update to 1.0.7
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 733fae2abe50fb190ff1cd96c2de39558ed3ed9d
Author: Peter Müller <peter.mueller(a)link38.eu>
Date: Wed Jun 20 17:09:05 2018 +0200
iptables: update to 1.6.2
Signed-off-by: Peter Müller <peter.mueller(a)link38.eu>
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 46a5bac6ed7aa1e03200d26eeaaad65bd35ee5ef
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 12:24:25 2018 +0100
vpnmain.cgi: Remove unused code that prevented the page from loading without GREEN
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 080e79f149257dd23fd25c35f498083fc1a862a1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 12:21:59 2018 +0100
Don't show proxy configuration pages when GREEN is not available
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit dc845b6c81cfd8622e4c060e08edf8c22ff68e1a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 12:15:00 2018 +0100
AWS: Hide certain things on the web UI
Those are practically unusable on AWS.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit eb7ccf87c566f32557088d09fa69fdcdeef2a1be
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:54:51 2018 +0100
AWS: Store instance id
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 464c27554ced7b1d4fbb0d454bb7db2856d2af34
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:52:54 2018 +0100
aws: Re-enable check if we are actually running on EC2
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 9a56118b61ae307e2cceac44df0ff867cc5bf6aa
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:51:39 2018 +0100
aws: Suppress any output from ending dhclient
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 787469ebd6349c688443995146535de781f755de
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:51:18 2018 +0100
aws: No need to wake up udev again
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 475ae4b3dbb29ba67a16e48910d3fa8130a8b2c3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:49:57 2018 +0100
firewall: Suppress more warnings when initialising without GREEN
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 470e85c3652ca52393fca8204a1052471753aa8b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:44:14 2018 +0100
AWS: Rename network interfaces only when necessary
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 2e42a9eaa15d43885b46dd977c540293446d641a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 11:43:35 2018 +0100
AWS: Import SSH keys before meddling with the network
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 48a7737fdd50db0384e0c999a768c7cf3052200b
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sun Jul 1 10:32:31 2018 +0100
firewall: Allow starting without a green interface
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit f487e373930472b234f637a03273604d3c7a241c
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 20:35:29 2018 +0100
AWS: No need to restart udev any more
The renames the network interfaces itself now
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4c0bd63ea4c21eb8140eb5a54b2eeda4b43b7e8e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 19:58:42 2018 +0100
localnet: Don't write local hostname to /etc/hosts
This is now being provided by nss-myhostname
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit a1c5ceeb347e75f03e042c2e90bb23d6024a4641
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 19:56:56 2018 +0100
nsswitch.conf: Use nss-myhostname to resolve local hostname
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 4e9000b4d8435d952cca982020ca70f8d64b45ec
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 19:51:38 2018 +0100
nss-myhostname: New package
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c7141f04791dc1c3bf6799e260497be614201a75
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 19:40:31 2018 +0100
AWS: Rename all interfaces when booting up
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8f2c3b49b6b12a1edad5e4f0cd3feb0beda22c21
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 19:25:29 2018 +0100
aws: Apply SSH configuration changes
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 16c31d10040db4f175642376b284a0f98609e19e
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Sat Jun 30 19:25:15 2018 +0100
openssh: Write port 22 into the default configuration file
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7d06d0de7b7ec2f6a8ccf4b7c179f2538780beb1
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 28 11:15:29 2018 +0100
AWS: Restart udev to rename network interfaces
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0f224ad770d01494db31c875ef2e31a766735527
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 28 11:01:33 2018 +0100
AWS: Add support for ORANGE
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1a0d8b0573cd4cb573cf891f2ac26520fa5573bb
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 28 10:57:50 2018 +0100
AWS: Remove some debugging line
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit c86fd963d20b82593032c3c4b2d47dbdaa9def1a
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 28 10:57:13 2018 +0100
AWS: Calculate gateway and DNS IP addresses only for RED
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 607240e28c4f1572b3d7735c6e2a45387a90ea6d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Thu Jun 28 10:55:24 2018 +0100
AWS: Use correct IP address for the internal DNS
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 3273ff48f04fe01364eb413966d7afb351a9cb41
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 27 10:05:55 2018 +0100
aws: Write HOSTNAME and DOMAINNAME when not set
Previously we expected the entire settings file to be empty
but since we are now shipping some defaults for other settings.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 0009de91e886514e05002eed1286f6007dea3876
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 27 09:59:47 2018 +0100
Ship default settings for language, theme, etc. in all images
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 8b59ef085e4de8ea38e0ac9859c72f5a93194c9d
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 27 09:56:32 2018 +0100
aws: Ensure that SSH checkbox is enabled, too
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 7fa83c2fe79fd2f3f32885707591637f559401a3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 27 09:55:09 2018 +0100
aws: Enable SSH on the first start
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit fd52e82a7252a7559c694fce6570aab461c331e3
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 11:08:04 2018 +0100
setup: Write /etc/hosts in initscript
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit d97ba75fe5634055850deda7a594d52e901dbe75
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 11:01:24 2018 +0100
setup: Don't write configuration files for TCP wrapper any more
This has been removed from the distribution a long time ago
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 6723afef0922295dbd8ea66171270040b0edc002
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 10:59:49 2018 +0100
apache: Write hostname into configuration at boot time
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit bd3bcb45d611f1e5f39fae07f6c5b189c1e64560
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 10:55:39 2018 +0100
AWS: Import aws setup script
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 563c50216300ab2078fabfe305fea93aaeb2d5e5
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 10:54:36 2018 +0100
dhcp: Ship dhclient
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 348360292979236e94a8e44fa8c4668941ad95da
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Mon Jun 25 10:53:53 2018 +0100
ssh: Update default configuration
This patch removes an old switch to enable SSH 1 and
makes port 22 the default port.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1c21ebf8d5464d3d84e8d2dc247a77870f3961df
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 6 12:19:17 2018 +0100
Add initscript that automatically configures IPFire on AWS EC2
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
commit 1f2a90b5521eec74569c8d6f1a9902fc0aa44bbf
Author: Michael Tremer <michael.tremer(a)ipfire.org>
Date: Wed Jun 6 12:06:54 2018 +0100
flash-image: Make sure that GRUB boots the first entry
This is required when importing an image into AWS EC2 or
the import of the image fails.
Signed-off-by: Michael Tremer <michael.tremer(a)ipfire.org>
-----------------------------------------------------------------------
Summary of changes:
.../cfgroot/aws-functions.pl | 18 +-
config/cfgroot/header.pl | 24 ++
config/cfgroot/main-settings | 5 +
config/cfgroot/ssh-settings | 3 +-
config/etc/nsswitch.conf | 2 +-
config/firewall/firewall-policy | 18 +-
config/rootfiles/common/aarch64/initscripts | 3 +
config/rootfiles/common/armv5tel/initscripts | 3 +
config/rootfiles/common/configroot | 1 +
config/rootfiles/common/conntrack-tools | 13 +
config/rootfiles/common/dhcp | 2 +-
config/rootfiles/common/i586/initscripts | 3 +
config/rootfiles/common/iptables | 18 +-
config/rootfiles/common/libgcrypt | 2 +-
config/rootfiles/common/libnetfilter_conntrack | 3 +-
config/rootfiles/common/nss-myhostname | 4 +
config/rootfiles/common/strongswan | 6 +-
config/rootfiles/common/unbound | 2 +-
config/rootfiles/common/x86_64/initscripts | 3 +
.../110 => core/123}/filelists/conntrack-tools | 0
config/rootfiles/core/123/filelists/files | 9 +
.../{oldcore/28 => core/123}/filelists/iptables | 0
config/rootfiles/core/123/filelists/nss-myhostname | 1 +
.../{oldcore/106 => core/123}/filelists/strongswan | 0
config/rootfiles/packages/lynis | 47 +++-
html/cgi-bin/proxy.cgi | 4 +-
html/cgi-bin/vpnmain.cgi | 22 +-
lfs/apache2 | 2 +-
lfs/configroot | 2 +
lfs/conntrack-tools | 4 +-
lfs/flash-images | 8 +-
lfs/initscripts | 1 +
lfs/iptables | 5 +-
lfs/libgcrypt | 4 +-
lfs/libnetfilter_conntrack | 4 +-
lfs/lynis | 6 +-
lfs/{libpcap => nss-myhostname} | 14 +-
lfs/openssh | 2 +-
lfs/openvpn | 4 +-
lfs/smartmontools | 4 +-
lfs/strongswan | 7 +-
lfs/unbound | 4 +-
make.sh | 1 +
src/initscripts/helper/aws-setup | 276 +++++++++++++++++++++
src/initscripts/system/apache | 3 +
src/initscripts/system/aws | 80 ++++++
src/initscripts/system/firewall | 10 +-
src/initscripts/system/localnet | 9 +
src/initscripts/system/udev | 10 +-
src/setup/misc.c | 91 -------
50 files changed, 585 insertions(+), 182 deletions(-)
copy src/paks/wio/uninstall.sh => config/cfgroot/aws-functions.pl (89%)
create mode 100644 config/cfgroot/main-settings
create mode 100644 config/rootfiles/common/nss-myhostname
copy config/rootfiles/{oldcore/110 => core/123}/filelists/conntrack-tools (100%)
copy config/rootfiles/{oldcore/28 => core/123}/filelists/iptables (100%)
create mode 120000 config/rootfiles/core/123/filelists/nss-myhostname
copy config/rootfiles/{oldcore/106 => core/123}/filelists/strongswan (100%)
copy lfs/{libpcap => nss-myhostname} (92%)
create mode 100644 src/initscripts/helper/aws-setup
create mode 100644 src/initscripts/system/aws
Difference in files:
diff --git a/config/cfgroot/aws-functions.pl b/config/cfgroot/aws-functions.pl
new file mode 100644
index 000000000..5fd97125c
--- /dev/null
+++ b/config/cfgroot/aws-functions.pl
@@ -0,0 +1,34 @@
+#!/usr/bin/perl -w
+############################################################################
+# #
+# This file is part of the IPFire Firewall. #
+# #
+# IPFire is free software; you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation; either version 2 of the License, or #
+# (at your option) any later version. #
+# #
+# IPFire is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with IPFire; if not, write to the Free Software #
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA #
+# #
+# Copyright (C) 2018 IPFire Team <info(a)ipfire.org>. #
+# #
+############################################################################
+
+package AWS;
+
+sub running_on_ec2() {
+ if (-e "/var/run/aws-instance-id") {
+ return 1;
+ }
+
+ return 0;
+}
+
+1;
diff --git a/config/cfgroot/header.pl b/config/cfgroot/header.pl
index 974c4d8b2..e8d9d377c 100644
--- a/config/cfgroot/header.pl
+++ b/config/cfgroot/header.pl
@@ -19,6 +19,8 @@ use Time::Local;
$|=1; # line buffering
+require "/var/ipfire/aws-functions.pl";
+
$Header::revision = 'final';
$Header::swroot = '/var/ipfire';
$Header::graphdir='/srv/web/ipfire/html/graphs';
@@ -97,6 +99,14 @@ require "${swroot}/langs/en.pl";
require "${swroot}/langs/${language}.pl";
eval `/bin/cat /srv/web/ipfire/html/themes/$THEME_NAME/include/functions.pl`;
+sub green_used() {
+ if ($ethsettings{'GREEN_DEV'} && $ethsettings{'GREEN_DEV'} ne "") {
+ return 1;
+ }
+
+ return 0;
+}
+
sub orange_used () {
if ($ethsettings{'CONFIG_TYPE'} =~ /^[24]$/) {
return 1;
@@ -161,6 +171,20 @@ sub genmenu {
if ( $ethsettings{'RED_TYPE'} eq "PPPOE" && $pppsettings{'MONPORT'} ne "" ) {
$menu->{'02.status'}{'subMenu'}->{'74.modem-status'}{'enabled'} = 1;
}
+
+ # Disbale unusable things on EC2
+ if (&AWS::running_on_ec2()) {
+ $menu->{'03.network'}{'subMenu'}->{'30.dhcp'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'80.macadressmenu'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'90.wakeonlan'}{'enabled'} = 0;
+ }
+
+ # Disable proxy when no GREEN is available
+ if (!&green_used()) {
+ $menu->{'03.network'}{'subMenu'}->{'20.proxy'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'21.urlfilter'}{'enabled'} = 0;
+ $menu->{'03.network'}{'subMenu'}->{'22.updxlrator'}{'enabled'} = 0;
+ }
}
}
diff --git a/config/cfgroot/main-settings b/config/cfgroot/main-settings
new file mode 100644
index 000000000..7d4e7fb79
--- /dev/null
+++ b/config/cfgroot/main-settings
@@ -0,0 +1,5 @@
+THEME=ipfire
+LANGUAGE=en
+RRDLOG=/var/log/rrd
+KEYMAP=/lib/kbd/keymaps/i386/qwerty/us.map.gz
+TIMEZONE=/usr/share/zoneinfo/posix/UTC
diff --git a/config/cfgroot/ssh-settings b/config/cfgroot/ssh-settings
index 83b8876dd..5741431c1 100644
--- a/config/cfgroot/ssh-settings
+++ b/config/cfgroot/ssh-settings
@@ -1,6 +1,5 @@
ENABLE_SSH_KEYS=off
-ENABLE_SSH_PROTOCOL1=off
ENABLE_SSH_PASSWORDS=on
ENABLE_SSH_PORTFW=off
ENABLE_SSH=off
-__CGI__=CGI=HASH(0x840b7a0)
+SSH_PORT=on
diff --git a/config/etc/nsswitch.conf b/config/etc/nsswitch.conf
index 067e63b48..468fd1c88 100644
--- a/config/etc/nsswitch.conf
+++ b/config/etc/nsswitch.conf
@@ -4,7 +4,7 @@ passwd: files
group: files
shadow: files
-hosts: files dns
+hosts: files dns myhostname
networks: files
protocols: files
diff --git a/config/firewall/firewall-policy b/config/firewall/firewall-policy
index cbba3b021..c0a526f22 100755
--- a/config/firewall/firewall-policy
+++ b/config/firewall/firewall-policy
@@ -58,7 +58,9 @@ HAVE_OPENVPN="true"
# INPUT
# Allow access from GREEN
-iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+if [ -n "${GREEN_DEV}" ]; then
+ iptables -A POLICYIN -i "${GREEN_DEV}" -j ACCEPT
+fi
# Allow access from BLUE
if [ "${HAVE_BLUE}" = "true" ] && [ -n "${BLUE_DEV}" ]; then
@@ -119,12 +121,14 @@ case "${POLICY}" in
*)
# Access from GREEN is granted to everywhere
- if [ "${IFACE}" = "${GREEN_DEV}" ]; then
- # internet via green
- # don't check source IP/NET if IFACE is GREEN
- iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
- else
- iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ if [ -n "${GREEN_DEV}" ]; then
+ if [ "${IFACE}" = "${GREEN_DEV}" ]; then
+ # internet via green
+ # don't check source IP/NET if IFACE is GREEN
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -j ACCEPT
+ else
+ iptables -A POLICYFWD -i "${GREEN_DEV}" -s "${GREEN_NETADDRESS}/${GREEN_NETMASK}" -j ACCEPT
+ fi
fi
# Grant access for IPsec VPN connections
diff --git a/config/rootfiles/common/aarch64/initscripts b/config/rootfiles/common/aarch64/initscripts
index 9e9e1a71a..3cb05d95f 100644
--- a/config/rootfiles/common/aarch64/initscripts
+++ b/config/rootfiles/common/aarch64/initscripts
@@ -1,10 +1,12 @@
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
@@ -184,6 +186,7 @@ etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S73swconfig
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/common/armv5tel/initscripts b/config/rootfiles/common/armv5tel/initscripts
index 9e9e1a71a..3cb05d95f 100644
--- a/config/rootfiles/common/armv5tel/initscripts
+++ b/config/rootfiles/common/armv5tel/initscripts
@@ -1,10 +1,12 @@
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
@@ -184,6 +186,7 @@ etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
etc/rc.d/rcsysinit.d/S73swconfig
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/common/configroot b/config/rootfiles/common/configroot
index 73b7bc01f..87389915e 100644
--- a/config/rootfiles/common/configroot
+++ b/config/rootfiles/common/configroot
@@ -7,6 +7,7 @@ usr/sbin/firewall-policy
var/ipfire/addon-lang
var/ipfire/auth
#var/ipfire/auth/users
+var/ipfire/aws-functions.pl
#var/ipfire/backup
var/ipfire/backup/exclude.user
var/ipfire/backup/include.user
diff --git a/config/rootfiles/common/conntrack-tools b/config/rootfiles/common/conntrack-tools
index 52b642abc..ef392df67 100644
--- a/config/rootfiles/common/conntrack-tools
+++ b/config/rootfiles/common/conntrack-tools
@@ -1,13 +1,26 @@
#usr/lib/conntrack-tools
+#usr/lib/conntrack-tools/ct_helper_amanda.la
+usr/lib/conntrack-tools/ct_helper_amanda.so
+#usr/lib/conntrack-tools/ct_helper_dhcpv6.la
+#usr/lib/conntrack-tools/ct_helper_dhcpv6.so
#usr/lib/conntrack-tools/ct_helper_ftp.la
usr/lib/conntrack-tools/ct_helper_ftp.so
+#usr/lib/conntrack-tools/ct_helper_mdns.la
+usr/lib/conntrack-tools/ct_helper_mdns.so
#usr/lib/conntrack-tools/ct_helper_rpc.la
usr/lib/conntrack-tools/ct_helper_rpc.so
+#usr/lib/conntrack-tools/ct_helper_sane.la
+usr/lib/conntrack-tools/ct_helper_sane.so
+#usr/lib/conntrack-tools/ct_helper_ssdp.la
+usr/lib/conntrack-tools/ct_helper_ssdp.so
+#usr/lib/conntrack-tools/ct_helper_tftp.la
+usr/lib/conntrack-tools/ct_helper_tftp.so
#usr/lib/conntrack-tools/ct_helper_tns.la
usr/lib/conntrack-tools/ct_helper_tns.so
usr/sbin/conntrack
usr/sbin/conntrackd
usr/sbin/nfct
+#usr/share/man/man5/conntrackd.conf.5
#usr/share/man/man8/conntrack.8
#usr/share/man/man8/conntrackd.8
#usr/share/man/man8/nfct.8
diff --git a/config/rootfiles/common/dhcp b/config/rootfiles/common/dhcp
index 9e6d52e4e..03b076826 100644
--- a/config/rootfiles/common/dhcp
+++ b/config/rootfiles/common/dhcp
@@ -18,7 +18,7 @@ etc/dhcp/dhcpd.conf
#usr/lib/libdhcp.a
#usr/lib/libdhcpctl.a
#usr/lib/libomapi.a
-#usr/sbin/dhclient
+usr/sbin/dhclient
usr/sbin/dhcpd
usr/sbin/dhcrelay
#usr/share/man/man1/omshell.1
diff --git a/config/rootfiles/common/i586/initscripts b/config/rootfiles/common/i586/initscripts
index cc0e4580d..2c2306975 100644
--- a/config/rootfiles/common/i586/initscripts
+++ b/config/rootfiles/common/i586/initscripts
@@ -1,10 +1,12 @@
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
@@ -182,6 +184,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/common/iptables b/config/rootfiles/common/iptables
index 09e827c2a..d0c1065cb 100644
--- a/config/rootfiles/common/iptables
+++ b/config/rootfiles/common/iptables
@@ -16,9 +16,13 @@ lib/libiptc.so.0
lib/libiptc.so.0.0.0
#lib/libxtables.la
lib/libxtables.so
-lib/libxtables.so.10
-lib/libxtables.so.10.0.0
-lib/xtables
+lib/libxtables.so.12
+lib/libxtables.so.12.0.0
+#lib/xtables
+#lib/xtables/libebt_802_3.so
+#lib/xtables/libebt_ip.so
+#lib/xtables/libebt_log.so
+#lib/xtables/libebt_mark_m.so
#lib/xtables/libip6t_DNAT.so
#lib/xtables/libip6t_DNPT.so
#lib/xtables/libip6t_HL.so
@@ -39,16 +43,15 @@ lib/xtables
#lib/xtables/libip6t_ipv6header.so
#lib/xtables/libip6t_mh.so
#lib/xtables/libip6t_rt.so
+#lib/xtables/libip6t_srh.so
#lib/xtables/libipt_CLUSTERIP.so
#lib/xtables/libipt_DNAT.so
#lib/xtables/libipt_ECN.so
#lib/xtables/libipt_LOG.so
#lib/xtables/libipt_MASQUERADE.so
-#lib/xtables/libipt_MIRROR.so
#lib/xtables/libipt_NETMAP.so
#lib/xtables/libipt_REDIRECT.so
#lib/xtables/libipt_REJECT.so
-#lib/xtables/libipt_SAME.so
#lib/xtables/libipt_SNAT.so
#lib/xtables/libipt_TTL.so
#lib/xtables/libipt_ULOG.so
@@ -56,7 +59,6 @@ lib/xtables
#lib/xtables/libipt_icmp.so
#lib/xtables/libipt_realm.so
#lib/xtables/libipt_ttl.so
-#lib/xtables/libipt_unclean.so
#lib/xtables/libxt_AUDIT.so
#lib/xtables/libxt_CHECKSUM.so
#lib/xtables/libxt_CLASSIFY.so
@@ -84,6 +86,7 @@ lib/xtables
#lib/xtables/libxt_TRACE.so
#lib/xtables/libxt_addrtype.so
#lib/xtables/libxt_bpf.so
+#lib/xtables/libxt_cgroup.so
#lib/xtables/libxt_cluster.so
#lib/xtables/libxt_comment.so
#lib/xtables/libxt_connbytes.so
@@ -99,12 +102,14 @@ lib/xtables
#lib/xtables/libxt_esp.so
#lib/xtables/libxt_hashlimit.so
#lib/xtables/libxt_helper.so
+#lib/xtables/libxt_ipcomp.so
#lib/xtables/libxt_iprange.so
#lib/xtables/libxt_ipvs.so
#lib/xtables/libxt_layer7.so
#lib/xtables/libxt_length.so
#lib/xtables/libxt_limit.so
#lib/xtables/libxt_mac.so
+#lib/xtables/libxt_mangle.so
#lib/xtables/libxt_mark.so
#lib/xtables/libxt_multiport.so
#lib/xtables/libxt_nfacct.so
@@ -172,5 +177,6 @@ sbin/xtables-multi
#usr/share/man/man8/iptables-restore.8
#usr/share/man/man8/iptables-save.8
#usr/share/man/man8/iptables.8
+#usr/share/man/man8/nfnl_osf.8
#usr/share/xtables
usr/share/xtables/pf.os
diff --git a/config/rootfiles/common/libgcrypt b/config/rootfiles/common/libgcrypt
index e67fae932..e46507d46 100644
--- a/config/rootfiles/common/libgcrypt
+++ b/config/rootfiles/common/libgcrypt
@@ -6,7 +6,7 @@
#usr/lib/libgcrypt.la
#usr/lib/libgcrypt.so
usr/lib/libgcrypt.so.20
-usr/lib/libgcrypt.so.20.2.2
+usr/lib/libgcrypt.so.20.2.3
#usr/share/aclocal/libgcrypt.m4
#usr/share/info/gcrypt.info
#usr/share/man/man1/hmac256.1
diff --git a/config/rootfiles/common/libnetfilter_conntrack b/config/rootfiles/common/libnetfilter_conntrack
index 03000ec01..f5c776359 100644
--- a/config/rootfiles/common/libnetfilter_conntrack
+++ b/config/rootfiles/common/libnetfilter_conntrack
@@ -7,9 +7,10 @@
#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_sctp.h
#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_tcp.h
#usr/include/libnetfilter_conntrack/libnetfilter_conntrack_udp.h
+#usr/include/libnetfilter_conntrack/linux_nf_conntrack_common.h
#usr/include/libnetfilter_conntrack/linux_nfnetlink_conntrack.h
#usr/lib/libnetfilter_conntrack.la
#usr/lib/libnetfilter_conntrack.so
usr/lib/libnetfilter_conntrack.so.3
-usr/lib/libnetfilter_conntrack.so.3.6.0
+usr/lib/libnetfilter_conntrack.so.3.7.0
#usr/lib/pkgconfig/libnetfilter_conntrack.pc
diff --git a/config/rootfiles/common/nss-myhostname b/config/rootfiles/common/nss-myhostname
new file mode 100644
index 000000000..13f38ae42
--- /dev/null
+++ b/config/rootfiles/common/nss-myhostname
@@ -0,0 +1,4 @@
+lib/libnss_myhostname.so.2
+#usr/share/doc/nss-myhostname
+#usr/share/doc/nss-myhostname/README.html
+#usr/share/doc/nss-myhostname/style.css
diff --git a/config/rootfiles/common/strongswan b/config/rootfiles/common/strongswan
index 0a0dd050e..6981a7ca8 100644
--- a/config/rootfiles/common/strongswan
+++ b/config/rootfiles/common/strongswan
@@ -17,6 +17,7 @@ etc/strongswan.d/charon.conf
etc/strongswan.d/charon/aes.conf
etc/strongswan.d/charon/attr.conf
etc/strongswan.d/charon/ccm.conf
+etc/strongswan.d/charon/chapoly.conf
etc/strongswan.d/charon/cmac.conf
etc/strongswan.d/charon/constraints.conf
etc/strongswan.d/charon/counters.conf
@@ -51,7 +52,6 @@ etc/strongswan.d/charon/pkcs7.conf
etc/strongswan.d/charon/pkcs8.conf
etc/strongswan.d/charon/pubkey.conf
etc/strongswan.d/charon/random.conf
-etc/strongswan.d/charon/rc2.conf
etc/strongswan.d/charon/resolve.conf
etc/strongswan.d/charon/revocation.conf
etc/strongswan.d/charon/sha1.conf
@@ -112,6 +112,7 @@ usr/lib/ipsec/libvici.so.0.0.0
usr/lib/ipsec/plugins/libstrongswan-aes.so
usr/lib/ipsec/plugins/libstrongswan-attr.so
usr/lib/ipsec/plugins/libstrongswan-ccm.so
+usr/lib/ipsec/plugins/libstrongswan-chapoly.so
usr/lib/ipsec/plugins/libstrongswan-cmac.so
usr/lib/ipsec/plugins/libstrongswan-constraints.so
usr/lib/ipsec/plugins/libstrongswan-counters.so
@@ -146,7 +147,6 @@ usr/lib/ipsec/plugins/libstrongswan-pkcs7.so
usr/lib/ipsec/plugins/libstrongswan-pkcs8.so
usr/lib/ipsec/plugins/libstrongswan-pubkey.so
usr/lib/ipsec/plugins/libstrongswan-random.so
-usr/lib/ipsec/plugins/libstrongswan-rc2.so
usr/lib/ipsec/plugins/libstrongswan-resolve.so
usr/lib/ipsec/plugins/libstrongswan-revocation.so
usr/lib/ipsec/plugins/libstrongswan-sha1.so
@@ -197,6 +197,7 @@ usr/sbin/swanctl
#usr/share/strongswan/templates/config/plugins/aes.conf
#usr/share/strongswan/templates/config/plugins/attr.conf
#usr/share/strongswan/templates/config/plugins/ccm.conf
+#usr/share/strongswan/templates/config/plugins/chapoly.conf
#usr/share/strongswan/templates/config/plugins/cmac.conf
#usr/share/strongswan/templates/config/plugins/constraints.conf
#usr/share/strongswan/templates/config/plugins/counters.conf
@@ -231,7 +232,6 @@ usr/sbin/swanctl
#usr/share/strongswan/templates/config/plugins/pkcs8.conf
#usr/share/strongswan/templates/config/plugins/pubkey.conf
#usr/share/strongswan/templates/config/plugins/random.conf
-#usr/share/strongswan/templates/config/plugins/rc2.conf
#usr/share/strongswan/templates/config/plugins/resolve.conf
#usr/share/strongswan/templates/config/plugins/revocation.conf
#usr/share/strongswan/templates/config/plugins/sha1.conf
diff --git a/config/rootfiles/common/unbound b/config/rootfiles/common/unbound
index af089054c..f3172f028 100644
--- a/config/rootfiles/common/unbound
+++ b/config/rootfiles/common/unbound
@@ -11,7 +11,7 @@ etc/unbound/unbound.conf
#usr/lib/libunbound.la
#usr/lib/libunbound.so
usr/lib/libunbound.so.2
-usr/lib/libunbound.so.2.5.10
+usr/lib/libunbound.so.2.5.11
#usr/lib/pkgconfig/libunbound.pc
usr/sbin/unbound
usr/sbin/unbound-anchor
diff --git a/config/rootfiles/common/x86_64/initscripts b/config/rootfiles/common/x86_64/initscripts
index cc0e4580d..2c2306975 100644
--- a/config/rootfiles/common/x86_64/initscripts
+++ b/config/rootfiles/common/x86_64/initscripts
@@ -1,10 +1,12 @@
etc/init.d
#etc/rc.d
#etc/rc.d/helper
+etc/rc.d/helper/aws-setup
etc/rc.d/helper/getdnsfromdhcpc.pl
#etc/rc.d/init.d
etc/rc.d/init.d/acpid
etc/rc.d/init.d/apache
+etc/rc.d/init.d/aws
etc/rc.d/init.d/beep
etc/rc.d/init.d/checkfs
etc/rc.d/init.d/cleanfs
@@ -182,6 +184,7 @@ etc/rc.d/rcsysinit.d/S45udev_retry
etc/rc.d/rcsysinit.d/S50cleanfs
etc/rc.d/rcsysinit.d/S60setclock
etc/rc.d/rcsysinit.d/S70console
+etc/rc.d/rcsysinit.d/S74aws
etc/rc.d/rcsysinit.d/S75firstsetup
etc/rc.d/rcsysinit.d/S80localnet
etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/config/rootfiles/core/123/filelists/conntrack-tools b/config/rootfiles/core/123/filelists/conntrack-tools
new file mode 120000
index 000000000..88fbe061e
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/conntrack-tools
@@ -0,0 +1 @@
+../../../common/conntrack-tools
\ No newline at end of file
diff --git a/config/rootfiles/core/123/filelists/files b/config/rootfiles/core/123/filelists/files
index 718af9eda..52586b9d4 100644
--- a/config/rootfiles/core/123/filelists/files
+++ b/config/rootfiles/core/123/filelists/files
@@ -1,7 +1,16 @@
etc/system-release
etc/issue
+etc/rc.d/helper/aws-setup
+etc/rc.d/init.d/aws
+etc/rc.d/rcsysinit.d/S74aws
srv/web/ipfire/cgi-bin/ids.cgi
srv/web/ipfire/cgi-bin/index.cgi
srv/web/ipfire/cgi-bin/ovpnmain.cgi
+srv/web/ipfire/cgi-bin/proxy.cgi
+srv/web/ipfire/cgi-bin/vpnmain.cgi
+usr/sbin/dhclient
var/ipfire/backup/exclude
var/ipfire/langs
+var/ipfire/aws-functions.pl
+var/ipfire/header.pl
+var/ipfire/general-functions.pl
diff --git a/config/rootfiles/core/123/filelists/iptables b/config/rootfiles/core/123/filelists/iptables
new file mode 120000
index 000000000..8caf12bcc
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/iptables
@@ -0,0 +1 @@
+../../../common/iptables
\ No newline at end of file
diff --git a/config/rootfiles/core/123/filelists/nss-myhostname b/config/rootfiles/core/123/filelists/nss-myhostname
new file mode 120000
index 000000000..7d8203185
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/nss-myhostname
@@ -0,0 +1 @@
+../../../common/nss-myhostname
\ No newline at end of file
diff --git a/config/rootfiles/core/123/filelists/strongswan b/config/rootfiles/core/123/filelists/strongswan
new file mode 120000
index 000000000..90c727e26
--- /dev/null
+++ b/config/rootfiles/core/123/filelists/strongswan
@@ -0,0 +1 @@
+../../../common/strongswan
\ No newline at end of file
diff --git a/config/rootfiles/packages/lynis b/config/rootfiles/packages/lynis
index 6199853d3..9a2c21268 100644
--- a/config/rootfiles/packages/lynis
+++ b/config/rootfiles/packages/lynis
@@ -1,15 +1,43 @@
var/ipfire/lynis
-#var/ipfire/lynis/CONTRIBUTORS
+#var/ipfire/lynis/CHANGELOG.md
+#var/ipfire/lynis/CODE_OF_CONDUCT.md
+#var/ipfire/lynis/CONTRIBUTING.md
+#var/ipfire/lynis/CONTRIBUTORS.md
#var/ipfire/lynis/db
var/ipfire/lynis/db/fileperms.db
var/ipfire/lynis/db/hints.db
var/ipfire/lynis/db/integrity.db
+var/ipfire/lynis/db/languages
+var/ipfire/lynis/db/languages/br
+var/ipfire/lynis/db/languages/cn
+var/ipfire/lynis/db/languages/de
+var/ipfire/lynis/db/languages/en
+var/ipfire/lynis/db/languages/en-GB
+var/ipfire/lynis/db/languages/en-US
+var/ipfire/lynis/db/languages/es
+var/ipfire/lynis/db/languages/fi
+var/ipfire/lynis/db/languages/fr
+var/ipfire/lynis/db/languages/gr
+var/ipfire/lynis/db/languages/he
+var/ipfire/lynis/db/languages/hu
+var/ipfire/lynis/db/languages/it
+var/ipfire/lynis/db/languages/ja
+var/ipfire/lynis/db/languages/nb-NO
+var/ipfire/lynis/db/languages/nl
+var/ipfire/lynis/db/languages/nl-BE
+var/ipfire/lynis/db/languages/nl-NL
+var/ipfire/lynis/db/languages/pl
+var/ipfire/lynis/db/languages/pt
+var/ipfire/lynis/db/languages/ru
+var/ipfire/lynis/db/languages/se
+var/ipfire/lynis/db/languages/tr
var/ipfire/lynis/db/malware-susp.db
var/ipfire/lynis/db/malware.db
var/ipfire/lynis/db/sbl.db
+var/ipfire/lynis/db/tests.db
var/ipfire/lynis/default.prf
+var/ipfire/lynis/developer.prf
#var/ipfire/lynis/extras
-var/ipfire/lynis/extras/.bzrignore
#var/ipfire/lynis/extras/README
#var/ipfire/lynis/extras/bash_completion.d
var/ipfire/lynis/extras/bash_completion.d/lynis
@@ -22,11 +50,18 @@ var/ipfire/lynis/extras/lynis.spec
#var/ipfire/lynis/extras/systemd
#var/ipfire/lynis/extras/systemd/lynis.service
#var/ipfire/lynis/extras/systemd/lynis.timer
+#var/ipfire/lynis/extras/travis-ci
+#var/ipfire/lynis/extras/travis-ci/before_script.sh
#var/ipfire/lynis/include
var/ipfire/lynis/include/binaries
var/ipfire/lynis/include/consts
var/ipfire/lynis/include/data_upload
var/ipfire/lynis/include/functions
+var/ipfire/lynis/include/helper_audit_dockerfile
+var/ipfire/lynis/include/helper_configure
+var/ipfire/lynis/include/helper_show
+var/ipfire/lynis/include/helper_system_remote_scan
+var/ipfire/lynis/include/helper_update
var/ipfire/lynis/include/osdetection
var/ipfire/lynis/include/parameters
var/ipfire/lynis/include/profiles
@@ -35,15 +70,16 @@ var/ipfire/lynis/include/tests_accounting
var/ipfire/lynis/include/tests_authentication
var/ipfire/lynis/include/tests_banners
var/ipfire/lynis/include/tests_boot_services
+var/ipfire/lynis/include/tests_containers
var/ipfire/lynis/include/tests_crypto
var/ipfire/lynis/include/tests_custom.template
var/ipfire/lynis/include/tests_databases
+var/ipfire/lynis/include/tests_dns
var/ipfire/lynis/include/tests_file_integrity
var/ipfire/lynis/include/tests_file_permissions
var/ipfire/lynis/include/tests_filesystems
var/ipfire/lynis/include/tests_firewalls
var/ipfire/lynis/include/tests_hardening
-var/ipfire/lynis/include/tests_hardening_tools
var/ipfire/lynis/include/tests_homedirs
var/ipfire/lynis/include/tests_insecure_services
var/ipfire/lynis/include/tests_kernel
@@ -62,16 +98,17 @@ var/ipfire/lynis/include/tests_printers_spools
var/ipfire/lynis/include/tests_scheduling
var/ipfire/lynis/include/tests_shells
var/ipfire/lynis/include/tests_snmp
-#var/ipfire/lynis/include/tests_solaris
var/ipfire/lynis/include/tests_squid
var/ipfire/lynis/include/tests_ssh
var/ipfire/lynis/include/tests_storage
var/ipfire/lynis/include/tests_storage_nfs
-var/ipfire/lynis/include/tests_tcpwrappers
+var/ipfire/lynis/include/tests_system_integrity
var/ipfire/lynis/include/tests_time
var/ipfire/lynis/include/tests_tooling
+var/ipfire/lynis/include/tests_usb
var/ipfire/lynis/include/tests_virtualization
var/ipfire/lynis/include/tests_webservers
+var/ipfire/lynis/include/tool_tips
var/ipfire/lynis/lynis
var/ipfire/lynis/lynis.8
#var/ipfire/lynis/plugins
diff --git a/html/cgi-bin/proxy.cgi b/html/cgi-bin/proxy.cgi
index c36fc4e70..738425b9a 100644
--- a/html/cgi-bin/proxy.cgi
+++ b/html/cgi-bin/proxy.cgi
@@ -3428,7 +3428,7 @@ END
my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
$ntlm_auth_group =~ s/\\/\+/;
- print FILE " --require-membership-of=\"$ntlm_auth_group\"";
+ print FILE " --require-membership-of=$ntlm_auth_group";
}
print FILE "\n";
@@ -3441,7 +3441,7 @@ END
my $ntlm_auth_group = $proxysettings{'NTLM_AUTH_GROUP'};
$ntlm_auth_group =~ s/\\/\+/;
- print FILE " --require-membership-of=\"$ntlm_auth_group\"";
+ print FILE " --require-membership-of=$ntlm_auth_group";
}
print FILE "\n";
print FILE "auth_param basic children 10\n";
diff --git a/html/cgi-bin/vpnmain.cgi b/html/cgi-bin/vpnmain.cgi
index eefe97599..e557122df 100644
--- a/html/cgi-bin/vpnmain.cgi
+++ b/html/cgi-bin/vpnmain.cgi
@@ -58,16 +58,6 @@ my %mainsettings = ();
&General::readhash("${General::swroot}/ethernet/settings", \%netsettings);
-my $green_cidr = &General::ipcidr("$netsettings{'GREEN_NETADDRESS'}/$netsettings{'GREEN_NETMASK'}");
-my $blue_cidr = "# Blue not defined";
-if (&Header::blue_used() && $netsettings{'BLUE_DEV'}) {
- $blue_cidr = &General::ipcidr("$netsettings{'BLUE_NETADDRESS'}/$netsettings{'BLUE_NETMASK'}");
-}
-my $orange_cidr = "# Orange not defined";
-if (&Header::orange_used() && $netsettings{'ORANGE_DEV'}) {
- $orange_cidr = &General::ipcidr("$netsettings{'ORANGE_NETADDRESS'}/$netsettings{'ORANGE_NETMASK'}");
-}
-
my %INACTIVITY_TIMEOUTS = (
300 => $Lang::tr{'five minutes'},
600 => $Lang::tr{'ten minutes'},
@@ -1919,11 +1909,11 @@ END
$cgiparams{'REMOTE_ID'} = '';
#use default advanced value
- $cgiparams{'IKE_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
+ $cgiparams{'IKE_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[18];
$cgiparams{'IKE_INTEGRITY'} = 'sha2_512|sha2_256'; #[19];
$cgiparams{'IKE_GROUPTYPE'} = 'curve25519|4096|3072|2048'; #[20];
$cgiparams{'IKE_LIFETIME'} = '3'; #[16];
- $cgiparams{'ESP_ENCRYPTION'} = 'aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
+ $cgiparams{'ESP_ENCRYPTION'} = 'chacha20poly1305|aes256gcm128|aes256gcm96|aes256gcm64|aes256|aes192gcm128|aes192gcm96|aes192gcm64|aes192|aes128gcm128|aes128gcm96|aes128gcm64|aes128'; #[21];
$cgiparams{'ESP_INTEGRITY'} = 'sha2_512|sha2_256'; #[22];
$cgiparams{'ESP_GROUPTYPE'} = 'curve25519|4096|3072|2048'; #[23];
$cgiparams{'ESP_KEYLIFE'} = '1'; #[17];
@@ -2180,7 +2170,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) {
+ if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|chacha20poly1305|camellia(256|192|128))$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2221,7 +2211,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
goto ADVANCED_ERROR;
}
foreach my $val (@temp) {
- if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|camellia(256|192|128))$/) {
+ if ($val !~ /^(aes(256|192|128)(gcm(128|96|64))?|3des|chacha20poly1305|camellia(256|192|128))$/) {
$errormessage = $Lang::tr{'invalid input'};
goto ADVANCED_ERROR;
}
@@ -2347,6 +2337,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
}
ADVANCED_ERROR:
+ $checked{'IKE_ENCRYPTION'}{'chacha20poly1305'} = '';
$checked{'IKE_ENCRYPTION'}{'aes256'} = '';
$checked{'IKE_ENCRYPTION'}{'aes192'} = '';
$checked{'IKE_ENCRYPTION'}{'aes128'} = '';
@@ -2385,6 +2376,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
@temp = split('\|', $cgiparams{'IKE_GROUPTYPE'});
foreach my $key (@temp) {$checked{'IKE_GROUPTYPE'}{$key} = "selected='selected'"; }
+ $checked{'ESP_ENCRYPTION'}{'chacha20poly1305'} = '';
$checked{'ESP_ENCRYPTION'}{'aes256'} = '';
$checked{'ESP_ENCRYPTION'}{'aes192'} = '';
$checked{'ESP_ENCRYPTION'}{'aes128'} = '';
@@ -2497,6 +2489,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
<td class='boldbase' width="15%">$Lang::tr{'encryption'}</td>
<td class='boldbase'>
<select name='IKE_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
+ <option value='chacha20poly1305' $checked{'IKE_ENCRYPTION'}{'chacha20poly1305'}>256 bit ChaCha20-Poly1305/128 bit ICV</option>
<option value='aes256gcm128' $checked{'IKE_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option>
<option value='aes256gcm96' $checked{'IKE_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option>
<option value='aes256gcm64' $checked{'IKE_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option>
@@ -2517,6 +2510,7 @@ if(($cgiparams{'ACTION'} eq $Lang::tr{'advanced'}) ||
</td>
<td class='boldbase'>
<select name='ESP_ENCRYPTION' multiple='multiple' size='6' style='width: 100%'>
+ <option value='chacha20poly1305' $checked{'ESP_ENCRYPTION'}{'chacha20poly1305'}>256 bit ChaCha20-Poly1305/128 bit ICV</option>
<option value='aes256gcm128' $checked{'ESP_ENCRYPTION'}{'aes256gcm128'}>256 bit AES-GCM/128 bit ICV</option>
<option value='aes256gcm96' $checked{'ESP_ENCRYPTION'}{'aes256gcm96'}>256 bit AES-GCM/96 bit ICV</option>
<option value='aes256gcm64' $checked{'ESP_ENCRYPTION'}{'aes256gcm64'}>256 bit AES-GCM/64 bit ICV</option>
diff --git a/lfs/apache2 b/lfs/apache2
index 69b05341d..16dd101d7 100644
--- a/lfs/apache2
+++ b/lfs/apache2
@@ -113,7 +113,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
# Install apache config
cp -rf $(DIR_CONF)/httpd/* /etc/httpd/conf
- ln -sf $(CONFIG_ROOT)/main/hostname.conf /etc/httpd/conf/
+ touch /etc/httpd/conf/hostname.conf
# Create captive logging directory
-mkdir -pv /var/log/httpd/captive
diff --git a/lfs/configroot b/lfs/configroot
index 426b3a58d..c2833fd4a 100644
--- a/lfs/configroot
+++ b/lfs/configroot
@@ -79,6 +79,7 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/general-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/network-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/geoip-functions.pl $(CONFIG_ROOT)/
+ cp $(DIR_SRC)/config/cfgroot/aws-functions.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/lang.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/countries.pl $(CONFIG_ROOT)/
cp $(DIR_SRC)/config/cfgroot/graphs.pl $(CONFIG_ROOT)/
@@ -94,6 +95,7 @@ $(TARGET) :
cp $(DIR_SRC)/config/cfgroot/nfs-server $(CONFIG_ROOT)/nfs/nfs-server
cp $(DIR_SRC)/config/cfgroot/proxy-acl $(CONFIG_ROOT)/proxy/acl-1.4
cp $(DIR_SRC)/config/qos/* $(CONFIG_ROOT)/qos/bin/
+ cp $(DIR_SRC)/config/cfgroot/main-settings $(CONFIG_ROOT)/main/settings
cp $(DIR_SRC)/config/cfgroot/ssh-settings $(CONFIG_ROOT)/remote/settings
cp $(DIR_SRC)/config/cfgroot/time-settings $(CONFIG_ROOT)/time/settings
cp $(DIR_SRC)/config/cfgroot/logging-settings $(CONFIG_ROOT)/logging/settings
diff --git a/lfs/conntrack-tools b/lfs/conntrack-tools
index d8a1099a7..f5c1dea66 100644
--- a/lfs/conntrack-tools
+++ b/lfs/conntrack-tools
@@ -24,7 +24,7 @@
include Config
-VER = 1.4.4
+VER = 1.4.5
THISAPP = conntrack-tools-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = acd9e0b27cf16ae3092ba900e4d7560e
+$(DL_FILE)_MD5 = 9356a0cd4df81a597ac26d87ccfebac4
install : $(TARGET)
diff --git a/lfs/flash-images b/lfs/flash-images
index f2ac6a34a..40aca5377 100644
--- a/lfs/flash-images
+++ b/lfs/flash-images
@@ -128,10 +128,6 @@ ifneq "$(BUILD_PLATFORM)" "arm"
else
tar -x -C $(MNThdd)/ -f /install/cdrom/distro.img
endif
- echo "LANGUAGE=en" >> $(MNThdd)/var/ipfire/main/settings
- echo "HOSTNAME=$(SNAME)" >> $(MNThdd)/var/ipfire/main/settings
- echo "THEME=ipfire" >> $(MNThdd)/var/ipfire/main/settings
-
-touch $(MNThdd)/lib/modules/$(KVER)-ipfire/modules.dep
mkdir $(MNThdd)/proc
mount --bind /proc $(MNThdd)/proc
@@ -153,7 +149,6 @@ ifeq "$(BOOTLOADER)" "grub"
# Enable also serial console on GRUB
echo "GRUB_TERMINAL=\"serial console\"" >> $(MNThdd)/etc/default/grub
echo "GRUB_SERIAL_COMMAND=\"serial --unit=0 --speed=115200\"" >> $(MNThdd)/etc/default/grub
- echo "GRUB_TIMEOUT=-1" >> $(MNThdd)/etc/default/grub
# Add additional entry for Serial console
cp $(DIR_SRC)/config/flash-images/grub/11_linux_scon \
@@ -163,6 +158,9 @@ ifeq "$(BOOTLOADER)" "grub"
mkdir -pv $(MNThdd)/boot/grub
chroot $(MNThdd) grub-mkconfig -o /boot/grub/grub.cfg
+ # Boot the first kernel by default
+ chroot $(MNThdd) grub-set-default 0
+
# Insert the UUID because grub-mkconfig often fails to
# detect that correctly
sed -i $(MNThdd)/boot/grub/grub.cfg \
diff --git a/lfs/initscripts b/lfs/initscripts
index 0d7f40cad..9b611a276 100644
--- a/lfs/initscripts
+++ b/lfs/initscripts
@@ -173,6 +173,7 @@ $(TARGET) :
ln -sf ../init.d/setclock /etc/rc.d/rc0.d/K47setclock
ln -sf ../init.d/setclock /etc/rc.d/rc6.d/K47setclock
ln -sf ../init.d/console /etc/rc.d/rcsysinit.d/S70console
+ ln -sf ../init.d/aws /etc/rc.d/rcsysinit.d/S74aws
ln -sf ../init.d/firstsetup /etc/rc.d/rcsysinit.d/S75firstsetup
ln -sf ../init.d/localnet /etc/rc.d/rcsysinit.d/S80localnet
ln -sf ../init.d/pakfire /etc/rc.d/rcsysinit.d/S81pakfire
diff --git a/lfs/iptables b/lfs/iptables
index b7ce9289a..35bb259ca 100644
--- a/lfs/iptables
+++ b/lfs/iptables
@@ -24,7 +24,7 @@
include Config
-VER = 1.4.21
+VER = 1.6.2
THISAPP = iptables-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -41,7 +41,7 @@ objects = $(DL_FILE) \
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
netfilter-layer7-v2.22.tar.gz = $(URL_IPFIRE)/netfilter-layer7-v2.22.tar.gz
-$(DL_FILE)_MD5 = 536d048c8e8eeebcd9757d0863ebb0c0
+$(DL_FILE)_MD5 = 7d2b7847e4aa8832a18437b8a4c1873d
netfilter-layer7-v2.22.tar.gz_MD5 = 98dff8a3d5a31885b73341633f69501f
install : $(TARGET)
@@ -92,6 +92,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--bindir=/sbin \
--sbindir=/sbin \
--mandir=/usr/share/man \
+ --disable-nftables \
--with-pkgconfigdir=/usr/lib/pkgconfig
cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/lfs/libgcrypt b/lfs/libgcrypt
index 3fba2797d..e7c387ceb 100644
--- a/lfs/libgcrypt
+++ b/lfs/libgcrypt
@@ -24,7 +24,7 @@
include Config
-VER = 1.8.2
+VER = 1.8.3
THISAPP = libgcrypt-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = cfb0b5c79eab07686b6898160a407139
+$(DL_FILE)_MD5 = 3139c2402e844985a67fb288a930534d
install : $(TARGET)
diff --git a/lfs/libnetfilter_conntrack b/lfs/libnetfilter_conntrack
index 168f4277a..2095863ca 100644
--- a/lfs/libnetfilter_conntrack
+++ b/lfs/libnetfilter_conntrack
@@ -24,7 +24,7 @@
include Config
-VER = 1.0.6
+VER = 1.0.7
THISAPP = libnetfilter_conntrack-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 7139c5f408dd9606ffecfd5dcda8175b
+$(DL_FILE)_MD5 = 013d182c2df716fcb5eb2a1fb7febd1f
install : $(TARGET)
diff --git a/lfs/lynis b/lfs/lynis
index b3cabd752..8003a298e 100644
--- a/lfs/lynis
+++ b/lfs/lynis
@@ -24,7 +24,7 @@
include Config
-VER = 1.6.4
+VER = 2.6.4
THISAPP = lynis-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -33,7 +33,7 @@ DIR_APP = $(DIR_SRC)/lynis
TARGET = $(DIR_INFO)/$(THISAPP)
PROG = lynis
-PAK_VER = 5
+PAK_VER = 6
DEPS = ""
###############################################################################
@@ -44,7 +44,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = dfa946388af8926bd24f772d4fa4830a
+$(DL_FILE)_MD5 = a5afd484b7aabf8af73adbc67a8f8756
install : $(TARGET)
diff --git a/lfs/nss-myhostname b/lfs/nss-myhostname
new file mode 100644
index 000000000..9274e7588
--- /dev/null
+++ b/lfs/nss-myhostname
@@ -0,0 +1,77 @@
+###############################################################################
+# #
+# IPFire.org - A linux based firewall #
+# Copyright (C) 2007-2017 IPFire Team <info(a)ipfire.org> #
+# #
+# This program is free software: you can redistribute it and/or modify #
+# it under the terms of the GNU General Public License as published by #
+# the Free Software Foundation, either version 3 of the License, or #
+# (at your option) any later version. #
+# #
+# This program is distributed in the hope that it will be useful, #
+# but WITHOUT ANY WARRANTY; without even the implied warranty of #
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the #
+# GNU General Public License for more details. #
+# #
+# You should have received a copy of the GNU General Public License #
+# along with this program. If not, see <http://www.gnu.org/licenses/>. #
+# #
+###############################################################################
+
+###############################################################################
+# Definitions
+###############################################################################
+
+include Config
+
+VER = 0.3
+
+THISAPP = nss-myhostname-$(VER)
+DL_FILE = $(THISAPP).tar.gz
+DL_FROM = $(URL_IPFIRE)
+DIR_APP = $(DIR_SRC)/$(THISAPP)
+TARGET = $(DIR_INFO)/$(THISAPP)
+
+###############################################################################
+# Top-level Rules
+###############################################################################
+
+objects = $(DL_FILE)
+
+$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
+
+$(DL_FILE)_MD5 = d4ab9ac36c053ab8fb836db1cbd4a48f
+
+install : $(TARGET)
+
+check : $(patsubst %,$(DIR_CHK)/%,$(objects))
+
+download :$(patsubst %,$(DIR_DL)/%,$(objects))
+
+md5 : $(subst %,%_MD5,$(objects))
+
+###############################################################################
+# Downloading, checking, md5sum
+###############################################################################
+
+$(patsubst %,$(DIR_CHK)/%,$(objects)) :
+ @$(CHECK)
+
+$(patsubst %,$(DIR_DL)/%,$(objects)) :
+ @$(LOAD)
+
+$(subst %,%_MD5,$(objects)) :
+ @$(MD5)
+
+###############################################################################
+# Installation Details
+###############################################################################
+
+$(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
+ @$(PREBUILD)
+ @rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar zxf $(DIR_DL)/$(DL_FILE)
+ cd $(DIR_APP) && ./configure --prefix=/usr --libdir=/lib
+ cd $(DIR_APP) && make $(MAKETUNING)
+ cd $(DIR_APP) && make install
+ @rm -rf $(DIR_APP)
+ @$(POSTBUILD)
diff --git a/lfs/openssh b/lfs/openssh
index 2db56b09c..9d551f198 100644
--- a/lfs/openssh
+++ b/lfs/openssh
@@ -82,7 +82,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
cd $(DIR_APP) && make $(MAKETUNING)
cd $(DIR_APP) && make install
- sed -i -e 's/^#\?Port .*$$/Port 222/' \
+ sed -i -e 's/^#\?Port .*$$/Port 22/' \
-e 's/^#\?Protocol .*$$/Protocol 2/' \
-e 's/^#\?LoginGraceTime .*$$/LoginGraceTime 30s/' \
-e 's/^#\?PubkeyAuthentication .*$$/PubkeyAuthentication yes/' \
diff --git a/lfs/openvpn b/lfs/openvpn
index 5bd9da7a2..819ff05c5 100644
--- a/lfs/openvpn
+++ b/lfs/openvpn
@@ -24,7 +24,7 @@
include Config
-VER = 2.4.5
+VER = 2.4.6
THISAPP = openvpn-$(VER)
DL_FILE = $(THISAPP).tar.xz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = c510ad3c8fce738c678dbcc54367c945
+$(DL_FILE)_MD5 = 3a1f3f63bdaede443b4df49957df9405
install : $(TARGET)
diff --git a/lfs/smartmontools b/lfs/smartmontools
index 6c6d7db1d..a3c660a20 100644
--- a/lfs/smartmontools
+++ b/lfs/smartmontools
@@ -24,7 +24,7 @@
include Config
-VER = 6.5
+VER = 6.6
THISAPP = smartmontools-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 093aeec3f8f39fa9a37593c4012d3156
+$(DL_FILE)_MD5 = 9ae2c6e7131cd2813edcc65cbe5f223f
install : $(TARGET)
diff --git a/lfs/strongswan b/lfs/strongswan
index 58f8c5e9b..102c24724 100644
--- a/lfs/strongswan
+++ b/lfs/strongswan
@@ -24,7 +24,7 @@
include Config
-VER = 5.6.2
+VER = 5.6.3
THISAPP = strongswan-$(VER)
DL_FILE = $(THISAPP).tar.bz2
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 46aa3aa18fbc4bd528f9a0345ce79913
+$(DL_FILE)_MD5 = a6a28eeb22aa58080a7581771a5b63f9
install : $(TARGET)
@@ -92,8 +92,9 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
--enable-eap-peap \
--enable-eap-mschapv2 \
--enable-eap-identity \
+ --enable-chapoly \
--disable-padlock \
- --disable-chapoly \
+ --disable-rc2 \
$(CONFIGURE_OPTIONS)
cd $(DIR_APP) && make $(MAKETUNING)
diff --git a/lfs/unbound b/lfs/unbound
index 4adc1a00c..b4c1b02f3 100644
--- a/lfs/unbound
+++ b/lfs/unbound
@@ -24,7 +24,7 @@
include Config
-VER = 1.7.2
+VER = 1.7.3
THISAPP = unbound-$(VER)
DL_FILE = $(THISAPP).tar.gz
@@ -40,7 +40,7 @@ objects = $(DL_FILE)
$(DL_FILE) = $(DL_FROM)/$(DL_FILE)
-$(DL_FILE)_MD5 = 1f4fd7e5032a9c5658cbde2c83f5f3be
+$(DL_FILE)_MD5 = ea45068fb27ef358f581227b99645525
install : $(TARGET)
diff --git a/make.sh b/make.sh
index 0238cc387..948bc6ed3 100755
--- a/make.sh
+++ b/make.sh
@@ -1535,6 +1535,7 @@ buildipfire() {
lfsmake2 iftop
lfsmake2 mdns-repeater
lfsmake2 i2c-tools
+ lfsmake2 nss-myhostname
}
buildinstaller() {
diff --git a/src/initscripts/helper/aws-setup b/src/initscripts/helper/aws-setup
new file mode 100644
index 000000000..f4ec45d90
--- /dev/null
+++ b/src/initscripts/helper/aws-setup
@@ -0,0 +1,276 @@
+#!/bin/bash
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+get() {
+ local file="${1}"
+
+ wget -qO - "http://169.254.169.254/latest/meta-data/${file}"
+}
+
+to_address() {
+ local n="${1}"
+
+ local o1=$(( (n & 0xff000000) >> 24 ))
+ local o2=$(( (n & 0xff0000) >> 16 ))
+ local o3=$(( (n & 0xff00) >> 8 ))
+ local o4=$(( (n & 0xff) ))
+
+ printf "%d.%d.%d.%d\n" "${o1}" "${o2}" "${o3}" "${o4}"
+}
+
+to_integer() {
+ local address="${1}"
+
+ local integer=0
+
+ local i
+ for i in ${address//\./ }; do
+ integer=$(( (integer << 8) + i ))
+ done
+
+ printf "%d\n" "${integer}"
+}
+
+prefix2netmask() {
+ local prefix=${1}
+
+ local zeros=$(( 32 - prefix ))
+ local netmask=0
+
+ local i
+ for (( i=0; i<${zeros}; i++ )); do
+ netmask=$(( (netmask << 1) ^ 1 ))
+ done
+
+ to_address "$(( netmask ^ 0xffffffff ))"
+}
+
+find_interface() {
+ local mac="${1}"
+
+ local path
+ for path in /sys/class/net/*; do
+ local address="$(<${path}/address)"
+
+ if [ "${mac}" = "${address}" ]; then
+ basename "${path}"
+ return 0
+ fi
+ done
+
+ return 1
+}
+
+import_aws_configuration() {
+ local instance_id="$(get instance-id)"
+
+ boot_mesg "Importing AWS configuration for instance ${instance_id}..."
+
+ # Store instance ID
+ echo "${instance_id}" > /var/run/aws-instance-id
+
+ # Initialise system settings
+ local hostname=$(get local-hostname)
+
+ # Set hostname
+ if ! grep -q "^HOSTNAME=" /var/ipfire/main/settings; then
+ echo "HOSTNAME=${hostname%%.*}" >> /var/ipfire/main/settings
+ fi
+
+ # Set domainname
+ if ! grep -q "^DOMAINNAME=" /var/ipfire/main/settings; then
+ echo "DOMAINNAME=${hostname#*.}" >> /var/ipfire/main/settings
+ fi
+
+ # Import SSH keys
+ local line
+ for line in $(get "public-keys/"); do
+ local key_no="${line%=*}"
+
+ local key="$(get public-keys/${key_no}/openssh-key)"
+ if [ -n "${key}" ] && ! grep -q "^${key}$" /root/.ssh/authorized_keys 2>/dev/null; then
+ mkdir -p /root/.ssh
+ chmod 700 /root/.ssh
+
+ echo "${key}" >> /root/.ssh/authorized_keys
+ chmod 600 /root/.ssh/authorized_keys
+ fi
+ done
+
+ # Import any DNS server settings
+ eval $(/usr/local/bin/readhash <(grep -E "^DNS([0-9])=" /var/ipfire/ethernet/settings 2>/dev/null))
+
+ # Import network configuration
+ # After this, no network connectivity will be available from this script due to the
+ # renaming of the network interfaces for which they have to be shut down
+ local config_type=1
+ : > /var/ipfire/ethernet/settings
+
+ local mac
+ for mac in $(get network/interfaces/macs/); do
+ # Remove trailing slash
+ mac="${mac//\//}"
+
+ local device_number="$(get "network/interfaces/macs/${mac}/device-number")"
+ local interface_id="$(get "network/interfaces/macs/${mac}/interface-id")"
+
+ # First IPv4 address
+ local ipv4_address="$(get "network/interfaces/macs/${mac}/local-ipv4s" | head -n1)"
+ local ipv4_address_num="$(to_integer "${ipv4_address}")"
+
+ # Get VPC subnet
+ local vpc="$(get "network/interfaces/macs/${mac}/vpc-ipv4-cidr-block")"
+ local vpc_netaddress="${vpc%/*}"
+ local vpc_netaddress_num="$(to_integer "${vpc_netaddress}")"
+
+ # Get subnet size
+ local subnet="$(get "network/interfaces/macs/${mac}/subnet-ipv4-cidr-block")"
+
+ local prefix="${subnet#*/}"
+ local netmask="$(prefix2netmask "${prefix}")"
+ local netmask_num="$(to_integer "${netmask}")"
+
+ # Calculate the network and broadcast addresses
+ local netaddress="${subnet%/*}"
+ local netaddress_num="$(to_integer "${netaddress}")"
+ local broadcast="$(to_address $(( ipv4_address_num | (0xffffffff ^ netmask_num) )))"
+
+ case "${device_number}" in
+ # RED
+ 0)
+ local interface_name="red0"
+
+ # The gateway is always the first IP address in the subnet
+ local gateway="$(to_address $(( netaddress_num + 1 )))"
+
+ # The AWS internal DNS service is available on the second IP address of the VPC
+ local dns1="$(to_address $(( vpc_netaddress_num + 2 )))"
+ local dns2=
+
+ (
+ echo "RED_TYPE=STATIC"
+ echo "RED_DEV=${interface_name}"
+ echo "RED_MACADDR=${mac}"
+ echo "RED_DESCRIPTION='${interface_id}'"
+ echo "RED_ADDRESS=${ipv4_address}"
+ echo "RED_NETMASK=${netmask}"
+ echo "RED_NETADDRESS=${netaddress}"
+ echo "RED_BROADCAST=${broadcast}"
+ echo "DEFAULT_GATEWAY=${gateway}"
+ echo "DNS1=${DNS1:-${dns1}}"
+ echo "DNS2=${DNS2:-${dns2}}"
+ ) >> /var/ipfire/ethernet/settings
+
+ # Import aliases for RED
+ for alias in $(get "network/interfaces/macs/${mac}/local-ipv4s" | tail -n +2); do
+ echo "${alias},on,"
+ done > /var/ipfire/ethernet/aliases
+ ;;
+
+ # GREEN
+ 1)
+ local interface_name="green0"
+
+ (
+ echo "GREEN_DEV=${interface_name}"
+ echo "GREEN_MACADDR=${mac}"
+ echo "GREEN_DESCRIPTION='${interface_id}'"
+ echo "GREEN_ADDRESS=${ipv4_address}"
+ echo "GREEN_NETMASK=${netmask}"
+ echo "GREEN_NETADDRESS=${netaddress}"
+ echo "GREEN_BROADCAST=${broadcast}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+
+ # ORANGE
+ 2)
+ local interface_name="orange0"
+ config_type=2
+
+ (
+ echo "ORANGE_DEV=${interface_name}"
+ echo "ORANGE_MACADDR=${mac}"
+ echo "ORANGE_DESCRIPTION='${interface_id}'"
+ echo "ORANGE_ADDRESS=${ipv4_address}"
+ echo "ORANGE_NETMASK=${netmask}"
+ echo "ORANGE_NETADDRESS=${netaddress}"
+ echo "ORANGE_BROADCAST=${broadcast}"
+ ) >> /var/ipfire/ethernet/settings
+ ;;
+ esac
+
+ # Rename interface
+ local interface="$(find_interface "${mac}")"
+
+ if [ -n "${interface}" ] && [ -n "${interface_name}" ] && [ "${interface}" != "${interface_name}" ]; then
+ ip link set "${interface}" down
+ ip link set "${interface}" name "${interface_name}"
+ fi
+ done
+
+ # Save CONFIG_TYPE
+ echo "CONFIG_TYPE=${config_type}" >> /var/ipfire/ethernet/settings
+
+ # Actions performed only on the very first start
+ if [ ! -e "/var/ipfire/main/firstsetup_ok" ]; then
+ # Enable SSH
+ sed -e "s/ENABLE_SSH=.*/ENABLE_SSH=on/g" -i /var/ipfire/remote/settings
+
+ touch /var/ipfire/remote/enablessh
+ chown nobody:nobody /var/ipfire/remote/enablessh
+
+ # Enable SSH key authentication
+ sed -e "s/^ENABLE_SSH_KEYS=.*/ENABLE_SSH_KEYS=on/" -i /var/ipfire/remote/settings
+
+ # Apply SSH settings
+ /usr/local/bin/sshctrl
+
+ # Firewall rules for SSH and WEBIF
+ (
+ echo "1,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,cust_srv,SSH,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ echo "2,ACCEPT,INPUTFW,ON,std_net_src,ALL,ipfire,RED1,,TCP,,,ON,,,TGT_PORT,444,,,,,,,,,,,00:00,00:00,,AUTO,,dnat,,,,,second"
+ ) >> /var/ipfire/firewall/input
+
+ # This script has now completed the first steps of setup
+ touch /var/ipfire/main/firstsetup_ok
+ fi
+
+ # All done
+ echo_ok
+}
+
+case "${reason}" in
+ PREINIT)
+ # Bring up the interface
+ ip link set "${interface}" up
+ ;;
+
+ BOUND|RENEW|REBIND|REBOOT)
+ # Remove any previous IP addresses
+ ip addr flush dev "${interface}"
+
+ # Add (or re-add) the new IP address
+ ip addr add "${new_ip_address}/${new_subnet_mask}" dev "${interface}"
+
+ # Add the default route
+ ip route add default via "${new_routers}"
+
+ # Import AWS configuration
+ import_aws_configuration
+ ;;
+
+ EXPIRE|FAIL|RELEASE|STOP)
+ # Remove all IP addresses
+ ip addr flush dev "${interface}"
+ ;;
+
+ *)
+ echo "Unhandled reason: ${reason}" >&2
+ exit 2
+ ;;
+esac
+
+# Terminate
+exit 0
diff --git a/src/initscripts/system/apache b/src/initscripts/system/apache
index f2a9fb872..d9cc7fa48 100644
--- a/src/initscripts/system/apache
+++ b/src/initscripts/system/apache
@@ -61,6 +61,9 @@ case "$1" in
# Generate all required certificates
generate_certificates
+ # Update hostname
+ echo "ServerName ${HOSTNAME}" > /etc/httpd/conf/hostname.conf
+
boot_mesg "Starting Apache daemon..."
/usr/sbin/apachectl -k start
evaluate_retval
diff --git a/src/initscripts/system/aws b/src/initscripts/system/aws
new file mode 100644
index 000000000..f2a5c7cb7
--- /dev/null
+++ b/src/initscripts/system/aws
@@ -0,0 +1,80 @@
+#!/bin/sh
+########################################################################
+# Begin $rc_base/init.d/aws
+########################################################################
+
+. /etc/sysconfig/rc
+. ${rc_functions}
+
+# https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/identify_ec2_instances.html
+running_on_ec2() {
+ local uuid
+
+ # Check if the hypervisor UUID starts with ec2
+ if [ -r "/sys/hypervisor/uuid" ]; then
+ uuid=$(</sys/hypervisor/uuid)
+
+ [ "${uuid:0:3}" = "ec2" ] && return 0
+ fi
+
+ # Check if the DMI product UUID starts with EC2
+ if [ -r "/sys/devices/virtual/dmi/id/product_uuid" ]; then
+ uuid=$(</sys/devices/virtual/dmi/id/product_uuid)
+
+ [ "${uuid:0:3}" = "EC2" ] && return 0
+ fi
+
+ # We are not running on AWS EC2
+ return 1
+}
+
+case "${1}" in
+ start)
+ # Do nothing if we are not running on AWS EC2
+ running_on_ec2 || exit 0
+
+ # Find the first interface to use
+ for i in /sys/class/net/*; do
+ [ -d "${i}" ] || continue
+ i=$(basename ${i})
+
+ # Skip loopback
+ [ "${i}" = "lo" ] && continue
+
+ # Use whatever we have found
+ intf="${i}"
+ break
+ done
+
+ # Check if we found a network interface
+ if [ ! -n "${intf}" ]; then
+ echo_failure
+
+ boot_mesg -n "Could not find a network interface" ${FAILURE}
+ boot_mesg "" ${NORMAL}
+ fi
+
+ # Run a DHCP client and set up the system accordingly
+ dhclient -sf /etc/rc.d/helper/aws-setup "${intf}"
+
+ # End DHCP client immediately
+ dhclient -sf /etc/rc.d/helper/aws-setup -r "${intf}" &>/dev/null
+ ;;
+
+ status)
+ if running_on_ec2; then
+ echo "This system is running on AWS EC2"
+ exit 0
+ else
+ echo "This system is NOT running on AWS EC2"
+ exit 1
+ fi
+ ;;
+
+ *)
+ echo "Usage: ${0} {start|status}"
+ exit 1
+ ;;
+esac
+
+# End $rc_base/init.d/aws
diff --git a/src/initscripts/system/firewall b/src/initscripts/system/firewall
index cab791c1f..707209987 100644
--- a/src/initscripts/system/firewall
+++ b/src/initscripts/system/firewall
@@ -280,7 +280,9 @@ iptables_init() {
# Always allow accessing the web GUI from GREEN.
iptables -N GUIINPUT
iptables -A INPUT -j GUIINPUT
- iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+ if [ -n "${GREEN_DEV}" ]; then
+ iptables -A GUIINPUT -i "${GREEN_DEV}" -p tcp --dport 444 -j ACCEPT
+ fi
# WIRELESS chains
iptables -N WIRELESSINPUT
@@ -329,8 +331,10 @@ iptables_init() {
iptables -t nat -N NAT_DESTINATION_FIX
iptables -t nat -A POSTROUTING -j NAT_DESTINATION_FIX
- iptables -t nat -A NAT_DESTINATION_FIX \
- -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+ if [ -n "${GREEN_ADDRESS}" ]; then
+ iptables -t nat -A NAT_DESTINATION_FIX \
+ -m mark --mark 1 -j SNAT --to-source "${GREEN_ADDRESS}"
+ fi
if [ -n "${BLUE_ADDRESS}" ]; then
iptables -t nat -A NAT_DESTINATION_FIX \
diff --git a/src/initscripts/system/localnet b/src/initscripts/system/localnet
index ff374bb2b..e071216fd 100644
--- a/src/initscripts/system/localnet
+++ b/src/initscripts/system/localnet
@@ -22,6 +22,12 @@ write_resolv_conf() {
) > /etc/resolv.conf
}
+write_hosts() {
+ (
+ echo "127.0.0.1 localhost.localdomain localhost"
+ ) > /etc/hosts
+}
+
case "${1}" in
start)
eval $(/usr/local/bin/readhash /var/ipfire/main/settings)
@@ -40,6 +46,9 @@ case "${1}" in
evaluate_retval
fi
+ # Update hosts
+ write_hosts
+
# Update resolv.conf
write_resolv_conf
;;
diff --git a/src/initscripts/system/udev b/src/initscripts/system/udev
index 6cf8771ea..5e0d9bdfd 100644
--- a/src/initscripts/system/udev
+++ b/src/initscripts/system/udev
@@ -60,7 +60,8 @@ case "${1}" in
# Start the udev daemon to continually watch for, and act on,
# uevents
- /sbin/udevd --daemon
+ boot_mesg "Starting udev daemon..."
+ loadproc udevd --daemon
# Now traverse /sys in order to "coldplug" devices that have
# already been discovered
@@ -72,6 +73,13 @@ case "${1}" in
;;
+ restart)
+ boot_mesg "Stopping udev daemon..."
+ killproc udevd
+
+ exec $0 start
+ ;;
+
*)
echo "Usage ${0} {start}"
exit 1
diff --git a/src/setup/misc.c b/src/setup/misc.c
index a31b1d8a8..f9ba39b8c 100644
--- a/src/setup/misc.c
+++ b/src/setup/misc.c
@@ -19,31 +19,13 @@ extern char *mylog;
extern int automode;
-/* This will rewrite /etc/hosts, /etc/hosts.*, and the apache ServerName file. */
int writehostsfiles(void)
{
- char address[STRING_SIZE] = "";
- char netaddress[STRING_SIZE] = "";
- char netmask[STRING_SIZE] = "";
char message[1000];
- FILE *file, *hosts;
struct keyvalue *kv;
char hostname[STRING_SIZE];
char domainname[STRING_SIZE] = "localdomain";
char commandstring[STRING_SIZE];
- char buffer[STRING_SIZE];
-
- kv = initkeyvalues();
- if (!(readkeyvalues(kv, CONFIG_ROOT "/ethernet/settings")))
- {
- freekeyvalues(kv);
- errorbox(_("Unable to open settings file"));
- return 0;
- }
- findkey(kv, "GREEN_ADDRESS", address);
- findkey(kv, "GREEN_NETADDRESS", netaddress);
- findkey(kv, "GREEN_NETMASK", netmask);
- freekeyvalues(kv);
kv = initkeyvalues();
if (!(readkeyvalues(kv, CONFIG_ROOT "/main/settings")))
@@ -57,79 +39,6 @@ int writehostsfiles(void)
findkey(kv, "DOMAINNAME", domainname);
freekeyvalues(kv);
- if (!(file = fopen(CONFIG_ROOT "/main/hostname.conf", "w")))
- {
- sprintf (message, _("Unable to write %s/main/hostname.conf"), CONFIG_ROOT);
- errorbox(message);
- return 0;
- }
- fprintf(file, "ServerName %s.%s\n", hostname,domainname);
- fclose(file);
-
- if (!(file = fopen(CONFIG_ROOT "/main/hosts", "r")))
- {
- errorbox(_("Unable to open main hosts file."));
- return 0;
- }
- if (!(hosts = fopen("/etc/hosts", "w")))
- {
- errorbox(_("Unable to write /etc/hosts."));
- return 0;
- }
- fprintf(hosts, "127.0.0.1\tlocalhost\n");
- if (strlen(domainname))
- fprintf(hosts, "%s\t%s.%s\t%s\n",address,hostname,domainname,hostname);
- else
- fprintf(hosts, "%s\t%s\n",address,hostname);
- while (fgets(buffer, STRING_SIZE, file))
- {
- char *token, *ip, *host, *domain;
-
- buffer[strlen(buffer) - 1] = 0;
-
- token = strtok(buffer, ",");
-
- ip = strtok(NULL, ",");
- host = strtok(NULL, ",");
- domain = strtok(NULL, ",");
-
- if (!(ip && host))
- break;
-
- if (strlen(ip) < 7 || strlen(ip) > 15
- || strspn(ip, "0123456789.") != strlen(ip))
- break;
-
- if (strspn(host, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-") != strlen(host))
- break;
-
- if (domain)
- fprintf(hosts, "%s\t%s.%s\t%s\n",ip,host,domain,host);
- else
- fprintf(hosts, "%s\t%s\n",ip,host);
- }
- fclose(file);
- fclose(hosts);
-
- /* TCP wrappers stuff. */
- if (!(file = fopen("/etc/hosts.deny", "w")))
- {
- errorbox(_("Unable to write /etc/hosts.deny."));
- return 0;
- }
- fprintf(file, "ALL : ALL\n");
- fclose(file);
-
- if (!(file = fopen("/etc/hosts.allow", "w")))
- {
- errorbox(_("Unable to write /etc/hosts.allow."));
- return 0;
- }
- fprintf(file, "sshd : ALL\n");
- fprintf(file, "ALL : localhost\n");
- fprintf(file, "ALL : %s/%s\n", netaddress, netmask);
- fclose(file);
-
sprintf(commandstring, "/bin/hostname %s.%s", hostname, domainname);
if (mysystem(NULL, commandstring))
{
hooks/post-receive
--
IPFire 2.x development tree
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2018-07-01 12:37 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2018-07-01 12:37 [git.ipfire.org] IPFire 2.x development tree branch, next, updated. 4d2c384543fdd50b2471a5442f7f91361f6a74ff git
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox